diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
index dd83d22d48..70a510fb36 100644
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@@ -1,5 +1,10 @@
{
"redirections": [
+ {
+ "source_path": "windows/whats-new/windows-11.md",
+ "redirect_url": "/windows/whats-new/windows-11-whats-new",
+ "redirect_document_id": false
+ },
{
"source_path": "windows/configuration/use-json-customize-start-menu-windows.md",
"redirect_url": "/windows/configuration/customize-start-menu-layout-windows-11",
@@ -18960,6 +18965,11 @@
"redirect_url": "/windows/security/",
"redirect_document_id": false
},
+ {
+ "source_path": "windows/deploy-windows-cm/upgrade-to-windows-with-configuraton-manager.md",
+ "redirect_url": "/windows/deploy-windows-cm/upgrade-to-windows-with-configuration-manager",
+ "redirect_document_id": false
+ },
{
"source_path": "windows/deployment/update/waas-deployment-rings-windows-10-updates.md",
"redirect_url": "/windows/deployment/update/waas-servicing-strategy-windows-10-updates",
@@ -19015,6 +19025,11 @@
"redirect_url": "/windows/deployment/waas-manage-updates-wufb",
"redirect_document_id": false
},
+ {
+ "source_path": "windows/security/threat-protection/windows-security-baselines.md",
+ "redirect_url": "/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines",
+ "redirect_document_id": false
+ },
{
"source_path": "windows/deployment/update/change-history-for-update-windows-10.md",
"redirect_url": "/windows/deployment/deploy-whats-new",
diff --git a/windows/application-management/manage-windows-mixed-reality.md b/windows/application-management/manage-windows-mixed-reality.md
index 8640d74fc3..e33d30d8b8 100644
--- a/windows/application-management/manage-windows-mixed-reality.md
+++ b/windows/application-management/manage-windows-mixed-reality.md
@@ -33,6 +33,7 @@ Organizations that use Windows Server Update Services (WSUS) must take action to
1. Download the FOD .cab file:
+ - [Windows 11, version 21H2](https://software-download.microsoft.com/download/sg/Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd_64~~.cab)
- [Windows 10, version 2004](https://software-download.microsoft.com/download/pr/6cf73b63/Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd64~~.cab)
- [Windows 10, version 1903 and 1909](https://software-download.microsoft.com/download/pr/Microsoft-Windows-Holographic-Desktop-FOD-Package-31bf3856ad364e35-amd64.cab)
- [Windows 10, version 1809](https://software-download.microsoft.com/download/pr/microsoft-windows-holographic-desktop-fod-package31bf3856ad364e35amd64_1.cab)
@@ -49,7 +50,8 @@ Organizations that use Windows Server Update Services (WSUS) must take action to
```
> [!NOTE]
- > You must rename the FOD .CAB file to : **Microsoft-Windows-Holographic-Desktop-FOD-Package\~31bf3856ad364e35\~amd64\~\~.cab**
+ > * On Windows 10, you must rename the FOD .CAB file to : **Microsoft-Windows-Holographic-Desktop-FOD-Package\~31bf3856ad364e35\~amd64\~\~.cab**
+ > * On Windows 11, you must rename the FOD .CAB file to: **Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e45~amd_64~~.cab**
1. In **Settings** > **Update & Security** > **Windows Update**, select **Check for updates**.
diff --git a/windows/client-management/administrative-tools-in-windows-10.md b/windows/client-management/administrative-tools-in-windows-10.md
index b7d0186f19..0d9c48549b 100644
--- a/windows/client-management/administrative-tools-in-windows-10.md
+++ b/windows/client-management/administrative-tools-in-windows-10.md
@@ -10,7 +10,7 @@ ms.mktglfcycl: manage
ms.sitesec: library
author: greg-lindsay
ms.localizationpriority: medium
-ms.date: 09/14/2021
+ms.date: 09/20/2021
ms.topic: article
---
@@ -55,7 +55,7 @@ These tools were included in previous versions of Windows. The associated docume
- [Windows Memory Diagnostic]( https://go.microsoft.com/fwlink/p/?LinkId=708507)
> [!TIP]
-> If the content that is linked to a tool in the following list doesn't provide the information you need to use that tool, send us a comment by using the **Was this page helpful?** feature on this **Administrative Tools in Windows 10** or **Administrative Tools in Windows 11** page. Details about the information you want for a tool will help us plan future content.
+> If the content that is linked to a tool in the following list doesn't provide the information you need to use that tool, send us a comment by using the **Was this page helpful?** feature on this **Administrative Tools in Windows 10** page. Details about the information you want for a tool will help us plan future content.
## Related topics
diff --git a/windows/client-management/mdm/enterprise-app-management.md b/windows/client-management/mdm/enterprise-app-management.md
index c29e2047ad..8c5e138861 100644
--- a/windows/client-management/mdm/enterprise-app-management.md
+++ b/windows/client-management/mdm/enterprise-app-management.md
@@ -8,8 +8,8 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: manikadhiman
-ms.date: 09/22/2017
+author: dansimp
+ms.date: 10/04/2021
---
# Enterprise app management
@@ -49,9 +49,9 @@ Inventory can be performed recursively at any level from the AppManagement node
Inventory is specific to the package full name and lists bundled packs and resources packs as applicable under the package family name.
-> **Note** On Windows 10 Mobile, XAP packages have the product ID in place of both the package family name and package full name.
+> [!NOTE]
+> On Windows 10 Mobile, XAP packages have the product ID in place of both the package family name and package full name.
-
Here are the nodes for each package full name:
- Name
@@ -116,8 +116,8 @@ Here are the nodes for each license ID:
For detailed descriptions of each node, see [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md).
-> **Note** The LicenseID in the CSP is the content ID for the license.
-
+> [!NOTE]
+> The LicenseID in the CSP is the content ID for the license.
Here is an example of a query for all app licenses on a device.
@@ -308,9 +308,9 @@ Here are the requirements for this scenario:
- The device does not need to have connectivity to the Microsoft Store, store services, or the have the Microsoft Store UI be enabled.
- The user must be logged in, but association with AAD identity is not required.
-> **Note** You must unlock the device to deploy nonStore apps or you must deploy the app license before deploying the offline apps. For details, see [Deploy an offline license to a user](#deploy-an-offline-license-to-a-user).
+> [!NOTE]
+> You must unlock the device to deploy nonStore apps or you must deploy the app license before deploying the offline apps. For details, see [Deploy an offline license to a user](#deploy-an-offline-license-to-a-user).
-
The Add command for the package family name is required to ensure proper removal of the app at unenrollment.
Here is an example of a line-of-business app installation.
@@ -429,14 +429,13 @@ Here are the requirements for this scenario:
To provision app for all users of a device from a hosted location, the management server performs an Add and Exec command on the AppInstallation node in the device context. The Add command for the package family name is required to ensure proper removal of the app at unenrollment.
-> **Note** When you remove the provisioned app, it will not remove it from the users that already installed the app.
-
-
+> [!NOTE]
+> When you remove the provisioned app, it will not remove it from the users that already installed the app.
Here is an example of app installation.
-> **Note** This is only supported in Windows 10 for desktop editions.
-
+> [!NOTE]
+> This is only supported in Windows 10 for desktop editions.
```xml
@@ -472,8 +471,8 @@ The DeploymentOptions parameter is only available in the user context.
Here is an example of app installation with dependencies.
-> **Note** This is only supported in Windows 10 for desktop editions.
-
+> [!NOTE]
+> This is only supported in Windows 10 for desktop editions.
```xml
@@ -513,9 +512,9 @@ When an app installation is completed, a Windows notification is sent. You can a
- Status - indicates the status of app installation.
- NOT\_INSTALLED (0) - The node was added, but the execution was not completed.
- - INSTALLING (1) - Execution has started, but the deployment has not completed. If the deployment completes regardless of suceess this value is updated.
+ - INSTALLING (1) - Execution has started, but the deployment has not completed. If the deployment completes regardless of success this value is updated.
- FAILED (2) - Installation failed. The details of the error can be found under LastError and LastErrorDescription.
- - INSTALLED (3) - Once an install is successful this node is cleaned up, however in the event the clean up actio has not completed, this state may briefly appear.
+ - INSTALLED (3) - Once an install is successful this node is cleaned up, however in the event the clean up action has not completed, this state may briefly appear.
- LastError - This is the last error reported by the app deployment server.
- LastErrorDescription - Describes the last error reported by the app deployment server.
- Status - This is an integer that indicates the progress of the app installation. In cases of an https location, this shows the estimated download progress.
@@ -577,9 +576,10 @@ Here is an example of an alert.
For user-based installation, use the ./User path and for provisioning of apps, use the ./Device path.
-The Data field value of 0 (zero) indicates sucess, otherwise it is an error code. If there is a failure, you can get more details from the AppInstallation node.
+The Data field value of 0 (zero) indicates success, otherwise it is an error code. If there is a failure, you can get more details from the AppInstallation node.
-> **Note** At this time, the alert for Store app installation is not yet available.
+> [!NOTE]
+> At this time, the alert for Store app installation is not yet available.
## Uninstall your apps
@@ -590,7 +590,7 @@ You can uninstall apps from users from Windows 10 devices. To uninstall an app,
- nonStore - These apps that were not acquired from the Microsoft Store.
- System - These apps are part of the OS. You cannot uninstall these apps.
-To uninstall an app, you delete it under the origin node, package family name, and package full name. To uninstall a XAP, use the product ID in place of the package family nane and package full name.
+To uninstall an app, you delete it under the origin node, package family name, and package full name. To uninstall a XAP, use the product ID in place of the package family name and package full name.
Here is an example for uninstalling all versions of an app for a user.
@@ -624,7 +624,8 @@ Here is an example for uninstalling a specific version of the app for a user.
You can remove provisioned apps from a device for a specific version or for all versions of a package family. When a provisioned app is removed, it is not available to future users for the device. Logged in users who has the app registered to them will continue to have access to the app. If you want to removed the app for those users, you must explicitly uninstall the app for those users.
-> **Note** You can only remove an app that has an inventory value IsProvisioned = 1.
+> [!NOTE]
+> You can only remove an app that has an inventory value IsProvisioned = 1.
Removing provisioned app occurs in the device context.
@@ -753,7 +754,6 @@ Here is an example of a status check.
Updating an existing app follows the same process as an initial installation. For more information, see [Deploy apps to a user from a hosted location](#deploy-apps-to-a-user-from-a-hosted-location).
-
### Update provisioned apps
A provisioned app automatically updates when an app update is sent to the user. You can also update a provisioned app using the same process as an initial provisioning. For more information about initial provisioning, see [Provision apps for all users of a device](#provision-apps-for-all-users-of-a-device).
@@ -790,8 +790,8 @@ The following subsections provide information about additional settings configur
You can install app on non-system volumes, such as a secondary partition or removable media (USB or SD cards). Using the RestrictApptoSystemVolume policy, you can prevent apps from getting installed or moved to non-system volumes. For more information about this policy, see [Policy CSP](policy-configuration-service-provider.md).
-> **Note** This is only supported in mobile devices.
-
+> [!NOTE]
+> This is only supported in mobile devices.
Here is an example.
@@ -825,8 +825,8 @@ Here is an example.
In Windows 10 Mobile IT administrators can set a policy to restrict user application data for a Microsoft Store app to the system volume, regardless of where the package is installed or moved.
-> **Note** The feature is only for Windows 10 Mobile.
-
+> [!NOTE]
+> The feature is only for Windows 10 Mobile.
The RestrictAppDataToSystemVolume policy in [Policy CSP](policy-configuration-service-provider.md) enables you to restrict all user application data to stay on the system volume. When the policy is not configured or if it is disabled, and you move a package or when it is installed to a difference volume, then the user application data will moved to the same volume. You can set this policy to 0 (off, default) or 1.
@@ -862,8 +862,8 @@ Here is an example.
The Universal Windows app has the ability to share application data between the users of the device. The ability to share data can be set at a package family level or per device.
-> **Note** This is only applicable to multi-user devices.
-
+> [!NOTE]
+> This is only applicable to multi-user devices.
The AllowSharedUserAppData policy in [Policy CSP](policy-configuration-service-provider.md) enables or disables app packages to share data between app packages when there are multiple users. If you enable this policy, applications can share data between packages in their package family. Data can be shared through ShareLocal folder for that package family and local machine. This folder is available through the Windows.Storage API.
@@ -898,11 +898,3 @@ Here is an example.
```
-
-
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/policy-csp-admx-dcom.md b/windows/client-management/mdm/policy-csp-admx-dcom.md
index a7729ee3a4..fa77b55d96 100644
--- a/windows/client-management/mdm/policy-csp-admx-dcom.md
+++ b/windows/client-management/mdm/policy-csp-admx-dcom.md
@@ -13,8 +13,13 @@ manager: dansimp
---
# Policy CSP - ADMX_DCOM
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -93,12 +98,6 @@ If you do not configure this policy setting, DCOM will only look in the locally
> This policy setting applies to all sites in Trusted zones.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -160,7 +159,7 @@ ADMX Info:
-This policy setting allows you to view and change a list of DCOM server application IDs (appids), which are exempted from the DCOM Activation security check.
+This policy setting allows you to view and change a list of DCOM server application IDs (app ids), which are exempted from the DCOM Activation security check.
DCOM uses two such lists, one configured via Group Policy through this policy setting, and the other via the actions of local computer administrators.
DCOM ignores the second list when this policy setting is configured, unless the "Allow local activation security check exemptions" policy is enabled.
DCOM server application IDs added to this policy must be listed in curly brace format.
@@ -169,15 +168,15 @@ For example, `{b5dcb061-cefb-42e0-a1be-e6a6438133fe}`.
If you enter a non-existent or improperly formatted application ID DCOM will add it to the list without checking for errors.
- If you enable this policy setting, you can view and change the list of DCOM activation security check exemptions defined by Group Policy settings.
-If you add an application ID to this list and set its value to 1, DCOM will not enforce the Activation security check for that DCOM server.
-If you add an application ID to this list and set its value to 0 DCOM will always enforce the Activation security check for that DCOM server regardless of local
+If you add an application ID to this list and set its value to one, DCOM will not enforce the Activation security check for that DCOM server.
+If you add an application ID to this list and set its value to zero DCOM will always enforce the Activation security check for that DCOM server regardless of local
settings.
- If you disable this policy setting, the application ID exemption list defined by Group Policy is deleted, and the one defined by local computer administrators is used.
If you do not configure this policy setting, the application ID exemption list defined by local computer administrators is used. Notes: The DCOM Activation security check is done after a DCOM server process is started, but before an object activation request is dispatched to the server process.
This access check is done against the DCOM server's custom launch permission security descriptor if it exists, or otherwise against the configured defaults. If the DCOM server's custom launch permission contains explicit DENY entries this may mean that object activations that would have previously succeeded for such specified users, once the DCOM server process was up and running, might now fail instead.
-The proper action in this situation is to reconfigure the DCOM server's custom launch permission settings for correct security settings, but this policy setting may be used in the short-term as an application compatibility deployment aid.
+The proper action in this situation is to reconfigure the DCOM server's custom launch permission settings for correct security settings, but this policy setting may be used in the short term as an application compatibility deployment aid.
DCOM servers added to this exemption list are only exempted if their custom launch permissions do not contain specific LocalLaunch, RemoteLaunch, LocalActivate, or RemoteActivate grant or deny entries for any users or groups.
> [!NOTE]
@@ -187,12 +186,6 @@ DCOM servers added to this exemption list are only exempted if their custom laun
> This policy setting applies to all sites in Trusted zones.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -205,8 +198,5 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
-
diff --git a/windows/client-management/mdm/policy-csp-admx-devicecompat.md b/windows/client-management/mdm/policy-csp-admx-devicecompat.md
index f53dd522fc..88df6490ae 100644
--- a/windows/client-management/mdm/policy-csp-admx-devicecompat.md
+++ b/windows/client-management/mdm/policy-csp-admx-devicecompat.md
@@ -13,8 +13,12 @@ manager: dansimp
---
# Policy CSP - ADMX_DeviceCompat
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -85,12 +89,6 @@ manager: dansimp
Changes behavior of Microsoft bus drivers to work with specific devices.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -155,12 +153,6 @@ ADMX Info:
Changes behavior of third-party drivers to work around incompatibilities introduced between OS versions.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
diff --git a/windows/client-management/mdm/policy-csp-admx-deviceguard.md b/windows/client-management/mdm/policy-csp-admx-deviceguard.md
index 079455128a..f8f4ce600e 100644
--- a/windows/client-management/mdm/policy-csp-admx-deviceguard.md
+++ b/windows/client-management/mdm/policy-csp-admx-deviceguard.md
@@ -13,8 +13,13 @@ manager: dansimp
---
# Policy CSP - ADMX_DeviceGuard
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -95,12 +100,6 @@ If using a signed and protected policy then disabling this policy setting doesn'
2. Disable the setting and then remove the policy from each computer, with a physically present user.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -112,8 +111,6 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
diff --git a/windows/client-management/mdm/policy-csp-admx-dfs.md b/windows/client-management/mdm/policy-csp-admx-dfs.md
index fc3cdf1b1d..c025b09145 100644
--- a/windows/client-management/mdm/policy-csp-admx-dfs.md
+++ b/windows/client-management/mdm/policy-csp-admx-dfs.md
@@ -13,10 +13,13 @@ manager: dansimp
---
# Policy CSP - ADMX_DFS
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
-
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -93,12 +96,6 @@ This value is specified in minutes.
> The minimum value you can select is 15 minutes. If you try to set this setting to a value less than 15 minutes, the default value of 15 minutes is applied.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -111,8 +108,6 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
diff --git a/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md b/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md
index eecf8264d6..7efb339a88 100644
--- a/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md
+++ b/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md
@@ -13,8 +13,13 @@ manager: dansimp
---
# Policy CSP - ADMX_DiskDiagnostic
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -96,12 +101,6 @@ The DPS can be configured with the Services snap-in to the Microsoft Management
> For Windows Server systems, this policy setting applies only if the Desktop Experience optional component is installed and the Remote Desktop Services.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -179,12 +178,6 @@ This policy setting takes effect only when the DPS is in the running state. When
> For Windows Server systems, this policy setting applies only if the Desktop Experience optional component is installed and the Remote Desktop Services role is not installed.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -197,8 +190,6 @@ ADMX Info:
-> [!NOTE]
-> These policies are for upcoming release.
diff --git a/windows/client-management/mdm/policy-csp-admx-eventlogging.md b/windows/client-management/mdm/policy-csp-admx-eventlogging.md
index f5b94b93f3..84d624e398 100644
--- a/windows/client-management/mdm/policy-csp-admx-eventlogging.md
+++ b/windows/client-management/mdm/policy-csp-admx-eventlogging.md
@@ -13,8 +13,13 @@ manager: dansimp
---
# Policy CSP - ADMX_EventLogging
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -89,12 +94,6 @@ You can use the Unprotect-CmsMessage PowerShell cmdlet to decrypt these encrypte
- If you disable or do not configure this policy setting, components will not encrypt event log messages before writing them to the event log.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -107,8 +106,6 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
diff --git a/windows/client-management/mdm/policy-csp-admx-eventviewer.md b/windows/client-management/mdm/policy-csp-admx-eventviewer.md
index d153f1ca58..24b04c49de 100644
--- a/windows/client-management/mdm/policy-csp-admx-eventviewer.md
+++ b/windows/client-management/mdm/policy-csp-admx-eventviewer.md
@@ -13,8 +13,13 @@ manager: dansimp
---
# Policy CSP - ADMX_EventViewer
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -89,13 +94,8 @@ manager: dansimp
This is the program that will be invoked when the user clicks the `events.asp` link.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
+
+
ADMX Info:
- GP Friendly name: *Events.asp program*
@@ -160,12 +160,6 @@ ADMX Info:
This specifies the command line parameters that will be passed to the `events.asp` program.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -232,13 +226,7 @@ This is the URL that will be passed to the Description area in the Event Propert
Change this value if you want to use a different Web server to handle event information requests.
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
diff --git a/windows/client-management/mdm/policy-csp-admx-externalboot.md b/windows/client-management/mdm/policy-csp-admx-externalboot.md
index 24c4aeecbe..dba6105052 100644
--- a/windows/client-management/mdm/policy-csp-admx-externalboot.md
+++ b/windows/client-management/mdm/policy-csp-admx-externalboot.md
@@ -14,8 +14,12 @@ manager: dansimp
# Policy CSP - ADMX_ExternalBoot
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -98,12 +102,6 @@ This policy specifies whether the PC can use the hibernation sleep state (S4) wh
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -174,13 +172,6 @@ If you disable or do not configure this setting, Windows, when started from a Wi
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
ADMX Info:
- GP Friendly name: *Disallow standby sleep states (S1-S3) when starting from a Windows to Go workspace*
@@ -253,13 +244,6 @@ If you do not configure this setting, users who are members of the Administrator
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
ADMX Info:
- GP Friendly name: *Windows To Go Default Startup Options*
diff --git a/windows/client-management/mdm/policy-csp-admx-filerevocation.md b/windows/client-management/mdm/policy-csp-admx-filerevocation.md
index a36aca27de..3f574460e8 100644
--- a/windows/client-management/mdm/policy-csp-admx-filerevocation.md
+++ b/windows/client-management/mdm/policy-csp-admx-filerevocation.md
@@ -13,8 +13,13 @@ manager: dansimp
---
# Policy CSP - ADMX_FileRevocation
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -90,12 +95,6 @@ Any other Windows Runtime application will only be able to revoke access to cont
> Information the user should notice even if skimmingFile revocation applies to all content protected under the same second level domain as the provided enterprise identifier. Therefore, revoking an enterprise ID of `mail.contoso.com` will revoke the user’s access to all content protected under the contoso.com hierarchy.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -108,8 +107,6 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
diff --git a/windows/client-management/mdm/policy-csp-admx-framepanes.md b/windows/client-management/mdm/policy-csp-admx-framepanes.md
index b6c506ddd9..57354ebe62 100644
--- a/windows/client-management/mdm/policy-csp-admx-framepanes.md
+++ b/windows/client-management/mdm/policy-csp-admx-framepanes.md
@@ -13,9 +13,13 @@ manager: dansimp
---
# Policy CSP - ADMX_FramePanes
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -94,13 +98,7 @@ This policy setting shows or hides the Details Pane in File Explorer.
This is the default policy setting.
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -169,12 +167,6 @@ Hides the Preview Pane in File Explorer.
- If you disable, or do not configure this setting, the Preview Pane is hidden by default and can be displayed by the user.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -186,8 +178,5 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
-
diff --git a/windows/client-management/mdm/policy-csp-admx-fthsvc.md b/windows/client-management/mdm/policy-csp-admx-fthsvc.md
index 8790ac9ad7..7d8f37dd58 100644
--- a/windows/client-management/mdm/policy-csp-admx-fthsvc.md
+++ b/windows/client-management/mdm/policy-csp-admx-fthsvc.md
@@ -13,8 +13,13 @@ manager: dansimp
---
# Policy CSP - ADMX_FTHSVC
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -91,12 +96,6 @@ The DPS can be configured with the Services snap-in to the Microsoft Management
No system restart or service restart is required for this policy setting to take effect: changes take effect immediately.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -110,7 +109,5 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
diff --git a/windows/client-management/mdm/policy-csp-admx-grouppolicy.md b/windows/client-management/mdm/policy-csp-admx-grouppolicy.md
index cbb70f971a..dc63616394 100644
--- a/windows/client-management/mdm/policy-csp-admx-grouppolicy.md
+++ b/windows/client-management/mdm/policy-csp-admx-grouppolicy.md
@@ -13,8 +13,12 @@ manager: dansimp
---
# Policy CSP - ADMX_GroupPolicy
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -162,28 +166,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -195,12 +205,13 @@ manager: dansimp
> [!div class = "checklist"]
> * Device
+> * User
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows user-based policy processing, roaming user profiles, and user object logon scripts for interactive logons across forests.
+This policy setting allows user-based policy processing, roaming user profiles, and user object logon scripts for interactive logons across forests.
This policy setting affects all user accounts that interactively log on to a computer in a different forest when a trust across forests or a two-way forest trust exists.
@@ -216,12 +227,7 @@ If you enable this policy setting, the behavior is exactly the same as in Window
If you disable this policy setting, the behavior is the same as if it is not configured.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -240,28 +246,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -278,7 +290,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines when software installation policies are updated.
+This policy setting determines when software installation policies are updated.
This policy setting affects all policy settings that use the software installation component of Group Policy, such as policy settings in Software Settings\Software Installation. You can set software installation policy only for Group Policy Objects stored in Active Directory, not for Group Policy Objects on the local computer.
@@ -291,12 +303,7 @@ The "Allow processing across a slow network connection" option updates the polic
The "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies have not changed. Many policy setting implementations specify that they are updated only when changed. However, you might want to update unchanged policy settings, such as reapplying a desired policies in case a user has changed it.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -315,28 +322,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -353,7 +366,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines when disk quota policies are updated.
+This policy setting determines when disk quota policies are updated.
This policy setting affects all policies that use the disk quota component of Group Policy, such as those in Computer Configuration\Administrative Templates\System\Disk Quotas.
@@ -368,12 +381,7 @@ The "Do not apply during periodic background processing" option prevents the sys
The "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired setting in case a user has changed it.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -392,28 +400,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -430,7 +444,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines when encryption policies are updated.
+This policy setting determines when encryption policies are updated.
This policy setting affects all policies that use the encryption component of Group Policy, such as policies related to encryption in Windows Settings\Security Settings.
@@ -445,12 +459,7 @@ The "Do not apply during periodic background processing" option prevents the sys
The "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired setting in case a user has changed it.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -469,28 +478,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -507,7 +522,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines when folder redirection policies are updated.
+This policy setting determines when folder redirection policies are updated.
This policy setting affects all policies that use the folder redirection component of Group Policy, such as those in WindowsSettings\Folder Redirection. You can only set folder redirection policy for Group Policy objects, stored in Active Directory, not for Group Policy objects on the local computer.
@@ -520,12 +535,7 @@ The "Allow processing across a slow network connection" option updates the polic
The "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired setting in case a user has changed it.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -544,28 +554,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -582,7 +598,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines when Internet Explorer Maintenance policies are updated.
+This policy setting determines when Internet Explorer Maintenance policies are updated.
This policy setting affects all policies that use the Internet Explorer Maintenance component of Group Policy, such as those in Windows Settings\Internet Explorer Maintenance.
@@ -597,12 +613,7 @@ The "Do not apply during periodic background processing" option prevents the sys
The "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired policy setting in case a user has changed it.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -621,28 +632,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -659,7 +676,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines when IP security policies are updated.
+This policy setting determines when IP security policies are updated.
This policy setting affects all policies that use the IP security component of Group Policy, such as policies in Computer Configuration\Windows Settings\Security Settings\IP Security Policies on Local Machine.
@@ -674,12 +691,7 @@ The "Do not apply during periodic background processing" option prevents the sys
The "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired policy setting in case a user has changed it.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -698,28 +710,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -736,7 +754,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines when registry policies are updated.
+This policy setting determines when registry policies are updated.
This policy setting affects all policies in the Administrative Templates folder and any other policies that store values in the registry. It overrides customized settings that the program implementing a registry policy set when it was installed.
@@ -747,12 +765,7 @@ The "Do not apply during periodic background processing" option prevents the sys
The "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired policy setting in case a user has changed it.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -771,28 +784,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -809,7 +828,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines when policies that assign shared scripts are updated.
+This policy setting determines when policies that assign shared scripts are updated.
This policy setting affects all policies that use the scripts component of Group Policy, such as those in WindowsSettings\Scripts. It overrides customized settings that the program implementing the scripts policy set when it was installed.
@@ -822,12 +841,7 @@ The "Do not apply during periodic background processing" option prevents the sys
The "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired policy setting in case a user has changed it.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -846,28 +860,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -884,7 +904,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines when security policies are updated.
+This policy setting determines when security policies are updated.
This policy setting affects all policies that use the security component of Group Policy, such as those in Windows Settings\Security Settings.
@@ -897,12 +917,7 @@ The "Do not apply during periodic background processing" option prevents the sys
The "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they be updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired policy setting in case a user has changed it.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -921,28 +936,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -959,7 +980,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines when policies that assign wired network settings are updated.
+This policy setting determines when policies that assign wired network settings are updated.
This policy setting affects all policies that use the wired network component of Group Policy, such as those in Windows Settings\Wired Network Policies.
@@ -976,12 +997,7 @@ The "Do not apply during periodic background processing" option prevents the sys
The "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired setting in case a user has changed it.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1000,28 +1016,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1038,7 +1060,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines when policies that assign wireless network settings are updated.
+This policy setting determines when policies that assign wireless network settings are updated.
This policy setting affects all policies that use the wireless network component of Group Policy, such as those in WindowsSettings\Wireless Network Policies.
@@ -1055,12 +1077,7 @@ The "Do not apply during periodic background processing" option prevents the sys
The "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired setting in case a user has changed it.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1079,28 +1096,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1117,19 +1140,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies how long Group Policy should wait for workplace connectivity notifications during startup policy processing. If the startup policy processing is synchronous, the computer is blocked until workplace connectivity is available or the wait time is reached. If the startup policy processing is asynchronous, the computer is not blocked and policy processing will occur in the background. In either case, configuring this policy setting overrides any system-computed wait times.
+This policy setting specifies how long Group Policy should wait for workplace connectivity notifications during startup policy processing. If the startup policy processing is synchronous, the computer is blocked until workplace connectivity is available or the wait time is reached. If the startup policy processing is asynchronous, the computer is not blocked and policy processing will occur in the background. In either case, configuring this policy setting overrides any system-computed wait times.
If you enable this policy setting, Group Policy uses this administratively configured maximum wait time for workplace connectivity, and overrides any default or system-computed wait time.
If you disable or do not configure this policy setting, Group Policy will use the default wait time of 60 seconds on computers running Windows operating systems greater than Windows 7 configured for workplace connectivity.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1148,28 +1166,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1186,7 +1210,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls the ability of users to view their Resultant Set of Policy (RSoP) data.
+This policy setting controls the ability of users to view their Resultant Set of Policy (RSoP) data.
By default, interactively logged on users can view their own Resultant Set of Policy (RSoP) data.
@@ -1202,12 +1226,7 @@ If you disable or do not configure this policy setting, interactive users can ge
> This policy setting exists as both a User Configuration and Computer Configuration setting. Also, see the "Turn off Resultant set of Policy logging" policy setting in Computer Configuration\Administrative Templates\System\GroupPolicy.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1226,28 +1245,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1264,7 +1289,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls the ability of users to view their Resultant Set of Policy (RSoP) data.
+This policy setting controls the ability of users to view their Resultant Set of Policy (RSoP) data.
By default, interactively logged on users can view their own Resultant Set of Policy (RSoP) data.
@@ -1280,12 +1305,7 @@ If you disable or do not configure this policy setting, interactive users can ge
> This policy setting exists as both a User Configuration and Computer Configuration setting. Also, see the "Turn off Resultant set of Policy logging" policy setting in Computer Configuration\Administrative Templates\System\GroupPolicy.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1304,28 +1324,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1342,15 +1368,10 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents the Group Policy Client Service from stopping when idle.
+This policy setting prevents the Group Policy Client Service from stopping when idle.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1369,28 +1390,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1407,7 +1434,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Prevents the system from updating the Administrative Templates source files automatically when you open the Group Policy Object Editor.
+Prevents the system from updating the Administrative Templates source files automatically when you open the Group Policy Object Editor.
Administrators might want to use this if they are concerned about the amount of space used on the system volume of a DC.
@@ -1425,12 +1452,7 @@ Files will always be copied to the GPO if they have a later timestamp.
> If the Computer Configuration policy setting, "Always use local ADM files for the Group Policy Object Editor" is enabled, the state of this setting is ignored and always treated as Enabled.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1449,28 +1471,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1487,7 +1515,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents Group Policy from being updated while the computer is in use. This policy setting applies to Group Policy for computers, users, and domain controllers.
+This policy setting prevents Group Policy from being updated while the computer is in use. This policy setting applies to Group Policy for computers, users, and domain controllers.
If you enable this policy setting, the system waits until the current user logs off the system before updating the computer and user settings.
@@ -1497,12 +1525,7 @@ If you disable or do not configure this policy setting, updates can be applied w
> If you make changes to this policy setting, you must restart your computer for it to take effect.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1521,28 +1544,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1559,7 +1588,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents Local Group Policy Objects (Local GPOs) from being applied.
+This policy setting prevents Local Group Policy Objects (Local GPOs) from being applied.
By default, the policy settings in Local GPOs are applied before any domain-based GPO policy settings. These policy settings can apply to both users and the local computer. You can disable the processing and application of all Local GPOs to ensure that only domain-based GPOs are applied.
@@ -1571,12 +1600,7 @@ If you disable or do not configure this policy setting, Local GPOs continue to b
> For computers joined to a domain, it is strongly recommended that you only configure this policy setting in domain-based GPOs. This policy setting will be ignored on computers that are joined to a workgroup.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1595,28 +1619,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1633,13 +1663,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to control a user's ability to invoke a computer policy refresh.
+This policy setting allows you to control a user's ability to invoke a computer policy refresh.
If you enable this policy setting, users are not able to invoke a refresh of computer policy. Computer policy will still be applied at startup or when an official policy refresh occurs.
If you disable or do not configure this policy setting, the default behavior applies. By default, computer policy is applied when the computer starts up. It also applies at a specified refresh interval or when manually invoked by the user.
-Note: This policy setting applies only to non-administrators. Administrators can still invoke a refresh of computer policy at any time, no matter how this policy setting is configured.
+> [!NOTE]
+> This policy setting applies only to non-administrators. Administrators can still invoke a refresh of computer policy at any time, no matter how this policy setting is configured.
Also, see the "Set Group Policy refresh interval for computers" policy setting to change the policy refresh interval.
@@ -1647,12 +1678,7 @@ Also, see the "Set Group Policy refresh interval for computers" policy setting t
> If you make changes to this policy setting, you must restart your computer for it to take effect.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1671,28 +1697,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1709,7 +1741,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether the Windows device is allowed to participate in cross-device experiences (continue experiences).
+This policy setting determines whether the Windows device is allowed to participate in cross-device experiences (continue experiences).
If you enable this policy setting, the Windows device is discoverable by other Windows devices that belong to the same user, and can participate in cross-device experiences.
@@ -1718,12 +1750,7 @@ If you disable this policy setting, the Windows device is not discoverable by ot
If you do not configure this policy setting, the default behavior depends on the Windows edition. Changes to this policy take effect on reboot.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1742,28 +1769,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1780,7 +1813,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure Group Policy caching behavior.
+This policy setting allows you to configure Group Policy caching behavior.
If you enable or do not configure this policy setting, Group Policy caches policy information after every background processing session. This cache saves applicable GPOs and the settings contained within them. When Group Policy runs in synchronous foreground mode, it refers to this cache, which enables it to run faster. When the cache is read, Group Policy attempts to contact a logon domain controller to determine the link speed. When Group Policy runs in background mode or asynchronous foreground mode, it continues to download the latest version of the policy information, and it uses a bandwidth estimate to determine slow link thresholds. (See the “Configure Group Policy Slow Link Detection” policy setting to configure asynchronous foreground behavior.)
@@ -1791,12 +1824,7 @@ The timeout value that is defined in this policy setting determines how long Gro
If you disable this policy setting, the Group Policy client will not cache applicable GPOs or settings that are contained within the GPOs. When Group Policy runs synchronously, it downloads the latest version of the policy from the network and uses bandwidth estimates to determine slow link thresholds. (See the “Configure Group Policy Slow Link Detection” policy setting to configure asynchronous foreground behavior.)
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1815,28 +1843,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1853,7 +1887,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure Group Policy caching behavior on Windows Server machines.
+This policy setting allows you to configure Group Policy caching behavior on Windows Server machines.
If you enable this policy setting, Group Policy caches policy information after every background processing session. This cache saves applicable GPOs and the settings contained within them. When Group Policy runs in synchronous foreground mode, it refers to this cache, which enables it to run faster. When the cache is read, Group Policy attempts to contact a logon domain controller to determine the link speed. When Group Policy runs in background mode or asynchronous foreground mode, it continues to download the latest version of the policy information, and it uses a bandwidth estimate to determine slow link thresholds. (See the “Configure Group Policy Slow Link Detection” policy setting to configure asynchronous foreground behavior.)
@@ -1864,12 +1898,7 @@ The timeout value that is defined in this policy setting determines how long Gro
If you disable or do not configure this policy setting, the Group Policy client will not cache applicable GPOs or settings that are contained within the GPOs. When Group Policy runs synchronously, it downloads the latest version of the policy from the network and uses bandwidth estimates to determine slow link thresholds. (See the “Configure Group Policy Slow Link Detection” policy setting to configure asynchronous foreground behavior.)
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1888,28 +1917,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1926,7 +1961,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy allows IT admins to turn off the ability to Link a Phone with a PC to continue reading, emailing and other tasks that requires linking between Phone and PC.
+This policy allows IT admins to turn off the ability to Link a Phone with a PC to continue reading, emailing and other tasks that requires linking between Phone and PC.
If you enable this policy setting, the Windows device will be able to enroll in Phone-PC linking functionality and participate in Continue on PC experiences.
@@ -1935,12 +1970,7 @@ If you disable this policy setting, the Windows device is not allowed to be link
If you do not configure this policy setting, the default behavior depends on the Windows edition. Changes to this policy take effect on reboot.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1959,28 +1989,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1997,7 +2033,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents administrators from viewing or using Group Policy preferences.
+This policy setting prevents administrators from viewing or using Group Policy preferences.
A Group Policy administration (.adm) file can contain both true settings and preferences. True settings, which are fully supported by Group Policy, must use registry entries in the Software\Policies or Software\Microsoft\Windows\CurrentVersion\Policies registry subkeys. Preferences, which are not fully supported, use registry entries in other subkeys.
@@ -2011,12 +2047,7 @@ If you disable or do not configure this policy setting, the "Show Policies Only"
In Group Policy Object Editor, preferences have a red icon to distinguish them from true settings, which have a blue icon.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2035,28 +2066,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2073,17 +2110,12 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This security feature provides a global setting to prevent programs from loading untrusted fonts. Untrusted fonts are any font installed outside of the %windir%\Fonts directory.
+This security feature provides a global setting to prevent programs from loading untrusted fonts. Untrusted fonts are any font installed outside of the %windir%\Fonts directory.
This feature can be configured to be in 3 modes: On, Off, and Audit. By default, it is Off and no fonts are blocked. If you aren't quite ready to deploy this feature into your organization, you can run it in Audit mode to see if blocking untrusted fonts causes any usability or compatibility issues.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2102,28 +2134,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2140,7 +2178,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines which domain controller the Group Policy Object Editor snap-in uses.
+This policy setting determines which domain controller the Group Policy Object Editor snap-in uses.
If you enable this setting, you can which domain controller is used according to these options:
@@ -2156,12 +2194,7 @@ If you disable this setting or do not configure it, the Group Policy Object Edit
> To change the PDC Operations Master for a domain, in Active Directory Users and Computers, right-click a domain, and then click "Operations Masters."
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2180,28 +2213,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2218,7 +2257,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting defines a slow connection for purposes of applying and updating Group Policy.
+This policy setting defines a slow connection for purposes of applying and updating Group Policy.
If the rate at which data is transferred from the domain controller providing a policy update to the computers in this group is slower than the rate specified by this setting, the system considers the connection to be slow.
@@ -2230,15 +2269,13 @@ If you disable this setting or do not configure it, the system uses the default
This setting appears in the Computer Configuration and User Configuration folders. The setting in Computer Configuration defines a slow link for policies in the Computer Configuration folder. The setting in User Configuration defines a slow link for settings in the User Configuration folder.
-Also, see the "Do not detect slow network connections" and related policies in Computer Configuration\Administrative Templates\System\User Profile. Note: If the profile server has IP connectivity, the connection speed setting is used. If the profile server does not have IP connectivity, the SMB timing is used.
+Also, see the "Do not detect slow network connections" and related policies in Computer Configuration\Administrative Templates\System\User Profile.
+
+> [!NOTE]
+> If the profile server has IP connectivity, the connection speed setting is used. If the profile server does not have IP connectivity, the SMB timing is used.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2257,28 +2294,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2295,7 +2338,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting defines a slow connection for purposes of applying and updating Group Policy.
+This policy setting defines a slow connection for purposes of applying and updating Group Policy.
If the rate at which data is transferred from the domain controller providing a policy update to the computers in this group is slower than the rate specified by this setting, the system considers the connection to be slow.
@@ -2307,15 +2350,13 @@ If you disable this setting or do not configure it, the system uses the default
This setting appears in the Computer Configuration and User Configuration folders. The setting in Computer Configuration defines a slow link for policies in the Computer Configuration folder. The setting in User Configuration defines a slow link for settings in the User Configuration folder.
-Also, see the "Do not detect slow network connections" and related policies in Computer Configuration\Administrative Templates\System\User Profile. Note: If the profile server has IP connectivity, the connection speed setting is used. If the profile server does not have IP connectivity, the SMB timing is used.
+Also, see the "Do not detect slow network connections" and related policies in Computer Configuration\Administrative Templates\System\User Profile.
+
+> [!NOTE]
+> If the profile server has IP connectivity, the connection speed setting is used. If the profile server does not have IP connectivity, the SMB timing is used.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2334,28 +2375,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2372,7 +2419,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies how often Group Policy for computers is updated while the computer is in use (in the background). This setting specifies a background update rate only for Group Policies in the Computer Configuration folder.
+This policy setting specifies how often Group Policy for computers is updated while the computer is in use (in the background). This setting specifies a background update rate only for Group Policies in the Computer Configuration folder.
In addition to background updates, Group Policy for the computer is always updated when the system starts.
@@ -2392,12 +2439,7 @@ This setting is only used when the "Turn off background refresh of Group Policy"
> Consider notifying users that their policy is updated periodically so that they recognize the signs of a policy update. When Group Policy is updated, the Windows desktop is refreshed; it flickers briefly and closes open menus. Also, restrictions imposed by Group Policies, such as those that limit the programs users can run, might interfere with tasks in progress.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2416,28 +2458,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2454,7 +2502,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies how often Group Policy is updated on domain controllers while they are running (in the background). The updates specified by this setting occur in addition to updates performed when the system starts.
+This policy setting specifies how often Group Policy is updated on domain controllers while they are running (in the background). The updates specified by this setting occur in addition to updates performed when the system starts.
By default, Group Policy on the domain controllers is updated every five minutes.
@@ -2468,12 +2516,7 @@ This setting also lets you specify how much the actual update interval varies. T
> This setting is used only when you are establishing policy for a domain, site, organizational unit (OU), or customized group. If you are establishing policy for a local computer only, the system ignores this setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2492,28 +2535,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2530,7 +2579,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies how often Group Policy for users is updated while the computer is in use (in the background). This setting specifies a background update rate only for the Group Policies in the User Configuration folder.
+This policy setting specifies how often Group Policy for users is updated while the computer is in use (in the background). This setting specifies a background update rate only for the Group Policies in the User Configuration folder.
In addition to background updates, Group Policy for users is always updated when users log on.
@@ -2552,12 +2601,7 @@ This setting also lets you specify how much the actual update interval varies. T
> Consider notifying users that their policy is updated periodically so that they recognize the signs of a policy update. When Group Policy is updated, the Windows desktop is refreshed; it flickers briefly and closes open menus. Also, restrictions imposed by Group Policies, such as those that limit the programs a user can run, might interfere with tasks in progress.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2576,28 +2620,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2614,7 +2664,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Enter “0” to disable Logon Script Delay.
+Enter “0” to disable Logon Script Delay.
This policy setting allows you to configure how long the Group Policy client waits after logon before running scripts.
@@ -2627,12 +2677,7 @@ If you disable this policy setting, Group Policy will run scripts immediately af
If you do not configure this policy setting, Group Policy will wait five minutes before running logon scripts.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2651,28 +2696,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2689,7 +2740,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to set the default display name for new Group Policy objects.
+This policy setting allows you to set the default display name for new Group Policy objects.
This setting allows you to specify the default name for new Group Policy objects created from policy compliant Group Policy Management tools including the Group Policy tab in Active Directory tools and the GPO browser.
@@ -2698,12 +2749,7 @@ The display name can contain environment variables and can be a maximum of 255 c
If this setting is Disabled or Not Configured, the default display name of New Group Policy object is used.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2722,28 +2768,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2760,19 +2812,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to create new Group Policy object links in the disabled state.
+This policy setting allows you to create new Group Policy object links in the disabled state.
If you enable this setting, you can create all new Group Policy object links in the disabled state by default. After you configure and test the new object links by using a policy compliant Group Policy management tool such as Active Directory Users and Computers or Active Directory Sites and Services, you can enable the object links for use on the system.
If you disable this setting or do not configure it, new Group Policy object links are created in the enabled state. If you do not want them to be effective until they are configured and tested, you must disable the object link.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2791,28 +2838,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2829,7 +2882,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting lets you always use local ADM files for the Group Policy snap-in.
+This policy setting lets you always use local ADM files for the Group Policy snap-in.
By default, when you edit a Group Policy Object (GPO) using the Group Policy Object Editor snap-in, the ADM files are loaded from that GPO into the Group Policy Object Editor snap-in. This allows you to use the same version of the ADM files that were used to create the GPO while editing this GPO.
@@ -2853,12 +2906,7 @@ If you disable or do not configure this setting, the Group Policy Object Editor
> If the ADMs that you require are not all available locally in your %windir%\inf directory, you might not be able to see all the settings that have been configured in the GPO that you are editing.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2877,28 +2925,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2916,7 +2970,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This security feature provides a means to override individual process MitigationOptions settings. This can be used to enforce a number of security policies specific to applications. The application name is specified as the Value name, including extension. The Value is specified as a bit field with a series of flags in particular positions. Bits can be set to either 0 (setting is forced off), 1 (setting is forced on), or ? (setting retains its existing value prior to GPO evaluation). The recognized bit locations are:
+This security feature provides a means to override individual process MitigationOptions settings. This can be used to enforce a number of security policies specific to applications. The application name is specified as the Value name, including extension. The Value is specified as a bit field with a series of flags in particular positions. Bits can be set to either 0 (setting is forced off), 1 (setting is forced on), or ? (setting retains its existing value prior to GPO evaluation). The recognized bit locations are:
PROCESS_CREATION_MITIGATION_POLICY_DEP_ENABLE (0x00000001)
Enables data execution prevention (DEP) for the child process
@@ -2940,12 +2994,7 @@ For instance, to enable PROCESS_CREATION_MITIGATION_POLICY_DEP_ENABLE and PROCES
Setting flags not specified here to any value other than ? results in undefined behavior.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2964,28 +3013,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3002,7 +3057,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This setting allows you to enable or disable Resultant Set of Policy (RSoP) logging on a client computer.
+This setting allows you to enable or disable Resultant Set of Policy (RSoP) logging on a client computer.
RSoP logs information on Group Policy settings that have been applied to the client. This information includes details such as which Group Policy Objects (GPO) were applied, where they came from, and the client-side extension settings that were included.
@@ -3014,12 +3069,7 @@ If you disable or do not configure this setting, RSoP logging is turned on. By d
> To view the RSoP information logged on a client computer, you can use the RSoP snap-in in the Microsoft Management Console (MMC).
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3038,28 +3088,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3076,15 +3132,10 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Enabling this setting will cause the Group Policy Client to connect to the same domain controller for DFS shares as is being used for Active Directory.
+Enabling this setting will cause the Group Policy Client to connect to the same domain controller for DFS shares as is being used for Active Directory.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3103,28 +3154,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3141,7 +3198,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows an administrator to define the Direct Access connection to be considered a fast network connection for the purposes of applying and updating Group Policy.
+This policy setting allows an administrator to define the Direct Access connection to be considered a fast network connection for the purposes of applying and updating Group Policy.
When Group Policy detects the bandwidth speed of a Direct Access connection, the detection can sometimes fail to provide any bandwidth speed information. If Group Policy detects a bandwidth speed, Group Policy will follow the normal rules for evaluating if the Direct Access connection is a fast or slow network connection. If no bandwidth speed is detected, Group Policy will default to a slow network connection. This policy setting allows the administrator the option to override the default to slow network connection and instead default to using a fast network connection in the case that no network bandwidth speed is determined.
@@ -3153,12 +3210,7 @@ If you enable this policy, when Group Policy cannot determine the bandwidth spee
If you disable this setting or do not configure it, Group Policy will evaluate the network connection as a slow link and process only those client side extensions configured to process over a slow link.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3177,28 +3229,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3215,7 +3273,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy directs Group Policy processing to skip processing any client side extension that requires synchronous processing (that is, whether computers wait for the network to be fully initialized during computer startup and user logon) when a slow network connection is detected.
+This policy directs Group Policy processing to skip processing any client side extension that requires synchronous processing (that is, whether computers wait for the network to be fully initialized during computer startup and user logon) when a slow network connection is detected.
If you enable this policy setting, when a slow network connection is detected, Group Policy processing will always run in an asynchronous manner.
Client computers will not wait for the network to be fully initialized at startup and logon. Existing users will be logged on using cached credentials,
@@ -3232,12 +3290,7 @@ and Drive Maps preference extension will not be applied.
If you disable or do not configure this policy setting, detecting a slow network connection will not affect whether Group Policy processing will be synchronous or asynchronous.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3256,28 +3309,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3294,19 +3353,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies how long Group Policy should wait for network availability notifications during startup policy processing. If the startup policy processing is synchronous, the computer is blocked until the network is available or the default wait time is reached. If the startup policy processing is asynchronous, the computer is not blocked and policy processing will occur in the background. In either case, configuring this policy setting overrides any system-computed wait times.
+This policy setting specifies how long Group Policy should wait for network availability notifications during startup policy processing. If the startup policy processing is synchronous, the computer is blocked until the network is available or the default wait time is reached. If the startup policy processing is asynchronous, the computer is not blocked and policy processing will occur in the background. In either case, configuring this policy setting overrides any system-computed wait times.
If you enable this policy setting, Group Policy will use this administratively configured maximum wait time and override any default or system-computed wait time.
If you disable or do not configure this policy setting, Group Policy will use the default wait time of 30 seconds on computers running Windows Vista operating system.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3325,28 +3379,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3363,7 +3423,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting directs the system to apply the set of Group Policy objects for the computer to any user who logs on to a computer affected by this setting. It is intended for special-use computers, such as those in public places, laboratories, and classrooms, where you must modify the user setting based on the computer that is being used.
+This policy setting directs the system to apply the set of Group Policy objects for the computer to any user who logs on to a computer affected by this setting. It is intended for special-use computers, such as those in public places, laboratories, and classrooms, where you must modify the user setting based on the computer that is being used.
By default, the user's Group Policy Objects determine which user settings apply. If this setting is enabled, then, when a user logs on to this computer, the computer's Group Policy Objects determine which set of Group Policy Objects applies.
@@ -3379,12 +3439,7 @@ If you disable this setting or do not configure it, the user's Group Policy Obje
> This setting is effective only when both the computer account and the user account are in at least Windows 2000 domains.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3397,6 +3452,5 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-help.md b/windows/client-management/mdm/policy-csp-admx-help.md
index fcdb9696af..c281c53d6b 100644
--- a/windows/client-management/mdm/policy-csp-admx-help.md
+++ b/windows/client-management/mdm/policy-csp-admx-help.md
@@ -13,8 +13,12 @@ manager: dansimp
---
# Policy CSP - ADMX_Help
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -45,28 +49,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -83,7 +93,7 @@ manager: dansimp
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to exclude HTML Help Executable from being monitored by software-enforced Data Execution Prevention.
+This policy setting allows you to exclude HTML Help Executable from being monitored by software-enforced Data Execution Prevention.
Data Execution Prevention (DEP) is designed to block malicious code that takes advantage of exception-handling mechanisms in Windows by monitoring your programs to make sure that they use system memory safely.
@@ -92,12 +102,7 @@ If you enable this policy setting, DEP for HTML Help Executable is turned off. T
If you disable or do not configure this policy setting, DEP is turned on for HTML Help Executable. This provides an additional security benefit, but HTML Help stops if DEP detects system memory abnormalities.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -116,28 +121,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -154,7 +165,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to restrict certain HTML Help commands to function only in HTML Help (.chm) files within specified folders and their subfolders. Alternatively, you can disable these commands on the entire system. It is strongly recommended that only folders requiring administrative privileges be added to this policy setting.
+This policy setting allows you to restrict certain HTML Help commands to function only in HTML Help (.chm) files within specified folders and their subfolders. Alternatively, you can disable these commands on the entire system. It is strongly recommended that only folders requiring administrative privileges be added to this policy setting.
If you enable this policy setting, the commands function only for .chm files in the specified folders and their subfolders.
@@ -175,12 +186,7 @@ If you disable or do not configure this policy setting, these commands are fully
For additional options, see the "Restrict these programs from being launched from Help" policy.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -199,28 +205,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -237,7 +249,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to restrict programs from being run from online Help.
+This policy setting allows you to restrict programs from being run from online Help.
If you enable this policy setting, you can prevent specified programs from being run from Help. When you enable this policy setting, enter the file names names of the programs you want to restrict, separated by commas.
@@ -249,12 +261,7 @@ If you disable or do not configure this policy setting, users can run all applic
> This policy setting is available under Computer Configuration and User Configuration. If both are settings are used, any programs listed in either of these locations cannot launched from Help.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -273,28 +280,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -311,7 +324,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to restrict programs from being run from online Help.
+This policy setting allows you to restrict programs from being run from online Help.
If you enable this policy setting, you can prevent specified programs from being run from Help. When you enable this policy setting, enter the file names names of the programs you want to restrict, separated by commas.
@@ -322,12 +335,7 @@ If you disable or do not configure this policy setting, users can run all applic
>
> This policy setting is available under Computer Configuration and User Configuration. If both are settings are used, any programs listed in either of these locations cannot launched from Help.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -340,8 +348,7 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
diff --git a/windows/client-management/mdm/policy-csp-admx-helpandsupport.md b/windows/client-management/mdm/policy-csp-admx-helpandsupport.md
index 15a6785034..8e79c571f5 100644
--- a/windows/client-management/mdm/policy-csp-admx-helpandsupport.md
+++ b/windows/client-management/mdm/policy-csp-admx-helpandsupport.md
@@ -13,8 +13,12 @@ manager: dansimp
---
# Policy CSP - ADMX_HelpAndSupport
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -45,28 +49,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -83,19 +93,14 @@ manager: dansimp
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether active content links in trusted assistance content are rendered. By default, the Help viewer renders trusted assistance content with active elements such as ShellExecute links and Guided Help links.
+This policy setting specifies whether active content links in trusted assistance content are rendered. By default, the Help viewer renders trusted assistance content with active elements such as ShellExecute links and Guided Help links.
If you enable this policy setting, active content links are not rendered. The text is displayed, but there are no clickable links for these elements.
If you disable or do not configure this policy setting, the default behavior applies (Help viewer renders trusted assistance content with active elements).
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -114,28 +119,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -152,7 +163,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether users can provide ratings for Help content.
+This policy setting specifies whether users can provide ratings for Help content.
If you enable this policy setting, ratings controls are not added to Help content.
@@ -161,12 +172,7 @@ If you disable or do not configure this policy setting, ratings controls are add
Users can use the control to provide feedback on the quality and usefulness of the Help and Support content.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -184,28 +190,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -222,19 +234,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether users can participate in the Help Experience Improvement program. The Help Experience Improvement program collects information about how customers use Windows Help so that Microsoft can improve it.
+This policy setting specifies whether users can participate in the Help Experience Improvement program. The Help Experience Improvement program collects information about how customers use Windows Help so that Microsoft can improve it.
If you enable this policy setting, users cannot participate in the Help Experience Improvement program.
If you disable or do not configure this policy setting, users can turn on the Help Experience Improvement program feature from the Help and Support settings page.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -253,28 +260,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -291,19 +304,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether users can search and view content from Windows Online in Help and Support. Windows Online provides the most up-to-date Help content for Windows.
+This policy setting specifies whether users can search and view content from Windows Online in Help and Support. Windows Online provides the most up-to-date Help content for Windows.
If you enable this policy setting, users are prevented from accessing online assistance content from Windows Online.
If you disable or do not configure this policy setting, users can access online assistance if they have a connection to the Internet and have not disabled Windows Online from the Help and Support Options page.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -316,8 +324,7 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
diff --git a/windows/client-management/mdm/policy-csp-admx-hotspotauth.md b/windows/client-management/mdm/policy-csp-admx-hotspotauth.md
index 17e85306fc..23fdd62c9a 100644
--- a/windows/client-management/mdm/policy-csp-admx-hotspotauth.md
+++ b/windows/client-management/mdm/policy-csp-admx-hotspotauth.md
@@ -13,8 +13,13 @@ manager: dansimp
---
# Policy CSP - ADMX_HotSpotAuth
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -90,12 +95,6 @@ This policy setting defines whether WLAN hotspots are probed for Wireless Intern
- If you disable this policy setting, WLAN hotspots are not probed for WISPr protocol support, and users can only authenticate with WLAN hotspots using a web browser.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -109,7 +108,6 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
diff --git a/windows/client-management/mdm/policy-csp-admx-icm.md b/windows/client-management/mdm/policy-csp-admx-icm.md
index eecfadc85d..20e245b182 100644
--- a/windows/client-management/mdm/policy-csp-admx-icm.md
+++ b/windows/client-management/mdm/policy-csp-admx-icm.md
@@ -13,8 +13,12 @@ manager: dansimp
---
# Policy CSP - ADMX_ICM
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -111,28 +115,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -149,7 +159,7 @@ manager: dansimp
-Available in the latest Windows 10 Insider Preview Build. This policy setting turns off the Windows Customer Experience Improvement Program. The Windows Customer Experience Improvement Program collects information about your hardware configuration and how you use our software and services to identify trends and usage patterns. Microsoft will not collect your name, address, or any other personally identifiable information. There are no surveys to complete, no salesperson will call, and you can continue working without interruption. It is simple and user-friendly.
+This policy setting turns off the Windows Customer Experience Improvement Program. The Windows Customer Experience Improvement Program collects information about your hardware configuration and how you use our software and services to identify trends and usage patterns. Microsoft will not collect your name, address, or any other personally identifiable information. There are no surveys to complete, no salesperson will call, and you can continue working without interruption. It is simple and user-friendly.
If you enable this policy setting, all users are opted out of the Windows Customer Experience Improvement Program.
@@ -158,12 +168,7 @@ If you disable this policy setting, all users are opted into the Windows Custome
If you do not configure this policy setting, the administrator can use the Problem Reports and Solutions component in Control Panel to enable Windows Customer Experience Improvement Program for all users.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -182,28 +187,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -220,7 +231,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether to automatically update root certificates using the Windows Update website.
+This policy setting specifies whether to automatically update root certificates using the Windows Update website.
Typically, a certificate is used when you use a secure website or when you send and receive secure email. Anyone can issue certificates, but to have transactions that are as secure as possible, certificates must be issued by a trusted certificate authority (CA). Microsoft has included a list in Windows XP and other products of companies and organizations that it considers trusted authorities.
@@ -229,12 +240,7 @@ If you enable this policy setting, when you are presented with a certificate iss
If you disable or do not configure this policy setting, your computer will contact the Windows Update website.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -253,28 +259,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -291,7 +303,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether to allow printing over HTTP from this client.
+This policy setting specifies whether to allow printing over HTTP from this client.
Printing over HTTP allows a client to print to printers on the intranet as well as the Internet.
@@ -303,12 +315,7 @@ If you enable this policy setting, it prevents this client from printing to Inte
If you disable or do not configure this policy setting, users can choose to print to Internet printers over HTTP. Also, see the "Web-based printing" policy setting in Computer Configuration/Administrative Templates/Printers.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -327,28 +334,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -365,7 +378,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether to allow this client to download print driver packages over HTTP.
+This policy setting specifies whether to allow this client to download print driver packages over HTTP.
To set up HTTP printing, non-inbox drivers need to be downloaded over HTTP.
@@ -379,12 +392,7 @@ If you enable this policy setting, print drivers cannot be downloaded over HTTP.
If you disable or do not configure this policy setting, users can download print drivers over HTTP.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -403,28 +411,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -441,7 +455,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether Windows searches Windows Update for device drivers when no local drivers for a device are present.
+This policy setting specifies whether Windows searches Windows Update for device drivers when no local drivers for a device are present.
If you enable this policy setting, Windows Update is not searched when a new device is installed.
@@ -455,12 +469,7 @@ Also see "Turn off Windows Update device driver search prompt" in "Administrativ
> This policy setting is replaced by "Specify Driver Source Search Order" in "Administrative Templates/System/Device Installation" on newer versions of Windows.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -479,28 +488,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -517,7 +532,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether "Events.asp" hyperlinks are available for events within the Event Viewer application.
+This policy setting specifies whether "Events.asp" hyperlinks are available for events within the Event Viewer application.
The Event Viewer normally makes all HTTP(S) URLs into hyperlinks that activate the Internet browser when clicked. In addition, "More Information" is placed at the end of the description text if the event is created by a Microsoft component. This text contains a link (URL) that, if clicked, sends information about the event to Microsoft, and allows users to learn more about why that event occurred.
@@ -528,12 +543,7 @@ If you disable or do not configure this policy setting, the user can click the h
Also, see "Events.asp URL", "Events.asp program", and "Events.asp Program Command Line Parameters" settings in "Administrative Templates/Windows Components/Event Viewer".
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -552,28 +562,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -590,7 +606,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether to show the "Did you know?" section of Help and Support Center.
+This policy setting specifies whether to show the "Did you know?" section of Help and Support Center.
This content is dynamically updated when users who are connected to the Internet open Help and Support Center, and provides up-to-date information about Windows and the computer.
@@ -601,12 +617,7 @@ If you disable or do not configure this policy setting, the Help and Support Cen
You might want to enable this policy setting for users who do not have Internet access, because the content in the "Did you know?" section will remain static indefinitely without an Internet connection.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -625,28 +636,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -663,7 +680,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether users can perform a Microsoft Knowledge Base search from the Help and Support Center.
+This policy setting specifies whether users can perform a Microsoft Knowledge Base search from the Help and Support Center.
The Knowledge Base is an online source of technical support information and self-help tools for Microsoft products, and is searched as part of all Help and Support Center searches with the default search options.
@@ -672,12 +689,7 @@ If you enable this policy setting, it removes the Knowledge Base section from th
If you disable or do not configure this policy setting, the Knowledge Base is searched if the user has a connection to the Internet and has not disabled the Knowledge Base search from the Search Options page.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -696,28 +708,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -734,7 +752,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether Windows can access the Internet to accomplish tasks that require Internet resources.
+This policy setting specifies whether Windows can access the Internet to accomplish tasks that require Internet resources.
If you enable this setting, all of the the policy settings listed in the "Internet Communication settings" section are set such that their respective features cannot access the Internet.
@@ -743,12 +761,7 @@ If you disable this policy setting, all of the the policy settings listed in the
If you do not configure this policy setting, all of the the policy settings in the "Internet Communication settings" section are set to not configured.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -767,28 +780,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -805,7 +824,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether Windows can access the Internet to accomplish tasks that require Internet resources.
+This policy setting specifies whether Windows can access the Internet to accomplish tasks that require Internet resources.
If you enable this setting, all of the the policy settings listed in the "Internet Communication settings" section are set such that their respective features cannot access the Internet.
@@ -813,12 +832,7 @@ If you disable this policy setting, all of the the policy settings listed in the
If you do not configure this policy setting, all of the the policy settings in the "Internet Communication settings" section are set to not configured.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -837,28 +851,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -875,19 +895,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether the Internet Connection Wizard can connect to Microsoft to download a list of Internet Service Providers (ISPs).
+This policy setting specifies whether the Internet Connection Wizard can connect to Microsoft to download a list of Internet Service Providers (ISPs).
If you enable this policy setting, the "Choose a list of Internet Service Providers" path in the Internet Connection Wizard causes the wizard to exit. This prevents users from retrieving the list of ISPs, which resides on Microsoft servers.
If you disable or do not configure this policy setting, users can connect to Microsoft to download a list of ISPs for their area.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -906,28 +921,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -944,7 +965,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether the Windows Registration Wizard connects to Microsoft.com for online registration.
+This policy setting specifies whether the Windows Registration Wizard connects to Microsoft.com for online registration.
If you enable this policy setting, it blocks users from connecting to Microsoft.com for online registration and users cannot register their copy of Windows online.
@@ -953,12 +974,7 @@ If you disable or do not configure this policy setting, users can connect to Mic
Note that registration is optional and involves submitting some personal information to Microsoft. However, Windows Product Activation is required but does not involve submitting any personal information (except the country/region you live in).
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -977,28 +993,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1015,7 +1037,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether or not errors are reported to Microsoft.
+This policy setting controls whether or not errors are reported to Microsoft.
Error Reporting is used to report information about a system or application that has failed or has stopped responding and is used to improve the quality of the product.
@@ -1028,12 +1050,7 @@ This policy setting overrides any user setting made from the Control Panel for e
Also see the "Configure Error Reporting", "Display Error Notification" and "Disable Windows Error Reporting" policy settings under Computer Configuration/Administrative Templates/Windows Components/Windows Error Reporting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1052,28 +1069,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1090,7 +1113,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove access to Windows Update.
+This policy setting allows you to remove access to Windows Update.
If you enable this policy setting, all Windows Update features are removed. This includes blocking access to the Windows Update website at https://windowsupdate.microsoft.com, from the Windows Update hyperlink on the Start menu, and also on the Tools menu in Internet Explorer. Windows automatic updating is also disabled; you will neither be notified about nor will you receive critical updates from Windows Update. This policy setting also prevents Device Manager from automatically installing driver updates from the Windows Update website.
@@ -1100,12 +1123,7 @@ If you disable or do not configure this policy setting, users can access the Win
> This policy applies only when this PC is configured to connect to an intranet update service using the "Specify intranet Microsoft update service location" policy.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1124,28 +1142,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1162,7 +1186,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether Search Companion should automatically download content updates during local and Internet searches.
+This policy setting specifies whether Search Companion should automatically download content updates during local and Internet searches.
When users search the local computer or the Internet, Search Companion occasionally connects to Microsoft to download an updated privacy policy and additional content files used to format and display results.
@@ -1174,12 +1198,7 @@ If you disable or do not configure this policy setting, Search Companion downloa
> Internet searches still send the search text and information about the search to Microsoft and the chosen search provider. Choosing Classic Search turns off the Search Companion feature completely.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1198,28 +1217,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1236,7 +1261,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether to use the Microsoft Web service for finding an application to open a file with an unhandled file association.
+This policy setting specifies whether to use the Microsoft Web service for finding an application to open a file with an unhandled file association.
When a user opens a file that has an extension that is not associated with any applications on the computer, the user is given the choice to select a local application or use the Web service to find an application.
@@ -1245,12 +1270,7 @@ If you enable this policy setting, the link and the dialog for using the Web ser
If you disable or do not configure this policy setting, the user is allowed to use the Web service.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1269,28 +1289,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1307,7 +1333,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether to use the Microsoft Web service for finding an application to open a file with an unhandled file association.
+This policy setting specifies whether to use the Microsoft Web service for finding an application to open a file with an unhandled file association.
When a user opens a file that has an extension that is not associated with any applications on the computer, the user is given the choice to select a local application or use the Web service to find an application.
@@ -1316,12 +1342,7 @@ If you enable this policy setting, the link and the dialog for using the Web ser
If you disable or do not configure this policy setting, the user is allowed to use the Web service.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1340,28 +1361,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1378,7 +1405,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether to use the Store service for finding an application to open a file with an unhandled file type or protocol association.
+This policy setting specifies whether to use the Store service for finding an application to open a file with an unhandled file type or protocol association.
When a user opens a file type or protocol that is not associated with any applications on the computer, the user is given the choice to select a local application or use the Store service to find an application.
@@ -1387,12 +1414,7 @@ If you enable this policy setting, the "Look for an app in the Store" item in th
If you disable or do not configure this policy setting, the user is allowed to use the Store service and the Store item is available in the Open With dialog.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1411,28 +1433,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1449,7 +1477,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether to use the Store service for finding an application to open a file with an unhandled file type or protocol association.
+This policy setting specifies whether to use the Store service for finding an application to open a file with an unhandled file type or protocol association.
When a user opens a file type or protocol that is not associated with any applications on the computer, the user is given the choice to select a local application or use the Store service to find an application.
@@ -1458,12 +1486,7 @@ If you enable this policy setting, the "Look for an app in the Store" item in th
If you disable or do not configure this policy setting, the user is allowed to use the Store service and the Store item is available in the Open With dialog.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1482,28 +1505,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1520,7 +1549,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether Windows should download a list of providers for the web publishing and online ordering wizards. These wizards allow users to select from a list of companies that provide services such as online storage and photographic printing. By default, Windows displays providers downloaded from a Windows website in addition to providers specified in the registry.
+This policy setting specifies whether Windows should download a list of providers for the web publishing and online ordering wizards. These wizards allow users to select from a list of companies that provide services such as online storage and photographic printing. By default, Windows displays providers downloaded from a Windows website in addition to providers specified in the registry.
If you enable this policy setting, Windows does not download providers, and only the service providers that are cached in the local registry are displayed.
@@ -1529,12 +1558,7 @@ If you disable or do not configure this policy setting, a list of providers are
See the documentation for the web publishing and online ordering wizards for more information, including details on specifying service providers in the registry.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1553,28 +1577,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1591,19 +1621,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether the "Order Prints Online" task is available from Picture Tasks in Windows folders.
+This policy setting specifies whether the "Order Prints Online" task is available from Picture Tasks in Windows folders.
The Order Prints Online Wizard is used to download a list of providers and allow users to order prints online. If you enable this policy setting, the task "Order Prints Online" is removed from Picture Tasks in File Explorer folders.
If you disable or do not configure this policy setting, the task is displayed.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1622,28 +1647,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1660,7 +1691,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether the "Order Prints Online" task is available from Picture Tasks in Windows folders.
+This policy setting specifies whether the "Order Prints Online" task is available from Picture Tasks in Windows folders.
The Order Prints Online Wizard is used to download a list of providers and allow users to order prints online.
@@ -1669,12 +1700,7 @@ If you enable this policy setting, the task "Order Prints Online" is removed fro
If you disable or do not configure this policy setting, the task is displayed.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1693,28 +1719,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1731,19 +1763,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether the tasks "Publish this file to the Web," "Publish this folder to the Web," and "Publish the selected items to the Web" are available from File and Folder Tasks in Windows folders.
+This policy setting specifies whether the tasks "Publish this file to the Web," "Publish this folder to the Web," and "Publish the selected items to the Web" are available from File and Folder Tasks in Windows folders.
The Web Publishing Wizard is used to download a list of providers and allow users to publish content to the web.
If you enable this policy setting, these tasks are removed from the File and Folder tasks in Windows folders. If you disable or do not configure this policy setting, the tasks are shown.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1762,28 +1789,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1800,7 +1833,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether the tasks "Publish this file to the Web," "Publish this folder to the Web," and "Publish the selected items to the Web" are available from File and Folder Tasks in Windows folders.
+This policy setting specifies whether the tasks "Publish this file to the Web," "Publish this folder to the Web," and "Publish the selected items to the Web" are available from File and Folder Tasks in Windows folders.
The Web Publishing Wizard is used to download a list of providers and allow users to publish content to the web.
@@ -1809,12 +1842,7 @@ If you enable this policy setting, these tasks are removed from the File and Fol
If you disable or do not configure this policy setting, the tasks are shown.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1833,28 +1861,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1871,7 +1905,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether Windows Messenger collects anonymous information about how Windows Messenger software and service is used.
+This policy setting specifies whether Windows Messenger collects anonymous information about how Windows Messenger software and service is used.
With the Customer Experience Improvement program, users can allow Microsoft to collect anonymous information about how the product is used.
@@ -1882,12 +1916,7 @@ If you enable this policy setting, Windows Messenger does not collect usage info
If you disable this policy setting, Windows Messenger collects anonymous usage information, and the setting is not shown. If you do not configure this policy setting, users have the choice to opt in and allow information to be collected.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1906,28 +1935,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1944,7 +1979,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether Windows Messenger collects anonymous information about how Windows Messenger software and service is used.
+This policy setting specifies whether Windows Messenger collects anonymous information about how Windows Messenger software and service is used.
With the Customer Experience Improvement program, users can allow Microsoft to collect anonymous information about how the product is used.
@@ -1957,12 +1992,7 @@ If you disable this policy setting, Windows Messenger collects anonymous usage i
If you do not configure this policy setting, users have the choice to opt in and allow information to be collected.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1975,8 +2005,6 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
diff --git a/windows/client-management/mdm/policy-csp-admx-iis.md b/windows/client-management/mdm/policy-csp-admx-iis.md
index 7516b56b97..6cda2222f1 100644
--- a/windows/client-management/mdm/policy-csp-admx-iis.md
+++ b/windows/client-management/mdm/policy-csp-admx-iis.md
@@ -13,8 +13,13 @@ manager: dansimp
---
# Policy CSP - ADMX_IIS
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -88,12 +93,7 @@ Enabling this setting will not have any effect on IIS if IIS is already installe
- If you disable or do not configure this policy setting, IIS can be installed, as well as all the programs and applications that require IIS to run."
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -107,7 +107,6 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
diff --git a/windows/client-management/mdm/policy-csp-admx-kdc.md b/windows/client-management/mdm/policy-csp-admx-kdc.md
index 76d11f5aa4..1309460a63 100644
--- a/windows/client-management/mdm/policy-csp-admx-kdc.md
+++ b/windows/client-management/mdm/policy-csp-admx-kdc.md
@@ -13,8 +13,12 @@ manager: dansimp
---
# Policy CSP - ADMX_kdc
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -51,28 +55,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -89,7 +99,7 @@ manager: dansimp
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure a domain controller to support claims and compound authentication for Dynamic Access Control and Kerberos armoring using Kerberos authentication.
+This policy setting allows you to configure a domain controller to support claims and compound authentication for Dynamic Access Control and Kerberos armoring using Kerberos authentication.
If you enable this policy setting, client computers that support claims and compound authentication for Dynamic Access Control and are Kerberos armor-aware will use this feature for Kerberos authentication messages. This policy should be applied to all domain controllers to ensure consistent application of this policy in the domain.
@@ -123,12 +133,7 @@ Impact on domain controller performance when this policy setting is enabled:
- Kerberos armoring fully encrypts Kerberos messages and signs Kerberos errors which results in increased processing time, but does not change the service ticket size.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -147,28 +152,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -185,7 +196,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting defines the list of trusting forests that the Key Distribution Center (KDC) searches when attempting to resolve two-part service principal names (SPNs).
+This policy setting defines the list of trusting forests that the Key Distribution Center (KDC) searches when attempting to resolve two-part service principal names (SPNs).
If you enable this policy setting, the KDC will search the forests in this list if it is unable to resolve a two-part SPN in the local forest. The forest search is performed by using a global catalog or name suffix hints. If a match is found, the KDC will return a referral ticket to the client for the appropriate domain.
@@ -194,12 +205,7 @@ If you disable or do not configure this policy setting, the KDC will not search
To ensure consistent behavior, this policy setting must be supported and set identically on all domain controllers in the domain.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -218,28 +224,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -256,7 +268,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Support for PKInit Freshness Extension requires Windows Server 2016 domain functional level (DFL). If the domain controller’s domain is not at Windows Server 2016 DFL or higher this policy will not be applied.
+Support for PKInit Freshness Extension requires Windows Server 2016 domain functional level (DFL). If the domain controller’s domain is not at Windows Server 2016 DFL or higher this policy will not be applied.
This policy setting allows you to configure a domain controller (DC) to support the PKInit Freshness Extension.
@@ -269,12 +281,7 @@ Required: PKInit Freshness Extension is required for successful authentication.
If you disable or not configure this policy setting, then the DC will never offer the PKInit Freshness Extension and accept valid authentication requests without checking for freshness. Users will never receive the fresh public key identity SID.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -293,28 +300,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -331,7 +344,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure a domain controller to request compound authentication.
+This policy setting allows you to configure a domain controller to request compound authentication.
> [!NOTE]
> For a domain controller to request compound authentication, the policy "KDC support for claims, compound authentication, and Kerberos armoring" must be configured and enabled.
@@ -341,12 +354,7 @@ If you enable this policy setting, domain controllers will request compound auth
If you disable or do not configure this policy setting, domain controllers will return service tickets that contain compound authentication any time the client sends a compound authentication request regardless of the account configuration.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -365,28 +373,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -403,19 +417,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure at what size Kerberos tickets will trigger the warning event issued during Kerberos authentication. The ticket size warnings are logged in the System log.
+This policy setting allows you to configure at what size Kerberos tickets will trigger the warning event issued during Kerberos authentication. The ticket size warnings are logged in the System log.
If you enable this policy setting, you can set the threshold limit for Kerberos ticket which trigger the warning events. If set too high, then authentication failures might be occurring even though warning events are not being logged. If set too low, then there will be too many ticket warnings in the log to be useful for analysis. This value should be set to the same value as the Kerberos policy "Set maximum Kerberos SSPI context token buffer size" or the smallest MaxTokenSize used in your environment if you are not configuring using Group Policy.
If you disable or do not configure this policy setting, the threshold value defaults to 12,000 bytes, which is the default Kerberos MaxTokenSize for Windows 7, Windows Server 2008 R2 and prior versions.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -434,28 +443,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -472,7 +487,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether the domain controller provides information about previous logons to client computers.
+This policy setting controls whether the domain controller provides information about previous logons to client computers.
If you enable this policy setting, the domain controller provides the information message about previous logons.
@@ -484,12 +499,7 @@ If you disable or do not configure this policy setting, the domain controller do
> Information about previous logons is provided only if the domain functional level is Windows Server 2008. In domains with a domain functional level of Windows Server 2003, Windows 2000 native, or Windows 2000 mixed, domain controllers cannot provide information about previous logons, and enabling this policy setting does not affect anything.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -502,8 +512,7 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
diff --git a/windows/client-management/mdm/policy-csp-admx-kerberos.md b/windows/client-management/mdm/policy-csp-admx-kerberos.md
index 0546c527b2..0546f3e781 100644
--- a/windows/client-management/mdm/policy-csp-admx-kerberos.md
+++ b/windows/client-management/mdm/policy-csp-admx-kerberos.md
@@ -13,8 +13,12 @@ manager: dansimp
---
# Policy CSP - ADMX_Kerberos
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -57,28 +61,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -95,7 +105,7 @@ manager: dansimp
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether a device always sends a compound authentication request when the resource domain requests compound identity.
+This policy setting controls whether a device always sends a compound authentication request when the resource domain requests compound identity.
> [!NOTE]
> For a domain controller to request compound authentication, the policies "KDC support for claims, compound authentication, and Kerberos armoring" and "Request compound authentication" must be configured and enabled in the resource account domain.
@@ -105,12 +115,7 @@ If you enable this policy setting and the resource domain requests compound auth
If you disable or do not configure this policy setting and the resource domain requests compound authentication, devices will send a non-compounded authentication request first then a compound authentication request when the service requests compound authentication.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -129,28 +134,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -167,7 +178,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Support for device authentication using certificate will require connectivity to a DC in the device account domain which supports certificate authentication for computer accounts.
+Support for device authentication using certificate will require connectivity to a DC in the device account domain which supports certificate authentication for computer accounts.
This policy setting allows you to set support for Kerberos to attempt authentication using the certificate for the device to the domain.
@@ -181,12 +192,7 @@ If you disable this policy setting, certificates will never be used.
If you do not configure this policy setting, Automatic will be used.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -205,28 +211,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -243,7 +255,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify which DNS host names and which DNS suffixes are mapped to a Kerberos realm.
+This policy setting allows you to specify which DNS host names and which DNS suffixes are mapped to a Kerberos realm.
If you enable this policy setting, you can view and change the list of DNS host names and DNS suffixes mapped to a Kerberos realm as defined by Group Policy. To view the list of mappings, enable the policy setting and then click the Show button. To add a mapping, enable the policy setting, note the syntax, and then click Show. In the Show Contents dialog box in the Value Name column, type a realm name. In the Value column, type the list of DNS host names and DNS suffixes using the appropriate syntax format. To remove a mapping from the list, click the mapping entry to be removed, and then press the DELETE key. To edit a mapping, remove the current entry from the list and add a new one with different parameters.
@@ -252,12 +264,7 @@ If you disable this policy setting, the host name-to-Kerberos realm mappings lis
If you do not configure this policy setting, the system uses the host name-to-Kerberos realm mappings that are defined in the local registry, if they exist.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -276,28 +283,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -314,7 +327,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to disable revocation check for the SSL certificate of the targeted KDC proxy server.
+This policy setting allows you to disable revocation check for the SSL certificate of the targeted KDC proxy server.
If you enable this policy setting, revocation check for the SSL certificate of the KDC proxy server is ignored by the Kerberos client. This policy setting should only be used in troubleshooting KDC proxy connections.
Warning: When revocation check is ignored, the server represented by the certificate is not guaranteed valid.
@@ -322,12 +335,7 @@ Warning: When revocation check is ignored, the server represented by the certifi
If you disable or do not configure this policy setting, the Kerberos client enforces the revocation check for the SSL certificate. The connection to the KDC proxy server is not established if the revocation check fails.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -346,28 +354,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -384,19 +398,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the Kerberos client's mapping to KDC proxy servers for domains based on their DNS suffix names.
+This policy setting configures the Kerberos client's mapping to KDC proxy servers for domains based on their DNS suffix names.
If you enable this policy setting, the Kerberos client will use the KDC proxy server for a domain when a domain controller cannot be located based on the configured mappings. To map a KDC proxy server to a domain, enable the policy setting, click Show, and then map the KDC proxy server name(s) to the DNS name for the domain using the syntax described in the options pane. In the Show Contents dialog box in the Value Name column, type a DNS suffix name. In the Value column, type the list of proxy servers using the appropriate syntax format. To view the list of mappings, enable the policy setting and then click the Show button. To remove a mapping from the list, click the mapping entry to be removed, and then press the DELETE key. To edit a mapping, remove the current entry from the list and add a new one with different parameters.
If you disable or do not configure this policy setting, the Kerberos client does not have KDC proxy servers settings defined by Group Policy.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -415,28 +424,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -453,7 +468,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the Kerberos client so that it can authenticate with interoperable Kerberos V5 realms, as defined by this policy setting.
+This policy setting configures the Kerberos client so that it can authenticate with interoperable Kerberos V5 realms, as defined by this policy setting.
If you enable this policy setting, you can view and change the list of interoperable Kerberos V5 realms and their settings. To view the list of interoperable Kerberos V5 realms, enable the policy setting and then click the Show button. To add an interoperable Kerberos V5 realm, enable the policy setting, note the syntax, and then click Show. In the Show Contents dialog box in the Value Name column, type the interoperable Kerberos V5 realm name. In the Value column, type the realm flags and host names of the host KDCs using the appropriate syntax format. To remove an interoperable Kerberos V5 realm Value Name or Value entry from the list, click the entry, and then press the DELETE key. To edit a mapping, remove the current entry from the list and add a new one with different parameters.
@@ -462,12 +477,7 @@ If you disable this policy setting, the interoperable Kerberos V5 realm settings
If you do not configure this policy setting, the system uses the interoperable Kerberos V5 realm settings that are defined in the local registry, if they exist.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -486,28 +496,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -524,7 +540,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls configuring the device's Active Directory account for compound authentication.
+This policy setting controls configuring the device's Active Directory account for compound authentication.
Support for providing compound authentication which is used for access control will require enough domain controllers in the resource account domains to support the requests. The Domain Administrator must configure the policy "Support Dynamic Access Control and Kerberos armoring" on all the domain controllers to support this policy.
@@ -539,12 +555,7 @@ If you disable this policy setting, Never will be used.
If you do not configure this policy setting, Automatic will be used.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -563,28 +574,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -601,19 +618,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure this server so that Kerberos can decrypt a ticket that contains this system-generated SPN. When an application attempts to make a remote procedure call (RPC) to this server with a NULL value for the service principal name (SPN), computers running Windows 7 or later attempt to use Kerberos by generating an SPN.
+This policy setting allows you to configure this server so that Kerberos can decrypt a ticket that contains this system-generated SPN. When an application attempts to make a remote procedure call (RPC) to this server with a NULL value for the service principal name (SPN), computers running Windows 7 or later attempt to use Kerberos by generating an SPN.
If you enable this policy setting, only services running as LocalSystem or NetworkService are allowed to accept these connections. Services running as identities different from LocalSystem or NetworkService might fail to authenticate.
If you disable or do not configure this policy setting, any service is allowed to accept incoming connections by using this system-generated SPN.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -625,7 +637,6 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
diff --git a/windows/client-management/mdm/policy-csp-admx-lanmanserver.md b/windows/client-management/mdm/policy-csp-admx-lanmanserver.md
index e8d00a28cb..67a94e4f64 100644
--- a/windows/client-management/mdm/policy-csp-admx-lanmanserver.md
+++ b/windows/client-management/mdm/policy-csp-admx-lanmanserver.md
@@ -13,8 +13,12 @@ manager: dansimp
---
# Policy CSP - ADMX_LanmanServer
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -45,28 +49,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -83,7 +93,7 @@ manager: dansimp
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines the cipher suites used by the SMB server.
+This policy setting determines the cipher suites used by the SMB server.
If you enable this policy setting, cipher suites are prioritized in the order specified.
@@ -106,12 +116,7 @@ Arrange the desired cipher suites in the edit box, one cipher suite per line, in
> When configuring this security setting, changes will not take effect until you restart Windows.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -134,28 +139,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -172,7 +183,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether a hash generation service generates hashes, also called content information, for data that is stored in shared folders. This policy setting must be applied to server computers that have the File Services role and both the File Server and the BranchCache for Network Files role services installed.
+This policy setting specifies whether a hash generation service generates hashes, also called content information, for data that is stored in shared folders. This policy setting must be applied to server computers that have the File Services role and both the File Server and the BranchCache for Network Files role services installed.
Policy configuration
@@ -189,12 +200,7 @@ In circumstances where this policy setting is enabled, you can also select the f
- Disallow hash publication on all shared folders. With this option, BranchCache does not generate content information for any shares on the computer and does not send content information to client computers that request content.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -217,28 +223,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -255,7 +267,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether the BranchCache hash generation service supports version 1 (V1) hashes, version 2 (V2) hashes, or both V1 and V2 hashes. Hashes, also called content information, are created based on the data in shared folders where BranchCache is enabled.
+This policy setting specifies whether the BranchCache hash generation service supports version 1 (V1) hashes, version 2 (V2) hashes, or both V1 and V2 hashes. Hashes, also called content information, are created based on the data in shared folders where BranchCache is enabled.
If you specify only one version that is supported, content information for that version is the only type that is generated by BranchCache, and it is the only type of content information that can be retrieved by client computers. For example, if you enable support for V1 hashes, BranchCache generates only V1 hashes and client computers can retrieve only V1 hashes.
@@ -276,12 +288,7 @@ Hash version supported:
- To support both V1 and V2 content information, configure "Hash version supported" with the value of 3.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -300,28 +307,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -338,7 +351,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines how the SMB server selects a cipher suite when negotiating a new connection with an SMB client.
+This policy setting determines how the SMB server selects a cipher suite when negotiating a new connection with an SMB client.
If you enable this policy setting, the SMB server will select the cipher suite it most prefers from the list of client-supported cipher suites, ignoring the client's preferences.
@@ -348,12 +361,7 @@ If you disable or do not configure this policy setting, the SMB server will sele
> When configuring this security setting, changes will not take effect until you restart Windows.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -366,8 +374,7 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
diff --git a/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md b/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md
index ac60e3f522..73350f7d43 100644
--- a/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md
+++ b/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md
@@ -13,8 +13,12 @@ manager: dansimp
---
# Policy CSP - ADMX_LanmanWorkstation
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -42,28 +46,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -80,7 +90,7 @@ manager: dansimp
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines the cipher suites used by the SMB client.
+This policy setting determines the cipher suites used by the SMB client.
If you enable this policy setting, cipher suites are prioritized in the order specified.
@@ -108,12 +118,7 @@ Arrange the desired cipher suites in the edit box, one cipher suite per line, in
> When configuring this security setting, changes will not take effect until you restart Windows.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -132,28 +137,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -170,7 +181,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines the behavior of SMB handle caching for clients connecting to an SMB share where the Continuous Availability (CA) flag is enabled.
+This policy setting determines the behavior of SMB handle caching for clients connecting to an SMB share where the Continuous Availability (CA) flag is enabled.
If you enable this policy setting, the SMB client will allow cached handles to files on CA shares. This may lead to better performance when repeatedly accessing a large number of unstructured data files on CA shares running in Microsoft Azure Files.
@@ -180,12 +191,7 @@ If you disable or do not configure this policy setting, Windows will prevent use
> This policy has no effect when connecting Scale-out File Server shares provided by a Windows Server. Microsoft does not recommend enabling this policy for clients that routinely connect to files hosted on a Windows Failover Cluster with the File Server for General Use role, as it can lead to adverse failover times and increased memory and CPU usage.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -204,28 +210,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -242,7 +254,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines the behavior of Offline Files on clients connecting to an SMB share where the Continuous Availability (CA) flag is enabled.
+This policy setting determines the behavior of Offline Files on clients connecting to an SMB share where the Continuous Availability (CA) flag is enabled.
If you enable this policy setting, the "Always Available offline" option will appear in the File Explorer menu on a Windows computer when connecting to a CA-enabled share. Pinning of files on CA-enabled shares using client-side caching will also be possible.
@@ -252,12 +264,7 @@ If you disable or do not configure this policy setting, Windows will prevent use
> Microsoft does not recommend enabling this group policy. Use of CA with Offline Files will lead to very long transition times between the online and offline states.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -270,7 +277,6 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md b/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md
index 23ab94d3d1..fbaa926485 100644
--- a/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md
+++ b/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md
@@ -13,9 +13,13 @@ manager: dansimp
---
# Policy CSP - ADMX_LeakDiagnostic
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -96,12 +100,7 @@ The DPS can be configured with the Services snap-in to the Microsoft Management
> For Windows Server systems, this policy setting applies only if the Desktop Experience optional component is installed and the Remote Desktop Services role is not installed.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -116,8 +115,6 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
diff --git a/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md b/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md
index 146ad0388c..f14f7c780e 100644
--- a/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md
+++ b/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md
@@ -13,8 +13,12 @@ manager: dansimp
---
# Policy CSP - ADMX_LinkLayerTopologyDiscovery
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -39,28 +43,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -77,7 +87,7 @@ manager: dansimp
-Available in the latest Windows 10 Insider Preview Build. This policy setting changes the operational behavior of the Mapper I/O network protocol driver.
+This policy setting changes the operational behavior of the Mapper I/O network protocol driver.
LLTDIO allows a computer to discover the topology of a network it's connected to. It also allows a computer to initiate Quality-of-Service requests such as bandwidth estimation and network health analysis.
@@ -86,12 +96,7 @@ If you enable this policy setting, additional options are available to fine-tune
If you disable or do not configure this policy setting, the default behavior of LLTDIO will apply.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -110,28 +115,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -148,7 +159,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting changes the operational behavior of the Responder network protocol driver.
+This policy setting changes the operational behavior of the Responder network protocol driver.
The Responder allows a computer to participate in Link Layer Topology Discovery requests so that it can be discovered and located on the network. It also allows a computer to participate in Quality-of-Service activities such as bandwidth estimation and network health analysis.
@@ -157,12 +168,7 @@ If you enable this policy setting, additional options are available to fine-tune
If you disable or do not configure this policy setting, the default behavior for the Responder will apply.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -175,8 +181,7 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
diff --git a/windows/client-management/mdm/policy-csp-admx-logon.md b/windows/client-management/mdm/policy-csp-admx-logon.md
index 68442eff39..186c87c708 100644
--- a/windows/client-management/mdm/policy-csp-admx-logon.md
+++ b/windows/client-management/mdm/policy-csp-admx-logon.md
@@ -13,8 +13,12 @@ manager: dansimp
---
# Policy CSP - ADMX_Logon
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -78,28 +82,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -116,19 +126,14 @@ manager: dansimp
-Available in the latest Windows 10 Insider Preview Build. This policy prevents the user from showing account details (email address or user name) on the sign-in screen.
+This policy prevents the user from showing account details (email address or user name) on the sign-in screen.
If you enable this policy setting, the user cannot choose to show account details on the sign-in screen.
If you disable or do not configure this policy setting, the user may choose to show account details on the sign-in screen.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -147,28 +152,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -185,19 +196,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting disables the acrylic blur effect on logon background image.
+This policy setting disables the acrylic blur effect on logon background image.
If you enable this policy, the logon background image shows without blur.
If you disable or do not configure this policy, the logon background image adopts the acrylic blur effect.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -216,28 +222,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -254,13 +266,9 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting ignores the customized run list.
+This policy setting ignores the customized run list.
-You can create a customized list of additional programs and documents that the system starts automatically when it runs on Windows Vista, Windows XP Professional, and Windows 2000 Professional. These programs are added to the standard run list of programs and services that the system starts.
-
-If you enable this policy setting, the system ignores the run list for Windows Vista, Windows XP Professional, and Windows 2000 Professional.
-
-If you disable or do not configure this policy setting, Windows Vista adds any customized run list configured to its run list.
+These programs are added to the standard run list of programs and services that the system starts.
This policy setting appears in the Computer Configuration and User Configuration folders. If both policy settings are configured, the policy setting in Computer Configuration takes precedence over the policy setting in User Configuration.
@@ -268,12 +276,7 @@ This policy setting appears in the Computer Configuration and User Configuration
> To create a customized run list by using a policy setting, use the "Run these applications at startup" policy setting. Also, see the "Do not process the run once list" policy setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -292,28 +295,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -330,13 +339,9 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting ignores the customized run list.
+This policy setting ignores the customized run list.
-You can create a customized list of additional programs and documents that the system starts automatically when it runs on Windows Vista, Windows XP Professional, and Windows 2000 Professional. These programs are added to the standard run list of programs and services that the system starts.
-
-If you enable this policy setting, the system ignores the run list for Windows Vista, Windows XP Professional, and Windows 2000 Professional.
-
-If you disable or do not configure this policy setting, Windows Vista adds any customized run list configured to its run list.
+These programs are added to the standard run list of programs and services that the system starts.
This policy setting appears in the Computer Configuration and User Configuration folders. If both policy settings are configured, the policy setting in Computer Configuration takes precedence over the policy setting in User Configuration.
@@ -344,12 +349,7 @@ This policy setting appears in the Computer Configuration and User Configuration
> To create a customized run list by using a policy setting, use the "Run these applications at startup" policy setting. Also, see the "Do not process the run once list" policy setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -368,28 +368,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -406,7 +412,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting ignores customized run-once lists.
+This policy setting ignores customized run-once lists.
You can create a customized list of additional programs and documents that are started automatically the next time the system starts (but not thereafter). These programs are added to the standard list of programs and services that the system starts.
@@ -420,12 +426,7 @@ This policy setting appears in the Computer Configuration and User Configuration
> Customized run-once lists are stored in the registry in HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce. Also, see the "Do not process the legacy run list" policy setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -444,28 +445,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -482,7 +489,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting ignores customized run-once lists.
+This policy setting ignores customized run-once lists.
You can create a customized list of additional programs and documents that are started automatically the next time the system starts (but not thereafter). These programs are added to the standard list of programs and services that the system starts.
@@ -496,12 +503,7 @@ This policy setting appears in the Computer Configuration and User Configuration
> Customized run-once lists are stored in the registry in HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce. Also, see the "Do not process the legacy run list" policy setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -520,28 +522,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -558,19 +566,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting suppresses system status messages.
+This policy setting suppresses system status messages.
If you enable this setting, the system does not display a message reminding users to wait while their system starts or shuts down, or while users log on or off.
If you disable or do not configure this policy setting, the system displays the message reminding users to wait while their system starts or shuts down, or while users log on or off.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -589,28 +592,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -627,19 +636,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents connected users from being enumerated on domain-joined computers.
+This policy setting prevents connected users from being enumerated on domain-joined computers.
If you enable this policy setting, the Logon UI will not enumerate any connected users on domain-joined computers.
If you disable or do not configure this policy setting, connected users will be enumerated on domain-joined computers.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -658,28 +662,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -696,7 +706,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting hides the welcome screen that is displayed on Windows 2000 Professional each time the user logs on.
+This policy setting hides the welcome screen that is displayed on Windows each time the user logs on.
If you enable this policy setting, the welcome screen is hidden from the user logging on to a computer where this policy is applied.
@@ -704,7 +714,7 @@ Users can still display the welcome screen by selecting it on the Start menu or
If you disable or do not configure this policy, the welcome screen is displayed each time a user logs on to the computer.
-This setting applies only to Windows 2000 Professional. It does not affect the "Configure Your Server on a Windows 2000 Server" screen on Windows 2000 Server.
+This setting applies only to Windows. It does not affect the "Configure Your Server on a Windows Server" screen on Windows Server.
> [!NOTE]
> This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.
@@ -713,12 +723,7 @@ This setting applies only to Windows 2000 Professional. It does not affect the "
> To display the welcome screen, click Start, point to Programs, point to Accessories, point to System Tools, and then click "Getting Started." To suppress the welcome screen without specifying a setting, clear the "Show this screen at startup" check box on the welcome screen.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -738,28 +743,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -776,13 +787,13 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting hides the welcome screen that is displayed on Windows 2000 Professional each time the user logs on.
+This policy setting hides the welcome screen that is displayed on Windows each time the user logs on.
If you enable this policy setting, the welcome screen is hidden from the user logging on to a computer where this policy is applied.
Users can still display the welcome screen by selecting it on the Start menu or by typing "Welcome" in the Run dialog box.
-If you disable or do not configure this policy, the welcome screen is displayed each time a user logs on to the computer. This setting applies only to Windows 2000 Professional. It does not affect the "Configure Your Server on a Windows 2000 Server" screen on Windows 2000 Server.
+If you disable or do not configure this policy, the welcome screen is displayed each time a user logs on to the computer. This setting applies only to Windows. It does not affect the "Configure Your Server on a Windows Server" screen on Windows Server.
> [!NOTE]
> This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.
@@ -791,12 +802,7 @@ If you disable or do not configure this policy, the welcome screen is displayed
> To display the welcome screen, click Start, point to Programs, point to Accessories, point to System Tools, and then click "Getting Started." To suppress the welcome screen without specifying a setting, clear the "Show this screen at startup" check box on the welcome screen.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -815,28 +821,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -853,7 +865,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies additional programs or documents that Windows starts automatically when a user logs on to the system.
+This policy setting specifies additional programs or documents that Windows starts automatically when a user logs on to the system.
If you enable this policy setting, you can specify which programs can run at the time the user logs on to this computer that has this policy applied.
@@ -867,12 +879,7 @@ If you disable or do not configure this policy setting, the user will have to st
Also, see the "Do not process the legacy run list" and the "Do not process the run once list" settings.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -891,28 +898,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -929,7 +942,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies additional programs or documents that Windows starts automatically when a user logs on to the system.
+This policy setting specifies additional programs or documents that Windows starts automatically when a user logs on to the system.
If you enable this policy setting, you can specify which programs can run at the time the user logs on to this computer that has this policy applied.
@@ -944,12 +957,7 @@ Also, see the "Do not process the legacy run list" and the "Do not process the r
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -968,28 +976,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1006,7 +1020,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether Group Policy processing is synchronous (that is, whether computers wait for the network to be fully initialized during computer startup and user logon). By default, on client computers, Group Policy processing is not synchronous; client computers typically do not wait for the network to be fully initialized at startup and logon. Existing users are logged on using cached credentials, which results in shorter logon times. Group Policy is applied in the background after the network becomes available.
+This policy setting determines whether Group Policy processing is synchronous (that is, whether computers wait for the network to be fully initialized during computer startup and user logon). By default, on client computers, Group Policy processing is not synchronous; client computers typically do not wait for the network to be fully initialized at startup and logon. Existing users are logged on using cached credentials, which results in shorter logon times. Group Policy is applied in the background after the network becomes available.
Note that because this is a background refresh, extensions such as Software Installation and Folder Redirection take two logons to apply changes. To be able to operate safely, these extensions require that no users be logged on. Therefore, they must be processed in the foreground before users are actively using the computer. In addition, changes that are made to the user object, such as adding a roaming profile path, home directory, or user object logon script, may take up to two logons to be detected.
@@ -1031,12 +1045,7 @@ If you disable or do not configure this policy setting and users log on to a cli
> - If Folder Redirection policy will apply during the next logon, security policies will be applied asynchronously during the next update cycle, if network connectivity is available.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1055,28 +1064,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1093,19 +1108,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting ignores Windows Logon Background.
+This policy setting ignores Windows Logon Background.
This policy setting may be used to make Windows give preference to a custom logon background. If you enable this policy setting, the logon screen always attempts to load a custom background instead of the Windows-branded logon background.
If you disable or do not configure this policy setting, Windows uses the default Windows logon background or custom background.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1124,28 +1134,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1162,7 +1178,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting directs the system to display highly detailed status messages.
+This policy setting directs the system to display highly detailed status messages.
This policy setting is designed for advanced users who require this information.
@@ -1174,12 +1190,7 @@ If you disable or do not configure this policy setting, only the default status
> This policy setting is ignored if the "Remove Boot/Shutdown/Logon/Logoff status messages" policy setting is enabled.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1192,8 +1203,7 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
diff --git a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
index aa27ba10da..e5b1bcf653 100644
--- a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
+++ b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
@@ -13,8 +13,12 @@ manager: dansimp
---
# Policy CSP - ADMX_MicrosoftDefenderAntivirus
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -312,28 +316,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -350,19 +360,14 @@ manager: dansimp
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls the load priority for the antimalware service. Increasing the load priority will allow for faster service startup, but may impact performance.
+This policy setting controls the load priority for the antimalware service. Increasing the load priority will allow for faster service startup, but may impact performance.
If you enable or do not configure this setting, the antimalware service will load as a normal priority task.
If you disable this setting, the antimalware service will load as a low priority task.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -381,28 +386,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -419,7 +430,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting turns off Microsoft Defender Antivirus.
+This policy setting turns off Microsoft Defender Antivirus.
If you enable this policy setting, Microsoft Defender Antivirus does not run, and will not scan computers for malware or other potentially unwanted software.
@@ -430,12 +441,7 @@ If you do not configure this policy setting, Windows will internally manage Micr
Enabling or disabling this policy may lead to unexpected or unsupported behavior. It is recommended that you leave this policy setting unconfigured.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -454,28 +460,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -492,7 +504,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Allows an administrator to specify if Automatic Exclusions feature for Server SKUs should be turned off.
+Allows an administrator to specify if Automatic Exclusions feature for Server SKUs should be turned off.
Disabled (Default):
Microsoft Defender will exclude pre-defined list of paths from the scan to improve performance.
@@ -504,12 +516,7 @@ Not configured:
Same as Disabled.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -528,28 +535,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -566,12 +579,12 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This feature ensures the device checks in real time with the Microsoft Active Protection Service (MAPS) before allowing certain content to be run or accessed. If this feature is disabled, the check will not occur, which will lower the protection state of the device.
+This feature ensures the device checks in real time with the Microsoft Active Protection Service (MAPS) before allowing certain content to be run or accessed. If this feature is disabled, the check will not occur, which will lower the protection state of the device.
Enabled – The Block at First Sight setting is turned on.
Disabled – The Block at First Sight setting is turned off.
-This feature requires these Group Policy settings to be set as follows:
+This feature requires these Policy settings to be set as follows:
- MAPS -> The “Join Microsoft MAPS” must be enabled or the “Block at First Sight” feature will not function.
- MAPS -> The “Send file samples when further analysis is required” should be set to 1 (Send safe samples) or 3 (Send all samples). Setting to 0 (Always Prompt) will lower the protection state of the device. Setting to 2 (Never send) means the “Block at First Sight” feature will not function.
@@ -579,12 +592,7 @@ This feature requires these Group Policy settings to be set as follows:
- Real-time Protection -> Do not enable the “Turn off real-time protection” policy or the “Block at First Sight” feature will not function.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -603,28 +611,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -641,19 +655,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether or not complex list settings configured by a local administrator are merged with Group Policy settings. This setting applies to lists such as threats and Exclusions.
+This policy setting controls whether or not complex list settings configured by a local administrator are merged with Policy settings. This setting applies to lists such as threats and Exclusions.
-If you enable or do not configure this setting, unique items defined in Group Policy and in preference settings configured by the local administrator will be merged into the resulting effective policy. In the case of conflicts, Group policy Settings will override preference settings.
+If you enable or do not configure this setting, unique items defined in Policy and in preference settings configured by the local administrator will be merged into the resulting effective policy. In the case of conflicts, Policy Settings will override preference settings.
-If you disable this setting, only items defined by Group Policy will be used in the resulting effective policy. Group Policy settings will override preference settings configured by the local administrator.
+If you disable this setting, only items defined by Policy will be used in the resulting effective policy. Policy settings will override preference settings configured by the local administrator.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -672,28 +681,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -710,7 +725,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting turns off real-time protection prompts for known malware detection.
+This policy setting turns off real-time protection prompts for known malware detection.
Microsoft Defender Antivirus alerts you when malware or potentially unwanted software attempts to install itself or to run on your computer.
@@ -719,12 +734,7 @@ If you enable this policy setting, Microsoft Defender Antivirus will not prompt
If you disable or do not configure this policy setting, Microsoft Defender Antivirus will prompt users to take actions on malware detections.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -743,28 +753,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -781,19 +797,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure whether Microsoft Defender Antivirus automatically takes action on all detected threats. The action to be taken on a particular threat is determined by the combination of the policy-defined action, user-defined action, and the signature-defined action.
+This policy setting allows you to configure whether Microsoft Defender Antivirus automatically takes action on all detected threats. The action to be taken on a particular threat is determined by the combination of the policy-defined action, user-defined action, and the signature-defined action.
If you enable this policy setting, Microsoft Defender Antivirus does not automatically take action on the detected threats, but prompts users to choose from the actions available for each threat.
If you disable or do not configure this policy setting, Microsoft Defender Antivirus automatically takes action on all detected threats after a nonconfigurable delay of approximately five seconds.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -812,28 +823,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -850,15 +867,10 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you specify a list of file types that should be excluded from scheduled, custom, and real-time scanning. File types should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of the file type extension (such as "obj" or "lib"). The value is not used and it is recommended that this be set to 0.
+This policy setting allows you specify a list of file types that should be excluded from scheduled, custom, and real-time scanning. File types should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of the file type extension (such as "obj" or "lib"). The value is not used and it is recommended that this be set to 0.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -877,28 +889,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -915,17 +933,12 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to disable scheduled and real-time scanning for files under the paths specified or for the fully qualified resources specified. Paths should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of a path or a fully qualified resource name.
+This policy setting allows you to disable scheduled and real-time scanning for files under the paths specified or for the fully qualified resources specified. Paths should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of a path or a fully qualified resource name.
As an example, a path might be defined as: "c:\Windows" to exclude all files in this directory. A fully qualified resource name might be defined as: "C:\Windows\App.exe". The value is not used and it is recommended that this be set to 0.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -944,28 +957,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -982,15 +1001,10 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to disable scheduled and real-time scanning for any file opened by any of the specified processes. The process itself will not be excluded. To exclude the process, use the Path exclusion. Processes should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of the path to the process image. Note that only executables can be excluded. For example, a process might be defined as: "c:\windows\app.exe". The value is not used and it is recommended that this be set to 0.
+This policy setting allows you to disable scheduled and real-time scanning for any file opened by any of the specified processes. The process itself will not be excluded. To exclude the process, use the Path exclusion. Processes should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of the path to the process image. Note that only executables can be excluded. For example, a process might be defined as: "c:\windows\app.exe". The value is not used and it is recommended that this be set to 0.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1009,28 +1023,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1047,7 +1067,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Exclude files and paths from Attack Surface Reduction (ASR) rules.
+Exclude files and paths from Attack Surface Reduction (ASR) rules.
Enabled:
Specify the folders or files and resources that should be excluded from ASR rules in the Options section.
@@ -1065,12 +1085,7 @@ Same as Disabled.
You can configure ASR rules in the Configure Attack Surface Reduction rules GP setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1089,28 +1104,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1127,7 +1148,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Set the state for each Attack Surface Reduction (ASR) rule.
+Set the state for each Attack Surface Reduction (ASR) rule.
After enabling this setting, you can set each rule to the following in the Options section:
@@ -1161,12 +1182,7 @@ Same as Disabled.
You can exclude folders or files in the "Exclude files and paths from Attack Surface Reduction Rules" GP setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1185,28 +1201,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1223,7 +1245,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Add additional applications that should be considered "trusted" by controlled folder access.
+Add additional applications that should be considered "trusted" by controlled folder access.
These applications are allowed to modify or delete files in controlled folder access folders.
@@ -1243,12 +1265,7 @@ You can enable controlled folder access in the Configure controlled folder acces
Default system folders are automatically guarded, but you can add folders in the configure protected folders GP setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1267,28 +1284,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1305,7 +1328,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Specify additional folders that should be guarded by the Controlled folder access feature.
+Specify additional folders that should be guarded by the Controlled folder access feature.
Files in these folders cannot be modified or deleted by untrusted applications.
@@ -1326,12 +1349,7 @@ You can enable controlled folder access in the Configure controlled folder acces
Microsoft Defender Antivirus automatically determines which applications can be trusted. You can add additional trusted applications in the Configure allowed applications GP setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1350,28 +1368,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1388,7 +1412,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Enable or disable file hash computation feature.
+Enable or disable file hash computation feature.
Enabled:
When this feature is enabled Microsoft Defender will compute hash value for files it scans.
@@ -1400,12 +1424,7 @@ Not configured:
Same as Disabled.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1424,28 +1443,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1462,19 +1487,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure definition retirement for network protection against exploits of known vulnerabilities. Definition retirement checks to see if a computer has the required security updates necessary to protect it against a particular vulnerability. If the system is not vulnerable to the exploit detected by a definition, then that definition is "retired". If all security intelligence for a given protocol are retired then that protocol is no longer parsed. Enabling this feature helps to improve performance. On a computer that is up-to-date with all the latest security updates, network protection will have no impact on network performance.
+This policy setting allows you to configure definition retirement for network protection against exploits of known vulnerabilities. Definition retirement checks to see if a computer has the required security updates necessary to protect it against a particular vulnerability. If the system is not vulnerable to the exploit detected by a definition, then that definition is "retired". If all security intelligence for a given protocol are retired then that protocol is no longer parsed. Enabling this feature helps to improve performance. On a computer that is up-to-date with all the latest security updates, network protection will have no impact on network performance.
If you enable or do not configure this setting, definition retirement will be enabled.
If you disable this setting, definition retirement will be disabled.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1493,28 +1513,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1531,15 +1557,10 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting defines additional definition sets to enable for network traffic inspection. Definition set GUIDs should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of a definition set GUID. As an example, the definition set GUID to enable test security intelligence is defined as: “{b54b6ac9-a737-498e-9120-6616ad3bf590}”. The value is not used and it is recommended that this be set to 0.
+This policy setting defines additional definition sets to enable for network traffic inspection. Definition set GUIDs should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of a definition set GUID. As an example, the definition set GUID to enable test security intelligence is defined as: “{b54b6ac9-a737-498e-9120-6616ad3bf590}”. The value is not used and it is recommended that this be set to 0.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1558,28 +1579,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1596,19 +1623,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure protocol recognition for network protection against exploits of known vulnerabilities.
+This policy setting allows you to configure protocol recognition for network protection against exploits of known vulnerabilities.
If you enable or do not configure this setting, protocol recognition will be enabled.
If you disable this setting, protocol recognition will be disabled.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1627,28 +1649,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1665,19 +1693,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy, if defined, will prevent antimalware from using the configured proxy server when communicating with the specified IP addresses. The address value should be entered as a valid URL.
+This policy, if defined, will prevent antimalware from using the configured proxy server when communicating with the specified IP addresses. The address value should be entered as a valid URL.
If you enable this setting, the proxy server will be bypassed for the specified addresses.
If you disable or do not configure this setting, the proxy server will not be bypassed for the specified addresses.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1696,28 +1719,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1734,7 +1763,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting defines the URL of a proxy .pac file that should be used when the client attempts to connect the network for security intelligence updates and MAPS reporting. If the proxy auto-config fails or if there is no proxy auto-config specified, the client will fall back to the alternative options (in order):
+This policy setting defines the URL of a proxy .pac file that should be used when the client attempts to connect the network for security intelligence updates and MAPS reporting. If the proxy auto-config fails or if there is no proxy auto-config specified, the client will fall back to the alternative options (in order):
1. Proxy server (if specified)
2. Proxy .pac URL (if specified)
@@ -1747,12 +1776,7 @@ If you enable this setting, the proxy setting will be set to use the specified p
If you disable or do not configure this setting, the proxy will skip over this fallback step according to the order specified above.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1771,28 +1795,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1809,7 +1839,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure the named proxy that should be used when the client attempts to connect to the network for security intelligence updates and MAPS reporting. If the named proxy fails or if there is no proxy specified, the client will fall back to the alternative options (in order):
+This policy setting allows you to configure the named proxy that should be used when the client attempts to connect to the network for security intelligence updates and MAPS reporting. If the named proxy fails or if there is no proxy specified, the client will fall back to the alternative options (in order):
1. Proxy server (if specified)
2. Proxy .pac URL (if specified)
@@ -1822,12 +1852,7 @@ If you enable this setting, the proxy will be set to the specified URL according
If you disable or do not configure this setting, the proxy will skip over this fallback step according to the order specified above.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1846,28 +1871,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1884,19 +1915,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures a local override for the configuration of the number of days items should be kept in the Quarantine folder before being removed. This setting can only be set by Group Policy.
+This policy setting configures a local override for the configuration of the number of days items should be kept in the Quarantine folder before being removed. This setting can only be set by Policy.
-If you enable this setting, the local preference setting will take priority over Group Policy.
+If you enable this setting, the local preference setting will take priority over Policy.
-If you disable or do not configure this setting, Group Policy will take priority over the local preference setting.
+If you disable or do not configure this setting, Policy will take priority over the local preference setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1915,28 +1941,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1953,19 +1985,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting defines the number of days items should be kept in the Quarantine folder before being removed.
+This policy setting defines the number of days items should be kept in the Quarantine folder before being removed.
If you enable this setting, items will be removed from the Quarantine folder after the number of days specified.
If you disable or do not configure this setting, items will be kept in the quarantine folder indefinitely and will not be automatically removed.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1984,28 +2011,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2022,19 +2055,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to enable or disable randomization of the scheduled scan start time and the scheduled security intelligence update start time. This setting is used to distribute the resource impact of scanning. For example, it could be used in guest virtual machines sharing a host, to prevent multiple guest virtual machines from undertaking a disk-intensive operation at the same time.
+This policy setting allows you to enable or disable randomization of the scheduled scan start time and the scheduled security intelligence update start time. This setting is used to distribute the resource impact of scanning. For example, it could be used in guest virtual machines sharing a host, to prevent multiple guest virtual machines from undertaking a disk-intensive operation at the same time.
If you enable or do not configure this setting, scheduled tasks will begin at a random time within an interval of 30 minutes before and after the specified start time.
If you disable this setting, scheduled tasks will begin at the specified start time.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2053,28 +2081,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2091,19 +2125,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure behavior monitoring.
+This policy setting allows you to configure behavior monitoring.
If you enable or do not configure this setting, behavior monitoring will be enabled.
If you disable this setting, behavior monitoring will be disabled.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2122,28 +2151,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2160,19 +2195,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure scanning for all downloaded files and attachments.
+This policy setting allows you to configure scanning for all downloaded files and attachments.
If you enable or do not configure this setting, scanning for all downloaded files and attachments will be enabled.
If you disable this setting, scanning for all downloaded files and attachments will be disabled.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2191,28 +2221,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2229,19 +2265,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure monitoring for file and program activity.
+This policy setting allows you to configure monitoring for file and program activity.
If you enable or do not configure this setting, monitoring for file and program activity will be enabled.
If you disable this setting, monitoring for file and program activity will be disabled.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2260,28 +2291,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2298,19 +2335,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether raw volume write notifications are sent to behavior monitoring.
+This policy setting controls whether raw volume write notifications are sent to behavior monitoring.
If you enable or do not configure this setting, raw write notifications will be enabled.
If you disable this setting, raw write notifications be disabled.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2329,28 +2361,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2367,19 +2405,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure process scanning when real-time protection is turned on. This helps to catch malware which could start when real-time protection is turned off.
+This policy setting allows you to configure process scanning when real-time protection is turned on. This helps to catch malware which could start when real-time protection is turned off.
If you enable or do not configure this setting, a process scan will be initiated when real-time protection is turned on.
If you disable this setting, a process scan will not be initiated when real-time protection is turned on.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2398,28 +2431,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2436,19 +2475,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting defines the maximum size (in kilobytes) of downloaded files and attachments that will be scanned.
+This policy setting defines the maximum size (in kilobytes) of downloaded files and attachments that will be scanned.
If you enable this setting, downloaded files and attachments smaller than the size specified will be scanned.
If you disable or do not configure this setting, a default size will be applied.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2467,28 +2501,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2505,19 +2545,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures a local override for the configuration of behavior monitoring. This setting can only be set by Group Policy.
+This policy setting configures a local override for the configuration of behavior monitoring. This setting can only be set by Policy.
-If you enable this setting, the local preference setting will take priority over Group Policy.
+If you enable this setting, the local preference setting will take priority over Policy.
-If you disable or do not configure this setting, Group Policy will take priority over the local preference setting.
+If you disable or do not configure this setting, Policy will take priority over the local preference setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2536,28 +2571,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2574,19 +2615,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures a local override for the configuration of scanning for all downloaded files and attachments. This setting can only be set by Group Policy.
+This policy setting configures a local override for the configuration of scanning for all downloaded files and attachments. This setting can only be set by Policy.
-If you enable this setting, the local preference setting will take priority over Group Policy.
+If you enable this setting, the local preference setting will take priority over Policy.
-If you disable or do not configure this setting, Group Policy will take priority over the local preference setting.
+If you disable or do not configure this setting, Policy will take priority over the local preference setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2605,28 +2641,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2643,19 +2685,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures a local override for the configuration of monitoring for file and program activity on your computer. This setting can only be set by Group Policy.
+This policy setting configures a local override for the configuration of monitoring for file and program activity on your computer. This setting can only be set by Policy.
-If you enable this setting, the local preference setting will take priority over Group Policy.
+If you enable this setting, the local preference setting will take priority over Policy.
-If you disable or do not configure this setting, Group Policy will take priority over the local preference setting.
+If you disable or do not configure this setting, Policy will take priority over the local preference setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2674,28 +2711,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2712,19 +2755,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures a local override for the configuration to turn on real-time protection. This setting can only be set by Group Policy.
+This policy setting configures a local override for the configuration to turn on real-time protection. This setting can only be set by Policy.
-If you enable this setting, the local preference setting will take priority over Group Policy.
+If you enable this setting, the local preference setting will take priority over Policy.
-If you disable or do not configure this setting, Group Policy will take priority over the local preference setting.
+If you disable or do not configure this setting, Policy will take priority over the local preference setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2743,28 +2781,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2781,19 +2825,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures a local override for the configuration of monitoring for incoming and outgoing file activity. This setting can only be set by Group Policy.
+This policy setting configures a local override for the configuration of monitoring for incoming and outgoing file activity. This setting can only be set by Policy.
-If you enable this setting, the local preference setting will take priority over Group Policy.
+If you enable this setting, the local preference setting will take priority over Policy.
-If you disable or do not configure this setting, Group Policy will take priority over the local preference setting.
+If you disable or do not configure this setting, Policy will take priority over the local preference setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2812,28 +2851,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2850,19 +2895,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures a local override for the configuration of the time to run a scheduled full scan to complete remediation. This setting can only be set by Group Policy.
+This policy setting configures a local override for the configuration of the time to run a scheduled full scan to complete remediation. This setting can only be set by Policy.
-If you enable this setting, the local preference setting will take priority over Group Policy.
+If you enable this setting, the local preference setting will take priority over Policy.
-If you disable or do not configure this setting, Group Policy will take priority over the local preference setting.
+If you disable or do not configure this setting, Policy will take priority over the local preference setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2881,28 +2921,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2919,7 +2965,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the day of the week on which to perform a scheduled full scan in order to complete remediation. The scan can also be configured to run every day or to never run at all.
+This policy setting allows you to specify the day of the week on which to perform a scheduled full scan in order to complete remediation. The scan can also be configured to run every day or to never run at all.
This setting can be configured with the following ordinal number values:
@@ -2938,12 +2984,7 @@ If you enable this setting, a scheduled full scan to complete remediation will r
If you disable or do not configure this setting, a scheduled full scan to complete remediation will run at a default frequency.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2962,28 +3003,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3000,19 +3047,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the time of day at which to perform a scheduled full scan in order to complete remediation. The time value is represented as the number of minutes past midnight (00:00). For example, 120 (0x78) is equivalent to 02:00 AM. The schedule is based on local time on the computer where the scan is executing.
+This policy setting allows you to specify the time of day at which to perform a scheduled full scan in order to complete remediation. The time value is represented as the number of minutes past midnight (00:00). For example, 120 (0x78) is equivalent to 02:00 AM. The schedule is based on local time on the computer where the scan is executing.
If you enable this setting, a scheduled full scan to complete remediation will run at the time of day specified.
If you disable or do not configure this setting, a scheduled full scan to complete remediation will run at a default time.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3031,28 +3073,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3069,15 +3117,10 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the time in minutes before a detection in the "additional action" state moves to the "cleared" state.
+This policy setting configures the time in minutes before a detection in the "additional action" state moves to the "cleared" state.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3096,28 +3139,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3134,15 +3183,10 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the time in minutes before a detection in the “critically failed” state to moves to either the “additional action” state or the “cleared” state.
+This policy setting configures the time in minutes before a detection in the “critically failed” state to moves to either the “additional action” state or the “cleared” state.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3161,28 +3205,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3199,19 +3249,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Use this policy setting to specify if you want Microsoft Defender Antivirus enhanced notifications to display on clients.
+Use this policy setting to specify if you want Microsoft Defender Antivirus enhanced notifications to display on clients.
If you disable or do not configure this setting, Microsoft Defender Antivirus enhanced notifications will display on clients.
If you enable this setting, Microsoft Defender Antivirus enhanced notifications will not display on clients.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3229,28 +3274,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3267,19 +3318,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure whether or not Watson events are sent.
+This policy setting allows you to configure whether or not Watson events are sent.
If you enable or do not configure this setting, Watson events will be sent.
If you disable this setting, Watson events will not be sent.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3298,28 +3344,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3336,15 +3388,10 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the time in minutes before a detection in the "non-critically failed" state moves to the "cleared" state.
+This policy setting configures the time in minutes before a detection in the "non-critically failed" state moves to the "cleared" state.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3361,28 +3408,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3399,15 +3452,10 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the time in minutes before a detection in the "completed" state moves to the "cleared" state.
+This policy setting configures the time in minutes before a detection in the "completed" state moves to the "cleared" state.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3426,28 +3474,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3464,15 +3518,10 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy configures Windows software trace preprocessor (WPP Software Tracing) components.
+This policy configures Windows software trace preprocessor (WPP Software Tracing) components.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3491,28 +3540,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3529,7 +3584,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy allows you to configure tracing levels for Windows software trace preprocessor (WPP Software Tracing).
+This policy allows you to configure tracing levels for Windows software trace preprocessor (WPP Software Tracing).
Tracing levels are defined as:
@@ -3539,12 +3594,7 @@ Tracing levels are defined as:
- 4 - Debug
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3563,28 +3613,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3601,19 +3657,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether or not end users can pause a scan in progress.
+This policy setting allows you to manage whether or not end users can pause a scan in progress.
If you enable or do not configure this setting, a new context menu will be added to the task tray icon to allow the user to pause a scan.
If you disable this setting, users will not be able to pause scans.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3632,28 +3683,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3670,19 +3727,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure the maximum directory depth level into which archive files such as .ZIP or .CAB are unpacked during scanning. The default directory depth level is 0.
+This policy setting allows you to configure the maximum directory depth level into which archive files such as .ZIP or .CAB are unpacked during scanning. The default directory depth level is 0.
If you enable this setting, archive files will be scanned to the directory depth level specified.
If you disable or do not configure this setting, archive files will be scanned to the default directory depth level.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3701,28 +3753,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3739,19 +3797,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure the maximum size of archive files such as .ZIP or .CAB that will be scanned. The value represents file size in kilobytes (KB). The default value is 0 and represents no limit to archive size for scanning.
+This policy setting allows you to configure the maximum size of archive files such as .ZIP or .CAB that will be scanned. The value represents file size in kilobytes (KB). The default value is 0 and represents no limit to archive size for scanning.
If you enable this setting, archive files less than or equal to the size specified will be scanned.
If you disable or do not configure this setting, archive files will be scanned according to the default value.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3771,28 +3824,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3809,19 +3868,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure scans for malicious software and unwanted software in archive files such as .ZIP or .CAB files.
+This policy setting allows you to configure scans for malicious software and unwanted software in archive files such as .ZIP or .CAB files.
If you enable or do not configure this setting, archive files will be scanned.
If you disable this setting, archive files will not be scanned.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3840,28 +3894,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3878,19 +3938,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure e-mail scanning. When e-mail scanning is enabled, the engine will parse the mailbox and mail files, according to their specific format, in order to analyze the mail bodies and attachments. Several e-mail formats are currently supported, for example: pst (Outlook), dbx, mbx, mime (Outlook Express), binhex (Mac).
+This policy setting allows you to configure e-mail scanning. When e-mail scanning is enabled, the engine will parse the mailbox and mail files, according to their specific format, in order to analyze the mail bodies and attachments. Several e-mail formats are currently supported, for example: pst (Outlook), dbx, mbx, mime (Outlook Express), binhex (Mac).
If you enable this setting, e-mail scanning will be enabled.
If you disable or do not configure this setting, e-mail scanning will be disabled.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3909,28 +3964,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3947,19 +4008,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure heuristics. Suspicious detections will be suppressed right before reporting to the engine client. Turning off heuristics will reduce the capability to flag new threats. It is recommended that you do not turn off heuristics.
+This policy setting allows you to configure heuristics. Suspicious detections will be suppressed right before reporting to the engine client. Turning off heuristics will reduce the capability to flag new threats. It is recommended that you do not turn off heuristics.
If you enable or do not configure this setting, heuristics will be enabled.
If you disable this setting, heuristics will be disabled.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3978,28 +4034,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4016,19 +4078,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure scanning for packed executables. It is recommended that this type of scanning remain enabled.
+This policy setting allows you to configure scanning for packed executables. It is recommended that this type of scanning remain enabled.
If you enable or do not configure this setting, packed executables will be scanned.
If you disable this setting, packed executables will not be scanned.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -4047,28 +4104,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4085,19 +4148,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether or not to scan for malicious software and unwanted software in the contents of removable drives, such as USB flash drives, when running a full scan.
+This policy setting allows you to manage whether or not to scan for malicious software and unwanted software in the contents of removable drives, such as USB flash drives, when running a full scan.
If you enable this setting, removable drives will be scanned during any type of scan.
If you disable or do not configure this setting, removable drives will not be scanned during a full scan. Removable drives may still be scanned during quick scan and custom scan.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -4116,28 +4174,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4154,19 +4218,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure reparse point scanning. If you allow reparse points to be scanned, there is a possible risk of recursion. However, the engine supports following reparse points to a maximum depth so at worst scanning could be slowed. Reparse point scanning is disabled by default and this is the recommended state for this functionality.
+This policy setting allows you to configure reparse point scanning. If you allow reparse points to be scanned, there is a possible risk of recursion. However, the engine supports following reparse points to a maximum depth so at worst scanning could be slowed. Reparse point scanning is disabled by default and this is the recommended state for this functionality.
If you enable this setting, reparse point scanning will be enabled.
If you disable or do not configure this setting, reparse point scanning will be disabled.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -4185,28 +4244,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4223,19 +4288,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to create a system restore point on the computer on a daily basis prior to cleaning.
+This policy setting allows you to create a system restore point on the computer on a daily basis prior to cleaning.
If you enable this setting, a system restore point will be created.
If you disable or do not configure this setting, a system restore point will not be created.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -4253,28 +4313,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4291,19 +4357,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure scanning mapped network drives.
+This policy setting allows you to configure scanning mapped network drives.
If you enable this setting, mapped network drives will be scanned.
If you disable or do not configure this setting, mapped network drives will not be scanned.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -4322,28 +4383,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4360,19 +4427,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure scanning for network files. It is recommended that you do not enable this setting.
+This policy setting allows you to configure scanning for network files. It is recommended that you do not enable this setting.
If you enable this setting, network files will be scanned.
If you disable or do not configure this setting, network files will not be scanned.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -4391,28 +4453,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4429,19 +4497,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures a local override for the configuration of maximum percentage of CPU utilization during scan. This setting can only be set by Group Policy.
+This policy setting configures a local override for the configuration of maximum percentage of CPU utilization during scan. This setting can only be set by Policy.
-If you enable this setting, the local preference setting will take priority over Group Policy.
+If you enable this setting, the local preference setting will take priority over Policy.
-If you disable or do not configure this setting, Group Policy will take priority over the local preference setting.
+If you disable or do not configure this setting, Policy will take priority over the local preference setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -4460,28 +4523,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4498,19 +4567,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures a local override for the configuration of the scan type to use during a scheduled scan. This setting can only be set by Group Policy.
+This policy setting configures a local override for the configuration of the scan type to use during a scheduled scan. This setting can only be set by Policy.
-If you enable this setting, the local preference setting will take priority over Group Policy.
+If you enable this setting, the local preference setting will take priority over Policy.
-If you disable or do not configure this setting, Group Policy will take priority over the local preference setting.
+If you disable or do not configure this setting, Policy will take priority over the local preference setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -4529,28 +4593,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4567,19 +4637,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures a local override for the configuration of scheduled scan day. This setting can only be set by Group Policy.
+This policy setting configures a local override for the configuration of scheduled scan day. This setting can only be set by Policy.
-If you enable this setting, the local preference setting will take priority over Group Policy.
+If you enable this setting, the local preference setting will take priority over Policy.
-If you disable or do not configure this setting, Group Policy will take priority over the local preference setting.
+If you disable or do not configure this setting, Policy will take priority over the local preference setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -4598,28 +4663,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4636,19 +4707,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures a local override for the configuration of scheduled quick scan time. This setting can only be set by Group Policy.
+This policy setting configures a local override for the configuration of scheduled quick scan time. This setting can only be set by Policy.
-If you enable this setting, the local preference setting will take priority over Group Policy.
+If you enable this setting, the local preference setting will take priority over Policy.
-If you disable or do not configure this setting, Group Policy will take priority over the local preference setting.
+If you disable or do not configure this setting, Policy will take priority over the local preference setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -4667,28 +4733,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4705,19 +4777,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures a local override for the configuration of scheduled scan time. This setting can only be set by Group Policy.
+This policy setting configures a local override for the configuration of scheduled scan time. This setting can only be set by Policy.
-If you enable this setting, the local preference setting will take priority over Group Policy.
+If you enable this setting, the local preference setting will take priority over Policy.
-If you disable or do not configure this setting, Group Policy will take priority over the local preference setting.
+If you disable or do not configure this setting, Policy will take priority over the local preference setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -4736,28 +4803,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4774,19 +4847,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to enable or disable low CPU priority for scheduled scans.
+This policy setting allows you to enable or disable low CPU priority for scheduled scans.
If you enable this setting, low CPU priority will be used during scheduled scans.
If you disable or do not configure this setting, not changes will be made to CPU priority for scheduled scans.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -4805,28 +4873,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4843,19 +4917,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to define the number of consecutive scheduled scans that can be missed after which a catch-up scan will be forced. By default, the value of this setting is 2 consecutive scheduled scans.
+This policy setting allows you to define the number of consecutive scheduled scans that can be missed after which a catch-up scan will be forced. By default, the value of this setting is 2 consecutive scheduled scans.
If you enable this setting, a catch-up scan will occur after the specified number consecutive missed scheduled scans.
If you disable or do not configure this setting, a catch-up scan will occur after the 2 consecutive missed scheduled scans.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -4874,28 +4943,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4912,19 +4987,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting defines the number of days items should be kept in the scan history folder before being permanently removed. The value represents the number of days to keep items in the folder. If set to zero, items will be kept forever and will not be automatically removed. By default, the value is set to 30 days.
+This policy setting defines the number of days items should be kept in the scan history folder before being permanently removed. The value represents the number of days to keep items in the folder. If set to zero, items will be kept forever and will not be automatically removed. By default, the value is set to 30 days.
If you enable this setting, items will be removed from the scan history folder after the number of days specified.
If you disable or do not configure this setting, items will be kept in the scan history folder for the default number of days.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -4943,28 +5013,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4981,19 +5057,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify an interval at which to perform a quick scan. The time value is represented as the number of hours between quick scans. Valid values range from 1 (every hour) to 24 (once per day). If set to zero, interval quick scans will not occur. By default, this setting is set to 0.
+This policy setting allows you to specify an interval at which to perform a quick scan. The time value is represented as the number of hours between quick scans. Valid values range from 1 (every hour) to 24 (once per day). If set to zero, interval quick scans will not occur. By default, this setting is set to 0.
If you enable this setting, a quick scan will run at the interval specified.
If you disable or do not configure this setting, a quick scan will run at a default time.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -5012,28 +5083,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -5050,19 +5127,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure scheduled scans to start only when your computer is on but not in use.
+This policy setting allows you to configure scheduled scans to start only when your computer is on but not in use.
If you enable or do not configure this setting, scheduled scans will only run when the computer is on but not in use.
If you disable this setting, scheduled scans will run at the scheduled time.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -5081,28 +5153,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -5119,7 +5197,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the day of the week on which to perform a scheduled scan. The scan can also be configured to run every day or to never run at all.
+This policy setting allows you to specify the day of the week on which to perform a scheduled scan. The scan can also be configured to run every day or to never run at all.
This setting can be configured with the following ordinal number values:
@@ -5138,12 +5216,7 @@ If you enable this setting, a scheduled scan will run at the frequency specified
If you disable or do not configure this setting, a scheduled scan will run at a default frequency.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -5162,28 +5235,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -5200,19 +5279,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the time of day at which to perform a scheduled scan. The time value is represented as the number of minutes past midnight (00:00). For example, 120 (0x78) is equivalent to 02:00 AM. By default, this setting is set to a time value of 2:00 AM. The schedule is based on local time on the computer where the scan is executing.
+This policy setting allows you to specify the time of day at which to perform a scheduled scan. The time value is represented as the number of minutes past midnight (00:00). For example, 120 (0x78) is equivalent to 02:00 AM. By default, this setting is set to a time value of 2:00 AM. The schedule is based on local time on the computer where the scan is executing.
If you enable this setting, a scheduled scan will run at the time of day specified.
If you disable or do not configure this setting, a scheduled scan will run at a default time.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -5231,28 +5305,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -5269,19 +5349,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure whether or not the antimalware service remains running when antivirus and antispyware security intelligence is disabled. It is recommended that this setting remain disabled.
+This policy setting allows you to configure whether or not the antimalware service remains running when antivirus and antispyware security intelligence is disabled. It is recommended that this setting remain disabled.
If you enable this setting, the antimalware service will always remain running even if both antivirus and antispyware security intelligence is disabled.
If you disable or do not configure this setting, the antimalware service will be stopped when both antivirus and antispyware security intelligence is disabled. If the computer is restarted, the service will be started if it is set to Automatic startup. After the service has started, there will be a check to see if antivirus and antispyware security intelligence is enabled. If at least one is enabled, the service will remain running. If both are disabled, the service will be stopped.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -5300,28 +5375,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -5338,19 +5419,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to define the number of days that must pass before spyware security intelligence is considered out of date. If security intelligence is determined to be out of date, this state may trigger several additional actions, including falling back to an alternative update source or displaying a warning icon in the user interface. By default, this value is set to 14 days.
+This policy setting allows you to define the number of days that must pass before spyware security intelligence is considered out of date. If security intelligence is determined to be out of date, this state may trigger several additional actions, including falling back to an alternative update source or displaying a warning icon in the user interface. By default, this value is set to 14 days.
If you enable this setting, spyware security intelligence will be considered out of date after the number of days specified have passed without an update.
If you disable or do not configure this setting, spyware security intelligence will be considered out of date after the default number of days have passed without an update.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -5369,28 +5445,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -5407,19 +5489,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to define the number of days that must pass before virus security intelligence is considered out of date. If security intelligence is determined to be out of date, this state may trigger several additional actions, including falling back to an alternative update source or displaying a warning icon in the user interface. By default, this value is set to 14 days.
+This policy setting allows you to define the number of days that must pass before virus security intelligence is considered out of date. If security intelligence is determined to be out of date, this state may trigger several additional actions, including falling back to an alternative update source or displaying a warning icon in the user interface. By default, this value is set to 14 days.
If you enable this setting, virus security intelligence will be considered out of date after the number of days specified have passed without an update.
If you disable or do not configure this setting, virus security intelligence will be considered out of date after the default number of days have passed without an update.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -5438,28 +5515,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -5476,19 +5559,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure UNC file share sources for downloading security intelligence updates. Sources will be contacted in the order specified. The value of this setting should be entered as a pipe-separated string enumerating the security intelligence update sources. For example: "{\\\unc1 | \\\unc2 }". The list is empty by default.
+This policy setting allows you to configure UNC file share sources for downloading security intelligence updates. Sources will be contacted in the order specified. The value of this setting should be entered as a pipe-separated string enumerating the security intelligence update sources. For example: "{\\\unc1 | \\\unc2 }". The list is empty by default.
If you enable this setting, the specified sources will be contacted for security intelligence updates. Once security intelligence updates have been successfully downloaded from one specified source, the remaining sources in the list will not be contacted.
If you disable or do not configure this setting, the list will remain empty by default and no sources will be contacted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -5507,28 +5585,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -5545,19 +5629,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure the automatic scan which starts after a security intelligence update has occurred.
+This policy setting allows you to configure the automatic scan which starts after a security intelligence update has occurred.
If you enable or do not configure this setting, a scan will start following a security intelligence update.
If you disable this setting, a scan will not start following a security intelligence update.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -5576,28 +5655,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -5614,19 +5699,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure security intelligence updates when the computer is running on battery power.
+This policy setting allows you to configure security intelligence updates when the computer is running on battery power.
If you enable or do not configure this setting, security intelligence updates will occur as usual regardless of power state.
If you disable this setting, security intelligence updates will be turned off while the computer is running on battery power.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -5645,28 +5725,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -5683,19 +5769,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure security intelligence updates on startup when there is no antimalware engine present.
+This policy setting allows you to configure security intelligence updates on startup when there is no antimalware engine present.
If you enable or do not configure this setting, security intelligence updates will be initiated on startup when there is no antimalware engine present.
If you disable this setting, security intelligence updates will not be initiated on startup when there is no antimalware engine present.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -5714,28 +5795,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -5752,7 +5839,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to define the order in which different security intelligence update sources should be contacted. The value of this setting should be entered as a pipe-separated string enumerating the security intelligence update sources in order. Possible values are: “InternalDefinitionUpdateServer”, “MicrosoftUpdateServer”, “MMPC”, and “FileShares”.
+This policy setting allows you to define the order in which different security intelligence update sources should be contacted. The value of this setting should be entered as a pipe-separated string enumerating the security intelligence update sources in order. Possible values are: “InternalDefinitionUpdateServer”, “MicrosoftUpdateServer”, “MMPC”, and “FileShares”.
For example: { InternalDefinitionUpdateServer | MicrosoftUpdateServer | MMPC }
@@ -5761,12 +5848,7 @@ If you enable this setting, security intelligence update sources will be contact
If you disable or do not configure this setting, security intelligence update sources will be contacted in a default order.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -5785,28 +5867,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -5823,19 +5911,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to enable download of security intelligence updates from Microsoft Update even if the Automatic Updates default server is configured to another download source such as Windows Update.
+This policy setting allows you to enable download of security intelligence updates from Microsoft Update even if the Automatic Updates default server is configured to another download source such as Windows Update.
If you enable this setting, security intelligence updates will be downloaded from Microsoft Update.
If you disable or do not configure this setting, security intelligence updates will be downloaded from the configured download source.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -5854,28 +5937,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -5892,19 +5981,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to enable real-time security intelligence updates in response to reports sent to Microsoft MAPS. If the service reports a file as an unknown and Microsoft MAPS finds that the latest security intelligence update has security intelligence for a threat involving that file, the service will receive all of the latest security intelligence for that threat immediately. You must have configured your computer to join Microsoft MAPS for this functionality to work.
+This policy setting allows you to enable real-time security intelligence updates in response to reports sent to Microsoft MAPS. If the service reports a file as an unknown and Microsoft MAPS finds that the latest security intelligence update has security intelligence for a threat involving that file, the service will receive all of the latest security intelligence for that threat immediately. You must have configured your computer to join Microsoft MAPS for this functionality to work.
If you enable or do not configure this setting, real-time security intelligence updates will be enabled.
If you disable this setting, real-time security intelligence updates will disabled.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -5923,28 +6007,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -5961,7 +6051,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the day of the week on which to check for security intelligence updates. The check can also be configured to run every day or to never run at all.
+This policy setting allows you to specify the day of the week on which to check for security intelligence updates. The check can also be configured to run every day or to never run at all.
This setting can be configured with the following ordinal number values:
@@ -5980,12 +6070,7 @@ If you enable this setting, the check for security intelligence updates will occ
If you disable or do not configure this setting, the check for security intelligence updates will occur at a default frequency.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -6004,28 +6089,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -6042,19 +6133,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the time of day at which to check for security intelligence updates. The time value is represented as the number of minutes past midnight (00:00). For example, 120 (0x78) is equivalent to 02:00 AM. By default this setting is configured to check for security intelligence updates 15 minutes before the scheduled scan time. The schedule is based on local time on the computer where the check is occurring.
+This policy setting allows you to specify the time of day at which to check for security intelligence updates. The time value is represented as the number of minutes past midnight (00:00). For example, 120 (0x78) is equivalent to 02:00 AM. By default this setting is configured to check for security intelligence updates 15 minutes before the scheduled scan time. The schedule is based on local time on the computer where the check is occurring.
If you enable this setting, the check for security intelligence updates will occur at the time of day specified.
If you disable or do not configure this setting, the check for security intelligence updates will occur at the default time.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -6073,28 +6159,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -6111,17 +6203,12 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to define the security intelligence location for VDI-configured computers.
+This policy setting allows you to define the security intelligence location for VDI-configured computers.
If you disable or do not configure this setting, security intelligence will be referred from the default local source.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -6140,28 +6227,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -6178,19 +6271,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure the antimalware service to receive notifications to disable individual security intelligence in response to reports it sends to Microsoft MAPS. Microsoft MAPS uses these notifications to disable security intelligence that are causing false positive reports. You must have configured your computer to join Microsoft MAPS for this functionality to work.
+This policy setting allows you to configure the antimalware service to receive notifications to disable individual security intelligence in response to reports it sends to Microsoft MAPS. Microsoft MAPS uses these notifications to disable security intelligence that are causing false positive reports. You must have configured your computer to join Microsoft MAPS for this functionality to work.
If you enable this setting or do not configure, the antimalware service will receive notifications to disable security intelligence.
If you disable this setting, the antimalware service will not receive notifications to disable security intelligence.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -6209,28 +6297,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -6247,19 +6341,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to define the number of days after which a catch-up security intelligence update will be required. By default, the value of this setting is 1 day.
+This policy setting allows you to define the number of days after which a catch-up security intelligence update will be required. By default, the value of this setting is 1 day.
If you enable this setting, a catch-up security intelligence update will occur after the specified number of days.
If you disable or do not configure this setting, a catch-up security intelligence update will be required after the default number of days.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -6278,28 +6367,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -6316,19 +6411,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether a check for new virus and spyware security intelligence will occur immediately after service startup.
+This policy setting allows you to manage whether a check for new virus and spyware security intelligence will occur immediately after service startup.
If you enable this setting, a check for new security intelligence will occur after service startup.
If you disable this setting or do not configure this setting, a check for new security intelligence will not occur after service startup.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -6347,28 +6437,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -6385,7 +6481,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to join Microsoft MAPS. Microsoft MAPS is the online community that helps you choose how to respond to potential threats. The community also helps stop the spread of new malicious software infections.
+This policy setting allows you to join Microsoft MAPS. Microsoft MAPS is the online community that helps you choose how to respond to potential threats. The community also helps stop the spread of new malicious software infections.
You can choose to send basic or additional information about detected software. Additional information helps Microsoft create new security intelligence and help it to protect your computer. This information can include things like location of detected items on your computer if harmful software was removed. The information will be automatically collected and sent. In some instances, personal information might unintentionally be sent to Microsoft. However, Microsoft will not use this information to identify you or contact you.
@@ -6406,12 +6502,7 @@ If you disable or do not configure this setting, you will not join Microsoft MAP
In Windows 10, Basic membership is no longer available, so setting the value to 1 or 2 enrolls the device into Advanced membership.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -6430,28 +6521,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -6468,19 +6565,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures a local override for the configuration to join Microsoft MAPS. This setting can only be set by Group Policy.
+ This policy setting configures a local override for the configuration to join Microsoft MAPS. This setting can only be set by Policy.
-If you enable this setting, the local preference setting will take priority over Group Policy.
+If you enable this setting, the local preference setting will take priority over Policy.
-If you disable or do not configure this setting, Group Policy will take priority over the local preference setting.
+If you disable or do not configure this setting, Policy will take priority over the local preference setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -6500,28 +6592,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -6538,7 +6636,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting customize which remediation action will be taken for each listed Threat ID when it is detected during a scan. Threats should be added under the Options for this setting. Each entry must be listed as a name value pair. The name defines a valid Threat ID, while the value contains the action ID for the remediation action that should be taken.
+This policy setting customize which remediation action will be taken for each listed Threat ID when it is detected during a scan. Threats should be added under the Options for this setting. Each entry must be listed as a name value pair. The name defines a valid Threat ID, while the value contains the action ID for the remediation action that should be taken.
Valid remediation action values are:
@@ -6547,12 +6645,7 @@ Valid remediation action values are:
- 6 = Ignore
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -6571,28 +6664,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -6609,19 +6708,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure whether or not to display additional text to clients when they need to perform an action. The text displayed is a custom administrator-defined string. For example, the phone number to call the company help desk. The client interface will only display a maximum of 1024 characters. Longer strings will be truncated before display.
+This policy setting allows you to configure whether or not to display additional text to clients when they need to perform an action. The text displayed is a custom administrator-defined string. For example, the phone number to call the company help desk. The client interface will only display a maximum of 1024 characters. Longer strings will be truncated before display.
If you enable this setting, the additional text specified will be displayed.
If you disable or do not configure this setting, there will be no additional text displayed.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -6640,28 +6734,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -6678,19 +6778,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Use this policy setting to specify if you want Microsoft Defender Antivirus notifications to display on clients.
+Use this policy setting to specify if you want Microsoft Defender Antivirus notifications to display on clients.
If you disable or do not configure this setting, Microsoft Defender Antivirus notifications will display on clients.
If you enable this setting, Microsoft Defender Antivirus notifications will not display on clients.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -6709,28 +6804,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -6747,17 +6848,12 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows user to suppress reboot notifications in UI only mode (for cases where UI can't be in lockdown mode).
+This policy setting allows user to suppress reboot notifications in UI only mode (for cases where UI can't be in lockdown mode).
If you enable this setting AM UI won't show reboot notifications.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -6776,28 +6872,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -6814,17 +6916,12 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure whether or not to display AM UI to the users.
+This policy setting allows you to configure whether or not to display AM UI to the users.
If you enable this setting AM UI won't be available to users.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -6837,8 +6934,7 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
diff --git a/windows/client-management/mdm/policy-csp-admx-mmc.md b/windows/client-management/mdm/policy-csp-admx-mmc.md
index 05474b42bb..00d29f8ddb 100644
--- a/windows/client-management/mdm/policy-csp-admx-mmc.md
+++ b/windows/client-management/mdm/policy-csp-admx-mmc.md
@@ -13,8 +13,12 @@ manager: dansimp
---
# Policy CSP - ADMX_MMC
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -48,28 +52,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -86,7 +96,7 @@ manager: dansimp
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits use of this snap-in.
+This policy setting permits or prohibits use of this snap-in.
If you enable this setting, the snap-in is permitted. If you disable the setting, the snap-in is prohibited.
@@ -103,12 +113,7 @@ To explicitly prohibit use of this snap-in, disable this setting. If this settin
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -127,28 +132,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -165,7 +176,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits use of this snap-in.
+This policy setting permits or prohibits use of this snap-in.
If you enable this setting, the snap-in is permitted. If you disable the setting, the snap-in is prohibited.
@@ -182,12 +193,7 @@ To explicitly prohibit use of this snap-in, disable this setting. If this settin
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -206,28 +212,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -244,7 +256,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits use of this snap-in.
+This policy setting permits or prohibits use of this snap-in.
If you enable this setting, the snap-in is permitted. If you disable the setting, the snap-in is prohibited.
@@ -261,12 +273,7 @@ To explicitly prohibit use of this snap-in, disable this setting. If this settin
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -285,28 +292,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -323,7 +336,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from entering author mode.
+This policy setting prevents users from entering author mode.
This setting prevents users from opening the Microsoft Management Console (MMC) in author mode, explicitly opening console files in author mode, and opening any console files that open in author mode by default.
@@ -334,12 +347,7 @@ This setting permits users to open MMC user-mode console files, such as those on
If you disable this setting or do not configure it, users can enter author mode and open author-mode console files.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -358,28 +366,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -396,7 +410,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting lets you selectively permit or prohibit the use of Microsoft Management Console (MMC) snap-ins.
+This policy setting lets you selectively permit or prohibit the use of Microsoft Management Console (MMC) snap-ins.
- If you enable this setting, all snap-ins are prohibited, except those that you explicitly permit. Use this setting if you plan to prohibit use of most snap-ins.
@@ -412,12 +426,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
> If you enable this setting, and you do not enable any settings in the Restricted/Permitted snap-ins folder, users cannot use any MMC snap-ins.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -430,8 +439,7 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
diff --git a/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md b/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md
index c628cc0a3f..0a7761776b 100644
--- a/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md
+++ b/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md
@@ -13,8 +13,12 @@ manager: dansimp
---
# Policy CSP - ADMX_MMCSnapins
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -345,28 +349,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -383,27 +393,22 @@ manager: dansimp
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted. It can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited. It cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -422,28 +427,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -460,27 +471,22 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted. It can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited. It cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -500,28 +506,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -538,7 +550,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -553,12 +565,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -578,28 +585,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -616,7 +629,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -631,12 +644,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -656,28 +664,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -694,7 +708,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -709,12 +723,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -734,28 +743,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -772,7 +787,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -787,12 +802,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -812,28 +822,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -850,7 +866,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -862,15 +878,10 @@ If this policy setting is not configured, the setting of the "Restrict users to
- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -890,28 +901,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -928,9 +945,9 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted. It can be added into the Microsoft Management Console or run from the command line as a standalone console.
If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
@@ -943,12 +960,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -968,28 +980,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1006,7 +1024,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -1021,12 +1039,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1046,28 +1059,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1084,7 +1103,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -1099,12 +1118,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1124,28 +1138,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1162,7 +1182,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -1177,12 +1197,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1202,28 +1217,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1240,7 +1261,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -1254,12 +1275,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1279,28 +1295,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1317,7 +1339,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -1331,12 +1353,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1356,28 +1373,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1394,7 +1417,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -1408,12 +1431,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1433,28 +1451,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1471,7 +1495,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -1485,12 +1509,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1510,28 +1529,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1548,7 +1573,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -1562,12 +1587,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1587,28 +1607,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1625,7 +1651,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -1639,12 +1665,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1664,28 +1685,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1702,7 +1729,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -1716,12 +1743,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1741,28 +1763,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1779,7 +1807,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -1793,12 +1821,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1818,28 +1841,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1856,7 +1885,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -1870,12 +1899,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1895,28 +1919,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1933,7 +1963,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -1947,12 +1977,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1972,28 +1997,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2010,7 +2041,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -2024,12 +2055,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2049,28 +2075,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2087,7 +2119,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -2101,12 +2133,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2126,28 +2153,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2164,7 +2197,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -2178,12 +2211,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2203,28 +2231,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2241,7 +2275,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -2255,12 +2289,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2280,28 +2309,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2318,7 +2353,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -2332,12 +2367,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2357,28 +2387,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2395,7 +2431,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -2409,12 +2445,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2434,28 +2465,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2472,7 +2509,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -2486,12 +2523,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2511,28 +2543,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2549,7 +2587,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -2563,12 +2601,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2589,28 +2622,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2627,7 +2666,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -2641,12 +2680,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2666,28 +2700,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2704,7 +2744,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -2718,12 +2758,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2743,28 +2778,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2781,7 +2822,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -2795,12 +2836,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2820,28 +2856,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2858,7 +2900,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -2872,12 +2914,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2897,28 +2934,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2935,7 +2978,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -2949,12 +2992,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2974,28 +3012,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3012,7 +3056,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -3026,12 +3070,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3051,28 +3090,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3089,7 +3134,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -3103,12 +3148,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3128,28 +3168,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3166,7 +3212,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -3180,12 +3226,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3205,28 +3246,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3243,7 +3290,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits use of the Group Policy tab in property sheets for the Active Directory Users and Computers and Active Directory Sites and Services snap-ins.
+This policy setting permits or prohibits use of the Group Policy tab in property sheets for the Active Directory Users and Computers and Active Directory Sites and Services snap-ins.
If you enable this setting, the Group Policy tab is displayed in the property sheet for a site, domain, or organizational unit displayed by the Active Directory Users and Computers and Active Directory Sites and Services snap-ins. If you disable the setting, the Group Policy tab is not displayed in those snap-ins.
@@ -3259,12 +3306,7 @@ To explicitly prohibit use of the Group Policy tab, disable this setting. If thi
When the Group Policy tab is inaccessible, it does not appear in the site, domain, or organizational unit property sheets.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3284,28 +3326,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3322,7 +3370,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -3336,12 +3384,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3361,28 +3404,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3399,7 +3448,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -3413,12 +3462,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3438,28 +3482,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3476,7 +3526,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -3490,12 +3540,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3515,28 +3560,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3553,7 +3604,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -3567,12 +3618,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3592,28 +3638,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3630,7 +3682,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -3644,12 +3696,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3669,28 +3716,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3707,7 +3760,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -3721,12 +3774,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3746,28 +3794,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3784,7 +3838,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -3798,12 +3852,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3823,28 +3872,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3861,7 +3916,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -3875,12 +3930,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3900,28 +3950,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3938,7 +3994,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -3952,12 +4008,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3977,28 +4028,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4015,7 +4072,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -4029,12 +4086,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -4054,28 +4106,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4092,7 +4150,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -4106,12 +4164,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -4131,28 +4184,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4169,7 +4228,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -4183,12 +4242,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -4208,28 +4262,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4246,7 +4306,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -4260,12 +4320,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -4285,28 +4340,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4323,7 +4384,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -4337,12 +4398,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -4362,28 +4418,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4400,7 +4462,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -4414,12 +4476,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -4439,28 +4496,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4477,7 +4540,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -4491,12 +4554,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -4516,28 +4574,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4554,7 +4618,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -4568,12 +4632,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -4593,28 +4652,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4631,7 +4696,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -4645,12 +4710,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -4670,28 +4730,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4708,7 +4774,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -4722,12 +4788,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -4747,28 +4808,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4785,7 +4852,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -4799,12 +4866,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -4824,28 +4886,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4862,7 +4930,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -4876,12 +4944,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -4901,28 +4964,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4939,7 +5008,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -4953,12 +5022,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -4978,28 +5042,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -5016,7 +5086,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -5030,12 +5100,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -5055,28 +5120,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -5093,7 +5164,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -5107,12 +5178,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -5132,28 +5198,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -5170,7 +5242,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -5184,12 +5256,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -5209,28 +5276,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -5247,7 +5320,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -5261,12 +5334,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -5286,28 +5354,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -5324,7 +5398,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -5338,12 +5412,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -5363,28 +5432,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -5401,7 +5476,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -5415,12 +5490,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -5440,28 +5510,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -5478,7 +5554,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -5492,12 +5568,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -5517,28 +5588,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -5555,7 +5632,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -5569,12 +5646,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -5594,28 +5666,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -5632,7 +5710,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -5646,12 +5724,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -5671,28 +5744,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -5709,7 +5788,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -5723,12 +5802,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -5748,28 +5822,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -5786,7 +5866,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -5800,12 +5880,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -5825,28 +5900,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -5863,7 +5944,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -5877,12 +5958,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -5902,28 +5978,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -5940,7 +6022,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -5954,12 +6036,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -5979,28 +6056,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -6017,7 +6100,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -6031,12 +6114,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -6056,28 +6134,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -6094,7 +6178,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -6108,12 +6192,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -6133,28 +6212,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -6171,7 +6256,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -6185,12 +6270,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -6210,28 +6290,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -6248,7 +6334,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -6262,12 +6348,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -6287,28 +6368,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -6325,7 +6412,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -6339,12 +6426,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -6364,28 +6446,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -6402,7 +6490,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -6416,12 +6504,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -6441,28 +6524,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -6479,7 +6568,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -6493,12 +6582,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -6518,28 +6602,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -6556,7 +6646,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -6570,12 +6660,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -6595,28 +6680,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -6633,7 +6724,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -6647,12 +6738,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -6672,28 +6758,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -6710,7 +6802,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -6724,12 +6816,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -6749,28 +6836,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -6787,7 +6880,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -6801,12 +6894,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -6826,28 +6914,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -6864,7 +6958,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -6878,12 +6972,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -6903,28 +6992,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -6941,7 +7036,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -6955,12 +7050,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -6980,28 +7070,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -7018,7 +7114,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -7032,12 +7128,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -7057,28 +7148,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -7095,7 +7192,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -7109,12 +7206,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -7134,28 +7226,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -7172,7 +7270,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -7186,12 +7284,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -7211,28 +7304,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -7249,7 +7348,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -7263,12 +7362,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -7288,28 +7382,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -7326,7 +7426,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -7340,12 +7440,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -7365,28 +7460,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -7403,7 +7504,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -7417,12 +7518,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -7442,28 +7538,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -7480,7 +7582,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -7494,12 +7596,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -7519,28 +7616,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -7557,7 +7660,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -7571,12 +7674,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -7596,28 +7694,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -7634,7 +7738,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -7648,12 +7752,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -7673,28 +7772,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -7711,7 +7816,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -7725,12 +7830,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -7750,28 +7850,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -7788,7 +7894,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -7802,12 +7908,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -7827,28 +7928,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -7865,7 +7972,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -7879,12 +7986,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -7904,28 +8006,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -7942,7 +8050,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -7956,12 +8064,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -7981,28 +8084,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -8019,7 +8128,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -8033,12 +8142,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -8058,28 +8162,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -8096,7 +8206,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -8110,12 +8220,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -8135,28 +8240,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -8173,7 +8284,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -8187,12 +8298,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -8212,28 +8318,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -8250,7 +8362,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -8264,12 +8376,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -8289,28 +8396,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -8327,7 +8440,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -8341,12 +8454,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -8366,28 +8474,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -8404,7 +8518,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@@ -8418,12 +8532,7 @@ If this policy setting is not configured, the setting of the "Restrict users to
When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -8435,7 +8544,6 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
diff --git a/windows/client-management/mdm/policy-csp-admx-msapolicy.md b/windows/client-management/mdm/policy-csp-admx-msapolicy.md
index 99d423e98d..bbfc911a48 100644
--- a/windows/client-management/mdm/policy-csp-admx-msapolicy.md
+++ b/windows/client-management/mdm/policy-csp-admx-msapolicy.md
@@ -13,8 +13,12 @@ manager: dansimp
---
# Policy CSP - ADMX_MSAPolicy
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -36,28 +40,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -74,7 +84,7 @@ manager: dansimp
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether users can provide Microsoft accounts for authentication for applications or services. If this setting is enabled, all applications and services on the device are prevented from using Microsoft accounts for authentication.
+This policy setting controls whether users can provide Microsoft accounts for authentication for applications or services. If this setting is enabled, all applications and services on the device are prevented from using Microsoft accounts for authentication.
This applies both to existing users of a device and new users who may be added. However, any application or service that has already authenticated a user will not be affected by enabling this setting until the authentication cache expires.
@@ -83,12 +93,7 @@ It is recommended to enable this setting before any user signs in to a device to
By default, this setting is Disabled. This setting does not affect whether users can sign in to devices by using Microsoft accounts, or the ability for users to provide Microsoft accounts via the browser for authentication with web-based applications.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -101,8 +106,7 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
diff --git a/windows/client-management/mdm/policy-csp-admx-msched.md b/windows/client-management/mdm/policy-csp-admx-msched.md
index 0264d6cb1d..ffe5ed4a17 100644
--- a/windows/client-management/mdm/policy-csp-admx-msched.md
+++ b/windows/client-management/mdm/policy-csp-admx-msched.md
@@ -13,8 +13,12 @@ manager: dansimp
---
# Policy CSP - ADMX_msched
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -39,28 +43,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -77,19 +87,14 @@ manager: dansimp
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure Automatic Maintenance activation boundary. The maintenance activation boundary is the daily scheduled time at which Automatic Maintenance starts.
+This policy setting allows you to configure Automatic Maintenance activation boundary. The maintenance activation boundary is the daily scheduled time at which Automatic Maintenance starts.
If you enable this policy setting, this will override the default daily scheduled time as specified in Security and Maintenance/Automatic Maintenance Control Panel.
If you disable or do not configure this policy setting, the daily scheduled time as specified in Security and Maintenance/Automatic Maintenance Control Panel will apply.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -108,28 +113,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -146,7 +157,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure Automatic Maintenance activation random delay.
+This policy setting allows you to configure Automatic Maintenance activation random delay.
The maintenance random delay is the amount of time up to which Automatic Maintenance will delay starting from its Activation Boundary.
@@ -157,12 +168,7 @@ If you do not configure this policy setting, 4 hour random delay will be applied
If you disable this policy setting, no random delay will be applied to Automatic Maintenance.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -176,8 +182,7 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
diff --git a/windows/client-management/mdm/policy-csp-admx-msdt.md b/windows/client-management/mdm/policy-csp-admx-msdt.md
index a8bf9c9ad2..68f48c21ea 100644
--- a/windows/client-management/mdm/policy-csp-admx-msdt.md
+++ b/windows/client-management/mdm/policy-csp-admx-msdt.md
@@ -13,8 +13,12 @@ manager: dansimp
---
# Policy CSP - ADMX_MSDT
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -42,28 +46,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -80,7 +90,7 @@ manager: dansimp
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures Microsoft Support Diagnostic Tool (MSDT) interactive communication with the support provider. MSDT gathers diagnostic data for analysis by support professionals.
+This policy setting configures Microsoft Support Diagnostic Tool (MSDT) interactive communication with the support provider. MSDT gathers diagnostic data for analysis by support professionals.
If you enable this policy setting, users can use MSDT to collect and send diagnostic data to a support professional to resolve a problem.
@@ -93,12 +103,7 @@ If you do not configure this policy setting, MSDT support mode is enabled by def
No reboots or service restarts are required for this policy setting to take effect. Changes take effect immediately.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -117,28 +122,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -155,7 +166,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting restricts the tool download policy for Microsoft Support Diagnostic Tool.
+This policy setting restricts the tool download policy for Microsoft Support Diagnostic Tool.
Microsoft Support Diagnostic Tool (MSDT) gathers diagnostic data for analysis by support professionals.
@@ -180,12 +191,7 @@ When the service is stopped or disabled, diagnostic scenarios are not executed.
The DPS can be configured with the Services snap-in to the Microsoft Management Console.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -204,28 +210,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -242,7 +254,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines the execution level for Microsoft Support Diagnostic Tool.
+This policy setting determines the execution level for Microsoft Support Diagnostic Tool.
Microsoft Support Diagnostic Tool (MSDT) gathers diagnostic data for analysis by support professionals. If you enable this policy setting, administrators can use MSDT to collect and send diagnostic data to a support professional to resolve a problem.
@@ -255,12 +267,7 @@ No reboots or service restarts are required for this policy setting to take effe
This policy setting will only take effect when the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled, diagnostic scenarios will not be executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -273,8 +280,7 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
diff --git a/windows/client-management/mdm/policy-csp-admx-msi.md b/windows/client-management/mdm/policy-csp-admx-msi.md
index 0970c6a14e..b27f5623cc 100644
--- a/windows/client-management/mdm/policy-csp-admx-msi.md
+++ b/windows/client-management/mdm/policy-csp-admx-msi.md
@@ -13,8 +13,12 @@ manager: dansimp
---
# Policy CSP - ADMX_MSI
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -104,28 +108,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -142,7 +152,7 @@ manager: dansimp
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows users to search for installation files during privileged installations.
+This policy setting allows users to search for installation files during privileged installations.
If you enable this policy setting, the Browse button in the "Use feature from" dialog box is enabled. As a result, users can search for installation files even when the installation program is running with elevated system privileges.
@@ -153,12 +163,7 @@ This policy setting does not affect installations that run in the user's securit
If you disable or do not configure this policy setting, by default, only system administrators can browse during installations with elevated privileges, such as installations offered on the desktop or displayed in Add or Remove Programs.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -178,28 +183,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -216,7 +227,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows users to install programs from removable media during privileged installations.
+This policy setting allows users to install programs from removable media during privileged installations.
If you enable this policy setting, all users are permitted to install programs from removable media, such as floppy disks and CD-ROMs, even when the installation program is running with elevated system privileges.
@@ -227,12 +238,7 @@ If you disable or do not configure this policy setting, by default, users can in
Also, see the "Prevent removable media source for any install" policy setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -252,28 +258,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -290,7 +302,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows users to patch elevated products.
+This policy setting allows users to patch elevated products.
If you enable this policy setting, all users are permitted to install patches, even when the installation program is running with elevated system privileges. Patches are updates or upgrades that replace only those program files that have changed. Because patches can easily be vehicles for malicious programs, some installations prohibit their use.
@@ -298,12 +310,7 @@ If you disable or do not configure this policy setting, by default, only system
This policy setting does not affect installations that run in the user's security context. By default, users can install patches to programs that run in their own security context. Also, see the "Prohibit patching" policy setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -323,28 +330,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -361,7 +374,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls Windows Installer's interaction with the Restart Manager. The Restart Manager API can eliminate or reduce the number of system restarts that are required to complete an installation or update.
+This policy setting controls Windows Installer's interaction with the Restart Manager. The Restart Manager API can eliminate or reduce the number of system restarts that are required to complete an installation or update.
If you enable this policy setting, you can use the options in the Prohibit Use of Restart Manager box to control file in use detection behavior.
@@ -374,12 +387,7 @@ If you enable this policy setting, you can use the options in the Prohibit Use o
If you disable or do not configure this policy setting, Windows Installer will use Restart Manager to detect files in use and mitigate a system restart, when possible.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -399,28 +407,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -437,7 +451,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from searching for installation files when they add features or components to an installed program.
+This policy setting prevents users from searching for installation files when they add features or components to an installed program.
If you enable this policy setting, the Browse button beside the "Use feature from" list in the Windows Installer dialog box is disabled. As a result, users must select an installation file source from the "Use features from" list that the system administrator configures.
@@ -450,12 +464,7 @@ This policy setting affects Windows Installer only. It does not prevent users fr
Also, see the "Enable user to browse for source while elevated" policy setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -475,28 +484,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -513,19 +528,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls the ability to turn off all patch optimizations.
+This policy setting controls the ability to turn off all patch optimizations.
If you enable this policy setting, all Patch Optimization options are turned off during the installation.
If you disable or do not configure this policy setting, it enables faster application of patches by removing execution of unnecessary actions. The flyweight patching mode is primarily designed for patches that just update a few files or registry values. The Installer will analyze the patch for specific changes to determine if optimization is possible. If so, the patch will be applied using a minimal set of processing.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -545,28 +555,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -583,7 +599,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls Windows Installer's processing of the MsiLogging property. The MsiLogging property in an installation package can be used to enable automatic logging of all install operations for the package.
+This policy setting controls Windows Installer's processing of the MsiLogging property. The MsiLogging property in an installation package can be used to enable automatic logging of all install operations for the package.
If you enable this policy setting, you can use the options in the Disable logging via package settings box to control automatic logging via package settings behavior.
@@ -594,12 +610,7 @@ If you enable this policy setting, you can use the options in the Disable loggin
If you disable or do not configure this policy setting, Windows Installer will automatically generate log files for those packages that include the MsiLogging property.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -619,28 +630,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -657,11 +674,11 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting restricts the use of Windows Installer.
+This policy setting restricts the use of Windows Installer.
If you enable this policy setting, you can prevent users from installing software on their systems or permit users to install only those programs offered by a system administrator. You can use the options in the Disable Windows Installer box to establish an installation setting.
-- The "Never" option indicates Windows Installer is fully enabled. Users can install and upgrade software. This is the default behavior for Windows Installer on Windows 2000 Professional, Windows XP Professional and Windows Vista when the policy is not configured.
+- The "Never" option indicates Windows Installer is fully enabled. Users can install and upgrade software.
- The "For non-managed applications only" option permits users to install only those programs that a system administrator assigns (offers on the desktop) or publishes (adds them to Add or Remove Programs). This is the default behavior of Windows Installer on Windows Server 2003 family when the policy is not configured.
@@ -670,12 +687,7 @@ If you enable this policy setting, you can prevent users from installing softwar
This policy setting affects Windows Installer only. It does not prevent users from using other methods to install and upgrade programs.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -695,28 +707,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -733,7 +751,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from installing any programs from removable media.
+This policy setting prevents users from installing any programs from removable media.
If you enable this policy setting, if a user tries to install a program from removable media, such as CD-ROMs, floppy disks, and DVDs, a message appears stating that the feature cannot be found.
@@ -744,12 +762,7 @@ If you disable or do not configure this policy setting, users can install from r
Also, see the "Enable user to use media source while elevated" and "Hide the 'Add a program from CD-ROM or floppy disk' option" policy settings.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -769,28 +782,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -807,7 +826,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from using Windows Installer to install patches.
+This policy setting prevents users from using Windows Installer to install patches.
If you enable this policy setting, users are prevented from using Windows Installer to install patches. Patches are updates or upgrades that replace only those program files that have changed. Because patches can be easy vehicles for malicious programs, some installations prohibit their use.
@@ -819,12 +838,7 @@ If you disable or do not configure this policy setting, by default, users who ar
Also, see the "Enable user to patch elevated products" policy setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -844,28 +858,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -882,7 +902,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting prohibits Windows Installer from generating and saving the files it needs to reverse an interrupted or unsuccessful installation.
+This policy setting prohibits Windows Installer from generating and saving the files it needs to reverse an interrupted or unsuccessful installation.
If you enable this policy setting, Windows Installer is prevented from recording the original state of the system and sequence of changes it makes during installation. It also prevents Windows Installer from retaining files it intends to delete later. As a result, Windows Installer cannot restore the computer to its original state if the installation does not complete.
@@ -890,12 +910,7 @@ This policy setting is designed to reduce the amount of temporary disk space req
This policy setting appears in the Computer Configuration and User Configuration folders. If the policy setting is enabled in either folder, it is considered be enabled, even if it is explicitly disabled in the other folder.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -915,28 +930,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -953,7 +974,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting prohibits Windows Installer from generating and saving the files it needs to reverse an interrupted or unsuccessful installation.
+This policy setting prohibits Windows Installer from generating and saving the files it needs to reverse an interrupted or unsuccessful installation.
If you enable this policy setting, Windows Installer is prevented from recording the original state of the system and sequence of changes it makes during installation. It also prevents Windows Installer from retaining files it intends to delete later. As a result, Windows Installer cannot restore the computer to its original state if the installation does not complete.
@@ -962,12 +983,7 @@ This policy setting is designed to reduce the amount of temporary disk space req
This policy setting appears in the Computer Configuration and User Configuration folders. If the policy setting is enabled in either folder, it is considered be enabled, even if it is explicitly disabled in the other folder.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -987,28 +1003,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1025,19 +1047,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls the ability to turn off shared components.
+This policy setting controls the ability to turn off shared components.
If you enable this policy setting, no packages on the system get the shared component functionality enabled by the msidbComponentAttributesShared attribute in the Component Table.
If you disable or do not configure this policy setting, by default, the shared component functionality is allowed.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1057,28 +1074,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1095,7 +1118,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Specifies the types of events that Windows Installer records in its transaction log for each installation. The log, Msi.log, appears in the Temp directory of the system volume.
+Specifies the types of events that Windows Installer records in its transaction log for each installation. The log, Msi.log, appears in the Temp directory of the system volume.
When you enable this policy setting, you can specify the types of events you want Windows Installer to record. To indicate that an event type is recorded, type the letter representing the event type. You can type the letters in any order and list as many or as few event types as you want.
@@ -1104,12 +1127,7 @@ To disable logging, delete all of the letters from the box.
If you disable or do not configure this policy setting, Windows Installer logs the default event types, represented by the letters "iweap."
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1130,28 +1148,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1168,7 +1192,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls the ability of non-administrators to install updates that have been digitally signed by the application vendor.
+This policy setting controls the ability of non-administrators to install updates that have been digitally signed by the application vendor.
Non-administrator updates provide a mechanism for the author of an application to create digitally signed updates that can be applied by non-privileged users.
@@ -1177,12 +1201,7 @@ If you enable this policy setting, only administrators or users with administrat
If you disable or do not configure this policy setting, users without administrative privileges can install non-administrator updates.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1203,28 +1222,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1241,7 +1266,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls the ability for users or administrators to remove Windows Installer based updates.
+This policy setting controls the ability for users or administrators to remove Windows Installer based updates.
This policy setting should be used if you need to maintain a tight control over updates. One example is a lockdown environment where you want to ensure that updates once installed cannot be removed by users or administrators.
@@ -1250,12 +1275,7 @@ If you enable this policy setting, updates cannot be removed from the computer b
If you disable or do not configure this policy setting, a user can remove an update from the computer only if the user has been granted privileges to remove the update. This can depend on whether the user is an administrator, whether "Disable Windows Installer" and "Always install with elevated privileges" policy settings are set, and whether the update was installed in a per-user managed, per-user unmanaged, or per-machine context."
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1276,28 +1296,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1314,19 +1340,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents Windows Installer from creating a System Restore checkpoint each time an application is installed. System Restore enables users, in the event of a problem, to restore their computers to a previous state without losing personal data files.
+This policy setting prevents Windows Installer from creating a System Restore checkpoint each time an application is installed. System Restore enables users, in the event of a problem, to restore their computers to a previous state without losing personal data files.
If you enable this policy setting, the Windows Installer does not generate System Restore checkpoints when installing applications.
If you disable or do not configure this policy setting, by default, the Windows Installer automatically creates a System Restore checkpoint each time an application is installed, so that users can restore their computer to the state it was in before installing the application.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1347,28 +1368,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1385,19 +1412,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure user installs. To configure this policy setting, set it to enabled and use the drop-down list to select the behavior you want.
+This policy setting allows you to configure user installs. To configure this policy setting, set it to enabled and use the drop-down list to select the behavior you want.
If you do not configure this policy setting, or if the policy setting is enabled and "Allow User Installs" is selected, the installer allows and makes use of products that are installed per user, and products that are installed per computer. If the installer finds a per-user install of an application, this hides a per-computer installation of that same product.
If you enable this policy setting and "Hide User Installs" is selected, the installer ignores per-user applications. This causes a per-computer installed application to be visible to users, even if those users have a per-user install of the product registered in their user profile.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1418,28 +1440,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1456,7 +1484,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting causes the Windows Installer to enforce strict rules for component upgrades.
+This policy setting causes the Windows Installer to enforce strict rules for component upgrades.
If you enable this policy setting, strict upgrade rules will be enforced by the Windows Installer which may cause some upgrades to fail. Upgrades can fail if they attempt to do one of the following:
@@ -1469,12 +1497,7 @@ The new feature must be added as a new leaf feature to an existing feature tree.
If you disable or do not configure this policy setting, the Windows Installer will use less restrictive rules for component upgrades.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1494,28 +1517,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1532,7 +1561,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy controls the percentage of disk space available to the Windows Installer baseline file cache.
+This policy controls the percentage of disk space available to the Windows Installer baseline file cache.
The Windows Installer uses the baseline file cache to save baseline files modified by binary delta difference updates. The cache is used to retrieve the baseline file for future updates. The cache eliminates user prompts for source media when new updates are applied.
@@ -1545,12 +1574,7 @@ If you set the baseline cache to 100, the Windows Installer will use available f
If you disable or do not configure this policy setting, the Windows Installer will uses a default value of 10 percent for the baseline file cache maximum size.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1570,28 +1594,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1608,19 +1638,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls the ability to prevent embedded UI.
+This policy setting controls the ability to prevent embedded UI.
If you enable this policy setting, no packages on the system can run embedded UI.
If you disable or do not configure this policy setting, embedded UI is allowed to run.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1640,28 +1665,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1678,7 +1709,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows Web-based programs to install software on the computer without notifying the user.
+This policy setting allows Web-based programs to install software on the computer without notifying the user.
If you disable or do not configure this policy setting, by default, when a script hosted by an Internet browser tries to install a program on the system, the system warns users and allows them to select or refuse the installation.
@@ -1687,12 +1718,7 @@ If you enable this policy setting, the warning is suppressed and allows the inst
This policy setting is designed for enterprises that use Web-based tools to distribute programs to their employees. However, because this policy setting can pose a security risk, it should be applied cautiously.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1712,28 +1738,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1750,7 +1782,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the order in which Windows Installer searches for installation files.
+This policy setting specifies the order in which Windows Installer searches for installation files.
If you disable or do not configure this policy setting, by default, the Windows Installer searches the network first, then removable media (floppy drive, CD-ROM, or DVD), and finally, the Internet (URL).
@@ -1763,12 +1795,7 @@ If you enable this policy setting, you can change the search order by specifying
To exclude a file source, omit or delete the letter representing that source type.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1788,28 +1815,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1826,7 +1859,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting saves copies of transform files in a secure location on the local computer.
+This policy setting saves copies of transform files in a secure location on the local computer.
Transform files consist of instructions to modify or customize a program during installation.
@@ -1838,15 +1871,8 @@ This policy setting is designed for enterprises to prevent unauthorized or malic
If you disable this policy setting, Windows Installer stores transform files in the Application Data directory in the user's profile.
-If you do not configure this policy setting on Windows 2000 Professional, Windows XP Professional and Windows Vista, when a user reinstalls, removes, or repairs an installation, the transform file is available, even if the user is on a different computer or is not connected to the network.
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1860,7 +1886,6 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-rpc.md b/windows/client-management/mdm/policy-csp-admx-rpc.md
index c999d05318..133c1cce4d 100644
--- a/windows/client-management/mdm/policy-csp-admx-rpc.md
+++ b/windows/client-management/mdm/policy-csp-admx-rpc.md
@@ -13,8 +13,12 @@ manager: dansimp
---
# Policy CSP - ADMX_RPC
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -45,28 +49,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -83,7 +93,7 @@ manager: dansimp
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether the RPC runtime generates extended error information when an error occurs.
+This policy setting controls whether the RPC runtime generates extended error information when an error occurs.
Extended error information includes the local time that the error occurred, the RPC version, and the name of the computer on which the error occurred, or from which it was propagated. Programs can retrieve the extended error information by using standard Windows application programming interfaces (APIs).
@@ -110,12 +120,6 @@ You must select an error response type in the drop-down box.
> This policy setting will not be applied until the system is rebooted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -134,28 +138,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -172,7 +182,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether the RPC Runtime ignores delegation failures when delegation is requested.
+This policy setting controls whether the RPC Runtime ignores delegation failures when delegation is requested.
The constrained delegation model, introduced in Windows Server 2003, does not report that delegation was enabled on a security context when a client connects to a server. Callers of RPC and COM are encouraged to use the RPC_C_QOS_CAPABILITIES_IGNORE_DELEGATE_FAILURE flag, but some applications written for the traditional delegation model prior to Windows Server 2003 may not use this flag and will encounter RPC_S_SEC_PKG_ERROR when connecting to a server that uses constrained delegation.
@@ -190,12 +200,7 @@ If you enable this policy setting, then:
> This policy setting will not be applied until the system is rebooted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -215,28 +220,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -253,7 +264,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls the idle connection timeout for RPC/HTTP connections.
+This policy setting controls the idle connection timeout for RPC/HTTP connections.
This policy setting is useful in cases where a network agent like an HTTP proxy or a router uses a lower idle connection timeout than the IIS server running the RPC/HTTP proxy. In such cases, RPC/HTTP clients may encounter errors because connections will be timed out faster than expected. Using this policy setting you can force the RPC Runtime and the RPC/HTTP Proxy to use a lower connection timeout.
@@ -271,12 +282,7 @@ If you enable this policy setting, and the IIS server running the RPC HTTP proxy
> This policy setting will not be applied until the system is rebooted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -295,28 +301,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -333,7 +345,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether the RPC Runtime maintains RPC state information for the system, and how much information it maintains. Basic state information, which consists only of the most commonly needed state data, is required for troubleshooting RPC problems.
+This policy setting determines whether the RPC Runtime maintains RPC state information for the system, and how much information it maintains. Basic state information, which consists only of the most commonly needed state data, is required for troubleshooting RPC problems.
If you disable this policy setting, the RPC runtime defaults to "Auto2" level.
@@ -357,12 +369,6 @@ If you enable this policy setting, you can use the drop-down box to determine wh
> This policy setting will not be applied until the system is rebooted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -375,8 +381,6 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
diff --git a/windows/client-management/mdm/policy-csp-admx-scripts.md b/windows/client-management/mdm/policy-csp-admx-scripts.md
index c28841c0c5..101d934f48 100644
--- a/windows/client-management/mdm/policy-csp-admx-scripts.md
+++ b/windows/client-management/mdm/policy-csp-admx-scripts.md
@@ -13,8 +13,12 @@ manager: dansimp
---
# Policy CSP - ADMX_Scripts
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -69,28 +73,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -107,19 +117,14 @@ manager: dansimp
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows user logon scripts to run when the logon cross-forest, DNS suffixes are not configured, and NetBIOS or WINS is disabled. This policy setting affects all user accounts interactively logging on to the computer.
+This policy setting allows user logon scripts to run when the logon cross-forest, DNS suffixes are not configured, and NetBIOS or WINS is disabled. This policy setting affects all user accounts interactively logging on to the computer.
If you enable this policy setting, user logon scripts run if NetBIOS or WINS is disabled during cross-forest logons without the DNS suffixes being configured.
If you disable or do not configure this policy setting, user account cross-forest, interactive logging cannot run logon scripts if NetBIOS or WINS is disabled, and the DNS suffixes are not configured.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -138,28 +143,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -176,7 +187,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines how long the system waits for scripts applied by Group Policy to run.
+This policy setting determines how long the system waits for scripts applied by Group Policy to run.
This setting limits the total time allowed for all logon, logoff, startup, and shutdown scripts applied by Group Policy to finish running. If the scripts have not finished running when the specified time expires, the system stops script processing and records an error event.
@@ -189,12 +200,7 @@ An excessively long interval can delay the system and inconvenience users. Howev
If you disable or do not configure this setting the system lets the combined set of scripts run for up to 600 seconds (10 minutes). This is the default.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -213,28 +219,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -251,7 +263,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether Windows PowerShell scripts are run before non-Windows PowerShell scripts during computer startup and shutdown. By default, Windows PowerShell scripts run after non-Windows PowerShell scripts.
+This policy setting determines whether Windows PowerShell scripts are run before non-Windows PowerShell scripts during computer startup and shutdown. By default, Windows PowerShell scripts run after non-Windows PowerShell scripts.
If you enable this policy setting, within each applicable Group Policy Object (GPO), Windows PowerShell scripts are run before non-Windows PowerShell scripts during computer startup and shutdown.
@@ -281,12 +293,7 @@ Within GPO C: C.cmd, C.ps1
> - Computer Configuration\Policies\Windows Settings\Scripts (Startup/Shutdown)\Shutdown
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -305,28 +312,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -343,23 +356,18 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting hides the instructions in logon scripts written for Windows NT 4.0 and earlier.
+This policy setting hides the instructions in logon scripts written for Windows NT 4.0 and earlier.
-Logon scripts are batch files of instructions that run when the user logs on. By default, Windows 2000 displays the instructions in logon scripts written for Windows NT 4.0 and earlier in a command window as they run, although it does not display logon scripts written for Windows 2000.
+Logon scripts are batch files of instructions that run when the user logs on. By default, Windows displays the instructions in logon scripts written for Windows NT 4.0 and earlier in a command window as they run, although it does not display logon scripts written for Windows.
-If you enable this setting, Windows 2000 does not display logon scripts written for Windows NT 4.0 and earlier.
+If you enable this setting, Windows does not display logon scripts written for Windows NT 4.0 and earlier.
-If you disable or do not configure this policy setting, Windows 2000 displays login scripts written for Windows NT 4.0 and earlier.
+If you disable or do not configure this policy setting, Windows displays login scripts written for Windows NT 4.0 and earlier.
Also, see the "Run Logon Scripts Visible" setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -378,28 +386,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -416,7 +430,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting displays the instructions in logoff scripts as they run.
+This policy setting displays the instructions in logoff scripts as they run.
Logoff scripts are batch files of instructions that run when the user logs off. By default, the system does not display the instructions in the logoff script.
@@ -425,12 +439,7 @@ If you enable this policy setting, the system displays each instruction in the l
If you disable or do not configure this policy setting, the instructions are suppressed.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -449,28 +458,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -487,7 +502,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting directs the system to wait for logon scripts to finish running before it starts the File Explorer interface program and creates the desktop.
+This policy setting directs the system to wait for logon scripts to finish running before it starts the File Explorer interface program and creates the desktop.
If you enable this policy setting, File Explorer does not start until the logon scripts have finished running. This policy setting ensures that logon script processing is complete before the user starts working, but it can delay the appearance of the desktop.
@@ -496,12 +511,7 @@ If you disable or do not configure this policy setting, the logon scripts and Fi
This policy setting appears in the Computer Configuration and User Configuration folders. The policy setting set in Computer Configuration takes precedence over the policy setting set in User Configuration.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -520,28 +530,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -558,7 +574,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting directs the system to wait for logon scripts to finish running before it starts the File Explorer interface program and creates the desktop.
+This policy setting directs the system to wait for logon scripts to finish running before it starts the File Explorer interface program and creates the desktop.
If you enable this policy setting, File Explorer does not start until the logon scripts have finished running. This policy setting ensures that logon script processing is complete before the user starts working, but it can delay the appearance of the desktop.
@@ -567,12 +583,7 @@ If you disable or do not configure this policy setting, the logon scripts and Fi
This policy setting appears in the Computer Configuration and User Configuration folders. The policy setting set in Computer Configuration takes precedence over the policy setting set in User Configuration.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -591,28 +602,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -629,7 +646,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting displays the instructions in logon scripts as they run.
+This policy setting displays the instructions in logon scripts as they run.
Logon scripts are batch files of instructions that run when the user logs on. By default, the system does not display the instructions in logon scripts.
@@ -638,12 +655,7 @@ If you enable this policy setting, the system displays each instruction in the l
If you disable or do not configure this policy setting, the instructions are suppressed.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -662,28 +674,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -700,7 +718,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting displays the instructions in shutdown scripts as they run.
+This policy setting displays the instructions in shutdown scripts as they run.
Shutdown scripts are batch files of instructions that run when the user restarts the system or shuts it down. By default, the system does not display the instructions in the shutdown script.
@@ -709,12 +727,7 @@ If you enable this policy setting, the system displays each instruction in the s
If you disable or do not configure this policy setting, the instructions are suppressed.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -733,28 +746,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -771,7 +790,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting lets the system run startup scripts simultaneously.
+This policy setting lets the system run startup scripts simultaneously.
Startup scripts are batch files that run before the user is invited to log on. By default, the system waits for each startup script to complete before it runs the next startup script.
@@ -783,12 +802,7 @@ If you disable or do not configure this policy setting, a startup cannot run unt
> Starting with Windows Vista operating system, scripts that are configured to run asynchronously are no longer visible on startup, whether the "Run startup scripts visible" policy setting is enabled or not.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -807,28 +821,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -845,7 +865,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting displays the instructions in startup scripts as they run.
+This policy setting displays the instructions in startup scripts as they run.
Startup scripts are batch files of instructions that run before the user is invited to log on. By default, the system does not display the instructions in the startup script.
@@ -857,12 +877,7 @@ If you disable or do not configure this policy setting, the instructions are sup
> Starting with Windows Vista operating system, scripts that are configured to run asynchronously are no longer visible on startup, whether this policy setting is enabled or not.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -881,28 +896,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -920,7 +941,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether Windows PowerShell scripts are run before non-Windows PowerShell scripts during user logon and logoff. By default, Windows PowerShell scripts run after non-Windows PowerShell scripts.
+This policy setting determines whether Windows PowerShell scripts are run before non-Windows PowerShell scripts during user logon and logoff. By default, Windows PowerShell scripts run after non-Windows PowerShell scripts.
If you enable this policy setting, within each applicable Group Policy Object (GPO), PowerShell scripts are run before non-PowerShell scripts during user logon and logoff.
@@ -952,12 +973,7 @@ Within GPO C: C.cmd, C.ps1
This policy setting appears in the Computer Configuration and User Configuration folders. The policy setting set in Computer Configuration takes precedence over the setting set in User Configuration.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -970,8 +986,7 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
diff --git a/windows/client-management/mdm/policy-csp-admx-sdiageng.md b/windows/client-management/mdm/policy-csp-admx-sdiageng.md
index e7a0beefc6..e0423f69bb 100644
--- a/windows/client-management/mdm/policy-csp-admx-sdiageng.md
+++ b/windows/client-management/mdm/policy-csp-admx-sdiageng.md
@@ -13,8 +13,12 @@ manager: dansimp
---
# Policy CSP - ADMX_sdiageng
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -42,28 +46,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -80,19 +90,14 @@ manager: dansimp
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows users who are connected to the Internet to access and search troubleshooting content that is hosted on Microsoft content servers. Users can access online troubleshooting content from within the Troubleshooting Control Panel UI by clicking "Yes" when they are prompted by a message that states, "Do you want the most up-to-date troubleshooting content?"
+This policy setting allows users who are connected to the Internet to access and search troubleshooting content that is hosted on Microsoft content servers. Users can access online troubleshooting content from within the Troubleshooting Control Panel UI by clicking "Yes" when they are prompted by a message that states, "Do you want the most up-to-date troubleshooting content?"
If you enable or do not configure this policy setting, users who are connected to the Internet can access and search troubleshooting content that is hosted on Microsoft content servers from within the Troubleshooting Control Panel user interface.
If you disable this policy setting, users can only access and search troubleshooting content that is available locally on their computers, even if they are connected to the Internet. They are prevented from connecting to the Microsoft servers that host the Windows Online Troubleshooting Service.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -111,28 +116,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -149,7 +160,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows users to access and run the troubleshooting tools that are available in the Troubleshooting Control Panel and to run the troubleshooting wizard to troubleshoot problems on their computers.
+This policy setting allows users to access and run the troubleshooting tools that are available in the Troubleshooting Control Panel and to run the troubleshooting wizard to troubleshoot problems on their computers.
If you enable or do not configure this policy setting, users can access and run the troubleshooting tools from the Troubleshooting Control Panel.
@@ -158,12 +169,7 @@ If you disable this policy setting, users cannot access or run the troubleshooti
Note that this setting also controls a user's ability to launch standalone troubleshooting packs such as those found in .diagcab files.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -182,28 +188,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -220,19 +232,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether scripted diagnostics will execute diagnostic packages that are signed by untrusted publishers.
+This policy setting determines whether scripted diagnostics will execute diagnostic packages that are signed by untrusted publishers.
If you enable this policy setting, the scripted diagnostics execution engine validates the signer of any diagnostic package and runs only those signed by trusted publishers.
If you disable or do not configure this policy setting, the scripted diagnostics execution engine runs all digitally signed packages.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -245,7 +252,6 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
diff --git a/windows/client-management/mdm/policy-csp-admx-securitycenter.md b/windows/client-management/mdm/policy-csp-admx-securitycenter.md
index 7c06bd2059..20f174f66a 100644
--- a/windows/client-management/mdm/policy-csp-admx-securitycenter.md
+++ b/windows/client-management/mdm/policy-csp-admx-securitycenter.md
@@ -13,8 +13,12 @@ manager: dansimp
---
# Policy CSP - ADMX_Securitycenter
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -36,28 +40,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -74,7 +84,7 @@ manager: dansimp
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether Security Center is turned on or off for computers that are joined to an Active Directory domain. When Security Center is turned on, it monitors essential security settings and notifies the user when the computer might be at risk. The Security Center Control Panel category view also contains a status section, where the user can get recommendations to help increase the computer's security. When Security Center is not enabled on the domain, neither the notifications nor the Security Center status section are displayed.
+ This policy setting specifies whether Security Center is turned on or off for computers that are joined to an Active Directory domain. When Security Center is turned on, it monitors essential security settings and notifies the user when the computer might be at risk. The Security Center Control Panel category view also contains a status section, where the user can get recommendations to help increase the computer's security. When Security Center is not enabled on the domain, neither the notifications nor the Security Center status section are displayed.
Note that Security Center can only be turned off for computers that are joined to a Windows domain. When a computer is not joined to a Windows domain, the policy setting will have no effect.
@@ -84,21 +94,9 @@ If you enable this policy setting, Security Center is turned on for all users.
If you disable this policy setting, Security Center is turned off for domain members.
-**Windows XP SP2**
-
-In Windows XP SP2, the essential security settings that are monitored by Security Center include firewall, antivirus, and Automatic Updates. Note that Security Center might not be available following a change to this policy setting until after the computer is restarted for Windows XP SP2 computers.
-
-**Windows Vista**
-
-In Windows Vista, this policy setting monitors essential security settings to include firewall, antivirus, antispyware, Internet security settings, User Account Control, and Automatic Updates. Windows Vista computers do not require a reboot for this policy setting to take effect.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -111,8 +109,7 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
diff --git a/windows/client-management/mdm/policy-csp-admx-sensors.md b/windows/client-management/mdm/policy-csp-admx-sensors.md
index 47b29235a9..1287743ed4 100644
--- a/windows/client-management/mdm/policy-csp-admx-sensors.md
+++ b/windows/client-management/mdm/policy-csp-admx-sensors.md
@@ -13,8 +13,12 @@ manager: dansimp
---
# Policy CSP - ADMX_Sensors
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -48,28 +52,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -86,19 +96,14 @@ manager: dansimp
-Available in the latest Windows 10 Insider Preview Build. This policy setting turns off scripting for the location feature.
+This policy setting turns off scripting for the location feature.
If you enable this policy setting, scripts for the location feature will not run.
If you disable or do not configure this policy setting, all location scripts will run.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -117,28 +122,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -155,19 +166,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting turns off scripting for the location feature.
+This policy setting turns off scripting for the location feature.
If you enable this policy setting, scripts for the location feature will not run.
If you disable or do not configure this policy setting, all location scripts will run.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -186,28 +192,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -224,19 +236,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting turns off the location feature for this computer.
+This policy setting turns off the location feature for this computer.
If you enable this policy setting, the location feature is turned off, and all programs on this computer are prevented from using location information from the location feature.
If you disable or do not configure this policy setting, all programs on this computer will not be prevented from using location information from the location feature.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -255,28 +262,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -293,19 +306,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting turns off the sensor feature for this computer.
+This policy setting turns off the sensor feature for this computer.
If you enable this policy setting, the sensor feature is turned off, and all programs on this computer cannot use the sensor feature.
If you disable or do not configure this policy setting, all programs on this computer can use the sensor feature.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -324,28 +332,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -362,19 +376,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting turns off the sensor feature for this computer.
+This policy setting turns off the sensor feature for this computer.
If you enable this policy setting, the sensor feature is turned off, and all programs on this computer cannot use the sensor feature.
If you disable or do not configure this policy setting, all programs on this computer can use the sensor feature.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -387,7 +396,6 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-servicing.md b/windows/client-management/mdm/policy-csp-admx-servicing.md
index c537254102..0cb2e868e9 100644
--- a/windows/client-management/mdm/policy-csp-admx-servicing.md
+++ b/windows/client-management/mdm/policy-csp-admx-servicing.md
@@ -13,8 +13,7 @@ manager: dansimp
---
# Policy CSP - ADMX_Servicing
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
@@ -36,28 +35,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -74,21 +79,16 @@ manager: dansimp
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the network locations that will be used for the repair of operating system corruption and for enabling optional features that have had their payload files removed.
+This policy setting specifies the network locations that will be used for the repair of operating system corruption and for enabling optional features that have had their payload files removed.
-If you enable this policy setting and specify the new location, the files in that location will be used to repair operating system corruption and for enabling optional features that have had their payload files removed. You must enter the fully qualified path to the new location in the ""Alternate source file path"" text box. Multiple locations can be specified when each path is separated by a semicolon.
+If you enable this policy setting and specify the new location, the files in that location will be used to repair operating system corruption and for enabling optional features that have had their payload files removed. You must enter the fully qualified path to the new location in the "Alternate source file path" text box. Multiple locations can be specified when each path is separated by a semicolon.
The network location can be either a folder, or a WIM file. If it is a WIM file, the location should be specified by prefixing the path with “wim:” and include the index of the image to use in the WIM file. For example “wim:\\server\share\install.wim:3”.
If you disable or do not configure this policy setting, or if the required files cannot be found at the locations specified in this policy setting, the files will be downloaded from Windows Update, if that is allowed by the policy settings for the computer.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -101,8 +101,7 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
diff --git a/windows/client-management/mdm/policy-csp-admx-settingsync.md b/windows/client-management/mdm/policy-csp-admx-settingsync.md
index 6f35209bce..692583b4eb 100644
--- a/windows/client-management/mdm/policy-csp-admx-settingsync.md
+++ b/windows/client-management/mdm/policy-csp-admx-settingsync.md
@@ -13,8 +13,12 @@ manager: dansimp
---
# Policy CSP - ADMX_SettingSync
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -60,28 +64,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -98,7 +108,7 @@ manager: dansimp
-Available in the latest Windows 10 Insider Preview Build. Prevent the "AppSync" group from syncing to and from this PC. This turns off and disables the "AppSync" group on the "sync your settings" page in PC settings.
+Prevent the "AppSync" group from syncing to and from this PC. This turns off and disables the "AppSync" group on the "sync your settings" page in PC settings.
If you enable this policy setting, the "AppSync" group will not be synced.
@@ -107,12 +117,7 @@ Use the option "Allow users to turn app syncing on" so that syncing it turned of
If you do not set or disable this setting, syncing of the "AppSync" group is on by default and configurable by the user.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -131,28 +136,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -169,7 +180,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Prevent the "app settings" group from syncing to and from this PC. This turns off and disables the "app settings" group on the "sync your settings" page in PC settings.
+Prevent the "app settings" group from syncing to and from this PC. This turns off and disables the "app settings" group on the "sync your settings" page in PC settings.
If you enable this policy setting, the "app settings" group will not be synced.
@@ -178,12 +189,7 @@ Use the option "Allow users to turn app settings syncing on" so that syncing it
If you do not set or disable this setting, syncing of the "app settings" group is on by default and configurable by the user.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -202,28 +208,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -240,7 +252,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Prevent the "passwords" group from syncing to and from this PC. This turns off and disables the "passwords" group on the "sync your settings" page in PC settings.
+Prevent the "passwords" group from syncing to and from this PC. This turns off and disables the "passwords" group on the "sync your settings" page in PC settings.
If you enable this policy setting, the "passwords" group will not be synced.
@@ -249,12 +261,7 @@ Use the option "Allow users to turn passwords syncing on" so that syncing it tur
If you do not set or disable this setting, syncing of the "passwords" group is on by default and configurable by the user.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -273,28 +280,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -311,7 +324,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Prevent the "desktop personalization" group from syncing to and from this PC. This turns off and disables the "desktop personalization" group on the "sync your settings" page in PC settings.
+Prevent the "desktop personalization" group from syncing to and from this PC. This turns off and disables the "desktop personalization" group on the "sync your settings" page in PC settings.
If you enable this policy setting, the "desktop personalization" group will not be synced.
@@ -320,12 +333,7 @@ Use the option "Allow users to turn desktop personalization syncing on" so that
If you do not set or disable this setting, syncing of the "desktop personalization" group is on by default and configurable by the user.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -344,28 +352,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -382,7 +396,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Prevent the "personalize" group from syncing to and from this PC. This turns off and disables the "personalize" group on the "sync your settings" page in PC settings.
+Prevent the "personalize" group from syncing to and from this PC. This turns off and disables the "personalize" group on the "sync your settings" page in PC settings.
If you enable this policy setting, the "personalize" group will not be synced.
@@ -391,12 +405,7 @@ Use the option "Allow users to turn personalize syncing on" so that syncing it t
If you do not set or disable this setting, syncing of the "personalize" group is on by default and configurable by the user.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -415,28 +424,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -453,7 +468,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Prevent syncing to and from this PC. This turns off and disables the "sync your settings" switch on the "sync your settings" page in PC Settings.
+Prevent syncing to and from this PC. This turns off and disables the "sync your settings" switch on the "sync your settings" page in PC Settings.
If you enable this policy setting, "sync your settings" will be turned off, and none of the "sync your setting" groups will be synced on this PC.
@@ -462,12 +477,7 @@ Use the option "Allow users to turn syncing on" so that syncing it turned off by
If you do not set or disable this setting, "sync your settings" is on by default and configurable by the user.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -486,28 +496,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -524,7 +540,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Prevent the "Start layout" group from syncing to and from this PC. This turns off and disables the "Start layout" group on the "sync your settings" page in PC settings.
+Prevent the "Start layout" group from syncing to and from this PC. This turns off and disables the "Start layout" group on the "sync your settings" page in PC settings.
If you enable this policy setting, the "Start layout" group will not be synced.
@@ -533,12 +549,7 @@ Use the option "Allow users to turn start syncing on" so that syncing is turned
If you do not set or disable this setting, syncing of the "Start layout" group is on by default and configurable by the user.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -557,28 +568,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -595,19 +612,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Prevent syncing to and from this PC when on metered Internet connections. This turns off and disables "sync your settings on metered connections" switch on the "sync your settings" page in PC Settings.
+Prevent syncing to and from this PC when on metered Internet connections. This turns off and disables "sync your settings on metered connections" switch on the "sync your settings" page in PC Settings.
If you enable this policy setting, syncing on metered connections will be turned off, and no syncing will take place when this PC is on a metered connection.
If you do not set or disable this setting, syncing on metered connections is configurable by the user.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -626,28 +638,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -664,7 +682,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Prevent the "Other Windows settings" group from syncing to and from this PC. This turns off and disables the "Other Windows settings" group on the "sync your settings" page in PC settings.
+Prevent the "Other Windows settings" group from syncing to and from this PC. This turns off and disables the "Other Windows settings" group on the "sync your settings" page in PC settings.
If you enable this policy setting, the "Other Windows settings" group will not be synced.
@@ -673,12 +691,7 @@ Use the option "Allow users to turn other Windows settings syncing on" so that s
If you do not set or disable this setting, syncing of the "Other Windows settings" group is on by default and configurable by the user.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -691,7 +704,6 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
diff --git a/windows/client-management/mdm/policy-csp-admx-sharedfolders.md b/windows/client-management/mdm/policy-csp-admx-sharedfolders.md
index cc867fb098..19a24d2480 100644
--- a/windows/client-management/mdm/policy-csp-admx-sharedfolders.md
+++ b/windows/client-management/mdm/policy-csp-admx-sharedfolders.md
@@ -13,8 +13,12 @@ manager: dansimp
---
# Policy CSP - ADMX_SharedFolders
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -38,28 +42,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -76,7 +86,7 @@ manager: dansimp
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether the user can publish DFS roots in Active Directory Domain Services (AD DS).
+This policy setting determines whether the user can publish DFS roots in Active Directory Domain Services (AD DS).
If you enable or do not configure this policy setting, users can use the "Publish in Active Directory" option to publish DFS roots as shared folders in AD DS .
@@ -86,12 +96,7 @@ If you disable this policy setting, users cannot publish DFS roots in AD DS and
> The default is to allow shared folders to be published when this setting is not configured.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -111,28 +116,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -149,7 +160,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether the user can publish shared folders in Active Directory Domain Services (AD DS).
+This policy setting determines whether the user can publish shared folders in Active Directory Domain Services (AD DS).
If you enable or do not configure this policy setting, users can use the "Publish in Active Directory" option in the Shared Folders snap-in to publish shared folders in AD DS.
@@ -159,12 +170,7 @@ If you disable this policy setting, users cannot publish shared folders in AD DS
> The default is to allow shared folders to be published when this setting is not configured.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -177,8 +183,7 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
diff --git a/windows/client-management/mdm/policy-csp-admx-sharing.md b/windows/client-management/mdm/policy-csp-admx-sharing.md
index b7e9e8ddaa..27536d9679 100644
--- a/windows/client-management/mdm/policy-csp-admx-sharing.md
+++ b/windows/client-management/mdm/policy-csp-admx-sharing.md
@@ -13,8 +13,12 @@ manager: dansimp
---
# Policy CSP - ADMX_Sharing
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -35,28 +39,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -73,19 +83,14 @@ manager: dansimp
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether users can share files within their profile. By default users are allowed to share files within their profile to other users on their network after an administrator opts in the computer. An administrator can opt in the computer by using the sharing wizard to share a file within their profile.
+This policy setting specifies whether users can share files within their profile. By default users are allowed to share files within their profile to other users on their network after an administrator opts in the computer. An administrator can opt in the computer by using the sharing wizard to share a file within their profile.
If you enable this policy setting, users cannot share files within their profile using the sharing wizard. Also, the sharing wizard cannot create a share at %root%\users and can only be used to create SMB shares on folders.
If you disable or don't configure this policy setting, users can share files out of their user profile after an administrator has opted in the computer.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -98,7 +103,6 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
diff --git a/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md b/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md
index 7d8f85894f..fe1e555961 100644
--- a/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md
+++ b/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md
@@ -13,8 +13,12 @@ manager: dansimp
---
# Policy CSP - ADMX_ShellCommandPromptRegEditTools
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -45,28 +49,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -83,7 +93,7 @@ manager: dansimp
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from running the interactive command prompt, Cmd.exe. This policy setting also determines whether batch files (.cmd and .bat) can run on the computer.
+This policy setting prevents users from running the interactive command prompt, Cmd.exe. This policy setting also determines whether batch files (.cmd and .bat) can run on the computer.
If you enable this policy setting and the user tries to open a command window, the system displays a message explaining that a setting prevents the action.
@@ -93,12 +103,7 @@ If you disable this policy setting or do not configure it, users can run Cmd.exe
> Do not prevent the computer from running batch files if the computer uses logon, logoff, startup, or shutdown batch file scripts, or for users that use Remote Desktop Services.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -117,28 +122,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -155,7 +166,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Disables the Windows registry editor Regedit.exe.
+Disables the Windows registry editor Regedit.exe.
If you enable this policy setting and the user tries to start Regedit.exe, a message appears explaining that a policy setting prevents the action.
@@ -164,12 +175,7 @@ If you disable this policy setting or do not configure it, users can run Regedit
To prevent users from using other administrative tools, use the "Run only specified Windows applications" policy setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -189,28 +195,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -227,7 +239,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents Windows from running the programs you specify in this policy setting.
+This policy setting prevents Windows from running the programs you specify in this policy setting.
If you enable this policy setting, users cannot run programs that you add to the list of disallowed applications.
@@ -240,12 +252,7 @@ This policy setting only prevents users from running programs that are started b
> To create a list of allowed applications, click Show. In the Show Contents dialog box, in the Value column, type the application executable name (for example, Winword.exe, Poledit.exe, Powerpnt.exe).
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -264,28 +271,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -302,7 +315,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Limits the Windows programs that users have permission to run on the computer.
+Limits the Windows programs that users have permission to run on the computer.
If you enable this policy setting, users can only run programs that you add to the list of allowed applications.
@@ -315,12 +328,7 @@ This policy setting only prevents users from running programs that are started b
> To create a list of allowed applications, click Show. In the Show Contents dialog box, in the Value column, type the application executable name (for example, Winword.exe, Poledit.exe, Powerpnt.exe).
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -333,8 +341,7 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
diff --git a/windows/client-management/mdm/policy-csp-admx-skydrive.md b/windows/client-management/mdm/policy-csp-admx-skydrive.md
index 72c1b9ab34..90f1b868a1 100644
--- a/windows/client-management/mdm/policy-csp-admx-skydrive.md
+++ b/windows/client-management/mdm/policy-csp-admx-skydrive.md
@@ -13,8 +13,7 @@ manager: dansimp
---
# Policy CSP - ADMX_SkyDrive
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
@@ -36,28 +35,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -74,7 +79,7 @@ manager: dansimp
-Available in the latest Windows 10 Insider Preview Build. Enable this setting to prevent the OneDrive sync client (OneDrive.exe) from generating network traffic (checking for updates, etc.) until the user signs in to OneDrive or starts syncing files to the local computer.
+Enable this setting to prevent the OneDrive sync client (OneDrive.exe) from generating network traffic (checking for updates, etc.) until the user signs in to OneDrive or starts syncing files to the local computer.
If you enable this setting, users must sign in to the OneDrive sync client on the local computer, or select to sync OneDrive or SharePoint files on the computer, for the sync client to start automatically.
diff --git a/windows/client-management/mdm/policy-csp-admx-smartcard.md b/windows/client-management/mdm/policy-csp-admx-smartcard.md
index 3b4ac39e4f..e2c62d296b 100644
--- a/windows/client-management/mdm/policy-csp-admx-smartcard.md
+++ b/windows/client-management/mdm/policy-csp-admx-smartcard.md
@@ -13,8 +13,12 @@ manager: dansimp
---
# Policy CSP - ADMX_Smartcard
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -81,28 +85,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -119,7 +129,7 @@ manager: dansimp
-Available in the latest Windows 10 Insider Preview Build. This policy setting lets you allow certificates without an Extended Key Usage (EKU) set to be used for logon.
+This policy setting lets you allow certificates without an Extended Key Usage (EKU) set to be used for logon.
In versions of Windows prior to Windows Vista, smart card certificates that are used for logon require an enhanced key usage (EKU) extension with a smart card logon object identifier. This policy setting can be used to modify that restriction.
@@ -132,12 +142,7 @@ If you enable this policy setting, certificates with the following attributes ca
If you disable or do not configure this policy setting, only certificates that contain the smart card logon object identifier can be used to log on with a smart card.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -156,28 +161,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -194,7 +205,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting lets you determine whether the integrated unblock feature will be available in the logon User Interface (UI).
+This policy setting lets you determine whether the integrated unblock feature will be available in the logon User Interface (UI).
In order to use the integrated unblock feature your smart card must support this feature. Please check with your hardware manufacturer to see if your smart card supports this feature.
@@ -203,12 +214,7 @@ If you enable this policy setting, the integrated unblock feature will be availa
If you disable or do not configure this policy setting then the integrated unblock feature will not be available.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -227,28 +233,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -265,19 +277,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting lets you allow signature key-based certificates to be enumerated and available for logon.
+This policy setting lets you allow signature key-based certificates to be enumerated and available for logon.
If you enable this policy setting then any certificates available on the smart card with a signature only key will be listed on the logon screen.
If you disable or do not configure this policy setting, any available smart card signature key-based certificates will not be listed on the logon screen.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -296,28 +303,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -334,7 +347,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits those certificates to be displayed for logon that are either expired or not yet valid.
+This policy setting permits those certificates to be displayed for logon that are either expired or not yet valid.
Under previous versions of Microsoft Windows, certificates were required to contain a valid time and not be expired. The certificate must still be accepted by the domain controller in order to be used. This setting only controls the displaying of the certificate on the client machine.
@@ -343,12 +356,7 @@ If you enable this policy setting certificates will be listed on the logon scree
If you disable or do not configure this policy setting, certificates which are expired or not yet valid will not be listed on the logon screen.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -367,28 +375,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -405,19 +419,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage the certificate propagation that occurs when a smart card is inserted.
+This policy setting allows you to manage the certificate propagation that occurs when a smart card is inserted.
If you enable or do not configure this policy setting then certificate propagation will occur when you insert your smart card.
If you disable this policy setting, certificate propagation will not occur and the certificates will not be made available to applications such as Outlook.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -436,28 +445,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -474,15 +489,10 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage the cleanup behavior of root certificates. If you enable this policy setting then root certificate cleanup will occur according to the option selected. If you disable or do not configure this setting then root certificate cleanup will occur on logoff.
+This policy setting allows you to manage the cleanup behavior of root certificates. If you enable this policy setting then root certificate cleanup will occur according to the option selected. If you disable or do not configure this setting then root certificate cleanup will occur on logoff.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -501,28 +511,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -539,7 +555,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage the root certificate propagation that occurs when a smart card is inserted.
+This policy setting allows you to manage the root certificate propagation that occurs when a smart card is inserted.
If you enable or do not configure this policy setting then root certificate propagation will occur when you insert your smart card.
@@ -549,12 +565,7 @@ If you enable or do not configure this policy setting then root certificate prop
If you disable this policy setting then root certificates will not be propagated from the smart card.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -573,28 +584,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -611,7 +628,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents plaintext PINs from being returned by Credential Manager.
+This policy setting prevents plaintext PINs from being returned by Credential Manager.
If you enable this policy setting, Credential Manager does not return a plaintext PIN.
@@ -621,12 +638,7 @@ If you disable or do not configure this policy setting, plaintext PINs can be re
> Enabling this policy setting could prevent certain smart cards from working on Windows. Please consult your smart card manufacturer to find out whether you will be affected by this policy setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -645,28 +657,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -683,7 +701,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to control whether elliptic curve cryptography (ECC) certificates on a smart card can be used to log on to a domain.
+This policy setting allows you to control whether elliptic curve cryptography (ECC) certificates on a smart card can be used to log on to a domain.
If you enable this policy setting, ECC certificates on a smart card can be used to log on to a domain.
@@ -693,12 +711,7 @@ If you disable or do not configure this policy setting, ECC certificates on a sm
> This policy setting only affects a user's ability to log on to a domain. ECC certificates on a smart card that are used for other applications, such as document signing, are not affected by this policy setting.
> If you use an ECDSA key to log on, you must also have an associated ECDH key to permit logons when you are not connected to the network.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -717,28 +730,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -755,7 +774,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting lets you configure if all your valid logon certificates are displayed.
+This policy setting lets you configure if all your valid logon certificates are displayed.
During the certificate renewal period, a user can have multiple valid logon certificates issued from the same certificate template. This can cause confusion as to which certificate to select for logon. The common case for this behavior is when a certificate is renewed and the old one has not yet expired. Two certificates are determined to be the same if they are issued from the same template with the same major version and they are for the same user (determined by their UPN).
@@ -769,12 +788,7 @@ If you enable or do not configure this policy setting, filtering will take place
If you disable this policy setting, no filtering will take place.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -793,28 +807,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -831,7 +851,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage the reading of all certificates from the smart card for logon.
+This policy setting allows you to manage the reading of all certificates from the smart card for logon.
During logon Windows will by default only read the default certificate from the smart card unless it supports retrieval of all certificates in a single call. This setting forces Windows to read all the certificates from the card. This can introduce a significant performance decrease in certain situations. Please contact your smart card vendor to determine if your smart card and associated CSP supports the required behavior.
@@ -840,12 +860,7 @@ If you enable this setting, then Windows will attempt to read all certificates f
If you disable or do not configure this setting, Windows will only attempt to read the default certificate from those cards that do not support retrieval of all certificates in a single call. Certificates other than the default will not be available for logon.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -864,28 +879,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -902,7 +923,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage the displayed message when a smart card is blocked.
+This policy setting allows you to manage the displayed message when a smart card is blocked.
If you enable this policy setting, the specified message will be displayed to the user when the smart card is blocked.
@@ -912,12 +933,7 @@ If you enable this policy setting, the specified message will be displayed to th
If you disable or do not configure this policy setting, the default message will be displayed to the user when the smart card is blocked, if the integrated unblock feature is enabled.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -936,28 +952,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -974,7 +996,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting lets you reverse the subject name from how it is stored in the certificate when displaying it during logon.
+This policy setting lets you reverse the subject name from how it is stored in the certificate when displaying it during logon.
By default the user principal name (UPN) is displayed in addition to the common name to help users distinguish one certificate from another. For example, if the certificate subject was CN=User1, OU=Users, DN=example, DN=com and had an UPN of user1@example.com then "User1" will be displayed along with "user1@example.com." If the UPN is not present then the entire subject name will be displayed. This setting controls the appearance of that subject name and might need to be adjusted per organization.
@@ -983,12 +1005,7 @@ If you enable this policy setting or do not configure this setting, then the sub
If you disable, the subject name will be displayed as it appears in the certificate.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1007,28 +1024,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1045,7 +1068,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to control whether Smart Card Plug and Play is enabled.
+This policy setting allows you to control whether Smart Card Plug and Play is enabled.
If you enable or do not configure this policy setting, Smart Card Plug and Play will be enabled and the system will attempt to install a Smart Card device driver when a card is inserted in a Smart Card Reader for the first time.
@@ -1055,12 +1078,7 @@ If you disable this policy setting, Smart Card Plug and Play will be disabled an
> This policy setting is applied only for smart cards that have passed the Windows Hardware Quality Labs (WHQL) testing process.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1079,28 +1097,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1117,7 +1141,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to control whether a confirmation message is displayed when a smart card device driver is installed.
+This policy setting allows you to control whether a confirmation message is displayed when a smart card device driver is installed.
If you enable or do not configure this policy setting, a confirmation message will be displayed when a smart card device driver is installed.
@@ -1127,12 +1151,7 @@ If you disable this policy setting, a confirmation message will not be displayed
> This policy setting is applied only for smart cards that have passed the Windows Hardware Quality Labs (WHQL) testing process.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1151,28 +1170,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1189,19 +1214,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting lets you determine whether an optional field will be displayed during logon and elevation that allows a user to enter his or her user name or user name and domain, thereby associating a certificate with that user.
+This policy setting lets you determine whether an optional field will be displayed during logon and elevation that allows a user to enter his or her user name or user name and domain, thereby associating a certificate with that user.
If you enable this policy setting then an optional field that allows a user to enter their user name or user name and domain will be displayed.
If you disable or do not configure this policy setting, an optional field that allows users to enter their user name or user name and domain will not be displayed.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1214,8 +1234,7 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
diff --git a/windows/client-management/mdm/policy-csp-admx-snmp.md b/windows/client-management/mdm/policy-csp-admx-snmp.md
index 62a6c6c8e5..137707b5b7 100644
--- a/windows/client-management/mdm/policy-csp-admx-snmp.md
+++ b/windows/client-management/mdm/policy-csp-admx-snmp.md
@@ -13,8 +13,12 @@ manager: dansimp
---
# Policy CSP - ADMX_Snmp
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -42,28 +46,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -80,7 +90,7 @@ manager: dansimp
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures a list of the communities defined to the Simple Network Management Protocol (SNMP) service.
+This policy setting configures a list of the communities defined to the Simple Network Management Protocol (SNMP) service.
SNMP is a protocol designed to give a user the capability to remotely manage a computer network, by polling and setting terminal values and monitoring network events.
@@ -99,12 +109,7 @@ Best practice: For security purposes, it is recommended to restrict the HKLM\SOF
Also, see the other two SNMP settings: "Specify permitted managers" and "Specify trap configuration".
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -123,28 +128,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -161,7 +172,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines the permitted list of hosts that can submit a query to the Simple Network Management (SNMP) agent running on the client computer.
+This policy setting determines the permitted list of hosts that can submit a query to the Simple Network Management (SNMP) agent running on the client computer.
Simple Network Management Protocol is a protocol designed to give a user the capability to remotely manage a computer network by polling and setting terminal values and monitoring network events.
@@ -179,12 +190,7 @@ Best practice: For security purposes, it is recommended to restrict the HKLM\SOF
Also, see the other two SNMP policy settings: "Specify trap configuration" and "Specify Community Name".
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -203,28 +209,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -241,7 +253,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows trap configuration for the Simple Network Management Protocol (SNMP) agent.
+This policy setting allows trap configuration for the Simple Network Management Protocol (SNMP) agent.
Simple Network Management Protocol is a protocol designed to give a user the capability to remotely manage a computer network by polling and setting terminal values and monitoring network events.
@@ -257,12 +269,7 @@ If you disable or do not configure this policy setting, the SNMP service takes t
Also, see the other two SNMP settings: "Specify permitted managers" and "Specify Community Name".
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -275,8 +282,7 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
diff --git a/windows/client-management/mdm/policy-csp-admx-startmenu.md b/windows/client-management/mdm/policy-csp-admx-startmenu.md
index e108cbcee6..3fbbcf654d 100644
--- a/windows/client-management/mdm/policy-csp-admx-startmenu.md
+++ b/windows/client-management/mdm/policy-csp-admx-startmenu.md
@@ -13,8 +13,12 @@ manager: dansimp
---
# Policy CSP - ADMX_StartMenu
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -234,28 +238,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -272,19 +282,14 @@ manager: dansimp
-Available in the latest Windows 10 Insider Preview Build. If you enable this policy, a "Search the Internet" link is shown when the user performs a search in the start menu search box. This button launches the default browser with the search terms.
+If you enable this policy, a "Search the Internet" link is shown when the user performs a search in the start menu search box. This button launches the default browser with the search terms.
If you disable this policy, there will not be a "Search the Internet" link when the user performs a search in the start menu search box.
If you do not configure this policy (default), there will not be a "Search the Internet" link on the start menu.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -303,28 +308,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -341,7 +352,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Clear history of recently opened documents on exit.
+Clear history of recently opened documents on exit.
If you enable this setting, the system deletes shortcuts to recently used document files when the user logs off. As a result, the Recent Items menu on the Start menu is always empty when the user logs on. In addition, recently and frequently used items in the Jump Lists off of programs in the Start Menu and Taskbar will be cleared when the user logs off.
@@ -359,12 +370,7 @@ This policy setting also does not hide document shortcuts displayed in the Open
This policy also does not clear items that the user may have pinned to the Jump Lists, or Tasks that the application has provided for their menu. See the "Do not allow pinning items in Jump Lists" setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -383,28 +389,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -421,17 +433,12 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. If you enable this policy setting, the recent programs list in the start menu will be blank for each new user.
+If you enable this policy setting, the recent programs list in the start menu will be blank for each new user.
If you disable or do not configure this policy, the start menu recent programs list will be pre-populated with programs for each new user.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -450,28 +457,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -488,19 +501,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. If you enable this setting, the system deletes tile notifications when the user logs on. As a result, the Tiles in the start view will always show their default content when the user logs on. In addition, any cached versions of these notifications will be cleared when the user logs on.
+If you enable this setting, the system deletes tile notifications when the user logs on. As a result, the Tiles in the start view will always show their default content when the user logs on. In addition, any cached versions of these notifications will be cleared when the user logs on.
If you disable or do not configure this setting, the system retains notifications, and when a user logs on, the tiles appear just as they did when the user logged off, including the history of previous notifications for each tile.
This setting does not prevent new notifications from appearing. See the "Turn off Application Notifications" setting to prevent new notifications.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -519,28 +527,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -557,19 +571,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows desktop apps to be listed first in the Apps view in Start.
+This policy setting allows desktop apps to be listed first in the Apps view in Start.
If you enable this policy setting, desktop apps would be listed first when the apps are sorted by category in the Apps view. The other sorting options would continue to be available and the user could choose to change their default sorting options.
If you disable or don't configure this policy setting, the desktop apps won't be listed first when the apps are sorted by category, and the user can configure this setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -588,28 +597,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -626,7 +641,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents the user from searching apps, files, settings (and the web if enabled) when the user searches from the Apps view.
+This policy setting prevents the user from searching apps, files, settings (and the web if enabled) when the user searches from the Apps view.
This policy setting is only applied when the Apps view is set as the default view for Start.
@@ -635,12 +650,7 @@ If you enable this policy setting, searching from the Apps view will only search
If you disable or don’t configure this policy setting, the user can configure this setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -659,28 +669,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -697,7 +713,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy only applies to the classic version of the start menu and does not affect the new style start menu.
+This policy only applies to the classic version of the start menu and does not affect the new style start menu.
Adds the "Log Off ``" item to the Start menu and prevents users from removing it.
@@ -707,17 +723,13 @@ If you disable this setting or do not configure it, users can use the Display Lo
This setting affects the Start menu only. It does not affect the Log Off item on the Windows Security dialog box that appears when you press Ctrl+Alt+Del.
-Note: To add or remove the Log Off item on a computer, click Start, click Settings, click Taskbar and Start Menu, click the Start Menu Options tab, and then, in the Start Menu Settings box, click Display Logoff.
+> [!NOTE]
+> To add or remove the Log Off item on a computer, click Start, click Settings, click Taskbar and Start Menu, click the Start Menu Options tab, and then, in the Start Menu Settings box, click Display Logoff.
Also, see "Remove Logoff" in User Configuration\Administrative Templates\System\Logon/Logoff.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -736,28 +748,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -774,7 +792,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows users to go to the desktop instead of the Start screen when they sign in.
+This policy setting allows users to go to the desktop instead of the Start screen when they sign in.
If you enable this policy setting, users will always go to the desktop when they sign in.
@@ -783,12 +801,7 @@ If you disable this policy setting, users will always go to the Start screen whe
If you don’t configure this policy setting, the default setting for the user’s device will be used, and the user can choose to change it.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -807,28 +820,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -845,7 +864,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Displays Start menu shortcuts to partially installed programs in gray text.
+Displays Start menu shortcuts to partially installed programs in gray text.
This setting makes it easier for users to distinguish between programs that are fully installed and those that are only partially installed.
@@ -857,12 +876,7 @@ If you disable this setting or do not configure it, all Start menu shortcuts app
> Enabling this setting can make the Start menu slow to open.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -881,28 +895,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -919,19 +939,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from performing the following commands from the Windows security screen, the logon screen, and the Start menu: Shut Down, Restart, Sleep, and Hibernate. This policy setting does not prevent users from running Windows-based programs that perform these functions.
+This policy setting prevents users from performing the following commands from the Windows security screen, the logon screen, and the Start menu: Shut Down, Restart, Sleep, and Hibernate. This policy setting does not prevent users from running Windows-based programs that perform these functions.
If you enable this policy setting, the shutdown, restart, sleep, and hibernate commands are removed from the Start menu. The Power button is also removed from the Windows Security screen, which appears when you press CTRL+ALT+DELETE, and from the logon screen.
If you disable or do not configure this policy setting, the Power button and the Shut Down, Restart, Sleep, and Hibernate commands are available on the Start menu. The Power button on the Windows Security and logon screens is also available.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -950,28 +965,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -988,7 +1009,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Disables personalized menus.
+Disables personalized menus.
Windows personalizes long menus by moving recently used items to the top of the menu and hiding items that have not been used recently. Users can display the hidden items by clicking an arrow to extend the menu.
@@ -1000,12 +1021,7 @@ If you enable this setting, the system does not personalize menus. All menu item
To Turn off personalized menus without specifying a setting, click Start, click Settings, click Taskbar and Start Menu, and then, on the General tab, clear the "Use Personalized Menus" option.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1024,28 +1040,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1062,7 +1084,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This setting affects the taskbar, which is used to switch between running applications.
+This setting affects the taskbar, which is used to switch between running applications.
The taskbar includes the Start button, list of currently running tasks, and the notification area. By default, the taskbar is located at the bottom of the screen, but it can be dragged to any side of the screen. When it is locked, it cannot be moved or resized.
@@ -1074,12 +1096,7 @@ If you disable this setting or do not configure it, the user can configure the t
> Enabling this setting also locks the QuickLaunch bar and any other toolbars that the user has on their taskbar. The toolbar's position is locked, and the user cannot show and hide various toolbars using the taskbar context menu.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1098,28 +1115,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1136,19 +1159,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting lets users run a 16-bit program in a dedicated (not shared) Virtual DOS Machine (VDM) process.
+This policy setting lets users run a 16-bit program in a dedicated (not shared) Virtual DOS Machine (VDM) process.
All DOS and 16-bit programs run on Windows 2000 Professional and Windows XP Professional in the Windows Virtual DOS Machine program. VDM simulates a 16-bit environment, complete with the DLLs required by 16-bit programs. By default, all 16-bit programs run as threads in a single, shared VDM process. As such, they share the memory space allocated to the VDM process and cannot run simultaneously.
Enabling this setting adds a check box to the Run dialog box, giving users the option of running a 16-bit program in its own dedicated NTVDM process. The additional check box is enabled only when a user enters a 16-bit program in the Run dialog box.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1167,28 +1185,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1205,7 +1229,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This setting affects the notification area, also called the "system tray."
+This setting affects the notification area, also called the "system tray."
The notification area is located in the task bar, generally at the bottom of the screen, and it includes the clock and current notifications. This setting determines whether the items are always expanded or always collapsed. By default, notifications are collapsed. The notification cleanup << icon can be referred to as the "notification chevron."
@@ -1216,12 +1240,7 @@ If you disable this setting, the system notification area will always collapse n
If you do not configure it, the user can choose if they want notifications collapsed.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1240,28 +1259,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1278,7 +1303,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Hides pop-up text on the Start menu and in the notification area.
+Hides pop-up text on the Start menu and in the notification area.
When you hold the cursor over an item on the Start menu or in the notification area, the system displays pop-up text providing additional information about the object.
@@ -1287,12 +1312,7 @@ If you enable this setting, some of this pop-up text is not displayed. The pop-u
If you disable this setting or do not configure it, all pop-up text is displayed on the Start menu and in the notification area.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1311,28 +1331,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1349,19 +1375,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent users from changing their Start screen layout.
+This policy setting allows you to prevent users from changing their Start screen layout.
If you enable this setting, you will prevent a user from selecting an app, resizing a tile, pinning/unpinning a tile or a secondary tile, entering the customize mode and rearranging tiles within Start and Apps.
If you disable or do not configure this setting, you will allow a user to select an app, resize a tile, pin/unpin a tile or a secondary tile, enter the customize mode and rearrange tiles within Start and Apps.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1380,28 +1401,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1418,7 +1445,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from performing the following commands from the Start menu or Windows Security screen: Shut Down, Restart, Sleep, and Hibernate. This policy setting does not prevent users from running Windows-based programs that perform these functions.
+This policy setting prevents users from performing the following commands from the Start menu or Windows Security screen: Shut Down, Restart, Sleep, and Hibernate. This policy setting does not prevent users from running Windows-based programs that perform these functions.
If you enable this policy setting, the Power button and the Shut Down, Restart, Sleep, and Hibernate commands are removed from the Start menu. The Power button is also removed from the Windows Security screen, which appears when you press CTRL+ALT+DELETE.
@@ -1428,12 +1455,7 @@ If you disable or do not configure this policy setting, the Power button and the
> Third-party programs certified as compatible with Microsoft Windows Vista, Windows XP SP2, Windows XP SP1, Windows XP, or Windows 2000 Professional are required to support this policy setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1452,28 +1474,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1490,19 +1518,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Removes items in the All Users profile from the Programs menu on the Start menu.
+Removes items in the All Users profile from the Programs menu on the Start menu.
By default, the Programs menu contains items from the All Users profile and items from the user's profile. If you enable this setting, only items in the user's profile appear in the Programs menu.
To see the Program menu items in the All Users profile, on the system drive, go to ProgramData\Microsoft\Windows\Start Menu\Programs.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1521,28 +1544,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1559,7 +1588,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Prevents users from adding the Favorites menu to the Start menu or classic Start menu.
+Prevents users from adding the Favorites menu to the Start menu or classic Start menu.
If you enable this setting, the Display Favorites item does not appear in the Advanced Start menu options box.
@@ -1573,12 +1602,7 @@ If you disable or do not configure this setting, the Display Favorite item is av
> This setting only affects the Start menu. The Favorites item still appears in File Explorer and in Internet Explorer.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1597,28 +1621,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1635,11 +1665,12 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove the Search link from the Start menu, and disables some File Explorer search elements. Note that this does not remove the search box from the new style Start menu.
+This policy setting allows you to remove the Search link from the Start menu, and disables some File Explorer search elements. Note that this does not remove the search box from the new style Start menu.
If you enable this policy setting, the Search item is removed from the Start menu and from the context menu that appears when you right-click the Start menu. Also, the system does not respond when users press the Application key (the key with the Windows logo)+ F.
-Note: Enabling this policy setting also prevents the user from using the F3 key.
+> [!NOTE]
+> Enabling this policy setting also prevents the user from using the F3 key.
In File Explorer, the Search item still appears on the Standard buttons toolbar, but the system does not respond when the user presses Ctrl+F. Also, Search does not appear in the context menu when you right-click an icon representing a drive or a folder.
@@ -1648,12 +1679,7 @@ This policy setting affects the specified user interface elements only. It does
If you disable or do not configure this policy setting, the Search link is available from the Start menu.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1672,28 +1698,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1710,17 +1742,12 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. If you enable this policy the start menu will not show a link to the Games folder.
+If you enable this policy the start menu will not show a link to the Games folder.
If you disable or do not configure this policy, the start menu will show a link to the Games folder, unless the user chooses to remove it in the start menu control panel.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1739,28 +1766,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1777,7 +1810,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove the Help command from the Start menu.
+This policy setting allows you to remove the Help command from the Start menu.
If you enable this policy setting, the Help command is removed from the Start menu.
@@ -1786,12 +1819,7 @@ If you disable or do not configure this policy setting, the Help command is avai
This policy setting only affects the Start menu. It does not remove the Help menu from File Explorer and does not prevent users from running Help.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1810,28 +1838,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1848,23 +1882,18 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to turn off user tracking.
+This policy setting allows you to turn off user tracking.
If you enable this policy setting, the system does not track the programs that the user runs, and does not display frequently used programs in the Start Menu.
If you disable or do not configure this policy setting, the system tracks the programs that the user runs. The system uses this information to customize Windows features, such as showing frequently used programs in the Start Menu.
-Also, see these related policy settings: "Remove frequent programs liist from the Start Menu" and "Turn off personalized menus".
+Also, see these related policy settings: "Remove frequent programs list from the Start Menu" and "Turn off personalized menus".
This policy setting does not prevent users from pinning programs to the Start Menu or Taskbar. See the "Remove pinned programs list from the Start Menu" and "Do not allow pinning programs to the Taskbar" policy settings.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1883,28 +1912,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1922,7 +1957,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. If you enable this setting, the Start Menu will either collapse or remove the all apps list from the Start menu.
+If you enable this setting, the Start Menu will either collapse or remove the all apps list from the Start menu.
Selecting "Collapse" will not display the app list next to the pinned tiles in Start. An "All apps" button will be displayed on Start to open the all apps list. This is equivalent to setting the "Show app list in Start" in Settings to Off.
@@ -1933,12 +1968,7 @@ Selecting "Remove and disable setting" will remove the all apps list from Start
If you disable or do not configure this setting, the all apps list will be visible by default, and the user can change "Show app list in Start" in Settings.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1957,28 +1987,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1995,7 +2031,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove Network Connections from the Start Menu.
+This policy setting allows you to remove Network Connections from the Start Menu.
If you enable this policy setting, users are prevented from running Network Connections.
@@ -2008,12 +2044,7 @@ If you disable or do not configure this policy setting, Network Connections is a
Also, see the "Disable programs on Settings menu" and "Disable Control Panel" policy settings and the policy settings in the Network Connections folder (Computer Configuration and User Configuration\Administrative Templates\Network\Network Connections).
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2032,28 +2063,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2070,19 +2107,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. If you enable this setting, the "Pinned Programs" list is removed from the Start menu. Users cannot pin programs to the Start menu.
+If you enable this setting, the "Pinned Programs" list is removed from the Start menu. Users cannot pin programs to the Start menu.
In Windows XP and Windows Vista, the Internet and email checkboxes are removed from the 'Customize Start Menu' dialog.
If you disable this setting or do not configure it, the "Pinned Programs" list remains on the Start menu. Users can pin and unpin programs in the Start Menu.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2101,28 +2133,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2139,7 +2177,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Removes the Recent Items menu from the Start menu. Removes the Documents menu from the classic Start menu.
+Removes the Recent Items menu from the Start menu. Removes the Documents menu from the classic Start menu.
The Recent Items menu contains links to the non-program files that users have most recently opened. It appears so that users can easily reopen their documents.
@@ -2157,12 +2195,7 @@ If the setting is not configured, users can turn the Recent Items menu on and of
This setting also does not hide document shortcuts displayed in the Open dialog box. See the "Hide the dropdown list of recent files" setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2181,28 +2214,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2219,7 +2258,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents the system from conducting a comprehensive search of the target drive to resolve a shortcut.
+This policy setting prevents the system from conducting a comprehensive search of the target drive to resolve a shortcut.
If you enable this policy setting, the system does not conduct the final drive search. It just displays a message explaining that the file is not found.
@@ -2231,12 +2270,7 @@ If you disable or do not configure this policy setting, by default, when the sys
Also, see the "Do not track Shell shortcuts during roaming" and the "Do not use the tracking-based method when resolving shell shortcuts" policy settings.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2255,28 +2289,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2293,7 +2333,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents the system from using NTFS tracking features to resolve a shortcut.
+This policy setting prevents the system from using NTFS tracking features to resolve a shortcut.
If you enable this policy setting, the system does not try to locate the file by using its file ID. It skips this step and begins a comprehensive search of the drive specified in the target path.
@@ -2304,12 +2344,7 @@ If you disable or do not configure this policy setting, by default, when the sys
Also, see the "Do not track Shell shortcuts during roaming" and the "Do not use the search-based method when resolving shell shortcuts" policy settings.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2328,28 +2363,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2366,7 +2407,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Allows you to remove the Run command from the Start menu, Internet Explorer, and Task Manager.
+Allows you to remove the Run command from the Start menu, Internet Explorer, and Task Manager.
If you enable this setting, the following changes occur:
@@ -2392,12 +2433,7 @@ If you disable or do not configure this setting, users will be able to access th
> It is a requirement for third-party applications with Windows 2000 or later certification to adhere to this setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2416,28 +2452,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2454,7 +2496,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove the Default Programs link from the Start menu.
+This policy setting allows you to remove the Default Programs link from the Start menu.
If you enable this policy setting, the Default Programs link is removed from the Start menu.
@@ -2466,12 +2508,7 @@ If you disable or do not configure this policy setting, the Default Programs lin
> This policy setting does not prevent the Set Default Programs for This Computer option from appearing in the Default Programs control panel.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2490,28 +2527,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2528,7 +2571,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove the Documents icon from the Start menu and its submenus.
+This policy setting allows you to remove the Documents icon from the Start menu and its submenus.
If you enable this policy setting, the Documents icon is removed from the Start menu and its submenus. Enabling this policy setting only removes the icon. It does not prevent the user from using other methods to gain access to the contents of the Documents folder.
@@ -2540,12 +2583,7 @@ If you disable or do not configure this policy setting, he Documents icon is ava
Also, see the "Remove Documents icon on the desktop" policy setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2564,28 +2602,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2602,19 +2646,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove the Music icon from Start Menu.
+This policy setting allows you to remove the Music icon from Start Menu.
If you enable this policy setting, the Music icon is no longer available from Start Menu.
If you disable or do not configure this policy setting, the Music icon is available from Start Menu.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2633,28 +2672,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2671,19 +2716,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build.This policy setting allows you to remove the Network icon from Start Menu.
+This policy setting allows you to remove the Network icon from Start Menu.
If you enable this policy setting, the Network icon is no longer available from Start Menu.
If you disable or do not configure this policy setting, the Network icon is available from Start Menu.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2702,28 +2742,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2740,19 +2786,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove the Pictures icon from Start Menu.
+This policy setting allows you to remove the Pictures icon from Start Menu.
If you enable this policy setting, the Pictures icon is no longer available from Start Menu.
If you disable or do not configure this policy setting, the Pictures icon is available from Start Menu.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2771,28 +2812,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2809,17 +2856,12 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. If you enable this policy the start menu search box will not search for communications.
+If you enable this policy the start menu search box will not search for communications.
If you disable or do not configure this policy, the start menu will search for communications, unless the user chooses not to in the start menu control panel.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2838,28 +2880,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2876,17 +2924,12 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. If you enable this policy, the "See all results" link will not be shown when the user performs a search in the start menu search box.
+If you enable this policy, the "See all results" link will not be shown when the user performs a search in the start menu search box.
If you disable or do not configure this policy, the "See all results" link will be shown when the user performs a search in the start menu search box.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2905,28 +2948,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2943,17 +2992,12 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. If you enable this policy, a "See more results" / "Search Everywhere" link will not be shown when the user performs a search in the start menu search box.
+If you enable this policy, a "See more results" / "Search Everywhere" link will not be shown when the user performs a search in the start menu search box.
If you disable or do not configure this policy, a "See more results" link will be shown when the user performs a search in the start menu search box. If a 3rd party protocol handler is installed, a "Search Everywhere" link will be shown instead of the "See more results" link.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2972,28 +3016,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3010,17 +3060,12 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. If you enable this policy setting the Start menu search box will not search for files.
+If you enable this policy setting the Start menu search box will not search for files.
If you disable or do not configure this policy setting, the Start menu will search for files, unless the user chooses not to do so directly in Control Panel. If you enable this policy, a "See more results" / "Search Everywhere" link will not be shown when the user performs a search in the start menu search box.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3039,28 +3084,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3077,17 +3128,12 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. If you enable this policy the start menu search box will not search for internet history or favorites.
+If you enable this policy the start menu search box will not search for internet history or favorites.
If you disable or do not configure this policy, the start menu will search for for internet history or favorites, unless the user chooses not to in the start menu control panel.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3106,28 +3152,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3144,17 +3196,12 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. If you enable this policy setting the Start menu search box will not search for programs or Control Panel items.
+If you enable this policy setting the Start menu search box will not search for programs or Control Panel items.
If you disable or do not configure this policy setting, the Start menu search box will search for programs and Control Panel items, unless the user chooses not to do so directly in Control Panel.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3173,28 +3220,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3211,7 +3264,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove programs on Settings menu.
+This policy setting allows you to remove programs on Settings menu.
If you enable this policy setting, the Control Panel, Printers, and Network and Connection folders are removed from Settings on the Start menu, and from Computer and File Explorer. It also prevents the programs represented by these folders (such as Control.exe) from running.
@@ -3222,12 +3275,7 @@ If you disable or do not configure this policy setting, the Control Panel, Print
Also, see the "Disable Control Panel," "Disable Display in Control Panel," and "Remove Network Connections from Start Menu" policy settings.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3246,28 +3294,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3284,7 +3338,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent changes to Taskbar and Start Menu Settings.
+This policy setting allows you to prevent changes to Taskbar and Start Menu Settings.
If you enable this policy setting, The user will be prevented from opening the Taskbar Properties dialog box.
@@ -3293,12 +3347,7 @@ If the user right-clicks the taskbar and then clicks Properties, a message appea
If you disable or do not configure this policy setting, the Taskbar and Start Menu items are available from Settings on the Start menu.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3317,28 +3366,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3355,19 +3410,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove the Downloads link from the Start Menu.
+This policy setting allows you to remove the Downloads link from the Start Menu.
If you enable this policy setting, the Start Menu does not show a link to the Downloads folder.
If you disable or do not configure this policy setting, the Downloads link is available from the Start Menu.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3386,28 +3436,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3424,17 +3480,12 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. If you enable this policy the Start menu will not show a link to Homegroup. It also removes the homegroup item from the Start Menu options. As a result, users cannot add the homegroup link to the Start Menu.
+If you enable this policy the Start menu will not show a link to Homegroup. It also removes the homegroup item from the Start Menu options. As a result, users cannot add the homegroup link to the Start Menu.
If you disable or do not configure this policy, users can use the Start Menu options to add or remove the homegroup link from the Start Menu.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3453,28 +3504,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3491,19 +3548,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove the Recorded TV link from the Start Menu.
+This policy setting allows you to remove the Recorded TV link from the Start Menu.
If you enable this policy setting, the Start Menu does not show a link to the Recorded TV library.
If you disable or do not configure this policy setting, the Recorded TV link is available from the Start Menu.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3522,28 +3574,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3560,7 +3618,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Hides all folders on the user-specific (top) section of the Start menu. Other items appear, but folders are hidden.
+Hides all folders on the user-specific (top) section of the Start menu. Other items appear, but folders are hidden.
This setting is designed for use with redirected folders. Redirected folders appear on the main (bottom) section of the Start menu. However, the original, user-specific version of the folder still appears on the top section of the Start menu. Because the appearance of two folders with the same name might confuse users, you can use this setting to hide user-specific folders.
@@ -3571,12 +3629,7 @@ If you enable this setting, no folders appear on the top section of the Start me
If you disable this setting or do not configured it, Windows 2000 Professional and Windows XP Professional display folders on both sections of the Start menu.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3595,28 +3648,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3633,19 +3692,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove the Videos link from the Start Menu.
+This policy setting allows you to remove the Videos link from the Start Menu.
If you enable this policy setting, the Start Menu does not show a link to the Videos library.
If you disable or do not configure this policy setting, the Videos link is available from the Start Menu.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3664,28 +3718,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3702,23 +3762,18 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This setting affects the presentation of the Start menu.
+This setting affects the presentation of the Start menu.
-The classic Start menu in Windows 2000 Professional allows users to begin common tasks, while the new Start menu consolidates common items onto one menu. When the classic Start menu is used, the following icons are placed on the desktop: Documents, Pictures, Music, Computer, and Network. The new Start menu starts them directly.
+The classic Start menu in Windows allows users to begin common tasks, while the new Start menu consolidates common items onto one menu. When the classic Start menu is used, the following icons are placed on the desktop: Documents, Pictures, Music, Computer, and Network. The new Start menu starts them directly.
-If you enable this setting, the Start menu displays the classic Start menu in the Windows 2000 style and displays the standard desktop icons.
+If you enable this setting, the Start menu displays the classic Start menu and displays the standard desktop icons.
If you disable this setting, the Start menu only displays in the new style, meaning the desktop icons are now on the Start page.
If you do not configure this setting, the default is the new style, and the user can change the view.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3737,28 +3792,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3775,19 +3836,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Prevents the clock in the system notification area from being displayed.
+Prevents the clock in the system notification area from being displayed.
If you enable this setting, the clock will not be displayed in the system notification area.
If you disable or do not configure this setting, the default behavior of the clock appearing in the notification area will occur.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3806,28 +3862,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3844,7 +3906,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This setting affects the taskbar buttons used to switch between running programs.
+This setting affects the taskbar buttons used to switch between running programs.
Taskbar grouping consolidates similar applications when there is no room on the taskbar. It kicks in when the user's taskbar is full.
@@ -3853,12 +3915,7 @@ If you enable this setting, it prevents the taskbar from grouping items that sha
If you disable or do not configure it, items on the taskbar that share the same program are grouped together. The users have the option to disable grouping if they choose.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3877,28 +3934,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3915,7 +3978,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This setting affects the taskbar.
+This setting affects the taskbar.
The taskbar includes the Start button, buttons for currently running tasks, custom toolbars, the notification area, and the system clock. Toolbars include Quick Launch, Address, Links, Desktop, and other custom toolbars created by the user or by an application.
@@ -3924,12 +3987,7 @@ If this setting is enabled, the taskbar does not display any custom toolbars, an
If this setting is disabled or is not configured, the taskbar displays all toolbars. Users can add or remove custom toolbars, and the "Toolbars" command appears in the context menu.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3948,28 +4006,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3986,7 +4050,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove access to the context menus for the taskbar.
+This policy setting allows you to remove access to the context menus for the taskbar.
If you enable this policy setting, the menus that appear when you right-click the taskbar and items on the taskbar are hidden, such as the Start button, the clock, and the taskbar buttons.
@@ -3995,12 +4059,7 @@ If you disable or do not configure this policy setting, the context menus for th
This policy setting does not prevent users from using other methods to issue the commands that appear on these menus.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -4019,28 +4078,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4057,7 +4122,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This setting affects the notification area (previously called the "system tray") on the taskbar.
+This setting affects the notification area (previously called the "system tray") on the taskbar.
The notification area is located at the far right end of the task bar and includes the icons for current notifications and the system clock.
@@ -4069,12 +4134,7 @@ If this setting is disabled or is not configured, the notification area is shown
> Enabling this setting overrides the "Turn off notification area cleanup" setting, because if the notification area is hidden, there is no need to clean up the icons.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -4093,28 +4153,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4131,17 +4197,12 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. If you enable this setting, users cannot uninstall apps from Start.
+If you enable this setting, users cannot uninstall apps from Start.
If you disable this setting or do not configure it, users can access the uninstall command from Start.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -4160,28 +4221,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4198,17 +4265,12 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. If you enable this policy the start menu will not show a link to the user's storage folder.
+If you enable this policy the start menu will not show a link to the user's storage folder.
If you disable or do not configure this policy, the start menu will display a link, unless the user chooses to remove it in the start menu control panel.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -4227,28 +4289,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4265,21 +4333,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove the user name label from the Start Menu in Windows XP and Windows Server 2003.
+This policy setting allows you to remove the user name label from the Start Menu.
-If you enable this policy setting, the user name label is removed from the Start Menu in Windows XP and Windows Server 2003.
+If you enable this policy setting, the user name label is removed from the Start Menu.
-To remove the user name folder on Windows Vista, set the "Remove user folder link from Start Menu" policy setting.
-
-If you disable or do not configure this policy setting, the user name label appears on the Start Menu in Windows XP and Windows Server 2003.
+If you disable or do not configure this policy setting, the user name label appears on the Start Menu.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -4298,28 +4359,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4336,7 +4403,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove links and access to Windows Update.
+This policy setting allows you to remove links and access to Windows Update.
If you enable this policy setting, users are prevented from connecting to the Windows Update Web site.
@@ -4349,12 +4416,7 @@ If you disable or do not configure this policy setting, the Windows Update hyper
Also, see the "Hide the "Add programs from Microsoft" option" policy setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -4373,28 +4435,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4411,7 +4479,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Set the default action of the power button on the Start menu.
+Set the default action of the power button on the Start menu.
If you enable this setting, the Start Menu will set the power button to the chosen action, and not let the user change this action.
@@ -4420,12 +4488,7 @@ If you set the button to either Sleep or Hibernate, and that state is not suppor
If you disable or do not configure this setting, the Start Menu power button will be set to Shut Down by default, and the user can change this setting to another action.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -4444,28 +4507,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4482,7 +4551,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether the QuickLaunch bar is displayed in the Taskbar.
+This policy setting controls whether the QuickLaunch bar is displayed in the Taskbar.
If you enable this policy setting, the QuickLaunch bar will be visible and cannot be turned off.
@@ -4491,12 +4560,7 @@ If you disable this policy setting, the QuickLaunch bar will be hidden and canno
If you do not configure this policy setting, then users will be able to turn the QuickLaunch bar on and off.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -4515,28 +4579,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4553,17 +4623,12 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. If you enable this setting, the "Undock PC" button is removed from the simple Start Menu, and your PC cannot be undocked.
+If you enable this setting, the "Undock PC" button is removed from the simple Start Menu, and your PC cannot be undocked.
If you disable this setting or do not configure it, the "Undock PC" button remains on the simple Start menu, and your PC can be undocked.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -4582,28 +4647,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4620,19 +4691,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows the Apps view to be opened by default when the user goes to Start.
+This policy setting allows the Apps view to be opened by default when the user goes to Start.
If you enable this policy setting, the Apps view will appear whenever the user goes to Start. Users will still be able to switch between the Apps view and the Start screen.
If you disable or don’t configure this policy setting, the Start screen will appear by default whenever the user goes to Start, and the user will be able to switch between the Apps view and the Start screen. Also, the user will be able to configure this setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -4651,28 +4717,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4689,7 +4761,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting shows or hides the "Run as different user" command on the Start application bar.
+This policy setting shows or hides the "Run as different user" command on the Start application bar.
If you enable this setting, users can access the "Run as different user" command from Start for applications which support this functionality.
@@ -4699,12 +4771,7 @@ If you disable this setting or do not configure it, users cannot access the "Run
> This setting does not prevent users from using other methods, such as the shift right-click menu on application's jumplists in the taskbar to issue the "Run as different user" command.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -4723,28 +4790,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4761,19 +4834,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. If you enable this setting, the Run command is added to the Start menu.
+If you enable this setting, the Run command is added to the Start menu.
If you disable or do not configure this setting, the Run command is not visible on the Start menu by default, but it can be added from the Taskbar and Start menu properties.
If the Remove Run link from Start Menu policy is set, the Add the Run command to the Start menu policy has no effect.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -4792,28 +4860,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4830,19 +4904,10 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows the Start screen to appear on the display the user is using when they press the Windows logo key. This setting only applies to users who are using multiple displays.
-If you enable this policy setting, the Start screen will appear on the display the user is using when they press the Windows logo key.
-
-If you disable or don't configure this policy setting, the Start screen will always appear on the main display when the user presses the Windows logo key. Users will still be able to open Start on other displays by pressing the Start button on that display. Also, the user will be able to configure this setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -4861,28 +4926,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4899,7 +4970,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to removes the "Log Off ``" item from the Start menu and prevents users from restoring it.
+This policy setting allows you to removes the "Log Off ``" item from the Start menu and prevents users from restoring it.
If you enable this policy setting, the Log Off `` item does not appear in the Start menu. This policy setting also removes the Display Logoff item from Start Menu Options. As a result, users cannot restore the Log Off `` item to the Start Menu.
@@ -4907,17 +4978,13 @@ If you disable or do not configure this policy setting, users can use the Displa
This policy setting affects the Start menu only. It does not affect the Log Off item on the Windows Security dialog box that appears when you press Ctrl+Alt+Del, and it does not prevent users from using other methods to log off.
-Tip: To add or remove the Log Off item on a computer, click Start, click Settings, click Taskbar and Start Menu, click the Start Menu Options tab and, in the Start Menu Settings box, click Display Logoff.
+> [!TIP]
+> To add or remove the Log Off item on a computer, click Start, click Settings, click Taskbar and Start Menu, click the Start Menu Options tab and, in the Start Menu Settings box, click Display Logoff.
See also: "Remove Logoff" policy setting in User Configuration\Administrative Templates\System\Logon/Logoff.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -4936,28 +5003,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4975,15 +5048,10 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows pinning apps to Start by default, when they are included by AppID on the list.
+This policy setting allows pinning apps to Start by default, when they are included by AppID on the list.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -4996,7 +5064,6 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
-
\ No newline at end of file
+
+
diff --git a/windows/client-management/mdm/policy-csp-admx-systemrestore.md b/windows/client-management/mdm/policy-csp-admx-systemrestore.md
index 00d40074f3..e15430f48b 100644
--- a/windows/client-management/mdm/policy-csp-admx-systemrestore.md
+++ b/windows/client-management/mdm/policy-csp-admx-systemrestore.md
@@ -13,8 +13,12 @@ manager: dansimp
---
# Policy CSP - ADMX_SystemRestore
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -36,28 +40,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -74,7 +84,7 @@ manager: dansimp
-Available in the latest Windows 10 Insider Preview Build. Allows you to disable System Restore configuration through System Protection.
+Allows you to disable System Restore configuration through System Protection.
This policy setting allows you to turn off System Restore configuration through System Protection.
@@ -87,12 +97,7 @@ If you disable or do not configure this policy setting, users can change the Sys
Also, see the "Turn off System Restore" policy setting. If the "Turn off System Restore" policy setting is enabled, the "Turn off System Restore configuration" policy setting is overwritten.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -105,8 +110,7 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
diff --git a/windows/client-management/mdm/policy-csp-admx-taskbar.md b/windows/client-management/mdm/policy-csp-admx-taskbar.md
index 77fdd56a9d..ae6556aadf 100644
--- a/windows/client-management/mdm/policy-csp-admx-taskbar.md
+++ b/windows/client-management/mdm/policy-csp-admx-taskbar.md
@@ -13,11 +13,16 @@ manager: dansimp
---
# Policy CSP - ADMX_Taskbar
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
## ADMX_Taskbar policies
@@ -99,28 +104,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -137,7 +148,7 @@ manager: dansimp
-Available in the latest Windows 10 Insider Preview Build. This policy setting removes Notifications and Action Center from the notification area on the taskbar.
+This policy setting removes Notifications and Action Center from the notification area on the taskbar.
The notification area is located at the far right end of the taskbar and includes icons for current notifications and the system clock.
@@ -148,12 +159,6 @@ If you disable or do not configure this policy setting, Notification and Securit
A reboot is required for this policy setting to take effect.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -172,28 +177,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -210,7 +221,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy disables the functionality that converts balloons to toast notifications.
+This policy disables the functionality that converts balloons to toast notifications.
If you enable this policy setting, system and application notifications will render as balloons instead of toast notifications.
@@ -221,12 +232,6 @@ If you disable or don’t configure this policy setting, all notifications will
A reboot is required for this policy setting to take effect.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -245,28 +250,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -283,19 +294,13 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove Security and Maintenance from the system control area.
+This policy setting allows you to remove Security and Maintenance from the system control area.
If you enable this policy setting, the Security and Maintenance icon is not displayed in the system notification area.
If you disable or do not configure this policy setting, the Security and Maintenance icon is displayed in the system notification area.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -314,28 +319,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -352,19 +363,13 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove the networking icon from the system control area.
+This policy setting allows you to remove the networking icon from the system control area.
If you enable this policy setting, the networking icon is not displayed in the system notification area.
If you disable or do not configure this policy setting, the networking icon is displayed in the system notification area.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -383,28 +388,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -421,19 +432,13 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove the battery meter from the system control area.
+This policy setting allows you to remove the battery meter from the system control area.
If you enable this policy setting, the battery meter is not displayed in the system notification area.
If you disable or do not configure this policy setting, the battery meter is displayed in the system notification area.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -452,28 +457,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -490,19 +501,13 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove the volume control icon from the system control area.
+This policy setting allows you to remove the volume control icon from the system control area.
If you enable this policy setting, the volume control icon is not displayed in the system notification area.
If you disable or do not configure this policy setting, the volume control icon is displayed in the system notification area.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -521,28 +526,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -559,19 +570,13 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to turn off feature advertisement balloon notifications.
+This policy setting allows you to turn off feature advertisement balloon notifications.
If you enable this policy setting, certain notification balloons that are marked as feature advertisements are not shown.
If you disable do not configure this policy setting, feature advertisement balloons are shown.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -590,28 +595,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -628,19 +639,13 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to control pinning the Store app to the Taskbar.
+This policy setting allows you to control pinning the Store app to the Taskbar.
If you enable this policy setting, users cannot pin the Store app to the Taskbar. If the Store app is already pinned to the Taskbar, it will be removed from the Taskbar on next login.
If you disable or do not configure this policy setting, users can pin the Store app to the Taskbar.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -659,28 +664,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -697,19 +708,13 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to control pinning items in Jump Lists.
+This policy setting allows you to control pinning items in Jump Lists.
If you enable this policy setting, users cannot pin files, folders, websites, or other items to their Jump Lists in the Start Menu and Taskbar. Users also cannot unpin existing items pinned to their Jump Lists. Existing items already pinned to their Jump Lists will continue to show.
If you disable or do not configure this policy setting, users can pin files, folders, websites, and other items to a program's Jump List so that the items is always present in this menu.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -728,28 +733,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -766,19 +777,13 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to control pinning programs to the Taskbar.
+This policy setting allows you to control pinning programs to the Taskbar.
If you enable this policy setting, users cannot change the programs currently pinned to the Taskbar. If any programs are already pinned to the Taskbar, these programs continue to show in the Taskbar. However, users cannot unpin these programs already pinned to the Taskbar, and they cannot pin new programs to the Taskbar.
If you disable or do not configure this policy setting, users can change the programs currently pinned to the Taskbar.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -789,7 +794,6 @@ ADMX Info:
-
@@ -799,28 +803,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -837,7 +847,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to control displaying or tracking items in Jump Lists from remote locations.
+This policy setting allows you to control displaying or tracking items in Jump Lists from remote locations.
The Start Menu and Taskbar display Jump Lists off of programs. These menus include files, folders, websites and other relevant items for that program. This helps users more easily reopen their most important documents and other tasks.
@@ -847,12 +857,6 @@ If you disable or do not configure this policy setting, all files that the user
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -863,7 +867,6 @@ ADMX Info:
-
@@ -873,28 +876,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -911,19 +920,13 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to turn off automatic promotion of notification icons to the taskbar.
+This policy setting allows you to turn off automatic promotion of notification icons to the taskbar.
If you enable this policy setting, newly added notification icons are not temporarily promoted to the Taskbar. Users can still configure icons to be shown or hidden in the Notification Control Panel.
If you disable or do not configure this policy setting, newly added notification icons are temporarily promoted to the Taskbar.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -934,7 +937,6 @@ ADMX Info:
-
@@ -944,28 +946,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -982,7 +990,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows users to see Windows Store apps on the taskbar.
+This policy setting allows users to see Windows Store apps on the taskbar.
If you enable this policy setting, users will see Windows Store apps on the taskbar.
@@ -991,12 +999,6 @@ If you disable this policy setting, users won’t see Windows Store apps on the
If you don’t configure this policy setting, the default setting for the user’s device will be used, and the user can choose to change it.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1017,28 +1019,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1055,19 +1063,13 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to lock all taskbar settings.
+This policy setting allows you to lock all taskbar settings.
If you enable this policy setting, the user cannot access the taskbar control panel. The user is also unable to resize, move or rearrange toolbars on their taskbar.
If you disable or do not configure this policy setting, the user will be able to set any taskbar setting that is not prevented by another policy setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1088,28 +1090,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1126,20 +1134,13 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent users from adding or removing toolbars.
+This policy setting allows you to prevent users from adding or removing toolbars.
If you enable this policy setting, the user is not allowed to add or remove any toolbars to the taskbar. Applications are not able to add toolbars either.
If you disable or do not configure this policy setting, the users and applications are able to add toolbars to the taskbar.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
ADMX Info:
- GP Friendly name: *Prevent users from adding or removing toolbars*
@@ -1149,7 +1150,7 @@ ADMX Info:
-
+>
@@ -1159,28 +1160,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1197,20 +1204,13 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent users from rearranging toolbars.
+This policy setting allows you to prevent users from rearranging toolbars.
If you enable this policy setting, users are not able to drag or drop toolbars to the taskbar.
If you disable or do not configure this policy setting, users are able to rearrange the toolbars on the taskbar.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
ADMX Info:
- GP Friendly name: *Prevent users from rearranging toolbars*
@@ -1220,7 +1220,6 @@ ADMX Info:
-
@@ -1230,28 +1229,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1268,19 +1273,13 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent taskbars from being displayed on more than one monitor.
+This policy setting allows you to prevent taskbars from being displayed on more than one monitor.
If you enable this policy setting, users are not able to show taskbars on more than one display. The multiple display section is not enabled in the taskbar properties dialog.
If you disable or do not configure this policy setting, users can show taskbars on more than one display.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1301,28 +1300,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1339,19 +1344,13 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to turn off all notification balloons.
+This policy setting allows you to turn off all notification balloons.
If you enable this policy setting, no notification balloons are shown to the user.
If you disable or do not configure this policy setting, notification balloons are shown to the user.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1364,36 +1363,40 @@ ADMX Info:
-
-
**ADMX_Taskbar/TaskbarNoPinnedList**
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1410,19 +1413,13 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove pinned programs from the taskbar.
+This policy setting allows you to remove pinned programs from the taskbar.
If you enable this policy setting, pinned programs are prevented from being shown on the Taskbar. Users cannot pin programs to the Taskbar.
If you disable or do not configure this policy setting, users can pin programs so that the program shortcuts stay on the Taskbar.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1433,7 +1430,6 @@ ADMX Info:
-
@@ -1443,28 +1439,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1481,19 +1483,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent users from moving taskbar to another screen dock location.
+This policy setting allows you to prevent users from moving taskbar to another screen dock location.
If you enable this policy setting, users are not able to drag their taskbar to another area of the monitor(s).
If you disable or do not configure this policy setting, users are able to drag their taskbar to another area of the monitor unless prevented by another policy setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1506,7 +1503,6 @@ ADMX Info:
-**ADMX_Taskbar/TaskbarNoResize**
@@ -1514,28 +1510,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1552,19 +1554,13 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent users from resizing the taskbar.
+This policy setting allows you to prevent users from resizing the taskbar.
If you enable this policy setting, users are not be able to resize their taskbar.
If you disable or do not configure this policy setting, users are able to resize their taskbar unless prevented by another setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1575,7 +1571,6 @@ ADMX Info:
-
@@ -1585,28 +1580,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1623,19 +1624,13 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to turn off taskbar thumbnails.
+This policy setting allows you to turn off taskbar thumbnails.
If you enable this policy setting, the taskbar thumbnails are not displayed and the system uses standard text for the tooltips.
If you disable or do not configure this policy setting, the taskbar thumbnails are displayed.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1648,7 +1643,5 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
-
+p
diff --git a/windows/client-management/mdm/policy-csp-admx-tcpip.md b/windows/client-management/mdm/policy-csp-admx-tcpip.md
index 716a9c9f64..ef4dcccadd 100644
--- a/windows/client-management/mdm/policy-csp-admx-tcpip.md
+++ b/windows/client-management/mdm/policy-csp-admx-tcpip.md
@@ -13,11 +13,16 @@ manager: dansimp
---
# Policy CSP - ADMX_tcpip
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
## ADMX_tcpip policies
@@ -72,28 +77,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -110,19 +121,13 @@ manager: dansimp
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify a 6to4 relay name for a 6to4 host. A 6to4 relay is used as a default gateway for IPv6 network traffic sent by the 6to4 host. The 6to4 relay name setting has no effect if 6to4 connectivity is not available on the host.
+This policy setting allows you to specify a 6to4 relay name for a 6to4 host. A 6to4 relay is used as a default gateway for IPv6 network traffic sent by the 6to4 host. The 6to4 relay name setting has no effect if 6to4 connectivity is not available on the host.
If you enable this policy setting, you can specify a relay name for a 6to4 host.
If you disable or do not configure this policy setting, the local host setting is used, and you cannot specify a relay name for a 6to4 host.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -141,28 +146,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -179,19 +190,13 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the interval at which the relay name is resolved. The 6to4 relay name resolution interval setting has no effect if 6to4 connectivity is not available on the host.
+This policy setting allows you to specify the interval at which the relay name is resolved. The 6to4 relay name resolution interval setting has no effect if 6to4 connectivity is not available on the host.
If you enable this policy setting, you can specify the value for the duration at which the relay name is resolved periodically.
If you disable or do not configure this policy setting, the local host setting is used.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -210,28 +215,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -248,7 +259,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure 6to4, an address assignment and router-to-router automatic tunneling technology that is used to provide unicast IPv6 connectivity between IPv6 sites and hosts across the IPv4 Internet. 6to4 uses the global address prefix: 2002:WWXX:YYZZ::/48 in which the letters are a hexadecimal representation of the global IPv4 address (w.x.y.z) assigned to a site.
+This policy setting allows you to configure 6to4, an address assignment and router-to-router automatic tunneling technology that is used to provide unicast IPv6 connectivity between IPv6 sites and hosts across the IPv4 Internet. 6to4 uses the global address prefix: 2002:WWXX:YYZZ::/48 in which the letters are a hexadecimal representation of the global IPv4 address (w.x.y.z) assigned to a site.
If you disable or do not configure this policy setting, the local host setting is used.
@@ -261,12 +272,6 @@ Policy Enabled State: If a global IPv4 address is present, the host will have a
Policy Disabled State: 6to4 is turned off and connectivity with 6to4 will not be available.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -285,28 +290,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -323,7 +334,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure IP-HTTPS, a tunneling technology that uses the HTTPS protocol to provide IP connectivity to a remote network.
+This policy setting allows you to configure IP-HTTPS, a tunneling technology that uses the HTTPS protocol to provide IP connectivity to a remote network.
If you disable or do not configure this policy setting, the local host settings are used.
@@ -336,12 +347,6 @@ Policy Enabled State: The IP-HTTPS interface is always present, even if the host
Policy Disabled State: No IP-HTTPS interfaces are present on the host.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -360,28 +365,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -398,19 +409,13 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure IP Stateless Autoconfiguration Limits.
+This policy setting allows you to configure IP Stateless Autoconfiguration Limits.
If you enable or do not configure this policy setting, IP Stateless Autoconfiguration Limits will be enabled and system will limit the number of autoconfigured addresses and routes.
If you disable this policy setting, IP Stateless Autoconfiguration Limits will be disabled and system will not limit the number of autoconfigured addresses and routes.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -429,28 +434,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -467,19 +478,13 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify a router name or Internet Protocol version 4 (IPv4) address for an ISATAP router.
+This policy setting allows you to specify a router name or Internet Protocol version 4 (IPv4) address for an ISATAP router.
If you enable this policy setting, you can specify a router name or IPv4 address for an ISATAP router. If you enter an IPv4 address of the ISATAP router in the text box, DNS services are not required.
If you disable or do not configure this policy setting, the local host setting is used.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -498,28 +503,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -536,7 +547,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure Intra-Site Automatic Tunnel Addressing Protocol (ISATAP), an address-to-router and host-to-host, host-to-router and router-to-host automatic tunneling technology that is used to provide unicast IPv6 connectivity between IPv6 hosts across an IPv4 intranet.
+This policy setting allows you to configure Intra-Site Automatic Tunnel Addressing Protocol (ISATAP), an address-to-router and host-to-host, host-to-router and router-to-host automatic tunneling technology that is used to provide unicast IPv6 connectivity between IPv6 hosts across an IPv4 intranet.
If you disable or do not configure this policy setting, the local host setting is used.
@@ -549,12 +560,6 @@ Policy Enabled State: If the ISATAP name is resolved successfully, the host will
Policy Disabled State: No ISATAP interfaces are present on the host.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -573,28 +578,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -611,19 +622,13 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to select the UDP port the Teredo client will use to send packets. If you leave the default of 0, the operating system will select a port (recommended). If you select a UDP port that is already in use by a system, the Teredo client will fail to initialize.
+This policy setting allows you to select the UDP port the Teredo client will use to send packets. If you leave the default of 0, the operating system will select a port (recommended). If you select a UDP port that is already in use by a system, the Teredo client will fail to initialize.
If you enable this policy setting, you can customize a UDP port for the Teredo client.
If you disable or do not configure this policy setting, the local host setting is used.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -642,28 +647,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -680,7 +691,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to set Teredo to be ready to communicate, a process referred to as qualification. By default, Teredo enters a dormant state when not in use. The qualification process brings it out of a dormant state.
+This policy setting allows you to set Teredo to be ready to communicate, a process referred to as qualification. By default, Teredo enters a dormant state when not in use. The qualification process brings it out of a dormant state.
If you disable or do not configure this policy setting, the local host setting is used.
@@ -689,12 +700,6 @@ This policy setting contains only one state:
Policy Enabled State: If Default Qualified is enabled, Teredo will attempt qualification immediately and remain qualified if the qualification process succeeds.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -713,28 +718,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -751,7 +762,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure the Teredo refresh rate.
+This policy setting allows you to configure the Teredo refresh rate.
> [!NOTE]
> On a periodic basis (by default, every 30 seconds), Teredo clients send a single Router Solicitation packet to the Teredo server. The Teredo server sends a Router Advertisement Packet in response. This periodic packet refreshes the IP address and UDP port mapping in the translation table of the Teredo client's NAT device.
@@ -761,12 +772,6 @@ If you enable this policy setting, you can specify the refresh rate. If you cho
If you disable or do not configure this policy setting, the refresh rate is configured using the local settings on the computer. The default refresh rate is 30 seconds.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -785,28 +790,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -823,19 +834,13 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the name of the Teredo server. This server name will be used on the Teredo client computer where this policy setting is applied.
+This policy setting allows you to specify the name of the Teredo server. This server name will be used on the Teredo client computer where this policy setting is applied.
If you enable this policy setting, you can specify a Teredo server name that applies to a Teredo client.
If you disable or do not configure this policy setting, the local settings on the computer are used to determine the Teredo server name.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -854,28 +859,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -892,7 +903,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure Teredo, an address assignment and automatic tunneling technology that provides unicast IPv6 connectivity across the IPv4 Internet.
+This policy setting allows you to configure Teredo, an address assignment and automatic tunneling technology that provides unicast IPv6 connectivity across the IPv4 Internet.
If you disable or do not configure this policy setting, the local host settings are used.
@@ -907,12 +918,6 @@ Client: The Teredo interface is present only when the host is not on a network t
Enterprise Client: The Teredo interface is always present, even if the host is on a network that includes a domain controller.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -931,28 +936,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -969,7 +980,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure Window Scaling Heuristics. Window Scaling Heuristics is an algorithm to identify connectivity and throughput problems caused by many Firewalls and other middle boxes that don't interpret Window Scaling option correctly.
+This policy setting allows you to configure Window Scaling Heuristics. Window Scaling Heuristics is an algorithm to identify connectivity and throughput problems caused by many Firewalls and other middle boxes that don't interpret Window Scaling option correctly.
If you do not configure this policy setting, the local host settings are used.
@@ -978,12 +989,6 @@ If you enable this policy setting, Window Scaling Heuristics will be enabled and
If you disable this policy setting, Window Scaling Heuristics will be disabled and system will not try to identify connectivity and throughput problems caused by Firewalls or other middle boxes.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -996,8 +1001,6 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
-
+>
diff --git a/windows/client-management/mdm/policy-csp-admx-thumbnails.md b/windows/client-management/mdm/policy-csp-admx-thumbnails.md
index 8e689c8544..bcfc9c477f 100644
--- a/windows/client-management/mdm/policy-csp-admx-thumbnails.md
+++ b/windows/client-management/mdm/policy-csp-admx-thumbnails.md
@@ -13,11 +13,16 @@ manager: dansimp
---
# Policy CSP - ADMX_Thumbnails
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
## ADMX_Thumbnails policies
@@ -41,28 +46,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -79,7 +90,7 @@ manager: dansimp
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure how File Explorer displays thumbnail images or icons on the local computer.
+This policy setting allows you to configure how File Explorer displays thumbnail images or icons on the local computer.
File Explorer displays thumbnail images by default.
@@ -88,12 +99,6 @@ If you enable this policy setting, File Explorer displays only icons and never d
If you disable or do not configure this policy setting, File Explorer displays only thumbnail images.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -112,28 +117,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -150,7 +161,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure how File Explorer displays thumbnail images or icons on network folders.
+This policy setting allows you to configure how File Explorer displays thumbnail images or icons on network folders.
File Explorer displays thumbnail images on network folders by default.
@@ -159,12 +170,6 @@ If you enable this policy setting, File Explorer displays only icons and never d
If you disable or do not configure this policy setting, File Explorer displays only thumbnail images on network folders.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -183,28 +188,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -221,7 +232,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Turns off the caching of thumbnails in hidden thumbs.db files.
+Turns off the caching of thumbnails in hidden thumbs.db files.
This policy setting allows you to configure File Explorer to cache thumbnails of items residing in network folders in hidden thumbs.db files.
@@ -230,13 +241,7 @@ If you enable this policy setting, File Explorer does not create, read from, or
If you disable or do not configure this policy setting, File Explorer creates, reads from, and writes to thumbs.db files.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
ADMX Info:
- GP Friendly name: *Turn off the caching of thumbnails in hidden thumbs.db files*
@@ -248,8 +253,6 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
diff --git a/windows/client-management/mdm/policy-csp-admx-tpm.md b/windows/client-management/mdm/policy-csp-admx-tpm.md
index 7935207b97..f6a3adddd5 100644
--- a/windows/client-management/mdm/policy-csp-admx-tpm.md
+++ b/windows/client-management/mdm/policy-csp-admx-tpm.md
@@ -13,8 +13,12 @@ manager: dansimp
---
# Policy CSP - ADMX_TPM
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -63,28 +67,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -101,19 +111,13 @@ manager: dansimp
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage the Group Policy list of Trusted Platform Module (TPM) commands blocked by Windows.
+This policy setting allows you to manage the Policy list of Trusted Platform Module (TPM) commands blocked by Windows.
If you enable this policy setting, Windows will block the specified commands from being sent to the TPM on the computer. TPM commands are referenced by a command number. For example, command number 129 is TPM_OwnerReadInternalPub, and command number 170 is TPM_FieldUpgrade. To find the command number associated with each TPM command with TPM 1.2, run "tpm.msc" and navigate to the "Command Management" section.
-If you disable or do not configure this policy setting, only those TPM commands specified through the default or local lists may be blocked by Windows. The default list of blocked TPM commands is pre-configured by Windows. You can view the default list by running "tpm.msc", navigating to the "Command Management" section, and making visible the "On Default Block List" column. The local list of blocked TPM commands is configured outside of Group Policy by running "tpm.msc" or through scripting against the Win32_Tpm interface. See related policy settings to enforce or ignore the default and local lists of blocked TPM commands.
+If you disable or do not configure this policy setting, only those TPM commands specified through the default or local lists may be blocked by Windows. The default list of blocked TPM commands is pre-configured by Windows. You can view the default list by running "tpm.msc", navigating to the "Command Management" section, and making visible the "On Default Block List" column. The local list of blocked TPM commands is configured outside of Policy by running "tpm.msc" or through scripting against the Win32_Tpm interface. See related policy settings to enforce or ignore the default and local lists of blocked TPM commands.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -132,28 +136,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -170,15 +180,9 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the system to prompt the user to clear the TPM if the TPM is detected to be in any state other than Ready. This policy will take effect only if the system’s TPM is in a state other than Ready, including if the TPM is “Ready, with reduced functionality”. The prompt to clear the TPM will start occurring after the next reboot, upon user login only if the logged in user is part of the Administrators group for the system. The prompt can be dismissed, but will reappear after every reboot and login until the policy is disabled or until the TPM is in a Ready state.
+This policy setting configures the system to prompt the user to clear the TPM if the TPM is detected to be in any state other than Ready. This policy will take effect only if the system’s TPM is in a state other than Ready, including if the TPM is “Ready, with reduced functionality”. The prompt to clear the TPM will start occurring after the next reboot, upon user login only if the logged in user is part of the Administrators group for the system. The prompt can be dismissed, but will reappear after every reboot and login until the policy is disabled or until the TPM is in a Ready state.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -197,28 +201,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -235,21 +245,15 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to enforce or ignore the computer's default list of blocked Trusted Platform Module (TPM) commands.
+This policy setting allows you to enforce or ignore the computer's default list of blocked Trusted Platform Module (TPM) commands.
-If you enable this policy setting, Windows will ignore the computer's default list of blocked TPM commands and will only block those TPM commands specified by Group Policy or the local list.
+If you enable this policy setting, Windows will ignore the computer's default list of blocked TPM commands and will only block those TPM commands specified by Policy or the local list.
-The default list of blocked TPM commands is pre-configured by Windows. You can view the default list by running "tpm.msc", navigating to the "Command Management" section, and making visible the "On Default Block List" column. The local list of blocked TPM commands is configured outside of Group Policy by running "tpm.msc" or through scripting against the Win32_Tpm interface. See the related policy setting to configure the Group Policy list of blocked TPM commands.
+The default list of blocked TPM commands is pre-configured by Windows. You can view the default list by running "tpm.msc", navigating to the "Command Management" section, and making visible the "On Default Block List" column. The local list of blocked TPM commands is configured outside of Policy by running "tpm.msc" or through scripting against the Win32_Tpm interface. See the related policy setting to configure the Policy list of blocked TPM commands.
-If you disable or do not configure this policy setting, Windows will block the TPM commands in the default list, in addition to commands in the Group Policy and local lists of blocked TPM commands.
+If you disable or do not configure this policy setting, Windows will block the TPM commands in the default list, in addition to commands in the Policy and local lists of blocked TPM commands.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -268,28 +272,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -306,21 +316,15 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to enforce or ignore the computer's local list of blocked Trusted Platform Module (TPM) commands.
+This policy setting allows you to enforce or ignore the computer's local list of blocked Trusted Platform Module (TPM) commands.
-If you enable this policy setting, Windows will ignore the computer's local list of blocked TPM commands and will only block those TPM commands specified by Group Policy or the default list.
+If you enable this policy setting, Windows will ignore the computer's local list of blocked TPM commands and will only block those TPM commands specified by Policy or the default list.
-The local list of blocked TPM commands is configured outside of Group Policy by running "tpm.msc" or through scripting against the Win32_Tpm interface. The default list of blocked TPM commands is pre-configured by Windows. See the related policy setting to configure the Group Policy list of blocked TPM commands.
+The local list of blocked TPM commands is configured outside of Policy by running "tpm.msc" or through scripting against the Win32_Tpm interface. The default list of blocked TPM commands is pre-configured by Windows. See the related policy setting to configure the Policy list of blocked TPM commands.
-If you disable or do not configure this policy setting, Windows will block the TPM commands found in the local list, in addition to commands in the Group Policy and default lists of blocked TPM commands.
+If you disable or do not configure this policy setting, Windows will block the TPM commands found in the local list, in addition to commands in the Policy and default lists of blocked TPM commands.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -339,28 +343,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -377,7 +387,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures how much of the TPM owner authorization information is stored in the registry of the local computer. Depending on the amount of TPM owner authorization information stored locally, the operating system and TPM-based applications can perform certain TPM actions which require TPM owner authorization without requiring the user to enter the TPM owner password.
+This policy setting configures how much of the TPM owner authorization information is stored in the registry of the local computer. Depending on the amount of TPM owner authorization information stored locally, the operating system and TPM-based applications can perform certain TPM actions which require TPM owner authorization without requiring the user to enter the TPM owner password.
You can choose to have the operating system store either the full TPM owner authorization value, the TPM administrative delegation blob plus the TPM user delegation blob, or none.
@@ -393,12 +403,6 @@ Choose the operating system managed TPM authentication setting of "None" for com
> If the operating system managed TPM authentication setting is changed from "Full" to "Delegated", the full TPM owner authorization value will be regenerated and any copies of the original TPM owner authorization value will be invalid.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -417,28 +421,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -455,15 +465,9 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This group policy enables Device Health Attestation reporting (DHA-report) on supported devices. It enables supported devices to send Device Health Attestation related information (device boot logs, PCR values, TPM certificate, etc.) to Device Health Attestation Service (DHA-Service) every time a device starts. Device Health Attestation Service validates the security state and health of the devices, and makes the findings accessible to enterprise administrators via a cloud based reporting portal. This policy is independent of DHA reports that are initiated by device manageability solutions (like MDM or SCCM), and will not interfere with their workflows.
+This Policy enables Device Health Attestation reporting (DHA-report) on supported devices. It enables supported devices to send Device Health Attestation related information (device boot logs, PCR values, TPM certificate, etc.) to Device Health Attestation Service (DHA-Service) every time a device starts. Device Health Attestation Service validates the security state and health of the devices, and makes the findings accessible to enterprise administrators via a cloud based reporting portal. This policy is independent of DHA reports that are initiated by device manageability solutions (like MDM or SCCM), and will not interfere with their workflows.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -482,28 +486,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -520,7 +530,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage the duration in minutes for counting standard user authorization failures for Trusted Platform Module (TPM) commands requiring authorization. If the number of TPM commands with an authorization failure within the duration equals a threshold, a standard user is prevented from sending commands requiring authorization to the TPM.
+This policy setting allows you to manage the duration in minutes for counting standard user authorization failures for Trusted Platform Module (TPM) commands requiring authorization. If the number of TPM commands with an authorization failure within the duration equals a threshold, a standard user is prevented from sending commands requiring authorization to the TPM.
This setting helps administrators prevent the TPM hardware from entering a lockout mode because it slows the speed standard users can send commands requiring authorization to the TPM.
@@ -539,13 +549,7 @@ An administrator with the TPM owner password may fully reset the TPM's hardware
If this value is not configured, a default value of 480 minutes (8 hours) is used.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
+>
ADMX Info:
- GP Friendly name: *Standard User Lockout Duration*
@@ -563,28 +567,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -601,7 +611,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage the maximum number of authorization failures for each standard user for the Trusted Platform Module (TPM). If the number of authorization failures for the user within the duration for Standard User Lockout Duration equals this value, the standard user is prevented from sending commands to the Trusted Platform Module (TPM) that require authorization.
+This policy setting allows you to manage the maximum number of authorization failures for each standard user for the Trusted Platform Module (TPM). If the number of authorization failures for the user within the duration for Standard User Lockout Duration equals this value, the standard user is prevented from sending commands to the Trusted Platform Module (TPM) that require authorization.
This setting helps administrators prevent the TPM hardware from entering a lockout mode because it slows the speed standard users can send commands requiring authorization to the TPM.
@@ -622,12 +632,6 @@ If this value is not configured, a default value of 4 is used.
A value of zero means the OS will not allow standard users to send commands to the TPM which may cause an authorization failure.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -646,28 +650,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -684,7 +694,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage the maximum number of authorization failures for all standard users for the Trusted Platform Module (TPM). If the total number of authorization failures for all standard users within the duration for Standard User Lockout Duration equals this value, all standard users are prevented from sending commands to the Trusted Platform Module (TPM) that require authorization.
+This policy setting allows you to manage the maximum number of authorization failures for all standard users for the Trusted Platform Module (TPM). If the total number of authorization failures for all standard users within the duration for Standard User Lockout Duration equals this value, all standard users are prevented from sending commands to the Trusted Platform Module (TPM) that require authorization.
This setting helps administrators prevent the TPM hardware from entering a lockout mode because it slows the speed standard users can send commands requiring authorization to the TPM.
@@ -705,12 +715,6 @@ If this value is not configured, a default value of 9 is used.
A value of zero means the OS will not allow standard users to send commands to the TPM which may cause an authorization failure.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -729,28 +733,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -767,15 +777,9 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the TPM to use the Dictionary Attack Prevention Parameters (lockout threshold and recovery time) to the values that were used for Windows 10 Version 1607 and below. Setting this policy will take effect only if a) the TPM was originally prepared using a version of Windows after Windows 10 Version 1607 and b) the System has a TPM 2.0. Note that enabling this policy will only take effect after the TPM maintenance task runs (which typically happens after a system restart). Once this policy has been enabled on a system and has taken effect (after a system restart), disabling it will have no impact and the system's TPM will remain configured using the legacy Dictionary Attack Prevention parameters, regardless of the value of this group policy. The only way for the disabled setting of this policy to take effect on a system where it was once enabled is to a) disable it from group policy and b)clear the TPM on the system.
+This policy setting configures the TPM to use the Dictionary Attack Prevention Parameters (lockout threshold and recovery time) to the values that were used for Windows 10 Version 1607 and below. Setting this policy will take effect only if a) the TPM was originally prepared using a version of Windows after Windows 10 Version 1607 and b) the System has a TPM 2.0. Note that enabling this policy will only take effect after the TPM maintenance task runs (which typically happens after a system restart). Once this policy has been enabled on a system and has taken effect (after a system restart), disabling it will have no impact and the system's TPM will remain configured using the legacy Dictionary Attack Prevention parameters, regardless of the value of this Policy. The only way for the disabled setting of this policy to take effect on a system where it was once enabled is to a) disable it from Policy and b)clear the TPM on the system.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -788,8 +792,6 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
diff --git a/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md b/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md
index d068903115..0d0a46df31 100644
--- a/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md
+++ b/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md
@@ -13,8 +13,12 @@ manager: dansimp
---
# Policy CSP - ADMX_UserExperienceVirtualization
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -411,28 +415,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -450,7 +460,7 @@ manager: dansimp
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings of Calculator.
+This policy setting configures the synchronization of user settings of Calculator.
By default, the user settings of Calculator synchronize between computers. Use the policy setting to prevent the user settings of Calculator from synchronization between computers.
@@ -461,12 +471,6 @@ If you disable this policy setting, Calculator user settings are excluded from t
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -485,28 +489,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -524,7 +534,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the sync provider used by User Experience Virtualization (UE-V) to sync settings between users’ computers.
+This policy setting configures the sync provider used by User Experience Virtualization (UE-V) to sync settings between users’ computers.
With Sync Method set to ”SyncProvider,” the UE-V Agent uses a built-in sync provider to keep user settings synchronized between the computer and the settings storage location. This is the default value. You can disable the sync provider on computers that never go offline and are always connected to the settings storage location.
@@ -540,12 +550,6 @@ If you disable this policy setting, the sync provider is used to synchronize set
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -564,28 +568,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -603,7 +613,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of User Experience Virtualization (UE-V) rollback information for computers running in a non-persistent, pooled VDI environment.
+This policy setting configures the synchronization of User Experience Virtualization (UE-V) rollback information for computers running in a non-persistent, pooled VDI environment.
UE-V settings rollback data and checkpoints are normally stored only on the local computer. With this policy setting enabled, the rollback information is copied to the settings storage location when the user logs off or shuts down their VDI session.
@@ -615,12 +625,6 @@ If you disable this policy setting, no UE-V rollback state is copied to the sett
If you do not configure this policy, no UE-V rollback state is copied to the settings storage location.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -639,28 +643,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -677,7 +687,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the text of the Contact IT URL hyperlink in the Company Settings Center.
+This policy setting specifies the text of the Contact IT URL hyperlink in the Company Settings Center.
If you enable this policy setting, the Company Settings Center displays the specified text in the link to the Contact IT URL.
@@ -686,12 +696,6 @@ If you disable this policy setting, the Company Settings Center does not display
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -710,28 +714,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -748,7 +758,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the URL for the Contact IT link in the Company Settings Center.
+This policy setting specifies the URL for the Contact IT link in the Company Settings Center.
If you enable this policy setting, the Company Settings Center Contact IT text links to the specified URL. The link can be of any standard protocol such as http or mailto.
@@ -756,12 +766,6 @@ If you disable this policy setting, the Company Settings Center does not display
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -780,28 +784,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -819,7 +829,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting defines whether the User Experience Virtualization (UE-V) Agent synchronizes settings for Windows apps.
+This policy setting defines whether the User Experience Virtualization (UE-V) Agent synchronizes settings for Windows apps.
By default, the UE-V Agent synchronizes settings for Windows apps between the computer and the settings storage location.
@@ -833,12 +843,6 @@ If you do not configure this policy setting, any defined values are deleted.
> If the user connects their Microsoft account for their computer then the UE-V Agent will not synchronize Windows apps. The Windows apps will default to whatever settings are configured in the Sync your settings configuration in Windows.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -857,28 +861,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -896,7 +906,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of Windows settings between computers. Certain Windows settings will synchronize between computers by default. These settings include Windows themes, Windows desktop settings, Ease of Access settings, and network printers. Use this policy setting to specify which Windows settings synchronize between computers. You can also use these settings to enable synchronization of users' sign-in information for certain apps, networks, and certificates.
+This policy setting configures the synchronization of Windows settings between computers. Certain Windows settings will synchronize between computers by default. These settings include Windows themes, Windows desktop settings, Ease of Access settings, and network printers. Use this policy setting to specify which Windows settings synchronize between computers. You can also use these settings to enable synchronization of users' sign-in information for certain apps, networks, and certificates.
If you enable this policy setting, only the selected Windows settings synchronize. Unselected Windows settings are excluded from settings synchronization.
@@ -905,12 +915,6 @@ If you disable this policy setting, all Windows Settings are excluded from the s
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -929,28 +933,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -967,17 +977,11 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to enable or disable User Experience Virtualization (UE-V) feature.
+This policy setting allows you to enable or disable User Experience Virtualization (UE-V) feature.
Reboot is needed for enable to take effect. With Auto-register inbox templates enabled, the UE-V inbox templates such as Office 2016 will be automatically registered when the UE-V Service is enabled. If this option is changed, it will only take effect when UE-V service is re-enabled.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -996,28 +1000,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1035,7 +1045,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for the Finance app. By default, the user settings of Finance sync between computers. Use the policy setting to prevent the user settings of Finance from synchronizing between computers.
+This policy setting configures the synchronization of user settings for the Finance app. By default, the user settings of Finance sync between computers. Use the policy setting to prevent the user settings of Finance from synchronizing between computers.
If you enable this policy setting, Finance user settings continue to sync.
@@ -1044,12 +1054,6 @@ If you disable this policy setting, Finance user settings are excluded from sync
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1068,28 +1072,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1106,7 +1116,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting enables a notification in the system tray that appears when the User Experience Virtualization (UE-V) Agent runs for the first time. By default, a notification informs users that Company Settings Center, the user-facing name for the UE-V Agent, now helps to synchronize settings between their work computers.
+This policy setting enables a notification in the system tray that appears when the User Experience Virtualization (UE-V) Agent runs for the first time. By default, a notification informs users that Company Settings Center, the user-facing name for the UE-V Agent, now helps to synchronize settings between their work computers.
With this setting enabled, the notification appears the first time that the UE-V Agent runs.
@@ -1115,12 +1125,6 @@ With this setting disabled, no notification appears.
If you do not configure this policy setting, any defined values are deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1139,28 +1143,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1178,7 +1188,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for the Games app. By default, the user settings of Games sync between computers. Use the policy setting to prevent the user settings of Games from synchronizing between computers.
+This policy setting configures the synchronization of user settings for the Games app. By default, the user settings of Games sync between computers. Use the policy setting to prevent the user settings of Games from synchronizing between computers.
If you enable this policy setting, Games user settings continue to sync.
@@ -1187,12 +1197,6 @@ If you disable this policy setting, Games user settings are excluded from synchr
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1211,28 +1215,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1250,7 +1260,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Internet Explorer 8.
+This policy setting configures the synchronization of user settings for Internet Explorer 8.
By default, the user settings of Internet Explorer 8 synchronize between computers. Use the policy setting to prevent the user settings for Internet Explorer 8 from synchronization between computers.
@@ -1261,12 +1271,6 @@ If you disable this policy setting, Internet Explorer 8 user settings are exclud
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1285,28 +1289,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1324,7 +1334,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Internet Explorer 9. By default, the user settings of Internet Explorer 9 synchronize between computers. Use the policy setting to prevent the user settings for Internet Explorer 9 from synchronization between computers.
+This policy setting configures the synchronization of user settings for Internet Explorer 9. By default, the user settings of Internet Explorer 9 synchronize between computers. Use the policy setting to prevent the user settings for Internet Explorer 9 from synchronization between computers.
If you enable this policy setting, the Internet Explorer 9 user settings continue to synchronize.
@@ -1333,12 +1343,7 @@ If you disable this policy setting, Internet Explorer 9 user settings are exclud
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1357,28 +1362,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1396,7 +1407,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings of Internet Explorer 10. By default, the user settings of Internet Explorer 10 synchronize between computers. Use the policy setting to prevent the user settings for Internet Explorer 10 from synchronization between computers.
+This policy setting configures the synchronization of user settings of Internet Explorer 10. By default, the user settings of Internet Explorer 10 synchronize between computers. Use the policy setting to prevent the user settings for Internet Explorer 10 from synchronization between computers.
If you enable this policy setting, the Internet Explorer 10 user settings continue to synchronize.
@@ -1405,12 +1416,6 @@ If you disable this policy setting, Internet Explorer 10 user settings are exclu
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1429,28 +1434,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1468,7 +1479,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings of Internet Explorer 11. By default, the user settings of Internet Explorer 11 synchronize between computers. Use the policy setting to prevent the user settings for Internet Explorer 11 from synchronization between computers.
+This policy setting configures the synchronization of user settings of Internet Explorer 11. By default, the user settings of Internet Explorer 11 synchronize between computers. Use the policy setting to prevent the user settings for Internet Explorer 11 from synchronization between computers.
If you enable this policy setting, the Internet Explorer 11 user settings continue to synchronize.
@@ -1477,12 +1488,6 @@ If you disable this policy setting, Internet Explorer 11 user settings are exclu
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1501,28 +1506,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1540,7 +1551,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings which are common between the versions of Internet Explorer.
+This policy setting configures the synchronization of user settings which are common between the versions of Internet Explorer.
By default, the user settings which are common between the versions of Internet Explorer synchronize between computers. Use the policy setting to prevent the user settings of Internet Explorer from synchronization between computers.
If you enable this policy setting, the user settings which are common between the versions of Internet Explorer continue to synchronize.
@@ -1550,12 +1561,6 @@ If you disable this policy setting, the user settings which are common between t
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1573,28 +1578,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1612,7 +1623,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for the Maps app. By default, the user settings of Maps sync between computers. Use the policy setting to prevent the user settings of Maps from synchronizing between computers.
+This policy setting configures the synchronization of user settings for the Maps app. By default, the user settings of Maps sync between computers. Use the policy setting to prevent the user settings of Maps from synchronizing between computers.
If you enable this policy setting, Maps user settings continue to sync.
@@ -1621,12 +1632,6 @@ If you disable this policy setting, Maps user settings are excluded from synchro
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1645,28 +1650,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1684,19 +1695,13 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure the UE-V Agent to write a warning event to the event log when a settings package file size reaches a defined threshold. By default the UE-V Agent does not report information about package file size.
+This policy setting allows you to configure the UE-V Agent to write a warning event to the event log when a settings package file size reaches a defined threshold. By default the UE-V Agent does not report information about package file size.
If you enable this policy setting, specify the threshold file size in bytes. When the settings package file exceeds this threshold the UE-V Agent will write a warning event to the event log.
If you disable or do not configure this policy setting, no event is written to the event log to report settings package size.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1715,28 +1720,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1754,7 +1765,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Access 2010. By default, the user settings of Microsoft Access 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Access 2010 from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft Access 2010. By default, the user settings of Microsoft Access 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Access 2010 from synchronization between computers.
If you enable this policy setting, Microsoft Access 2010 user settings continue to synchronize.
@@ -1763,12 +1774,6 @@ If you disable this policy setting, Microsoft Access 2010 user settings are excl
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1787,28 +1792,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1826,7 +1837,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings which are common between the Microsoft Office Suite 2010 applications. By default, the user settings which are common between the Microsoft Office Suite 2010 applications synchronize between computers. Use the policy setting to prevent the user settings which are common between the Microsoft Office Suite 2010 applications from synchronization between computers.
+This policy setting configures the synchronization of user settings which are common between the Microsoft Office Suite 2010 applications. By default, the user settings which are common between the Microsoft Office Suite 2010 applications synchronize between computers. Use the policy setting to prevent the user settings which are common between the Microsoft Office Suite 2010 applications from synchronization between computers.
If you enable this policy setting, the user settings which are common between the Microsoft Office Suite 2010 applications continue to synchronize.
@@ -1835,12 +1846,6 @@ If you disable this policy setting, the user settings which are common between t
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1859,28 +1864,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1898,7 +1909,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Excel 2010. By default, the user settings of Microsoft Excel 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Excel 2010 from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft Excel 2010. By default, the user settings of Microsoft Excel 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Excel 2010 from synchronization between computers.
If you enable this policy setting, Microsoft Excel 2010 user settings continue to synchronize.
@@ -1906,12 +1917,7 @@ If you disable this policy setting, Microsoft Excel 2010 user settings are exclu
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1930,28 +1936,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1969,7 +1981,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft InfoPath 2010. By default, the user settings of Microsoft InfoPath 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft InfoPath 2010 from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft InfoPath 2010. By default, the user settings of Microsoft InfoPath 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft InfoPath 2010 from synchronization between computers.
If you enable this policy setting, Microsoft InfoPath 2010 user settings continue to synchronize.
@@ -1978,12 +1990,7 @@ If you disable this policy setting, Microsoft InfoPath 2010 user settings are ex
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2002,28 +2009,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2041,7 +2054,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Lync 2010. By default, the user settings of Microsoft Lync 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Lync 2010 from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft Lync 2010. By default, the user settings of Microsoft Lync 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Lync 2010 from synchronization between computers.
If you enable this policy setting, Microsoft Lync 2010 user settings continue to synchronize.
@@ -2050,12 +2063,6 @@ If you disable this policy setting, Microsoft Lync 2010 user settings are exclud
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -2074,28 +2081,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2113,7 +2126,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft OneNote 2010. By default, the user settings of Microsoft OneNote 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft OneNote 2010 from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft OneNote 2010. By default, the user settings of Microsoft OneNote 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft OneNote 2010 from synchronization between computers.
If you enable this policy setting, Microsoft OneNote 2010 user settings continue to synchronize.
@@ -2121,12 +2134,6 @@ If you disable this policy setting, Microsoft OneNote 2010 user settings are exc
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -2145,28 +2152,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2184,7 +2197,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Outlook 2010. By default, the user settings of Microsoft Outlook 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Outlook 2010 from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft Outlook 2010. By default, the user settings of Microsoft Outlook 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Outlook 2010 from synchronization between computers.
If you enable this policy setting, Microsoft Outlook 2010 user settings continue to synchronize.
@@ -2193,12 +2206,6 @@ If you disable this policy setting, Microsoft Outlook 2010 user settings are exc
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -2217,28 +2224,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2256,7 +2269,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft PowerPoint 2010. By default, the user settings of Microsoft PowerPoint 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft PowerPoint 2010 from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft PowerPoint 2010. By default, the user settings of Microsoft PowerPoint 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft PowerPoint 2010 from synchronization between computers.
If you enable this policy setting, Microsoft PowerPoint 2010 user settings continue to synchronize.
@@ -2265,12 +2278,7 @@ If you disable this policy setting, Microsoft PowerPoint 2010 user settings are
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2289,28 +2297,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2328,7 +2342,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Project 2010. By default, the user settings of Microsoft Project 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Project 2010 from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft Project 2010. By default, the user settings of Microsoft Project 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Project 2010 from synchronization between computers.
If you enable this policy setting, Microsoft Project 2010 user settings continue to synchronize.
@@ -2336,12 +2350,7 @@ If you disable this policy setting, Microsoft Project 2010 user settings are exc
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2360,28 +2369,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2399,7 +2414,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Publisher 2010. By default, the user settings of Microsoft Publisher 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Publisher 2010 from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft Publisher 2010. By default, the user settings of Microsoft Publisher 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Publisher 2010 from synchronization between computers.
If you enable this policy setting, Microsoft Publisher 2010 user settings continue to synchronize.
@@ -2408,12 +2423,7 @@ If you disable this policy setting, Microsoft Publisher 2010 user settings are e
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2432,28 +2442,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2471,7 +2487,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft SharePoint Designer 2010. By default, the user settings of Microsoft SharePoint Designer 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft SharePoint Designer 2010 from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft SharePoint Designer 2010. By default, the user settings of Microsoft SharePoint Designer 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft SharePoint Designer 2010 from synchronization between computers.
If you enable this policy setting, Microsoft SharePoint Designer 2010 user settings continue to synchronize.
@@ -2480,12 +2496,6 @@ If you disable this policy setting, Microsoft SharePoint Designer 2010 user sett
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -2502,30 +2512,36 @@ ADMX Info:
**ADMX_UserExperienceVirtualization/MicrosoftOffice2010SharePointWorkspace**
-
+2
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2543,7 +2559,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft SharePoint Workspace 2010. By default, the user settings of Microsoft SharePoint Workspace 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft SharePoint Workspace 2010 from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft SharePoint Workspace 2010. By default, the user settings of Microsoft SharePoint Workspace 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft SharePoint Workspace 2010 from synchronization between computers.
If you enable this policy setting, Microsoft SharePoint Workspace 2010 user settings continue to synchronize.
@@ -2552,12 +2568,7 @@ If you disable this policy setting, Microsoft SharePoint Workspace 2010 user set
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2576,28 +2587,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2615,7 +2632,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Visio 2010. By default, the user settings of Microsoft Visio 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Visio 2010 from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft Visio 2010. By default, the user settings of Microsoft Visio 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Visio 2010 from synchronization between computers.
If you enable this policy setting, Microsoft Visio 2010 user settings continue to synchronize.
@@ -2624,12 +2641,6 @@ If you disable this policy setting, Microsoft Visio 2010 user settings are exclu
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -2648,28 +2659,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2687,7 +2704,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Word 2010. By default, the user settings of Microsoft Word 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Word 2010 from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft Word 2010. By default, the user settings of Microsoft Word 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Word 2010 from synchronization between computers.
If you enable this policy setting, Microsoft Word 2010 user settings continue to synchronize.
@@ -2696,12 +2713,6 @@ If you disable this policy setting, Microsoft Word 2010 user settings are exclud
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -2720,28 +2731,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2759,7 +2776,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Access 2013. By default, the user settings of Microsoft Access 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Access 2013 from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft Access 2013. By default, the user settings of Microsoft Access 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Access 2013 from synchronization between computers.
If you enable this policy setting, Microsoft Access 2013 user settings continue to synchronize.
@@ -2767,12 +2784,6 @@ If you disable this policy setting, Microsoft Access 2013 user settings are excl
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -2791,28 +2802,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2830,7 +2847,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings for Microsoft Access 2013. Microsoft Access 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Access 2013 settings.
+This policy setting configures the backup of certain user settings for Microsoft Access 2013. Microsoft Access 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Access 2013 settings.
If you enable this policy setting, certain user settings of Microsoft Access 2013 will continue to be backed up.
@@ -2839,12 +2856,6 @@ If you disable this policy setting, certain user settings of Microsoft Access 20
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -2863,28 +2874,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2902,7 +2919,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings which are common between the Microsoft Office Suite 2013 applications. By default, the user settings which are common between the Microsoft Office Suite 2013 applications synchronize between computers. Use the policy setting to prevent the user settings which are common between the Microsoft Office Suite 2013 applications from synchronization between computers.
+This policy setting configures the synchronization of user settings which are common between the Microsoft Office Suite 2013 applications. By default, the user settings which are common between the Microsoft Office Suite 2013 applications synchronize between computers. Use the policy setting to prevent the user settings which are common between the Microsoft Office Suite 2013 applications from synchronization between computers.
If you enable this policy setting, the user settings which are common between the Microsoft Office Suite 2013 applications continue to synchronize.
@@ -2911,12 +2928,6 @@ If you disable this policy setting, the user settings which are common between t
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -2935,28 +2946,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2974,7 +2991,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings which are common between the Microsoft Office Suite 2013 applications.
+This policy setting configures the backup of certain user settings which are common between the Microsoft Office Suite 2013 applications.
Microsoft Office Suite 2013 has user settings which are common between applications and are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific common Microsoft Office Suite 2013 applications.
If you enable this policy setting, certain user settings which are common between the Microsoft Office Suite 2013 applications will continue to be backed up.
@@ -2984,12 +3001,6 @@ If you disable this policy setting, certain user settings which are common betwe
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -3008,28 +3019,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3047,7 +3064,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Excel 2013.
+This policy setting configures the synchronization of user settings for Microsoft Excel 2013.
By default, the user settings of Microsoft Excel 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Excel 2013 from synchronization between computers.
@@ -3057,12 +3074,6 @@ If you disable this policy setting, Microsoft Excel 2013 user settings are exclu
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -3081,28 +3092,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3120,7 +3137,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings for Microsoft Excel 2013. Microsoft Excel 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Excel 2013 settings.
+This policy setting configures the backup of certain user settings for Microsoft Excel 2013. Microsoft Excel 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Excel 2013 settings.
If you enable this policy setting, certain user settings of Microsoft Excel 2013 will continue to be backed up.
@@ -3128,12 +3145,7 @@ If you disable this policy setting, certain user settings of Microsoft Excel 201
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3152,28 +3164,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3191,7 +3209,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft InfoPath 2013. By default, the user settings of Microsoft InfoPath 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft InfoPath 2013 from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft InfoPath 2013. By default, the user settings of Microsoft InfoPath 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft InfoPath 2013 from synchronization between computers.
If you enable this policy setting, Microsoft InfoPath 2013 user settings continue to synchronize.
@@ -3200,12 +3218,6 @@ If you disable this policy setting, Microsoft InfoPath 2013 user settings are ex
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -3224,28 +3236,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3263,7 +3281,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings for Microsoft InfoPath 2013. Microsoft InfoPath 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft InfoPath 2013 settings.
+This policy setting configures the backup of certain user settings for Microsoft InfoPath 2013. Microsoft InfoPath 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft InfoPath 2013 settings.
If you enable this policy setting, certain user settings of Microsoft InfoPath 2013 will continue to be backed up.
@@ -3272,12 +3290,7 @@ If you disable this policy setting, certain user settings of Microsoft InfoPath
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3296,28 +3309,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3335,7 +3354,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Lync 2013. By default, the user settings of Microsoft Lync 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Lync 2013 from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft Lync 2013. By default, the user settings of Microsoft Lync 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Lync 2013 from synchronization between computers.
If you enable this policy setting, Microsoft Lync 2013 user settings continue to synchronize.
@@ -3343,12 +3362,7 @@ If you disable this policy setting, Microsoft Lync 2013 user settings are exclud
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3367,28 +3381,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3406,7 +3426,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings for Microsoft Lync 2013. Microsoft Lync 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Lync 2013 settings.
+This policy setting configures the backup of certain user settings for Microsoft Lync 2013. Microsoft Lync 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Lync 2013 settings.
If you enable this policy setting, certain user settings of Microsoft Lync 2013 will continue to be backed up.
@@ -3415,12 +3435,7 @@ If you disable this policy setting, certain user settings of Microsoft Lync 2013
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3439,28 +3454,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3478,7 +3499,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for OneDrive for Business 2013. By default, the user settings of OneDrive for Business 2013 synchronize between computers. Use the policy setting to prevent the user settings of OneDrive for Business 2013 from synchronization between computers.
+This policy setting configures the synchronization of user settings for OneDrive for Business 2013. By default, the user settings of OneDrive for Business 2013 synchronize between computers. Use the policy setting to prevent the user settings of OneDrive for Business 2013 from synchronization between computers.
If you enable this policy setting, OneDrive for Business 2013 user settings continue to synchronize.
@@ -3487,12 +3508,7 @@ If you disable this policy setting, OneDrive for Business 2013 user settings are
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3511,28 +3527,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3550,7 +3572,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft OneNote 2013. By default, the user settings of Microsoft OneNote 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft OneNote 2013 from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft OneNote 2013. By default, the user settings of Microsoft OneNote 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft OneNote 2013 from synchronization between computers.
If you enable this policy setting, Microsoft OneNote 2013 user settings continue to synchronize.
@@ -3559,12 +3581,7 @@ If you disable this policy setting, Microsoft OneNote 2013 user settings are exc
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3583,28 +3600,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3622,7 +3645,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings for Microsoft OneNote 2013. Microsoft OneNote 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft OneNote 2013 settings.
+This policy setting configures the backup of certain user settings for Microsoft OneNote 2013. Microsoft OneNote 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft OneNote 2013 settings.
If you enable this policy setting, certain user settings of Microsoft OneNote 2013 will continue to be backed up.
@@ -3631,12 +3654,7 @@ If you disable this policy setting, certain user settings of Microsoft OneNote 2
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3655,28 +3673,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3694,7 +3718,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Outlook 2013. By default, the user settings of Microsoft Outlook 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Outlook 2013 from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft Outlook 2013. By default, the user settings of Microsoft Outlook 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Outlook 2013 from synchronization between computers.
If you enable this policy setting, Microsoft Outlook 2013 user settings continue to synchronize.
@@ -3702,12 +3726,7 @@ If you disable this policy setting, Microsoft Outlook 2013 user settings are exc
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3726,28 +3745,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3765,7 +3790,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings for Microsoft Outlook 2013. Microsoft Outlook 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Outlook 2013 settings.
+This policy setting configures the backup of certain user settings for Microsoft Outlook 2013. Microsoft Outlook 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Outlook 2013 settings.
If you enable this policy setting, certain user settings of Microsoft Outlook 2013 will continue to be backed up.
@@ -3774,12 +3799,7 @@ If you disable this policy setting, certain user settings of Microsoft Outlook 2
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3798,28 +3818,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3837,7 +3863,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft PowerPoint 2013. By default, the user settings of Microsoft PowerPoint 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft PowerPoint 2013 from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft PowerPoint 2013. By default, the user settings of Microsoft PowerPoint 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft PowerPoint 2013 from synchronization between computers.
If you enable this policy setting, Microsoft PowerPoint 2013 user settings continue to synchronize.
@@ -3846,12 +3872,7 @@ If you disable this policy setting, Microsoft PowerPoint 2013 user settings are
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3870,28 +3891,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3909,7 +3936,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings for Microsoft PowerPoint 2013. Microsoft PowerPoint 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft PowerPoint 2013 settings.
+This policy setting configures the backup of certain user settings for Microsoft PowerPoint 2013. Microsoft PowerPoint 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft PowerPoint 2013 settings.
If you enable this policy setting, certain user settings of Microsoft PowerPoint 2013 will continue to be backed up.
@@ -3918,12 +3945,7 @@ If you disable this policy setting, certain user settings of Microsoft PowerPoin
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3942,28 +3964,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3981,7 +4009,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Project 2013. By default, the user settings of Microsoft Project 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Project 2013 from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft Project 2013. By default, the user settings of Microsoft Project 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Project 2013 from synchronization between computers.
If you enable this policy setting, Microsoft Project 2013 user settings continue to synchronize.
@@ -3989,12 +4017,7 @@ If you disable this policy setting, Microsoft Project 2013 user settings are exc
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -4013,28 +4036,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4052,7 +4081,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings for Microsoft Project 2013. Microsoft Project 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Project 2013 settings.
+This policy setting configures the backup of certain user settings for Microsoft Project 2013. Microsoft Project 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Project 2013 settings.
If you enable this policy setting, certain user settings of Microsoft Project 2013 will continue to be backed up.
@@ -4061,12 +4090,6 @@ If you disable this policy setting, certain user settings of Microsoft Project 2
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -4085,28 +4108,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4124,7 +4153,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Publisher 2013. By default, the user settings of Microsoft Publisher 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Publisher 2013 from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft Publisher 2013. By default, the user settings of Microsoft Publisher 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Publisher 2013 from synchronization between computers.
If you enable this policy setting, Microsoft Publisher 2013 user settings continue to synchronize.
@@ -4133,12 +4162,7 @@ If you disable this policy setting, Microsoft Publisher 2013 user settings are e
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -4157,28 +4181,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4196,7 +4226,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings for Microsoft Publisher 2013. Microsoft Publisher 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Publisher 2013 settings.
+This policy setting configures the backup of certain user settings for Microsoft Publisher 2013. Microsoft Publisher 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Publisher 2013 settings.
If you enable this policy setting, certain user settings of Microsoft Publisher 2013 will continue to be backed up.
@@ -4205,12 +4235,7 @@ If you disable this policy setting, certain user settings of Microsoft Publisher
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -4229,28 +4254,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4268,7 +4299,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft SharePoint Designer 2013. By default, the user settings of Microsoft SharePoint Designer 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft SharePoint Designer 2013 from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft SharePoint Designer 2013. By default, the user settings of Microsoft SharePoint Designer 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft SharePoint Designer 2013 from synchronization between computers.
If you enable this policy setting, Microsoft SharePoint Designer 2013 user settings continue to synchronize.
@@ -4277,12 +4308,7 @@ If you disable this policy setting, Microsoft SharePoint Designer 2013 user sett
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -4300,28 +4326,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4339,7 +4371,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings for Microsoft SharePoint Designer 2013. Microsoft SharePoint Designer 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft SharePoint Designer 2013 settings.
+This policy setting configures the backup of certain user settings for Microsoft SharePoint Designer 2013. Microsoft SharePoint Designer 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft SharePoint Designer 2013 settings.
If you enable this policy setting, certain user settings of Microsoft SharePoint Designer 2013 will continue to be backed up.
@@ -4348,12 +4380,7 @@ If you disable this policy setting, certain user settings of Microsoft SharePoin
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -4371,28 +4398,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4410,7 +4443,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 2013 Upload Center. By default, the user settings of Microsoft Office 2013 Upload Center synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Office 2013 Upload Center from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft Office 2013 Upload Center. By default, the user settings of Microsoft Office 2013 Upload Center synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Office 2013 Upload Center from synchronization between computers.
If you enable this policy setting, Microsoft Office 2013 Upload Center user settings continue to synchronize.
@@ -4419,12 +4452,6 @@ If you disable this policy setting, Microsoft Office 2013 Upload Center user set
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -4443,28 +4470,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4482,7 +4515,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Visio 2013. By default, the user settings of Microsoft Visio 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Visio 2013 from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft Visio 2013. By default, the user settings of Microsoft Visio 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Visio 2013 from synchronization between computers.
If you enable this policy setting, Microsoft Visio 2013 user settings continue to synchronize.
@@ -4491,12 +4524,7 @@ If you disable this policy setting, Microsoft Visio 2013 user settings are exclu
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -4515,28 +4543,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4554,7 +4588,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings for Microsoft Visio 2013. Microsoft Visio 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Visio 2013 settings.
+This policy setting configures the backup of certain user settings for Microsoft Visio 2013. Microsoft Visio 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Visio 2013 settings.
If you enable this policy setting, certain user settings of Microsoft Visio 2013 will continue to be backed up.
@@ -4563,12 +4597,7 @@ If you disable this policy setting, certain user settings of Microsoft Visio 201
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -4587,28 +4616,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4626,7 +4661,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Word 2013. By default, the user settings of Microsoft Word 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Word 2013 from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft Word 2013. By default, the user settings of Microsoft Word 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Word 2013 from synchronization between computers.
If you enable this policy setting, Microsoft Word 2013 user settings continue to synchronize.
@@ -4635,12 +4670,6 @@ If you disable this policy setting, Microsoft Word 2013 user settings are exclud
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -4659,28 +4688,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4698,7 +4733,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings for Microsoft Word 2013. Microsoft Word 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Word 2013 settings.
+This policy setting configures the backup of certain user settings for Microsoft Word 2013. Microsoft Word 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Word 2013 settings.
If you enable this policy setting, certain user settings of Microsoft Word 2013 will continue to be backed up.
@@ -4707,12 +4742,6 @@ If you disable this policy setting, certain user settings of Microsoft Word 2013
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -4731,28 +4760,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4770,7 +4805,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Access 2016. By default, the user settings of Microsoft Access 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Access 2016 from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft Access 2016. By default, the user settings of Microsoft Access 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Access 2016 from synchronization between computers.
If you enable this policy setting, Microsoft Access 2016 user settings continue to synchronize.
@@ -4779,12 +4814,6 @@ If you disable this policy setting, Microsoft Access 2016 user settings are excl
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -4803,28 +4832,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4842,7 +4877,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings for Microsoft Access 2016. Microsoft Access 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Access 2016 settings.
+This policy setting configures the backup of certain user settings for Microsoft Access 2016. Microsoft Access 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Access 2016 settings.
If you enable this policy setting, certain user settings of Microsoft Access 2016 will continue to be backed up.
@@ -4851,12 +4886,7 @@ If you disable this policy setting, certain user settings of Microsoft Access 20
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -4875,28 +4905,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4914,7 +4950,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings which are common between the Microsoft Office Suite 2016 applications. By default, the user settings which are common between the Microsoft Office Suite 2016 applications synchronize between computers. Use the policy setting to prevent the user settings which are common between the Microsoft Office Suite 2016 applications from synchronization between computers.
+This policy setting configures the synchronization of user settings which are common between the Microsoft Office Suite 2016 applications. By default, the user settings which are common between the Microsoft Office Suite 2016 applications synchronize between computers. Use the policy setting to prevent the user settings which are common between the Microsoft Office Suite 2016 applications from synchronization between computers.
If you enable this policy setting, the user settings which are common between the Microsoft Office Suite 2016 applications continue to synchronize.
@@ -4923,12 +4959,7 @@ If you disable this policy setting, the user settings which are common between t
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -4947,28 +4978,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4986,7 +5023,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings which are common between the Microsoft Office Suite 2016 applications.
+This policy setting configures the backup of certain user settings which are common between the Microsoft Office Suite 2016 applications.
Microsoft Office Suite 2016 has user settings which are common between applications and are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific common Microsoft Office Suite 2016 applications.
If you enable this policy setting, certain user settings which are common between the Microsoft Office Suite 2016 applications will continue to be backed up.
@@ -4996,12 +5033,7 @@ If you disable this policy setting, certain user settings which are common betwe
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -5020,28 +5052,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -5059,7 +5097,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Excel 2016. By default, the user settings of Microsoft Excel 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Excel 2016 from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft Excel 2016. By default, the user settings of Microsoft Excel 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Excel 2016 from synchronization between computers.
If you enable this policy setting, Microsoft Excel 2016 user settings continue to synchronize.
@@ -5068,12 +5106,7 @@ If you disable this policy setting, Microsoft Excel 2016 user settings are exclu
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -5092,28 +5125,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -5131,7 +5170,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings for Microsoft Excel 2016. Microsoft Excel 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Excel 2016 settings.
+This policy setting configures the backup of certain user settings for Microsoft Excel 2016. Microsoft Excel 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Excel 2016 settings.
If you enable this policy setting, certain user settings of Microsoft Excel 2016 will continue to be backed up.
@@ -5140,12 +5179,7 @@ If you disable this policy setting, certain user settings of Microsoft Excel 201
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -5164,28 +5198,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -5203,7 +5243,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Lync 2016. By default, the user settings of Microsoft Lync 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Lync 2016 from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft Lync 2016. By default, the user settings of Microsoft Lync 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Lync 2016 from synchronization between computers.
If you enable this policy setting, Microsoft Lync 2016 user settings continue to synchronize.
@@ -5212,12 +5252,7 @@ If you disable this policy setting, Microsoft Lync 2016 user settings are exclud
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -5236,28 +5271,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -5275,7 +5316,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings for Microsoft Lync 2016. Microsoft Lync 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Lync 2016 settings.
+This policy setting configures the backup of certain user settings for Microsoft Lync 2016. Microsoft Lync 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Lync 2016 settings.
If you enable this policy setting, certain user settings of Microsoft Lync 2016 will continue to be backed up.
@@ -5284,12 +5325,7 @@ If you disable this policy setting, certain user settings of Microsoft Lync 2016
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -5308,28 +5344,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -5347,7 +5389,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for OneDrive for Business 2016. By default, the user settings of OneDrive for Business 2016 synchronize between computers. Use the policy setting to prevent the user settings of OneDrive for Business 2016 from synchronization between computers.
+This policy setting configures the synchronization of user settings for OneDrive for Business 2016. By default, the user settings of OneDrive for Business 2016 synchronize between computers. Use the policy setting to prevent the user settings of OneDrive for Business 2016 from synchronization between computers.
If you enable this policy setting, OneDrive for Business 2016 user settings continue to synchronize.
@@ -5356,12 +5398,7 @@ If you disable this policy setting, OneDrive for Business 2016 user settings are
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -5380,28 +5417,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -5419,7 +5462,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft OneNote 2016. By default, the user settings of Microsoft OneNote 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft OneNote 2016 from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft OneNote 2016. By default, the user settings of Microsoft OneNote 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft OneNote 2016 from synchronization between computers.
If you enable this policy setting, Microsoft OneNote 2016 user settings continue to synchronize.
@@ -5428,12 +5471,6 @@ If you disable this policy setting, Microsoft OneNote 2016 user settings are exc
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -5452,28 +5489,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -5491,7 +5534,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings for Microsoft OneNote 2016. Microsoft OneNote 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft OneNote 2016 settings.
+This policy setting configures the backup of certain user settings for Microsoft OneNote 2016. Microsoft OneNote 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft OneNote 2016 settings.
If you enable this policy setting, certain user settings of Microsoft OneNote 2016 will continue to be backed up.
@@ -5500,12 +5543,7 @@ If you disable this policy setting, certain user settings of Microsoft OneNote 2
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -5524,28 +5562,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -5563,7 +5607,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Outlook 2016. By default, the user settings of Microsoft Outlook 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Outlook 2016 from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft Outlook 2016. By default, the user settings of Microsoft Outlook 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Outlook 2016 from synchronization between computers.
If you enable this policy setting, Microsoft Outlook 2016 user settings continue to synchronize.
@@ -5572,12 +5616,6 @@ If you disable this policy setting, Microsoft Outlook 2016 user settings are exc
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -5596,28 +5634,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -5635,7 +5679,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings for Microsoft Outlook 2016. Microsoft Outlook 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Outlook 2016 settings.
+This policy setting configures the backup of certain user settings for Microsoft Outlook 2016. Microsoft Outlook 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Outlook 2016 settings.
If you enable this policy setting, certain user settings of Microsoft Outlook 2016 will continue to be backed up.
@@ -5644,12 +5688,7 @@ If you disable this policy setting, certain user settings of Microsoft Outlook 2
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -5668,28 +5707,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -5707,7 +5752,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft PowerPoint 2016. By default, the user settings of Microsoft PowerPoint 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft PowerPoint 2016 from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft PowerPoint 2016. By default, the user settings of Microsoft PowerPoint 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft PowerPoint 2016 from synchronization between computers.
If you enable this policy setting, Microsoft PowerPoint 2016 user settings continue to synchronize.
@@ -5716,12 +5761,6 @@ If you disable this policy setting, Microsoft PowerPoint 2016 user settings are
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -5740,28 +5779,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -5779,7 +5824,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings for Microsoft PowerPoint 2016. Microsoft PowerPoint 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft PowerPoint 2016 settings.
+This policy setting configures the backup of certain user settings for Microsoft PowerPoint 2016. Microsoft PowerPoint 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft PowerPoint 2016 settings.
If you enable this policy setting, certain user settings of Microsoft PowerPoint 2016 will continue to be backed up.
@@ -5788,12 +5833,6 @@ If you disable this policy setting, certain user settings of Microsoft PowerPoin
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -5812,28 +5851,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -5851,7 +5896,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Project 2016.
+This policy setting configures the synchronization of user settings for Microsoft Project 2016.
By default, the user settings of Microsoft Project 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Project 2016 from synchronization between computers.
If you enable this policy setting, Microsoft Project 2016 user settings continue to synchronize.
@@ -5861,12 +5906,7 @@ If you disable this policy setting, Microsoft Project 2016 user settings are exc
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -5885,28 +5925,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -5924,7 +5970,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings for Microsoft Project 2016. Microsoft Project 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Project 2016 settings.
+This policy setting configures the backup of certain user settings for Microsoft Project 2016. Microsoft Project 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Project 2016 settings.
If you enable this policy setting, certain user settings of Microsoft Project 2016 will continue to be backed up.
@@ -5932,12 +5978,7 @@ If you disable this policy setting, certain user settings of Microsoft Project 2
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -5956,28 +5997,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -5995,7 +6042,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Publisher 2016. By default, the user settings of Microsoft Publisher 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Publisher 2016 from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft Publisher 2016. By default, the user settings of Microsoft Publisher 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Publisher 2016 from synchronization between computers.
If you enable this policy setting, Microsoft Publisher 2016 user settings continue to synchronize.
@@ -6004,12 +6051,7 @@ If you disable this policy setting, Microsoft Publisher 2016 user settings are e
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -6028,28 +6070,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -6067,7 +6115,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings for Microsoft Publisher 2016. Microsoft Publisher 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Publisher 2016 settings.
+This policy setting configures the backup of certain user settings for Microsoft Publisher 2016. Microsoft Publisher 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Publisher 2016 settings.
If you enable this policy setting, certain user settings of Microsoft Publisher 2016 will continue to be backed up.
@@ -6076,12 +6124,7 @@ If you disable this policy setting, certain user settings of Microsoft Publisher
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -6099,28 +6142,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -6138,7 +6187,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 2016 Upload Center. By default, the user settings of Microsoft Office 2016 Upload Center synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Office 2016 Upload Center from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft Office 2016 Upload Center. By default, the user settings of Microsoft Office 2016 Upload Center synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Office 2016 Upload Center from synchronization between computers.
If you enable this policy setting, Microsoft Office 2016 Upload Center user settings continue to synchronize.
@@ -6147,12 +6196,7 @@ If you disable this policy setting, Microsoft Office 2016 Upload Center user set
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -6171,28 +6215,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -6210,7 +6260,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Visio 2016. By default, the user settings of Microsoft Visio 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Visio 2016 from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft Visio 2016. By default, the user settings of Microsoft Visio 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Visio 2016 from synchronization between computers.
If you enable this policy setting, Microsoft Visio 2016 user settings continue to synchronize.
@@ -6219,12 +6269,6 @@ If you disable this policy setting, Microsoft Visio 2016 user settings are exclu
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -6243,28 +6287,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -6282,7 +6332,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings for Microsoft Visio 2016. Microsoft Visio 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Visio 2016 settings.
+This policy setting configures the backup of certain user settings for Microsoft Visio 2016. Microsoft Visio 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Visio 2016 settings.
If you enable this policy setting, certain user settings of Microsoft Visio 2016 will continue to be backed up.
@@ -6291,12 +6341,7 @@ If you disable this policy setting, certain user settings of Microsoft Visio 201
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -6315,28 +6360,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -6354,7 +6405,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Word 2016. By default, the user settings of Microsoft Word 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Word 2016 from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft Word 2016. By default, the user settings of Microsoft Word 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Word 2016 from synchronization between computers.
If you enable this policy setting, Microsoft Word 2016 user settings continue to synchronize.
@@ -6363,12 +6414,6 @@ If you disable this policy setting, Microsoft Word 2016 user settings are exclud
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -6387,28 +6432,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -6426,7 +6477,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings for Microsoft Word 2016. Microsoft Word 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Word 2016 settings.
+This policy setting configures the backup of certain user settings for Microsoft Word 2016. Microsoft Word 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Word 2016 settings.
If you enable this policy setting, certain user settings of Microsoft Word 2016 will continue to be backed up.
@@ -6435,12 +6486,7 @@ If you disable this policy setting, certain user settings of Microsoft Word 2016
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -6459,28 +6505,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -6498,7 +6550,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 365 Access 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Access 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Access 2013 from synchronization between computers with UE-V.
+This policy setting configures the synchronization of user settings for Microsoft Office 365 Access 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Access 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Access 2013 from synchronization between computers with UE-V.
If you enable this policy setting, Microsoft Office 365 Access 2013 user settings continue to sync with UE-V.
@@ -6507,12 +6559,7 @@ If you disable this policy setting, Microsoft Office 365 Access 2013 user settin
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -6531,28 +6578,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -6570,7 +6623,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 365 Access 2016. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Access 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Access 2016 from synchronization between computers with UE-V.
+This policy setting configures the synchronization of user settings for Microsoft Office 365 Access 2016. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Access 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Access 2016 from synchronization between computers with UE-V.
If you enable this policy setting, Microsoft Office 365 Access 2016 user settings continue to sync with UE-V.
@@ -6579,12 +6632,7 @@ If you disable this policy setting, Microsoft Office 365 Access 2016 user settin
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -6603,28 +6651,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -6642,7 +6696,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings which are common between the Microsoft Office Suite 2013 applications. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings which are common between the Microsoft Office Suite 2013 applications will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings which are common between the Microsoft Office Suite 2013 applications from synchronization between computers with UE-V.
+This policy setting configures the synchronization of user settings which are common between the Microsoft Office Suite 2013 applications. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings which are common between the Microsoft Office Suite 2013 applications will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings which are common between the Microsoft Office Suite 2013 applications from synchronization between computers with UE-V.
If you enable this policy setting, user settings which are common between the Microsoft Office Suite 2013 applications continue to synchronize with UE-V.
@@ -6651,12 +6705,7 @@ If you disable this policy setting, user settings which are common between the M
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -6674,28 +6723,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -6713,7 +6768,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings which are common between the Microsoft Office Suite 2016 applications. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings which are common between the Microsoft Office Suite 2016 applications will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings which are common between the Microsoft Office Suite 2016 applications from synchronization between computers with UE-V.
+This policy setting configures the synchronization of user settings which are common between the Microsoft Office Suite 2016 applications. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings which are common between the Microsoft Office Suite 2016 applications will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings which are common between the Microsoft Office Suite 2016 applications from synchronization between computers with UE-V.
If you enable this policy setting, user settings which are common between the Microsoft Office Suite 2016 applications continue to synchronize with UE-V.
@@ -6722,12 +6777,7 @@ If you disable this policy setting, user settings which are common between the M
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -6746,28 +6796,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -6785,7 +6841,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 365 Excel 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Excel 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Excel 2013 from synchronization between computers with UE-V.
+This policy setting configures the synchronization of user settings for Microsoft Office 365 Excel 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Excel 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Excel 2013 from synchronization between computers with UE-V.
If you enable this policy setting, Microsoft Office 365 Excel 2013 user settings continue to sync with UE-V.
@@ -6794,12 +6850,7 @@ If you disable this policy setting, Microsoft Office 365 Excel 2013 user setting
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -6818,28 +6869,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -6857,7 +6914,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 365 Excel 2016. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Excel 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Excel 2016 from synchronization between computers with UE-V.
+This policy setting configures the synchronization of user settings for Microsoft Office 365 Excel 2016. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Excel 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Excel 2016 from synchronization between computers with UE-V.
If you enable this policy setting, Microsoft Office 365 Excel 2016 user settings continue to sync with UE-V.
@@ -6866,12 +6923,7 @@ If you disable this policy setting, Microsoft Office 365 Excel 2016 user setting
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -6890,28 +6942,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -6929,7 +6987,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 365 InfoPath 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 InfoPath 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 InfoPath 2013 from synchronization between computers with UE-V.
+This policy setting configures the synchronization of user settings for Microsoft Office 365 InfoPath 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 InfoPath 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 InfoPath 2013 from synchronization between computers with UE-V.
If you enable this policy setting, Microsoft Office 365 InfoPath 2013 user settings continue to sync with UE-V.
@@ -6937,12 +6995,7 @@ If you disable this policy setting, Microsoft Office 365 InfoPath 2013 user sett
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -6961,28 +7014,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -7000,7 +7059,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 365 Lync 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Lync 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Lync 2013 from synchronization between computers with UE-V.
+This policy setting configures the synchronization of user settings for Microsoft Office 365 Lync 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Lync 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Lync 2013 from synchronization between computers with UE-V.
If you enable this policy setting, Microsoft Office 365 Lync 2013 user settings continue to sync with UE-V.
@@ -7009,12 +7068,7 @@ If you disable this policy setting, Microsoft Office 365 Lync 2013 user settings
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -7033,28 +7087,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -7072,7 +7132,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 365 Lync 2016. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Lync 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Lync 2016 from synchronization between computers with UE-V.
+This policy setting configures the synchronization of user settings for Microsoft Office 365 Lync 2016. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Lync 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Lync 2016 from synchronization between computers with UE-V.
If you enable this policy setting, Microsoft Office 365 Lync 2016 user settings continue to sync with UE-V.
@@ -7081,12 +7141,7 @@ If you disable this policy setting, Microsoft Office 365 Lync 2016 user settings
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -7105,28 +7160,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -7144,7 +7205,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 365 OneNote 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 OneNote 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 OneNote 2013 from synchronization between computers with UE-V.
+This policy setting configures the synchronization of user settings for Microsoft Office 365 OneNote 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 OneNote 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 OneNote 2013 from synchronization between computers with UE-V.
If you enable this policy setting, Microsoft Office 365 OneNote 2013 user settings continue to sync with UE-V.
@@ -7153,12 +7214,7 @@ If you disable this policy setting, Microsoft Office 365 OneNote 2013 user setti
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -7177,28 +7233,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -7216,7 +7278,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 365 OneNote 2016. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 OneNote 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 OneNote 2016 from synchronization between computers with UE-V.
+This policy setting configures the synchronization of user settings for Microsoft Office 365 OneNote 2016. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 OneNote 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 OneNote 2016 from synchronization between computers with UE-V.
If you enable this policy setting, Microsoft Office 365 OneNote 2016 user settings continue to sync with UE-V.
@@ -7225,12 +7287,7 @@ If you disable this policy setting, Microsoft Office 365 OneNote 2016 user setti
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -7249,28 +7306,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -7288,7 +7351,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 365 Outlook 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Outlook 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Outlook 2013 from synchronization between computers with UE-V.
+This policy setting configures the synchronization of user settings for Microsoft Office 365 Outlook 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Outlook 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Outlook 2013 from synchronization between computers with UE-V.
If you enable this policy setting, Microsoft Office 365 Outlook 2013 user settings continue to sync with UE-V.
@@ -7297,12 +7360,7 @@ If you disable this policy setting, Microsoft Office 365 Outlook 2013 user setti
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -7321,28 +7379,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -7360,7 +7424,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 365 Outlook 2016. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Outlook 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Outlook 2016 from synchronization between computers with UE-V.
+This policy setting configures the synchronization of user settings for Microsoft Office 365 Outlook 2016. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Outlook 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Outlook 2016 from synchronization between computers with UE-V.
If you enable this policy setting, Microsoft Office 365 Outlook 2016 user settings continue to sync with UE-V.
@@ -7369,12 +7433,7 @@ If you disable this policy setting, Microsoft Office 365 Outlook 2016 user setti
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -7393,28 +7452,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -7432,7 +7497,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 365 PowerPoint 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 PowerPoint 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 PowerPoint 2013 from synchronization between computers with UE-V.
+This policy setting configures the synchronization of user settings for Microsoft Office 365 PowerPoint 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 PowerPoint 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 PowerPoint 2013 from synchronization between computers with UE-V.
If you enable this policy setting, Microsoft Office 365 PowerPoint 2013 user settings continue to sync with UE-V.
@@ -7441,12 +7506,7 @@ If you disable this policy setting, Microsoft Office 365 PowerPoint 2013 user se
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -7465,28 +7525,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -7504,7 +7570,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 365 PowerPoint 2016. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 PowerPoint 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 PowerPoint 2016 from synchronization between computers with UE-V.
+This policy setting configures the synchronization of user settings for Microsoft Office 365 PowerPoint 2016. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 PowerPoint 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 PowerPoint 2016 from synchronization between computers with UE-V.
If you enable this policy setting, Microsoft Office 365 PowerPoint 2016 user settings continue to sync with UE-V.
@@ -7513,12 +7579,7 @@ If you disable this policy setting, Microsoft Office 365 PowerPoint 2016 user se
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -7537,28 +7598,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -7576,7 +7643,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 365 Project 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Project 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Project 2013 from synchronization between computers with UE-V.
+This policy setting configures the synchronization of user settings for Microsoft Office 365 Project 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Project 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Project 2013 from synchronization between computers with UE-V.
If you enable this policy setting, Microsoft Office 365 Project 2013 user settings continue to sync with UE-V.
@@ -7585,12 +7652,7 @@ If you disable this policy setting, Microsoft Office 365 Project 2013 user setti
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -7608,28 +7670,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -7647,7 +7715,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 365 Project 2016. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Project 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Project 2016 from synchronization between computers with UE-V.
+This policy setting configures the synchronization of user settings for Microsoft Office 365 Project 2016. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Project 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Project 2016 from synchronization between computers with UE-V.
If you enable this policy setting, Microsoft Office 365 Project 2016 user settings continue to sync with UE-V.
@@ -7656,12 +7724,7 @@ If you disable this policy setting, Microsoft Office 365 Project 2016 user setti
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -7680,28 +7743,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -7719,7 +7788,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 365 Publisher 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Publisher 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Publisher 2013 from synchronization between computers with UE-V.
+This policy setting configures the synchronization of user settings for Microsoft Office 365 Publisher 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Publisher 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Publisher 2013 from synchronization between computers with UE-V.
If you enable this policy setting, Microsoft Office 365 Publisher 2013 user settings continue to sync with UE-V.
@@ -7728,12 +7797,7 @@ If you disable this policy setting, Microsoft Office 365 Publisher 2013 user set
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -7752,28 +7816,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -7791,7 +7861,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 365 Publisher 2016. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Publisher 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Publisher 2016 from synchronization between computers with UE-V.
+This policy setting configures the synchronization of user settings for Microsoft Office 365 Publisher 2016. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Publisher 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Publisher 2016 from synchronization between computers with UE-V.
If you enable this policy setting, Microsoft Office 365 Publisher 2016 user settings continue to sync with UE-V.
@@ -7800,12 +7870,6 @@ If you disable this policy setting, Microsoft Office 365 Publisher 2016 user set
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -7824,28 +7888,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -7863,7 +7933,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 365 SharePoint Designer 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 SharePoint Designer 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 SharePoint Designer 2013 from synchronization between computers with UE-V.
+This policy setting configures the synchronization of user settings for Microsoft Office 365 SharePoint Designer 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 SharePoint Designer 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 SharePoint Designer 2013 from synchronization between computers with UE-V.
If you enable this policy setting, Microsoft Office 365 SharePoint Designer 2013 user settings continue to sync with UE-V.
@@ -7872,12 +7942,7 @@ If you disable this policy setting, Microsoft Office 365 SharePoint Designer 201
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -7896,28 +7961,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -7935,7 +8006,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 365 Visio 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Visio 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Visio 2013 from synchronization between computers with UE-V.
+This policy setting configures the synchronization of user settings for Microsoft Office 365 Visio 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Visio 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Visio 2013 from synchronization between computers with UE-V.
If you enable this policy setting, Microsoft Office 365 Visio 2013 user settings continue to sync with UE-V.
@@ -7944,12 +8015,6 @@ If you disable this policy setting, Microsoft Office 365 Visio 2013 user setting
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -7968,28 +8033,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -8007,7 +8078,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 365 Visio 2016. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Visio 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Visio 2016 from synchronization between computers with UE-V.
+This policy setting configures the synchronization of user settings for Microsoft Office 365 Visio 2016. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Visio 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Visio 2016 from synchronization between computers with UE-V.
If you enable this policy setting, Microsoft Office 365 Visio 2016 user settings continue to sync with UE-V.
@@ -8016,12 +8087,7 @@ If you disable this policy setting, Microsoft Office 365 Visio 2016 user setting
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -8040,28 +8106,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -8079,7 +8151,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 365 Word 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Word 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Word 2013 from synchronization between computers with UE-V.
+This policy setting configures the synchronization of user settings for Microsoft Office 365 Word 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Word 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Word 2013 from synchronization between computers with UE-V.
If you enable this policy setting, Microsoft Office 365 Word 2013 user settings continue to sync with UE-V.
@@ -8088,12 +8160,7 @@ If you disable this policy setting, Microsoft Office 365 Word 2013 user settings
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -8112,28 +8179,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -8151,7 +8224,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 365 Word 2016. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Word 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Word 2016 from synchronization between computers with UE-V.
+This policy setting configures the synchronization of user settings for Microsoft Office 365 Word 2016. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Word 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Word 2016 from synchronization between computers with UE-V.
If you enable this policy setting, Microsoft Office 365 Word 2016 user settings continue to sync with UE-V.
@@ -8160,12 +8233,7 @@ If you disable this policy setting, Microsoft Office 365 Word 2016 user settings
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -8184,28 +8252,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -8223,7 +8297,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for the Music app. By default, the user settings of Music sync between computers. Use the policy setting to prevent the user settings of Music from synchronizing between computers.
+This policy setting configures the synchronization of user settings for the Music app. By default, the user settings of Music sync between computers. Use the policy setting to prevent the user settings of Music from synchronizing between computers.
If you enable this policy setting, Music user settings continue to sync.
@@ -8231,12 +8305,7 @@ If you disable this policy setting, Music user settings are excluded from the sy
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -8255,28 +8324,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -8294,7 +8369,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for the News app. By default, the user settings of News sync between computers. Use the policy setting to prevent the user settings of News from synchronizing between computers.
+This policy setting configures the synchronization of user settings for the News app. By default, the user settings of News sync between computers. Use the policy setting to prevent the user settings of News from synchronizing between computers.
If you enable this policy setting, News user settings continue to sync.
@@ -8303,12 +8378,7 @@ If you disable this policy setting, News user settings are excluded from synchro
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -8327,28 +8397,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -8366,7 +8442,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings of Notepad. By default, the user settings of Notepad synchronize between computers. Use the policy setting to prevent the user settings of Notepad from synchronization between computers.
+This policy setting configures the synchronization of user settings of Notepad. By default, the user settings of Notepad synchronize between computers. Use the policy setting to prevent the user settings of Notepad from synchronization between computers.
If you enable this policy setting, the Notepad user settings continue to synchronize.
@@ -8375,12 +8451,7 @@ If you disable this policy setting, Notepad user settings are excluded from the
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -8399,28 +8470,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -8438,7 +8515,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for the Reader app. By default, the user settings of Reader sync between computers. Use the policy setting to prevent the user settings of Reader from synchronizing between computers.
+This policy setting configures the synchronization of user settings for the Reader app. By default, the user settings of Reader sync between computers. Use the policy setting to prevent the user settings of Reader from synchronizing between computers.
If you enable this policy setting, Reader user settings continue to sync.
@@ -8448,12 +8525,7 @@ If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -8472,28 +8544,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -8511,19 +8589,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the number of milliseconds that the computer waits when retrieving user settings from the settings storage location. You can use this setting to override the default value of 2000 milliseconds.
+This policy setting configures the number of milliseconds that the computer waits when retrieving user settings from the settings storage location. You can use this setting to override the default value of 2000 milliseconds.
If you enable this policy setting, set the number of milliseconds that the system waits to retrieve settings.
If you disable or do not configure this policy setting, the default value of 2000 milliseconds is used.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -8542,28 +8615,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -8581,19 +8660,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures where the settings package files that contain user settings are stored.
+This policy setting configures where the settings package files that contain user settings are stored.
If you enable this policy setting, the user settings are stored in the specified location.
If you disable or do not configure this policy setting, the user settings are stored in the user’s home directory if configured for your environment.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -8612,28 +8686,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -8651,7 +8731,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures where custom settings location templates are stored and if the catalog will be used to replace the default Microsoft templates installed with the UE-V Agent.
+This policy setting configures where custom settings location templates are stored and if the catalog will be used to replace the default Microsoft templates installed with the UE-V Agent.
If you enable this policy setting, the UE-V Agent checks the specified location once each day and updates its synchronization behavior based on the templates in this location. Settings location templates added or updated since the last check are registered by the UE-V Agent. The UE-V Agent deregisters templates that were removed from this location.
@@ -8664,12 +8744,7 @@ If you disable this policy setting, the UE-V Agent will not use the custom setti
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -8688,28 +8763,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -8727,7 +8808,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for the Sports app. By default, the user settings of Sports sync between computers. Use the policy setting to prevent the user settings of Sports from synchronizing between computers.
+This policy setting configures the synchronization of user settings for the Sports app. By default, the user settings of Sports sync between computers. Use the policy setting to prevent the user settings of Sports from synchronizing between computers.
If you enable this policy setting, Sports user settings continue to sync.
@@ -8736,12 +8817,7 @@ If you disable this policy setting, Sports user settings are excluded from synch
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -8760,28 +8836,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -8799,15 +8881,10 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to enable or disable User Experience Virtualization (UE-V). Only applies to Windows 10 or earlier.
+This policy setting allows you to enable or disable User Experience Virtualization (UE-V). Only applies to Windows 10 or earlier.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -8825,28 +8902,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -8864,7 +8947,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting defines whether the User Experience Virtualization (UE-V) Agent synchronizes settings over metered connections. By default, the UE-V Agent does not synchronize settings over a metered connection.
+This policy setting defines whether the User Experience Virtualization (UE-V) Agent synchronizes settings over metered connections. By default, the UE-V Agent does not synchronize settings over a metered connection.
With this setting enabled, the UE-V Agent synchronizes settings over a metered connection.
@@ -8873,12 +8956,7 @@ With this setting disabled, the UE-V Agent does not synchronize settings over a
If you do not configure this policy setting, any defined values are deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -8897,28 +8975,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -8936,7 +9020,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting defines whether the User Experience Virtualization (UE-V) Agent synchronizes settings over metered connections outside of the home provider network, for example when connected via a roaming connection. By default, the UE-V Agent does not synchronize settings over a metered connection that is roaming.
+This policy setting defines whether the User Experience Virtualization (UE-V) Agent synchronizes settings over metered connections outside of the home provider network, for example when connected via a roaming connection. By default, the UE-V Agent does not synchronize settings over a metered connection that is roaming.
With this setting enabled, the UE-V Agent synchronizes settings over a metered connection that is roaming.
@@ -8945,12 +9029,7 @@ With this setting disabled, the UE-V Agent will not synchronize settings over a
If you do not configure this policy setting, any defined values are deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -8969,28 +9048,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -9008,7 +9093,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure the User Experience Virtualization (UE-V) sync provider to ping the settings storage path before attempting to sync settings. If the ping is successful then the sync provider attempts to synchronize the settings packages. If the ping is unsuccessful then the sync provider doesn’t attempt the synchronization.
+This policy setting allows you to configure the User Experience Virtualization (UE-V) sync provider to ping the settings storage path before attempting to sync settings. If the ping is successful then the sync provider attempts to synchronize the settings packages. If the ping is unsuccessful then the sync provider doesn’t attempt the synchronization.
If you enable this policy setting, the sync provider pings the settings storage location before synchronizing settings packages.
@@ -9017,12 +9102,7 @@ If you disable this policy setting, the sync provider doesn’t ping the setting
If you do not configure this policy, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -9041,28 +9121,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -9079,7 +9165,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting defines the default settings sync behavior of the User Experience Virtualization (UE-V) Agent for Windows apps that are not explicitly listed in Windows App List. By default, the UE-V Agent only synchronizes settings of those Windows apps included in the Windows App List.
+This policy setting defines the default settings sync behavior of the User Experience Virtualization (UE-V) Agent for Windows apps that are not explicitly listed in Windows App List. By default, the UE-V Agent only synchronizes settings of those Windows apps included in the Windows App List.
With this setting enabled, the settings of all Windows apps not expressly disable in the Windows App List are synchronized.
@@ -9088,12 +9174,7 @@ With this setting disabled, only the settings of the Windows apps set to synchro
If you do not configure this policy setting, any defined values are deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -9112,28 +9193,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -9151,7 +9238,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for the Travel app. By default, the user settings of Travel sync between computers. Use the policy setting to prevent the user settings of Travel from synchronizing between computers.
+This policy setting configures the synchronization of user settings for the Travel app. By default, the user settings of Travel sync between computers. Use the policy setting to prevent the user settings of Travel from synchronizing between computers.
If you enable this policy setting, Travel user settings continue to sync.
@@ -9160,12 +9247,7 @@ If you disable this policy setting, Travel user settings are excluded from synch
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -9184,28 +9266,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -9222,19 +9310,13 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting enables the User Experience Virtualization (UE-V) tray icon. By default, an icon appears in the system tray that displays notifications for UE-V. This icon also provides a link to the UE-V Agent application, Company Settings Center. Users can open the Company Settings Center by right-clicking the icon and selecting Open or by double-clicking the icon. When this group policy setting is enabled, the UE-V tray icon is visible, the UE-V notifications display, and the Company Settings Center is accessible from the tray icon.
+This policy setting enables the User Experience Virtualization (UE-V) tray icon. By default, an icon appears in the system tray that displays notifications for UE-V. This icon also provides a link to the UE-V Agent application, Company Settings Center. Users can open the Company Settings Center by right-clicking the icon and selecting Open or by double-clicking the icon. When this group policy setting is enabled, the UE-V tray icon is visible, the UE-V notifications display, and the Company Settings Center is accessible from the tray icon.
With this setting disabled, the tray icon does not appear in the system tray, UE-V never displays notifications, and the user cannot access Company Settings Center from the system tray. The Company Settings Center remains accessible through the Control Panel and the Start menu or Start screen.
If you do not configure this policy setting, any defined values are deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -9253,28 +9335,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -9292,7 +9380,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for the Video app. By default, the user settings of Video sync between computers. Use the policy setting to prevent the user settings of Video from synchronizing between computers.
+This policy setting configures the synchronization of user settings for the Video app. By default, the user settings of Video sync between computers. Use the policy setting to prevent the user settings of Video from synchronizing between computers.
If you enable this policy setting, Video user settings continue to sync.
@@ -9301,12 +9389,7 @@ If you disable this policy setting, Video user settings are excluded from synchr
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -9325,28 +9408,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -9364,7 +9453,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for the Weather app. By default, the user settings of Weather sync between computers. Use the policy setting to prevent the user settings of Weather from synchronizing between computers.
+This policy setting configures the synchronization of user settings for the Weather app. By default, the user settings of Weather sync between computers. Use the policy setting to prevent the user settings of Weather from synchronizing between computers.
If you enable this policy setting, Weather user settings continue to sync.
@@ -9373,12 +9462,7 @@ If you disable this policy setting, Weather user settings are excluded from sync
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -9396,28 +9480,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -9435,7 +9525,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings of WordPad. By default, the user settings of WordPad synchronize between computers. Use the policy setting to prevent the user settings of WordPad from synchronization between computers.
+This policy setting configures the synchronization of user settings of WordPad. By default, the user settings of WordPad synchronize between computers. Use the policy setting to prevent the user settings of WordPad from synchronization between computers.
If you enable this policy setting, the WordPad user settings continue to synchronize.
@@ -9444,12 +9534,7 @@ If you disable this policy setting, WordPad user settings are excluded from the
If you do not configure this policy setting, any defined values will be deleted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -9461,7 +9546,6 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
diff --git a/windows/client-management/mdm/policy-csp-admx-userprofiles.md b/windows/client-management/mdm/policy-csp-admx-userprofiles.md
index 7e23b796b2..65da2ac7ab 100644
--- a/windows/client-management/mdm/policy-csp-admx-userprofiles.md
+++ b/windows/client-management/mdm/policy-csp-admx-userprofiles.md
@@ -13,11 +13,15 @@ manager: dansimp
---
# Policy CSP - ADMX_UserProfiles
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
## ADMX_UserProfiles policies
@@ -57,28 +61,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -95,19 +105,16 @@ manager: dansimp
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows an administrator to automatically delete user profiles on system restart that have not been used within a specified number of days. Note: One day is interpreted as 24 hours after a specific user profile was accessed.
+This policy setting allows an administrator to automatically delete user profiles on system restart that have not been used within a specified number of days.
+
+> [!NOTE]
+> One day is interpreted as 24 hours after a specific user profile was accessed.
If you enable this policy setting, the User Profile Service will automatically delete on the next system restart all user profiles on the computer that have not been used within the specified number of days.
If you disable or do not configure this policy setting, User Profile Service will not automatically delete any profiles on the next system restart.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -126,28 +133,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -164,21 +177,16 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether Windows forcefully unloads the user's registry at logoff, even if there are open handles to the per-user registry keys.
+This policy setting controls whether Windows forcefully unloads the user's registry at logoff, even if there are open handles to the per-user registry keys.
-Note: This policy setting should only be used for cases where you may be running into application compatibility issues due to this specific Windows behavior. It is not recommended to enable this policy by default as it may prevent users from getting an updated version of their roaming user profile.
+> [!NOTE]
+> This policy setting should only be used for cases where you may be running into application compatibility issues due to this specific Windows behavior. It is not recommended to enable this policy by default as it may prevent users from getting an updated version of their roaming user profile.
If you enable this policy setting, Windows will not forcefully unload the users registry at logoff, but will unload the registry when all open handles to the per-user registry keys are closed.
If you disable or do not configure this policy setting, Windows will always unload the users registry at logoff, even if there are any open handles to the per-user registry keys at user logoff.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -197,28 +205,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -235,7 +249,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether the system retains a roaming user's Windows Installer and Group Policy based software installation data on their profile deletion.
+This policy setting determines whether the system retains a roaming user's Windows Installer and Group Policy based software installation data on their profile deletion.
By default Windows deletes all information related to a roaming user (which includes the user's settings, data, Windows Installer related data, and the like) when their profile is deleted. As a result, the next time a roaming user whose profile was previously deleted on that client logs on, they will need to reinstall all apps published via policy at logon increasing logon time. You can use this policy setting to change this behavior.
@@ -247,12 +261,6 @@ If you disable or do not configure this policy setting, Windows will delete the
> If this policy setting is enabled for a machine, local administrator action is required to remove the Windows Installer or Group Policy software installation data stored in the registry and file system of roaming users' profiles on the machine.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -271,28 +279,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -309,7 +323,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting sets the maximum size of each user profile and determines the system's response when a user profile reaches the maximum size. This policy setting affects both local and roaming profiles.
+This policy setting sets the maximum size of each user profile and determines the system's response when a user profile reaches the maximum size. This policy setting affects both local and roaming profiles.
If you disable this policy setting or do not configure it, the system does not limit the size of user profiles.
@@ -321,16 +335,7 @@ If you enable this policy setting, you can:
- Specify a customized message notifying users of the oversized profile.
- Determine how often the customized message is displayed.
-> [!NOTE]
-> In operating systems earlier than Microsoft Windows Vista, Windows will not allow users to log off until the profile size has been reduced to within the allowable limit. In Microsoft Windows Vista, Windows will not block users from logging off. Instead, if the user has a roaming user profile, Windows will not synchronize the user's profile with the roaming profile server if the maximum profile size limit specified here is exceeded.
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -349,28 +354,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -387,7 +398,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting will automatically log off a user when Windows cannot load their profile.
+This policy setting will automatically log off a user when Windows cannot load their profile.
If Windows cannot access the user profile folder or the profile contains errors that prevent it from loading, Windows logs on the user with a temporary profile. This policy setting allows the administrator to disable this behavior, preventing Windows from logging on the user with a temporary profile.
@@ -398,12 +409,6 @@ If you disable this policy setting or do not configure it, Windows logs on the u
Also, see the "Delete cached copies of roaming profiles" policy setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -422,28 +427,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -460,7 +471,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting defines a slow connection for roaming user profiles and establishes thresholds for two tests of network speed.
+This policy setting defines a slow connection for roaming user profiles and establishes thresholds for two tests of network speed.
To determine the network performance characteristics, a connection is made to the file share storing the user's profile and 64 kilobytes of data is transferred. From that connection and data transfer, the network's latency and connection speed are determined.
@@ -471,12 +482,6 @@ If you enable this policy setting, you can change how long Windows waits for a r
If you disable or do not configure this policy setting, Windows considers the network connection to be slow if the server returns less than 500 kilobits of data per second or take 120 milliseconds to respond.Consider increasing this value for clients using DHCP Service-assigned addresses or for computers accessing profiles across dial-up connections.Important: If the "Do not detect slow network connections" policy setting is enabled, this policy setting is ignored. Also, if the "Delete cached copies of roaming profiles" policy setting is enabled, there is no local copy of the roaming profile to load when the system detects a slow connection.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -495,28 +500,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -533,7 +544,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the location and root (file share or local path) of a user's home folder for a logon session.
+This policy setting allows you to specify the location and root (file share or local path) of a user's home folder for a logon session.
If you enable this policy setting, the user's home folder is configured to the specified local or network location, creating a new folder for each user name.
@@ -549,12 +560,6 @@ If you disable or do not configure this policy setting, the user's home folder i
If the "Set Remote Desktop Services User Home Directory" policy setting is enabled, the “Set user home folder” policy setting has no effect.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -573,28 +578,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -611,7 +622,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This setting prevents users from managing the ability to allow apps to access the user name, account picture, and domain information.
+This setting prevents users from managing the ability to allow apps to access the user name, account picture, and domain information.
If you enable this policy setting, sharing of user name, picture and domain information may be controlled by setting one of the following options:
@@ -622,12 +633,6 @@ If you enable this policy setting, sharing of user name, picture and domain info
If you do not configure or disable this policy the user will have full control over this setting and can turn it off and on. Selecting this option may have a negative impact on certain enterprise software and/or line of business apps that depend on the domain information protected by this setting to connect with network resources if users choose to turn the setting off.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -641,6 +646,4 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
diff --git a/windows/client-management/mdm/policy-csp-admx-w32time.md b/windows/client-management/mdm/policy-csp-admx-w32time.md
index 2d0f47d74c..ceb56a9803 100644
--- a/windows/client-management/mdm/policy-csp-admx-w32time.md
+++ b/windows/client-management/mdm/policy-csp-admx-w32time.md
@@ -13,8 +13,12 @@ manager: dansimp
---
# Policy CSP - ADMX_W32Time
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -45,28 +49,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -83,7 +93,7 @@ manager: dansimp
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify Clock discipline and General values for the Windows Time service (W32time) for domain controllers including RODCs.
+This policy setting allows you to specify Clock discipline and General values for the Windows Time service (W32time) for domain controllers including RODCs.
If this policy setting is enabled, W32time Service on target machines use the settings provided here. Otherwise, the service on target machines use locally configured settings values.
@@ -166,12 +176,7 @@ This parameter controls whether or not the chaining mechanism is disabled. If ch
This parameter controls the frequency at which an event that indicates the number of successful and unsuccessful chaining attempts is logged to the System log in Event Viewer. Default: 30 minutes.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -190,28 +195,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -228,7 +239,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies a set of parameters for controlling the Windows NTP Client.
+This policy setting specifies a set of parameters for controlling the Windows NTP Client.
If you enable this policy setting, you can specify the following parameters for the Windows NTP Client.
@@ -256,12 +267,7 @@ This NTP client value, expressed in seconds, controls how often a manually confi
This value is a bitmask that controls events that may be logged to the System log in Event Viewer. Setting this value to 0x1 indicates that W32time will create an event whenever a time jump is detected. Setting this value to 0x2 indicates that W32time will create an event whenever a time source change is made. Because it is a bitmask value, setting 0x3 (the addition of 0x1 and 0x2) indicates that both time jumps and time source changes will be logged.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -280,28 +286,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -318,7 +330,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether the Windows NTP Client is enabled.
+This policy setting specifies whether the Windows NTP Client is enabled.
Enabling the Windows NTP Client allows your computer to synchronize its computer clock with other NTP servers. You might want to disable this service if you decide to use a third-party time provider.
@@ -327,12 +339,7 @@ If you enable this policy setting, you can set the local computer clock to synch
If you disable or do not configure this policy setting, the local computer clock does not synchronize time with NTP servers.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -351,28 +358,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -389,19 +402,13 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify whether the Windows NTP Server is enabled.
+This policy setting allows you to specify whether the Windows NTP Server is enabled.
If you enable this policy setting for the Windows NTP Server, your computer can service NTP requests from other computers.
If you disable or do not configure this policy setting, your computer cannot service NTP requests from other computers.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -414,8 +421,6 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
diff --git a/windows/client-management/mdm/policy-csp-admx-wcm.md b/windows/client-management/mdm/policy-csp-admx-wcm.md
index 3ec0e0695a..add85c7c05 100644
--- a/windows/client-management/mdm/policy-csp-admx-wcm.md
+++ b/windows/client-management/mdm/policy-csp-admx-wcm.md
@@ -13,8 +13,12 @@ manager: dansimp
---
# Policy CSP - ADMX_WCM
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -42,28 +46,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -80,19 +90,13 @@ manager: dansimp
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies that power management is disabled when the machine enters connected standby mode.
+This policy setting specifies that power management is disabled when the machine enters connected standby mode.
If this policy setting is enabled, Windows Connection Manager does not manage adapter radios to reduce power consumption when the machine enters connected standby mode.
If this policy setting is not configured or is disabled, power management is enabled when the machine enters connected standby mode.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -111,28 +115,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -149,7 +159,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether Windows will soft-disconnect a computer from a network.
+This policy setting determines whether Windows will soft-disconnect a computer from a network.
If this policy setting is enabled or not configured, Windows will soft-disconnect a computer from a network when it determines that the computer should no longer be connected to a network.
@@ -164,12 +174,7 @@ When soft disconnect is enabled:
This policy setting depends on other group policy settings. For example, if 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is disabled, Windows will not disconnect from any networks.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -188,28 +193,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -226,7 +237,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines if a computer can have multiple connections to the internet or to a Windows domain. If multiple connections are allowed, it then determines how network traffic will be routed.
+This policy setting determines if a computer can have multiple connections to the internet or to a Windows domain. If multiple connections are allowed, it then determines how network traffic will be routed.
If this policy setting is set to 0, a computer can have simultaneous connections to the internet, to a Windows domain, or to both. Internet traffic can be routed over any connection - including a cellular connection and any metered network. This was previously the Disabled state for this policy setting. This option was first available in Windows 8.
@@ -239,12 +250,6 @@ If this policy setting is set to 3, the behavior is similar to 2. However, if th
This policy setting is related to the "Enable Windows to soft-disconnect a computer from a network" policy setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -257,8 +262,6 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
diff --git a/windows/client-management/mdm/policy-csp-admx-wincal.md b/windows/client-management/mdm/policy-csp-admx-wincal.md
index a289a23d5b..763b758caf 100644
--- a/windows/client-management/mdm/policy-csp-admx-wincal.md
+++ b/windows/client-management/mdm/policy-csp-admx-wincal.md
@@ -13,8 +13,12 @@ manager: dansimp
---
# Policy CSP - ADMX_WinCal
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -39,28 +43,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -77,7 +87,7 @@ manager: dansimp
-Available in the latest Windows 10 Insider Preview Build. Windows Calendar is a feature that allows users to manage appointments and tasks by creating personal calendars, publishing them, and subscribing to other users calendars.
+Windows Calendar is a feature that allows users to manage appointments and tasks by creating personal calendars, publishing them, and subscribing to other users calendars.
If you enable this setting, Windows Calendar will be turned off.
@@ -86,12 +96,6 @@ If you disable or do not configure this setting, Windows Calendar will be turned
The default is for Windows Calendar to be turned on.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -112,28 +116,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -150,7 +160,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Windows Calendar is a feature that allows users to manage appointments and tasks by creating personal calendars, publishing them, and subscribing to other users calendars.
+Windows Calendar is a feature that allows users to manage appointments and tasks by creating personal calendars, publishing them, and subscribing to other users calendars.
If you enable this setting, Windows Calendar will be turned off.
@@ -159,12 +169,7 @@ If you disable or do not configure this setting, Windows Calendar will be turned
The default is for Windows Calendar to be turned on.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -177,8 +182,5 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
-
diff --git a/windows/client-management/mdm/policy-csp-admx-windowsanytimeupgrade.md b/windows/client-management/mdm/policy-csp-admx-windowsanytimeupgrade.md
index ab4c4a6c88..d5cb074150 100644
--- a/windows/client-management/mdm/policy-csp-admx-windowsanytimeupgrade.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowsanytimeupgrade.md
@@ -13,8 +13,12 @@ manager: dansimp
---
# Policy CSP - ADMX_WindowsAnytimeUpgrade
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -36,28 +40,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -75,19 +85,14 @@ manager: dansimp
-Available in the latest Windows 10 Insider Preview Build. By default, Add features to Windows 10 is available for all administrators.
+By default, Add features to Windows 10 is available for all administrators.
If you enable this policy setting, the wizard will not run.
If you disable this policy setting or set it to Not Configured, the wizard will run.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -100,7 +105,6 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
diff --git a/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md b/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md
index 80b1fb90ac..72c88fc9ca 100644
--- a/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md
@@ -13,8 +13,12 @@ manager: dansimp
---
# Policy CSP - ADMX_WindowsConnectNow
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -42,28 +46,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -80,19 +90,13 @@ manager: dansimp
-Available in the latest Windows 10 Insider Preview Build. This policy setting prohibits access to Windows Connect Now (WCN) wizards.
+This policy setting prohibits access to Windows Connect Now (WCN) wizards.
-If you enable this policy setting, the wizards are turned off and users have no access to any of the wizard tasks. All the configuration related tasks, including "Set up a wireless router or access point" and "Add a wireless device" are disabled.
+If you enable this policy setting, the wizards are turned off and users have no access to any of the wizard tasks. All the configuration-related tasks, including "Set up a wireless router or access point" and "Add a wireless device" are disabled.
-If you disable or do not configure this policy setting, users can access the wizard tasks, including "Set up a wireless router or access point" and "Add a wireless device." The default for this policy setting allows users to access all WCN wizards.
+If you disable or don't configure this policy setting, users can access the wizard tasks. They are "Set up a wireless router or access point" and "Add a wireless device." The default for this policy setting allows users to access all WCN wizards.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -111,28 +115,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -149,19 +159,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting prohibits access to Windows Connect Now (WCN) wizards.
+This policy setting prohibits access to Windows Connect Now (WCN) wizards.
-If you enable this policy setting, the wizards are turned off and users have no access to any of the wizard tasks. All the configuration related tasks, including "Set up a wireless router or access point" and "Add a wireless device" are disabled.
+If you enable this policy setting, the wizards are turned off and users have no access to any of the wizard tasks. All the configuration-related tasks, including "Set up a wireless router or access point" and "Add a wireless device" are disabled.
-If you disable or do not configure this policy setting, users can access the wizard tasks, including "Set up a wireless router or access point" and "Add a wireless device." The default for this policy setting allows users to access all WCN wizards.
+If you disable or don't configure this policy setting, users can access the wizard tasks. They are "Set up a wireless router or access point" and "Add a wireless device." The default for this policy setting allows users to access all WCN wizards.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -180,28 +185,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -218,25 +229,20 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows the configuration of wireless settings using Windows Connect Now (WCN). The WCN Registrar enables the discovery and configuration of devices over Ethernet (UPnP), over In-band 802.11 WLAN, through the Windows Portable Device API (WPD), and via USB Flash drives.
+This policy setting allows the configuration of wireless settings using Windows Connect Now (WCN). The WCN Registrar enables the discovery and configuration of devices over Ethernet (UPnP), over In-band 802.11 WLAN, through the Windows Portable Device API (WPD), and via USB Flash drives.
-Additional options are available to allow discovery and configuration over a specific medium.
+More options are available to allow discovery and configuration over a specific medium.
-If you enable this policy setting, additional choices are available to turn off the operations over a specific medium.
+If you enable this policy setting, more choices are available to turn off the operations over a specific medium.
If you disable this policy setting, operations are disabled over all media.
-If you do not configure this policy setting, operations are enabled over all media.
+If you don't configure this policy setting, operations are enabled over all media.
The default for this policy setting allows operations over all media.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -249,8 +255,7 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
diff --git a/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md b/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md
index 7ffcac7be2..e1535033ad 100644
--- a/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md
@@ -13,8 +13,13 @@ manager: dansimp
---
# Policy CSP - ADMX_WindowsExplorer
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -247,28 +252,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -285,7 +296,7 @@ manager: dansimp
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent data loss when you change the target location for Folder Redirection, and the new and old targets point to the same network share, but have different network paths.
+This policy setting allows you to prevent data loss when you change the target location for Folder Redirection, and the new and old targets point to the same network share, but have different network paths.
If you enable this policy setting, Folder Redirection creates a temporary file in the old location in order to verify that new and old locations point to the same network share. If both new and old locations point to the same share, the target path is updated and files are not copied or deleted. The temporary file is deleted.
@@ -295,12 +306,7 @@ If you disable or do not configure this policy setting, Folder Redirection does
> If the paths point to different network shares, this policy setting is not required. If the paths point to the same network share, any data contained in the redirected folders is deleted if this policy setting is not enabled.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -320,28 +326,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -358,7 +370,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This setting allows an administrator to revert specific Windows Shell behavior to classic Shell behavior.
+This setting allows an administrator to revert specific Windows Shell behavior to classic Shell behavior.
If you enable this setting, users cannot configure their system to open items by single-clicking (such as in Mouse in Control Panel). As a result, the user interface looks and operates like the interface for Windows NT 4.0, and users cannot restore the new features.
@@ -366,16 +378,9 @@ Enabling this policy will also turn off the preview pane and set the folder opti
If you disable or not configure this policy, the default File Explorer behavior is applied to the user.
-> [!NOTE]
-> In operating systems earlier than Windows Vista, enabling this policy will also disable the Active Desktop and Web view. This setting will also take precedence over the "Enable Active Desktop" setting. If both policies are enabled, Active Desktop is disabled. Also, see the "Disable Active Desktop" setting in User Configuration\Administrative Templates\Desktop\Active Desktop and the "Do not allow Folder Options to be opened from the Options button on the View tab of the ribbon" setting in User Configuration\Administrative Templates\Windows Components\File Explorer.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -394,28 +399,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -432,19 +443,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Allows you to have File Explorer display a confirmation dialog whenever a file is deleted or moved to the Recycle Bin.
+Allows you to have File Explorer display a confirmation dialog whenever a file is deleted or moved to the Recycle Bin.
If you enable this setting, a confirmation dialog is displayed when a file is deleted or moved to the Recycle Bin by the user.
If you disable or do not configure this setting, the default behavior of not displaying a confirmation dialog occurs.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -463,28 +469,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -502,19 +514,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify a location where all default Library definition files for users/machines reside.
+This policy setting allows you to specify a location where all default Library definition files for users/machines reside.
If you enable this policy setting, administrators can specify a path where all default Library definition files for users reside. The user will not be allowed to make changes to these Libraries from the UI. On every logon, the policy settings are verified and Libraries for the user are updated or changed according to the path defined.
If you disable or do not configure this policy setting, no changes are made to the location of the default Library definition files.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -533,28 +540,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -572,19 +585,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Changes the behavior of IShellFolder::BindToObject for IID_IPropertySetStorage to not bind directly to the IPropertySetStorage implementation, and to include the intermediate layers provided by the Property System.
+Changes the behavior of IShellFolder::BindToObject for IID_IPropertySetStorage to not bind directly to the IPropertySetStorage implementation, and to include the intermediate layers provided by the Property System.
This behavior is consistent with Windows Vista's behavior in this scenario.
This disables access to user-defined properties, and properties stored in NTFS secondary streams.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -603,28 +611,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -641,7 +655,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to turn off Windows Libraries features that need indexed file metadata to function properly.
+This policy setting allows you to turn off Windows Libraries features that need indexed file metadata to function properly.
If you enable this policy, some Windows Libraries features will be turned off to better handle included folders that have been redirected to non-indexed network locations.
@@ -658,12 +672,7 @@ If you enable this policy, Windows Libraries features that rely on indexed file
If you disable or do not configure this policy, all default Windows Libraries features will be enabled.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -683,28 +692,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -721,22 +736,17 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify a list of known folders that should be disabled.
+This policy setting allows you to specify a list of known folders that should be disabled.
Disabling a known folder will prevent the underlying file or directory from being created via the known folder API. If the folder exists before the policy is applied, the folder must be manually deleted since the policy only blocks the creation of the folder.
-You can specify a known folder using its known folder id or using its canonical name. For example, the Sample Videos known folder can be disabled by specifying {440fcffd-a92b-4739-ae1a-d4a54907c53f} or SampleVideos.
+You can specify a known folder using its known folder ID or using its canonical name. For example, the Sample Videos known folder can be disabled by specifying {440fcffd-a92b-4739-ae1a-d4a54907c53f} or SampleVideos.
> [!NOTE]
> Disabling a known folder can introduce application compatibility issues in applications that depend on the existence of the known folder.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -755,28 +765,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -793,7 +809,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Disables suggesting recent queries for the Search Box and prevents entries into the Search Box from being stored in the registry for future references.
+Disables suggesting recent queries for the Search Box and prevents entries into the Search Box from being stored in the registry for future references.
File Explorer shows suggestion pop-ups as users type into the Search Box.
@@ -803,12 +819,7 @@ These suggestions are based on their past entries into the Search Box.
> If you enable this policy, File Explorer will not show suggestion pop-ups as users type into the Search Box, and it will not store Search Box entries into the registry for future references. If the user types a property, values that match this property will be shown but no data will be saved in the registry or re-shown on subsequent uses of the search box.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -828,28 +839,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -866,7 +883,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether remote paths can be used for file shortcut (.lnk file) icons.
+This policy setting determines whether remote paths can be used for file shortcut (.lnk file) icons.
If you enable this policy setting, file shortcut icons are allowed to be obtained from remote paths.
@@ -876,12 +893,7 @@ If you disable or do not configure this policy setting, file shortcut icons that
> Allowing the use of remote paths in file shortcut icons can expose users’ computers to security risks.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -901,28 +913,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -939,7 +957,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy allows you to turn Windows Defender SmartScreen on or off. SmartScreen helps protect PCs by warning users before running potentially malicious programs downloaded from the Internet. This warning is presented as an interstitial dialog shown before running an app that has been downloaded from the Internet and is unrecognized or known to be malicious. No dialog is shown for apps that do not appear to be suspicious.
+This policy allows you to turn Windows Defender SmartScreen on or off. SmartScreen helps protect PCs by warning users before running potentially malicious programs downloaded from the Internet. This warning is presented as an interstitial dialog shown before running an app that has been downloaded from the Internet and is unrecognized or known to be malicious. No dialog is shown for apps that do not appear to be suspicious.
Some information is sent to Microsoft about files and programs run on PCs with this feature enabled.
@@ -955,12 +973,7 @@ If you disable this policy, SmartScreen will be turned off for all users. Users
If you do not configure this policy, SmartScreen will be enabled by default, but users may change their settings.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -979,28 +992,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1017,7 +1036,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This setting is designed to ensure that shell extensions can operate on a per-user basis.
+This setting is designed to ensure that shell extensions can operate on a per-user basis.
If you enable this setting, Windows is directed to only run those shell extensions that have either been approved by an administrator or that will not impact other users of the machine. A shell extension only runs if there is an entry in at least one of the following locations in registry.
@@ -1026,12 +1045,7 @@ For shell extensions that have been approved by the administrator and are availa
For shell extensions to run on a per-user basis, there must be an entry at HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1050,28 +1064,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1089,19 +1109,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify whether the ribbon appears minimized or in full when new File Explorer windows are opened.
+This policy setting allows you to specify whether the ribbon appears minimized or in full when new File Explorer windows are opened.
If you enable this policy setting, you can set how the ribbon appears the first time users open File Explorer and whenever they open new windows.
If you disable or do not configure this policy setting, users can choose how the ribbon appears when they open new windows.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1120,28 +1135,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1158,19 +1179,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to turn off the display of snippets in Content view mode.
+This policy setting allows you to turn off the display of snippets in Content view mode.
If you enable this policy setting, File Explorer will not display snippets in Content view mode.
If you disable or do not configure this policy setting, File Explorer shows snippets in Content view mode by default.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1189,28 +1205,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1228,7 +1250,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
+This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
@@ -1239,12 +1261,7 @@ If you do not configure this policy setting, users can preview items and get cus
Changes to this setting may not be applied until the user logs off from Windows.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1263,28 +1280,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1302,7 +1325,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
+This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
@@ -1313,12 +1336,7 @@ If you do not configure this policy setting, users can preview items and get cus
Changes to this setting may not be applied until the user logs off from Windows.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1337,28 +1355,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1376,7 +1400,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
+This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
@@ -1387,12 +1411,7 @@ If you do not configure this policy setting, users can preview items and get cus
Changes to this setting may not be applied until the user logs off from Windows.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1411,28 +1430,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1450,7 +1475,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
+This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
@@ -1461,12 +1486,7 @@ If you do not configure this policy setting, users can preview items and get cus
Changes to this setting may not be applied until the user logs off from Windows.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1485,28 +1505,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1524,7 +1550,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
+This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
@@ -1535,12 +1561,7 @@ If you do not configure this policy setting, users can preview items and get cus
Changes to this setting may not be applied until the user logs off from Windows.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1559,28 +1580,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1598,7 +1625,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
+This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
@@ -1609,12 +1636,7 @@ If you do not configure this policy setting, users can preview items and get cus
Changes to this setting may not be applied until the user logs off from Windows.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1633,28 +1655,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1672,7 +1700,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
+This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
@@ -1683,12 +1711,7 @@ If you do not configure this policy setting, users cannot preview items or get c
Changes to this setting may not be applied until the user logs off from Windows.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1707,28 +1730,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1746,7 +1775,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
+This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
@@ -1757,12 +1786,7 @@ If you do not configure this policy setting, users cannot preview items or get c
Changes to this setting may not be applied until the user logs off from Windows.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1781,28 +1805,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1820,7 +1850,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
+This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
@@ -1831,12 +1861,7 @@ If you do not configure this policy setting, users can preview items and get cus
Changes to this setting may not be applied until the user logs off from Windows.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1855,28 +1880,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1894,7 +1925,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
+This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
@@ -1905,12 +1936,7 @@ If you do not configure this policy setting, users can preview items and get cus
Changes to this setting may not be applied until the user logs off from Windows.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1929,28 +1955,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1968,7 +2000,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.
+This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.
If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
@@ -1977,12 +2009,7 @@ If you disable this policy setting, users are prevented from performing OpenSear
If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2001,28 +2028,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2040,7 +2073,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.
+This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.
If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
@@ -2049,12 +2082,7 @@ If you disable this policy setting, users are prevented from performing OpenSear
If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2073,28 +2101,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2112,7 +2146,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.
+This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.
If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
@@ -2121,12 +2155,7 @@ If you disable this policy setting, users are prevented from performing OpenSear
If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2145,28 +2174,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2184,7 +2219,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.
+This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.
If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
@@ -2193,12 +2228,7 @@ If you disable this policy setting, users are prevented from performing OpenSear
If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2217,28 +2247,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2256,7 +2292,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.
+This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.
If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
@@ -2265,12 +2301,7 @@ If you disable this policy setting, users are prevented from performing OpenSear
If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2289,28 +2320,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2328,7 +2365,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.
+This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.
If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
@@ -2337,12 +2374,7 @@ If you disable this policy setting, users are prevented from performing OpenSear
If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2361,28 +2393,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2400,7 +2438,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.
+This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.
If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
@@ -2409,12 +2447,7 @@ If you disable this policy setting, users are prevented from performing OpenSear
If you do not configure this policy setting, users cannot perform OpenSearch queries in this zone using Search Connectors.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2434,28 +2467,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2473,7 +2512,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.
+This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.
If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
@@ -2482,12 +2521,7 @@ If you disable this policy setting, users are prevented from performing OpenSear
If you do not configure this policy setting, users cannot perform OpenSearch queries in this zone using Search Connectors.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2507,28 +2541,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2546,7 +2586,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.
+This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.
If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
@@ -2555,12 +2595,7 @@ If you disable this policy setting, users are prevented from performing OpenSear
If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2579,28 +2614,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2618,7 +2659,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.
+This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.
If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
@@ -2627,12 +2668,7 @@ If you disable this policy setting, users are prevented from performing OpenSear
If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2651,28 +2687,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2689,7 +2731,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether Windows traces shortcuts back to their sources when it cannot find the target on the user's system.
+This policy setting determines whether Windows traces shortcuts back to their sources when it cannot find the target on the user's system.
Shortcut files typically include an absolute path to the original target file as well as the relative path to the current target file. When the system cannot find the file in the current target path, then, by default, it searches for the target in the original path. If the shortcut has been copied to a different computer, the original path might lead to a network computer, including external resources, such as an Internet server.
@@ -2698,12 +2740,7 @@ If you enable this policy setting, Windows only searches the current target path
If you disable or do not configure this policy setting, Windows searches for the original path when it cannot find the target file in the current target path.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2722,28 +2759,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2760,19 +2803,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to set the maximum number of shortcuts the system can display in the Recent Items menu on the Start menu. The Recent Items menu contains shortcuts to the nonprogram files the user has most recently opened.
+This policy setting allows you to set the maximum number of shortcuts the system can display in the Recent Items menu on the Start menu. The Recent Items menu contains shortcuts to the nonprogram files the user has most recently opened.
If you enable this policy setting, the system displays the number of shortcuts specified by the policy setting.
If you disable or do not configure this policy setting, by default, the system displays shortcuts to the 10 most recently opened documents.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2791,28 +2829,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2829,23 +2873,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Hide the Back button in the Open dialog box. This policy setting lets you remove new features added in Microsoft Windows 2000 Professional, so the Open dialog box appears as it did in Windows NT 4.0 and earlier. This policy setting affects only programs that use the standard Open dialog box provided to developers of Windows programs.
+Hide the Back button in the Open dialog box. This policy setting lets you remove new features added in Microsoft Windows 2000 Professional, so the Open dialog box appears as it did in Windows NT 4.0 and earlier. This policy setting affects only programs that use the standard Open dialog box provided to developers of Windows programs.
If you enable this policy setting, the Back button is removed from the standard Open dialog box.
If you disable or do not configure this policy setting, the Back button is displayed for any standard Open dialog box. To see an example of the standard Open dialog box, start Notepad and, on the File menu, click Open.
-> [!NOTE]
-> In Windows Vista, this policy setting applies only to applications that are using the Windows XP common dialog box style. This policy setting does not apply to the new Windows Vista common dialog box style. Also, third-party applications with Windows 2000 or later certification to are required to adhere to this policy setting.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2864,28 +2899,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2902,7 +2943,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove CD Burning features. File Explorer allows you to create and modify re-writable CDs if you have a CD writer connected to your PC.
+This policy setting allows you to remove CD Burning features. File Explorer allows you to create and modify re-writable CDs if you have a CD writer connected to your PC.
If you enable this policy setting, all features in the File Explorer that allow you to use your CD writer are removed.
@@ -2912,12 +2953,7 @@ If you disable or do not configure this policy setting, users are able to use th
> This policy setting does not prevent users from using third-party applications to create or modify CDs using a CD writer.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2936,28 +2972,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2974,7 +3016,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to turn off caching of thumbnail pictures.
+This policy setting allows you to turn off caching of thumbnail pictures.
If you enable this policy setting, thumbnail views are not cached.
@@ -2984,12 +3026,7 @@ If you disable or do not configure this policy setting, thumbnail views are cach
> For shared corporate workstations or computers where security is a top concern, you should enable this policy setting to turn off the thumbnail view cache, because the thumbnail cache can be read by everyone.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3008,28 +3045,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3046,7 +3089,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent users from enabling or disabling minor animations in the operating system for the movement of windows, menus, and lists.
+This policy setting allows you to prevent users from enabling or disabling minor animations in the operating system for the movement of windows, menus, and lists.
If you enable this policy setting, the "Use transition effects for menus and tooltips" option in Display in Control Panel is disabled, and cannot be toggled by users.
@@ -3055,12 +3098,7 @@ Effects, such as animation, are designed to enhance the user's experience but mi
If you disable or do not configure this policy setting, users are allowed to turn on or off these minor system animations using the "Use transition effects for menus and tooltips" option in Display in Control Panel.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3079,28 +3117,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3117,17 +3161,12 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Disables the "Hide keyboard navigation indicators until I use the ALT key" option in Display in Control Panel. When this Display Properties option is selected, the underlining that indicates a keyboard shortcut character (hot key) does not appear on menus until you press ALT.
+Disables the "Hide keyboard navigation indicators until I use the ALT key" option in Display in Control Panel. When this Display Properties option is selected, the underlining that indicates a keyboard shortcut character (hot key) does not appear on menus until you press ALT.
Effects, such as transitory underlines, are designed to enhance the user's experience but might be confusing or distracting to some users.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3146,28 +3185,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3184,19 +3229,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove the DFS tab from File Explorer.
+This policy setting allows you to remove the DFS tab from File Explorer.
If you enable this policy setting, the DFS (Distributed File System) tab is removed from File Explorer and from other programs that use the File Explorer browser, such as My Computer. As a result, users cannot use this tab to view or change the properties of the DFS shares available from their computer. This policy setting does not prevent users from using other methods to configure DFS.
If you disable or do not configure this policy setting, the DFS tab is available.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3215,28 +3255,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3253,7 +3299,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to hide these specified drives in My Computer.
+This policy setting allows you to hide these specified drives in My Computer.
This policy setting allows you to remove the icons representing selected hard drives from My Computer and File Explorer. Also, the drive letters representing the selected drives do not appear in the standard Open dialog box.
@@ -3265,12 +3311,7 @@ If you enable this policy setting, select a drive or combination of drives in th
If you disable or do not configure this policy setting, all drives are displayed, or select the "Do not restrict drives" option in the drop-down list. Also, see the "Prevent access to drives from My Computer" policy setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3289,28 +3330,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3327,7 +3374,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Removes all computers outside of the user's workgroup or local domain from lists of network resources in File Explorer and Network Locations.
+Removes all computers outside of the user's workgroup or local domain from lists of network resources in File Explorer and Network Locations.
If you enable this setting, the system removes the Entire Network option and the icons representing networked computers from Network Locations and from the browser associated with the Map Network Drive option.
@@ -3339,12 +3386,7 @@ To remove computers in the user's workgroup or domain from lists of network reso
> It is a requirement for third-party applications with Windows 2000 or later certification to adhere to this setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3363,28 +3405,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3401,7 +3449,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Removes the list of most recently used files from the Open dialog box.
+Removes the list of most recently used files from the Open dialog box.
If you disable this setting or do not configure it, the "File name" field includes a drop-down list of recently used files. If you enable this setting, the "File name" field is a simple text box. Users must browse directories to find a file or type a file name in the text box.
@@ -3409,16 +3457,10 @@ This setting, and others in this folder, lets you remove new features added in W
To see an example of the standard Open dialog box, start WordPad and, on the File menu, click Open.
-> [!NOTE]
-> In Windows Vista, this policy setting applies only to applications that are using the Windows XP common dialog box style. This policy setting does not apply to the new Windows Vista common dialog box style. It is a requirement for third-party applications with Windows 2000 or later certification to adhere to this setting.
+
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3437,28 +3479,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3475,17 +3523,12 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Removes the File menu from My Computer and File Explorer.
+Removes the File menu from My Computer and File Explorer.
This setting does not prevent users from using other methods to perform tasks available on the File menu.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3504,28 +3547,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3542,7 +3591,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent users from accessing Folder Options through the View tab on the ribbon in File Explorer.
+This policy setting allows you to prevent users from accessing Folder Options through the View tab on the ribbon in File Explorer.
Folder Options allows users to change the way files and folders open, what appears in the navigation pane, and other advanced view settings.
@@ -3551,12 +3600,7 @@ If you enable this policy setting, users will receive an error message if they t
If you disable or do not configure this policy setting, users can open Folder Options from the View tab on the ribbon.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3575,28 +3619,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3613,15 +3663,10 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Removes the Hardware tab. This setting removes the Hardware tab from Mouse, Keyboard, and Sounds and Audio Devices in Control Panel. It also removes the Hardware tab from the Properties dialog box for all local drives, including hard drives, floppy disk drives, and CD-ROM drives. As a result, users cannot use the Hardware tab to view or change the device list or device properties, or use the Troubleshoot button to resolve problems with the device.
+Removes the Hardware tab. This setting removes the Hardware tab from Mouse, Keyboard, and Sounds and Audio Devices in Control Panel. It also removes the Hardware tab from the Properties dialog box for all local drives, including hard drives, floppy disk drives, and CD-ROM drives. As a result, users cannot use the Hardware tab to view or change the device list or device properties, or use the Troubleshoot button to resolve problems with the device.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3640,28 +3685,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3678,22 +3729,17 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Removes the Manage item from the File Explorer context menu. This context menu appears when you right-click File Explorer or My Computer.
+Removes the Manage item from the File Explorer context menu. This context menu appears when you right-click File Explorer or My Computer.
The Manage item opens Computer Management (Compmgmt.msc), a console tool that includes many of the primary Windows 2000 administrative tools, such as Event Viewer, Device Manager, and Disk Management. You must be an administrator to use many of the features of these tools.
This setting does not remove the Computer Management item from the Start menu (Start, Programs, Administrative Tools, Computer Management), nor does it prevent users from using other methods to start Computer Management.
-> [!TIP]
+> [!NOTE]
> To hide all context menus, use the "Remove File Explorer's default context menu" setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3712,28 +3758,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3750,22 +3802,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove the Shared Documents folder from My Computer. When a Windows client is in a workgroup, a Shared Documents icon appears in the File Explorer Web view under "Other Places" and also under "Files Stored on This Computer" in My Computer. Using this policy setting, you can choose not to have these items displayed.
+This policy setting allows you to remove the Shared Documents folder from My Computer. When a Windows client is in a workgroup, a Shared Documents icon appears in the File Explorer Web view under "Other Places" and also under "Files Stored on This Computer" in My Computer. Using this policy setting, you can choose not to have these items displayed.
If you enable this policy setting, the Shared Documents folder is not displayed in the Web view or in My Computer.
If you disable or do not configure this policy setting, the Shared Documents folder is displayed in Web view and also in My Computer when the client is part of a workgroup.
-> [!NOTE]
-> The ability to remove the Shared Documents folder via Group Policy is only available on Windows XP Professional.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -3784,28 +3828,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3822,24 +3872,19 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Prevents users from using File Explorer or Network Locations to map or disconnect network drives.
+Prevents users from using File Explorer or Network Locations to map or disconnect network drives.
If you enable this setting, the system removes the Map Network Drive and Disconnect Network Drive commands from the toolbar and Tools menus in File Explorer and Network Locations and from menus that appear when you right-click the File Explorer or Network Locations icons.
This setting does not prevent users from connecting to another computer by typing the name of a shared folder in the Run dialog box.
> [!NOTE]
-> This setting was documented incorrectly on the Explain tab in Group Policy for Windows 2000. The Explain tab states incorrectly that this setting prevents users from connecting and disconnecting drives.
+> This setting was documented incorrectly on the Explain tab in MDM Policy for Windows 2000. The Explain tab states incorrectly that this setting prevents users from connecting and disconnecting drives.
>
> It is a requirement for third-party applications with Windows 2000 or later certification to adhere to this setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3858,28 +3903,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3896,17 +3947,12 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy removes the end-user notification for new application associations. These associations are based on file types (e.g. *.txt) or protocols (e.g. http:).
+This policy removes the end-user notification for new application associations. These associations are based on file types (e.g. *.txt) or protocols (e.g. http:).
-If this group policy is enabled, no notifications will be shown. If the group policy is not configured or disabled, notifications will be shown to the end user if a new application has been installed that can handle the file type or protocol association that was invoked.
+If this MDM Policy is enabled, no notifications will be shown. If the MDM Policy is not configured or disabled, notifications will be shown to the end user if a new application has been installed that can handle the file type or protocol association that was invoked.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3925,28 +3971,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3963,20 +4015,12 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Removes the shortcut bar from the Open dialog box. This setting, and others in this folder, lets you remove new features added in Windows 2000 Professional, so that the Open dialog box looks like it did in Windows NT 4.0 and earlier. These policies only affect programs that use the standard Open dialog box provided to developers of Windows programs.
+Removes the shortcut bar from the Open dialog box. This setting, and others in this folder, lets you remove new features added in Windows 2000 Professional, so that the Open dialog box looks like it did in Windows NT 4.0 and earlier. These policies only affect programs that use the standard Open dialog box provided to developers of Windows programs.
To see an example of the standard Open dialog box, start WordPad and, on the File menu, click Open.
-> [!NOTE]
-> In Windows Vista, this policy setting applies only to applications that are using the Windows XP common dialog box style. This policy setting does not apply to the new Windows Vista common dialog box style. It is a requirement for third-party applications with Windows 2000 or later certification to adhere to this setting.
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -3995,28 +4039,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4033,19 +4083,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. When a file or folder is deleted in File Explorer, a copy of the file or folder is placed in the Recycle Bin. Using this setting, you can change this behavior.
+When a file or folder is deleted in File Explorer, a copy of the file or folder is placed in the Recycle Bin. Using this setting, you can change this behavior.
If you enable this setting, files and folders that are deleted using File Explorer will not be placed in the Recycle Bin and will therefore be permanently deleted.
If you disable or do not configure this setting, files and folders deleted using File Explorer will be placed in the Recycle Bin.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -4064,28 +4109,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4102,7 +4153,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Prevents users from submitting alternate logon credentials to install a program.
+Prevents users from submitting alternate logon credentials to install a program.
This setting suppresses the "Install Program As Other User" dialog box for local and network installations. This dialog box, which prompts the current user for the user name and password of an administrator, appears when users who are not administrators try to install programs locally on their computers. This setting allows administrators who have logged on as regular users to install programs without logging off and logging on again using their administrator credentials.
@@ -4113,12 +4164,7 @@ If you disable this setting or do not configure it, the "Install Program As Othe
By default, users are not prompted for alternate logon credentials when installing programs from a network share. If enabled, this setting overrides the "Request credentials for network installations" setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -4137,28 +4183,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4175,19 +4227,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. If you enable this policy, the "Internet" "Search again" link will not be shown when the user performs a search in the Explorer window.
+If you enable this policy, the "Internet" "Search again" link will not be shown when the user performs a search in the Explorer window.
If you disable this policy, there will be an "Internet" "Search again" link when the user performs a search in the Explorer window. This button launches a search in the default browser with the search terms.
If you do not configure this policy (default), there will be an "Internet" link when the user performs a search in the Explorer window.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -4206,28 +4253,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4244,19 +4297,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Removes the Security tab from File Explorer.
+Removes the Security tab from File Explorer.
If you enable this setting, users opening the Properties dialog box for all file system objects, including folders, files, shortcuts, and drives, will not be able to access the Security tab. As a result, users will be able to neither change the security settings nor view a list of all users that have access to the resource in question.
If you disable or do not configure this setting, users will be able to access the security tab.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -4275,28 +4323,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4313,19 +4367,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove the Search button from the File Explorer toolbar. If you enable this policy setting, the Search button is removed from the Standard Buttons toolbar that appears in File Explorer and other programs that use the File Explorer window, such as My Computer and Network Locations. Enabling this policy setting does not remove the Search button or affect any search features of Internet browser windows, such as the Internet Explorer window.
+This policy setting allows you to remove the Search button from the File Explorer toolbar. If you enable this policy setting, the Search button is removed from the Standard Buttons toolbar that appears in File Explorer and other programs that use the File Explorer window, such as My Computer and Network Locations. Enabling this policy setting does not remove the Search button or affect any search features of Internet browser windows, such as the Internet Explorer window.
If you disable or do not configure this policy setting, the Search button is available from the File Explorer toolbar.
This policy setting does not affect the Search items on the File Explorer context menu or on the Start menu. To remove Search from the Start menu, use the "Remove Search menu from Start menu" policy setting (in User Configuration\Administrative Templates\Start Menu and Taskbar). To hide all context menus, use the "Remove File Explorer's default context menu" policy setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -4344,28 +4393,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4383,19 +4438,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to have file names sorted literally (as in Windows 2000 and earlier) rather than in numerical order.
+This policy setting allows you to have file names sorted literally (as in Windows 2000 and earlier) rather than in numerical order.
If you enable this policy setting, File Explorer will sort file names by each digit in a file name (for example, 111 < 22 < 3).
If you disable or do not configure this policy setting, File Explorer will sort file names by increasing number value (for example, 3 < 22 < 111).
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -4414,28 +4464,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4452,17 +4508,12 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Removes shortcut menus from the desktop and File Explorer. Shortcut menus appear when you right-click an item.
+Removes shortcut menus from the desktop and File Explorer. Shortcut menus appear when you right-click an item.
If you enable this setting, menus do not appear when you right-click the desktop or when you right-click the items in File Explorer. This setting does not prevent users from using other methods to issue commands available on the shortcut menus.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -4481,28 +4532,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4519,7 +4576,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Prevents users from using My Computer to gain access to the content of selected drives.
+Prevents users from using My Computer to gain access to the content of selected drives.
If you enable this setting, users can browse the directory structure of the selected drives in My Computer or File Explorer, but they cannot open folders and access the contents (open the files in the folders or see the files in the folders). Also, they cannot use the Run dialog box or the Map Network Drive dialog box to view the directories on these drives.
@@ -4531,12 +4588,7 @@ To use this setting, select a drive or combination of drives from the drop-down
> Also, this setting does not prevent users from using programs to access local and network drives. And, it does not prevent them from using the Disk Management snap-in to view and change drive characteristics. Also, see the "Hide these specified drives in My Computer" setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -4555,28 +4607,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4593,7 +4651,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Turn off Windows Key hotkeys. Keyboards with a Windows key provide users with shortcuts to common shell features. For example, pressing the keyboard sequence Windows+R opens the Run dialog box; pressing Windows+E starts File Explorer.
+Turn off Windows Key hotkeys. Keyboards with a Windows key provide users with shortcuts to common shell features. For example, pressing the keyboard sequence Windows+R opens the Run dialog box; pressing Windows+E starts File Explorer.
By using this setting, you can disable these Windows Key hotkeys.
@@ -4602,12 +4660,7 @@ If you enable this setting, the Windows Key hotkeys are unavailable.
If you disable or do not configure this setting, the Windows Key hotkeys are available.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -4626,28 +4679,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4664,7 +4723,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove computers in the user's workgroup and domain from lists of network resources in File Explorer and Network Locations.
+This policy setting allows you to remove computers in the user's workgroup and domain from lists of network resources in File Explorer and Network Locations.
If you enable this policy setting, the system removes the "Computers Near Me" option and the icons representing nearby computers from Network Locations. This policy setting also removes these icons from the Map Network Drive browser.
@@ -4675,12 +4734,7 @@ This policy setting does not prevent users from connecting to computers in their
To remove network computers from lists of network resources, use the "No Entire Network in Network Locations" policy setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -4699,28 +4753,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4737,7 +4797,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Configures the list of items displayed in the Places Bar in the Windows File/Open dialog. If enable this setting you can specify from 1 to 5 items to be displayed in the Places Bar.
+Configures the list of items displayed in the Places Bar in the Windows File/Open dialog. If enable this setting you can specify from 1 to 5 items to be displayed in the Places Bar.
The valid items you may display in the Places Bar are:
@@ -4753,16 +4813,9 @@ Desktop, Recent Places, Documents, Pictures, Music, Recently Changed, Attachment
If you disable or do not configure this setting the default list of items will be displayed in the Places Bar.
-> [!NOTE]
-> In Windows Vista, this policy setting applies only to applications that are using the Windows XP common dialog box style. This policy setting does not apply to the new Windows Vista common dialog box style.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -4781,28 +4834,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4819,7 +4878,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Prompts users for alternate logon credentials during network-based installations.
+Prompts users for alternate logon credentials during network-based installations.
This setting displays the "Install Program As Other User" dialog box even when a program is being installed from files on a network computer across a local area network connection.
@@ -4833,12 +4892,7 @@ If the dialog box does not appear, the installation proceeds with the current us
> If it is enabled, the "Do not request alternate credentials" setting takes precedence over this setting. When that setting is enabled, users are not prompted for alternate logon credentials on any installation.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -4857,28 +4911,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4895,7 +4955,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Limits the percentage of a volume's disk space that can be used to store deleted files.
+Limits the percentage of a volume's disk space that can be used to store deleted files.
If you enable this setting, the user has a maximum amount of disk space that may be used for the Recycle Bin on their workstation.
@@ -4905,12 +4965,7 @@ If you disable or do not configure this setting, users can change the total amou
> This setting is applied to all volumes.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -4929,28 +4984,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4967,7 +5028,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure the amount of functionality that the shell protocol can have. When using the full functionality of this protocol, applications can open folders and launch files. The protected mode reduces the functionality of this protocol allowing applications to only open a limited set of folders. Applications are not able to open files with this protocol when it is in the protected mode. It is recommended to leave this protocol in the protected mode to increase the security of Windows.
+This policy setting allows you to configure the amount of functionality that the shell protocol can have. When using the full functionality of this protocol, applications can open folders and launch files. The protected mode reduces the functionality of this protocol allowing applications to only open a limited set of folders. Applications are not able to open files with this protocol when it is in the protected mode. It is recommended to leave this protocol in the protected mode to increase the security of Windows.
If you enable this policy setting the protocol is fully enabled, allowing the opening of folders and files.
@@ -4976,12 +5037,7 @@ If you disable this policy setting the protocol is in the protected mode, allowi
If you do not configure this policy setting the protocol is in the protected mode, allowing applications to only open a limited set of folders.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -5000,28 +5056,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -5038,7 +5100,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure the amount of functionality that the shell protocol can have. When using the full functionality of this protocol, applications can open folders and launch files. The protected mode reduces the functionality of this protocol allowing applications to only open a limited set of folders. Applications are not able to open files with this protocol when it is in the protected mode. It is recommended to leave this protocol in the protected mode to increase the security of Windows.
+This policy setting allows you to configure the amount of functionality that the shell protocol can have. When using the full functionality of this protocol, applications can open folders and launch files. The protected mode reduces the functionality of this protocol allowing applications to only open a limited set of folders. Applications are not able to open files with this protocol when it is in the protected mode. It is recommended to leave this protocol in the protected mode to increase the security of Windows.
If you enable this policy setting the protocol is fully enabled, allowing the opening of folders and files.
@@ -5047,12 +5109,7 @@ If you disable this policy setting the protocol is in the protected mode, allowi
If you do not configure this policy setting the protocol is in the protected mode, allowing applications to only open a limited set of folders.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -5071,28 +5128,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -5109,7 +5172,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Shows or hides hibernate from the power options menu.
+Shows or hides hibernate from the power options menu.
If you enable this policy setting, the hibernate option will be shown in the Power Options menu (as long as it is supported by the machine's hardware).
@@ -5118,12 +5181,7 @@ If you disable this policy setting, the hibernate option will never be shown in
If you do not configure this policy setting, users will be able to choose whether they want hibernate to show through the Power Options Control Panel.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -5142,28 +5200,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -5180,7 +5244,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Shows or hides sleep from the power options menu.
+Shows or hides sleep from the power options menu.
If you enable this policy setting, the sleep option will be shown in the Power Options menu (as long as it is supported by the machine's hardware).
@@ -5189,12 +5253,7 @@ If you disable this policy setting, the sleep option will never be shown in the
If you do not configure this policy setting, users will be able to choose whether they want sleep to show through the Power Options Control Panel.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -5213,28 +5272,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -5251,23 +5316,18 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows up to five Libraries or Search Connectors to be pinned to the "Search again" links and the Start menu links. The "Search again" links at the bottom of the Search Results view allow the user to reconduct a search but in a different location. To add a Library or Search Connector link, specify the path of the .Library-ms or .searchConnector-ms file in the "Location" text box (for example, "C:\sampleLibrary.Library-ms" for the Documents library, or "C:\sampleSearchConnector.searchConnector-ms" for a Search Connector). The pinned link will only work if this path is valid and the location contains the specified .Library-ms or .searchConnector-ms file.
+This policy setting allows up to five Libraries or Search Connectors to be pinned to the "Search again" links and the Start menu links. The "Search again" links at the bottom of the Search Results view allow the user to reconduct a search but in a different location. To add a Library or Search Connector link, specify the path of the .Library-ms or .searchConnector-ms file in the "Location" text box (for example, "C:\sampleLibrary.Library-ms" for the Documents library, or "C:\sampleSearchConnector.searchConnector-ms" for a Search Connector). The pinned link will only work if this path is valid and the location contains the specified .Library-ms or .searchConnector-ms file.
You can add up to five additional links to the "Search again" links at the bottom of results returned in File Explorer after a search is executed. These links will be shared between Internet search sites and Search Connectors/Libraries. Search Connector/Library links take precedence over Internet search links.
-The first several links will also be pinned to the Start menu. A total of four links can be included on the Start menu. The "See more results" link will be pinned first by default, unless it is disabled via Group Policy. The "Search the Internet" link is pinned second, if it is pinned via Group Policy (though this link is disabled by default). If a custom Internet search link is pinned using the "Custom Internet search provider" Group Policy, this link will be pinned third on the Start menu. The remaining link(s) will be shared between pinned Search Connectors/Libraries and pinned Internet/intranet search links. Search Connector/Library links take precedence over Internet/intranet search links.
+The first several links will also be pinned to the Start menu. A total of four links can be included on the Start menu. The "See more results" link will be pinned first by default, unless it is disabled via MDM Policy. The "Search the Internet" link is pinned second, if it is pinned via MDM Policy (though this link is disabled by default). If a custom Internet search link is pinned using the "Custom Internet search provider" MDM Policy, this link will be pinned third on the Start menu. The remaining link(s) will be shared between pinned Search Connectors/Libraries and pinned Internet/intranet search links. Search Connector/Library links take precedence over Internet/intranet search links.
If you enable this policy setting, the specified Libraries or Search Connectors will appear in the "Search again" links and the Start menu links.
If you disable or do not configure this policy setting, no Libraries or Search Connectors will appear in the "Search again" links or the Start menu links.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -5286,28 +5346,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -5324,23 +5390,18 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to add Internet or intranet sites to the "Search again" links located at the bottom of search results in File Explorer and the Start menu links. The "Search again" links at the bottom of the Search Results view allow the user to reconduct a search but in a different location. The Internet search site will be searched with the text in the search box. To add an Internet search site, specify the URL of the search site in OpenSearch format with {searchTerms} for the query string (for example, http://www.example.com/results.aspx?q={searchTerms}).
+This policy setting allows you to add Internet or intranet sites to the "Search again" links located at the bottom of search results in File Explorer and the Start menu links. The "Search again" links at the bottom of the Search Results view allow the user to reconduct a search but in a different location. The Internet search site will be searched with the text in the search box. To add an Internet search site, specify the URL of the search site in OpenSearch format with {searchTerms} for the query string (for example, http://www.example.com/results.aspx?q={searchTerms}).
You can add up to five additional links to the "Search again" links at the bottom of results returned in File Explorer after a search is executed. These links will be shared between Internet search sites and Search Connectors/Libraries. Search Connector/Library links take precedence over Internet search links.
-The first several links will also be pinned to the Start menu. A total of four links can be pinned on the Start menu. The "See more results" link will be pinned first by default, unless it is disabled via Group Policy. The "Search the Internet" link is pinned second, if it is pinned via Group Policy (though this link is disabled by default). If a custom Internet search link is pinned using the "Custom Internet search provider" Group Policy, this link will be pinned third on the Start menu. The remaining link(s) will be shared between pinned Internet/intranet links and pinned Search Connectors/Libraries. Search Connector/Library links take precedence over Internet/intranet search links.
+The first several links will also be pinned to the Start menu. A total of four links can be pinned on the Start menu. The "See more results" link will be pinned first by default, unless it is disabled via MDM Policy. The "Search the Internet" link is pinned second, if it is pinned via MDM Policy (though this link is disabled by default). If a custom Internet search link is pinned using the "Custom Internet search provider" MDM Policy, this link will be pinned third on the Start menu. The remaining link(s) will be shared between pinned Internet/intranet links and pinned Search Connectors/Libraries. Search Connector/Library links take precedence over Internet/intranet search links.
If you enable this policy setting, the specified Internet sites will appear in the "Search again" links and the Start menu links.
If you disable or do not configure this policy setting, no custom Internet search sites will be added to the "Search again" links or the Start menu links.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -5353,7 +5414,6 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
diff --git a/windows/client-management/mdm/policy-csp-admx-windowsfileprotection.md b/windows/client-management/mdm/policy-csp-admx-windowsfileprotection.md
index bc2f8b6a02..8cb83a2ca9 100644
--- a/windows/client-management/mdm/policy-csp-admx-windowsfileprotection.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowsfileprotection.md
@@ -13,8 +13,13 @@ manager: dansimp
---
# Policy CSP - ADMX_WindowsFileProtection
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
@@ -45,28 +50,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -83,19 +94,14 @@ manager: dansimp
-Available in the latest Windows 10 Insider Preview Build. This policy setting hides the file scan progress window. This window provides status information to sophisticated users, but it might confuse the users.
+This policy setting hides the file scan progress window. This window provides status information to sophisticated users, but it might confuse the users.
- If you enable this policy setting, the file scan window does not appear during file scanning.
- If you disable or do not configure this policy setting, the file scan progress window appears.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -114,28 +120,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -152,24 +164,19 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the maximum amount of disk space that can be used for the Windows File Protection file cache.
+This policy setting specifies the maximum amount of disk space that can be used for the Windows File Protection file cache.
Windows File Protection adds protected files to the cache until the cache content reaches the quota.
If the quota is greater than 50 MB, Windows File Protection adds other important Windows XP files to the cache until the cache size reaches the quota.
- If you enable this policy setting, enter the maximum amount of disk space to be used (in MB).
To indicate that the cache size is unlimited, select "4294967295" as the maximum amount of disk space.
-- If you disable this policy setting or do not configure it, the default value is set to 50 MB on Windows XP Professional and is unlimited (4294967295 MB) on Windows Server 2003.
+- If you disable this policy setting or do not configure it, the default value is set to 50 MB.
> [!NOTE]
> Icon size is dependent upon what the user has set it to in the previous session.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -188,28 +195,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -226,7 +239,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to set when Windows File Protection scans protected files.
+This policy setting allows you to set when Windows File Protection scans protected files.
This policy setting directs Windows File Protection to enumerate and scan all system files for changes.
- If you enable this policy setting, select a rate from the "Scanning Frequency" box.
@@ -242,12 +255,7 @@ This setting delays each startup.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -266,28 +274,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -304,7 +318,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies an alternate location for the Windows File Protection cache.
+This policy setting specifies an alternate location for the Windows File Protection cache.
- If you enable this policy setting, enter the fully qualified local path to the new location in the "Cache file path" box.
- If you disable this setting or do not configure it, the Windows File Protection cache is located in the "%Systemroot%\System32\Dllcache directory".
@@ -313,9 +327,6 @@ Available in the latest Windows 10 Insider Preview Build. This policy setting sp
> Do not add the cache on a network shared directory.
-> [!NOTE]
-> For Windows Vista, Windows Server 2008, and earlier versions of Windows, the module name, for example timedate.cpl or inetcpl.cpl, should be entered. If a Control Panel item does not have a CPL file, or the CPL file contains multiple applets, then its module name and string resource identification number should be entered. For example, enter @systemcpl.dll,-1 for System or @themecpl.dll,-1 for Personalization. A complete list of canonical and module names of Control Panel items can be found in MSDN by searching "Control Panel items".
-
If both the "Hide specified Control Panel items" setting and the "Show only specified Control Panel items" setting are enabled, the "Show only specified Control Panel items" setting is ignored.
> [!NOTE]
@@ -324,12 +335,7 @@ If both the "Hide specified Control Panel items" setting and the "Show only spec
> To hide pages in the System Settings app, use the "Settings Page Visibility" setting under Computer Configuration.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -342,7 +348,5 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md b/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md
index 43885e4dc8..dad60fc2d8 100644
--- a/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md
@@ -13,8 +13,12 @@ manager: dansimp
---
# Policy CSP - ADMX_WindowsMediaDRM
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -36,28 +40,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -74,7 +84,7 @@ manager: dansimp
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents Windows Media Digital Rights Management (DRM) from accessing the Internet (or intranet).
+This policy setting prevents Windows Media Digital Rights Management (DRM) from accessing the Internet (or intranet).
When enabled, Windows Media DRM is prevented from accessing the Internet (or intranet) for license acquisition and security upgrades.
@@ -83,12 +93,7 @@ When this policy is enabled, programs are not able to acquire licenses for secur
When this policy is either disabled or not configured, Windows Media DRM functions normally and will connect to the Internet (or intranet) to acquire licenses, download security upgrades, and perform license restoration.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -101,8 +106,7 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
diff --git a/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md b/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md
index 73bedb6677..2ec079bff6 100644
--- a/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md
@@ -13,8 +13,12 @@ manager: dansimp
---
# Policy CSP - ADMX_WindowsMediaPlayer
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -96,28 +100,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -134,7 +144,7 @@ manager: dansimp
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the HTTP proxy settings for Windows Media Player.
+This policy setting allows you to specify the HTTP proxy settings for Windows Media Player.
If you enable this policy setting, select one of the following proxy types:
@@ -153,12 +163,7 @@ If you disable this policy setting, the HTTP proxy server cannot be used and the
If you do not configure this policy setting, users can configure the HTTP proxy settings.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -177,28 +182,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -215,7 +226,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the MMS proxy settings for Windows Media Player.
+This policy setting allows you to specify the MMS proxy settings for Windows Media Player.
If you enable this policy setting, select one of the following proxy types:
@@ -233,12 +244,7 @@ If you disable this policy setting, the MMS proxy server cannot be used and user
If you do not configure this policy setting, users can configure the MMS proxy settings.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -257,28 +263,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -295,7 +307,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the RTSP proxy settings for Windows Media Player.
+This policy setting allows you to specify the RTSP proxy settings for Windows Media Player.
If you enable this policy setting, select one of the following proxy types:
@@ -311,12 +323,7 @@ If you disable this policy setting, the RTSP proxy server cannot be used and use
If you do not configure this policy setting, users can configure the RTSP proxy settings.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -335,28 +342,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -373,7 +386,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to turn off do not show first use dialog boxes.
+This policy setting allows you to turn off do not show first use dialog boxes.
If you enable this policy setting, the Privacy Options and Installation Options dialog boxes are prevented from being displayed the first time a user starts Windows Media Player.
@@ -382,12 +395,7 @@ This policy setting prevents the dialog boxes which allow users to select privac
If you disable or do not configure this policy setting, the dialog boxes are displayed when the user starts the Player for the first time.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -406,28 +414,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -444,19 +458,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to hide the Network tab.
+This policy setting allows you to hide the Network tab.
If you enable this policy setting, the Network tab in Windows Media Player is hidden. The default network settings are used unless the user has previously defined network settings for the Player.
If you disable or do not configure this policy setting, the Network tab appears and users can use it to configure network settings.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -475,28 +484,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -513,7 +528,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent the anchor window from being displayed when Windows Media Player is in skin mode.
+This policy setting allows you to prevent the anchor window from being displayed when Windows Media Player is in skin mode.
If you enable this policy setting, the anchor window is hidden when the Player is in skin mode. In addition, the option on the Player tab in the Player that enables users to choose whether the anchor window displays is not available.
@@ -522,12 +537,7 @@ If you disable or do not configure this policy setting, users can show or hide t
If you do not configure this policy setting, and the "Set and lock skin" policy setting is enabled, some options in the anchor window are not available.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -546,28 +556,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -584,7 +600,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents the anchor window from being displayed when Windows Media Player is in skin mode.
+This policy setting prevents the anchor window from being displayed when Windows Media Player is in skin mode.
This policy hides the anchor window when the Player is in skin mode. In addition, the option on the Player tab in the Player that enables users to choose whether the anchor window displays is not available.
@@ -593,12 +609,7 @@ When this policy is not configured or disabled, users can show or hide the ancho
When this policy is not configured and the Set and Lock Skin policy is enabled, some options in the anchor window are not available.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -617,28 +628,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -655,7 +672,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent video smoothing from occurring.
+This policy setting allows you to prevent video smoothing from occurring.
If you enable this policy setting, video smoothing is prevented, which can improve video playback on computers with limited resources. In addition, the Use Video Smoothing check box in the Video Acceleration Settings dialog box in the Player is cleared and is not available.
@@ -666,12 +683,7 @@ If you do not configure this policy setting, video smoothing occurs if necessary
Video smoothing is available only on the Windows XP Home Edition and Windows XP Professional operating systems.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -690,28 +702,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -728,7 +746,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows a screen saver to interrupt playback.
+This policy setting allows a screen saver to interrupt playback.
If you enable this policy setting, a screen saver is displayed during playback of digital media according to the options selected on the Screen Saver tab in the Display Properties dialog box in Control Panel. The Allow screen saver during playback check box on the Player tab in the Player is selected and is not available.
@@ -737,12 +755,7 @@ If you disable this policy setting, a screen saver does not interrupt playback e
If you do not configure this policy setting, users can change the setting for the Allow screen saver during playback check box.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -761,28 +774,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -799,7 +818,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to hide the Privacy tab in Windows Media Player.
+This policy setting allows you to hide the Privacy tab in Windows Media Player.
If you enable this policy setting, the "Update my music files (WMA and MP3 files) by retrieving missing media information from the Internet" check box on the Media Library tab is available, even though the Privacy tab is hidden, unless the "Prevent music file media information retrieval" policy setting is enabled.
@@ -808,12 +827,7 @@ The default privacy settings are used for the options on the Privacy tab unless
If you disable or do not configure this policy setting, the Privacy tab is not hidden, and users can configure any privacy settings not configured by other polices.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -832,28 +846,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -870,19 +890,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to hide the Security tab in Windows Media Player.
+This policy setting allows you to hide the Security tab in Windows Media Player.
If you enable this policy setting, the default security settings for the options on the Security tab are used unless the user changed the settings previously. Users can still change security and zone settings by using Internet Explorer unless these settings have been hidden or disabled by Internet Explorer policies.
If you disable or do not configure this policy setting, users can configure the security settings on the Security tab.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -901,28 +916,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -939,7 +960,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify whether network buffering uses the default or a specified number of seconds.
+This policy setting allows you to specify whether network buffering uses the default or a specified number of seconds.
If you enable this policy setting, select one of the following options to specify the number of seconds streaming media is buffered before it is played.
@@ -951,12 +972,7 @@ The "Use default buffering" and "Buffer" options on the Performance tab in the P
If you disable or do not configure this policy setting, users can change the buffering options on the Performance tab.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -975,28 +991,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1013,7 +1035,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent Windows Media Player from downloading codecs.
+This policy setting allows you to prevent Windows Media Player from downloading codecs.
If you enable this policy setting, the Player is prevented from automatically downloading codecs to your computer. In addition, the Download codecs automatically check box on the Player tab in the Player is not available.
@@ -1022,12 +1044,7 @@ If you disable this policy setting, codecs are automatically downloaded and the
If you do not configure this policy setting, users can change the setting for the Download codecs automatically check box.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1046,28 +1063,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1084,19 +1107,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent media information for CDs and DVDs from being retrieved from the Internet.
+This policy setting allows you to prevent media information for CDs and DVDs from being retrieved from the Internet.
If you enable this policy setting, the Player is prevented from automatically obtaining media information from the Internet for CDs and DVDs played by users. In addition, the Retrieve media information for CDs and DVDs from the Internet check box on the Privacy Options tab in the first use dialog box and on the Privacy tab in the Player are not selected and are not available.
If you disable or do not configure this policy setting, users can change the setting of the Retrieve media information for CDs and DVDs from the Internet check box.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1115,28 +1133,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1153,19 +1177,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent media sharing from Windows Media Player.
+This policy setting allows you to prevent media sharing from Windows Media Player.
If you enable this policy setting, any user on this computer is prevented from sharing digital media content from Windows Media Player with other computers and devices that are on the same network. Media sharing is disabled from Windows Media Player or from programs that depend on the Player's media sharing feature.
If you disable or do not configure this policy setting, anyone using Windows Media Player can turn media sharing on or off.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1184,28 +1203,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1222,19 +1247,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent media information for music files from being retrieved from the Internet.
+This policy setting allows you to prevent media information for music files from being retrieved from the Internet.
If you enable this policy setting, the Player is prevented from automatically obtaining media information for music files such as Windows Media Audio (WMA) and MP3 files from the Internet. In addition, the Update my music files (WMA and MP3 files) by retrieving missing media information from the Internet check box in the first use dialog box and on the Privacy and Media Library tabs in the Player are not selected and are not available.
If you disable or do not configure this policy setting, users can change the setting of the Update my music files (WMA and MP3 files) by retrieving missing media information from the Internet check box.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1253,28 +1273,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1291,19 +1317,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent a shortcut for the Player from being added to the Quick Launch bar.
+This policy setting allows you to prevent a shortcut for the Player from being added to the Quick Launch bar.
If you enable this policy setting, the user cannot add the shortcut for the Player to the Quick Launch bar.
If you disable or do not configure this policy setting, the user can choose whether to add the shortcut for the Player to the Quick Launch bar.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1322,28 +1343,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1359,19 +1386,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent radio station presets from being retrieved from the Internet.
+This policy setting allows you to prevent radio station presets from being retrieved from the Internet.
If you enable this policy setting, the Player is prevented from automatically retrieving radio station presets from the Internet and displaying them in Media Library. In addition, presets that exist before the policy is configured are not be updated, and presets a user adds are not be displayed.
If you disable or do not configure this policy setting, the Player automatically retrieves radio station presets from the Internet.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1390,28 +1412,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1428,19 +1456,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent a shortcut icon for the Player from being added to the user's desktop.
+This policy setting allows you to prevent a shortcut icon for the Player from being added to the user's desktop.
If you enable this policy setting, users cannot add the Player shortcut icon to their desktops.
If you disable or do not configure this policy setting, users can choose whether to add the Player shortcut icon to their desktops.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1459,28 +1482,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1497,7 +1526,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to set and lock Windows Media Player in skin mode, using a specified skin.
+This policy setting allows you to set and lock Windows Media Player in skin mode, using a specified skin.
If you enable this policy setting, the Player displays only in skin mode using the skin specified in the Skin box on the Setting tab.
@@ -1508,12 +1537,7 @@ A user has access only to the Player features that are available with the specif
If you disable or do not configure this policy setting, users can display the Player in full or skin mode and have access to all available features of the Player.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1532,28 +1556,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1570,7 +1600,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify that Windows Media Player can attempt to use selected protocols when receiving streaming media from a server running Windows Media Services.
+This policy setting allows you to specify that Windows Media Player can attempt to use selected protocols when receiving streaming media from a server running Windows Media Services.
If you enable this policy setting, the protocols that are selected on the Network tab of the Player are used to receive a stream initiated through an MMS or RTSP URL from a Windows Media server. If the RSTP/UDP check box is selected, a user can specify UDP ports in the Use ports check box. If the user does not specify UDP ports, the Player uses default ports when using the UDP protocol. This policy setting also specifies that multicast streams can be received if the "Allow the Player to receive multicast streams" check box on the Network tab is selected.
@@ -1581,12 +1611,7 @@ If you do not configure this policy setting, users can select the protocols to u
If you disable this policy setting, the Protocols for MMS URLs and Multicast streams areas of the Network tab are not available and the Player cannot receive an MMS or RTSP stream from a Windows Media server.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1599,8 +1624,7 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
diff --git a/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md b/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md
index 71e5c8b5aa..bb1d034198 100644
--- a/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md
@@ -13,8 +13,13 @@ manager: dansimp
---
# Policy CSP - ADMX_WindowsRemoteManagement
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
@@ -39,31 +44,38 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -77,17 +89,12 @@ manager: dansimp
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether the Windows Remote Management (WinRM) service accepts Kerberos credentials over the network.
+This policy setting allows you to manage whether the Windows Remote Management (WinRM) service accepts Kerberos credentials over the network.
If you enable this policy setting, the WinRM service does not accept Kerberos credentials over the network. If you disable or do not configure this policy setting, the WinRM service accepts Kerberos authentication from a remote client.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -107,31 +114,38 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -145,19 +159,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Kerberos authentication directly.
+This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Kerberos authentication directly.
If you enable this policy setting, the Windows Remote Management (WinRM) client does not use Kerberos authentication directly. Kerberos can still be used if the WinRM client is using the Negotiate authentication and Kerberos is selected.
If you disable or do not configure this policy setting, the WinRM client uses the Kerberos authentication directly.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -170,7 +179,6 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-windowsstore.md b/windows/client-management/mdm/policy-csp-admx-windowsstore.md
index 815572c120..dd62e87f17 100644
--- a/windows/client-management/mdm/policy-csp-admx-windowsstore.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowsstore.md
@@ -13,8 +13,15 @@ manager: dansimp
---
# Policy CSP - ADMX_WindowsStore
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+
@@ -48,28 +55,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -86,19 +99,14 @@ manager: dansimp
-Available in the latest Windows 10 Insider Preview Build. This policy setting enables or disables the automatic download of app updates on PCs running Windows 8.
+This policy setting enables or disables the automatic download of app updates on PCs running Windows 8.
If you enable this setting, the automatic download of app updates is turned off. If you disable this setting, the automatic download of app updates is turned on.
If you don't configure this setting, the automatic download of app updates is determined by a registry setting that the user can change using Settings in the Windows Store.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -119,31 +127,38 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -157,19 +172,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting enables or disables the Store offer to update to the latest version of Windows.
+This policy setting enables or disables the Store offer to update to the latest version of Windows.
If you enable this setting, the Store application will not offer updates to the latest version of Windows.
If you disable or do not configure this setting the Store application will offer updates to the latest version of Windows.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -190,31 +200,38 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -228,19 +245,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting enables or disables the Store offer to update to the latest version of Windows.
+This policy setting enables or disables the Store offer to update to the latest version of Windows.
If you enable this setting, the Store application will not offer updates to the latest version of Windows.
If you disable or do not configure this setting the Store application will offer updates to the latest version of Windows.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -251,7 +263,7 @@ ADMX Info:
-
+
@@ -261,31 +273,38 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -299,19 +318,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting denies or allows access to the Store application.
+This policy setting denies or allows access to the Store application.
If you enable this setting, access to the Store application is denied. Access to the Store is required for installing app updates.
If you disable or don't configure this setting, access to the Store application is allowed.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -332,31 +346,38 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -370,19 +391,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting denies or allows access to the Store application.
+This policy setting denies or allows access to the Store application.
If you enable this setting, access to the Store application is denied. Access to the Store is required for installing app updates.
If you disable or don't configure this setting, access to the Store application is allowed.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -395,6 +411,5 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-wininit.md b/windows/client-management/mdm/policy-csp-admx-wininit.md
index bff41ec699..65f15edfe1 100644
--- a/windows/client-management/mdm/policy-csp-admx-wininit.md
+++ b/windows/client-management/mdm/policy-csp-admx-wininit.md
@@ -13,8 +13,13 @@ manager: dansimp
---
# Policy CSP - ADMX_WinInit
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
@@ -42,31 +47,38 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -80,19 +92,14 @@ manager: dansimp
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls the legacy remote shutdown interface (named pipe). The named pipe remote shutdown interface is needed in order to shutdown this system from a remote Windows XP or Windows Server 2003 system.
+This policy setting controls the legacy remote shutdown interface (named pipe). The named pipe remote shutdown interface is needed in order to shutdown this system from a remote Windows XP or Windows Server 2003 system.
If you enable this policy setting, the system does not create the named pipe remote shutdown interface.
If you disable or do not configure this policy setting, the system creates the named pipe remote shutdown interface.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -111,31 +118,38 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -149,19 +163,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls the use of fast startup.
+This policy setting controls the use of fast startup.
If you enable this policy setting, the system requires hibernate to be enabled.
If you disable or do not configure this policy setting, the local setting is used.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -180,31 +189,38 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -218,19 +234,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the number of minutes the system waits for the hung logon sessions before proceeding with the system shutdown.
+This policy setting configures the number of minutes the system waits for the hung logon sessions before proceeding with the system shutdown.
If you enable this policy setting, the system waits for the hung logon sessions for the number of minutes specified.
If you disable or do not configure this policy setting, the default timeout value is 3 minutes for workstations and 15 minutes for servers.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -243,8 +254,7 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
diff --git a/windows/client-management/mdm/policy-csp-admx-winlogon.md b/windows/client-management/mdm/policy-csp-admx-winlogon.md
index 357f16b165..8eaf9ca043 100644
--- a/windows/client-management/mdm/policy-csp-admx-winlogon.md
+++ b/windows/client-management/mdm/policy-csp-admx-winlogon.md
@@ -13,8 +13,13 @@ manager: dansimp
---
# Policy CSP - ADMX_WinLogon
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
@@ -51,31 +56,38 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -89,7 +101,7 @@ manager: dansimp
-Available in the latest Windows 10 Insider Preview Build. Specifies an alternate user interface. The Explorer program (%windir%\explorer.exe) creates the familiar Windows interface, but you can use this setting to specify an alternate interface.
+Specifies an alternate user interface. The Explorer program (%windir%\explorer.exe) creates the familiar Windows interface, but you can use this setting to specify an alternate interface.
If you enable this setting, the system starts the interface you specify instead of Explorer.exe. To use this setting, copy your interface program to a network share or to your system drive. Then, enable this setting, and type the name of the interface program, including the file name extension, in the Shell name text box. If the interface program file is not located in a folder specified in the Path environment variable for your system, enter the fully qualified path to the file.
@@ -99,12 +111,7 @@ If you disable this setting or do not configure it, the setting is ignored and t
> To find the folders indicated by the Path environment variable, click System Properties in Control Panel, click the Advanced tab, click the Environment Variables button, and then, in the System variables box, click Path.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -123,31 +130,38 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -161,7 +175,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether or not the system displays information about previous logons and logon failures to the user.
+This policy setting controls whether or not the system displays information about previous logons and logon failures to the user.
For local user accounts and domain user accounts in domains of at least a Windows Server 2008 functional level, if you enable this setting, a message appears after the user logs on that displays the date and time of the last successful logon by that user, the date and time of the last unsuccessful logon attempted with that user name, and the number of unsuccessful logons since the last successful logon by that user. This message must be acknowledged by the user before the user is presented with the Microsoft Windows desktop.
@@ -170,12 +184,7 @@ For domain user accounts in Windows Server 2003, Windows 2000 native, or Windows
If you disable or do not configure this setting, messages about the previous logon or logon failures are not displayed.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -195,31 +204,38 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -233,7 +249,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy controls whether the logged on user should be notified when his logon hours are about to expire. By default, a user is notified before logon hours expire, if actions have been set to occur when the logon hours expire.
+This policy controls whether the logged on user should be notified when his logon hours are about to expire. By default, a user is notified before logon hours expire, if actions have been set to occur when the logon hours expire.
If you enable this setting, warnings are not displayed to the user before the logon hours expire.
@@ -243,12 +259,7 @@ If you disable or do not configure this setting, users receive warnings before t
> If you configure this setting, you might want to examine and appropriately configure the “Set action to take when logon hours expire” setting. If “Set action to take when logon hours expire” is disabled or not configured, the “Remove logon hours expiration warnings” setting will have no effect, and users receive no warnings about logon hour expiration
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -267,31 +278,38 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -305,7 +323,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy controls which action will be taken when the logon hours expire for the logged on user. The actions include lock the workstation, disconnect the user, or log the user off completely.
+This policy controls which action will be taken when the logon hours expire for the logged on user. The actions include lock the workstation, disconnect the user, or log the user off completely.
If you choose to lock or disconnect a session, the user cannot unlock the session or reconnect except during permitted logon hours.
@@ -317,12 +335,7 @@ If you disable or do not configure this setting, the system takes no action when
> If you configure this setting, you might want to examine and appropriately configure the “Remove logon hours expiration warnings” setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -341,31 +354,38 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -380,19 +400,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy controls whether the logged on user should be notified if the logon server could not be contacted during logon and he has been logged on using previously stored account information.
+This policy controls whether the logged on user should be notified if the logon server could not be contacted during logon and he has been logged on using previously stored account information.
If enabled, a notification popup will be displayed to the user when the user logs on with cached credentials.
If disabled or not configured, no popup will be displayed to the user.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -411,31 +426,38 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -449,7 +471,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether or not software can simulate the Secure Attention Sequence (SAS).
+This policy setting controls whether or not software can simulate the Secure Attention Sequence (SAS).
If you enable this policy setting, you have one of four options:
@@ -461,12 +483,7 @@ If you enable this policy setting, you have one of four options:
If you disable or do not configure this setting, only Ease of Access applications running on the secure desktop can simulate the SAS.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -479,7 +496,6 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-winsrv.md b/windows/client-management/mdm/policy-csp-admx-winsrv.md
index 30d6f460e5..d61e00df82 100644
--- a/windows/client-management/mdm/policy-csp-admx-winsrv.md
+++ b/windows/client-management/mdm/policy-csp-admx-winsrv.md
@@ -13,8 +13,13 @@ manager: dansimp
---
# Policy CSP - ADMX_Winsrv
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
@@ -36,31 +41,38 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -74,7 +86,7 @@ manager: dansimp
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether Windows will allow console applications and GUI applications without visible top-level windows to block or cancel shutdown.
+This policy setting specifies whether Windows will allow console applications and GUI applications without visible top-level windows to block or cancel shutdown.
By default, such applications are automatically terminated if they attempt to cancel shutdown or block it indefinitely.
@@ -85,12 +97,7 @@ By default, such applications are automatically terminated if they attempt to ca
> This policy setting applies to all sites in Trusted zones.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -103,8 +110,7 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
diff --git a/windows/client-management/mdm/policy-csp-admx-wlansvc.md b/windows/client-management/mdm/policy-csp-admx-wlansvc.md
index 83fdd75390..15c3769dc1 100644
--- a/windows/client-management/mdm/policy-csp-admx-wlansvc.md
+++ b/windows/client-management/mdm/policy-csp-admx-wlansvc.md
@@ -13,8 +13,13 @@ manager: dansimp
---
# Policy CSP - ADMX_wlansvc
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
@@ -42,28 +47,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -80,7 +91,7 @@ manager: dansimp
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the cost of Wireless LAN (WLAN) connections on the local machine.
+This policy setting configures the cost of Wireless LAN (WLAN) connections on the local machine.
If this policy setting is enabled, a drop-down list box presenting possible cost values will be active. Selecting one of the following values from the list will set the cost of all WLAN connections on the local machine:
@@ -89,12 +100,7 @@ If this policy setting is enabled, a drop-down list box presenting possible cost
- Variable: This connection is costed on a per byte basis. If this policy setting is disabled or is not configured, the cost of Wireless LAN connections is Unrestricted by default.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -113,28 +119,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -151,19 +163,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy applies to Wireless Display connections. This policy means that the use of a PIN for pairing to Wireless Display devices is required rather than optional.
+This policy applies to Wireless Display connections. This policy means that the use of a PIN for pairing to Wireless Display devices is required rather than optional.
Conversely it means that Push Button is NOT allowed.
If this policy setting is disabled or is not configured, by default Push Button pairing is allowed (but not necessarily preferred).
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -182,28 +189,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -220,19 +233,14 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy applies to Wireless Display connections. This policy changes the preference order of the pairing methods.
+This policy applies to Wireless Display connections. This policy changes the preference order of the pairing methods.
When enabled, it makes the connections to prefer a PIN for pairing to Wireless Display devices over the Push Button pairing method.
If this policy setting is disabled or is not configured, by default Push Button pairing is preferred (if allowed by other policies).
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -245,8 +253,7 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
diff --git a/windows/client-management/mdm/policy-csp-admx-wpn.md b/windows/client-management/mdm/policy-csp-admx-wpn.md
index 6538f66279..2cc6b9b072 100644
--- a/windows/client-management/mdm/policy-csp-admx-wpn.md
+++ b/windows/client-management/mdm/policy-csp-admx-wpn.md
@@ -13,8 +13,13 @@ manager: dansimp
---
# Policy CSP - ADMX_WPN
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
@@ -51,31 +56,38 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -89,7 +101,7 @@ manager: dansimp
-Available in the latest Windows 10 Insider Preview Build. This policy setting blocks voice and video calls during Quiet Hours.
+This policy setting blocks voice and video calls during Quiet Hours.
If you enable this policy setting, voice and video calls will be blocked during the designated Quiet Hours time window each day, and users will not be able to customize any other Quiet Hours settings.
@@ -98,12 +110,7 @@ If you disable this policy setting, voice and video calls will be allowed during
If you do not configure this policy setting, voice and video calls will be allowed during Quiet Hours by default. Administrators and users will be able to modify this setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -122,31 +129,38 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -160,7 +174,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting turns off toast notifications on the lock screen.
+This policy setting turns off toast notifications on the lock screen.
If you enable this policy setting, applications will not be able to raise toast notifications on the lock screen.
@@ -169,12 +183,7 @@ If you disable or do not configure this policy setting, toast notifications on t
No reboots or service restarts are required for this policy setting to take effect.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -193,31 +202,38 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -231,7 +247,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting turns off Quiet Hours functionality.
+This policy setting turns off Quiet Hours functionality.
If you enable this policy setting, toast notifications will not be suppressed and some background tasks will not be deferred during the designated Quiet Hours time window each day.
@@ -240,12 +256,7 @@ If you disable this policy setting, toast notifications will be suppressed and s
If you do not configure this policy setting, Quiet Hours are enabled by default but can be turned off or by the administrator or user.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -264,31 +275,38 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -302,7 +320,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting turns off toast notifications for applications.
+This policy setting turns off toast notifications for applications.
If you enable this policy setting, applications will not be able to raise toast notifications.
@@ -315,12 +333,7 @@ If you disable or do not configure this policy setting, toast notifications are
No reboots or service restarts are required for this policy setting to take effect.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -339,31 +352,38 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -377,7 +397,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the number of minutes after midnight (local time) that Quiet Hours is to begin each day.
+This policy setting specifies the number of minutes after midnight (local time) that Quiet Hours is to begin each day.
If you enable this policy setting, the specified time will be used, and users will not be able to customize any Quiet Hours settings.
@@ -386,12 +406,7 @@ If you disable this policy setting, a default value will be used, and users will
If you do not configure this policy setting, a default value will be used, which administrators and users will be able to modify.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -410,31 +425,38 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -448,7 +470,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the number of minutes after midnight (local time) that Quiet Hours is to end each day.
+This policy setting specifies the number of minutes after midnight (local time) that Quiet Hours is to end each day.
If you enable this policy setting, the specified time will be used, and users will not be able to customize any Quiet Hours settings.
@@ -457,12 +479,7 @@ If you disable this policy setting, a default value will be used, and users will
If you do not configure this policy setting, a default value will be used, which administrators and users will be able to modify.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -475,8 +492,7 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
diff --git a/windows/client-management/mdm/policy-csp-applicationdefaults.md b/windows/client-management/mdm/policy-csp-applicationdefaults.md
index 87aec967af..2337443c82 100644
--- a/windows/client-management/mdm/policy-csp-applicationdefaults.md
+++ b/windows/client-management/mdm/policy-csp-applicationdefaults.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ApplicationDefaults
-description: Learn about various Policy configuration service provider (CSP) - ApplicationDefaults, including SyncML, for Windows 10.
+description: Learn about various Policy configuration service providers (CSP) - ApplicationDefaults, including SyncML, for Windows 10.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -39,28 +39,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -77,9 +83,9 @@ manager: dansimp
-Added in Windows 10, version 1703. This policy allows an administrator to set default file type and protocol associations. When set, default associations will be applied on sign-in to the PC. The association file can be created using the DISM tool (dism /online /export-defaultappassociations:appassoc.xml), and then needs to be base64 encoded before being added to SyncML.
+This policy allows an administrator to set default file type and protocol associations. When set, default associations are applied on sign in to the PC. The association file can be created using the DISM tool (dism /online /export-defaultappassociations:appassoc.xml). Then, it needs to be base64 encoded before being added to SyncML.
-If policy is enabled and the client machine is Azure Active Directory joined, the associations assigned in SyncML will be processed and default associations will be applied.
+If policy is enabled and the client machine is having Azure Active Directory, the associations assigned in SyncML are processed and default associations are applied.
@@ -100,7 +106,7 @@ To create the SyncML, follow these steps:
Paste the base64 encoded XML into the SyncML
-Here is an example output from the dism default association export command:
+Here's an example output from the dism default association export command:
```xml
@@ -113,13 +119,13 @@ Here is an example output from the dism default association export command:
@@ -155,28 +161,34 @@ Here is the SyncMl example:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
4
+
Yes
+
Yes
Business
-
4
+
Yes
+
Yes
Enterprise
-
4
+
Yes
+
Yes
Education
-
4
+
Yes
+
Yes
@@ -199,7 +211,7 @@ Enabling this policy setting enables web-to-app linking so that apps can be laun
Disabling this policy disables web-to-app linking and http(s) URIs will be opened in the default browser instead of launching the associated app.
-If you do not configure this policy setting, the default behavior depends on the Windows edition. Changes to this policy take effect on reboot.
+If you don't configure this policy setting, the default behavior depends on the Windows edition. Changes to this policy take effect on reboot.
@@ -217,16 +229,7 @@ This setting supports a range of values between 0 and 1.
-Footnotes:
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-applicationmanagement.md b/windows/client-management/mdm/policy-csp-applicationmanagement.md
index 2843bc4633..933d541866 100644
--- a/windows/client-management/mdm/policy-csp-applicationmanagement.md
+++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ApplicationManagement
-description: Learn about various Policy configuration service provider (CSP) - ApplicationManagement, including SyncML, for Windows 10.
+description: Learn about various Policy configuration service provider (CSP) - ApplicationManagement, including SyncML, for Windows 10.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -73,28 +73,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
✔️
+
Yes
+
Yes
Pro
-
✔️
+
Yes
+
Yes
Business
-
✔️
+
Yes
+
Yes
Enterprise
-
✔️
+
Yes
+
Yes
Education
-
✔️
+
Yes
+
Yes
@@ -142,28 +148,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
❌
+
No
+
No
Pro
-
✔️
+
Yes
+
Yes
Business
-
✔️
+
Yes
+
Yes
Enterprise
-
✔️
+
Yes
+
Yes
Education
-
✔️
+
Yes
+
Yes
@@ -211,28 +223,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
❌
+
No
+
No
Pro
-
✔️
+
Yes
+
Yes
Business
-
✔️
+
Yes
+
Yes
Enterprise
-
✔️
+
Yes
+
Yes
Education
-
✔️
+
Yes
+
Yes
@@ -280,28 +298,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
❌
+
No
+
No
Pro
-
✔️
+
Yes
+
Yes
Business
-
✔️
+
Yes
+
Yes
Enterprise
-
✔️
+
Yes
+
Yes
Education
-
✔️
+
Yes
+
Yes
@@ -351,28 +375,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
❌
+
No
+
No
Pro
-
✔️
+
Yes
+
Yes
Business
-
✔️
+
Yes
+
Yes
Enterprise
-
✔️
+
Yes
+
Yes
Education
-
✔️
+
Yes
+
Yes
@@ -419,30 +449,35 @@ Most restricted value: 0
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
❌
+
No
+
No
Pro
-
❌
+
No
+
No
Business
-
✔️8
+
Yes
+
Yes
Enterprise
-
✔️8
+
Yes
+
Yes
Education
-
✔️8
+
Yes
+
Yes
-
@@ -458,7 +493,7 @@ Most restricted value: 0
-Added in Windows 10, version 2004.
+
Manages non-administrator users' ability to install Windows app packages.
@@ -749,9 +784,11 @@ If you enable this policy setting, privileges are extended to all programs. Thes
If you disable or do not configure this policy setting, the system applies the current user's permissions when it installs programs that a system administrator does not distribute or offer.
-Note: This policy setting appears both in the Computer Configuration and User Configuration folders. To make this policy setting effective, you must enable it in both folders.
+> [!NOTE]
+> This policy setting appears both in the Computer Configuration and User Configuration folders. To make this policy setting effective, you must enable it in both folders.
-Caution: Skilled users can take advantage of the permissions this policy setting grants to change their privileges and gain permanent access to restricted files and folders. Note that the User Configuration version of this policy setting is not guaranteed to be secure.
+> [!CAUTION]
+> Skilled users can take advantage of the permissions this policy setting grants to change their privileges and gain permanent access to restricted files and folders. Note that the User Configuration version of this policy setting is not guaranteed to be secure.
@@ -1100,15 +1137,6 @@ XSD:
-Footnotes:
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-appruntime.md b/windows/client-management/mdm/policy-csp-appruntime.md
index 5985ed58aa..3d94d24363 100644
--- a/windows/client-management/mdm/policy-csp-appruntime.md
+++ b/windows/client-management/mdm/policy-csp-appruntime.md
@@ -14,6 +14,12 @@ manager: dansimp
# Policy CSP - AppRuntime
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -36,31 +42,38 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -81,12 +94,7 @@ If you enable this policy setting, Windows Store apps that typically require a M
If you disable or do not configure this policy setting, users will need to sign in with a Microsoft account.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -99,16 +107,7 @@ ADMX Info:
-Footnotes:
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-appvirtualization.md b/windows/client-management/mdm/policy-csp-appvirtualization.md
index 08865e0dd4..e21656192a 100644
--- a/windows/client-management/mdm/policy-csp-appvirtualization.md
+++ b/windows/client-management/mdm/policy-csp-appvirtualization.md
@@ -14,6 +14,12 @@ manager: dansimp
# Policy CSP - AppVirtualization
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -117,31 +123,38 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -158,12 +171,7 @@ manager: dansimp
This policy setting allows you to enable or disable Microsoft Application Virtualization (App-V) feature. Reboot is needed for disable to take effect.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -183,28 +191,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -224,12 +238,7 @@ ADMX Info:
Enables Dynamic Virtualization of supported shell extensions, browser helper objects, and ActiveX controls.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -249,28 +258,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -290,12 +305,7 @@ ADMX Info:
Enables automatic cleanup of appv packages that were added after Windows10 anniversary release.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -315,28 +325,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -356,12 +372,7 @@ ADMX Info:
Enables scripts defined in the package manifest of configuration files that should run.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -381,28 +392,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -422,12 +439,7 @@ ADMX Info:
Enables a UX to display to the user when a publishing refresh is performed on the client.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -447,28 +459,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -498,12 +516,7 @@ Data Cache Limit: This value specifies the maximum size in megabytes (MB) of the
Data Block Size: This value specifies the maximum size in bytes to transmit to the server at once on a reporting upload, to avoid permanent transmission failures when the log has reached a significant size. The default value is 65536. When transmitting report data to the server, one block at a time of application records that is less than or equal to the block size in bytes of XML data will be removed from the cache and sent to the server. Each block will have the general Client data and global package list data prepended, and these will not factor into the block size calculations; the potential exists for an extremely large package list to result in transmission failures over low bandwidth or unreliable connections.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -523,28 +536,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -564,12 +583,7 @@ ADMX Info:
Specifies the file paths relative to %userprofile% that do not roam with a user's profile. Example usage: /FILEEXCLUSIONLIST='desktop;my pictures'.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -589,28 +603,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -630,12 +650,7 @@ ADMX Info:
Specifies the registry paths that do not roam with a user profile. Example usage: /REGISTRYEXCLUSIONLIST=software\classes;software\clients.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -655,28 +670,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -696,16 +717,11 @@ ADMX Info:
Specifies how new packages should be loaded automatically by App-V on a specific computer.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
-- GP Friendly name: *Specify what to load in background (aka AutoLoad)*
+- GP Friendly name: *Specify what to load in background (also known as AutoLoad)*
- GP name: *Steaming_Autoload*
- GP path: *System/App-V/Streaming*
- GP ADMX file name: *appv.admx*
@@ -721,28 +737,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -762,12 +784,7 @@ ADMX Info:
Migration mode allows the App-V client to modify shortcuts and FTA's for packages created using a previous version of App-V.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -787,28 +804,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -828,12 +851,7 @@ ADMX Info:
Specifies the location where symbolic links are created to the current version of a per-user published package. Shortcuts, file type associations, etc. are created pointing to this path. If empty, symbolic links are not used during publishing. Example: %localappdata%\Microsoft\AppV\Client\Integration.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -853,28 +871,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -894,12 +918,7 @@ ADMX Info:
Specifies the location where symbolic links are created to the current version of a globally published package. Shortcuts, file type associations, etc. are created pointing to this path. If empty, symbolic links are not used during publishing. Example: %allusersprofile%\Microsoft\AppV\Client\Integration.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -919,28 +938,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -978,12 +1003,7 @@ User Publishing Refresh Interval: Specifies the publishing refresh interval usin
User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31).
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1003,28 +1023,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1062,12 +1088,7 @@ User Publishing Refresh Interval: Specifies the publishing refresh interval usin
User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31).
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1087,28 +1108,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1146,12 +1173,7 @@ User Publishing Refresh Interval: Specifies the publishing refresh interval usin
User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31).
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1171,28 +1193,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1230,12 +1258,7 @@ User Publishing Refresh Interval: Specifies the publishing refresh interval usin
User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31).
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1255,28 +1278,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1314,12 +1343,7 @@ User Publishing Refresh Interval: Specifies the publishing refresh interval usin
User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31).
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1339,28 +1363,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1380,12 +1410,7 @@ ADMX Info:
Specifies the path to a valid certificate in the certificate store.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1405,28 +1430,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1446,12 +1477,7 @@ ADMX Info:
This setting controls whether virtualized applications are launched on Windows 8 machines connected via a metered network connection (e.g. 4G).
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1471,28 +1497,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1512,12 +1544,7 @@ ADMX Info:
Specifies the CLSID for a compatible implementation of the IAppvPackageLocationProvider interface.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1537,28 +1564,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1578,12 +1611,7 @@ ADMX Info:
Specifies directory where all new applications and updates will be installed.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1603,28 +1631,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1644,12 +1678,7 @@ ADMX Info:
Overrides source location for downloading package content.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1669,28 +1698,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1710,12 +1745,7 @@ ADMX Info:
Specifies the number of seconds between attempts to reestablish a dropped session.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1735,28 +1765,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1776,12 +1812,7 @@ ADMX Info:
Specifies the number of times to retry a dropped session.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1801,28 +1832,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1842,12 +1879,7 @@ ADMX Info:
Specifies that streamed package contents will be not be saved to the local hard disk.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1867,28 +1899,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1908,12 +1946,7 @@ ADMX Info:
If enabled, the App-V client will support BrancheCache compatible HTTP streaming. If BranchCache support is not desired, this should be disabled. The client can then apply HTTP optimizations which are incompatible with BranchCache
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1933,28 +1966,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1974,12 +2013,7 @@ ADMX Info:
Verifies Server certificate revocation status before streaming using HTTPS.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1999,28 +2033,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2040,12 +2080,7 @@ ADMX Info:
Specifies a list of process paths (may contain wildcards) which are candidates for using virtual components (shell extensions, browser helper objects, etc.). Only processes whose full path matches one of these items can use virtual components.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2058,16 +2093,7 @@ ADMX Info:
-Footnotes:
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-attachmentmanager.md b/windows/client-management/mdm/policy-csp-attachmentmanager.md
index aa15e81d84..227cc1205e 100644
--- a/windows/client-management/mdm/policy-csp-attachmentmanager.md
+++ b/windows/client-management/mdm/policy-csp-attachmentmanager.md
@@ -14,6 +14,13 @@ manager: dansimp
# Policy CSP - AttachmentManager
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
@@ -42,31 +49,38 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -89,12 +103,7 @@ If you disable this policy setting, Windows marks file attachments with their zo
If you do not configure this policy setting, Windows marks file attachments with their zone information.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -114,31 +123,38 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -161,12 +177,7 @@ If you disable this policy setting, Windows shows the check box and Unblock butt
If you do not configure this policy setting, Windows hides the check box and Unblock button.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -186,31 +197,38 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -233,12 +251,7 @@ If you disable this policy setting, Windows does not call the registered antivir
If you do not configure this policy setting, Windows does not call the registered antivirus programs when file attachments are opened.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -251,16 +264,7 @@ ADMX Info:
-Footnotes:
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-audit.md b/windows/client-management/mdm/policy-csp-audit.md
index 5d063b5378..4be64f929b 100644
--- a/windows/client-management/mdm/policy-csp-audit.md
+++ b/windows/client-management/mdm/policy-csp-audit.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - Audit
-description: Learn how the Policy CSP - Audit setting causes an audit event to be generated when an account can't log on to a computer because the account is locked out.
+description: Learn how the Policy CSP - Audit setting causes an audit event to be generated when an account can't sign in to a computer because the account is locked out.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -206,31 +206,38 @@ ms.date: 09/27/2019
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
+
@@ -244,11 +251,11 @@ ms.date: 09/27/2019
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated by a failed attempt to log on to an account that is locked out.
+This policy setting allows you to audit events generated by a failed attempt to sign in to an account that is locked out.
-If you configure this policy setting, an audit event is generated when an account cannot log on to a computer because the account is locked out. Success audits record successful attempts and Failure audits record unsuccessful attempts.
+If you configure this policy setting, an audit event is generated when an account can't sign in to a computer because the account is locked out. Success audits record successful attempts and Failure audits record unsuccessful attempts.
-Logon events are essential for understanding user activity and to detect potential attacks.
+Sign in events are essential for understanding user activity and to detect potential attacks.
Volume: Low.
@@ -261,10 +268,10 @@ GP Info:
The following are the supported values:
-- 0 — Off/None
-- 1 (default) — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0—Off/None
+- 1 (default)—Success
+- 2—Failure
+- 3—Success+Failure
@@ -283,31 +290,38 @@ The following are the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
+
@@ -321,9 +335,9 @@ The following are the supported values:
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy allows you to audit the group membership information in the user's logon token. Events in this subcategory are generated on the computer on which a logon session is created. For an interactive logon, the security audit event is generated on the computer that the user logged on to. For a network logon, such as accessing a shared folder on the network, the security audit event is generated on the computer hosting the resource.
+This policy allows you to audit the group membership information in the user's sign in token. Events in this subcategory are generated on the computer on which a sign in session is created. For an interactive sign in, the security audit event is generated on the computer that the user logged on to. For a network sign in, such as accessing a shared folder on the network, the security audit event is generated on the computer hosting the resource.
-When this setting is configured, one or more security audit events are generated for each successful logon. You must also enable the Audit Logon setting under Advanced Audit Policy Configuration\System Audit Policies\Logon/Logoff. Multiple events are generated if the group membership information cannot fit in a single security audit event.
+When this setting is configured, one or more security audit events are generated for each successful sign in. Enable the Audit Logon setting under Advanced Audit Policy Configuration\System Audit Policies\Logon/Logoff. Multiple events are generated if the group membership information can't fit in a single security audit event.
Volume: Low on a client computer. Medium on a domain controller or a network server.
@@ -335,10 +349,10 @@ GP Info:
The following are the supported values:
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
@@ -357,31 +371,38 @@ The following are the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
+
@@ -395,7 +416,7 @@ The following are the supported values:
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated by Internet Key Exchange protocol (IKE) and Authenticated Internet Protocol (AuthIP) during Extended Mode negotiations.
+This policy setting allows you to audit events generated by Internet Key Exchange protocol (IKE) and Authenticated Internet Protocol (AuthIP) during Extended Mode negotiations.
If you configure this policy setting, an audit event is generated during an IPsec Extended Mode negotiation. Success audits record successful attempts and Failure audits record unsuccessful attempts.
If you do not configure this policy setting, no audit event is generated during an IPsec Extended Mode negotiation.
@@ -411,10 +432,10 @@ GP Info:
The following are the supported values:
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
@@ -433,31 +454,38 @@ The following are the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
+
@@ -471,10 +499,10 @@ The following are the supported values:
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated by Internet Key Exchange protocol (IKE) and Authenticated Internet Protocol (AuthIP) during Main Mode negotiations.
+This policy setting allows you to audit events generated by Internet Key Exchange protocol (IKE) and Authenticated Internet Protocol (AuthIP) during Main Mode negotiations.
If you configure this policy setting, an audit event is generated during an IPsec Main Mode negotiation. Success audits record successful attempts and Failure audits record unsuccessful attempts.
-If you do not configure this policy setting, no audit event is generated during an IPsec Main Mode negotiation.
+If you don't configure this policy setting, no audit event is generated during an IPsec Main Mode negotiation.
Volume: High.
@@ -486,10 +514,10 @@ GP Info:
The following are the supported values:
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
@@ -508,31 +536,38 @@ The following are the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
+
@@ -546,9 +581,9 @@ The following are the supported values:
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated by Internet Key Exchange protocol (IKE) and Authenticated Internet Protocol (AuthIP) during Quick Mode negotiations.
+This policy setting allows you to audit events generated by Internet Key Exchange protocol (IKE) and Authenticated Internet Protocol (AuthIP) during Quick Mode negotiations.
-If you configure this policy setting, an audit event is generated during an IPsec Quick Mode negotiation. Success audits record successful attempts and Failure audits record unsuccessful attempts. If you do not configure this policy setting, no audit event is generated during an IPsec Quick Mode negotiation.
+If you configure this policy setting, an audit event is generated during an IPsec Quick Mode negotiation. Success audits record successful attempts and Failure audits record unsuccessful attempts. If you don't configure this policy setting, no audit event is generated during an IPsec Quick Mode negotiation.
Volume: High.
@@ -560,10 +595,10 @@ GP Info:
The following are the supported values:
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
@@ -582,31 +617,38 @@ The following are the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
+
@@ -620,10 +662,10 @@ The following are the supported values:
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated by the closing of a logon session. These events occur on the computer that was accessed. For an interactive logoff the security audit event is generated on the computer that the user account logged on to.
+This policy setting allows you to audit events generated by the closing of a sign in session. These events occur on the computer that was accessed. For an interactive sign out the security audit event is generated on the computer that the user account logged on to.
-If you configure this policy setting, an audit event is generated when a logon session is closed. Success audits record successful attempts to close sessions and Failure audits record unsuccessful attempts to close sessions.
-If you do not configure this policy setting, no audit event is generated when a logon session is closed.
+If you configure this policy setting, an audit event is generated when a sign in session is closed. Success audits record successful attempts to close sessions and Failure audits record unsuccessful attempts to close sessions.
+If you don't configure this policy setting, no audit event is generated when a sign in session is closed.
Volume: Low.
@@ -635,10 +677,10 @@ GP Info:
The following are the supported values:
-- 0 — Off/None
-- 1 (default) — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0—Off/None
+- 1 (default)—Success
+- 2—Failure
+- 3—Success+Failure
@@ -657,31 +699,38 @@ The following are the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
+
@@ -695,13 +744,13 @@ The following are the supported values:
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated by user account logon attempts on the computer.
-Events in this subcategory are related to the creation of logon sessions and occur on the computer which was accessed. For an interactive logon, the security audit event is generated on the computer that the user account logged on to. For a network logon, such as accessing a shared folder on the network, the security audit event is generated on the computer hosting the resource.
+This policy setting allows you to audit events generated by user account sign in attempts on the computer.
+Events in this subcategory are related to the creation of sign in sessions and occur on the computer that was accessed. For an interactive sign in, the security audit event is generated on the computer that the user account logged on to. For a network sign in, such as accessing a shared folder on the network, the security audit event is generated on the computer hosting the resource.
The following events are included:
-- Successful logon attempts.
-- Failed logon attempts.
-- Logon attempts using explicit credentials. This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch logon configurations, such as scheduled tasks or when using the RUNAS command.
-- Security identifiers (SIDs) were filtered and not allowed to log on.
+- Successful sign in attempts.
+- Failed sign in attempts.
+- sign in attempts using explicit credentials. This event is generated when a process attempts to sign in an account by explicitly specifying that account’s credentials. This most commonly occurs in batch sign in configurations, such as scheduled tasks or when using the RUNAS command.
+- Security identifiers (SIDs) were filtered and not allowed to sign in.
Volume: Low on a client computer. Medium on a domain controller or a network server.
@@ -713,10 +762,10 @@ GP Info:
The following are the supported values:
-- 0 — Off/None
-- 1 (default) — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0—Off/None
+- 1 (default)—Success
+- 2—Failure
+- 3—Success+Failure
@@ -735,31 +784,38 @@ The following are the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
+
@@ -773,7 +829,7 @@ The following are the supported values:
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated by RADIUS (IAS) and Network Access Protection (NAP) user access requests. These requests can be Grant, Deny, Discard, Quarantine, Lock, and Unlock.
+This policy setting allows you to audit events generated by RADIUS (IAS) and Network Access Protection (NAP) user access requests. These requests can be Grant, Deny, Discard, Quarantine, Lock, and Unlock.
If you configure this policy setting, an audit event is generated for each IAS and NAP user access request. Success audits record successful user access requests and Failure audits record unsuccessful attempts.
If you do not configure this policy settings, IAS and NAP user access requests are not audited.
@@ -787,10 +843,10 @@ GP Info:
The following are the supported values:
-- 0 — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 (default) — Success+Failure
+- 0—Off/None
+- 1—Success
+- 2—Failure
+- 3 (default)—Success+Failure
@@ -809,31 +865,38 @@ The following are the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
+
@@ -847,7 +910,7 @@ The following are the supported values:
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit other logon/logoff-related events that are not covered in the “Logon/Logoff” policy setting, such as the following:
+This policy setting allows you to audit other logon/logoff-related events that aren't covered in the “Logon/Logoff” policy setting, such as the following:
- Terminal Services session disconnections.
- New Terminal Services sessions.
- Locking and unlocking a workstation.
@@ -867,10 +930,10 @@ GP Info:
The following are the supported values:
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
@@ -889,31 +952,38 @@ The following are the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
+
@@ -927,9 +997,9 @@ The following are the supported values:
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated by special logons, such as the following:
-- The use of a special logon, which is a logon that has administrator-equivalent privileges and can be used to elevate a process to a higher level.
-- A logon by a member of a Special Group. Special Groups enable you to audit events generated when a member of a certain group has logged on to your network. You can configure a list of group security identifiers (SIDs) in the registry. If any of those SIDs are added to a token during logon and the subcategory is enabled, an event is logged. For more information about this feature, see [Audit Special Logon](/windows/security/threat-protection/auditing/audit-special-logon).
+This policy setting allows you to audit events generated by special logons, such as the following:
+- The use of a special sign in, which is a sign in that has administrator-equivalent privileges and can be used to elevate a process to a higher level.
+- A sign in by a member of a Special Group. Special Groups enable you to audit events generated when a member of a certain group has logged on to your network. You can configure a list of group security identifiers (SIDs) in the registry. If any of those SIDs are added to a token during sign in and the subcategory is enabled, an event is logged. For more information about this feature, see [Audit Special Logon](/windows/security/threat-protection/auditing/audit-special-logon).
Volume: Low.
@@ -941,10 +1011,10 @@ GP Info:
The following are the supported values:
-- 0 — Off/None
-- 1 (default) — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0—Off/None
+- 1 (default)—Success
+- 2—Failure
+- 3—Success+Failure
@@ -963,31 +1033,38 @@ The following are the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
+
@@ -1001,11 +1078,11 @@ The following are the supported values:
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy allows you to audit user and device claims information in the user's logon token. Events in this subcategory are generated on the computer on which a logon session is created. For an interactive logon, the security audit event is generated on the computer that the user logged on to. For a network logon, such as accessing a shared folder on the network, the security audit event is generated on the computer hosting the resource.
+This policy allows you to audit user and device claims information in the user's sign in token. Events in this subcategory are generated on the computer on which a sign in session is created. For an interactive sign in, the security audit event is generated on the computer that the user logged on to. For a network sign in, such as accessing a shared folder on the network, the security audit event is generated on the computer hosting the resource.
-User claims are added to a logon token when claims are included with a user's account attributes in Active Directory. Device claims are added to the logon token when claims are included with a device's computer account attributes in Active Directory. In addition, compound identity must be enabled for the domain and on the computer where the user logged on.
+User claims are added to a sign in token when claims are included with a user's account attributes in Active Directory. Device claims are added to the sign in token when claims are included with a device's computer account attributes in Active Directory. In addition, compound identity must be enabled for the domain and on the computer where the user logged on.
-When this setting is configured, one or more security audit events are generated for each successful logon. You must also enable the Audit Logon setting under Advanced Audit Policy Configuration\System Audit Policies\Logon/Logoff. Multiple events are generated if the user and device claims information cannot fit in a single security audit event.
+When this setting is configured, one or more security audit events are generated for each successful sign in. You must also enable the Audit Logon setting under Advanced Audit Policy Configuration\System Audit Policies\Logon/Logoff. Multiple events are generated if the user and device claims information cannot fit in a single security audit event.
Volume: Low on a client computer. Medium on a domain controller or a network server.
@@ -1017,10 +1094,10 @@ GP Info:
The following are the supported values:
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
@@ -1039,31 +1116,38 @@ The following are the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
+
@@ -1077,7 +1161,7 @@ The following are the supported values:
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated by validation tests on user account logon credentials.
+This policy setting allows you to audit events generated by validation tests on user account sign in credentials.
Events in this subcategory occur only on the computer that is authoritative for those credentials. For domain accounts, the domain controller is authoritative. For local accounts, the local computer is authoritative.
@@ -1091,10 +1175,10 @@ GP Info:
The following are the supported values:
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
@@ -1113,31 +1197,38 @@ The following are the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
+
@@ -1151,7 +1242,7 @@ The following are the supported values:
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated by Kerberos authentication ticket-granting ticket (TGT) requests.
+This policy setting allows you to audit events generated by Kerberos authentication ticket-granting ticket (TGT) requests.
If you configure this policy setting, an audit event is generated after a Kerberos authentication TGT request. Success audits record successful requests and Failure audits record unsuccessful requests.
If you do not configure this policy setting, no audit event is generated after a Kerberos authentication TGT request.
@@ -1166,10 +1257,10 @@ GP Info:
The following are the supported values:
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
@@ -1188,31 +1279,38 @@ The following are the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
+
@@ -1226,7 +1324,7 @@ The following are the supported values:
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated by Kerberos authentication ticket-granting ticket (TGT) requests submitted for user accounts.
+This policy setting allows you to audit events generated by Kerberos authentication ticket-granting ticket (TGT) requests submitted for user accounts.
If you configure this policy setting, an audit event is generated after a Kerberos authentication TGT is requested for a user account. Success audits record successful requests and Failure audits record unsuccessful requests.
If you do not configure this policy setting, no audit event is generated after a Kerberos authentication TGT is request for a user account.
@@ -1241,10 +1339,10 @@ GP Info:
The following are the supported values:
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
@@ -1263,31 +1361,38 @@ The following are the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
+
@@ -1301,7 +1406,7 @@ The following are the supported values:
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated by responses to credential requests submitted for a user account logon that are not credential validation or Kerberos tickets.
+This policy setting allows you to audit events generated by responses to credential requests submitted for a user account sign in that are not credential validation or Kerberos tickets.
Currently, there are no events in this subcategory.
@@ -1314,10 +1419,10 @@ GP Info:
The following are the supported values:
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
@@ -1336,31 +1441,38 @@ The following are the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
+
@@ -1374,7 +1486,7 @@ The following are the supported values:
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated by changes to application groups, such as the following:
+This policy setting allows you to audit events generated by changes to application groups as follows:
- Application group is created, changed, or deleted.
- Member is added or removed from an application group.
@@ -1391,10 +1503,10 @@ GP Info:
The following are the supported values:
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
@@ -1413,31 +1525,38 @@ The following are the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
+
@@ -1451,7 +1570,7 @@ The following are the supported values:
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated by changes to computer accounts such as when a computer account is created, changed, or deleted.
+This policy setting allows you to audit events generated by changes to computer accounts such as when a computer account is created, changed, or deleted.
If you configure this policy setting, an audit event is generated when an attempt to change a computer account is made. Success audits record successful attempts and Failure audits record unsuccessful attempts.
If you do not configure this policy setting, no audit event is generated when a computer account changes.
@@ -1466,10 +1585,10 @@ GP Info:
The following are the supported values:
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
@@ -1488,31 +1607,38 @@ The following are the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
+
@@ -1526,7 +1652,7 @@ The following are the supported values:
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated by changes to distribution groups, such as the following:
+This policy setting allows you to audit events generated by changes to distribution groups as follows:
- Distribution group is created, changed, or deleted.
- Member is added or removed from a distribution group.
- Distribution group type is changed.
@@ -1547,10 +1673,10 @@ GP Info:
The following are the supported values:
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
@@ -1569,31 +1695,38 @@ The following are the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
+
@@ -1607,7 +1740,7 @@ The following are the supported values:
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated by other user account changes that are not covered in this category, such as the following:
+This policy setting allows you to audit events generated by other user account changes that are not covered in this category as follows:
- The password hash of a user account was accessed. This typically happens during an Active Directory Management Tool password migration.
- The Password Policy Checking API was called. Calls to this function can be part of an attack when a malicious application tests the policy to reduce the number of attempts during a password dictionary attack.
- Changes to the Default Domain Group Policy under the following Group Policy paths:
@@ -1627,10 +1760,10 @@ GP Info:
The following are the supported values:
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
@@ -1649,31 +1782,38 @@ The following are the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
+
@@ -1687,7 +1827,7 @@ The following are the supported values:
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated by changes to security groups, such as the following:
+This policy setting allows you to audit events generated by changes to security groups, such as the following:
- Security group is created, changed, or deleted.
- Member is added or removed from a security group.
- Group type is changed.
@@ -1705,10 +1845,10 @@ GP Info:
The following are the supported values:
-- 0 — Off/None
-- 1 (default) — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0—Off/None
+- 1 (default)—Success
+- 2—Failure
+- 3—Success+Failure
@@ -1727,31 +1867,38 @@ The following are the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
+
@@ -1765,8 +1912,8 @@ The following are the supported values:
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit changes to user accounts.
-Events include the following:
+This policy setting allows you to audit changes to user accounts.
+The events included are as follows:
- A user account is created, changed, deleted; renamed, disabled, enabled, locked out, or unlocked.
- A user account’s password is set or changed.
- A security identifier (SID) is added to the SID History of a user account.
@@ -1787,10 +1934,10 @@ GP Info:
The following are the supported values:
-- 0 — Off/None
-- 1 (default) — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0—Off/None
+- 1 (default)—Success
+- 2—Failure
+- 3—Success+Failure
@@ -1809,31 +1956,38 @@ The following are the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
+
@@ -1847,7 +2001,7 @@ The following are the supported values:
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated by detailed Active Directory Domain Services (AD DS) replication between domain controllers.
+This policy setting allows you to audit events generated by detailed Active Directory Domain Services (AD DS) replication between domain controllers.
Volume: High.
@@ -1860,10 +2014,10 @@ GP Info:
The following are the supported values:
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
@@ -1882,31 +2036,38 @@ The following are the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
+
@@ -1920,7 +2081,7 @@ The following are the supported values:
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated when an Active Directory Domain Services (AD DS) object is accessed.
+This policy setting allows you to audit events generated when an Active Directory Domain Services (AD DS) object is accessed.
Only AD DS objects with a matching system access control list (SACL) are logged.
@@ -1936,10 +2097,10 @@ GP Info:
The following are the supported values:
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
@@ -1958,31 +2119,38 @@ The following are the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
+
@@ -1996,7 +2164,7 @@ The following are the supported values:
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated by changes to objects in Active Directory Domain Services (AD DS). Events are logged when an object is created, deleted, modified, moved, or undeleted.
+This policy setting allows you to audit events generated by changes to objects in Active Directory Domain Services (AD DS). Events are logged when an object is created, deleted, modified, moved, or undeleted.
When possible, events logged in this subcategory indicate the old and new values of the object’s properties.
@@ -2018,10 +2186,10 @@ GP Info:
The following are the supported values:
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
@@ -2040,31 +2208,38 @@ The following are the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
+
@@ -2078,7 +2253,7 @@ The following are the supported values:
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit replication between two Active Directory Domain Services (AD DS) domain controllers.
+This policy setting allows you to audit replication between two Active Directory Domain Services (AD DS) domain controllers.
If you configure this policy setting, an audit event is generated during AD DS replication. Success audits record successful replication and Failure audits record unsuccessful replication.
If you do not configure this policy setting, no audit event is generated during AD DS replication.
@@ -2096,10 +2271,10 @@ GP Info:
The following are the supported values:
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
@@ -2118,31 +2293,38 @@ The following are the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
+
@@ -2156,7 +2338,7 @@ The following are the supported values:
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated when encryption or decryption requests are made to the Data Protection application interface (DPAPI). DPAPI is used to protect secret information such as stored password and key information. For more information about DPAPI, see https://go.microsoft.com/fwlink/?LinkId=121720.
+This policy setting allows you to audit events generated when encryption or decryption requests are made to the Data Protection application interface (DPAPI). DPAPI is used to protect secret information such as stored password and key information. For more information about DPAPI, see https://go.microsoft.com/fwlink/?LinkId=121720.
If you configure this policy setting, an audit event is generated when an encryption or decryption request is made to DPAPI. Success audits record successful requests and Failure audits record unsuccessful requests.
If you do not configure this policy setting, no audit event is generated when an encryption or decryption request is made to DPAPI.
@@ -2171,10 +2353,10 @@ GP Info:
The following are the supported values:
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
@@ -2192,31 +2374,38 @@ The following are the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
+
@@ -2230,7 +2419,7 @@ The following are the supported values:
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit when plug and play detects an external device.
+This policy setting allows you to audit when plug and play detects an external device.
If you configure this policy setting, an audit event is generated whenever plug and play detects an external device. Only Success audits are recorded for this category.
If you do not configure this policy setting, no audit event is generated when an external device is detected by plug and play.
@@ -2245,10 +2434,10 @@ GP Info:
The following are the supported values:
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
@@ -2266,31 +2455,38 @@ The following are the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
+
@@ -2304,7 +2500,7 @@ The following are the supported values:
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated when a process is created or starts. The name of the application or user that created the process is also audited.
+This policy setting allows you to audit events generated when a process is created or starts. The name of the application or user that created the process is also audited.
If you configure this policy setting, an audit event is generated when a process is created. Success audits record successful attempts and Failure audits record unsuccessful attempts.
If you do not configure this policy setting, no audit event is generated when a process is created.
@@ -2319,10 +2515,10 @@ GP Info:
The following are the supported values:
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
@@ -2340,31 +2536,38 @@ The following are the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
+
@@ -2378,7 +2581,7 @@ The following are the supported values:
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated when a process ends.
+This policy setting allows you to audit events generated when a process ends.
If you configure this policy setting, an audit event is generated when a process ends. Success audits record successful attempts and Failure audits record unsuccessful attempts.
If you do not configure this policy setting, no audit event is generated when a process ends.
@@ -2393,10 +2596,10 @@ GP Info:
The following are the supported values:
-- 0 — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
@@ -2414,31 +2617,38 @@ The following are the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
+
@@ -2452,7 +2662,7 @@ The following are the supported values:
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit inbound remote procedure call (RPC) connections.
+This policy setting allows you to audit inbound remote procedure call (RPC) connections.
If you configure this policy setting, an audit event is generated when a remote RPC connection is attempted. Success audits record successful attempts and Failure audits record unsuccessful attempts.
If you do not configure this policy setting, no audit event is generated when a remote RPC connection is attempted.
@@ -2467,10 +2677,10 @@ GP Info:
The following are the supported values:
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
@@ -2488,31 +2698,38 @@ The following are the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
+
@@ -2526,7 +2743,7 @@ The following are the supported values:
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated by adjusting the privileges of a token.
+This policy setting allows you to audit events generated by adjusting the privileges of a token.
Volume: High.
@@ -2538,10 +2755,10 @@ GP Info:
The following are the supported values:
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
@@ -2560,31 +2777,38 @@ The following are the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
+
@@ -2598,7 +2822,7 @@ The following are the supported values:
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit applications that generate events using the Windows Auditing application programming interfaces (APIs). Applications designed to use the Windows Auditing API use this subcategory to log auditing events related to their function.
+This policy setting allows you to audit applications that generate events using the Windows Auditing application programming interfaces (APIs). Applications designed to use the Windows Auditing API use this subcategory to log auditing events related to their function.
Events in this subcategory include:
- Creation of an application client context.
- Deletion of an application client context.
@@ -2615,10 +2839,10 @@ GP Info:
The following are the supported values:
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
@@ -2636,31 +2860,38 @@ The following are the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
+
@@ -2674,7 +2905,7 @@ The following are the supported values:
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit access requests where the permission granted or denied by a proposed policy differs from the current central access policy on an object.
+This policy setting allows you to audit access requests where the permission granted or denied by a proposed policy differs from the current central access policy on an object.
If you configure this policy setting, an audit event is generated each time a user accesses an object and the permission granted by the current central access policy on the object differs from that granted by the proposed policy. The resulting audit event will be generated as follows:
1. Success audits, when configured, records access attempts when the current central access policy grants access but the proposed policy denies access.
@@ -2693,10 +2924,10 @@ GP Info:
The following are the supported values:
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
@@ -2715,31 +2946,38 @@ The following are the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
+
@@ -2753,7 +2991,7 @@ The following are the supported values:
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit Active Directory Certificate Services (AD CS) operations.
+This policy setting allows you to audit Active Directory Certificate Services (AD CS) operations.
AD CS operations include the following:
- AD CS startup/shutdown/backup/restore.
@@ -2783,10 +3021,10 @@ GP Info:
The following are the supported values:
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
@@ -2804,31 +3042,38 @@ The following are the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
+
@@ -2842,7 +3087,7 @@ The following are the supported values:
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit attempts to access files and folders on a shared folder. The Detailed File Share setting logs an event every time a file or folder is accessed, whereas the File Share setting only records one event for any connection established between a client and file share. Detailed File Share audit events include detailed information about the permissions or other criteria used to grant or deny access.
+This policy setting allows you to audit attempts to access files and folders on a shared folder. The Detailed File Share setting logs an event every time a file or folder is accessed, whereas the File Share setting only records one event for any connection established between a client and file share. Detailed File Share audit events include detailed information about the permissions or other criteria used to grant or deny access.
If you configure this policy setting, an audit event is generated when an attempt is made to access a file or folder on a share. The administrator can specify whether to audit only successes, only failures, or both successes and failures.
@@ -2859,10 +3104,10 @@ GP Info:
The following are the supported values:
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
@@ -2880,31 +3125,38 @@ The following are the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
+
@@ -2918,7 +3170,7 @@ The following are the supported values:
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit attempts to access a shared folder.
+This policy setting allows you to audit attempts to access a shared folder.
If you configure this policy setting, an audit event is generated when an attempt is made to access a shared folder. If this policy setting is defined, the administrator can specify whether to audit only successes, only failures, or both successes and failures.
@@ -2935,10 +3187,10 @@ GP Info:
The following are the supported values:
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
@@ -2956,31 +3208,38 @@ The following are the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
+
@@ -2994,7 +3253,7 @@ The following are the supported values:
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit user attempts to access file system objects. A security audit event is generated only for objects that have system access control lists (SACL) specified, and only if the type of access requested, such as Write, Read, or Modify and the account making the request match the settings in the SACL. For more information about enabling object access auditing, see [Apply a basic audit policy on a file or folder](/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder).
+This policy setting allows you to audit user attempts to access file system objects. A security audit event is generated only for objects that have system access control lists (SACL) specified, and only if the type of access requested, such as Write, Read, or Modify and the account making the request match the settings in the SACL. For more information about enabling object access auditing, see [Apply a basic audit policy on a file or folder](/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder).
If you configure this policy setting, an audit event is generated each time an account accesses a file system object with a matching SACL. Success audits record successful attempts and Failure audits record unsuccessful attempts.
If you do not configure this policy setting, no audit event is generated when an account accesses a file system object with a matching SACL.
@@ -3012,10 +3271,10 @@ GP Info:
The following are the supported values:
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
@@ -3033,31 +3292,38 @@ The following are the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
+
@@ -3071,7 +3337,7 @@ The following are the supported values:
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit connections that are allowed or blocked by the Windows Filtering Platform (WFP).
+This policy setting allows you to audit connections that are allowed or blocked by the Windows Filtering Platform (WFP).
The following events are included:
- The Windows Firewall Service blocks an application from accepting incoming connections on the network.
- The WFP allows a connection.
@@ -3097,10 +3363,10 @@ GP Info:
The following are the supported values:
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
@@ -3118,31 +3384,38 @@ The following are the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
+
@@ -3156,7 +3429,7 @@ The following are the supported values:
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit packets that are dropped by Windows Filtering Platform (WFP).
+This policy setting allows you to audit packets that are dropped by Windows Filtering Platform (WFP).
Volume: High.
@@ -3169,10 +3442,10 @@ GP Info:
The following are the supported values:
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
@@ -3190,31 +3463,38 @@ The following are the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
+
@@ -3228,7 +3508,7 @@ The following are the supported values:
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated when a handle to an object is opened or closed. Only objects with a matching system access control list (SACL) generate security audit events.
+This policy setting allows you to audit events generated when a handle to an object is opened or closed. Only objects with a matching system access control list (SACL) generate security audit events.
If you configure this policy setting, an audit event is generated when a handle is manipulated. Success audits record successful attempts and Failure audits record unsuccessful attempts.
If you do not configure this policy setting, no audit event is generated when a handle is manipulated.
@@ -3246,10 +3526,10 @@ GP Info:
The following are the supported values:
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
@@ -3267,31 +3547,38 @@ The following are the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
+
@@ -3305,7 +3592,7 @@ The following are the supported values:
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit attempts to access the kernel, which includes mutexes and semaphores.
+This policy setting allows you to audit attempts to access the kernel, which includes mutexes and semaphores.
Only kernel objects with a matching system access control list (SACL) generate security audit events.
> [!Note]
@@ -3321,10 +3608,10 @@ GP Info:
The following are the supported values:
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
@@ -3342,31 +3629,38 @@ The following are the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
+
@@ -3380,7 +3674,7 @@ The following are the supported values:
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated by the management of task scheduler jobs or COM+ objects.
+This policy setting allows you to audit events generated by the management of task scheduler jobs or COM+ objects.
For scheduler jobs, the following are audited:
- Job created.
- Job deleted.
@@ -3403,10 +3697,10 @@ GP Info:
The following are the supported values:
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
@@ -3424,31 +3718,38 @@ The following are the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
+
@@ -3462,7 +3763,7 @@ The following are the supported values:
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit attempts to access registry objects. A security audit event is generated only for objects that have system access control lists (SACLs) specified, and only if the type of access requested, such as Read, Write, or Modify, and the account making the request match the settings in the SACL.
+This policy setting allows you to audit attempts to access registry objects. A security audit event is generated only for objects that have system access control lists (SACLs) specified, and only if the type of access requested, such as Read, Write, or Modify, and the account making the request match the settings in the SACL.
If you configure this policy setting, an audit event is generated each time an account accesses a registry object with a matching SACL. Success audits record successful attempts and Failure audits record unsuccessful attempts.
If you do not configure this policy setting, no audit event is generated when an account accesses a registry object with a matching SACL.
@@ -3480,10 +3781,10 @@ GP Info:
The following are the supported values:
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
@@ -3501,31 +3802,38 @@ The following are the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
+
@@ -3539,7 +3847,7 @@ The following are the supported values:
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit user attempts to access file system objects on a removable storage device. A security audit event is generated only for all objects for all types of access requested.
+This policy setting allows you to audit user attempts to access file system objects on a removable storage device. A security audit event is generated only for all objects for all types of access requested.
If you configure this policy setting, an audit event is generated each time an account accesses a file system object on a removable storage. Success audits record successful attempts and Failure audits record unsuccessful attempts.
@@ -3554,10 +3862,10 @@ GP Info:
The following are the supported values:
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
@@ -3575,31 +3883,38 @@ The following are the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
+
@@ -3613,7 +3928,7 @@ The following are the supported values:
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated by attempts to access to Security Accounts Manager (SAM) objects.
+This policy setting allows you to audit events generated by attempts to access to Security Accounts Manager (SAM) objects.
SAM objects include the following:
- SAM_ALIAS -- A local group.
- SAM_GROUP -- A group that is not a local group.
@@ -3638,10 +3953,10 @@ GP Info:
The following are the supported values:
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
@@ -3659,31 +3974,38 @@ The following are the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
+
@@ -3697,7 +4019,7 @@ The following are the supported values:
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated by changes to the authentication policy, such as the following:
+This policy setting allows you to audit events generated by changes to the authentication policy, such as the following:
- Creation of forest and domain trusts.
- Modification of forest and domain trusts.
- Removal of forest and domain trusts.
@@ -3726,10 +4048,10 @@ GP Info:
The following are the supported values:
-- 0 — Off/None
-- 1 (default) — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0—Off/None
+- 1 (default)—Success
+- 2—Failure
+- 3—Success+Failure
@@ -3748,31 +4070,38 @@ The following are the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
+
@@ -3786,7 +4115,7 @@ The following are the supported values:
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated by changes to the authorization policy, such as the following:
+This policy setting allows you to audit events generated by changes to the authorization policy, such as the following:
- Assignment of user rights (privileges), such as SeCreateTokenPrivilege, that are not audited through the “Authentication Policy Change” subcategory.
- Removal of user rights (privileges), such as SeCreateTokenPrivilege, that are not audited through the “Authentication Policy Change” subcategory.
- Changes in the Encrypted File System (EFS) policy.
@@ -3806,10 +4135,10 @@ GP Info:
The following are the supported values:
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
@@ -3828,31 +4157,38 @@ The following are the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
+
@@ -3866,7 +4202,7 @@ The following are the supported values:
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated by changes to the Windows Filtering Platform (WFP), such as the following:
+This policy setting allows you to audit events generated by changes to the Windows Filtering Platform (WFP), such as the following:
- IPsec services status.
- Changes to IPsec policy settings.
- Changes to Windows Firewall policy settings.
@@ -3885,10 +4221,10 @@ GP Info:
The following are the supported values:
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
@@ -3907,31 +4243,38 @@ The following are the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
+
@@ -3945,7 +4288,7 @@ The following are the supported values:
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated by changes in policy rules used by the Microsoft Protection Service (MPSSVC). This service is used by Windows Firewall.
+This policy setting allows you to audit events generated by changes in policy rules used by the Microsoft Protection Service (MPSSVC). This service is used by Windows Firewall.
Events include the following:
- Reporting of active policies when Windows Firewall service starts.
- Changes to Windows Firewall rules.
@@ -3967,10 +4310,10 @@ GP Info:
The following are the supported values:
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
@@ -3989,31 +4332,38 @@ The following are the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
+
@@ -4027,7 +4377,7 @@ The following are the supported values:
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated by other security policy changes that are not audited in the policy change category, such as the following:
+This policy setting allows you to audit events generated by other security policy changes that are not audited in the policy change category, such as the following:
- Trusted Platform Module (TPM) configuration changes.
- Kernel-mode cryptographic self tests.
- Cryptographic provider operations.
@@ -4045,10 +4395,10 @@ GP Info:
The following are the supported values:
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
@@ -4067,31 +4417,38 @@ The following are the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
+
@@ -4105,7 +4462,7 @@ The following are the supported values:
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit changes in the security audit policy settings, such as the following:
+This policy setting allows you to audit changes in the security audit policy settings, such as the following:
- Settings permissions and audit settings on the Audit Policy object.
- Changes to the system audit policy.
- Registration of security event sources.
@@ -4128,10 +4485,10 @@ GP Info:
The following are the supported values:
-- 0 — Off/None
-- 1 (default) — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0—Off/None
+- 1 (default)—Success
+- 2—Failure
+- 3—Success+Failure
@@ -4150,31 +4507,38 @@ The following are the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
+
@@ -4188,7 +4552,7 @@ The following are the supported values:
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated by the use of non-sensitive privileges (user rights).
+This policy setting allows you to audit events generated by the use of non-sensitive privileges (user rights).
The following privileges are non-sensitive:
- Access Credential Manager as a trusted caller.
- Access this computer from the network.
@@ -4234,10 +4598,10 @@ GP Info:
The following are the supported values:
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
@@ -4255,31 +4619,38 @@ The following are the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
+
@@ -4304,10 +4675,10 @@ GP Info:
The following are the supported values:
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
@@ -4325,31 +4696,38 @@ The following are the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
+
@@ -4363,7 +4741,7 @@ The following are the supported values:
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated when sensitive privileges (user rights) are used, such as the following:
+This policy setting allows you to audit events generated when sensitive privileges (user rights) are used, such as the following:
- A privileged service is called.
- One of the following privileges are called:
- Act as part of the operating system.
@@ -4393,10 +4771,10 @@ GP Info:
The following are the supported values:
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
@@ -4414,31 +4792,38 @@ The following are the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
+
@@ -4452,7 +4837,7 @@ The following are the supported values:
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated by the IPsec filter driver, such as the following:
+This policy setting allows you to audit events generated by the IPsec filter driver, such as the following:
- Startup and shutdown of the IPsec services.
- Network packets dropped due to integrity check failure.
- Network packets dropped due to replay check failure.
@@ -4473,10 +4858,10 @@ GP Info:
The following are the supported values:
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
@@ -4495,31 +4880,38 @@ The following are the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
+
@@ -4533,7 +4925,7 @@ The following are the supported values:
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit any of the following events:
+This policy setting allows you to audit any of the following events:
- Startup and shutdown of the Windows Firewall service and driver.
- Security policy processing by the Windows Firewall Service.
- Cryptography key file and migration operations.
@@ -4548,10 +4940,10 @@ GP Info:
The following are the supported values:
-- 0 — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 (default) — Success+Failure
+- 0—Off/None
+- 1—Success
+- 2—Failure
+- 3 (default)—Success+Failure
@@ -4570,31 +4962,38 @@ The following are the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
+
@@ -4608,7 +5007,7 @@ The following are the supported values:
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated by changes in the security state of the computer, such as the following events:
+This policy setting allows you to audit events generated by changes in the security state of the computer, such as the following events:
- Startup and shutdown of the computer.
- Change of system time.
- Recovering the system from CrashOnAuditFail, which is logged after a system restarts when the security event log is full and the CrashOnAuditFail registry entry is configured.
@@ -4623,10 +5022,10 @@ GP Info:
The following are the supported values:
-- 0 — Off/None
-- 1 (default) — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0—Off/None
+- 1 (default)—Success
+- 2—Failure
+- 3—Success+Failure
@@ -4645,31 +5044,38 @@ The following are the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
+
@@ -4683,7 +5089,7 @@ The following are the supported values:
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events related to security system extensions or services, such as the following:
+This policy setting allows you to audit events related to security system extensions or services, such as the following:
- A security system extension, such as an authentication, notification, or security package is loaded and is registered with the Local Security Authority (LSA). It is used to authenticate logon attempts, submit logon requests, and any account or password changes. Examples of security system extensions are Kerberos and NTLM.
- A service is installed and registered with the Service Control Manager. The audit log contains information about the service name, binary, type, start type, and service account.
@@ -4700,10 +5106,10 @@ GP Info:
The following are the supported values:
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
@@ -4722,31 +5128,38 @@ The following are the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
+
@@ -4760,7 +5173,7 @@ The following are the supported values:
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events that violate the integrity of the security subsystem, such as the following:
+This policy setting allows you to audit events that violate the integrity of the security subsystem, such as the following:
- Events that could not be written to the event log because of a problem with the auditing system.
- A process that uses a local procedure call (LPC) port that is not valid in an attempt to impersonate a client by replying, reading, or writing to or from a client address space.
- The detection of a Remote Procedure Call (RPC) that compromises system integrity.
@@ -4777,10 +5190,10 @@ GP Info:
The following are the supported values:
-- 0 — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 (default) — Success+Failure
+- 0—Off/None
+- 1—Success
+- 2—Failure
+- 3 (default)—Success+Failure
@@ -4792,15 +5205,6 @@ The following are the supported values:
-Footnotes:
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-authentication.md b/windows/client-management/mdm/policy-csp-authentication.md
index 490bc43255..83bbd6d38f 100644
--- a/windows/client-management/mdm/policy-csp-authentication.md
+++ b/windows/client-management/mdm/policy-csp-authentication.md
@@ -59,31 +59,38 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
3
+
Yes
+
Yes
Business
-
3
+
Yes
+
Yes
Enterprise
-
3
+
Yes
+
Yes
Education
-
3
+
Yes
+
Yes
+
@@ -97,7 +104,7 @@ manager: dansimp
-Added in Windows 10, version 1709. Specifies whether password reset is enabled for Azure Active Directory accounts. This policy allows the Azure AD tenant administrators to enable self service password reset feature on the windows logon screen.
+Specifies whether password reset is enabled for Azure Active Directory accounts. This policy allows the Azure AD tenant administrators to enable self service password reset feature on the windows logon screen.
@@ -117,31 +124,38 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -175,31 +189,38 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -235,31 +256,38 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
3
+
Yes
+
Yes
Business
-
3
+
Yes
+
Yes
Enterprise
-
3
+
Yes
+
Yes
Education
-
3
+
Yes
+
Yes
+
@@ -273,7 +301,7 @@ The following list shows the supported values:
-Preview release in Windows 10, version 1709. Supported in the next release. Specifies whether Fast Identity Online (FIDO) device can be used to sign on. This policy enables the Windows logon credential provider for FIDO 2.0
+Supported in the next release. Specifies whether Fast Identity Online (FIDO) device can be used to sign on. This policy enables the Windows logon credential provider for FIDO 2.0
Value type is integer.
@@ -297,31 +325,38 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
1
+
No
+
No
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
+
@@ -335,7 +370,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1607. Allows secondary authentication devices to work with Windows.
+Allows secondary authentication devices to work with Windows.
The default for this policy must be on for consumer devices (defined as local or Microsoft account connected device) and off for enterprise devices (such as cloud domain-joined, cloud domain-joined in an on-premises only environment, cloud domain-joined in a hybrid environment, and BYOD).
@@ -367,31 +402,38 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
4
+
Yes
+
Yes
Business
-
4
+
Yes
+
Yes
Enterprise
-
4
+
Yes
+
Yes
Education
-
4
+
Yes
+
Yes
+
@@ -405,7 +447,7 @@ The following list shows the supported values:
-Available in Windows 10, version 1803. Specifies the list of domains that are allowed to be navigated to in AAD PIN reset and Web Sign-in Windows device scenarios where authentication is handled by AD FS or a third-party federated identity provider. Note this policy is required in federated environments as a mitigation to the vulnerability described in [CVE-2021-27092](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27092).
+Specifies the list of domains that are allowed to be navigated to in AAD PIN reset and Web Sign-in Windows device scenarios where authentication is handled by AD FS or a third-party federated identity provider. Note this policy is required in federated environments as a mitigation to the vulnerability described in [CVE-2021-27092](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27092).
**Example**: If your organization's PIN reset or Web Sign-in authentication flow is expected to navigate to two domains, accounts.contoso.com and signin.contoso.com, the policy value should be "accounts.contoso.com;signin.contoso.com".
@@ -429,31 +471,38 @@ Available in Windows 10, version 1803. Specifies the list of domains that are al
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
5
+
Yes
+
Yes
Business
-
5
+
Yes
+
Yes
Enterprise
-
5
+
Yes
+
Yes
Education
-
5
+
Yes
+
Yes
+
@@ -501,31 +550,38 @@ Value type is integer. Supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
5
+
Yes
+
Yes
Business
-
5
+
Yes
+
Yes
Enterprise
-
5
+
Yes
+
Yes
Education
-
5
+
Yes
+
Yes
+
@@ -573,31 +629,38 @@ Value type is integer. Supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
5
+
Yes
+
Yes
Business
-
5
+
Yes
+
Yes
Enterprise
-
5
+
Yes
+
Yes
Education
-
5
+
Yes
+
Yes
+
@@ -631,15 +694,6 @@ Value type is string.
-Footnotes:
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-autoplay.md b/windows/client-management/mdm/policy-csp-autoplay.md
index 0eca05d2bb..0223d28d59 100644
--- a/windows/client-management/mdm/policy-csp-autoplay.md
+++ b/windows/client-management/mdm/policy-csp-autoplay.md
@@ -14,6 +14,12 @@ manager: dansimp
# Policy CSP - Autoplay
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -42,31 +48,38 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -88,12 +101,7 @@ If you enable this policy setting, AutoPlay is not allowed for MTP devices like
If you disable or do not configure this policy setting, AutoPlay is enabled for non-volume devices.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -113,31 +121,38 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -168,12 +183,7 @@ b) Revert back to pre-Windows Vista behavior of automatically executing the auto
If you disable or not configure this policy setting, Windows Vista or later will prompt the user whether autorun command is to be run.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -193,31 +203,38 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -249,12 +266,7 @@ If you disable or do not configure this policy setting, AutoPlay is enabled.
Note: This policy setting appears in both the Computer Configuration and User Configuration folders. If the policy settings conflict, the policy setting in Computer Configuration takes precedence over the policy setting in User Configuration.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -267,16 +279,7 @@ ADMX Info:
-Footnotes:
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-bitlocker.md b/windows/client-management/mdm/policy-csp-bitlocker.md
index 03fcf174ca..c629f2ed81 100644
--- a/windows/client-management/mdm/policy-csp-bitlocker.md
+++ b/windows/client-management/mdm/policy-csp-bitlocker.md
@@ -39,31 +39,38 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -95,15 +102,6 @@ The following list shows the supported values:
-Footnotes:
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-bits.md b/windows/client-management/mdm/policy-csp-bits.md
index 02abb3111c..087a16f215 100644
--- a/windows/client-management/mdm/policy-csp-bits.md
+++ b/windows/client-management/mdm/policy-csp-bits.md
@@ -57,31 +57,38 @@ If BITS/BandwidthThrottlingStartTime or BITS/BandwidthThrottlingEndTime are NOT
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
5
+
Yes
+
Yes
Pro
-
5
+
Yes
+
Yes
Business
-
+
No
+
No
Enterprise
-
5
+
Yes
+
Yes
Education
-
5
+
Yes
+
Yes
+
@@ -107,7 +114,8 @@ Using the three policies together (BandwidthThrottlingStartTime, BandwidthThrott
If you disable or do not configure this policy setting, BITS uses all available unused bandwidth.
-Note: You should base the limit on the speed of the network link, not the computer's network interface card (NIC). This policy setting does not affect peer caching transfers between peer computers (it does affect transfers from the origin server); the "Limit the maximum network bandwidth used for Peercaching" policy setting should be used for that purpose.
+> [!NOTE]
+> You should base the limit on the speed of the network link, not the computer's network interface card (NIC). This policy setting does not affect peer caching transfers between peer computers (it does affect transfers from the origin server); the "Limit the maximum network bandwidth used for Peercaching" policy setting should be used for that purpose.
Consider using this setting to prevent BITS transfers from competing for network bandwidth when the client computer has a fast network card (10Mbs), but is connected to the network via a slow link (56Kbs).
@@ -140,28 +148,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
5
+
Yes
+
Yes
Pro
-
5
+
Yes
+
Yes
Business
-
+
No
+
No
Enterprise
-
5
+
Yes
+
Yes
Education
-
5
+
Yes
+
Yes
@@ -190,7 +204,8 @@ Using the three policies together (BandwidthThrottlingStartTime, BandwidthThrott
If you disable or do not configure this policy setting, BITS uses all available unused bandwidth.
-Note: You should base the limit on the speed of the network link, not the computer's network interface card (NIC). This policy setting does not affect peer caching transfers between peer computers (it does affect transfers from the origin server); the "Limit the maximum network bandwidth used for Peercaching" policy setting should be used for that purpose.
+> [!NOTE]
+> You should base the limit on the speed of the network link, not the computer's network interface card (NIC). This policy setting does not affect peer caching transfers between peer computers (it does affect transfers from the origin server); the "Limit the maximum network bandwidth used for Peercaching" policy setting should be used for that purpose.
Consider using this setting to prevent BITS transfers from competing for network bandwidth when the client computer has a fast network card (10Mbs), but is connected to the network via a slow link (56Kbs).
@@ -223,28 +238,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
5
+
Yes
+
Yes
Pro
-
5
+
Yes
+
Yes
Business
-
+
No
+
No
Enterprise
-
5
+
Yes
+
Yes
Education
-
5
+
Yes
+
Yes
@@ -273,7 +294,8 @@ Using the three policies together (BandwidthThrottlingStartTime, BandwidthThrott
If you disable or do not configure this policy setting, BITS uses all available unused bandwidth.
-Note: You should base the limit on the speed of the network link, not the computer's network interface card (NIC). This policy setting does not affect peer caching transfers between peer computers (it does affect transfers from the origin server); the "Limit the maximum network bandwidth used for Peercaching" policy setting should be used for that purpose.
+> [!NOTE]
+> You should base the limit on the speed of the network link, not the computer's network interface card (NIC). This policy setting does not affect peer caching transfers between peer computers (it does affect transfers from the origin server); the "Limit the maximum network bandwidth used for Peercaching" policy setting should be used for that purpose.
Consider using this setting to prevent BITS transfers from competing for network bandwidth when the client computer has a fast network card (10Mbs), but is connected to the network via a slow link (56Kbs).
@@ -306,28 +328,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
5
+
Yes
+
Yes
Pro
-
5
+
Yes
+
Yes
Business
-
+
No
+
No
Enterprise
-
5
+
Yes
+
Yes
Education
-
5
+
Yes
+
Yes
@@ -384,28 +412,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
5
+
Yes
+
Yes
Pro
-
5
+
Yes
+
Yes
Business
-
+
No
+
No
Enterprise
-
5
+
Yes
+
Yes
Education
-
5
+
Yes
+
Yes
@@ -462,28 +496,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
5
+
Yes
+
Yes
Pro
-
5
+
Yes
+
Yes
Business
-
+
No
+
No
Enterprise
-
5
+
Yes
+
Yes
Education
-
5
+
Yes
+
Yes
@@ -540,16 +580,7 @@ Supported values range: 0 - 999
-Footnotes:
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-bluetooth.md b/windows/client-management/mdm/policy-csp-bluetooth.md
index 6426fba5e8..c209021556 100644
--- a/windows/client-management/mdm/policy-csp-bluetooth.md
+++ b/windows/client-management/mdm/policy-csp-bluetooth.md
@@ -52,31 +52,38 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -114,31 +121,38 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -176,31 +190,38 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
+
@@ -234,31 +255,38 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
4
+
Yes
+
Yes
Business
-
4
+
Yes
+
Yes
Enterprise
-
4
+
Yes
+
Yes
Education
-
4
+
Yes
+
Yes
+
@@ -272,7 +300,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1803. This policy allows the IT admin to block users on these managed devices from using Swift Pair and other proximity based scenarios.
+This policy allows the IT admin to block users on these managed devices from using Swift Pair and other proximity based scenarios.
@@ -292,31 +320,38 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -347,31 +382,38 @@ If this policy is not set or it is deleted, the default local radio name is used
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -385,7 +427,7 @@ If this policy is not set or it is deleted, the default local radio name is used
-Added in Windows 10, version 1511. Set a list of allowable services and profiles. String hex formatted array of Bluetooth service UUIDs in canonical format, delimited by semicolons. For example, {782AFCFC-7CAA-436C-8BF0-78CD0FFBD4AF}.
+Set a list of allowable services and profiles. String hex formatted array of Bluetooth service UUIDs in canonical format, delimited by semicolons. For example, {782AFCFC-7CAA-436C-8BF0-78CD0FFBD4AF}.
The default value is an empty string. For more information, see [ServicesAllowedList usage guide](#servicesallowedlist-usage-guide)
@@ -400,31 +442,38 @@ The default value is an empty string. For more information, see [ServicesAllowed
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
8
+
Yes
+
Yes
Business
-
8
+
Yes
+
Yes
Enterprise
-
8
+
Yes
+
Yes
Education
-
8
+
Yes
+
Yes
+
@@ -438,7 +487,7 @@ The default value is an empty string. For more information, see [ServicesAllowed
-Added in Windows 10, version 2004. There are multiple levels of encryption strength when pairing Bluetooth devices. This policy helps prevent weaker devices cryptographically being used in high security environments.
+There are multiple levels of encryption strength when pairing Bluetooth devices. This policy helps prevent weaker devices cryptographically being used in high security environments.
@@ -458,16 +507,7 @@ For more information on allowed key sizes, refer to Bluetooth Core Specification
-Footnotes:
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md
index 14cd612597..adb1bec8af 100644
--- a/windows/client-management/mdm/policy-csp-browser.md
+++ b/windows/client-management/mdm/policy-csp-browser.md
@@ -201,31 +201,38 @@ ms.localizationpriority: medium
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
+
@@ -272,31 +279,38 @@ Most restricted value: 0
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -351,31 +365,38 @@ To verify AllowAutofill is set to 0 (not allowed):
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
4
+
Yes
+
Yes
Business
-
4
+
Yes
+
Yes
Enterprise
-
4
+
Yes
+
Yes
Education
-
4
+
Yes
+
Yes
+
@@ -420,31 +441,38 @@ Supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -499,31 +527,38 @@ To verify AllowCookies is set to 0 (not allowed):
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -539,7 +574,7 @@ To verify AllowCookies is set to 0 (not allowed):
> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
+> This policy is only enforced in Windows for desktop and not supported in Windows Mobile.
[!INCLUDE [allow-developer-tools-shortdesc](../includes/allow-developer-tools-shortdesc.md)]
@@ -570,31 +605,38 @@ Most restricted value: 0
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -648,31 +690,38 @@ To verify AllowDoNotTrack is set to 0 (not allowed):
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
+
@@ -717,31 +766,38 @@ Supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -786,31 +842,38 @@ Supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
+
@@ -858,31 +921,38 @@ Most restricted value: 1
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
5
+
Yes
+
Yes
Business
-
5
+
Yes
+
Yes
Enterprise
-
5
+
Yes
+
Yes
Education
-
5
+
Yes
+
Yes
+
@@ -935,31 +1005,38 @@ Most restricted value: 0
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -1004,31 +1081,38 @@ Most restricted value: 0
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
+
@@ -1077,31 +1161,38 @@ Most restricted value: 0
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -1155,31 +1246,38 @@ To verify AllowPasswordManager is set to 0 (not allowed):
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -1233,31 +1331,38 @@ To verify AllowPopups is set to 0 (not allowed):
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
5
+
Yes
+
Yes
Business
-
5
+
Yes
+
Yes
Enterprise
-
5
+
Yes
+
Yes
Education
-
5
+
Yes
+
Yes
+
@@ -1311,31 +1416,38 @@ Most restricted value: 0
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
5
+
Yes
+
Yes
Business
-
5
+
Yes
+
Yes
Enterprise
-
5
+
Yes
+
Yes
Education
-
5
+
Yes
+
Yes
+
@@ -1388,31 +1500,38 @@ Most restricted value: 0
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
5
+
Yes
+
Yes
Business
-
5
+
Yes
+
Yes
Enterprise
-
5
+
Yes
+
Yes
Education
-
5
+
Yes
+
Yes
+
@@ -1465,31 +1584,38 @@ Most restricted value: 0
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
+
@@ -1540,31 +1666,38 @@ Most restricted value: 0
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -1610,31 +1743,38 @@ Most restricted value: 0
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
5
+
Yes
+
Yes
Business
-
5
+
Yes
+
Yes
Enterprise
-
5
+
Yes
+
Yes
Education
-
5
+
Yes
+
Yes
+
@@ -1687,31 +1827,38 @@ Most restricted value: 0
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -1764,31 +1911,38 @@ To verify AllowSmartScreen is set to 0 (not allowed):
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
5
+
Yes
+
Yes
Business
-
5
+
Yes
+
Yes
Enterprise
-
5
+
Yes
+
Yes
Education
-
5
+
Yes
+
Yes
+
@@ -1840,31 +1994,38 @@ Most restricted value: 1
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
5
+
Yes
+
Yes
Business
-
5
+
Yes
+
Yes
Enterprise
-
5
+
Yes
+
Yes
Education
-
5
+
Yes
+
Yes
+
@@ -1916,31 +2077,38 @@ Supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
4
+
Yes
+
Yes
Business
-
4
+
Yes
+
Yes
Enterprise
-
4
+
Yes
+
Yes
Education
-
4
+
Yes
+
Yes
+
@@ -1988,31 +2156,38 @@ Most restricted value: 0
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
+
@@ -2068,31 +2243,38 @@ To verify that browsing data is cleared on exit (ClearBrowsingDataOnExit is set
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
+
@@ -2143,31 +2325,38 @@ Most restricted value: 0
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
5
+
Yes
+
Yes
Business
-
5
+
Yes
+
Yes
Enterprise
-
5
+
Yes
+
Yes
Education
-
5
+
Yes
+
Yes
+
@@ -2220,31 +2409,38 @@ Supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
5
+
Yes
+
Yes
Business
-
5
+
Yes
+
Yes
Enterprise
-
5
+
Yes
+
Yes
Education
-
5
+
Yes
+
Yes
+
@@ -2301,31 +2497,38 @@ Supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
5
+
Yes
+
Yes
Business
-
5
+
Yes
+
Yes
Enterprise
-
5
+
Yes
+
Yes
Education
-
5
+
Yes
+
Yes
+
@@ -2385,31 +2588,38 @@ Supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
5
+
Yes
+
Yes
Business
-
5
+
Yes
+
Yes
Enterprise
-
5
+
Yes
+
Yes
Education
-
5
+
Yes
+
Yes
+
@@ -2464,31 +2674,38 @@ Supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
5
+
Yes
+
Yes
Business
-
5
+
Yes
+
Yes
Enterprise
-
5
+
Yes
+
Yes
Education
-
5
+
Yes
+
Yes
+
@@ -2553,31 +2770,38 @@ Supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
5
+
Yes
+
Yes
Business
-
5
+
Yes
+
Yes
Enterprise
-
5
+
Yes
+
Yes
Education
-
5
+
Yes
+
Yes
+
@@ -2631,31 +2855,38 @@ Most restricted value: 0
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
+
@@ -2707,31 +2938,38 @@ Most restricted value: 0
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
4
+
Yes
+
Yes
Business
-
4
+
Yes
+
Yes
Enterprise
-
4
+
Yes
+
Yes
Education
-
4
+
Yes
+
Yes
+
@@ -2776,31 +3014,38 @@ Most restricted value: 0
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -2819,7 +3064,7 @@ Most restricted value: 0
[!INCLUDE [configure-enterprise-mode-site-list-shortdesc](../includes/configure-enterprise-mode-site-list-shortdesc.md)]
> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
+> This policy is only enforced in Windows for desktop and not supported in Windows Mobile.
@@ -2851,31 +3096,38 @@ Supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -2904,31 +3156,38 @@ Supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -2944,7 +3203,7 @@ Supported values:
> [!NOTE]
-> This policy is only available for Windows 10 for desktop and not supported in Windows 10 Mobile.
+> This policy is only available for Windows for desktop and not supported in Windows Mobile.
[!INCLUDE [configure-start-pages-shortdesc](../includes/configure-start-pages-shortdesc.md)]
@@ -2989,31 +3248,38 @@ Supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
3
+
Yes
+
Yes
Business
-
3
+
Yes
+
Yes
Enterprise
-
3
+
Yes
+
Yes
Education
-
3
+
Yes
+
Yes
+
@@ -3060,31 +3326,38 @@ Most restricted value: 1
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -3129,31 +3402,38 @@ Most restricted value: 1
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
5
+
Yes
+
Yes
Business
-
5
+
Yes
+
Yes
Enterprise
-
5
+
Yes
+
Yes
Education
-
5
+
Yes
+
Yes
+
@@ -3204,31 +3484,38 @@ Most restricted value: 1
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
+
@@ -3274,31 +3561,38 @@ Most restricted value: 1
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
+
@@ -3344,31 +3638,38 @@ Most restricted value: 1
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -3412,31 +3713,38 @@ Most restricted value: 1
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -3481,31 +3789,38 @@ Most restricted value: 1
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
5
+
Yes
+
Yes
Business
-
5
+
Yes
+
Yes
Enterprise
-
5
+
Yes
+
Yes
Education
-
5
+
Yes
+
Yes
+
@@ -3556,31 +3871,38 @@ Supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -3596,7 +3918,7 @@ Supported values:
> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
+> This policy is only enforced in Windows for desktop and not supported in Windows Mobile.
[!INCLUDE [prevent-using-localhost-ip-address-for-webrtc-shortdesc](../includes/prevent-using-localhost-ip-address-for-webrtc-shortdesc.md)]
@@ -3627,31 +3949,38 @@ Most restricted value: 1
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
3
+
Yes
+
Yes
Business
-
3
+
Yes
+
Yes
Enterprise
-
3
+
Yes
+
Yes
Education
-
3
+
Yes
+
Yes
+
@@ -3705,31 +4034,38 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -3748,7 +4084,7 @@ ADMX Info:
[!INCLUDE [send-all-intranet-sites-to-ie-shortdesc](../includes/send-all-intranet-sites-to-ie-shortdesc.md)]
> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
+> This policy is only enforced in Windows for desktop and not supported in Windows Mobile.
@@ -3779,31 +4115,38 @@ Most restricted value: 0
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
+
@@ -3857,31 +4200,38 @@ Most restricted value: 1
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
5
+
Yes
+
Yes
Business
-
5
+
Yes
+
Yes
Enterprise
-
5
+
Yes
+
Yes
Education
-
5
+
Yes
+
Yes
+
@@ -3932,31 +4282,38 @@ Supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
5
+
Yes
+
Yes
Business
-
5
+
Yes
+
Yes
Enterprise
-
5
+
Yes
+
Yes
Education
-
5
+
Yes
+
Yes
+
@@ -4006,31 +4363,38 @@ Supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -4049,7 +4413,7 @@ Supported values:
> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
+> This policy is only enforced in Windows for desktop and not supported in Windows Mobile.
@@ -4079,31 +4443,38 @@ Most restricted value: 0
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -4123,7 +4494,7 @@ By default, a notification will be presented to the user informing them of this
With this policy, you can either allow (default) or suppress this notification.
> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
+> This policy is only enforced in Windows for desktop and not supported in Windows Mobile.
@@ -4142,36 +4513,43 @@ Supported values:
-**Browser/SyncFavoritesBetweenIEAndMicrosoftEdge**
+Browser/SyncFavoritesBetweenIEAndMicrosoftEdge
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
+
@@ -4192,7 +4570,7 @@ Supported values:
[!INCLUDE [keep-favorites-in-sync-between-ie-and-edge-shortdesc](../includes/keep-favorites-in-sync-between-ie-and-edge-shortdesc.md)]
> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
+> This policy is only enforced in Windows for desktop and not supported in Windows Mobile.
@@ -4230,31 +4608,38 @@ To verify that favorites are in synchronized between Internet Explorer and Micro
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
5
+
Yes
+
Yes
Business
-
5
+
Yes
+
Yes
Enterprise
-
5
+
Yes
+
Yes
Education
-
5
+
Yes
+
Yes
+
@@ -4305,31 +4690,38 @@ Supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
4
+
Yes
+
Yes
Business
-
4
+
Yes
+
Yes
Enterprise
-
4
+
Yes
+
Yes
Education
-
4
+
Yes
+
Yes
+
@@ -4367,15 +4759,6 @@ Most restricted value: 0
-Footnotes:
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-camera.md b/windows/client-management/mdm/policy-csp-camera.md
index 22a1a37ce3..3ac207a7e5 100644
--- a/windows/client-management/mdm/policy-csp-camera.md
+++ b/windows/client-management/mdm/policy-csp-camera.md
@@ -36,31 +36,38 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -97,16 +104,7 @@ The following list shows the supported values:
-Footnotes:
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-cellular.md b/windows/client-management/mdm/policy-csp-cellular.md
index 7e776b0469..17a6da62e3 100644
--- a/windows/client-management/mdm/policy-csp-cellular.md
+++ b/windows/client-management/mdm/policy-csp-cellular.md
@@ -14,6 +14,12 @@ manager: dansimp
# Policy CSP - Cellular
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -48,31 +54,39 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
3
+
Yes
+
Yes
Business
-
3
+
Yes
+
Yes
Enterprise
-
3
+
Yes
+
Yes
Education
-
3
+
Yes
+
Yes
+
+
@@ -86,7 +100,7 @@ manager: dansimp
-Added in Windows 10, version 1709. This policy setting specifies whether Windows apps can access cellular data.
+This policy setting specifies whether Windows apps can access cellular data.
You can specify either a default setting for all apps or a per-app setting by specifying a Package Family Name. You can get the Package Family Name for an app by using the Get-AppPackage Windows PowerShell cmdlet. A per-app setting overrides the default setting.
@@ -128,31 +142,38 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
3
+
Yes
+
Yes
Business
-
3
+
Yes
+
Yes
Enterprise
-
3
+
Yes
+
Yes
Education
-
3
+
Yes
+
Yes
+
@@ -166,7 +187,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1709. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to cellular data. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps. Value type is string.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to cellular data. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps. Value type is string.
@@ -188,31 +209,38 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
3
+
Yes
+
Yes
Business
-
3
+
Yes
+
Yes
Enterprise
-
3
+
Yes
+
Yes
Education
-
3
+
Yes
+
Yes
+
@@ -226,7 +254,7 @@ ADMX Info:
-Added in Windows 10, version 1709. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to cellular data. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps. Value type is string.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to cellular data. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps. Value type is string.
@@ -248,31 +276,38 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
3
+
Yes
+
Yes
Business
-
3
+
Yes
+
Yes
Enterprise
-
3
+
Yes
+
Yes
Education
-
3
+
Yes
+
Yes
+
@@ -286,7 +321,7 @@ ADMX Info:
-Added in Windows 10, version 1709. List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the cellular data access setting for the listed apps. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps. Value type is string.
+List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the cellular data access setting for the listed apps. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps. Value type is string.
@@ -308,31 +343,38 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -352,12 +394,7 @@ If this policy setting is enabled, a drop-down list box presenting possible valu
If this policy setting is disabled or is not configured, the link to the per-application cellular access control page is showed by default.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -370,16 +407,7 @@ ADMX Info:
-Footnotes:
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-connectivity.md b/windows/client-management/mdm/policy-csp-connectivity.md
index 90a5286d6f..356d8123f7 100644
--- a/windows/client-management/mdm/policy-csp-connectivity.md
+++ b/windows/client-management/mdm/policy-csp-connectivity.md
@@ -14,6 +14,14 @@ manager: dansimp
# Policy CSP - Connectivity
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
@@ -73,31 +81,38 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -139,31 +154,38 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -198,31 +220,38 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -277,31 +306,38 @@ To validate on mobile devices, do the following:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
Yes
+
Yes
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
+
@@ -318,7 +354,7 @@ To validate on mobile devices, do the following:
> [!NOTE]
> This policy requires reboot to take effect.
-Added in Windows 10, version 1703. Allows IT Admins the ability to disable the Connected Devices Platform (CDP) component. CDP enables discovery and connection to other devices (either proximally with BT/LAN or through the cloud) to support remote app launching, remote messaging, remote app sessions, and other cross-device experiences.
+Allows IT Admins the ability to disable the Connected Devices Platform (CDP) component. CDP enables discovery and connection to other devices (either proximally with BT/LAN or through the cloud) to support remote app launching, remote messaging, remote app sessions, and other cross-device experiences.
@@ -338,31 +374,38 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
4
+
Yes
+
Yes
Business
-
4
+
Yes
+
Yes
Enterprise
-
4
+
Yes
+
Yes
Education
-
4
+
Yes
+
Yes
+
@@ -376,7 +419,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1803. This policy allows IT admins to turn off the ability to Link a Phone with a PC to continue tasks, such as reading, email, and other tasks that require linking between Phone and PC.
+This policy allows IT admins to turn off the ability to Link a Phone with a PC to continue tasks, such as reading, email, and other tasks that require linking between Phone and PC.
If you enable this policy setting, the Windows device will be able to enroll in Phone-PC linking functionality and participate in 'Continue on PC experiences'. If you disable this policy setting, the Windows device is not allowed to be linked to phones, will remove itself from the device list of any linked Phones, and cannot participate in 'Continue on PC experiences'.
If you do not configure this policy setting, the default behavior depends on the Windows edition. Changes to this policy take effect on reboot.
@@ -413,31 +456,38 @@ Device that has previously opt-in to MMX will also stop showing on the device li
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
No
+
No
Education
-
+
No
+
No
+
@@ -478,31 +528,38 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -538,31 +595,38 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -598,31 +662,38 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -649,12 +720,7 @@ If you disable or do not configure this policy setting, users can choose to prin
Also, see the "Web-based printing" policy setting in Computer Configuration/Administrative Templates/Printers.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there is a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -674,31 +740,38 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -723,12 +796,7 @@ If you enable this policy setting, print drivers cannot be downloaded over HTTP.
If you disable or do not configure this policy setting, users can download print drivers over HTTP.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there is a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -748,31 +816,38 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -797,12 +872,7 @@ If you disable or do not configure this policy setting, a list of providers are
See the documentation for the web publishing and online ordering wizards for more information, including details on specifying service providers in the registry.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there is a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -822,31 +892,38 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
+
@@ -860,7 +937,7 @@ ADMX Info:
-Added in Windows 10, version 1703. Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to to determine if the device can communicate with the Internet. This policy disables the NCSI active probe, preventing network connectivity to www.msftconnecttest.com.
+Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to to determine if the device can communicate with the Internet. This policy disables the NCSI active probe, preventing network connectivity to www.msftconnecttest.com.
Value type is integer.
@@ -883,31 +960,38 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -926,12 +1010,7 @@ This policy setting configures secure access to UNC paths.
If you enable this policy, Windows only allows access to the specified UNC paths after fulfilling additional security requirements.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there is a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -951,31 +1030,38 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -998,12 +1084,7 @@ The Network Bridge allows users to create a layer 2 MAC bridge, enabling them to
If you disable this setting or do not configure it, the user will be able to create and modify the configuration of a Network Bridge. Enabling this setting does not remove an existing Network Bridge from the user's computer.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there is a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1017,16 +1098,6 @@ ADMX Info:
-Footnotes:
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-- 9 - Available in Windows 10, version 2009.
diff --git a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
index b1e5575610..f9aea239a4 100644
--- a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
+++ b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
@@ -35,31 +35,38 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
4
+
Yes
+
Yes
Business
-
4
+
Yes
+
Yes
Enterprise
-
4
+
Yes
+
Yes
Education
-
4
+
Yes
+
Yes
+
@@ -73,7 +80,7 @@ manager: dansimp
-Added in Windows 10, version 1803. This policy allows the IT admin to control which policy will be used whenever both the MDM policy and its equivalent Group Policy (GP) are set on the device.
+This policy allows the IT admin to control which policy will be used whenever both the MDM policy and its equivalent Group Policy (GP) are set on the device.
> [!NOTE]
> MDMWinsOverGP only applies to policies in Policy CSP. MDM policies win over Group Policies where applicable; not all Group Policies are available via MDM or CSP. It does not apply to other MDM settings with equivalent GP settings that are defined in other CSPs.
@@ -117,15 +124,6 @@ The following list shows the supported values:
-Footnotes:
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-credentialproviders.md b/windows/client-management/mdm/policy-csp-credentialproviders.md
index cf333911ba..d4a0c57801 100644
--- a/windows/client-management/mdm/policy-csp-credentialproviders.md
+++ b/windows/client-management/mdm/policy-csp-credentialproviders.md
@@ -14,6 +14,12 @@ manager: dansimp
# Policy CSP - CredentialProviders
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -42,31 +48,38 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -86,17 +99,13 @@ If you enable this policy setting, a domain user can set up and sign in with a c
If you disable or don't configure this policy setting, a domain user can't set up and use a convenience PIN.
-Note: The user's domain password will be cached in the system vault when using this feature.
+> [!NOTE]
+> The user's domain password will be cached in the system vault when using this feature.
To configure Windows Hello for Business, use the Administrative Template policies under Windows Hello for Business.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -116,31 +125,38 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -163,12 +179,7 @@ If you disable or don't configure this policy setting, a domain user can set up
Note that the user's domain password will be cached in the system vault when using this feature.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -188,31 +199,38 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
3
+
Yes
+
Yes
Business
-
3
+
Yes
+
Yes
Enterprise
-
3
+
Yes
+
Yes
Education
-
3
+
Yes
+
Yes
+
@@ -226,7 +244,7 @@ ADMX Info:
-Added in Windows 10, version 1709. Boolean policy to disable the visibility of the credential provider that triggers the PC refresh on a device. This policy does not actually trigger the refresh. The admin user is required to authenticate to trigger the refresh on the target device.
+Boolean policy to disable the visibility of the credential provider that triggers the PC refresh on a device. This policy does not actually trigger the refresh. The admin user is required to authenticate to trigger the refresh on the target device.
The Autopilot Reset feature allows admin to reset devices to a known good managed state while preserving the management enrollment. After the Autopilot Reset is triggered the devices are for ready for use by information workers or students.
@@ -241,16 +259,7 @@ The following list shows the supported values:
-Footnotes:
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-credentialsdelegation.md b/windows/client-management/mdm/policy-csp-credentialsdelegation.md
index d4806508e7..a02c13b489 100644
--- a/windows/client-management/mdm/policy-csp-credentialsdelegation.md
+++ b/windows/client-management/mdm/policy-csp-credentialsdelegation.md
@@ -14,6 +14,12 @@ manager: dansimp
# Policy CSP - CredentialsDelegation
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -36,31 +42,38 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -83,12 +96,7 @@ If you enable this policy setting, the host supports Restricted Admin or Remote
If you disable or do not configure this policy setting, Restricted Administration and Remote Credential Guard mode are not supported. User will always need to pass their credentials to the host.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -101,16 +109,7 @@ ADMX Info:
-Footnotes:
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-credentialsui.md b/windows/client-management/mdm/policy-csp-credentialsui.md
index 5fdff42127..0d294e4618 100644
--- a/windows/client-management/mdm/policy-csp-credentialsui.md
+++ b/windows/client-management/mdm/policy-csp-credentialsui.md
@@ -14,7 +14,12 @@ manager: dansimp
# Policy CSP - CredentialsUI
-
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -39,31 +44,38 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -89,12 +101,7 @@ By default, the password reveal button is displayed after a user types a passwor
The policy applies to all Windows components and applications that use the Windows system controls, including Internet Explorer.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -114,31 +121,38 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -159,12 +173,7 @@ If you enable this policy setting, all local administrator accounts on the PC wi
If you disable this policy setting, users will always be required to type a user name and password to elevate.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -177,16 +186,7 @@ ADMX Info:
-Footnotes:
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-cryptography.md b/windows/client-management/mdm/policy-csp-cryptography.md
index 88e34b4df9..66af935c69 100644
--- a/windows/client-management/mdm/policy-csp-cryptography.md
+++ b/windows/client-management/mdm/policy-csp-cryptography.md
@@ -39,31 +39,38 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -108,31 +115,38 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -164,16 +178,7 @@ Lists the Cryptographic Cipher Algorithms allowed for SSL connections. Format is
-Footnotes:
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-dataprotection.md b/windows/client-management/mdm/policy-csp-dataprotection.md
index afbff9a990..ed9a1f87c4 100644
--- a/windows/client-management/mdm/policy-csp-dataprotection.md
+++ b/windows/client-management/mdm/policy-csp-dataprotection.md
@@ -39,31 +39,38 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -99,31 +106,38 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
Yes
+
Yes
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -150,15 +164,6 @@ Setting used by Windows 8.1 Selective Wipe.
-Footnotes:
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-datausage.md b/windows/client-management/mdm/policy-csp-datausage.md
index 652bf56c3c..9fcd657539 100644
--- a/windows/client-management/mdm/policy-csp-datausage.md
+++ b/windows/client-management/mdm/policy-csp-datausage.md
@@ -14,7 +14,12 @@ manager: dansimp
# Policy CSP - DataUsage
-
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -52,31 +57,38 @@ This policy is deprecated in Windows 10, version 1809.
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -103,12 +115,7 @@ If this policy setting is enabled, a drop-down list box presenting possible cost
If this policy setting is disabled or is not configured, the cost of 4G connections is Fixed by default.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -121,16 +128,7 @@ ADMX Info:
-Footnotes:
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md
index c7445826de..fddac52c0c 100644
--- a/windows/client-management/mdm/policy-csp-defender.md
+++ b/windows/client-management/mdm/policy-csp-defender.md
@@ -156,31 +156,38 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
Yes
+
Yes
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -226,31 +233,38 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
Yes
+
Yes
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -296,31 +310,38 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
Yes
+
Yes
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -367,31 +388,38 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
Yes
+
Yes
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -437,31 +465,38 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
Yes
+
Yes
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -507,31 +542,38 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
Yes
+
Yes
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -577,31 +619,38 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
Yes
+
Yes
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -647,31 +696,38 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
Yes
+
Yes
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -709,31 +765,38 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
Yes
+
Yes
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -779,31 +842,38 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
Yes
+
Yes
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -849,31 +919,38 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
Yes
+
Yes
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -919,31 +996,38 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
Yes
+
Yes
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -981,31 +1065,38 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
Yes
+
Yes
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -1051,31 +1142,38 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
3
+
Yes
+
Yes
Pro
-
3
+
Yes
+
Yes
Business
-
3
+
Yes
+
Yes
Enterprise
-
3
+
Yes
+
Yes
Education
-
3
+
Yes
+
Yes
+
@@ -1093,7 +1191,7 @@ The following list shows the supported values:
> This policy is only enforced in Windows 10 for desktop.
-Added in Windows 10, version 1709. This policy setting allows you to prevent Attack Surface reduction rules from matching on files under the paths specified or for the fully qualified resources specified. Paths should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of a path or a fully qualified resource name. As an example, a path might be defined as: "c:\Windows" to exclude all files in this directory. A fully qualified resource name might be defined as: "C:\Windows\App.exe"..
+This policy setting allows you to prevent Attack Surface reduction rules from matching on files under the paths specified or for the fully qualified resources specified. Paths should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of a path or a fully qualified resource name. As an example, a path might be defined as: "c:\Windows" to exclude all files in this directory. A fully qualified resource name might be defined as: "C:\Windows\App.exe"..
Value type is string.
@@ -1117,31 +1215,38 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
3
+
Yes
+
Yes
Pro
-
3
+
Yes
+
Yes
Business
-
3
+
Yes
+
Yes
Enterprise
-
3
+
Yes
+
Yes
Education
-
3
+
Yes
+
Yes
+
@@ -1159,7 +1264,7 @@ ADMX Info:
> This policy is only enforced in Windows 10 for desktop.
-Added in Windows 10, version 1709. This policy setting enables setting the state (Block/Audit/Off) for each Attack surface reduction (ASR) rule. Each ASR rule listed can be set to one of the following states (Block/Audit/Off). The ASR rule ID and state should be added under the Options for this setting. Each entry must be listed as a name value pair. The name defines a valid ASR rule ID, while the value contains the status ID indicating the status of the rule.
+This policy setting enables setting the state (Block/Audit/Off) for each Attack surface reduction (ASR) rule. Each ASR rule listed can be set to one of the following states (Block/Audit/Off). The ASR rule ID and state should be added under the Options for this setting. Each entry must be listed as a name value pair. The name defines a valid ASR rule ID, while the value contains the status ID indicating the status of the rule.
For more information about ASR rule ID and status ID, see [Enable Attack Surface Reduction](/windows/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction).
@@ -1185,31 +1290,38 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
Yes
+
Yes
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -1256,31 +1368,38 @@ Valid values: 0–100
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
5
+
Yes
+
Yes
Pro
-
5
+
Yes
+
Yes
Business
-
5
+
Yes
+
Yes
Enterprise
-
5
+
Yes
+
Yes
Education
-
5
+
Yes
+
Yes
+
@@ -1338,31 +1457,38 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
3
+
Yes
+
Yes
Pro
-
3
+
Yes
+
Yes
Business
-
3
+
Yes
+
Yes
Enterprise
-
3
+
Yes
+
Yes
Education
-
3
+
Yes
+
Yes
+
@@ -1380,7 +1506,7 @@ ADMX Info:
> This policy is only enforced in Windows 10 for desktop.
-Added in Windows 10, version 1709. This policy setting determines how aggressive Microsoft Defender Antivirus will be in blocking and scanning suspicious files. Value type is integer.
+This policy setting determines how aggressive Microsoft Defender Antivirus will be in blocking and scanning suspicious files. Value type is integer.
If this setting is on, Microsoft Defender Antivirus will be more aggressive when identifying suspicious files to block and scan; otherwise, it will be less aggressive and therefore block and scan with less frequency.
@@ -1418,31 +1544,38 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
3
+
Yes
+
Yes
Pro
-
3
+
Yes
+
Yes
Business
-
3
+
Yes
+
Yes
Enterprise
-
3
+
Yes
+
Yes
Education
-
3
+
Yes
+
Yes
+
@@ -1459,7 +1592,7 @@ The following list shows the supported values:
> [!NOTE]
> This policy is only enforced in Windows 10 for desktop.
-Added in Windows 10, version 1709. This feature allows Microsoft Defender Antivirus to block a suspicious file for up to 60 seconds, and scan it in the cloud to make sure it's safe. Value type is integer, range is 0 - 50.
+This feature allows Microsoft Defender Antivirus to block a suspicious file for up to 60 seconds, and scan it in the cloud to make sure it's safe. Value type is integer, range is 0 - 50.
The typical cloud check timeout is 10 seconds. To enable the extended cloud check feature, specify the extended time in seconds, up to an additional 50 seconds.
@@ -1488,31 +1621,38 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
3
+
Yes
+
Yes
Pro
-
3
+
Yes
+
Yes
Business
-
3
+
Yes
+
Yes
Enterprise
-
3
+
Yes
+
Yes
Education
-
3
+
Yes
+
Yes
+
@@ -1551,31 +1691,38 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
3
+
Yes
+
Yes
Pro
-
3
+
Yes
+
Yes
Business
-
3
+
Yes
+
Yes
Enterprise
-
3
+
Yes
+
Yes
Education
-
3
+
Yes
+
Yes
+
@@ -1592,7 +1739,7 @@ ADMX Info:
> [!NOTE]
> This policy is only enforced in Windows 10 for desktop. The previous name was GuardedFoldersList and changed to ControlledFolderAccessProtectedFolders.
-Added in Windows 10, version 1709. This policy settings allows adding user-specified folder locations to the controlled folder access feature. These folders will complement the system defined folders such as My Documents and My Pictures. The list of system folders will be displayed in the user interface and can not be changed. Value type is string. Use the | as the substring separator.
+This policy settings allows adding user-specified folder locations to the controlled folder access feature. These folders will complement the system defined folders such as My Documents and My Pictures. The list of system folders will be displayed in the user interface and can not be changed. Value type is string. Use the | as the substring separator.
@@ -1614,31 +1761,38 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
Yes
+
Yes
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -1685,31 +1839,38 @@ Valid values: 0–90
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
5
+
Yes
+
Yes
Pro
-
5
+
Yes
+
Yes
Business
-
5
+
Yes
+
Yes
Enterprise
-
5
+
Yes
+
Yes
Education
-
5
+
Yes
+
Yes
+
@@ -1765,31 +1926,38 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
5
+
Yes
+
Yes
Pro
-
5
+
Yes
+
Yes
Business
-
5
+
Yes
+
Yes
Enterprise
-
5
+
Yes
+
Yes
Education
-
5
+
Yes
+
Yes
+
@@ -1845,31 +2013,38 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
3
+
Yes
+
Yes
Pro
-
3
+
Yes
+
Yes
Business
-
3
+
Yes
+
Yes
Enterprise
-
3
+
Yes
+
Yes
Education
-
3
+
Yes
+
Yes
+
@@ -1886,7 +2061,7 @@ ADMX Info:
> [!NOTE]
> This policy is only enforced in Windows 10 for desktop. The previous name was EnableGuardMyFolders and changed to EnableControlledFolderAccess.
-Added in Windows 10, version 1709. This policy enables setting the state (On/Off/Audit) for the controlled folder access feature. The controlled folder access feature removes modify and delete permissions from untrusted applications to certain folders such as My Documents. Value type is integer and the range is 0 - 2.
+This policy enables setting the state (On/Off/Audit) for the controlled folder access feature. The controlled folder access feature removes modify and delete permissions from untrusted applications to certain folders such as My Documents. Value type is integer and the range is 0 - 2.
@@ -1916,31 +2091,38 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
5
+
Yes
+
Yes
Pro
-
5
+
Yes
+
Yes
Business
-
5
+
Yes
+
Yes
Enterprise
-
5
+
Yes
+
Yes
Education
-
5
+
Yes
+
Yes
+
@@ -1994,31 +2176,38 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
3
+
Yes
+
Yes
Pro
-
3
+
Yes
+
Yes
Business
-
3
+
Yes
+
Yes
Enterprise
-
3
+
Yes
+
Yes
Education
-
3
+
Yes
+
Yes
+
@@ -2035,7 +2224,7 @@ ADMX Info:
> [!NOTE]
> This policy is only enforced in Windows 10 for desktop.
-Added in Windows 10, version 1709. This policy allows you to turn network protection on (block/audit) or off. Network protection protects employees using any app from accessing phishing scams, exploit-hosting sites, and malicious content on the Internet. This includes preventing third-party browsers from connecting to dangerous sites. Value type is integer.
+This policy allows you to turn network protection on (block/audit) or off. Network protection protects employees using any app from accessing phishing scams, exploit-hosting sites, and malicious content on the Internet. This includes preventing third-party browsers from connecting to dangerous sites. Value type is integer.
If you enable this setting, network protection is turned on and employees can't turn it off. Its behavior can be controlled by the following options: Block and Audit.
If you enable this policy with the ""Block"" option, users/apps will be blocked from connecting to dangerous domains. You will be able to see this activity in Windows Defender Security Center.
@@ -2071,31 +2260,38 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
Yes
+
Yes
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -2135,31 +2331,38 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
Yes
+
Yes
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -2199,31 +2402,38 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
Yes
+
Yes
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -2269,31 +2479,38 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
Yes
+
Yes
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -2311,7 +2528,7 @@ ADMX Info:
> This policy is only enforced in Windows 10 for desktop.
-Added in Windows 10, version 1607. Specifies the level of detection for potentially unwanted applications (PUAs). Windows Defender alerts you when potentially unwanted software is being downloaded or attempts to install itself on your computer.
+Specifies the level of detection for potentially unwanted applications (PUAs). Windows Defender alerts you when potentially unwanted software is being downloaded or attempts to install itself on your computer.
> [!NOTE]
> Potentially unwanted applications (PUA) are a category of software that can cause your machine to run slowly, display unexpected ads, or at worst, install other software which might be unexpected or unwanted. By default in Windows 10 (version 2004 and later), Microsoft Defender Antivirus blocks apps that are considered PUA, for Enterprise (E5) devices. For more information about PUA, see [Detect and block potentially unwanted applications](/microsoft-365/security/defender-endpoint/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus).
@@ -2344,31 +2561,38 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
Yes
+
Yes
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -2419,31 +2643,38 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
Yes
+
Yes
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -2490,31 +2721,38 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
Yes
+
Yes
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -2567,31 +2805,38 @@ Valid values: 0–1380
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
Yes
+
Yes
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -2648,31 +2893,38 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
Yes
+
Yes
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -2725,31 +2977,38 @@ Valid values: 0–1380.
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
5
+
Yes
+
Yes
Pro
-
5
+
Yes
+
Yes
Business
-
5
+
Yes
+
Yes
Enterprise
-
5
+
Yes
+
Yes
Education
-
5
+
Yes
+
Yes
+
@@ -2809,31 +3068,38 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
5
+
Yes
+
Yes
Pro
-
5
+
Yes
+
Yes
Business
-
5
+
Yes
+
Yes
Enterprise
-
5
+
Yes
+
Yes
Education
-
5
+
Yes
+
Yes
+
@@ -2888,31 +3154,38 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
Yes
+
Yes
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -2963,31 +3236,38 @@ Valid values: 0–24.
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
Yes
+
Yes
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -3036,31 +3316,38 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
Yes
+
Yes
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -3111,16 +3398,6 @@ ADMX Info:
-Footnotes:
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-- 9 - Available in Windows 10, version 20H2.
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-deliveryoptimization.md b/windows/client-management/mdm/policy-csp-deliveryoptimization.md
index a1644a0373..b889259061 100644
--- a/windows/client-management/mdm/policy-csp-deliveryoptimization.md
+++ b/windows/client-management/mdm/policy-csp-deliveryoptimization.md
@@ -14,6 +14,13 @@ manager: dansimp
# Policy CSP - DeliveryOptimization
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
@@ -123,31 +130,38 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
+
@@ -165,7 +179,7 @@ manager: dansimp
> This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
-Added in Windows 10, version 1607. Specifies the maximum size in GB of Delivery Optimization cache. This policy overrides the DOMaxCacheSize policy. The value 0 (zero) means "unlimited" cache. Delivery Optimization will clear the cache when the device is running low on disk space.
+Specifies the maximum size in GB of Delivery Optimization cache. This policy overrides the DOMaxCacheSize policy. The value 0 (zero) means "unlimited" cache. Delivery Optimization will clear the cache when the device is running low on disk space.
The default value is 10.
@@ -189,31 +203,38 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
+
@@ -231,7 +252,7 @@ ADMX Info:
> This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
-Added in Windows 10, version 1703. Specifies whether the device is allowed to participate in Peer Caching while connected via VPN to the domain network. This means the device can download from or upload to other domain network devices, either on VPN or on the corporate domain network.
+Specifies whether the device is allowed to participate in Peer Caching while connected via VPN to the domain network. This means the device can download from or upload to other domain network devices, either on VPN or on the corporate domain network.
@@ -260,31 +281,38 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
5
+
Yes
+
Yes
Business
-
5
+
Yes
+
Yes
Enterprise
-
5
+
Yes
+
Yes
Education
-
5
+
Yes
+
Yes
+
@@ -332,31 +360,38 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
8
+
Yes
+
Yes
Business
-
8
+
Yes
+
Yes
Enterprise
-
8
+
Yes
+
Yes
Education
-
8
+
Yes
+
Yes
+
@@ -412,31 +447,38 @@ When DHCP Option ID Force (2) is set, the client will query DHCP Option ID 235 a
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
4
+
Yes
+
Yes
Business
-
4
+
Yes
+
Yes
Enterprise
-
4
+
Yes
+
Yes
Education
-
4
+
Yes
+
Yes
+
@@ -450,7 +492,7 @@ When DHCP Option ID Force (2) is set, the client will query DHCP Option ID 235 a
-Added in Windows 10, version 1803. This policy allows you to delay the use of an HTTP source in a background download that is allowed to use peer-to-peer.
+This policy allows you to delay the use of an HTTP source in a background download that is allowed to use peer-to-peer.
After the max delay is reached, the download will resume using HTTP, either downloading the entire payload or complementing the bytes that could not be downloaded from peers. Note that a download that is waiting for peer sources, will appear to be stuck for the end user. The recommended value is 1 hour (3600).
@@ -474,31 +516,38 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
+
@@ -547,31 +596,38 @@ Supported values: 0 - one month (in seconds)
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
+
@@ -618,31 +674,38 @@ Supported values: 0 - one month (in seconds)
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
4
+
Yes
+
Yes
Business
-
4
+
Yes
+
Yes
Enterprise
-
4
+
Yes
+
Yes
Education
-
4
+
Yes
+
Yes
+
@@ -656,7 +719,7 @@ Supported values: 0 - one month (in seconds)
-Added in Windows 10, version 1803. This policy allows you to delay the use of an HTTP source in a foreground (interactive) download that is allowed to use peer-to-peer.
+This policy allows you to delay the use of an HTTP source in a foreground (interactive) download that is allowed to use peer-to-peer.
After the max delay has reached, the download will resume using HTTP, either downloading the entire payload or complementing the bytes that could not be downloaded from Peers.
@@ -692,31 +755,38 @@ The following list shows the supported values as number of seconds:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -766,31 +836,38 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -833,31 +910,38 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
4
+
Yes
+
Yes
Business
-
4
+
Yes
+
Yes
Enterprise
-
4
+
Yes
+
Yes
Education
-
4
+
Yes
+
Yes
+
@@ -871,7 +955,7 @@ ADMX Info:
-Added in Windows 10, version 1803. Set this policy to restrict peer selection to a specific source. Available options are: 1 = AD Site, 2 = Authenticated domain SID, 3 = DHCP Option ID, 4 = DNS Suffix, 5 = AAD.
+Set this policy to restrict peer selection to a specific source. Available options are: 1 = AD Site, 2 = Authenticated domain SID, 3 = DHCP Option ID, 4 = DNS Suffix, 5 = AAD.
When set, the Group ID will be assigned automatically from the selected source.
@@ -913,31 +997,38 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
8
+
Yes
+
Yes
Business
-
8
+
Yes
+
Yes
Enterprise
-
8
+
Yes
+
Yes
Education
-
8
+
Yes
+
Yes
+
@@ -975,28 +1066,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1041,31 +1138,38 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -1130,31 +1234,38 @@ This policy is deprecated. Use [DOMaxForegroundDownloadBandwidth](#deliveryoptim
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
8
+
Yes
+
Yes
Business
-
8
+
Yes
+
Yes
Enterprise
-
8
+
Yes
+
Yes
Education
-
8
+
Yes
+
Yes
+
@@ -1211,31 +1322,38 @@ This policy is deprecated because it only applies to uploads to Internet peers (
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
+
@@ -1253,7 +1371,7 @@ This policy is deprecated because it only applies to uploads to Internet peers (
> This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
-Added in Windows 10, version 1607. Specifies the minimum download QoS (Quality of Service or speed) in KiloBytes/sec for background downloads. This policy affects the blending of peer and HTTP sources. Delivery Optimization complements the download from the HTTP source to achieve the minimum QoS value set.
+Specifies the minimum download QoS (Quality of Service or speed) in KiloBytes/sec for background downloads. This policy affects the blending of peer and HTTP sources. Delivery Optimization complements the download from the HTTP source to achieve the minimum QoS value set.
The default value is 500.
@@ -1277,31 +1395,38 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
+
@@ -1318,7 +1443,7 @@ ADMX Info:
> [!NOTE]
> This policy is only enforced in Windows 10 Pro, Business, Enterprise, and Education editions and not supported in Windows 10 Mobile.
-Added in Windows 10, version 1703. Specifies any value between 1 and 100 (in percentage) to allow the device to upload data to LAN and Group peers while on battery power. Uploads will automatically pause when the battery level drops below the set minimum battery level. The recommended value to set is 40 (for 40%) if you allow uploads on battery.
+Specifies any value between 1 and 100 (in percentage) to allow the device to upload data to LAN and Group peers while on battery power. Uploads will automatically pause when the battery level drops below the set minimum battery level. The recommended value to set is 40 (for 40%) if you allow uploads on battery.
The default value is 0. The value 0 (zero) means "not limited" and the cloud service default value will be used.
@@ -1342,31 +1467,38 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
+
@@ -1384,7 +1516,7 @@ ADMX Info:
> This policy is only enforced in Windows 10 Pro, Business, Enterprise, and Education editions and not supported in Windows 10 Mobile.
-Added in Windows 10, version 1703. Specifies the required minimum disk size (capacity in GB) for the device to use Peer Caching. Recommended values: 64 GB to 256 GB.
+Specifies the required minimum disk size (capacity in GB) for the device to use Peer Caching. Recommended values: 64 GB to 256 GB.
> [!NOTE]
> If the DOMofidyCacheDrive policy is set, the disk size check will apply to the new working directory specified by this policy.
@@ -1411,31 +1543,38 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
+
@@ -1453,7 +1592,7 @@ ADMX Info:
> This policy is only enforced in Windows 10 Pro, Business, Enterprise, and Education editions and not supported in Windows 10 Mobile.
-Added in Windows 10, version 1703. Specifies the minimum content file size in MB enabled to use Peer Caching. Recommended values: 1 MB to 100,000 MB.
+Specifies the minimum content file size in MB enabled to use Peer Caching. Recommended values: 1 MB to 100,000 MB.
The default value is 100 MB.
@@ -1477,31 +1616,38 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
+
@@ -1519,7 +1665,7 @@ ADMX Info:
> This policy is only enforced in Windows 10 Pro, Business, Enterprise, and Education editions and not supported in Windows 10 Mobile.
-Added in Windows 10, version 1703. Specifies the minimum RAM size in GB required to use Peer Caching. For example, if the minimum set is 1 GB, then devices with 1 GB or higher available RAM will be allowed to use Peer caching. Recommended values: 1 GB to 4 GB.
+Specifies the minimum RAM size in GB required to use Peer Caching. For example, if the minimum set is 1 GB, then devices with 1 GB or higher available RAM will be allowed to use Peer caching. Recommended values: 1 GB to 4 GB.
The default value is 4 GB.
@@ -1543,31 +1689,38 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
+
@@ -1585,7 +1738,7 @@ ADMX Info:
> This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
-Added in Windows 10, version 1607. Specifies the drive that Delivery Optimization should use for its cache. The drive location can be specified using environment variables, drive letter or using a full path.
+Specifies the drive that Delivery Optimization should use for its cache. The drive location can be specified using environment variables, drive letter or using a full path.
By default, %SystemDrive% is used to store the cache.
@@ -1609,31 +1762,38 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
+
@@ -1651,7 +1811,7 @@ ADMX Info:
> This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
-Added in Windows 10, version 1607. Specifies the maximum total bytes in GB that Delivery Optimization is allowed to upload to Internet peers in each calendar month.
+Specifies the maximum total bytes in GB that Delivery Optimization is allowed to upload to Internet peers in each calendar month.
The value 0 (zero) means "unlimited"; No monthly upload limit is applied if 0 is set.
@@ -1677,31 +1837,38 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
4
+
Yes
+
Yes
Business
-
4
+
Yes
+
Yes
Enterprise
-
4
+
Yes
+
Yes
Education
-
4
+
Yes
+
Yes
+
@@ -1715,7 +1882,7 @@ ADMX Info:
-Added in Windows 10, version 1803. Specifies the maximum background download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. The default value 0 (zero) means that Delivery Optimization dynamically adjusts to use the available bandwidth for background downloads.
+Specifies the maximum background download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. The default value 0 (zero) means that Delivery Optimization dynamically adjusts to use the available bandwidth for background downloads.
Note that downloads from LAN peers will not be throttled even when this policy is set.
@@ -1752,31 +1919,38 @@ This policy is deprecated. Use [DOPercentageMaxForegroundBandwidth](#deliveryopt
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
4
+
Yes
+
Yes
Business
-
4
+
Yes
+
Yes
Enterprise
-
4
+
Yes
+
Yes
Education
-
4
+
Yes
+
Yes
+
@@ -1790,7 +1964,7 @@ This policy is deprecated. Use [DOPercentageMaxForegroundBandwidth](#deliveryopt
-Added in Windows 10, version 1803. Specifies the maximum foreground download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. The default value 0 (zero) means that Delivery Optimization dynamically adjusts to use the available bandwidth for foreground downloads.
+Specifies the maximum foreground download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. The default value 0 (zero) means that Delivery Optimization dynamically adjusts to use the available bandwidth for foreground downloads.
Note that downloads from LAN peers will not be throttled even when this policy is set.
@@ -1814,31 +1988,38 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
4
+
Yes
+
Yes
Business
-
4
+
Yes
+
Yes
Enterprise
-
4
+
Yes
+
Yes
Education
-
4
+
Yes
+
Yes
+
@@ -1852,7 +2033,7 @@ ADMX Info:
-Added in Windows 10, version 1803. Set this policy to restrict peer selection via selected option.
+Set this policy to restrict peer selection via selected option.
Options available are: 1=Subnet mask (more options will be added in a future release).
Option 1 (Subnet mask) applies to both Download Mode LAN (1) and Group (2).
@@ -1883,31 +2064,38 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
4
+
Yes
+
Yes
Business
-
4
+
Yes
+
Yes
Enterprise
-
4
+
Yes
+
Yes
Education
-
4
+
Yes
+
Yes
+
@@ -1921,15 +2109,10 @@ The following list shows the supported values:
-Added in Windows 10, version 1803. Specifies the maximum background download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth.
+Specifies the maximum background download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1957,31 +2140,38 @@ This policy allows an IT Admin to define the following:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
4
+
Yes
+
Yes
Business
-
4
+
Yes
+
Yes
Enterprise
-
4
+
Yes
+
Yes
Education
-
4
+
Yes
+
Yes
+
@@ -1995,15 +2185,10 @@ This policy allows an IT Admin to define the following:
-Added in Windows 10, version 1803. Specifies the maximum foreground download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth.
+Specifies the maximum foreground download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -2024,16 +2209,6 @@ This policy allows an IT Admin to define the following:
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-desktop.md b/windows/client-management/mdm/policy-csp-desktop.md
index 9a3bcc48ee..1c8ca1f094 100644
--- a/windows/client-management/mdm/policy-csp-desktop.md
+++ b/windows/client-management/mdm/policy-csp-desktop.md
@@ -14,7 +14,12 @@ manager: dansimp
# Policy CSP - Desktop
-
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -36,31 +41,38 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -81,12 +93,7 @@ By default, a user can change the location of their individual profile folders l
If you enable this setting, users are unable to type a new location in the Target box.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -99,16 +106,7 @@ ADMX Info:
-Footnotes:
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-deviceguard.md b/windows/client-management/mdm/policy-csp-deviceguard.md
index 157279f8f5..a7b099ab6f 100644
--- a/windows/client-management/mdm/policy-csp-deviceguard.md
+++ b/windows/client-management/mdm/policy-csp-deviceguard.md
@@ -44,31 +44,38 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
5
+
Yes
+
Yes
Education
-
5
+
Yes
+
Yes
+
@@ -121,31 +128,38 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
3
+
Yes
+
Yes
Education
-
3
+
Yes
+
Yes
+
@@ -159,7 +173,7 @@ ADMX Info:
-Added in Windows 10, version 1709. Turns on virtualization based security(VBS) at the next reboot. virtualization based security uses the Windows Hypervisor to provide support for security services. Value type is integer.
+Turns on virtualization based security(VBS) at the next reboot. virtualization based security uses the Windows Hypervisor to provide support for security services. Value type is integer.
@@ -187,31 +201,38 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
3
+
Yes
+
Yes
Education
-
3
+
Yes
+
Yes
+
@@ -225,7 +246,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1709. This setting lets users turn on Credential Guard with virtualization-based security to help protect credentials at next reboot. Value type is integer.
+This setting lets users turn on Credential Guard with virtualization-based security to help protect credentials at next reboot. Value type is integer.
@@ -255,28 +276,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
3
+
Yes
+
Yes
Education
-
3
+
Yes
+
Yes
@@ -293,7 +320,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1709. Specifies the platform security level at the next reboot. Value type is integer.
+Specifies the platform security level at the next reboot. Value type is integer.
@@ -315,15 +342,6 @@ The following list shows the supported values:
-Footnotes:
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md b/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md
index 35190895c9..2d0bfe0011 100644
--- a/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md
+++ b/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md
@@ -42,31 +42,38 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
+
@@ -106,31 +113,38 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
+
@@ -169,31 +183,38 @@ IT Pros do not need to set this policy. Instead, Microsoft Intune is expected to
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
+
@@ -225,16 +246,7 @@ In most cases, an IT Pro does not need to define this policy. Instead, it is exp
-Footnotes:
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-deviceinstallation.md b/windows/client-management/mdm/policy-csp-deviceinstallation.md
index 013edacaec..c14144ccd7 100644
--- a/windows/client-management/mdm/policy-csp-deviceinstallation.md
+++ b/windows/client-management/mdm/policy-csp-deviceinstallation.md
@@ -14,6 +14,13 @@ ms.localizationpriority: medium
# Policy CSP - DeviceInstallation
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
@@ -59,31 +66,38 @@ ms.localizationpriority: medium
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
5
+
Yes
+
Yes
Business
-
5
+
Yes
+
Yes
Enterprise
-
5
+
Yes
+
Yes
Education
-
5
+
Yes
+
Yes
+
@@ -120,12 +134,7 @@ Peripherals can be specified by their [hardware identity](/windows-hardware/driv
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -183,31 +192,38 @@ To verify that the policy is applied, check C:\windows\INF\setupapi.dev.log and
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
+
@@ -216,7 +232,7 @@ To verify that the policy is applied, check C:\windows\INF\setupapi.dev.log and
> [!div class = "checklist"]
> * Device
-Added in Windows 10, version 1903. Also available in Windows 10, version 1809.
+
@@ -244,12 +260,7 @@ If you disable or do not configure this policy setting, and no other policy sett
Peripherals can be specified by their [device instance ID](/windows-hardware/drivers/install/device-instance-ids). Test the configuration prior to rolling it out to ensure it allows the devices expected. Ideally test various instances of the hardware. For example, test multiple USB keys rather than only one.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -304,31 +315,38 @@ To verify the policy is applied, check C:\windows\INF\setupapi.dev.log and see i
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
5
+
Yes
+
Yes
Business
-
5
+
Yes
+
Yes
Enterprise
-
5
+
Yes
+
Yes
Education
-
5
+
Yes
+
Yes
+
@@ -367,12 +385,7 @@ If you disable or do not configure this policy setting, and no other policy sett
Peripherals can be specified by their [hardware identity](/windows-hardware/drivers/install/device-identification-strings). For a list of common identifier structures, see [Device Identifier Formats](/windows-hardware/drivers/install/device-identifier-formats). Test the configuration prior to rolling it out to ensure it allows the devices expected. Ideally test various instances of the hardware. For example, test multiple USB keys rather than only one.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -437,31 +450,38 @@ To verify that the policy is applied, check C:\windows\INF\setupapi.dev.log and
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
5
+
Yes
+
Yes
Business
-
5
+
Yes
+
Yes
Enterprise
-
5
+
Yes
+
Yes
Education
-
5
+
Yes
+
Yes
+
@@ -500,12 +520,7 @@ Device instance IDs > Device IDs > Device setup class > Removable devices
If you disable or do not configure this policy setting, the default evaluation is used. By default, all "Prevent installation..." policy settings have precedence over any other policy setting that allows Windows to install a device.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -564,31 +579,38 @@ You can also change the evaluation order of device installation policy settings
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
5
+
Yes
+
Yes
Business
-
5
+
Yes
+
Yes
Enterprise
-
5
+
Yes
+
Yes
Education
-
5
+
Yes
+
Yes
+
@@ -609,12 +631,7 @@ If you enable this policy setting, Windows does not retrieve device metadata for
If you disable or do not configure this policy setting, the setting in the Device Installation Settings dialog box controls whether Windows retrieves device metadata from the Internet.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -643,31 +660,38 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
5
+
Yes
+
Yes
Business
-
5
+
Yes
+
Yes
Enterprise
-
5
+
Yes
+
Yes
Education
-
5
+
Yes
+
Yes
+
@@ -691,12 +715,7 @@ If you enable this policy setting, Windows is prevented from installing or updat
If you disable or do not configure this policy setting, Windows is allowed to install or update the driver package for any device that is not described by the "Prevent installation of devices that match any of these device IDs", "Prevent installation of devices for these device classes" policy setting, "Prevent installation of devices that match any of these device instance IDs", or "Prevent installation of removable devices" policy setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -758,31 +777,38 @@ You can also block installation by using a custom profile in Intune.
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -808,12 +834,7 @@ If you disable or do not configure this policy setting, devices can be installed
Peripherals can be specified by their [hardware identity](/windows-hardware/drivers/install/device-identification-strings). For a list of common identifier structures, see [Device Identifier Formats](/windows-hardware/drivers/install/device-identifier-formats). Test the configuration prior to rolling it out to ensure it blocks the devices expected. Ideally test various instances of the hardware. For example, test multiple USB keys rather than only one.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -878,31 +899,38 @@ For example, this custom profile blocks installation and usage of USB devices wi
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
+
@@ -916,7 +944,7 @@ For example, this custom profile blocks installation and usage of USB devices wi
-Added in Windows 10, version 1903. Also available in Windows 10, version 1809. This policy setting allows you to specify a list of Plug and Play device instance IDs for devices that Windows is prevented from installing. This policy setting takes precedence over any other policy setting that allows Windows to install a device.
+This policy setting allows you to specify a list of Plug and Play device instance IDs for devices that Windows is prevented from installing. This policy setting takes precedence over any other policy setting that allows Windows to install a device.
If you enable this policy setting, Windows is prevented from installing a device whose device instance ID appears in the list you create. If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server.
@@ -925,12 +953,7 @@ If you disable or do not configure this policy setting, devices can be installed
Peripherals can be specified by their [device instance ID](/windows-hardware/drivers/install/device-instance-ids). Test the configuration prior to rolling it out to ensure it allows the devices expected. Ideally test various instances of the hardware. For example, test multiple USB keys rather than only one.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1005,31 +1028,38 @@ with
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -1055,12 +1085,7 @@ If you disable or do not configure this policy setting, Windows can install and
Peripherals can be specified by their [hardware identity](/windows-hardware/drivers/install/device-identification-strings). For a list of common identifier structures, see [Device Identifier Formats](/windows-hardware/drivers/install/device-identifier-formats). Test the configuration prior to rolling it out to ensure it blocks the devices expected. Ideally test various instances of the hardware. For example, test multiple USB keys rather than only one.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -1117,15 +1142,6 @@ To verify the policy is applied, check C:\windows\INF\setupapi.dev.log and see i
-Footnotes:
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-devicelock.md b/windows/client-management/mdm/policy-csp-devicelock.md
index 3df3e81293..0288d5c9c7 100644
--- a/windows/client-management/mdm/policy-csp-devicelock.md
+++ b/windows/client-management/mdm/policy-csp-devicelock.md
@@ -75,31 +75,38 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
No
+
No
Education
-
+
No
+
No
+
@@ -139,31 +146,38 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
Yes
+
Yes
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -204,31 +218,38 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
Yes
+
Yes
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -247,7 +268,7 @@ Determines the type of PIN required. This policy only applies if the **DeviceLoc
> [!NOTE]
> This policy must be wrapped in an Atomic command.
>
-> Always use the Replace command instead of Add for this policy in Windows 10 for desktop editions (Home, Pro, Enterprise, and Education).
+> Always use the Replace command instead of Add for this policy in Windows for desktop editions (Home, Pro, Enterprise, and Education).
@@ -275,31 +296,38 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
Yes
+
Yes
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -318,7 +346,7 @@ Specifies whether device lock is enabled.
> [!NOTE]
> This policy must be wrapped in an Atomic command.
>
-> Always use the Replace command instead of Add for this policy in Windows 10 for desktop editions.
+> Always use the Replace command instead of Add for this policy in Windows for desktop editions.
@@ -374,31 +402,38 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
Yes
+
Yes
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -441,31 +476,38 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
Yes
+
Yes
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -508,31 +550,38 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
1
+
Yes
+
Yes
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
+
@@ -546,7 +595,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1607. Specifies the default lock screen and logon image shown when no user is signed in. It also sets the specified image for all users, which replaces the default image. The same image is used for both the lock and logon screens. Users will not be able to change this image.
+Specifies the default lock screen and logon image shown when no user is signed in. It also sets the specified image for all users, which replaces the default image. The same image is used for both the lock and logon screens. Users will not be able to change this image.
> [!NOTE]
> This policy is only enforced in Windows 10 Enterprise and Education editions and not supported in Windows 10 Home and Pro.
@@ -565,31 +614,38 @@ Value type is a string, which is the full image filepath and filename.
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
Yes
+
Yes
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -639,31 +695,38 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
Yes
+
Yes
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -707,31 +770,38 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
Yes
+
Yes
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -750,7 +820,7 @@ The number of complex element types (uppercase and lowercase letters, numbers, a
> [!NOTE]
> This policy must be wrapped in an Atomic command.
>
-> Always use the Replace command instead of Add for this policy in Windows 10 for desktop editions.
+> Always use the Replace command instead of Add for this policy in Windows for desktop editions.
PIN enforces the following behavior for desktop and mobile devices:
@@ -829,31 +899,38 @@ For additional information about this policy, see [Exchange ActiveSync Policy En
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
Yes
+
Yes
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -872,7 +949,7 @@ Specifies the minimum number or characters required in the PIN or password.
> [!NOTE]
> This policy must be wrapped in an Atomic command.
>
-> Always use the Replace command instead of Add for this policy in Windows 10 for desktop editions.
+> Always use the Replace command instead of Add for this policy in Windows for desktop editions.
@@ -922,31 +999,38 @@ The following example shows how to set the minimum password length to 4 characte
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
3
+
Yes
+
Yes
Pro
-
3
+
Yes
+
Yes
Business
-
3
+
Yes
+
Yes
Enterprise
-
3
+
Yes
+
Yes
Education
-
3
+
Yes
+
Yes
+
@@ -983,31 +1067,38 @@ GP Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -1053,31 +1144,38 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
Yes
+
Yes
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
+
@@ -1117,15 +1215,6 @@ ADMX Info:
-Footnotes:
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-display.md b/windows/client-management/mdm/policy-csp-display.md
index 12a6952ffa..d24d5b7075 100644
--- a/windows/client-management/mdm/policy-csp-display.md
+++ b/windows/client-management/mdm/policy-csp-display.md
@@ -48,31 +48,38 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
4
+
Yes
+
Yes
Business
-
4
+
Yes
+
Yes
Enterprise
-
4
+
Yes
+
Yes
Education
-
4
+
Yes
+
Yes
+
@@ -108,31 +115,38 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
4
+
Yes
+
Yes
Business
-
4
+
Yes
+
Yes
Enterprise
-
4
+
Yes
+
Yes
Education
-
4
+
Yes
+
Yes
+
@@ -188,31 +202,38 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
4
+
Yes
+
Yes
Business
-
4
+
Yes
+
Yes
Enterprise
-
4
+
Yes
+
Yes
Education
-
4
+
Yes
+
Yes
+
@@ -248,31 +269,38 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
+
@@ -323,31 +351,38 @@ To validate on Desktop, do the following:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
+
@@ -391,16 +426,7 @@ To validate on Desktop, do the following:
-Footnotes:
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-dmaguard.md b/windows/client-management/mdm/policy-csp-dmaguard.md
index 2ca5164a50..e16f8e14e9 100644
--- a/windows/client-management/mdm/policy-csp-dmaguard.md
+++ b/windows/client-management/mdm/policy-csp-dmaguard.md
@@ -35,31 +35,38 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
5
+
Yes
+
Yes
Business
-
5
+
Yes
+
Yes
Enterprise
-
5
+
Yes
+
Yes
Education
-
5
+
Yes
+
Yes
+
@@ -111,15 +118,6 @@ ADMX Info:
-Footnotes:
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-education.md b/windows/client-management/mdm/policy-csp-education.md
index 7d2b8ebb1e..42ade7935c 100644
--- a/windows/client-management/mdm/policy-csp-education.md
+++ b/windows/client-management/mdm/policy-csp-education.md
@@ -44,31 +44,38 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
8
+
Yes
+
Yes
Pro
-
8
+
Yes
+
Yes
Business
-
8
+
Yes
+
Yes
Enterprise
-
8
+
Yes
+
Yes
Education
-
8
+
Yes
+
Yes
+
@@ -82,7 +89,7 @@ manager: dansimp
-Added in Windows 10, version 2004. This policy setting allows you to control whether graphing functionality is available in the Windows Calculator app. If you disable this policy setting, graphing functionality will not be accessible in the Windows Calculator app. If you enable or don't configure this policy setting, you will be able to access graphing functionality.
+This policy setting allows you to control whether graphing functionality is available in the Windows Calculator app. If you disable this policy setting, graphing functionality will not be accessible in the Windows Calculator app. If you enable or don't configure this policy setting, you will be able to access graphing functionality.
ADMX Info:
@@ -107,31 +114,38 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
3
+
Yes
+
Yes
Business
-
3
+
Yes
+
Yes
Enterprise
-
3
+
Yes
+
Yes
Education
-
3
+
Yes
+
Yes
+
@@ -145,7 +159,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1709. This policy allows IT Admins to set the user's default printer.
+This policy allows IT Admins to set the user's default printer.
The policy value is expected to be the name (network host name) of an installed printer.
@@ -160,31 +174,38 @@ The policy value is expected to be the name (network host name) of an installed
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
3
+
Yes
+
Yes
Business
-
3
+
Yes
+
Yes
Enterprise
-
3
+
Yes
+
Yes
Education
-
3
+
Yes
+
Yes
+
@@ -198,7 +219,7 @@ The policy value is expected to be the name (network host name) of an installed
-Added in Windows 10, version 1709. Allows IT Admins to prevent user installation of additional printers from the printers settings.
+Allows IT Admins to prevent user installation of additional printers from the printers settings.
@@ -226,31 +247,38 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
3
+
Yes
+
Yes
Business
-
3
+
Yes
+
Yes
Enterprise
-
3
+
Yes
+
Yes
Education
-
3
+
Yes
+
Yes
+
@@ -264,7 +292,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1709. Allows IT Admins to automatically provision printers based on their names (network host names).
+Allows IT Admins to automatically provision printers based on their names (network host names).
The policy value is expected to be a `````` separated list of printer names. The OS will attempt to search and install the matching printer driver for each listed printer.
@@ -272,16 +300,7 @@ The policy value is expected to be a `````` separated list of printer na
-Footnotes:
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md
index af07ab44cf..ab1ce55fca 100644
--- a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md
+++ b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md
@@ -51,28 +51,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -89,7 +95,7 @@ manager: dansimp
-Added in Windows 10, version 1703. Specifies the authentication endpoint for acquiring OAuth tokens. This policy must target ./User, otherwise it fails.
+Specifies the authentication endpoint for acquiring OAuth tokens. This policy must target ./User, otherwise it fails.
The datatype is a string.
@@ -106,28 +112,34 @@ The default value is an empty string. Otherwise, the value should contain the UR
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -144,7 +156,7 @@ The default value is an empty string. Otherwise, the value should contain the UR
-Added in Windows 10, version 1703. Specifies the GUID of a client application authorized to retrieve OAuth tokens from the OAuthAuthority. This policy must target ./User, otherwise it fails.
+Specifies the GUID of a client application authorized to retrieve OAuth tokens from the OAuthAuthority. This policy must target ./User, otherwise it fails.
The datatype is a string.
@@ -161,28 +173,34 @@ The default value is an empty string. Otherwise, the value should contain a GUID
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -199,7 +217,7 @@ The default value is an empty string. Otherwise, the value should contain a GUID
-Added in Windows 10, version 1703. Specifies the per-user resource URL for which access is requested by the enterprise cloud print client during OAuth authentication. This policy must target ./User, otherwise it fails.
+Specifies the per-user resource URL for which access is requested by the enterprise cloud print client during OAuth authentication. This policy must target ./User, otherwise it fails.
The datatype is a string.
@@ -216,28 +234,34 @@ The default value is an empty string. Otherwise, the value should contain a URL.
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -254,7 +278,7 @@ The default value is an empty string. Otherwise, the value should contain a URL.
-Added in Windows 10, version 1703. Specifies the per-user end point for discovering cloud printers. This policy must target ./User, otherwise it fails.
+Specifies the per-user end point for discovering cloud printers. This policy must target ./User, otherwise it fails.
The datatype is a string.
@@ -271,28 +295,34 @@ The default value is an empty string. Otherwise, the value should contain the UR
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -309,7 +339,7 @@ The default value is an empty string. Otherwise, the value should contain the UR
-Added in Windows 10, version 1703. Defines the maximum number of printers that should be queried from a discovery end point. This policy must target ./User, otherwise it fails.
+Defines the maximum number of printers that should be queried from a discovery end point. This policy must target ./User, otherwise it fails.
The datatype is an integer.
@@ -324,28 +354,34 @@ The datatype is an integer.
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -362,7 +398,7 @@ The datatype is an integer.
-Added in Windows 10, version 1703. Specifies the per-user resource URL for which access is requested by the Mopria discovery client during OAuth authentication. This policy must target ./User, otherwise it fails.
+Specifies the per-user resource URL for which access is requested by the Mopria discovery client during OAuth authentication. This policy must target ./User, otherwise it fails.
The datatype is a string.
@@ -372,16 +408,6 @@ The default value is an empty string. Otherwise, the value should contain a URL.
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-errorreporting.md b/windows/client-management/mdm/policy-csp-errorreporting.md
index a24a91ef51..9c470e1ddf 100644
--- a/windows/client-management/mdm/policy-csp-errorreporting.md
+++ b/windows/client-management/mdm/policy-csp-errorreporting.md
@@ -14,7 +14,12 @@ manager: dansimp
# Policy CSP - ErrorReporting
-
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -48,28 +53,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -103,12 +114,6 @@ If you enable this policy setting, you can add specific event types to a list by
If you disable or do not configure this policy setting, then the default consent settings that are applied are those specified by the user in Control Panel, or in the Configure Default Consent policy setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -128,28 +133,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -173,12 +184,6 @@ If you enable this policy setting, Windows Error Reporting does not send any pro
If you disable or do not configure this policy setting, the Turn off Windows Error Reporting policy setting in Computer Configuration/Administrative Templates/System/Internet Communication Management/Internet Communication settings takes precedence. If Turn off Windows Error Reporting is also either disabled or not configured, user settings in Control Panel for Windows Error Reporting are applied.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -198,28 +203,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -247,12 +258,6 @@ If you do not configure this policy setting, users can change this setting in Co
See also the Configure Error Reporting policy setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -272,28 +277,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -317,12 +328,6 @@ If you enable this policy setting, any additional data requests from Microsoft i
If you disable or do not configure this policy setting, then consent policy settings in Computer Configuration/Administrative Templates/Windows Components/Windows Error Reporting/Consent take precedence.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -342,28 +347,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -387,12 +398,6 @@ If you enable this policy setting, Windows Error Reporting does not display any
If you disable or do not configure this policy setting, Windows Error Reporting displays the user interface for critical errors.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -405,16 +410,6 @@ ADMX Info:
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-eventlogservice.md b/windows/client-management/mdm/policy-csp-eventlogservice.md
index 43366ce6ff..be19cffdee 100644
--- a/windows/client-management/mdm/policy-csp-eventlogservice.md
+++ b/windows/client-management/mdm/policy-csp-eventlogservice.md
@@ -45,28 +45,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -92,12 +98,6 @@ If you disable or do not configure this policy setting and a log file reaches it
Note: Old events may or may not be retained according to the "Backup log automatically when full" policy setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -117,28 +117,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -162,12 +168,6 @@ If you enable this policy setting, you can configure the maximum log file size t
If you disable or do not configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog and it defaults to 20 megabytes.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -187,28 +187,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -232,12 +238,6 @@ If you enable this policy setting, you can configure the maximum log file size t
If you disable or do not configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog and it defaults to 20 megabytes.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -257,28 +257,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -302,12 +308,6 @@ If you enable this policy setting, you can configure the maximum log file size t
If you disable or do not configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog and it defaults to 20 megabytes.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -320,16 +320,6 @@ ADMX Info:
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md
index 61abaceb22..79a75e5fb3 100644
--- a/windows/client-management/mdm/policy-csp-experience.md
+++ b/windows/client-management/mdm/policy-csp-experience.md
@@ -373,7 +373,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1703. This policy turns on Find My Device.
+This policy turns on Find My Device.
When Find My Device is on, the device and its location are registered in the cloud so that the device can be located when the user initiates a Find command from account.microsoft.com. In Windows 10, version 1709 devices that are compatible with active digitizers, enabling Find My Device will also allow the user to view the last location of use of their active digitizer on their device; this location is stored locally on the user's device after each use of their active digitizer.
@@ -610,7 +610,7 @@ The following list shows the supported values:
> [!NOTE]
> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
-Added in Windows 10, version 1703. This policy allows you to prevent Windows from using diagnostic data to provide customized experiences to the user. If you enable this policy setting, Windows will not use diagnostic data from this device to customize content shown on the lock screen, Windows tips, Microsoft consumer features, or other related features. If these features are enabled, users will still see recommendations, tips and offers, but they may be less relevant. If you disable or do not configure this policy setting, Microsoft will use diagnostic data to provide personalized recommendations, tips, and offers to tailor Windows for the user's needs and make it work better for them.
+This policy allows you to prevent Windows from using diagnostic data to provide customized experiences to the user. If you enable this policy setting, Windows will not use diagnostic data from this device to customize content shown on the lock screen, Windows tips, Microsoft consumer features, or other related features. If these features are enabled, users will still see recommendations, tips and offers, but they may be less relevant. If you disable or do not configure this policy setting, Microsoft will use diagnostic data to provide personalized recommendations, tips, and offers to tailor Windows for the user's needs and make it work better for them.
Diagnostic data can include browser, app and feature usage, depending on the "Diagnostic and usage data" setting value.
@@ -925,7 +925,7 @@ The following list shows the supported values:
> [!NOTE]
> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
-Added in Windows 10, version 1703. This policy allows administrators to prevent Windows spotlight notifications from being displayed in the Action Center. If you enable this policy, Windows spotlight notifications will no longer be displayed in the Action Center. If you disable or do not configure this policy, Microsoft may display notifications in the Action Center that will suggest apps or features to help users be more productive on Windows.
+This policy allows administrators to prevent Windows spotlight notifications from being displayed in the Action Center. If you enable this policy, Windows spotlight notifications will no longer be displayed in the Action Center. If you disable or do not configure this policy, Microsoft may display notifications in the Action Center that will suggest apps or features to help users be more productive on Windows.
Most restricted value is 0.
@@ -999,7 +999,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1803. This policy allows IT admins to turn off Suggestions in Settings app. These suggestions from Microsoft may show after each OS clean install, upgrade or an on-going basis to help users discover apps/features on Windows or across devices, to make their experience productive.
+This policy allows IT admins to turn off Suggestions in Settings app. These suggestions from Microsoft may show after each OS clean install, upgrade or an on-going basis to help users discover apps/features on Windows or across devices, to make their experience productive.
- User setting is under Settings -> Privacy -> General -> Show me suggested content in Settings app.
- User Setting is changeable on a per user basis.
@@ -1078,7 +1078,7 @@ The following list shows the supported values:
> [!NOTE]
> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
-Added in Windows 10, version 1703. This policy setting lets you turn off the Windows spotlight Windows welcome experience feature.
+This policy setting lets you turn off the Windows spotlight Windows welcome experience feature.
The Windows welcome experience feature introduces onboard users to Windows; for example, launching Microsoft Edge with a webpage that highlights new features. If you enable this policy, the Windows welcome experience will no longer be displayed when there are updates and changes to Windows and its apps. If you disable or do not configure this policy, the Windows welcome experience will be launched to inform onboard users about what's new, changed, and suggested.
Most restricted value is 0.
@@ -1747,16 +1747,5 @@ Supported values:
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-- 9 - Available in Windows 10, version 20H2.
diff --git a/windows/client-management/mdm/policy-csp-exploitguard.md b/windows/client-management/mdm/policy-csp-exploitguard.md
index e192bd9e82..8e59c287d3 100644
--- a/windows/client-management/mdm/policy-csp-exploitguard.md
+++ b/windows/client-management/mdm/policy-csp-exploitguard.md
@@ -36,28 +36,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
3
+
No
+
No
Pro
-
3
+
Yes
+
Yes
Business
-
3
+
Yes
+
Yes
Enterprise
-
3
+
Yes
+
Yes
Education
-
3
+
Yes
+
Yes
@@ -118,15 +124,5 @@ Here is an example:
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-fileexplorer.md b/windows/client-management/mdm/policy-csp-fileexplorer.md
index 82dce114b4..1c0625e677 100644
--- a/windows/client-management/mdm/policy-csp-fileexplorer.md
+++ b/windows/client-management/mdm/policy-csp-fileexplorer.md
@@ -14,6 +14,12 @@ manager: dansimp
# Policy CSP - FileExplorer
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -39,28 +45,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -80,12 +92,6 @@ manager: dansimp
Disabling data execution prevention can allow certain legacy plug-in applications to function without terminating Explorer.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -105,28 +111,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -145,14 +157,6 @@ ADMX Info:
Disabling heap termination on corruption can allow certain legacy plug-in applications to function without terminating Explorer immediately, although Explorer may still terminate unexpectedly later.
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
ADMX Info:
- GP Friendly name: *Turn off heap termination on corruption*
@@ -164,16 +168,5 @@ ADMX Info:
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-
diff --git a/windows/client-management/mdm/policy-csp-games.md b/windows/client-management/mdm/policy-csp-games.md
index f62143e2a6..8b0c46251d 100644
--- a/windows/client-management/mdm/policy-csp-games.md
+++ b/windows/client-management/mdm/policy-csp-games.md
@@ -36,28 +36,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
3
+
Yes
+
Yes
Business
-
3
+
Yes
+
Yes
Enterprise
-
3
+
Yes
+
Yes
Education
-
3
+
Yes
+
Yes
@@ -87,16 +93,6 @@ The following list shows the supported values:
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-handwriting.md b/windows/client-management/mdm/policy-csp-handwriting.md
index 615be07c90..1051831b08 100644
--- a/windows/client-management/mdm/policy-csp-handwriting.md
+++ b/windows/client-management/mdm/policy-csp-handwriting.md
@@ -36,28 +36,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
3
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
3
+
Yes
+
Yes
Education
-
3
+
Yes
+
Yes
@@ -74,7 +80,7 @@ manager: dansimp
-Added in Windows 10. version 1709. This policy allows an enterprise to configure the default mode for the handwriting panel.
+This policy allows an enterprise to configure the default mode for the handwriting panel.
The handwriting panel has 2 modes - floats near the text box, or docked to the bottom of the screen. The default configuration to is floating near text box. If you want the panel to be fixed or docked, use this policy to fix it to the bottom of the screen.
@@ -101,16 +107,5 @@ The following list shows the supported values:
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-
diff --git a/windows/client-management/mdm/policy-csp-internetexplorer.md b/windows/client-management/mdm/policy-csp-internetexplorer.md
index 8222726809..df389346d7 100644
--- a/windows/client-management/mdm/policy-csp-internetexplorer.md
+++ b/windows/client-management/mdm/policy-csp-internetexplorer.md
@@ -799,6 +799,12 @@ manager: dansimp
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -808,28 +814,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -854,12 +866,6 @@ If you enable this policy setting, the user can add and remove search providers,
If you disable or do not configure this policy setting, the user can configure their list of search providers unless another policy setting restricts such configuration.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -879,28 +885,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -925,12 +937,6 @@ If you enable this policy setting, ActiveX Filtering is enabled by default for t
If you disable or do not configure this policy setting, ActiveX Filtering is not enabled by default for the user. The user can turn ActiveX Filtering on or off.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -950,28 +956,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1002,12 +1014,6 @@ Value - A number indicating whether Internet Explorer should deny or allow the a
If you disable this policy setting, the list is deleted. The 'Deny all add-ons unless specifically allowed in the Add-on List' policy setting will still determine whether add-ons not in this list are assumed to be denied.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1027,28 +1033,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1074,12 +1086,6 @@ If you disable this setting the user cannot change "User name and passwords on f
If you do not configure this setting, the user has the freedom of turning on Auto complete for User name and passwords on forms and the option of prompting to save passwords. To display this option, the users open the Internet Options dialog box, click the Contents Tab and click the Settings button.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1099,28 +1105,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1145,12 +1157,6 @@ If you enable this policy setting, the certificate address mismatch warning alwa
If you disable or do not configure this policy setting, the user can choose whether the certificate address mismatch warning appears (by using the Advanced page in the Internet Control panel).
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1170,28 +1176,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1220,12 +1232,6 @@ If you do not configure this policy setting, it can be configured on the General
If the "Prevent access to Delete Browsing History" policy setting is enabled, this policy setting has no effect.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1245,28 +1251,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1293,12 +1305,6 @@ If you disable this policy setting, Enhanced Protected Mode will be turned off.
If you do not configure this policy, users will be able to turn on or turn off Enhanced Protected Mode on the Advanced tab of the Internet Options dialog.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1318,28 +1324,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
@@ -1366,12 +1378,6 @@ If you disable this policy setting, users do not receive enhanced suggestions wh
If you do not configure this policy setting, users can change the Suggestions setting on the Settings charm.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1402,28 +1408,34 @@ Supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1448,12 +1460,6 @@ If you turn this setting on, users can see and use the Enterprise Mode option fr
If you disable or don't configure this policy setting, the menu option won't appear and users won't be able to run websites in Enterprise Mode.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1473,28 +1479,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1519,12 +1531,6 @@ If you enable this policy setting, Internet Explorer downloads the website list
If you disable or don't configure this policy setting, Internet Explorer opens all websites using Standards mode.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1544,28 +1550,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1591,12 +1603,6 @@ This policy does not affect which security protocols are enabled.
If you disable this policy, system defaults will be used.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1616,28 +1622,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1662,12 +1674,6 @@ If you enable this policy setting, the user can add and remove sites from the li
If you disable or do not configure this policy setting, the user can add and remove sites from the list.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1687,28 +1693,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1735,12 +1747,6 @@ If you disable this policy setting, Internet Explorer uses an Internet Explorer
If you do not configure this policy setting, Internet Explorer uses an Internet Explorer 7 user agent string (with an additional string appended) for local intranet content. Additionally, all local intranet Standards Mode pages appear in Internet Explorer 7 Standards Mode. This option results in the greatest compatibility with existing webpages, but newer content written to common Internet standards may be displayed incorrectly. This option matches the default behavior of Internet Explorer.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1760,28 +1766,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1812,12 +1824,6 @@ Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate
Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1837,28 +1843,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1889,12 +1901,6 @@ Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate
Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1914,28 +1920,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1966,12 +1978,6 @@ Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate
Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1991,28 +1997,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2043,12 +2055,6 @@ Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate
Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -2068,28 +2074,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2120,12 +2132,6 @@ Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate
Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -2145,28 +2151,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2197,12 +2209,6 @@ Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate
Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -2222,28 +2228,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2274,12 +2286,6 @@ Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate
Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -2299,28 +2305,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2345,12 +2357,6 @@ If you enable this policy setting, Internet Explorer goes directly to an intrane
If you disable or do not configure this policy setting, Internet Explorer does not go directly to an intranet site for a one-word entry in the Address bar.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -2370,28 +2376,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
7
+
Yes
+
Yes
Business
-
7
+
Yes
+
Yes
Enterprise
-
7
+
Yes
+
Yes
Education
-
7
+
Yes
+
Yes
@@ -2417,12 +2429,6 @@ This policy setting allows the administrator to enable "Save Target As" context
For more information, see [https://go.microsoft.com/fwlink/?linkid=2102115](/deployedge/edge-ie-mode-faq)
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -2452,28 +2458,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2509,12 +2521,6 @@ If you disable or do not configure this policy, users may choose their own site-
The list is a set of pairs of strings. Each string is separated by F000. Each pair of strings is stored as a registry name and value. The registry name is the site and the value is an index. The index has to be sequential. See an example below.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -2559,28 +2565,34 @@ Value and index pairs in the SyncML example:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2607,12 +2619,6 @@ If you disable this policy setting, users cannot run or install files with an in
If you do not configure this policy, users can choose to run or install files with an invalid signature.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -2632,28 +2638,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2680,12 +2692,6 @@ If you disable this policy setting, the entry points and functionality associate
If you do not configure this policy setting, the user can turn on and turn off the Suggested Sites feature.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -2705,28 +2711,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2757,12 +2769,6 @@ Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate
Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -2782,28 +2788,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2834,12 +2846,6 @@ Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate
Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -2859,28 +2865,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2911,12 +2923,6 @@ Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate
Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -2936,28 +2942,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2984,12 +2996,6 @@ If you disable this policy setting, Internet Explorer will not check server cert
If you do not configure this policy setting, Internet Explorer will not check server certificates to see if they have been revoked.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -3009,28 +3015,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3057,12 +3069,6 @@ If you disable this policy setting, Internet Explorer will not check the digital
If you do not configure this policy, Internet Explorer will not check the digital signatures of executable programs or display their identities before downloading them to user computers.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -3081,28 +3087,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
7
+
Yes
+
Yes
Business
-
7
+
Yes
+
Yes
Enterprise
-
7
+
Yes
+
Yes
Education
-
7
+
Yes
+
Yes
@@ -3147,12 +3159,6 @@ If the Windows Update for the next version of Microsoft Edge* or Microsoft Edge
> For more information about the Windows update for the next version of Microsoft Edge including how to disable it, see [https://go.microsoft.com/fwlink/?linkid=2102115](/deployedge/edge-ie-mode-faq). This update applies only to Windows 10 version 1709 and higher.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -3374,28 +3380,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3424,12 +3436,6 @@ If you disable this policy setting, Internet Explorer will not require consisten
If you do not configure this policy setting, Internet Explorer requires consistent MIME data for all received files.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -3449,28 +3455,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
@@ -3495,12 +3507,6 @@ This setting determines whether IE automatically downloads updated versions of M
If you disable or do not configure this setting, IE continues to download updated versions of VersionList.XML.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -3531,28 +3537,34 @@ Supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3579,12 +3591,6 @@ If you disable, or do not configure this policy setting, Flash is turned on for
Note that Adobe Flash can still be disabled through the "Add-on List" and "Deny all add-ons unless specifically allowed in the Add-on List" policy settings, even if this policy setting is disabled, or not configured. However, if Adobe Flash is disabled through the "Add-on List" and "Deny all add-ons unless specifically allowed in the Add-on List" policy settings and not through this policy setting, all applications that use Internet Explorer technology to instantiate Flash object can still do so. For more information, see "Group Policy Settings in Internet Explorer 10" in the Internet Explorer TechNet library.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -3604,28 +3610,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3650,12 +3662,6 @@ If you enable this policy setting, Windows Defender SmartScreen warnings block t
If you disable or do not configure this policy setting, the user can bypass Windows Defender SmartScreen warnings.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -3675,28 +3681,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3721,12 +3733,6 @@ If you enable this policy setting, Windows Defender SmartScreen warnings block t
If you disable or do not configure this policy setting, the user can bypass Windows Defender SmartScreen warnings.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -3746,28 +3752,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
@@ -3792,12 +3804,6 @@ If you enable this policy setting, the user cannot use the Compatibility View bu
If you disable or do not configure this policy setting, the user can use the Compatibility View button and manage the Compatibility View sites list.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -3828,28 +3834,34 @@ Supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3874,12 +3886,6 @@ If you enable this policy setting, a user cannot set the number of days that Int
If you disable or do not configure this policy setting, a user can set the number of days that Internet Explorer tracks views of pages in the History list. Users can delete browsing history.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -3899,28 +3905,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3945,12 +3957,6 @@ If you enable this policy setting, a crash in Internet Explorer will exhibit beh
If you disable or do not configure this policy setting, the crash detection feature for add-on management will be functional.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -3970,28 +3976,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4018,12 +4030,6 @@ If you disable this policy setting, the user must participate in the CEIP, and t
If you do not configure this policy setting, the user can choose to participate in the CEIP.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -4043,28 +4049,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4093,12 +4105,6 @@ If you do not configure this policy setting, the user can choose whether to dele
If the "Prevent access to Delete Browsing History" policy setting is enabled, this policy setting is enabled by default.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -4118,28 +4124,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4164,12 +4176,6 @@ If you enable this policy setting, the user cannot set the Feed Sync Engine to d
If you disable or do not configure this policy setting, the user can set the Feed Sync Engine to download an enclosure through the Feed property page. A developer can change the download setting through the Feed APIs.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -4189,28 +4195,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4237,12 +4249,6 @@ If you disable or do not configure this policy setting, the user can select whic
Note: SSL 2.0 is off by default and is no longer supported starting with Windows 10 Version 1607. SSL 2.0 is an outdated security protocol, and enabling SSL 2.0 impairs the performance and functionality of TLS 1.0.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -4262,28 +4268,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
@@ -4308,12 +4320,6 @@ If you enable this policy setting, the ability to synchronize feeds and Web Slic
If you disable or do not configure this policy setting, the user can synchronize feeds and Web Slices in the background.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -4344,28 +4350,34 @@ Supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4394,12 +4406,6 @@ Starting with Windows 8, the "Welcome to Internet Explorer" webpage is not avail
If you disable or do not configure this policy setting, Internet Explorer may run the First Run wizard the first time the browser is started after installation.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -4419,28 +4425,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4469,12 +4481,6 @@ If you disable this policy setting, flip ahead with page prediction is turned on
If you don't configure this setting, users can turn this behavior on or off, using the Settings charm.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -4494,28 +4500,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
@@ -4542,12 +4554,6 @@ If you disable this policy setting, browser geolocation support is turned on.
If you do not configure this policy setting, browser geolocation support can be turned on or off in Internet Options on the Privacy tab.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -4578,28 +4584,34 @@ Supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4623,12 +4635,6 @@ If you enable this policy setting, a user cannot set a custom default home page.
If you disable or do not configure this policy setting, the Home page box is enabled and users can choose their own home page.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -4646,28 +4652,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
7
+
Yes
+
Yes
Business
-
7
+
Yes
+
Yes
Enterprise
-
7
+
Yes
+
Yes
Education
-
7
+
Yes
+
Yes
@@ -4699,12 +4711,6 @@ If you disable, or do not configure this policy, all sites are opened using the
> Microsoft Edge Stable Channel must be installed for this policy to take effect.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -4742,28 +4748,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4788,12 +4800,6 @@ If you enable this policy setting, the user cannot continue browsing.
If you disable or do not configure this policy setting, the user can choose to ignore certificate errors and continue browsing.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -4813,28 +4819,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4863,12 +4875,6 @@ If you disable this policy setting, InPrivate Browsing is available for use.
If you do not configure this policy setting, InPrivate Browsing can be turned on or off through the registry.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -4888,28 +4894,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4938,12 +4950,6 @@ If you disable this policy setting, Internet Explorer 11 will use 32-bit tab pro
If you don't configure this policy setting, users can turn this feature on or off using Internet Explorer settings. This feature is turned off by default.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -4963,28 +4969,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -5009,12 +5021,6 @@ If you enable this policy setting, the user will not be able to configure proxy
If you disable or do not configure this policy setting, the user can configure proxy settings.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -5034,28 +5040,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -5080,12 +5092,6 @@ If you enable this policy setting, the user cannot change the default search pro
If you disable or do not configure this policy setting, the user can change the default search provider.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -5105,28 +5111,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -5153,12 +5165,6 @@ If you disable or do not configure this policy setting, the user can add seconda
Note: If the “Disable Changing Home Page Settings” policy is enabled, the user cannot add secondary home pages.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -5178,28 +5184,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -5224,12 +5236,6 @@ If you enable this policy setting, the feature is turned off.
If you disable or do not configure this policy setting, the feature is turned on.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -5249,28 +5255,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -5296,12 +5308,6 @@ If you disable this policy or do not configure it, Internet Explorer checks ever
This policy is intended to help the administrator maintain version control for Internet Explorer by preventing users from being notified about new versions of the browser.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -5321,28 +5327,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
@@ -5369,12 +5381,6 @@ If you disable this policy setting, users are suggested matches when entering We
If you do not configure this policy setting, users can choose to turn the auto-complete setting for web-addresses on or off.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -5405,28 +5411,34 @@ Supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -5455,12 +5467,6 @@ If you enable this policy setting, Internet Explorer will not give the user the
If you disable or do not configure this policy setting, Internet Explorer notifies users and provides an option to run websites with incompatible ActiveX controls in regular Protected Mode. This is the default behavior.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -5480,28 +5486,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -5531,12 +5543,6 @@ Note: The "Disable the Security page" policy (located in \User Configuration\Ad
Also, see the "Security zones: Use only machine settings" policy.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -5556,28 +5562,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -5607,12 +5619,6 @@ Note: The "Disable the Security page" policy (located in \User Configuration\Adm
Also, see the "Security zones: Use only machine settings" policy.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -5632,28 +5638,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -5680,12 +5692,6 @@ If you disable or don't configure this policy setting, Internet Explorer continu
For more information, see "Outdated ActiveX Controls" in the Internet Explorer TechNet library.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -5705,28 +5711,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -5757,12 +5769,6 @@ If you disable or don't configure this policy setting, the list is deleted and I
For more information, see "Outdated ActiveX Controls" in the Internet Explorer TechNet library.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -5782,28 +5788,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -5830,12 +5842,6 @@ If you disable this policy setting, local sites which are not explicitly mapped
If you do not configure this policy setting, users choose whether to force local sites into the Intranet Zone.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -5855,28 +5861,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -5903,12 +5915,6 @@ If you disable this policy setting, network paths are not necessarily mapped int
If you do not configure this policy setting, users choose whether network paths are mapped into the Intranet Zone.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -5928,28 +5934,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -5976,12 +5988,6 @@ If you disable this policy setting, users cannot load a page in the zone that us
If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -6001,28 +6007,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -6049,12 +6061,6 @@ If you disable this policy setting, ActiveX control installations will be blocke
If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -6074,28 +6080,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -6120,12 +6132,6 @@ If you enable this setting, users will receive a file download dialog for automa
If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -6145,28 +6151,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -6195,12 +6207,6 @@ If you disable this policy setting, a script cannot perform a clipboard operatio
If you do not configure this policy setting, a script can perform a clipboard operation.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -6220,28 +6226,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -6268,12 +6280,6 @@ If you disable this policy setting, users are prevented from dragging files or c
If you do not configure this policy setting, users can drag files or copy and paste files from this zone automatically.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -6293,28 +6299,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -6341,12 +6353,6 @@ If you disable this policy setting, HTML fonts are prevented from downloading.
If you do not configure this policy setting, HTML fonts can be downloaded automatically.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -6366,28 +6372,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -6414,12 +6426,6 @@ If you disable this policy setting, the possibly harmful navigations are prevent
If you do not configure this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -6439,28 +6445,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -6487,12 +6499,6 @@ If you disable this policy setting, XAML files are not loaded inside Internet Ex
If you do not configure this policy setting, the user can decide whether to load XAML files inside Internet Explorer.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -6512,28 +6518,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -6560,12 +6572,6 @@ If you disable this policy setting, Internet Explorer will not execute unsigned
If you do not configure this policy setting, Internet Explorer will execute unsigned managed components.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -6585,28 +6591,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -6631,12 +6643,6 @@ If you enable this policy setting, the user is prompted before ActiveX controls
If you disable this policy setting, the user does not see the per-site ActiveX prompt, and ActiveX controls can run from all sites in this zone.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -6656,28 +6662,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -6702,12 +6714,6 @@ If you enable this policy setting, the TDC ActiveX control will not run from web
If you disable this policy setting, the TDC Active X control will run from all sites in this zone.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -6727,28 +6733,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -6775,12 +6787,6 @@ If you disable this policy setting, the possible harmful actions contained in sc
If you do not configure this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -6800,28 +6806,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -6848,12 +6860,6 @@ If you disable this policy setting, script access to the WebBrowser control is n
If you do not configure this policy setting, the user can enable or disable script access to the WebBrowser control. By default, script access to the WebBrowser control is allowed only in the Local Machine and Intranet zones.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -6873,28 +6879,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -6921,12 +6933,6 @@ If you disable this policy setting, the user cannot run scriptlets.
If you do not configure this policy setting, the user can enable or disable scriptlets.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -6946,28 +6952,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -6996,12 +7008,6 @@ If you do not configure this policy setting, the user can choose whether Windows
Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -7021,28 +7027,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -7067,12 +7079,6 @@ If you enable this policy setting, script is allowed to update the status bar.
If you disable or do not configure this policy setting, script is not allowed to update the status bar.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -7092,28 +7098,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -7140,12 +7152,6 @@ If you disable this policy setting, users cannot preserve information in the bro
If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -7165,28 +7171,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -7215,12 +7227,6 @@ If you selected Disable in the drop-down box, VBScript is prevented from running
If you do not configure or disable this policy setting, VBScript is prevented from running.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -7240,28 +7246,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -7288,12 +7300,6 @@ If you disable this policy setting, Internet Explorer always checks with your an
If you don't configure this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer Security settings.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -7313,28 +7319,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -7361,12 +7373,6 @@ If you disable the policy setting, signed controls cannot be downloaded.
If you do not configure this policy setting, users are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -7386,28 +7392,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -7434,12 +7446,6 @@ If you disable this policy setting, users cannot run unsigned controls.
If you do not configure this policy setting, users cannot run unsigned controls.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -7459,28 +7465,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -7505,12 +7517,6 @@ If you enable this policy setting, the XSS Filter is turned on for sites in this
If you disable this policy setting, the XSS Filter is turned off for sites in this zone, and Internet Explorer permits cross-site script injections.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -7530,28 +7536,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -7580,12 +7592,6 @@ In Internet Explorer 10, if you disable this policy setting or do not configure
In Internet Explorer 9 and earlier versions, if you disable this policy or do not configure it, users can drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change this setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -7605,28 +7611,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -7655,12 +7667,6 @@ In Internet Explorer 10, if you disable this policy setting or do not configure
In Internet Explorer 9 and earlier versions, if you disable this policy setting or do not configure it, users can drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting in the Internet Options dialog.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -7680,28 +7686,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -7728,12 +7740,6 @@ If you disable this policy setting, the actions that may be harmful cannot run;
If you do not configure this policy setting, the MIME Sniffing Safety Feature will not apply in this zone.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -7753,28 +7759,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -7801,12 +7813,6 @@ If you disable this policy setting, Protected Mode is turned off. The user canno
If you do not configure this policy setting, the user can turn on or turn off Protected Mode.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -7826,28 +7832,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -7874,12 +7886,6 @@ If you disable this policy setting, path information is removed when the user is
If you do not configure this policy setting, the user can choose whether path information is sent when he or she is uploading a file via an HTML form. By default, path information is sent.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -7899,28 +7905,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -7949,12 +7961,6 @@ If you disable this policy setting, ActiveX controls that cannot be made safe ar
If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -7974,28 +7980,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
1
+
Yes
+
Yes
Pro
-
1
+
Yes
+
Yes
Business
+
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -8015,28 +8027,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -8069,12 +8087,6 @@ If you disable this policy setting, Java applets cannot run.
If you do not configure this policy setting, the permission is set to High Safety.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -8094,28 +8106,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -8142,12 +8160,6 @@ If you disable this policy setting, users are prevented from running application
If you do not configure this policy setting, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -8167,28 +8179,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -8223,12 +8241,6 @@ If you disable this policy setting, logon is set to Automatic logon only in Intr
If you do not configure this policy setting, logon is set to Automatic logon only in Intranet zone.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -8248,28 +8260,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -8296,12 +8314,6 @@ If you disable this policy setting, users cannot open windows and frames to acce
If you do not configure this policy setting, users can open windows and frames from other domains and access applications from other domains.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -8321,28 +8333,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -8369,12 +8387,6 @@ If you disable this policy setting, Internet Explorer will not execute signed ma
If you do not configure this policy setting, Internet Explorer will execute signed managed components.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -8394,28 +8406,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -8442,12 +8460,6 @@ If you disable this policy setting, these files do not open.
If you do not configure this policy setting, the user can configure how the computer handles these files. By default, these files are blocked in the Restricted zone, enabled in the Intranet and Local Computer zones, and set to prompt in the Internet and Trusted zones.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -8467,28 +8479,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -8515,12 +8533,6 @@ If you disable this policy setting, pop-up windows are not prevented from appear
If you do not configure this policy setting, most unwanted pop-up windows are prevented from appearing.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -8540,28 +8552,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -8588,12 +8606,6 @@ If you disable this policy setting, users cannot load a page in the zone that us
If you do not configure this policy setting, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -8613,28 +8625,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -8661,12 +8679,6 @@ If you disable this policy setting, ActiveX control installations will be blocke
If you do not configure this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -8686,28 +8698,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -8732,12 +8750,6 @@ If you enable this setting, users will receive a file download dialog for automa
If you disable or do not configure this setting, users will receive a file download dialog for automatic download attempts.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -8757,28 +8769,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -8805,12 +8823,6 @@ If you disable this policy setting, HTML fonts are prevented from downloading.
If you do not configure this policy setting, HTML fonts can be downloaded automatically.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -8830,28 +8842,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -8878,12 +8896,6 @@ If you disable this policy setting, the possibly harmful navigations are prevent
If you do not configure this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -8903,28 +8915,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -8951,12 +8969,6 @@ If you disable this policy setting, Internet Explorer will not execute unsigned
If you do not configure this policy setting, Internet Explorer will execute unsigned managed components.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -8976,28 +8988,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -9024,12 +9042,6 @@ If you disable this policy setting, the user cannot run scriptlets.
If you do not configure this policy setting, the user can enable or disable scriptlets.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -9049,28 +9061,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -9099,12 +9117,6 @@ If you do not configure this policy setting, the user can choose whether Windows
Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -9124,28 +9136,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -9172,12 +9190,6 @@ If you disable this policy setting, users cannot preserve information in the bro
If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -9197,28 +9209,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -9245,12 +9263,6 @@ If you disable this policy setting, Internet Explorer always checks with your an
If you don't configure this policy setting, Internet Explorer won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer Security settings.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -9270,28 +9282,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -9320,12 +9338,6 @@ If you disable this policy setting, ActiveX controls that cannot be made safe ar
If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -9345,28 +9357,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -9399,12 +9417,6 @@ If you disable this policy setting, Java applets cannot run.
If you do not configure this policy setting, the permission is set to Medium Safety.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -9424,28 +9436,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -9472,12 +9490,6 @@ If you disable this policy setting, users cannot open windows and frames to acce
If you do not configure this policy setting, users can open windows and frames from other domains and access applications from other domains.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -9497,28 +9509,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
7
+
Yes
+
Yes
Business
-
7
+
Yes
+
Yes
Enterprise
-
7
+
Yes
+
Yes
Education
-
7
+
Yes
+
Yes
@@ -9553,12 +9571,6 @@ Related policies:
For more information on how to use this policy together with other related policies to create the optimal configuration for your organization, see [https://go.microsoft.com/fwlink/?linkid=2094210.](/DeployEdge/edge-ie-mode-policies#configure-internet-explorer-integration)
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -9596,28 +9608,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -9644,12 +9662,6 @@ If you disable this policy setting, users cannot load a page in the zone that us
If you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -9669,28 +9681,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -9717,12 +9735,6 @@ If you disable this policy setting, ActiveX control installations will be blocke
If you do not configure this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -9742,28 +9754,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -9788,12 +9806,6 @@ If you enable this setting, users will receive a file download dialog for automa
If you disable or do not configure this setting, users will receive a file download dialog for automatic download attempts.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -9813,28 +9825,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -9861,12 +9879,6 @@ If you disable this policy setting, HTML fonts are prevented from downloading.
If you do not configure this policy setting, HTML fonts can be downloaded automatically.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -9886,28 +9898,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -9934,12 +9952,6 @@ If you disable this policy setting, the possibly harmful navigations are prevent
If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -9959,28 +9971,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -10007,12 +10025,6 @@ If you disable this policy setting, Internet Explorer will not execute unsigned
If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -10032,28 +10044,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -10080,12 +10098,6 @@ If you disable this policy setting, the user cannot run scriptlets.
If you do not configure this policy setting, the user can enable or disable scriptlets.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -10105,28 +10117,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -10155,12 +10173,6 @@ If you do not configure this policy setting, the user can choose whether Windows
Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -10180,28 +10192,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -10228,12 +10246,6 @@ If you disable this policy setting, users cannot preserve information in the bro
If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -10253,28 +10265,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -10301,12 +10319,6 @@ If you disable this policy setting, Internet Explorer always checks with your an
If you don't configure this policy setting, Internet Explorer won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer Security settings.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -10326,28 +10338,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -10376,12 +10394,6 @@ If you disable this policy setting, ActiveX controls that cannot be made safe ar
If you do not configure this policy setting, users are queried whether to allow the control to be loaded with parameters or scripted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -10401,28 +10413,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -10455,12 +10473,6 @@ If you disable this policy setting, Java applets cannot run.
If you do not configure this policy setting, the permission is set to Medium Safety.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -10480,28 +10492,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -10528,12 +10546,6 @@ If you disable this policy setting, users cannot open windows and frames to acce
If you do not configure this policy setting, users can open windows and frames from other domains and access applications from other domains.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -10553,28 +10565,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -10601,12 +10619,6 @@ If you disable this policy setting, users cannot load a page in the zone that us
If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -10626,28 +10638,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -10674,12 +10692,6 @@ If you disable this policy setting, ActiveX control installations will be blocke
If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -10699,28 +10711,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -10745,12 +10763,6 @@ If you enable this setting, users will receive a file download dialog for automa
If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -10770,28 +10782,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -10818,12 +10836,6 @@ If you disable this policy setting, HTML fonts are prevented from downloading.
If you do not configure this policy setting, HTML fonts can be downloaded automatically.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -10843,28 +10855,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -10891,12 +10909,6 @@ If you disable this policy setting, the possibly harmful navigations are prevent
If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -10916,28 +10928,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -10964,12 +10982,6 @@ If you disable this policy setting, Internet Explorer will not execute unsigned
If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -10989,28 +11001,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -11037,12 +11055,6 @@ If you disable this policy setting, the user cannot run scriptlets.
If you do not configure this policy setting, the user can enable or disable scriptlets.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -11062,28 +11074,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -11112,12 +11130,6 @@ If you do not configure this policy setting, the user can choose whether Windows
Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -11137,28 +11149,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -11185,12 +11203,6 @@ If you disable this policy setting, users cannot preserve information in the bro
If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -11210,28 +11222,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -11260,12 +11278,6 @@ If you disable this policy setting, ActiveX controls that cannot be made safe ar
If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -11285,28 +11297,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -11339,12 +11357,6 @@ If you disable this policy setting, Java applets cannot run.
If you do not configure this policy setting, Java applets are disabled.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -11364,28 +11376,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -11412,12 +11430,6 @@ If you disable this policy setting, users cannot open windows and frames to acce
If you do not configure this policy setting, users can open windows and frames from other domains and access applications from other domains.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -11437,28 +11449,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -11491,12 +11509,6 @@ If you disable this policy setting, Java applets cannot run.
If you do not configure this policy setting, Java applets are disabled.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -11516,28 +11528,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -11564,12 +11582,6 @@ If you disable this policy setting, users cannot load a page in the zone that us
If you do not configure this policy setting, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -11589,28 +11601,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -11637,12 +11655,6 @@ If you disable this policy setting, ActiveX control installations will be blocke
If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -11662,28 +11674,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -11708,12 +11726,6 @@ If you enable this setting, users will receive a file download dialog for automa
If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -11733,28 +11745,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -11781,12 +11799,6 @@ If you disable this policy setting, HTML fonts are prevented from downloading.
If you do not configure this policy setting, HTML fonts can be downloaded automatically.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -11806,28 +11818,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -11854,12 +11872,6 @@ If you disable this policy setting, the possibly harmful navigations are prevent
If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -11879,28 +11891,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -11927,12 +11945,6 @@ If you disable this policy setting, Internet Explorer will not execute unsigned
If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -11952,28 +11964,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -12000,12 +12018,6 @@ If you disable this policy setting, the user cannot run scriptlets.
If you do not configure this policy setting, the user can enable or disable scriptlets.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -12025,28 +12037,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -12075,12 +12093,6 @@ If you do not configure this policy setting, the user can choose whether Windows
Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -12100,28 +12112,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -12148,12 +12166,6 @@ If you disable this policy setting, users cannot preserve information in the bro
If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -12173,28 +12185,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -12223,12 +12241,6 @@ If you disable this policy setting, ActiveX controls that cannot be made safe ar
If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -12248,28 +12260,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -12296,12 +12314,6 @@ If you disable this policy setting, users cannot open windows and frames to acce
If you do not configure this policy setting, users can open windows and frames from other domains and access applications from other domains.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -12321,28 +12333,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -12369,12 +12387,6 @@ If you disable this policy setting, users cannot load a page in the zone that us
If you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -12394,28 +12406,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -12442,12 +12460,6 @@ If you disable this policy setting, ActiveX control installations will be blocke
If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -12467,28 +12479,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -12513,12 +12531,6 @@ If you enable this setting, users will receive a file download dialog for automa
If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -12538,28 +12550,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -12586,12 +12604,6 @@ If you disable this policy setting, HTML fonts are prevented from downloading.
If you do not configure this policy setting, HTML fonts can be downloaded automatically.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -12611,28 +12623,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -12659,12 +12677,6 @@ If you disable this policy setting, the possibly harmful navigations are prevent
If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -12684,28 +12696,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -12732,12 +12750,6 @@ If you disable this policy setting, Internet Explorer will not execute unsigned
If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -12757,28 +12769,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -12805,12 +12823,6 @@ If you disable this policy setting, the user cannot run scriptlets.
If you do not configure this policy setting, the user can enable or disable scriptlets.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -12830,28 +12842,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -12880,12 +12898,6 @@ If you do not configure this policy setting, the user can choose whether Windows
Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -12905,28 +12917,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -12953,12 +12971,6 @@ If you disable this policy setting, users cannot preserve information in the bro
If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -12978,28 +12990,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -13028,12 +13046,6 @@ If you disable this policy setting, ActiveX controls that cannot be made safe ar
If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -13053,28 +13065,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -13107,12 +13125,6 @@ If you disable this policy setting, Java applets cannot run.
If you do not configure this policy setting, Java applets are disabled.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -13132,28 +13144,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -13180,12 +13198,6 @@ If you disable this policy setting, users cannot open windows and frames to acce
If you do not configure this policy setting, users can open windows and frames from other domains and access applications from other domains.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -13205,28 +13217,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -13253,12 +13271,6 @@ If you disable this policy setting, users cannot load a page in the zone that us
If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -13278,28 +13290,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -13326,12 +13344,6 @@ If you disable this policy setting, ActiveX control installations will be blocke
If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -13351,28 +13363,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -13397,12 +13415,6 @@ If you enable this setting, users will receive a file download dialog for automa
If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -13422,28 +13434,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -13470,12 +13488,6 @@ If you disable this policy setting, HTML fonts are prevented from downloading.
If you do not configure this policy setting, users are queried whether to allow HTML fonts to download.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -13495,28 +13507,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -13543,12 +13561,6 @@ If you disable this policy setting, the possibly harmful navigations are prevent
If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -13568,28 +13580,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -13616,12 +13634,6 @@ If you disable this policy setting, Internet Explorer will not execute unsigned
If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -13641,28 +13653,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -13689,12 +13707,6 @@ If you disable this policy setting, the user cannot run scriptlets.
If you do not configure this policy setting, the user can enable or disable scriptlets.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -13714,28 +13726,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -13764,12 +13782,6 @@ If you do not configure this policy setting, the user can choose whether Windows
Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -13789,28 +13801,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -13837,12 +13855,6 @@ If you disable this policy setting, users cannot preserve information in the bro
If you do not configure this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -13862,28 +13874,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -13912,12 +13930,6 @@ If you disable this policy setting, ActiveX controls that cannot be made safe ar
If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -13937,28 +13949,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -13991,12 +14009,6 @@ If you disable this policy setting, Java applets cannot run.
If you do not configure this policy setting, Java applets are disabled.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -14016,28 +14028,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -14064,12 +14082,6 @@ If you disable this policy setting, users cannot open other windows and frames f
If you do not configure this policy setting, users cannot open other windows and frames from different domains or access applications from different domains.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -14089,28 +14101,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -14137,12 +14155,6 @@ If you disable this policy setting, users cannot load a page in the zone that us
If you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -14162,28 +14174,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -14210,12 +14228,6 @@ If you disable this policy setting, ActiveX control installations will be blocke
If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -14235,28 +14247,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -14281,12 +14299,6 @@ If you enable this setting, users will receive a file download dialog for automa
If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -14306,28 +14318,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -14354,12 +14372,6 @@ If you disable this policy setting, HTML fonts are prevented from downloading.
If you do not configure this policy setting, HTML fonts can be downloaded automatically.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -14379,28 +14391,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -14427,12 +14445,6 @@ If you disable this policy setting, the possibly harmful navigations are prevent
If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -14452,28 +14464,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -14500,12 +14518,6 @@ If you disable this policy setting, Internet Explorer will not execute unsigned
If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -14525,28 +14537,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -14573,12 +14591,6 @@ If you disable this policy setting, the user cannot run scriptlets.
If you do not configure this policy setting, the user can enable or disable scriptlets.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -14598,28 +14610,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -14648,12 +14666,6 @@ If you do not configure this policy setting, the user can choose whether Windows
Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -14673,28 +14685,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -14721,12 +14739,6 @@ If you disable this policy setting, users cannot preserve information in the bro
If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -14746,28 +14758,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -14796,12 +14814,6 @@ If you disable this policy setting, ActiveX controls that cannot be made safe ar
If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -14821,28 +14833,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -14875,12 +14893,6 @@ If you disable this policy setting, Java applets cannot run.
If you do not configure this policy setting, Java applets are disabled.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -14900,28 +14912,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -14948,12 +14966,6 @@ If you disable this policy setting, users cannot open windows and frames to acce
If you do not configure this policy setting, users can open windows and frames from other domains and access applications from other domains.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -14973,28 +14985,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -15021,12 +15039,6 @@ If you disable this policy setting, applications can use the MK protocol API. Re
If you do not configure this policy setting, the MK Protocol is prevented for File Explorer and Internet Explorer, and resources hosted on the MK protocol will fail.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -15046,28 +15058,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -15094,12 +15112,6 @@ If you disable this policy setting, Internet Explorer processes will allow a MIM
If you do not configure this policy setting, MIME sniffing will never promote a file of one type to a more dangerous file type.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -15119,28 +15131,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
@@ -15165,12 +15183,6 @@ If you enable this policy setting, you can choose which page to display when the
If you disable or do not configure this policy setting, users can select their preference for this behavior.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -15204,28 +15216,34 @@ Supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -15252,12 +15270,6 @@ If you disable this policy setting, the Notification bar will not be displayed f
If you do not configure this policy setting, the Notification bar will be displayed for Internet Explorer Processes.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -15277,28 +15289,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -15323,12 +15341,6 @@ If you enable this policy setting, the user is not prompted to turn on Windows D
If you disable or do not configure this policy setting, the user is prompted to decide whether to turn on Windows Defender SmartScreen during the first-run experience.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -15348,28 +15360,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -15394,12 +15412,6 @@ If you enable this policy setting, ActiveX controls cannot be installed on a per
If you disable or do not configure this policy setting, ActiveX controls can be installed on a per-user basis.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -15419,28 +15431,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -15467,12 +15485,6 @@ If you disable this policy setting, no zone receives such protection for Interne
If you do not configure this policy setting, any zone can be protected from zone elevation by Internet Explorer processes.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -15492,28 +15504,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -15540,12 +15558,6 @@ If you disable or don't configure this policy setting, users will see the "Run t
For more information, see "Outdated ActiveX Controls" in the Internet Explorer TechNet library.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -15565,28 +15577,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -15613,12 +15631,6 @@ If you disable this policy setting, prompting for ActiveX control installations
If you do not configure this policy setting, the user's preference will be used to determine whether to block ActiveX control installations for Internet Explorer processes.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -15638,28 +15650,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -15686,12 +15704,6 @@ If you disable this policy setting, prompting will occur for file downloads that
If you do not configure this policy setting, the user's preference determines whether to prompt for file downloads that are not user initiated for Internet Explorer processes.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -15711,28 +15723,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -15759,12 +15777,6 @@ If you disable this policy setting, users cannot load a page in the zone that us
If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -15784,28 +15796,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -15832,12 +15850,6 @@ If you disable this policy setting, script code on pages in the zone is prevente
If you do not configure this policy setting, script code on pages in the zone is prevented from running.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -15857,28 +15869,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -15905,12 +15923,6 @@ If you disable this policy setting, ActiveX control installations will be blocke
If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -15930,28 +15942,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -15976,12 +15994,6 @@ If you enable this setting, users will receive a file download dialog for automa
If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -16001,28 +16013,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -16049,12 +16067,6 @@ If you disable this policy setting, binary and script behaviors are not availabl
If you do not configure this policy setting, binary and script behaviors are not available unless applications have implemented a custom security manager.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -16074,28 +16086,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -16124,12 +16142,6 @@ If you disable this policy setting, a script cannot perform a clipboard operatio
If you do not configure this policy setting, a script cannot perform a clipboard operation.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -16149,28 +16161,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -16197,12 +16215,6 @@ If you disable this policy setting, users are prevented from dragging files or c
If you do not configure this policy setting, users are queried to choose whether to drag or copy files from this zone.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -16222,28 +16234,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -16270,12 +16288,6 @@ If you disable this policy setting, files are prevented from being downloaded fr
If you do not configure this policy setting, files are prevented from being downloaded from the zone.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -16295,28 +16307,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -16343,12 +16361,6 @@ If you disable this policy setting, HTML fonts are prevented from downloading.
If you do not configure this policy setting, users are queried whether to allow HTML fonts to download.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -16368,28 +16380,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -16416,12 +16434,6 @@ If you disable this policy setting, the possibly harmful navigations are prevent
If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -16441,28 +16453,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -16489,12 +16507,6 @@ If you disable this policy setting, XAML files are not loaded inside Internet Ex
If you do not configure this policy setting, the user can decide whether to load XAML files inside Internet Explorer.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -16514,28 +16526,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -16562,12 +16580,6 @@ If you disable this policy setting, a user's browser that loads a page containin
If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -16587,28 +16599,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -16635,12 +16653,6 @@ If you disable this policy setting, Internet Explorer will not execute unsigned
If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -16660,28 +16672,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -16706,12 +16724,6 @@ If you enable this policy setting, the user is prompted before ActiveX controls
If you disable this policy setting, the user does not see the per-site ActiveX prompt, and ActiveX controls can run from all sites in this zone.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -16731,28 +16743,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -16777,12 +16795,6 @@ If you enable this policy setting, the TDC ActiveX control will not run from web
If you disable this policy setting, the TDC Active X control will run from all sites in this zone.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -16802,28 +16814,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -16850,12 +16868,6 @@ If you disable this policy setting, the possible harmful actions contained in sc
If you do not configure this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -16875,28 +16887,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -16923,12 +16941,6 @@ If you disable this policy setting, script access to the WebBrowser control is n
If you do not configure this policy setting, the user can enable or disable script access to the WebBrowser control. By default, script access to the WebBrowser control is allowed only in the Local Machine and Intranet zones.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -16948,28 +16960,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -16996,12 +17014,6 @@ If you disable this policy setting, the user cannot run scriptlets.
If you do not configure this policy setting, the user can enable or disable scriptlets.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -17021,28 +17033,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -17071,12 +17089,6 @@ If you do not configure this policy setting, the user can choose whether Windows
Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -17096,28 +17108,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -17142,12 +17160,6 @@ If you enable this policy setting, script is allowed to update the status bar.
If you disable or do not configure this policy setting, script is not allowed to update the status bar.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -17167,28 +17179,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -17215,12 +17233,6 @@ If you disable this policy setting, users cannot preserve information in the bro
If you do not configure this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -17240,28 +17252,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -17290,12 +17308,6 @@ If you selected Disable in the drop-down box, VBScript is prevented from running
If you do not configure or disable this policy setting, VBScript is prevented from running.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -17315,28 +17327,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -17363,12 +17381,6 @@ If you disable this policy setting, Internet Explorer always checks with your an
If you don't configure this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer Security settings.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -17388,28 +17400,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -17436,12 +17454,6 @@ If you disable the policy setting, signed controls cannot be downloaded.
If you do not configure this policy setting, signed controls cannot be downloaded.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -17461,28 +17473,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -17509,12 +17527,6 @@ If you disable this policy setting, users cannot run unsigned controls.
If you do not configure this policy setting, users cannot run unsigned controls.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -17534,28 +17546,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -17580,12 +17598,6 @@ If you enable this policy setting, the XSS Filter is turned on for sites in this
If you disable this policy setting, the XSS Filter is turned off for sites in this zone, and Internet Explorer permits cross-site script injections.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -17605,28 +17617,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -17655,12 +17673,6 @@ In Internet Explorer 10, if you disable this policy setting or do not configure
In Internet Explorer 9 and earlier versions, if you disable this policy or do not configure it, users can drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change this setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -17680,28 +17692,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -17730,12 +17748,6 @@ In Internet Explorer 10, if you disable this policy setting or do not configure
In Internet Explorer 9 and earlier versions, if you disable this policy setting or do not configure it, users can drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting in the Internet Options dialog.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -17755,28 +17767,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -17803,12 +17821,6 @@ If you disable this policy setting, the actions that may be harmful cannot run;
If you do not configure this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated by the feature control setting for the process.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -17828,28 +17840,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -17876,12 +17894,6 @@ If you disable this policy setting, path information is removed when the user is
If you do not configure this policy setting, the user can choose whether path information is sent when he or she is uploading a file via an HTML form. By default, path information is sent.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -17901,28 +17913,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -17951,12 +17969,6 @@ If you disable this policy setting, ActiveX controls that cannot be made safe ar
If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -17976,28 +17988,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -18030,12 +18048,6 @@ If you disable this policy setting, Java applets cannot run.
If you do not configure this policy setting, Java applets are disabled.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -18055,28 +18067,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -18103,12 +18121,6 @@ If you disable this policy setting, users are prevented from running application
If you do not configure this policy setting, users are prevented from running applications and downloading files from IFRAMEs on the pages in this zone.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -18128,28 +18140,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -18184,12 +18202,6 @@ If you disable this policy setting, logon is set to Automatic logon only in Intr
If you do not configure this policy setting, logon is set to Prompt for username and password.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -18209,28 +18221,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -18257,12 +18275,6 @@ If you disable this policy setting, users cannot open other windows and frames f
If you do not configure this policy setting, users cannot open other windows and frames from different domains or access applications from different domains.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -18282,28 +18294,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -18332,12 +18350,6 @@ If you disable this policy setting, controls and plug-ins are prevented from run
If you do not configure this policy setting, controls and plug-ins are prevented from running.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -18357,28 +18369,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -18405,12 +18423,6 @@ If you disable this policy setting, Internet Explorer will not execute signed ma
If you do not configure this policy setting, Internet Explorer will not execute signed managed components.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -18430,28 +18442,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -18480,12 +18498,6 @@ If you disable this policy setting, script interaction is prevented from occurri
If you do not configure this policy setting, script interaction is prevented from occurring.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -18505,28 +18517,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -18555,12 +18573,6 @@ If you disable this policy setting, scripts are prevented from accessing applets
If you do not configure this policy setting, scripts are prevented from accessing applets.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -18580,28 +18592,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -18628,12 +18646,6 @@ If you disable this policy setting, these files do not open.
If you do not configure this policy setting, the user can configure how the computer handles these files. By default, these files are blocked in the Restricted zone, enabled in the Intranet and Local Computer zones, and set to prompt in the Internet and Trusted zones.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -18653,28 +18665,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -18701,12 +18719,6 @@ If you disable this policy setting, Protected Mode is turned off. The user canno
If you do not configure this policy setting, the user can turn on or turn off Protected Mode.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -18726,28 +18738,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -18774,12 +18792,6 @@ If you disable this policy setting, pop-up windows are not prevented from appear
If you do not configure this policy setting, most unwanted pop-up windows are prevented from appearing.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -18799,28 +18811,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -18847,12 +18865,6 @@ If you disable this policy setting, scripts can continue to create popup windows
If you do not configure this policy setting, popup windows and other restrictions apply for File Explorer and Internet Explorer processes.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -18872,28 +18884,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -18918,12 +18936,6 @@ If you enable this policy setting, the user cannot configure the list of search
If you disable or do not configure this policy setting, the user can configure his or her list of search providers.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -18943,28 +18955,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -18992,12 +19010,6 @@ This policy is intended to ensure that security zone settings apply uniformly to
Also, see the "Security zones: Do not allow users to change policies" policy.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -19017,28 +19029,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
7
+
Yes
+
Yes
Business
-
7
+
Yes
+
Yes
Enterprise
-
7
+
Yes
+
Yes
Education
-
7
+
Yes
+
Yes
@@ -19066,12 +19084,6 @@ If you disable, or not configure this setting, then it opens all sites based on
> If you have also enabled the [InternetExplorer/SendIntranetTraffictoInternetExplorer](#internetexplorer-policies) policy setting, then all intranet sites will continue to open in Internet Explorer 11.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -19111,28 +19123,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -19157,12 +19175,6 @@ If you enable this policy setting, ActiveX controls are installed only if the Ac
If you disable or do not configure this policy setting, ActiveX controls, including per-user controls, are installed through the standard installation process.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -19182,28 +19194,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -19230,12 +19248,6 @@ If you disable this policy setting, users cannot load a page in the zone that us
If you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -19255,28 +19267,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -19303,12 +19321,6 @@ If you disable this policy setting, ActiveX control installations will be blocke
If you do not configure this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -19328,28 +19340,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -19374,12 +19392,6 @@ If you enable this setting, users will receive a file download dialog for automa
If you disable or do not configure this setting, users will receive a file download dialog for automatic download attempts.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -19399,28 +19411,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -19447,12 +19465,6 @@ If you disable this policy setting, HTML fonts are prevented from downloading.
If you do not configure this policy setting, HTML fonts can be downloaded automatically.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -19472,28 +19484,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -19520,12 +19538,6 @@ If you disable this policy setting, the possibly harmful navigations are prevent
If you do not configure this policy setting, a warning is issued to the user that potentially risky navigation is about to occur.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -19545,28 +19557,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -19593,12 +19611,6 @@ If you disable this policy setting, Internet Explorer will not execute unsigned
If you do not configure this policy setting, Internet Explorer will execute unsigned managed components.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -19618,28 +19630,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -19666,12 +19684,6 @@ If you disable this policy setting, the user cannot run scriptlets.
If you do not configure this policy setting, the user can enable or disable scriptlets.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -19691,28 +19703,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -19741,12 +19759,6 @@ If you do not configure this policy setting, the user can choose whether Windows
Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -19766,28 +19778,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -19814,12 +19832,6 @@ If you disable this policy setting, users cannot preserve information in the bro
If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -19839,28 +19851,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -19887,12 +19905,6 @@ If you disable this policy setting, Internet Explorer always checks with your an
If you don't configure this policy setting, Internet Explorer won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer Security settings.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -19912,28 +19924,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -19962,12 +19980,6 @@ If you disable this policy setting, ActiveX controls that cannot be made safe ar
If you do not configure this policy setting, users are queried whether to allow the control to be loaded with parameters or scripted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -19987,28 +19999,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -20041,12 +20059,6 @@ If you disable this policy setting, Java applets cannot run.
If you do not configure this policy setting, the permission is set to Low Safety.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -20066,28 +20078,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -20114,12 +20132,6 @@ If you disable this policy setting, users cannot open windows and frames to acce
If you do not configure this policy setting, users can open windows and frames from other domains and access applications from other domains.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -20132,15 +20144,4 @@ ADMX Info:
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-kerberos.md b/windows/client-management/mdm/policy-csp-kerberos.md
index 863153876a..d51018a42a 100644
--- a/windows/client-management/mdm/policy-csp-kerberos.md
+++ b/windows/client-management/mdm/policy-csp-kerberos.md
@@ -44,6 +44,13 @@ manager: dansimp
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
@@ -104,12 +111,6 @@ If you enable this policy setting, the Kerberos client searches the forests in t
If you disable or do not configure this policy setting, the Kerberos client does not search the listed forests to resolve the SPN. If the Kerberos client is unable to resolve the SPN because the name is not found, NTLM authentication might be used.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -179,12 +180,6 @@ If you enable this policy setting, the client computers will request claims, pro
If you disable or do not configure this policy setting, the client devices will not request claims, provide information required to create compounded authentication and armor Kerberos messages. Services hosted on the device will not be able to retrieve claims for clients using Kerberos protocol transition.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -263,12 +258,6 @@ If you disable or do not configure this policy, each algorithm will assume the *
More information about the hash and checksum algorithms supported by the Windows Kerberos client and their default states can be found https://go.microsoft.com/fwlink/?linkid=2169037.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -344,12 +333,6 @@ If you enable this policy setting, the client computers in the domain enforce th
If you disable or do not configure this policy setting, the client computers in the domain enforce the use of Kerberos armoring when possible as supported by the target domain.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -420,12 +403,6 @@ If you enable this policy setting, the Kerberos client requires that the KDC's X
If you disable or do not configure this policy setting, the Kerberos client requires only that the KDC certificate contain the Server Authentication purpose object identifier in the EKU extensions which can be issued to any server.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -501,12 +478,6 @@ If you disable or do not configure this policy setting, the Kerberos client or s
> This policy setting configures the existing MaxTokenSize registry value in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters, which was added in Windows XP and Windows Server 2003, with a default value of 12,000 bytes. Beginning with Windows 8 the default is 48,000 bytes. Due to HTTP's base64 encoding of authentication context tokens, it is not advised to set this value more than 48,000 bytes.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -587,16 +558,5 @@ Devices joined to Azure Active Directory in a hybrid environment need to interac
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-
diff --git a/windows/client-management/mdm/policy-csp-kioskbrowser.md b/windows/client-management/mdm/policy-csp-kioskbrowser.md
index b7c4328ba0..76dcd8f06b 100644
--- a/windows/client-management/mdm/policy-csp-kioskbrowser.md
+++ b/windows/client-management/mdm/policy-csp-kioskbrowser.md
@@ -57,28 +57,34 @@ These policies currently only apply to Kiosk Browser app. Kiosk Browser is a Mic
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
4
+
Yes
+
Yes
Business
-
4
+
Yes
+
Yes
Enterprise
-
4
+
Yes
+
Yes
Education
-
4
+
Yes
+
Yes
@@ -95,7 +101,7 @@ These policies currently only apply to Kiosk Browser app. Kiosk Browser is a Mic
-Added in Windows 10, version 1803. List of exceptions to the blocked website URLs (with wildcard support). This is used to configure URLs kiosk browsers are allowed to navigate to, which are a subset of the blocked URLs.
+List of exceptions to the blocked website URLs (with wildcard support). This is used to configure URLs kiosk browsers are allowed to navigate to, which are a subset of the blocked URLs.
> [!NOTE]
> This policy only applies to the Kiosk Browser app in Microsoft Store.
@@ -111,28 +117,34 @@ Added in Windows 10, version 1803. List of exceptions to the blocked website URL
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
4
+
Yes
+
Yes
Business
-
4
+
Yes
+
Yes
Enterprise
-
4
+
Yes
+
Yes
Education
-
4
+
Yes
+
Yes
@@ -149,7 +161,7 @@ Added in Windows 10, version 1803. List of exceptions to the blocked website URL
-Added in Windows 10, version 1803. List of blocked website URLs (with wildcard support). This is used to configure blocked URLs kiosk browsers cannot navigate to.
+List of blocked website URLs (with wildcard support). This is used to configure blocked URLs kiosk browsers cannot navigate to.
> [!NOTE]
> This policy only applies to the Kiosk Browser app in Microsoft Store.
@@ -165,28 +177,34 @@ Added in Windows 10, version 1803. List of blocked website URLs (with wildcard s
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
4
+
Yes
+
Yes
Business
-
4
+
Yes
+
Yes
Enterprise
-
4
+
Yes
+
Yes
Education
-
4
+
Yes
+
Yes
@@ -203,7 +221,7 @@ Added in Windows 10, version 1803. List of blocked website URLs (with wildcard s
-Added in Windows 10, version 1803. Configures the default URL kiosk browsers to navigate on launch and restart.
+Configures the default URL kiosk browsers to navigate on launch and restart.
> [!NOTE]
> This policy only applies to the Kiosk Browser app in Microsoft Store.
@@ -219,28 +237,34 @@ Added in Windows 10, version 1803. Configures the default URL kiosk browsers to
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
4
+
Yes
+
Yes
Business
-
4
+
Yes
+
Yes
Enterprise
-
4
+
Yes
+
Yes
Education
-
4
+
Yes
+
Yes
@@ -270,28 +294,34 @@ Shows the Kiosk Browser's end session button. When the policy is enabled, the Ki
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
4
+
Yes
+
Yes
Business
-
4
+
Yes
+
Yes
Enterprise
-
4
+
Yes
+
Yes
Education
-
4
+
Yes
+
Yes
@@ -308,7 +338,7 @@ Shows the Kiosk Browser's end session button. When the policy is enabled, the Ki
-Added in Windows 10, version 1803. Enable/disable kiosk browser's home button.
+Enable/disable kiosk browser's home button.
> [!NOTE]
> This policy only applies to the Kiosk Browser app in Microsoft Store.
@@ -324,28 +354,34 @@ Added in Windows 10, version 1803. Enable/disable kiosk browser's home button.
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
4
+
Yes
+
Yes
Business
-
4
+
Yes
+
Yes
Enterprise
-
4
+
Yes
+
Yes
Education
-
4
+
Yes
+
Yes
@@ -362,7 +398,7 @@ Added in Windows 10, version 1803. Enable/disable kiosk browser's home button.
-Added in Windows 10, version 1803. Enable/disable kiosk browser's navigation buttons (forward/back).
+Enable/disable kiosk browser's navigation buttons (forward/back).
> [!NOTE]
> This policy only applies to the Kiosk Browser app in Microsoft Store.
@@ -378,28 +414,34 @@ Added in Windows 10, version 1803. Enable/disable kiosk browser's navigation but
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
4
+
Yes
+
Yes
Business
-
4
+
Yes
+
Yes
Enterprise
-
4
+
Yes
+
Yes
Education
-
4
+
Yes
+
Yes
@@ -416,7 +458,7 @@ Added in Windows 10, version 1803. Enable/disable kiosk browser's navigation but
-Added in Windows 10, version 1803. Amount of time in minutes the session is idle until the kiosk browser restarts in a fresh state.
+Amount of time in minutes the session is idle until the kiosk browser restarts in a fresh state.
The value is an int 1-1440 that specifies the amount of minutes the session is idle until the kiosk browser restarts in a fresh state. The default value is empty which means there is no idle timeout within the kiosk browser.
@@ -427,15 +469,4 @@ The value is an int 1-1440 that specifies the amount of minutes the session is i
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-lanmanworkstation.md b/windows/client-management/mdm/policy-csp-lanmanworkstation.md
index f7c4cf4015..fd3a136e36 100644
--- a/windows/client-management/mdm/policy-csp-lanmanworkstation.md
+++ b/windows/client-management/mdm/policy-csp-lanmanworkstation.md
@@ -36,28 +36,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
4
+
Yes
+
Yes
Business
-
4
+
Yes
+
Yes
Enterprise
-
4
+
Yes
+
Yes
Education
-
4
+
Yes
+
Yes
@@ -74,7 +80,7 @@ manager: dansimp
-Added in Windows 10, version 1803. This policy setting determines if the SMB client will allow insecure guest logons to an SMB server.
+This policy setting determines if the SMB client will allow insecure guest logons to an SMB server.
If you enable this policy setting or if you do not configure this policy setting, the SMB client will allow insecure guest logons.
@@ -98,16 +104,5 @@ This setting supports a range of values between 0 and 1.
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-
diff --git a/windows/client-management/mdm/policy-csp-licensing.md b/windows/client-management/mdm/policy-csp-licensing.md
index 3bc05c7260..518cd8ad84 100644
--- a/windows/client-management/mdm/policy-csp-licensing.md
+++ b/windows/client-management/mdm/policy-csp-licensing.md
@@ -39,28 +39,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -77,7 +83,7 @@ manager: dansimp
-Added in Windows 10, version 1607. Enables or Disable Windows license reactivation on managed devices.
+Enables or Disable Windows license reactivation on managed devices.
@@ -105,28 +111,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -143,7 +155,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1607. Enabling this setting prevents this computer from sending data to Microsoft regarding its activation state.
+Enabling this setting prevents this computer from sending data to Microsoft regarding its activation state.
@@ -164,16 +176,6 @@ The following list shows the supported values:
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
index e181048e21..c14e27b61c 100644
--- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
+++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
@@ -3797,15 +3797,5 @@ The following list shows the supported values:
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-localusersandgroups.md b/windows/client-management/mdm/policy-csp-localusersandgroups.md
index 5f21ba8658..523f62fb82 100644
--- a/windows/client-management/mdm/policy-csp-localusersandgroups.md
+++ b/windows/client-management/mdm/policy-csp-localusersandgroups.md
@@ -34,28 +34,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
9
+
Yes
+
Yes
Business
-
9
+
Yes
+
Yes
Enterprise
-
9
+
Yes
+
Yes
Education
-
9
+
Yes
+
Yes
@@ -72,7 +78,7 @@ manager: dansimp
-Available in Windows 10, version 20H2. This policy setting allows IT admins to add, remove, or replace members of local groups on a managed device.
+This policy setting allows IT admins to add, remove, or replace members of local groups on a managed device.
> [!NOTE]
> The [RestrictedGroups/ConfigureGroupMembership](./policy-csp-restrictedgroups.md#restrictedgroups-configuregroupmembership) policy setting also allows you to configure members (users or AAD groups) to a Windows 10 local group. However, it allows only for a full replace of the existing groups with the new members and does not allow selective add or remove.
@@ -313,8 +319,5 @@ To troubleshoot Name/SID lookup APIs:
```
-Footnotes:
-
-Available in Windows 10, version 20H2
diff --git a/windows/client-management/mdm/policy-csp-lockdown.md b/windows/client-management/mdm/policy-csp-lockdown.md
index 774ac1a21f..3300c86079 100644
--- a/windows/client-management/mdm/policy-csp-lockdown.md
+++ b/windows/client-management/mdm/policy-csp-lockdown.md
@@ -15,7 +15,6 @@ manager: dansimp
# Policy CSP - LockDown
-
@@ -36,28 +35,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -74,7 +79,7 @@ manager: dansimp
-Added in Windows 10, version 1607. Allows the user to invoke any system user interface by swiping in from any screen edge using touch.
+Allows the user to invoke any system user interface by swiping in from any screen edge using touch.
The easiest way to verify the policy is to restart the explorer process or to reboot after the policy is applied. And then try to swipe from the right edge of the screen. The desired result is for Action Center to not be invoked by the swipe. You can also enter tablet mode and attempt to swipe from the top of the screen to rearrange. That will also be disabled.
@@ -97,16 +102,5 @@ The following list shows the supported values:
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-
diff --git a/windows/client-management/mdm/policy-csp-maps.md b/windows/client-management/mdm/policy-csp-maps.md
index ce0ddd9868..5804cac072 100644
--- a/windows/client-management/mdm/policy-csp-maps.md
+++ b/windows/client-management/mdm/policy-csp-maps.md
@@ -39,28 +39,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -77,7 +83,7 @@ manager: dansimp
-Added in Windows 10, version 1607. Allows the download and update of map data over metered connections.
+Allows the download and update of map data over metered connections.
After the policy is applied, you can verify the settings in the user interface in **System** > **Offline Maps**.
@@ -100,28 +106,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -138,7 +150,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1607. Disables the automatic download and update of map data.
+Disables the automatic download and update of map data.
After the policy is applied, you can verify the settings in the user interface in **System** > **Offline Maps**.
@@ -162,16 +174,5 @@ The following list shows the supported values:
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-
diff --git a/windows/client-management/mdm/policy-csp-messaging.md b/windows/client-management/mdm/policy-csp-messaging.md
index 8b8b95188e..76a0d00b63 100644
--- a/windows/client-management/mdm/policy-csp-messaging.md
+++ b/windows/client-management/mdm/policy-csp-messaging.md
@@ -36,28 +36,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
1
+
Yes
+
Yes
Business
-
+
No
+
No
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -74,7 +80,7 @@ manager: dansimp
-Added in Windows 10, version 1607. Enables text message back up and restore and Messaging Everywhere. This policy allows an organization to disable these features to avoid information being stored on servers outside of their control.
+Enables text message back up and restore and Messaging Everywhere. This policy allows an organization to disable these features to avoid information being stored on servers outside of their control.
@@ -96,16 +102,5 @@ The following list shows the supported values:
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-
diff --git a/windows/client-management/mdm/policy-csp-mixedreality.md b/windows/client-management/mdm/policy-csp-mixedreality.md
index 7f7e8ae961..42e192202e 100644
--- a/windows/client-management/mdm/policy-csp-mixedreality.md
+++ b/windows/client-management/mdm/policy-csp-mixedreality.md
@@ -13,9 +13,6 @@ manager: dansimp
---
# Policy CSP - MixedReality
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
-
@@ -68,7 +65,7 @@ manager: dansimp
Steps to use this policy correctly:
1. Create a device configuration profile for kiosk targeting Azure AD groups and assign it to HoloLens device(s).
-1. Create a custom OMA URI based device configuration that sets this policy value to desired number of days (> 0) and assign it to HoloLens device(s).
+1. Create a custom OMA URI-based device configuration that sets this policy value to desired number of days (> 0) and assign it to HoloLens device(s).
1. The URI value should be entered in OMA-URI text box as ./Vendor/MSFT/Policy/Config/MixedReality/AADGroupMembershipCacheValidityInDays
1. The value can be between min / max allowed.
1. Enroll HoloLens devices and verify both configurations get applied to the device.
@@ -319,9 +316,5 @@ The following list shows the supported values:
-Footnotes:
-
-- 9 - Available in Windows 10, version 20H2.
-
diff --git a/windows/client-management/mdm/policy-csp-mssecurityguide.md b/windows/client-management/mdm/policy-csp-mssecurityguide.md
index d464f4c063..0cbb8cd1b3 100644
--- a/windows/client-management/mdm/policy-csp-mssecurityguide.md
+++ b/windows/client-management/mdm/policy-csp-mssecurityguide.md
@@ -42,6 +42,12 @@ manager: dansimp
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -51,28 +57,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -91,12 +103,6 @@ manager: dansimp
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -114,28 +120,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -154,12 +166,7 @@ ADMX Info:
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -177,28 +184,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -217,12 +230,7 @@ ADMX Info:
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -240,28 +248,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -280,12 +294,7 @@ ADMX Info:
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -303,28 +312,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -343,12 +358,6 @@ ADMX Info:
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -366,28 +375,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -406,12 +421,6 @@ ADMX Info:
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -422,16 +431,6 @@ ADMX Info:
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-msslegacy.md b/windows/client-management/mdm/policy-csp-msslegacy.md
index d4a5030052..00d3582526 100644
--- a/windows/client-management/mdm/policy-csp-msslegacy.md
+++ b/windows/client-management/mdm/policy-csp-msslegacy.md
@@ -15,7 +15,6 @@ manager: dansimp
# Policy CSP - MSSLegacy
-
@@ -36,6 +35,12 @@ manager: dansimp
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -45,28 +50,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -85,12 +96,6 @@ manager: dansimp
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -108,28 +113,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -148,12 +159,7 @@ ADMX Info:
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -171,28 +177,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -211,12 +223,6 @@ ADMX Info:
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -234,28 +240,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -274,12 +286,6 @@ ADMX Info:
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -290,16 +296,7 @@ ADMX Info:
-Footnotes:
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-multitasking.md b/windows/client-management/mdm/policy-csp-multitasking.md
index 9c58b25ef3..1fd89a2f03 100644
--- a/windows/client-management/mdm/policy-csp-multitasking.md
+++ b/windows/client-management/mdm/policy-csp-multitasking.md
@@ -14,9 +14,6 @@ manager: dansimp
# Policy CSP - Multitasking
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
-
@@ -37,28 +34,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
9
+
Yes
+
Yes
Business
-
9
+
Yes
+
Yes
Enterprise
-
9
+
Yes
+
Yes
Education
-
9
+
Yes
+
Yes
@@ -115,17 +118,5 @@ The following list shows the supported values:
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-- 9 - Available in Windows 10, version 20H2.
-
diff --git a/windows/client-management/mdm/policy-csp-networkisolation.md b/windows/client-management/mdm/policy-csp-networkisolation.md
index 8646c8830d..922e55784c 100644
--- a/windows/client-management/mdm/policy-csp-networkisolation.md
+++ b/windows/client-management/mdm/policy-csp-networkisolation.md
@@ -57,28 +57,34 @@ manager: dansimp
@@ -370,28 +400,34 @@ Here are the steps to create canonical domain names:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -430,28 +466,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -489,28 +531,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -542,15 +590,5 @@ ADMX Info:
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-networklistmanager.md b/windows/client-management/mdm/policy-csp-networklistmanager.md
index 9bbe04d477..955af06501 100644
--- a/windows/client-management/mdm/policy-csp-networklistmanager.md
+++ b/windows/client-management/mdm/policy-csp-networklistmanager.md
@@ -38,28 +38,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -89,28 +95,34 @@ This policy setting provides the list of URLs (separated by Unicode character 0x
@@ -80,7 +86,7 @@ manager: dansimp
-Added in Windows 10, version 1803. This policy setting blocks applications from using the network to send tile, badge, toast, and raw notifications. Specifically, this policy setting turns off the connection between Windows and the Windows Push Notification Service (WNS). This policy setting also stops applications from being able to use [periodic (polling) notifications](/windows/uwp/design/shell/tiles-and-notifications/periodic-notification-overview).
+This policy setting blocks applications from using the network to send tile, badge, toast, and raw notifications. Specifically, this policy setting turns off the connection between Windows and the Windows Push Notification Service (WNS). This policy setting also stops applications from being able to use [periodic (polling) notifications](/windows/uwp/design/shell/tiles-and-notifications/periodic-notification-overview).
If you enable this policy setting, applications and system features will not be able receive notifications from the network from WNS or via notification polling APIs.
@@ -123,28 +129,34 @@ Validation:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -161,7 +173,7 @@ Validation:
-Added in Windows 10, version 1607. Boolean value that turns off notification mirroring.
+Boolean value that turns off notification mirroring.
For each user logged into the device, if you enable this policy (set value to 1) the app and system notifications received by this user on this device will not get mirrored to other devices of the same logged in user. If you disable or do not configure this policy (set value to 0) the notifications received by this user on this device will be mirrored to other devices of the same logged in user. This feature can be turned off by apps that do not want to participate in Notification Mirroring. This feature can also be turned off by the user in the Cortana setting page.
@@ -193,28 +205,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
4
+
Yes
+
Yes
Business
-
4
+
Yes
+
Yes
Enterprise
-
4
+
Yes
+
Yes
Education
-
4
+
Yes
+
Yes
@@ -231,7 +249,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1803. This policy setting turns off tile notifications.
+This policy setting turns off tile notifications.
If you enable this policy setting, applications and system features will not be able to update their tiles and tile badges in the Start screen.
@@ -262,15 +280,5 @@ Validation:
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-power.md b/windows/client-management/mdm/policy-csp-power.md
index c9c793a619..367d969417 100644
--- a/windows/client-management/mdm/policy-csp-power.md
+++ b/windows/client-management/mdm/policy-csp-power.md
@@ -90,6 +90,13 @@ manager: dansimp
+> [!TIP]
+> Some of these are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
@@ -99,28 +106,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -144,12 +157,6 @@ If you enable or do not configure this policy setting, Windows uses standby stat
If you disable this policy setting, standby states (S1-S3) are not allowed.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -169,28 +176,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -214,12 +227,6 @@ If you enable or do not configure this policy setting, Windows uses standby stat
If you disable this policy setting, standby states (S1-S3) are not allowed.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -239,28 +246,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
3
+
Yes
+
Yes
Business
-
3
+
Yes
+
Yes
Enterprise
-
3
+
Yes
+
Yes
Education
-
3
+
Yes
+
Yes
@@ -277,7 +290,7 @@ ADMX Info:
-Added in Windows 10, version 1709. This policy setting allows you to specify the period of inactivity before Windows turns off the display.
+This policy setting allows you to specify the period of inactivity before Windows turns off the display.
If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows turns off the display.
@@ -286,12 +299,6 @@ If you disable or do not configure this policy setting, users control this setti
If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the display from turning off. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -311,28 +318,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
3
+
Yes
+
Yes
Business
-
3
+
Yes
+
Yes
Enterprise
-
3
+
Yes
+
Yes
Education
-
3
+
Yes
+
Yes
@@ -349,7 +362,7 @@ ADMX Info:
-Added in Windows 10, version 1709. This policy setting allows you to specify the period of inactivity before Windows turns off the display.
+This policy setting allows you to specify the period of inactivity before Windows turns off the display.
If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows turns off the display.
@@ -358,12 +371,6 @@ If you disable or do not configure this policy setting, users control this setti
If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the display from turning off. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -383,28 +390,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
@@ -422,7 +435,7 @@ ADMX Info:
-Added in Windows 10, version 1903. This policy setting allows you to specify battery charge level at which Energy Saver is turned on.
+This policy setting allows you to specify battery charge level at which Energy Saver is turned on.
If you enable this policy setting, you must specify a percentage value that indicates the battery charge level. Energy Saver is automatically turned on at (and below) the specified battery charge level.
@@ -457,28 +470,34 @@ Supported values: 0-100. The default is 70.
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
@@ -495,7 +514,7 @@ Supported values: 0-100. The default is 70.
-Added in Windows 10, version 1903. This policy setting allows you to specify battery charge level at which Energy Saver is turned on.
+This policy setting allows you to specify battery charge level at which Energy Saver is turned on.
If you enable this policy setting, you must provide a percentage value that indicates the battery charge level. Energy Saver is automatically turned on at (and below) the specified battery charge level.
@@ -530,28 +549,34 @@ Supported values: 0-100. The default is 70.
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
3
+
Yes
+
Yes
Business
-
3
+
Yes
+
Yes
Enterprise
-
3
+
Yes
+
Yes
Education
-
3
+
Yes
+
Yes
@@ -568,7 +593,7 @@ Supported values: 0-100. The default is 70.
-Added in Windows 10, version 1709. This policy setting allows you to specify the period of inactivity before Windows transitions the system to hibernate.
+This policy setting allows you to specify the period of inactivity before Windows transitions the system to hibernate.
If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to hibernate.
@@ -577,12 +602,6 @@ If you disable or do not configure this policy setting, users control this setti
If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occurring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -602,28 +621,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
3
+
Yes
+
Yes
Business
-
3
+
Yes
+
Yes
Enterprise
-
3
+
Yes
+
Yes
Education
-
3
+
Yes
+
Yes
@@ -640,7 +665,7 @@ ADMX Info:
-Added in Windows 10, version 1709. This policy setting allows you to specify the period of inactivity before Windows transitions the system to hibernate.
+This policy setting allows you to specify the period of inactivity before Windows transitions the system to hibernate.
If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to hibernate.
@@ -649,12 +674,7 @@ If you disable or do not configure this policy setting, users control this setti
If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occurring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -674,28 +694,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -719,12 +745,6 @@ If you enable or do not configure this policy setting, the user is prompted for
If you disable this policy setting, the user is not prompted for a password when the system resumes from sleep.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -744,28 +764,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -789,12 +815,6 @@ If you enable or do not configure this policy setting, the user is prompted for
If you disable this policy setting, the user is not prompted for a password when the system resumes from sleep.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -814,28 +834,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
@@ -852,7 +878,7 @@ ADMX Info:
-Added in Windows 10, version 1903. This policy setting specifies the action that Windows takes when a user closes the lid on a mobile PC.
+This policy setting specifies the action that Windows takes when a user closes the lid on a mobile PC.
If you enable this policy setting, you must select the desired action.
@@ -893,28 +919,34 @@ The following are the supported lid close switch actions (on battery):
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
@@ -931,7 +963,7 @@ The following are the supported lid close switch actions (on battery):
-Added in Windows 10, version 1903. This policy setting specifies the action that Windows takes when a user closes the lid on a mobile PC.
+This policy setting specifies the action that Windows takes when a user closes the lid on a mobile PC.
If you enable this policy setting, you must select the desired action.
@@ -972,28 +1004,34 @@ The following are the supported lid close switch actions (plugged in):
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
@@ -1010,7 +1048,7 @@ The following are the supported lid close switch actions (plugged in):
-Added in Windows 10, version 1903. This policy setting specifies the action that Windows takes when a user presses the Power button.
+This policy setting specifies the action that Windows takes when a user presses the Power button.
If you enable this policy setting, you must select the desired action.
@@ -1051,28 +1089,34 @@ The following are the supported Power button actions (on battery):
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
@@ -1089,7 +1133,7 @@ The following are the supported Power button actions (on battery):
-Added in Windows 10, version 1903. This policy setting specifies the action that Windows takes when a user presses the Power button.
+This policy setting specifies the action that Windows takes when a user presses the Power button.
If you enable this policy setting, you must select the desired action.
@@ -1130,28 +1174,34 @@ The following are the supported Power button actions (plugged in):
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
@@ -1168,7 +1218,7 @@ The following are the supported Power button actions (plugged in):
-Added in Windows 10, version 1903. This policy setting specifies the action that Windows takes when a user presses the Sleep button.
+This policy setting specifies the action that Windows takes when a user presses the Sleep button.
If you enable this policy setting, you must select the desired action.
@@ -1209,28 +1259,34 @@ The following are the supported Sleep button actions (on battery):
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
@@ -1247,7 +1303,7 @@ The following are the supported Sleep button actions (on battery):
-Added in Windows 10, version 1903. This policy setting specifies the action that Windows takes when a user presses the Sleep button.
+This policy setting specifies the action that Windows takes when a user presses the Sleep button.
If you enable this policy setting, you must select the desired action.
@@ -1288,28 +1344,34 @@ The following are the supported Sleep button actions (plugged in):
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
3
+
Yes
+
Yes
Business
-
3
+
Yes
+
Yes
Enterprise
-
3
+
Yes
+
Yes
Education
-
3
+
Yes
+
Yes
@@ -1326,7 +1388,7 @@ The following are the supported Sleep button actions (plugged in):
-Added in Windows 10, version 1709. This policy setting allows you to specify the period of inactivity before Windows transitions the system to sleep.
+This policy setting allows you to specify the period of inactivity before Windows transitions the system to sleep.
If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to sleep.
@@ -1335,12 +1397,6 @@ If you disable or do not configure this policy setting, users control this setti
If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occurring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1360,28 +1416,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
3
+
Yes
+
Yes
Business
-
3
+
Yes
+
Yes
Enterprise
-
3
+
Yes
+
Yes
Education
-
3
+
Yes
+
Yes
@@ -1398,7 +1460,7 @@ ADMX Info:
-Added in Windows 10, version 1709. This policy setting allows you to specify the period of inactivity before Windows transitions the system to sleep.
+This policy setting allows you to specify the period of inactivity before Windows transitions the system to sleep.
If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to sleep.
@@ -1407,12 +1469,6 @@ If you disable or do not configure this policy setting, users control this setti
If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occurring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1432,28 +1488,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
@@ -1470,7 +1532,7 @@ ADMX Info:
-Added in Windows 10, version 1903. This policy setting allows you to turn off hybrid sleep.
+This policy setting allows you to turn off hybrid sleep.
If you set this policy setting to 0, a hiberfile is not generated when the system transitions to sleep (Stand By).
@@ -1508,28 +1570,34 @@ The following are the supported values for Hybrid sleep (on battery):
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
@@ -1546,7 +1614,7 @@ The following are the supported values for Hybrid sleep (on battery):
-Added in Windows 10, version 1903. This policy setting allows you to turn off hybrid sleep.
+This policy setting allows you to turn off hybrid sleep.
If you set this policy setting to 0, a hiberfile is not generated when the system transitions to sleep (Stand By).
@@ -1584,28 +1652,34 @@ The following are the supported values for Hybrid sleep (plugged in):
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
@@ -1622,7 +1696,7 @@ The following are the supported values for Hybrid sleep (plugged in):
-Added in Windows 10, version 1903. This policy setting allows you to specify the period of inactivity before Windows transitions to sleep automatically when a user is not present at the computer.
+This policy setting allows you to specify the period of inactivity before Windows transitions to sleep automatically when a user is not present at the computer.
If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows automatically transitions to sleep when left unattended. If you specify 0 seconds, Windows does not automatically transition to sleep.
@@ -1660,28 +1734,34 @@ Default value for unattended sleep timeout (on battery):
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
@@ -1698,7 +1778,7 @@ Default value for unattended sleep timeout (on battery):
-Added in Windows 10, version 1903. This policy setting allows you to specify the period of inactivity before Windows transitions to sleep automatically when a user is not present at the computer.
+This policy setting allows you to specify the period of inactivity before Windows transitions to sleep automatically when a user is not present at the computer.
If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows automatically transitions to sleep when left unattended. If you specify 0 seconds, Windows does not automatically transition to sleep.
@@ -1729,17 +1809,6 @@ Default value for unattended sleep timeout (plugged in):
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-- 9 - Available in Windows 10, version 20H2.
diff --git a/windows/client-management/mdm/policy-csp-printers.md b/windows/client-management/mdm/policy-csp-printers.md
index 90268db913..3902457217 100644
--- a/windows/client-management/mdm/policy-csp-printers.md
+++ b/windows/client-management/mdm/policy-csp-printers.md
@@ -33,6 +33,12 @@ manager: dansimp
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -42,28 +48,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -83,29 +95,34 @@ manager: dansimp
This policy setting controls the client Point and Print behavior, including the security prompts for Windows Vista computers. The policy setting applies only to non-Print Administrator clients, and only to computers that are members of a domain.
If you enable this policy setting:
--Windows XP and later clients will only download print driver components from a list of explicitly named servers. If a compatible print driver is available on the client, a printer connection will be made. If a compatible print driver is not available on the client, no connection will be made.
--You can configure Windows Vista clients so that security warnings and elevated command prompts do not appear when users Point and Print, or when printer connection drivers need to be updated.
+
+- Windows XP and later clients will only download print driver components from a list of explicitly named servers. If a compatible print driver is available on the client, a printer connection will be made. If a compatible print driver is not available on the client, no connection will be made.
+
+- You can configure Windows Vista clients so that security warnings and elevated command prompts do not appear when users Point and Print, or when printer connection drivers need to be updated.
If you do not configure this policy setting:
--Windows Vista client computers can point and print to any server.
--Windows Vista computers will show a warning and an elevated command prompt when users create a printer connection to any server using Point and Print.
--Windows Vista computers will show a warning and an elevated command prompt when an existing printer connection driver needs to be updated.
--Windows Server 2003 and Windows XP client computers can create a printer connection to any server in their forest using Point and Print.
+
+- Windows Vista client computers can point and print to any server.
+
+- Windows Vista computers will show a warning and an elevated command prompt when users create a printer connection to any server using Point and Print.
+
+- Windows Vista computers will show a warning and an elevated command prompt when an existing printer connection driver needs to be updated.
+
+- Windows Server 2003 and Windows XP client computers can create a printer connection to any server in their forest using Point and Print.
If you disable this policy setting:
--Windows Vista client computers can create a printer connection to any server using Point and Print.
--Windows Vista computers will not show a warning or an elevated command prompt when users create a printer connection to any server using Point and Print.
--Windows Vista computers will not show a warning or an elevated command prompt when an existing printer connection driver needs to be updated.
--Windows Server 2003 and Windows XP client computers can create a printer connection to any server using Point and Print.
--The "Users can only point and print to computers in their forest" setting applies only to Windows Server 2003 and Windows XP SP1 (and later service packs).
+
+- Windows Vista client computers can create a printer connection to any server using Point and Print.
+
+- Windows Vista computers will not show a warning or an elevated command prompt when users create a printer connection to any server using Point and Print.
+
+- Windows Vista computers will not show a warning or an elevated command prompt when an existing printer connection driver needs to be updated.
+
+- Windows Server 2003 and Windows XP client computers can create a printer connection to any server using Point and Print.
+
+- The "Users can only point and print to computers in their forest" setting applies only to Windows Server 2003 and Windows XP SP1 (and later service packs).
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -116,8 +133,9 @@ ADMX Info:
-Example
-```
+Example:
+
+```xml
Name: Point and Print Enable Oma-URI: ./Device/Vendor/MSFT/Policy/Config/Printers/PointAndPrintRestrictions
Data type: String Value:
@@ -137,28 +155,34 @@ Data type: String Value:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -178,30 +202,34 @@ Data type: String Value:
This policy setting controls the client Point and Print behavior, including the security prompts for Windows Vista computers. The policy setting applies only to non-Print Administrator clients, and only to computers that are members of a domain.
If you enable this policy setting:
--Windows XP and later clients will only download print driver components from a list of explicitly named servers. If a compatible print driver is available on the client, a printer connection will be made. If a compatible print driver is not available on the client, no connection will be made.
--You can configure Windows Vista clients so that security warnings and elevated command prompts do not appear when users Point and Print, or when printer connection drivers need to be updated.
+
+- Windows XP and later clients will only download print driver components from a list of explicitly named servers. If a compatible print driver is available on the client, a printer connection will be made. If a compatible print driver is not available on the client, no connection will be made.
+
+- You can configure Windows Vista clients so that security warnings and elevated command prompts do not appear when users Point and Print, or when printer connection drivers need to be updated.
If you do not configure this policy setting:
--Windows Vista client computers can point and print to any server.
--Windows Vista computers will show a warning and an elevated command prompt when users create a printer connection to any server using Point and Print.
--Windows Vista computers will show a warning and an elevated command prompt when an existing printer connection driver needs to be updated.
--Windows Server 2003 and Windows XP client computers can create a printer connection to any server in their forest using Point and Print.
+
+- Windows Vista client computers can point and print to any server.
+
+- Windows Vista computers will show a warning and an elevated command prompt when users create a printer connection to any server using Point and Print.
+
+- Windows Vista computers will show a warning and an elevated command prompt when an existing printer connection driver needs to be updated.
+
+- Windows Server 2003 and Windows XP client computers can create a printer connection to any server in their forest using Point and Print.
If you disable this policy setting:
--Windows Vista client computers can create a printer connection to any server using Point and Print.
--Windows Vista computers will not show a warning or an elevated command prompt when users create a printer connection to any server using Point and Print.
--Windows Vista computers will not show a warning or an elevated command prompt when an existing printer connection driver needs to be updated.
--Windows Server 2003 and Windows XP client computers can create a printer connection to any server using Point and Print.
--The "Users can only point and print to computers in their forest" setting applies only to Windows Server 2003 and Windows XP SP1 (and later service packs).
+
+- Windows Vista client computers can create a printer connection to any server using Point and Print.
+
+- Windows Vista computers will not show a warning or an elevated command prompt when users create a printer connection to any server using Point and Print.
+
+- Windows Vista computers will not show a warning or an elevated command prompt when an existing printer connection driver needs to be updated.
+
+- Windows Server 2003 and Windows XP client computers can create a printer connection to any server using Point and Print.
+
+- The "Users can only point and print to computers in their forest" setting applies only to Windows Server 2003 and Windows XP SP1 (and later service packs).
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
ADMX Info:
- GP Friendly name: *Point and Print Restrictions*
@@ -220,28 +248,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -267,12 +301,6 @@ If you disable this setting, this computer's shared printers cannot be published
Note: This settings takes priority over the setting "Automatically publish new printers in the Active Directory".
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -285,16 +313,5 @@ ADMX Info:
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-
diff --git a/windows/client-management/mdm/policy-csp-privacy.md b/windows/client-management/mdm/policy-csp-privacy.md
index 681623a2d3..2bd04dd32e 100644
--- a/windows/client-management/mdm/policy-csp-privacy.md
+++ b/windows/client-management/mdm/policy-csp-privacy.md
@@ -303,28 +303,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
3
+
Yes
+
Yes
Pro
-
3
+
Yes
+
Yes
Business
-
3
+
Yes
+
Yes
Enterprise
-
3
+
Yes
+
Yes
Education
-
3
+
Yes
+
Yes
@@ -367,28 +373,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
5
+
Yes
+
Yes
Pro
-
5
+
Yes
+
Yes
Business
-
5
+
Yes
+
Yes
Enterprise
-
5
+
Yes
+
Yes
Education
-
5
+
Yes
+
Yes
@@ -405,7 +417,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1809. Specifies whether clipboard items roam across devices. When this is allowed, an item copied to the clipboard is uploaded to the cloud so that other devices can access. Also, when this is allowed, a new clipboard item on the cloud is downloaded to a device so that user can paste on the device.
+Specifies whether clipboard items roam across devices. When this is allowed, an item copied to the clipboard is uploaded to the cloud so that other devices can access. Also, when this is allowed, a new clipboard item on the cloud is downloaded to a device so that user can paste on the device.
Most restricted value is 0.
@@ -435,28 +447,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
Yes
+
Yes
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -503,28 +521,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
1
+
Yes
+
Yes
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -541,7 +565,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1607. Enables or disables the Advertising ID.
+Enables or disables the Advertising ID.
Most restricted value is 0.
@@ -572,28 +596,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
5
+
Yes
+
Yes
Pro
-
5
+
Yes
+
Yes
Business
-
5
+
Yes
+
Yes
Enterprise
-
5
+
Yes
+
Yes
Education
-
5
+
Yes
+
Yes
@@ -647,28 +677,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
3
+
Yes
+
Yes
Pro
-
3
+
Yes
+
Yes
Business
-
3
+
Yes
+
Yes
Enterprise
-
3
+
Yes
+
Yes
Education
-
3
+
Yes
+
Yes
@@ -685,7 +721,7 @@ ADMX Info:
-Added in Windows 10, version 1709. Allows IT Admins to allow Apps/OS to publish to the activity feed.
+Allows IT Admins to allow Apps/OS to publish to the activity feed.
@@ -713,28 +749,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
1
+
Yes
+
Yes
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -751,7 +793,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1607. Specifies whether Windows apps can access account information.
+Specifies whether Windows apps can access account information.
Most restricted value is 2.
@@ -784,28 +826,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
1
+
Yes
+
Yes
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -822,7 +870,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to account information. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps.
+List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to account information. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps.
@@ -844,28 +892,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
1
+
Yes
+
Yes
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -882,7 +936,7 @@ ADMX Info:
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to account information. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps.
+List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to account information. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps.
@@ -904,28 +958,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
1
+
Yes
+
Yes
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -942,7 +1002,7 @@ ADMX Info:
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the account information privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps.
+List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the account information privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps.
@@ -964,28 +1024,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
No
+
No
Education
-
+
No
+
No
@@ -1001,8 +1067,7 @@ ADMX Info:
-
-Added in Windows 10, version 1903.
+
> [!NOTE]
> Currently, this policy is supported only in HoloLens 2.
@@ -1038,28 +1103,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
No
+
No
Education
-
+
No
+
No
@@ -1076,7 +1147,6 @@ The following list shows the supported values:
-Added in Windows 10, version 1903.
> [!NOTE]
> Currently, this policy is supported only in HoloLens 2.
@@ -1107,28 +1177,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
No
+
No
Education
-
+
No
+
No
@@ -1145,7 +1221,6 @@ ADMX Info:
-Added in Windows 10, version 1903.
> [!NOTE]
> Currently, this policy is supported only in HoloLens 2.
@@ -1176,28 +1251,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
+
No
+
No
Enterprise
-
+
No
+
No
Education
-
+
No
+
No
@@ -1213,8 +1294,7 @@ ADMX Info:
-
-Added in Windows 10, version 1903.
+
> [!NOTE]
> Currently, this policy is supported only in HoloLens 2.
@@ -1246,28 +1326,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
1
+
Yes
+
Yes
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -1284,7 +1370,7 @@ ADMX Info:
-Added in Windows 10, version 1607. Specifies whether Windows apps can access the calendar.
+Specifies whether Windows apps can access the calendar.
Most restricted value is 2.
@@ -1317,28 +1403,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
1
+
Yes
+
Yes
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -1355,7 +1447,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to the calendar. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps.
+List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to the calendar. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps.
@@ -1377,28 +1469,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
1
+
Yes
+
Yes
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -1415,7 +1513,7 @@ ADMX Info:
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to the calendar. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps.
+List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to the calendar. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps.
@@ -1437,28 +1535,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
1
+
Yes
+
Yes
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -1475,7 +1579,7 @@ ADMX Info:
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the calendar privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps.
+List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the calendar privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps.
@@ -1497,28 +1601,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
1
+
Yes
+
Yes
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -1535,7 +1645,7 @@ ADMX Info:
-Added in Windows 10, version 1607. Specifies whether Windows apps can access call history.
+Specifies whether Windows apps can access call history.
Most restricted value is 2.
@@ -1568,28 +1678,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
1
+
Yes
+
Yes
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -1606,7 +1722,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to call history. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps.
+List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to call history. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps.
@@ -1628,28 +1744,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
1
+
Yes
+
Yes
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -1666,7 +1788,7 @@ ADMX Info:
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to call history. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps.
+List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to call history. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps.
@@ -1688,28 +1810,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
1
+
Yes
+
Yes
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -1726,7 +1854,7 @@ ADMX Info:
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the call history privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps.
+List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the call history privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps.
@@ -1748,28 +1876,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
1
+
Yes
+
Yes
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -1786,7 +1920,7 @@ ADMX Info:
-Added in Windows 10, version 1607. Specifies whether Windows apps can access the camera.
+Specifies whether Windows apps can access the camera.
Most restricted value is 2.
@@ -1819,28 +1953,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
1
+
Yes
+
Yes
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -1857,7 +1997,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to the camera. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to the camera. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps.
@@ -1879,28 +2019,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
1
+
Yes
+
Yes
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -1917,7 +2063,7 @@ ADMX Info:
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to the camera. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to the camera. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps.
@@ -1939,28 +2085,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
1
+
Yes
+
Yes
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -1977,7 +2129,7 @@ ADMX Info:
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the camera privacy setting for the listed apps. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the camera privacy setting for the listed apps. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps.
@@ -1999,28 +2151,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
1
+
Yes
+
Yes
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -2037,7 +2195,7 @@ ADMX Info:
-Added in Windows 10, version 1607. Specifies whether Windows apps can access contacts.
+Specifies whether Windows apps can access contacts.
Most restricted value is 2.
@@ -2070,28 +2228,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
1
+
Yes
+
Yes
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -2108,7 +2272,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to contacts. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to contacts. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps.
@@ -2130,28 +2294,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
1
+
Yes
+
Yes
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -2168,7 +2338,7 @@ ADMX Info:
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to contacts. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to contacts. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps.
@@ -2190,28 +2360,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
1
+
Yes
+
Yes
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -2228,7 +2404,7 @@ ADMX Info:
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the contacts privacy setting for the listed apps. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the contacts privacy setting for the listed apps. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps.
@@ -2250,28 +2426,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
1
+
Yes
+
Yes
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -2288,7 +2470,7 @@ ADMX Info:
-Added in Windows 10, version 1607. Specifies whether Windows apps can access email.
+Specifies whether Windows apps can access email.
Most restricted value is 2.
@@ -2321,28 +2503,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
1
+
Yes
+
Yes
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -2359,7 +2547,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to email. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to email. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps.
@@ -2381,28 +2569,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
1
+
Yes
+
Yes
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -2419,7 +2613,7 @@ ADMX Info:
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to email. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to email. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps.
@@ -2441,28 +2635,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
1
+
Yes
+
Yes
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -2479,7 +2679,7 @@ ADMX Info:
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the email privacy setting for the listed apps. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the email privacy setting for the listed apps. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps.
@@ -2501,28 +2701,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
5
+
Yes
+
Yes
Pro
-
5
+
Yes
+
Yes
Business
-
5
+
Yes
+
Yes
Enterprise
-
5
+
Yes
+
Yes
Education
-
5
+
Yes
+
Yes
@@ -2552,28 +2758,34 @@ This policy setting specifies whether Windows apps can access the eye tracker.
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
5
+
Yes
+
Yes
Pro
-
5
+
Yes
+
Yes
Business
-
5
+
Yes
+
Yes
Enterprise
-
5
+
Yes
+
Yes
Education
-
5
+
Yes
+
Yes
@@ -2603,28 +2815,34 @@ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
5
+
Yes
+
Yes
Pro
-
5
+
Yes
+
Yes
Business
-
5
+
Yes
+
Yes
Enterprise
-
5
+
Yes
+
Yes
Education
-
5
+
Yes
+
Yes
@@ -2654,28 +2872,34 @@ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
5
+
Yes
+
Yes
Pro
-
5
+
Yes
+
Yes
Business
-
5
+
Yes
+
Yes
Enterprise
-
5
+
Yes
+
Yes
Education
-
5
+
Yes
+
Yes
@@ -2705,28 +2929,34 @@ List of semi-colon delimited Package Family Names of Windows Store Apps. The use
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
1
+
Yes
+
Yes
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -2743,7 +2973,7 @@ List of semi-colon delimited Package Family Names of Windows Store Apps. The use
-Added in Windows 10, version 1607. Specifies whether Windows apps can access location.
+Specifies whether Windows apps can access location.
Most restricted value is 2.
@@ -2776,28 +3006,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
1
+
Yes
+
Yes
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -2814,7 +3050,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to location. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to location. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps.
@@ -2836,28 +3072,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
1
+
Yes
+
Yes
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -2874,7 +3116,7 @@ ADMX Info:
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to location. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to location. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps.
@@ -2896,28 +3138,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
1
+
Yes
+
Yes
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -2934,7 +3182,7 @@ ADMX Info:
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the location privacy setting for the listed apps. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the location privacy setting for the listed apps. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps.
@@ -2956,28 +3204,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
1
+
Yes
+
Yes
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -2994,7 +3248,7 @@ ADMX Info:
-Added in Windows 10, version 1607. Specifies whether Windows apps can read or send messages (text or MMS).
+Specifies whether Windows apps can read or send messages (text or MMS).
Most restricted value is 2.
@@ -3027,28 +3281,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
1
+
Yes
+
Yes
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -3065,7 +3325,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed to read or send messages (text or MMS). This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed to read or send messages (text or MMS). This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps.
@@ -3087,28 +3347,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
1
+
Yes
+
Yes
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -3125,7 +3391,7 @@ ADMX Info:
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are not allowed to read or send messages (text or MMS). This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are not allowed to read or send messages (text or MMS). This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps.
@@ -3147,28 +3413,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
1
+
Yes
+
Yes
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -3185,7 +3457,7 @@ ADMX Info:
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the messaging privacy setting for the listed apps. This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the messaging privacy setting for the listed apps. This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps.
@@ -3207,28 +3479,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
1
+
Yes
+
Yes
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -3245,7 +3523,7 @@ ADMX Info:
-Added in Windows 10, version 1607. Specifies whether Windows apps can access the microphone.
+Specifies whether Windows apps can access the microphone.
Most restricted value is 2.
@@ -3278,28 +3556,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
1
+
Yes
+
Yes
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -3316,7 +3600,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to the microphone. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to the microphone. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps.
@@ -3338,28 +3622,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
1
+
Yes
+
Yes
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -3376,7 +3666,7 @@ ADMX Info:
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to the microphone. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to the microphone. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps.
@@ -3398,28 +3688,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
1
+
Yes
+
Yes
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -3436,7 +3732,7 @@ ADMX Info:
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the microphone privacy setting for the listed apps. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the microphone privacy setting for the listed apps. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps.
@@ -3458,28 +3754,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
1
+
Yes
+
Yes
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -3496,7 +3798,7 @@ ADMX Info:
-Added in Windows 10, version 1607. Specifies whether Windows apps can access motion data.
+Specifies whether Windows apps can access motion data.
Most restricted value is 2.
@@ -3529,28 +3831,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
1
+
Yes
+
Yes
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -3567,7 +3875,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to motion data. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to motion data. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps.
@@ -3589,28 +3897,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
1
+
Yes
+
Yes
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -3627,7 +3941,7 @@ ADMX Info:
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to motion data. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to motion data. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps.
@@ -3649,28 +3963,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
1
+
Yes
+
Yes
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -3687,7 +4007,7 @@ ADMX Info:
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the motion privacy setting for the listed apps. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the motion privacy setting for the listed apps. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps.
@@ -3709,28 +4029,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
1
+
Yes
+
Yes
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -3747,7 +4073,7 @@ ADMX Info:
-Added in Windows 10, version 1607. Specifies whether Windows apps can access notifications.
+Specifies whether Windows apps can access notifications.
Most restricted value is 2.
@@ -3780,28 +4106,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
1
+
Yes
+
Yes
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -3818,7 +4150,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to notifications. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to notifications. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps.
@@ -3840,28 +4172,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
1
+
Yes
+
Yes
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -3878,7 +4216,7 @@ ADMX Info:
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to notifications. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to notifications. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps.
@@ -3900,28 +4238,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
1
+
Yes
+
Yes
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -3938,7 +4282,7 @@ ADMX Info:
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the notifications privacy setting for the listed apps. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the notifications privacy setting for the listed apps. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps.
@@ -3960,28 +4304,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
1
+
Yes
+
Yes
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -3998,7 +4348,7 @@ ADMX Info:
-Added in Windows 10, version 1607. Specifies whether Windows apps can make phone calls.
+Specifies whether Windows apps can make phone calls.
Most restricted value is 2.
@@ -4031,28 +4381,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
1
+
Yes
+
Yes
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -4069,7 +4425,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed to make phone calls. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed to make phone calls. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps.
@@ -4091,28 +4447,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
1
+
Yes
+
Yes
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -4129,7 +4491,7 @@ ADMX Info:
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are not allowed to make phone calls. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are not allowed to make phone calls. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps.
@@ -4151,28 +4513,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
1
+
Yes
+
Yes
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -4189,7 +4557,7 @@ ADMX Info:
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the phone call privacy setting for the listed apps. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the phone call privacy setting for the listed apps. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps.
@@ -4211,28 +4579,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
1
+
Yes
+
Yes
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -4249,7 +4623,7 @@ ADMX Info:
-Added in Windows 10, version 1607. Specifies whether Windows apps have access to control radios.
+Specifies whether Windows apps have access to control radios.
Most restricted value is 2.
@@ -4282,28 +4656,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
1
+
Yes
+
Yes
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -4320,7 +4700,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to control radios. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to control radios. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps.
@@ -4342,28 +4722,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
1
+
Yes
+
Yes
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -4380,7 +4766,7 @@ ADMX Info:
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to control radios. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to control radios. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps.
@@ -4402,28 +4788,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
1
+
Yes
+
Yes
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -4440,7 +4832,7 @@ ADMX Info:
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the radios privacy setting for the listed apps. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the radios privacy setting for the listed apps. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps.
@@ -4462,28 +4854,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
2
+
Yes
+
Yes
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -4500,7 +4898,7 @@ ADMX Info:
-Added in Windows 10, version 1703. Specifies whether Windows apps can access tasks.
+Specifies whether Windows apps can access tasks.
@@ -4522,28 +4920,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
2
+
Yes
+
Yes
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -4560,7 +4964,7 @@ ADMX Info:
-Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to tasks. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to tasks. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps.
@@ -4582,28 +4986,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
2
+
Yes
+
Yes
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -4620,7 +5030,7 @@ ADMX Info:
-Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to tasks. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to tasks. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps.
@@ -4642,28 +5052,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
2
+
Yes
+
Yes
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -4680,7 +5096,7 @@ ADMX Info:
-Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the tasks privacy setting for the listed apps. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the tasks privacy setting for the listed apps. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps.
@@ -4702,28 +5118,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
1
+
Yes
+
Yes
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -4740,7 +5162,7 @@ ADMX Info:
-Added in Windows 10, version 1607. Specifies whether Windows apps can access trusted devices.
+Specifies whether Windows apps can access trusted devices.
Most restricted value is 2.
@@ -4773,28 +5195,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
1
+
Yes
+
Yes
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -4811,7 +5239,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to trusted devices. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to trusted devices. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps.
@@ -4833,28 +5261,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
1
+
Yes
+
Yes
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -4871,7 +5305,7 @@ ADMX Info:
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to trusted devices. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to trusted devices. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps.
@@ -4893,28 +5327,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
1
+
Yes
+
Yes
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -4931,7 +5371,7 @@ ADMX Info:
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the 'trusted devices' privacy setting for the listed apps. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the 'trusted devices' privacy setting for the listed apps. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps.
@@ -4953,28 +5393,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
6
+
Yes
+
Yes
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
@@ -5021,28 +5467,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
6
+
Yes
+
Yes
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
@@ -5089,28 +5541,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
2
+
Yes
+
Yes
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -5127,7 +5585,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1703. Force allow, force deny or give user control of apps that can get diagnostic information about other running apps.
+Force allow, force deny or give user control of apps that can get diagnostic information about other running apps.
Most restricted value is 2.
@@ -5160,28 +5618,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
2
+
Yes
+
Yes
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -5198,7 +5662,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to diagnostic information about other running apps. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to diagnostic information about other running apps. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified apps.
@@ -5220,28 +5684,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
2
+
Yes
+
Yes
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -5258,7 +5728,7 @@ ADMX Info:
-Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to diagnostic information about other running apps. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to diagnostic information about other running apps. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified apps.
@@ -5280,28 +5750,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
2
+
Yes
+
Yes
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -5318,7 +5794,7 @@ ADMX Info:
-Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the 'get diagnostic info' privacy setting for the listed apps. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the 'get diagnostic info' privacy setting for the listed apps. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified apps.
@@ -5340,28 +5816,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
2
+
Yes
+
Yes
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -5378,7 +5860,7 @@ ADMX Info:
-Added in Windows 10, version 1703. Specifies whether Windows apps can run in the background.
+Specifies whether Windows apps can run in the background.
Most restricted value is 2.
@@ -5413,28 +5895,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
2
+
Yes
+
Yes
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -5451,7 +5939,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are able to run in the background. This setting overrides the default LetAppsRunInBackground policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are able to run in the background. This setting overrides the default LetAppsRunInBackground policy setting for the specified apps.
@@ -5473,28 +5961,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
2
+
Yes
+
Yes
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -5511,7 +6005,7 @@ ADMX Info:
-Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied the ability to run in the background. This setting overrides the default LetAppsRunInBackground policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied the ability to run in the background. This setting overrides the default LetAppsRunInBackground policy setting for the specified apps.
@@ -5533,28 +6027,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
2
+
Yes
+
Yes
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -5571,7 +6071,7 @@ ADMX Info:
-Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the background apps privacy setting for the listed apps. This setting overrides the default LetAppsRunInBackground policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the background apps privacy setting for the listed apps. This setting overrides the default LetAppsRunInBackground policy setting for the specified apps.
@@ -5593,28 +6093,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
1
+
Yes
+
Yes
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -5631,7 +6137,7 @@ ADMX Info:
-Added in Windows 10, version 1607. Specifies whether Windows apps can sync with devices.
+Specifies whether Windows apps can sync with devices.
Most restricted value is 2.
@@ -5664,28 +6170,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
1
+
Yes
+
Yes
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -5702,7 +6214,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to sync with devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to sync with devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.
@@ -5724,28 +6236,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
1
+
Yes
+
Yes
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -5762,7 +6280,7 @@ ADMX Info:
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to sync with devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to sync with devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.
@@ -5784,28 +6302,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
1
+
Yes
+
Yes
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -5822,7 +6346,7 @@ ADMX Info:
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the 'sync with devices' privacy setting for the listed apps. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the 'sync with devices' privacy setting for the listed apps. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.
@@ -5844,28 +6368,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
3
+
Yes
+
Yes
Pro
-
3
+
Yes
+
Yes
Business
-
3
+
Yes
+
Yes
Enterprise
-
3
+
Yes
+
Yes
Education
-
3
+
Yes
+
Yes
@@ -5882,7 +6412,7 @@ ADMX Info:
-Added in Windows 10, version 1709. Allows It Admins to enable publishing of user activities to the activity feed.
+Allows It Admins to enable publishing of user activities to the activity feed.
@@ -5910,28 +6440,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
5
+
Yes
+
Yes
Pro
-
5
+
Yes
+
Yes
Business
-
5
+
Yes
+
Yes
Enterprise
-
5
+
Yes
+
Yes
Education
-
5
+
Yes
+
Yes
@@ -5962,16 +6498,5 @@ ADMX Info:
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-
diff --git a/windows/client-management/mdm/policy-csp-remoteassistance.md b/windows/client-management/mdm/policy-csp-remoteassistance.md
index a515e2b28f..ae89315829 100644
--- a/windows/client-management/mdm/policy-csp-remoteassistance.md
+++ b/windows/client-management/mdm/policy-csp-remoteassistance.md
@@ -14,8 +14,6 @@ manager: dansimp
# Policy CSP - RemoteAssistance
-
-
@@ -36,6 +34,12 @@ manager: dansimp
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -45,28 +49,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -96,12 +106,6 @@ If you disable this policy setting, the user sees the default warning message.
If you do not configure this policy setting, the user sees the default warning message.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -121,28 +125,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -168,12 +178,6 @@ If you disable this policy setting, log files are not generated.
If you do not configure this setting, application-based settings are used.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -193,28 +197,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -248,12 +258,6 @@ The "Select the method for sending email invitations" setting specifies which em
If you enable this policy setting you should also enable appropriate firewall exceptions to allow Remote Assistance communications.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -273,28 +277,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -351,12 +361,6 @@ Port 135:TCP
Allow Remote Desktop Exception
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -369,16 +373,4 @@ ADMX Info:
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-
-
diff --git a/windows/client-management/mdm/policy-csp-remotedesktopservices.md b/windows/client-management/mdm/policy-csp-remotedesktopservices.md
index a33ad83d33..ca8fb82fd6 100644
--- a/windows/client-management/mdm/policy-csp-remotedesktopservices.md
+++ b/windows/client-management/mdm/policy-csp-remotedesktopservices.md
@@ -42,6 +42,12 @@ manager: dansimp
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -51,28 +57,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -102,12 +114,6 @@ Note: You can limit which clients are able to connect remotely by using Remote D
You can limit the number of users who can connect simultaneously by configuring the policy setting at Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections\Limit number of connections, or by configuring the policy setting Maximum Connections by using the Remote Desktop Session Host WMI Provider.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -127,28 +133,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -182,12 +194,6 @@ Important
FIPS compliance can be configured through the System cryptography. Use FIPS compliant algorithms for encryption, hashing, and signing settings in Group Policy (under Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options.) The FIPS compliant setting encrypts and decrypts data sent from the client to the server and from the server to the client, with the Federal Information Processing Standard (FIPS) 140 encryption algorithms, by using Microsoft cryptographic modules. Use this encryption level when communications between clients and RD Session Host servers requires the highest level of encryption.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -207,28 +213,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -256,12 +268,6 @@ If you disable this policy setting, client drive redirection is always allowed.
If you do not configure this policy setting, client drive redirection and Clipboard file copy redirection are not specified at the Group Policy level.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -281,28 +287,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -326,12 +338,6 @@ If you enable this setting the password saving checkbox in Remote Desktop Connec
If you disable this setting or leave it not configured, the user will be able to save passwords using Remote Desktop Connection.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -351,28 +357,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -402,12 +414,6 @@ If you disable this policy setting, users can always log on to Remote Desktop Se
If you do not configure this policy setting, automatic logon is not specified at the Group Policy level.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -427,28 +433,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -478,12 +490,6 @@ If the status is set to Not Configured, unsecured communication is allowed.
Note: The RPC interface is used for administering and configuring Remote Desktop Services.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -496,16 +502,5 @@ ADMX Info:
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-
diff --git a/windows/client-management/mdm/policy-csp-remotemanagement.md b/windows/client-management/mdm/policy-csp-remotemanagement.md
index fae950baec..9907ee6993 100644
--- a/windows/client-management/mdm/policy-csp-remotemanagement.md
+++ b/windows/client-management/mdm/policy-csp-remotemanagement.md
@@ -69,6 +69,12 @@ manager: dansimp
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -78,28 +84,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -123,12 +135,6 @@ If you enable this policy setting, the WinRM client uses Basic authentication. I
If you disable or do not configure this policy setting, the WinRM client does not use Basic authentication.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -148,28 +154,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -193,12 +205,6 @@ If you enable this policy setting, the WinRM service accepts Basic authenticatio
If you disable or do not configure this policy setting, the WinRM service does not accept Basic authentication from a remote client.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -218,28 +224,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -263,12 +275,6 @@ If you enable this policy setting, the WinRM client uses CredSSP authentication.
If you disable or do not configure this policy setting, the WinRM client does not use CredSSP authentication.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -288,28 +294,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -333,12 +345,6 @@ If you enable this policy setting, the WinRM service accepts CredSSP authenticat
If you disable or do not configure this policy setting, the WinRM service does not accept CredSSP authentication from a remote client.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -358,28 +364,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -416,12 +428,6 @@ Example IPv4 filters:\n2.0.0.1-2.0.0.20, 24.0.0.1-24.0.0.22
Example IPv6 filters:\n3FFE:FFFF:7654:FEDA:1245:BA98:0000:0000-3FFE:FFFF:7654:FEDA:1245:BA98:3210:4562
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -441,28 +447,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -486,12 +498,6 @@ If you enable this policy setting, the WinRM client sends and receives unencrypt
If you disable or do not configure this policy setting, the WinRM client sends or receives only encrypted messages over the network.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -511,28 +517,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -556,12 +568,6 @@ If you enable this policy setting, the WinRM client sends and receives unencrypt
If you disable or do not configure this policy setting, the WinRM client sends or receives only encrypted messages over the network.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -581,28 +587,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -626,12 +638,6 @@ If you enable this policy setting, the WinRM client does not use Digest authenti
If you disable or do not configure this policy setting, the WinRM client uses Digest authentication.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -651,28 +657,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -696,12 +708,6 @@ If you enable this policy setting, the WinRM client does not use Negotiate authe
If you disable or do not configure this policy setting, the WinRM client uses Negotiate authentication.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -721,28 +727,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -766,12 +778,6 @@ If you enable this policy setting, the WinRM service does not accept Negotiate a
If you disable or do not configure this policy setting, the WinRM service accepts Negotiate authentication from a remote client.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -791,28 +797,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -838,12 +850,6 @@ If you disable or do not configure this policy setting, the WinRM service will a
If you enable and then disable this policy setting,any values that were previously configured for RunAsPassword will need to be reset.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -863,28 +869,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -914,12 +926,6 @@ If HardeningLevel is set to Relaxed (default value), any request containing an i
If HardeningLevel is set to None, all requests are accepted (though they are not protected from credential-forwarding attacks).
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -939,28 +945,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -984,12 +996,6 @@ If you enable this policy setting, the WinRM client uses the list specified in T
If you disable or do not configure this policy setting and the WinRM client needs to use the list of trusted hosts, you must configure the list of trusted hosts locally on each computer.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1009,28 +1015,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1058,12 +1070,6 @@ When certain port 80 listeners are migrated to WinRM 2.0, the listener port numb
A listener might be automatically created on port 80 to ensure backward compatibility.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1083,28 +1089,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1132,12 +1144,6 @@ When certain port 443 listeners are migrated to WinRM 2.0, the listener port num
A listener might be automatically created on port 443 to ensure backward compatibility.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1150,16 +1156,5 @@ ADMX Info:
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-
diff --git a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md
index 493027a454..97e1b5f232 100644
--- a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md
+++ b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md
@@ -15,7 +15,6 @@ manager: dansimp
# Policy CSP - RemoteProcedureCall
-
@@ -30,6 +29,12 @@ manager: dansimp
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -39,28 +44,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -88,12 +99,6 @@ If you do not configure this policy setting, it remains disabled. RPC clients w
Note: This policy will not be applied until the system is rebooted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -113,28 +118,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -161,21 +172,16 @@ If you do not configure this policy setting, it remains disabled. The RPC serve
If you enable this policy setting, it directs the RPC server runtime to restrict unauthenticated RPC clients connecting to RPC servers running on a machine. A client will be considered an authenticated client if it uses a named pipe to communicate with the server or if it uses RPC Security. RPC Interfaces that have specifically requested to be accessible by unauthenticated clients may be exempt from this restriction, depending on the selected value for this policy setting.
--- "None" allows all RPC clients to connect to RPC Servers running on the machine on which the policy setting is applied.
+- "None" allows all RPC clients to connect to RPC Servers running on the machine on which the policy setting is applied.
--- "Authenticated" allows only authenticated RPC Clients (per the definition above) to connect to RPC Servers running on the machine on which the policy setting is applied. Exemptions are granted to interfaces that have requested them.
+- "Authenticated" allows only authenticated RPC Clients (per the definition above) to connect to RPC Servers running on the machine on which the policy setting is applied. Exemptions are granted to interfaces that have requested them.
--- "Authenticated without exceptions" allows only authenticated RPC Clients (per the definition above) to connect to RPC Servers running on the machine on which the policy setting is applied. No exceptions are allowed.
+- "Authenticated without exceptions" allows only authenticated RPC Clients (per the definition above) to connect to RPC Servers running on the machine on which the policy setting is applied. No exceptions are allowed.
-Note: This policy setting will not be applied until the system is rebooted.
+> [!NOTE]
+> This policy setting will not be applied until the system is rebooted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -188,16 +194,5 @@ ADMX Info:
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-
diff --git a/windows/client-management/mdm/policy-csp-remoteshell.md b/windows/client-management/mdm/policy-csp-remoteshell.md
index ac6201611a..0b5ec4947a 100644
--- a/windows/client-management/mdm/policy-csp-remoteshell.md
+++ b/windows/client-management/mdm/policy-csp-remoteshell.md
@@ -15,7 +15,6 @@ manager: dansimp
# Policy CSP - RemoteShell
-
@@ -45,6 +44,12 @@ manager: dansimp
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -54,28 +59,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -99,12 +110,6 @@ If you enable or do not configure this policy setting, new remote shell connecti
If you set this policy to ‘disabled’, new remote shell connections are rejected by the server.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -124,28 +129,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -171,12 +182,6 @@ If you enable this policy setting, the new shell connections are rejected if the
If you disable or do not configure this policy setting, the default number is five users.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -196,28 +201,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -243,12 +254,6 @@ If you enable this policy setting, the server will wait for the specified amount
If you do not configure or disable this policy setting, the default value of 900000 or 15 min will be used.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -268,28 +273,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -315,12 +326,6 @@ If you enable this policy setting, the remote operation is terminated when a new
If you disable or do not configure this policy setting, the value 150 is used by default.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -340,28 +345,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -385,12 +396,6 @@ If you enable this policy setting, you can specify any number from 0 to 0x7FFFFF
If you disable or do not configure this policy setting, the limit is five processes per shell.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -410,28 +415,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -457,12 +468,6 @@ If you enable this policy setting, the user cannot open new remote shells if the
If you disable or do not configure this policy setting, by default the limit is set to two remote shells per user.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -482,28 +487,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -523,12 +534,6 @@ ADMX Info:
This policy setting is deprecated and has no effect when set to any state: Enabled, Disabled, or Not Configured.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -541,16 +546,5 @@ ADMX Info:
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-
diff --git a/windows/client-management/mdm/policy-csp-restrictedgroups.md b/windows/client-management/mdm/policy-csp-restrictedgroups.md
index 6e60b430b9..96c9e4ff03 100644
--- a/windows/client-management/mdm/policy-csp-restrictedgroups.md
+++ b/windows/client-management/mdm/policy-csp-restrictedgroups.md
@@ -15,7 +15,7 @@ manager: dansimp
# Policy CSP - RestrictedGroups
> [!IMPORTANT]
-> Starting from Windows 10, version 20H2, it is recommended to use the [LocalUsersandGroups](policy-csp-localusersandgroups.md) policy instead of the RestrictedGroups policy to configure members (users or AAD groups) to a Windows 10 local group. Applying both the policies to the same device is unsupported and may yield unpredictable results.
+> Starting from Windows 10, version 20H2, it is recommended to use the [LocalUsersandGroups](policy-csp-localusersandgroups.md) policy instead of the RestrictedGroups policy to configure members (users or AAD groups) to a Windows 10 local group. Applying both the policies to the same device is unsupported and may yield unpredictable results.
@@ -38,28 +38,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
4
+
Yes
+
Yes
Business
-
4
+
Yes
+
Yes
Enterprise
-
4
+
Yes
+
Yes
Education
-
4
+
Yes
+
Yes
@@ -132,7 +138,8 @@ Starting in Windows 10, version 1809, you can use this schema for retrieval and
Here's an example:
-```
+
+```xml
@@ -144,13 +151,18 @@ Here's an example:
```
+
where:
+
- `` contains the local group SID or group name to configure. If a SID is specified here, the policy uses the [LookupAccountName](/windows/win32/api/winbase/nf-winbase-lookupaccountnamea) API to get the local group name. For best results, use names for ``.
+
- `` contains the members to add to the group in ``. A member can be specified as a name or as a SID. For best results, use a SID for ``. The member SID can be a user account or a group in AD, Azure AD, or on the local machine. If a name is specified here, the policy will try to get the corresponding SID using the [LookupAccountSID](/windows/win32/api/winbase/nf-winbase-lookupaccountsida) API. Name can be used for a user account or a group in AD or on the local machine. Membership is configured using the [NetLocalGroupSetMembers](/windows/win32/api/lmaccess/nf-lmaccess-netlocalgroupsetmembers) API.
+
- In this example, `Group1` and `Group2` are local groups on the device being configured, and `Group3` is a domain group.
> [!NOTE]
> Currently, the RestrictedGroups/ConfigureGroupMembership policy does not have a MemberOf functionality. However, you can add a domain group as a member to a local group by using the member portion, as shown in the previous example.
+
@@ -171,15 +183,4 @@ The following table describes how this policy setting behaves in different Windo
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-
-
\ No newline at end of file
+
diff --git a/windows/client-management/mdm/policy-csp-search.md b/windows/client-management/mdm/policy-csp-search.md
index b3290f82dc..8eb0dbe3ea 100644
--- a/windows/client-management/mdm/policy-csp-search.md
+++ b/windows/client-management/mdm/policy-csp-search.md
@@ -15,7 +15,6 @@ manager: dansimp
# Policy CSP - Search
-
@@ -72,28 +71,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
3
+
Yes
+
Yes
Business
-
3
+
Yes
+
Yes
Enterprise
-
3
+
Yes
+
Yes
Education
-
3
+
Yes
+
Yes
@@ -110,7 +115,7 @@ manager: dansimp
-Added in Windows 10, version 1709. Allow search and Cortana to search cloud sources like OneDrive and SharePoint. This policy allows corporate administrators to control whether employees can turn off/on the search of these cloud sources. The default policy value is to allow employees access to the setting that controls search of cloud sources.
+Allow search and Cortana to search cloud sources like OneDrive and SharePoint. This policy allows corporate administrators to control whether employees can turn off/on the search of these cloud sources. The default policy value is to allow employees access to the setting that controls search of cloud sources.
@@ -138,28 +143,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
4
+
Yes
+
Yes
Business
-
4
+
Yes
+
Yes
Enterprise
-
4
+
Yes
+
Yes
Education
-
4
+
Yes
+
Yes
@@ -180,28 +191,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
@@ -252,28 +269,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -324,28 +347,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -403,28 +432,34 @@ This policy has been deprecated.
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -472,28 +507,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -523,28 +564,34 @@ Allow Windows indexer. Value type is integer.
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -592,28 +639,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -658,28 +711,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -728,28 +787,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
4
+
Yes
+
Yes
Business
-
4
+
Yes
+
Yes
Enterprise
-
4
+
Yes
+
Yes
Education
-
4
+
Yes
+
Yes
@@ -766,7 +831,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1803. Don't search the web or display web results in Search.
+Don't search the web or display web results in Search.
This policy setting allows you to control whether or not Search can perform queries on the web, and if the web results are displayed in Search.
If you enable this policy setting, queries won't be performed on the web and web results won't be displayed when a user performs a query in Search.
@@ -799,28 +864,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -869,28 +940,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -929,16 +1006,6 @@ The following list shows the supported values:
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-security.md b/windows/client-management/mdm/policy-csp-security.md
index 13eb6fdc71..dc8d037b70 100644
--- a/windows/client-management/mdm/policy-csp-security.md
+++ b/windows/client-management/mdm/policy-csp-security.md
@@ -62,28 +62,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -120,28 +126,33 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -178,28 +189,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -236,28 +253,33 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
Pro
-
3
+
Yes
+
Yes
Business
-
3
+
Yes
+
Yes
Enterprise
-
3
+
Yes
+
Yes
Education
-
3
+
Yes
+
Yes
@@ -277,7 +299,7 @@ The following list shows the supported values:
> [!NOTE]
> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
-Added in Windows 10, version 1709. Admin access is required. The prompt will appear on first admin logon after a reboot when the TPM is in a non-ready state that can be remediated with a TPM Clear. The prompt will have a description of what clearing the TPM does and that it requires a reboot. The user can dismiss it, but it will appear on next admin logon after restart.
+Admin access is required. The prompt will appear on first admin logon after a reboot when the TPM is in a non-ready state that can be remediated with a TPM Clear. The prompt will have a description of what clearing the TPM does and that it requires a reboot. The user can dismiss it, but it will appear on next admin logon after restart.
@@ -305,28 +327,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
4
+
Yes
+
Yes
Business
-
4
+
Yes
+
Yes
Enterprise
-
4
+
Yes
+
Yes
Education
-
4
+
Yes
+
Yes
@@ -343,7 +371,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1803. Configures the use of passwords for Windows features.
+Configures the use of passwords for Windows features.
> [!Note]
> This policy is only supported in Windows 10 S.
@@ -367,28 +395,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -431,28 +465,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
5
+
Yes
+
Yes
Business
-
5
+
Yes
+
Yes
Enterprise
-
5
+
Yes
+
Yes
Education
-
5
+
Yes
+
Yes
@@ -470,7 +510,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1809. This policy controls the Admin Authentication requirement in RecoveryEnvironment.
+This policy controls the Admin Authentication requirement in RecoveryEnvironment.
Supported values:
- 0 - Default: Keep using default(current) behavior
@@ -520,28 +560,34 @@ If the MDM policy is set to "NoRequireAuthentication" (2)
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
Yes
+
Yes
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -584,28 +630,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -642,28 +694,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
Yes
+
Yes
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -705,15 +763,5 @@ The following list shows the supported values:
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-servicecontrolmanager.md b/windows/client-management/mdm/policy-csp-servicecontrolmanager.md
index 8f43acb2ab..accdd88186 100644
--- a/windows/client-management/mdm/policy-csp-servicecontrolmanager.md
+++ b/windows/client-management/mdm/policy-csp-servicecontrolmanager.md
@@ -34,28 +34,34 @@ ms.date: 09/27/2019
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
No
+
No
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
@@ -113,15 +119,4 @@ Supported values:
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-
diff --git a/windows/client-management/mdm/policy-csp-settings.md b/windows/client-management/mdm/policy-csp-settings.md
index 7152934f2d..908deebcb4 100644
--- a/windows/client-management/mdm/policy-csp-settings.md
+++ b/windows/client-management/mdm/policy-csp-settings.md
@@ -14,8 +14,6 @@ manager: dansimp
# Policy CSP - Settings
-
-
@@ -72,28 +70,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -137,28 +141,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -198,28 +208,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -256,28 +272,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -318,28 +340,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
3
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
3
+
Yes
+
Yes
Education
-
3
+
Yes
+
Yes
@@ -380,28 +408,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -442,28 +476,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -504,28 +544,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -566,28 +612,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -624,28 +676,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -686,28 +744,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -744,28 +808,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -782,7 +852,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1703. Allows IT Admins to configure the default setting for showing additional calendars (besides the default calendar for the locale) in the taskbar clock and calendar flyout. In this version of Windows 10, supported additional calendars are: Simplified or Traditional Chinese lunar calendar. Turning on one of these calendars will display Chinese lunar dates below the default calendar for the locale. Select "Don't show additional calendars" to prevent showing other calendars besides the default calendar for the locale.
+Allows IT Admins to configure the default setting for showing additional calendars (besides the default calendar for the locale) in the taskbar clock and calendar flyout. In this version of Windows 10, supported additional calendars are: Simplified or Traditional Chinese lunar calendar. Turning on one of these calendars will display Chinese lunar dates below the default calendar for the locale. Select "Don't show additional calendars" to prevent showing other calendars besides the default calendar for the locale.
@@ -812,28 +882,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -851,7 +927,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1703. Allows IT Admins to either prevent specific pages in the System Settings app from being visible or accessible, or to do so for all pages except those specified. The mode will be specified by the policy string beginning with either the string "showonly:" or "hide:". Pages are identified by a shortened version of their already published URIs, which is the URI minus the "ms-settings:" prefix. For example, if the URI for a settings page is "ms-settings:bluetooth", the page identifier used in the policy will be just "bluetooth". Multiple page identifiers are separated by semicolons.
+Allows IT Admins to either prevent specific pages in the System Settings app from being visible or accessible, or to do so for all pages except those specified. The mode will be specified by the policy string beginning with either the string "showonly:" or "hide:". Pages are identified by a shortened version of their already published URIs, which is the URI minus the "ms-settings:" prefix. For example, if the URI for a settings page is "ms-settings:bluetooth", the page identifier used in the policy will be just "bluetooth". Multiple page identifiers are separated by semicolons.
The following example illustrates a policy that would allow access only to the about and bluetooth pages, which have URI "ms-settings:about" and "ms-settings:bluetooth" respectively:
@@ -898,15 +974,5 @@ To validate on Desktop, do the following:
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-smartscreen.md b/windows/client-management/mdm/policy-csp-smartscreen.md
index 3f4e279889..e7db6a71e2 100644
--- a/windows/client-management/mdm/policy-csp-smartscreen.md
+++ b/windows/client-management/mdm/policy-csp-smartscreen.md
@@ -15,7 +15,6 @@ manager: dansimp
# Policy CSP - SmartScreen
-
@@ -42,28 +41,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -80,7 +85,7 @@ manager: dansimp
-Added in Windows 10, version 1703. Allows IT Admins to control whether users are allowed to install apps from places other than the Store.
+Allows IT Admins to control whether users are allowed to install apps from places other than the Store.
> [!Note]
> This policy will block installation only while the device is online. To block offline installation too, **SmartScreen/PreventOverrideForFilesInShell** and **SmartScreen/EnableSmartScreenInShell** policies should also be enabled.
This policy setting is intended to prevent malicious content from affecting your user's devices when downloading executable content from the internet.
@@ -111,28 +116,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -149,7 +160,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1703. Allows IT Admins to configure SmartScreen for Windows.
+Allows IT Admins to configure SmartScreen for Windows.
@@ -177,28 +188,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -215,7 +232,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1703. Allows IT Admins to control whether users can ignore SmartScreen warnings and run malicious files.
+Allows IT Admins to control whether users can ignore SmartScreen warnings and run malicious files.
@@ -237,16 +254,4 @@ The following list shows the supported values:
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-
-
diff --git a/windows/client-management/mdm/policy-csp-speech.md b/windows/client-management/mdm/policy-csp-speech.md
index 59b7531703..40c0182de2 100644
--- a/windows/client-management/mdm/policy-csp-speech.md
+++ b/windows/client-management/mdm/policy-csp-speech.md
@@ -15,7 +15,6 @@ manager: dansimp
# Policy CSP - Speech
-
@@ -36,28 +35,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -74,7 +79,7 @@ manager: dansimp
-Added in Windows 10, version 1607. Specifies whether the device will receive updates to the speech recognition and speech synthesis models. A speech model contains data used by the speech engine to convert audio to text (or vice-versa). The models are periodically updated to improve accuracy and performance. Models are non-executable data files. If enabled, the device will periodically check for updated speech models and then download them from a Microsoft service using the Background Internet Transfer Service (BITS).
+Specifies whether the device will receive updates to the speech recognition and speech synthesis models. A speech model contains data used by the speech engine to convert audio to text (or vice-versa). The models are periodically updated to improve accuracy and performance. Models are non-executable data files. If enabled, the device will periodically check for updated speech models and then download them from a Microsoft service using the Background Internet Transfer Service (BITS).
@@ -95,16 +100,6 @@ The following list shows the supported values:
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-start.md b/windows/client-management/mdm/policy-csp-start.md
index 6e910385fe..d4dcbc0b56 100644
--- a/windows/client-management/mdm/policy-csp-start.md
+++ b/windows/client-management/mdm/policy-csp-start.md
@@ -122,28 +122,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -160,7 +166,7 @@ manager: dansimp
-Added in Windows 10, version 1703. This policy controls the visibility of the Documents shortcut on the Start menu.
+This policy controls the visibility of the Documents shortcut on the Start menu.
@@ -181,28 +187,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -219,7 +231,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1703. This policy controls the visibility of the Downloads shortcut on the Start menu.
+This policy controls the visibility of the Downloads shortcut on the Start menu.
@@ -240,28 +252,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -278,7 +296,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1703. This policy controls the visibility of the File Explorer shortcut on the Start menu.
+This policy controls the visibility of the File Explorer shortcut on the Start menu.
@@ -299,28 +317,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -337,7 +361,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1703. This policy controls the visibility of the HomeGroup shortcut on the Start menu.
+This policy controls the visibility of the HomeGroup shortcut on the Start menu.
@@ -358,28 +382,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -396,7 +426,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1703. This policy controls the visibility of the Music shortcut on the Start menu.
+This policy controls the visibility of the Music shortcut on the Start menu.
@@ -417,28 +447,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -455,7 +491,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1703. This policy controls the visibility of the Network shortcut on the Start menu.
+This policy controls the visibility of the Network shortcut on the Start menu.
@@ -476,28 +512,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -514,7 +556,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1703. This policy controls the visibility of the PersonalFolder shortcut on the Start menu.
+This policy controls the visibility of the PersonalFolder shortcut on the Start menu.
@@ -535,28 +577,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -573,7 +621,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1703. This policy controls the visibility of the Pictures shortcut on the Start menu.
+This policy controls the visibility of the Pictures shortcut on the Start menu.
@@ -594,28 +642,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -632,7 +686,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1703. This policy controls the visibility of the Settings shortcut on the Start menu.
+This policy controls the visibility of the Settings shortcut on the Start menu.
@@ -653,28 +707,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -691,7 +751,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1703. This policy controls the visibility of the Videos shortcut on the Start menu.
+This policy controls the visibility of the Videos shortcut on the Start menu.
@@ -712,28 +772,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
4
+
Yes
+
Yes
Business
-
4
+
Yes
+
Yes
Enterprise
-
4
+
Yes
+
Yes
Education
-
4
+
Yes
+
Yes
@@ -785,28 +851,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -852,28 +924,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
3
+
Yes
+
Yes
Business
-
3
+
Yes
+
Yes
Enterprise
-
3
+
Yes
+
Yes
Education
-
3
+
Yes
+
Yes
@@ -927,28 +1005,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -965,7 +1049,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Change account settings" from appearing in the user tile.
+Allows IT Admins to configure Start by hiding "Change account settings" from appearing in the user tile.
@@ -992,28 +1076,34 @@ To validate on Desktop, do the following:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -1034,7 +1124,7 @@ To validate on Desktop, do the following:
> [!NOTE]
> This policy requires reboot to take effect.
-Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding most used apps.
+Allows IT Admins to configure Start by hiding most used apps.
@@ -1065,28 +1155,34 @@ To validate on Desktop, do the following:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -1103,7 +1199,7 @@ To validate on Desktop, do the following:
-Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Hibernate" from appearing in the Power button.
+Allows IT Admins to configure Start by hiding "Hibernate" from appearing in the Power button.
> [!NOTE]
@@ -1134,28 +1230,34 @@ To validate on Laptop, do the following:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -1172,7 +1274,7 @@ To validate on Laptop, do the following:
-Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Lock" from appearing in the user tile.
+Allows IT Admins to configure Start by hiding "Lock" from appearing in the user tile.
@@ -1199,28 +1301,34 @@ To validate on Desktop, do the following:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
3
+
Yes
+
Yes
Business
-
3
+
Yes
+
Yes
Enterprise
-
3
+
Yes
+
Yes
Education
-
3
+
Yes
+
Yes
@@ -1237,7 +1345,7 @@ To validate on Desktop, do the following:
-Added in Windows 10, version 1709. Enabling this policy removes the people icon from the taskbar as well as the corresponding settings toggle. It also prevents users from pinning people to the taskbar.
+Enabling this policy removes the people icon from the taskbar as well as the corresponding settings toggle. It also prevents users from pinning people to the taskbar.
Value type is integer.
@@ -1267,28 +1375,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -1308,7 +1422,7 @@ The following list shows the supported values:
> [!NOTE]
> This policy requires reboot to take effect.
-Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding the Power button from appearing.
+Allows IT Admins to configure Start by hiding the Power button from appearing.
@@ -1335,28 +1449,34 @@ To validate on Desktop, do the following:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -1376,7 +1496,7 @@ To validate on Desktop, do the following:
> [!NOTE]
> This policy requires reboot to take effect.
-Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding recently opened items in the jump lists from appearing.
+Allows IT Admins to configure Start by hiding recently opened items in the jump lists from appearing.
@@ -1410,28 +1530,34 @@ To validate on Desktop, do the following:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -1452,7 +1578,7 @@ To validate on Desktop, do the following:
> [!NOTE]
> This policy requires reboot to take effect.
-Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding recently added apps.
+Allows IT Admins to configure Start by hiding recently added apps.
@@ -1491,28 +1617,34 @@ To validate on Desktop, do the following:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -1529,7 +1661,7 @@ To validate on Desktop, do the following:
-Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Restart" and "Update and restart" from appearing in the Power button.
+Allows IT Admins to configure Start by hiding "Restart" and "Update and restart" from appearing in the Power button.
@@ -1556,28 +1688,34 @@ To validate on Desktop, do the following:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -1594,7 +1732,7 @@ To validate on Desktop, do the following:
-Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Shut down" and "Update and shut down" from appearing in the Power button.
+Allows IT Admins to configure Start by hiding "Shut down" and "Update and shut down" from appearing in the Power button.
@@ -1621,28 +1759,34 @@ To validate on Desktop, do the following:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -1659,7 +1803,7 @@ To validate on Desktop, do the following:
-Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Sign out" from appearing in the user tile.
+Allows IT Admins to configure Start by hiding "Sign out" from appearing in the user tile.
@@ -1686,28 +1830,34 @@ To validate on Desktop, do the following:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -1724,7 +1874,7 @@ To validate on Desktop, do the following:
-Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Sleep" from appearing in the Power button.
+Allows IT Admins to configure Start by hiding "Sleep" from appearing in the Power button.
@@ -1751,28 +1901,34 @@ To validate on Desktop, do the following:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -1789,7 +1945,7 @@ To validate on Desktop, do the following:
-Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Switch account" from appearing in the user tile.
+Allows IT Admins to configure Start by hiding "Switch account" from appearing in the user tile.
@@ -1816,28 +1972,34 @@ To validate on Desktop, do the following:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -1857,7 +2019,7 @@ To validate on Desktop, do the following:
> [!NOTE]
> This policy requires reboot to take effect.
-Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding the user tile.
+Allows IT Admins to configure Start by hiding the user tile.
@@ -1885,28 +2047,34 @@ To validate on Desktop, do the following:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -1934,7 +2102,7 @@ Here is additional SKU support information:
|Windows 10, version 1703 and later |Enterprise, Education, Business |
|Windows 10, version 1709 and later |Enterprise, Education, Business, Pro, ProEducation, S, ProWorkstation |
-Added in Windows 10, version 1703. This policy imports Edge assets (e.g. .png/.jpg files) for secondary tiles into its local app data path which allows the StartLayout policy to pin Edge secondary tiles as weblink that tie to the image asset files.
+This policy imports Edge assets (e.g. .png/.jpg files) for secondary tiles into its local app data path which allows the StartLayout policy to pin Edge secondary tiles as weblink that tie to the image asset files.
> [!IMPORTANT]
> Please note that the import happens only when StartLayout policy is changed. So it is better to always change ImportEdgeAssets policy at the same time as StartLayout policy whenever there are Edge secondary tiles to be pinned from StartLayout policy.
@@ -1961,28 +2129,34 @@ To validate on Desktop, do the following:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -1999,7 +2173,7 @@ To validate on Desktop, do the following:
-Added in Windows 10, version 1703. Allows IT Admins to configure the taskbar by disabling pinning and unpinning apps on the taskbar.
+Allows IT Admins to configure the taskbar by disabling pinning and unpinning apps on the taskbar.
@@ -2029,28 +2203,34 @@ To validate on Desktop, do the following:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2069,7 +2249,7 @@ To validate on Desktop, do the following:
> [!IMPORTANT]
-> Added in Windows 10 version 1703: In addition to being able to set this node on a per user-basis, it can now also be set on a per-device basis. For more information, see [Policy scope](./policy-configuration-service-provider.md#policy-scope)
+> In addition to being able to set this node on a per user-basis, it can now also be set on a per-device basis. For more information, see [Policy scope](./policy-configuration-service-provider.md#policy-scope)
Here is additional SKU support information:
@@ -2095,15 +2275,4 @@ ADMX Info:
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-storage.md b/windows/client-management/mdm/policy-csp-storage.md
index ecd7532d32..d470d7977b 100644
--- a/windows/client-management/mdm/policy-csp-storage.md
+++ b/windows/client-management/mdm/policy-csp-storage.md
@@ -15,7 +15,6 @@ manager: dansimp
# Policy CSP - Storage
-
@@ -60,28 +59,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
3
+
Yes
+
Yes
Business
-
3
+
Yes
+
Yes
Enterprise
-
3
+
Yes
+
Yes
Education
-
3
+
Yes
+
Yes
@@ -98,7 +103,7 @@ manager: dansimp
-Added in Windows 10, version 1709. Allows disk health model updates.
+Allows disk health model updates.
Value type is integer.
@@ -128,28 +133,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
+
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
@@ -201,28 +212,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
+
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
@@ -277,28 +294,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
+
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
@@ -353,28 +376,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
+
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
@@ -429,28 +458,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
+
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
@@ -511,28 +546,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
+
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
@@ -587,28 +628,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -657,28 +704,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
5
+
Yes
+
Yes
Business
-
5
+
Yes
+
Yes
Enterprise
-
5
+
Yes
+
Yes
Education
-
5
+
Yes
+
Yes
@@ -729,15 +782,5 @@ See [Use custom settings for Windows 10 devices in Intune](/intune/custom-settin
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md
index b033f662cc..04cccacbb5 100644
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@@ -114,24 +114,29 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
11
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -182,24 +187,29 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
611
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
@@ -294,24 +304,29 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
511
+
Yes
+
Yes
Enterprise
-
5
+
Yes
+
Yes
Education
-
5
+
Yes
+
Yes
@@ -363,24 +378,29 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
11
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -419,24 +439,29 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
11
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -480,24 +505,29 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
211
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -514,7 +544,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1703. Boolean policy setting that determines whether Windows is allowed to download fonts and font catalog data from an online font provider. If you enable this setting, Windows periodically queries an online font provider to determine whether a new font catalog is available. Windows may also download font data if needed to format or render text. If you disable this policy setting, Windows does not connect to an online font provider and only enumerates locally installed fonts.
+Boolean policy setting that determines whether Windows is allowed to download fonts and font catalog data from an online font provider. If you enable this setting, Windows periodically queries an online font provider to determine whether a new font catalog is available. Windows may also download font data if needed to format or render text. If you disable this policy setting, Windows does not connect to an online font provider and only enumerates locally installed fonts.
This MDM setting corresponds to the EnableFontProviders Group Policy setting. If both the Group Policy and the MDM settings are configured, the group policy setting takes precedence. If neither is configured, the behavior depends on a DisableFontProviders registry value. In server editions, this registry value is set to 1 by default, so the default behavior is false (disabled). In all other editions, the registry value is not set by default, so the default behavior is true (enabled).
@@ -555,24 +585,29 @@ To verify if System/AllowFontProviders is set to true:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
11
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -647,24 +682,29 @@ If you disable this policy setting, devices may not appear in Microsoft Managed
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
11
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -703,24 +743,29 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
11
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -839,24 +884,29 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
611
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
@@ -913,24 +963,29 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
11
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1000,24 +1055,29 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
11
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1072,24 +1132,29 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
5
11
+
Yes
+
Yes
Enterprise
-
5
+
Yes
+
Yes
Education
-
5
+
Yes
+
Yes
@@ -1142,24 +1207,29 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
411
+
Yes
+
Yes
Enterprise
-
4
+
Yes
+
Yes
Education
-
4
+
Yes
+
Yes
@@ -1205,24 +1275,29 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
4
11
+
Yes
+
Yes
Enterprise
-
4
+
Yes
+
Yes
Education
-
4
+
Yes
+
Yes
@@ -1273,24 +1348,29 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
511
+
Yes
+
Yes
Enterprise
-
5
+
Yes
+
Yes
Education
-
5
+
Yes
+
Yes
@@ -1340,24 +1420,29 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
511
+
Yes
+
Yes
Enterprise
-
5
+
Yes
+
Yes
Education
-
5
+
Yes
+
Yes
@@ -1407,24 +1492,29 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
311
+
Yes
+
Yes
Enterprise
-
3
+
Yes
+
Yes
Education
-
3
+
Yes
+
Yes
@@ -1463,24 +1553,29 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
211
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -1497,7 +1592,7 @@ ADMX Info:
-Added in Windows 10, version 1703. Allows IT Admins to prevent apps and features from working with files on OneDrive. If you enable this policy setting:
+Allows IT Admins to prevent apps and features from working with files on OneDrive. If you enable this policy setting:
* Users cannot access OneDrive from the OneDrive app or file picker.
* Microsoft Store apps cannot access OneDrive using the WinRT API.
@@ -1541,24 +1636,29 @@ To validate on Desktop, do the following:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
11
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1613,24 +1713,29 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
4
+
Yes
+
Yes
Pro
-
411
+
Yes
+
Yes
Enterprise
-
4
+
Yes
+
Yes
Education
-
4
+
Yes
+
Yes
@@ -1647,7 +1752,7 @@ ADMX Info:
-Added in Windows 10, version 1803. When filing feedback in the Feedback Hub, diagnostic logs are collected for certain types of feedback. We now offer the option for users to save it locally, in addition to sending it to Microsoft. This policy will allow enterprises to mandate that all diagnostics are saved locally for use in internal investigations.
+When filing feedback in the Feedback Hub, diagnostic logs are collected for certain types of feedback. We now offer the option for users to save it locally, in addition to sending it to Microsoft. This policy will allow enterprises to mandate that all diagnostics are saved locally for use in internal investigations.
@@ -1667,24 +1772,29 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
311
+
Yes
+
Yes
Enterprise
-
3
+
Yes
+
Yes
Education
-
3
+
Yes
+
Yes
@@ -1743,24 +1853,29 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
11
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1801,24 +1916,29 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
611
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
@@ -1865,18 +1985,4 @@ The following list shows the supported values:
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-- 9 - Available in Windows 10, version 20H2.
-- 10 - Available in Windows 10, version 21H1.
-- 11 - Also applies to Windows 10 Business.
-
diff --git a/windows/client-management/mdm/policy-csp-systemservices.md b/windows/client-management/mdm/policy-csp-systemservices.md
index 1e4e35d190..016911d154 100644
--- a/windows/client-management/mdm/policy-csp-systemservices.md
+++ b/windows/client-management/mdm/policy-csp-systemservices.md
@@ -51,28 +51,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
4
+
Yes
+
Yes
Business
-
4
+
Yes
+
Yes
Enterprise
-
4
+
Yes
+
Yes
Education
-
4
+
Yes
+
Yes
@@ -89,7 +95,7 @@ manager: dansimp
-Added in Windows 10, version 1803. This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.
+This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.
@@ -108,28 +114,34 @@ GP Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
4
+
Yes
+
Yes
Business
-
4
+
Yes
+
Yes
Enterprise
-
4
+
Yes
+
Yes
Education
-
4
+
Yes
+
Yes
@@ -146,7 +158,7 @@ GP Info:
-Added in Windows 10, version 1803. This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.
+This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.
@@ -165,28 +177,34 @@ GP Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
4
+
Yes
+
Yes
Business
-
4
+
Yes
+
Yes
Enterprise
-
4
+
Yes
+
Yes
Education
-
4
+
Yes
+
Yes
@@ -203,7 +221,7 @@ GP Info:
-Added in Windows 10, version 1803. This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.
+This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.
@@ -222,28 +240,34 @@ GP Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
4
+
Yes
+
Yes
Business
-
4
+
Yes
+
Yes
Enterprise
-
4
+
Yes
+
Yes
Education
-
4
+
Yes
+
Yes
@@ -260,7 +284,7 @@ GP Info:
-Added in Windows 10, version 1803. This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.
+This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.
@@ -279,28 +303,34 @@ GP Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
4
+
Yes
+
Yes
Business
-
4
+
Yes
+
Yes
Enterprise
-
4
+
Yes
+
Yes
Education
-
4
+
Yes
+
Yes
@@ -317,7 +347,7 @@ GP Info:
-Added in Windows 10, version 1803. This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.
+This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.
@@ -336,28 +366,34 @@ GP Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
4
+
Yes
+
Yes
Business
-
4
+
Yes
+
Yes
Enterprise
-
4
+
Yes
+
Yes
Education
-
4
+
Yes
+
Yes
@@ -374,7 +410,7 @@ GP Info:
-Added in Windows 10, version 1803. This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.
+This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.
@@ -386,16 +422,6 @@ GP Info:
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-taskmanager.md b/windows/client-management/mdm/policy-csp-taskmanager.md
index ce84398393..2ad2b1c6d6 100644
--- a/windows/client-management/mdm/policy-csp-taskmanager.md
+++ b/windows/client-management/mdm/policy-csp-taskmanager.md
@@ -35,28 +35,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
5
+
Yes
+
Yes
Business
-
+
No
+
No
Enterprise
-
5
+
Yes
+
Yes
Education
-
5
+
Yes
+
Yes
@@ -95,16 +101,6 @@ When the policy is set to 0 - users CANNOT execute 'End task' on processes in Ta
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-taskscheduler.md b/windows/client-management/mdm/policy-csp-taskscheduler.md
index ab6ec4d46c..b76c0948ac 100644
--- a/windows/client-management/mdm/policy-csp-taskscheduler.md
+++ b/windows/client-management/mdm/policy-csp-taskscheduler.md
@@ -36,28 +36,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
4
+
Yes
+
Yes
Business
-
4
+
Yes
+
Yes
Enterprise
-
4
+
Yes
+
Yes
Education
-
4
+
Yes
+
Yes
@@ -74,21 +80,11 @@ manager: dansimp
-Added in Windows 10, version 1803. This setting determines whether the specific task is enabled (1) or disabled (0). Default: Disabled.
+This setting determines whether the specific task is enabled (1) or disabled (0). Default: Disabled.
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-textinput.md b/windows/client-management/mdm/policy-csp-textinput.md
index 444e70c323..77bf576304 100644
--- a/windows/client-management/mdm/policy-csp-textinput.md
+++ b/windows/client-management/mdm/policy-csp-textinput.md
@@ -123,7 +123,7 @@ manager: dansimp
-Added in Windows 10, version 1803. Placeholder only. Do not use in production environment.
+Placeholder only. Do not use in production environment.
@@ -136,28 +136,34 @@ Added in Windows 10, version 1803. Placeholder only. Do not use in production e
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -200,28 +206,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -262,28 +274,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -326,28 +344,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -391,28 +415,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -455,28 +485,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -519,28 +555,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -583,28 +625,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -624,7 +672,7 @@ The following list shows the supported values:
> [!NOTE]
> The policy is only enforced in Windows 10 for desktop.
-Added in Windows 10, version 1703. Specifies whether text prediction is enabled or disabled for the on-screen keyboard, touch keyboard, and handwriting recognition tool. When this policy is set to disabled, text prediction is disabled.
+Specifies whether text prediction is enabled or disabled for the on-screen keyboard, touch keyboard, and handwriting recognition tool. When this policy is set to disabled, text prediction is disabled.
Most restricted value is 0.
@@ -667,28 +715,34 @@ This policy has been deprecated.
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -739,28 +793,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -802,28 +862,34 @@ This setting supports a range of values between 0 and 1.
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
8
+
Yes
+
Yes
Business
-
8
+
Yes
+
Yes
Enterprise
-
8
+
Yes
+
Yes
Education
-
8
+
Yes
+
Yes
@@ -844,7 +910,7 @@ This setting supports a range of values between 0 and 1.
> - The policy is only enforced in Windows 10 for desktop.
> - This policy requires reboot to take effect.
-Added in Windows 10, version 2004. Allows IT admins to configure Microsoft Japanese IME version in the desktop.
+Allows IT admins to configure Microsoft Japanese IME version in the desktop.
@@ -865,28 +931,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
8
+
Yes
+
Yes
Business
-
8
+
Yes
+
Yes
Enterprise
-
8
+
Yes
+
Yes
Education
-
8
+
Yes
+
Yes
@@ -907,7 +979,7 @@ The following list shows the supported values:
> - This policy is enforced only in Windows 10 for desktop.
> - This policy requires reboot to take effect.
-Added in Windows 10, version 2004. Allows IT admins to configure Microsoft Simplified Chinese IME version in the desktop.
+Allows IT admins to configure Microsoft Simplified Chinese IME version in the desktop.
@@ -928,28 +1000,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
8
+
Yes
+
Yes
Business
-
8
+
Yes
+
Yes
Enterprise
-
8
+
Yes
+
Yes
Education
-
8
+
Yes
+
Yes
@@ -969,8 +1047,7 @@ The following list shows the supported values:
> [!NOTE]
> - This policy is enforced only in Windows 10 for desktop.
> - This policy requires reboot to take effect.
-
-Added in Windows 10, version 2004. Allows IT admins to configure Microsoft Traditional Chinese IME version in the desktop.
+Allows IT admins to configure Microsoft Traditional Chinese IME version in the desktop.
@@ -991,28 +1068,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
4
+
Yes
+
Yes
Business
-
4
+
Yes
+
Yes
Enterprise
-
4
+
Yes
+
Yes
Education
-
4
+
Yes
+
Yes
@@ -1029,7 +1112,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1803. This policy allows the IT admin to enable the touch keyboard to automatically show up when the device is in the desktop mode.
+This policy allows the IT admin to enable the touch keyboard to automatically show up when the device is in the desktop mode.
The touch keyboard is enabled in both the tablet and desktop mode. In the tablet mode, when you touch a textbox, the touch keyboard automatically shows up.
But in the desktop mode, by default, the touch keyboard does not automatically show up when you touch a textbox. The user must click the system tray to enable the touch keyboard.
@@ -1055,28 +1138,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1117,28 +1206,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1179,28 +1274,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1241,28 +1342,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
4
+
Yes
+
Yes
Business
-
4
+
Yes
+
Yes
Enterprise
-
4
+
Yes
+
Yes
Education
-
4
+
Yes
+
Yes
@@ -1279,7 +1386,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1803. Specifies the touch keyboard is always docked. When this policy is set to enabled, the touch keyboard is always docked.
+Specifies the touch keyboard is always docked. When this policy is set to enabled, the touch keyboard is always docked.
@@ -1300,28 +1407,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
4
+
Yes
+
Yes
Business
-
4
+
Yes
+
Yes
Enterprise
-
4
+
Yes
+
Yes
Education
-
4
+
Yes
+
Yes
@@ -1338,7 +1451,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1803. Specifies whether the dictation input button is enabled or disabled for the touch keyboard. When this policy is set to disabled, the dictation input button on touch keyboard is disabled.
+Specifies whether the dictation input button is enabled or disabled for the touch keyboard. When this policy is set to disabled, the dictation input button on touch keyboard is disabled.
@@ -1359,28 +1472,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
4
+
Yes
+
Yes
Business
-
4
+
Yes
+
Yes
Enterprise
-
4
+
Yes
+
Yes
Education
-
4
+
Yes
+
Yes
@@ -1397,7 +1516,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1803. Specifies whether the emoji button is enabled or disabled for the touch keyboard. When this policy is set to disabled, the emoji button on touch keyboard is disabled.
+Specifies whether the emoji button is enabled or disabled for the touch keyboard. When this policy is set to disabled, the emoji button on touch keyboard is disabled.
@@ -1418,28 +1537,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
4
+
Yes
+
Yes
Business
-
4
+
Yes
+
Yes
Enterprise
-
4
+
Yes
+
Yes
Education
-
4
+
Yes
+
Yes
@@ -1456,7 +1581,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1803. Specifies whether the full keyboard mode is enabled or disabled for the touch keyboard. When this policy is set to disabled, the full keyboard mode for touch keyboard is disabled.
+Specifies whether the full keyboard mode is enabled or disabled for the touch keyboard. When this policy is set to disabled, the full keyboard mode for touch keyboard is disabled.
@@ -1477,28 +1602,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
4
+
Yes
+
Yes
Business
-
4
+
Yes
+
Yes
Enterprise
-
4
+
Yes
+
Yes
Education
-
4
+
Yes
+
Yes
@@ -1515,7 +1646,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1803. Specifies whether the handwriting input panel is enabled or disabled. When this policy is set to disabled, the handwriting input panel is disabled.
+Specifies whether the handwriting input panel is enabled or disabled. When this policy is set to disabled, the handwriting input panel is disabled.
@@ -1536,28 +1667,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
4
+
Yes
+
Yes
Business
-
4
+
Yes
+
Yes
Enterprise
-
4
+
Yes
+
Yes
Education
-
4
+
Yes
+
Yes
@@ -1574,7 +1711,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1803. Specifies whether the narrow keyboard mode is enabled or disabled for the touch keyboard. When this policy is set to disabled, the narrow keyboard mode for touch keyboard is disabled.
+Specifies whether the narrow keyboard mode is enabled or disabled for the touch keyboard. When this policy is set to disabled, the narrow keyboard mode for touch keyboard is disabled.
@@ -1595,28 +1732,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
4
+
Yes
+
Yes
Business
-
4
+
Yes
+
Yes
Enterprise
-
4
+
Yes
+
Yes
Education
-
4
+
Yes
+
Yes
@@ -1633,7 +1776,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1803. Specifies whether the split keyboard mode is enabled or disabled for the touch keyboard. When this policy is set to disabled, the split keyboard mode for touch keyboard is disabled.
+Specifies whether the split keyboard mode is enabled or disabled for the touch keyboard. When this policy is set to disabled, the split keyboard mode for touch keyboard is disabled.
@@ -1654,28 +1797,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
4
+
Yes
+
Yes
Business
-
4
+
Yes
+
Yes
Enterprise
-
4
+
Yes
+
Yes
Education
-
4
+
Yes
+
Yes
@@ -1692,7 +1841,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1803. Specifies whether the wide keyboard mode is enabled or disabled for the touch keyboard. When this policy is set to disabled, the wide keyboard mode for touch keyboard is disabled.
+Specifies whether the wide keyboard mode is enabled or disabled for the touch keyboard. When this policy is set to disabled, the wide keyboard mode for touch keyboard is disabled.
@@ -1706,16 +1855,5 @@ The following list shows the supported values:
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-
diff --git a/windows/client-management/mdm/policy-csp-timelanguagesettings.md b/windows/client-management/mdm/policy-csp-timelanguagesettings.md
index b6c1c6d85e..9d490b2202 100644
--- a/windows/client-management/mdm/policy-csp-timelanguagesettings.md
+++ b/windows/client-management/mdm/policy-csp-timelanguagesettings.md
@@ -36,28 +36,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
@@ -92,16 +98,5 @@ Specifies the time zone to be applied to the device. This is the standard Window
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-
diff --git a/windows/client-management/mdm/policy-csp-troubleshooting.md b/windows/client-management/mdm/policy-csp-troubleshooting.md
index 6c74dd7725..41deff6293 100644
--- a/windows/client-management/mdm/policy-csp-troubleshooting.md
+++ b/windows/client-management/mdm/policy-csp-troubleshooting.md
@@ -34,28 +34,34 @@ ms.date: 09/27/2019
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
@@ -138,16 +144,5 @@ By default, this policy is not configured and the SKU based defaults are used fo
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-
diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md
index 8b1cc3fa9f..b5378a0265 100644
--- a/windows/client-management/mdm/policy-csp-update.md
+++ b/windows/client-management/mdm/policy-csp-update.md
@@ -224,28 +224,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -262,7 +268,7 @@ manager: dansimp
-Added in Windows 10, version 1607. Allows the IT admin (when used with **Update/ActiveHoursStart**) to manage a range of active hours where update reboots are not scheduled. This value sets the end time. There is a 12 hour maximum from start time.
+Allows the IT admin (when used with **Update/ActiveHoursStart**) to manage a range of active hours where update reboots are not scheduled. This value sets the end time. There is a 12 hour maximum from start time.
> [!NOTE]
> The default maximum difference from start time has been increased to 18 in Windows 10, version 1703. In this version of Windows 10, the maximum range of active hours can now be configured. See **Update/ActiveHoursMaxRange** below for more information.
@@ -291,28 +297,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -329,7 +341,7 @@ ADMX Info:
-Added in Windows 10, version 1703. Allows the IT admin to specify the max active hours range. This value sets max number of active hours from start time.
+Allows the IT admin to specify the max active hours range. This value sets max number of active hours from start time.
Supported values are 8-18.
@@ -355,28 +367,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -393,7 +411,7 @@ ADMX Info:
-Added in Windows 10, version 1607. Allows the IT admin (when used with **Update/ActiveHoursEnd**) to manage a range of hours where update reboots are not scheduled. This value sets the start time. There is a 12 hour maximum from end time.
+Allows the IT admin (when used with **Update/ActiveHoursEnd**) to manage a range of hours where update reboots are not scheduled. This value sets the start time. There is a 12 hour maximum from end time.
> [!NOTE]
> The default maximum difference from end time has been increased to 18 in Windows 10, version 1703. In this version of Windows 10, the maximum range of active hours can now be configured. See **Update/ActiveHoursMaxRange** above for more information.
@@ -422,28 +440,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -502,28 +526,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
3
+
Yes
+
Yes
Business
-
3
+
Yes
+
Yes
Enterprise
-
3
+
Yes
+
Yes
Education
-
3
+
Yes
+
Yes
@@ -540,7 +570,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1709. Option to download updates automatically over metered connections (off by default). Value type is integer.
+Option to download updates automatically over metered connections (off by default). Value type is integer.
A significant number of devices primarily use cellular data and do not have Wi-Fi access, which leads to a lower number of devices getting updates. Since a large number of devices have large data plans or unlimited data, this policy can unblock devices from getting updates.
@@ -572,28 +602,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -610,7 +646,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1607. Allows the IT admin to manage whether to scan for app updates from Microsoft Update.
+Allows the IT admin to manage whether to scan for app updates from Microsoft Update.
@@ -639,28 +675,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -701,28 +743,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -774,28 +822,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -850,28 +904,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
5
+
Yes
+
Yes
Business
-
5
+
Yes
+
Yes
Enterprise
-
5
+
Yes
+
Yes
Education
-
5
+
Yes
+
Yes
@@ -926,28 +986,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -964,7 +1030,7 @@ ADMX Info:
-Added in Windows 10, version 1703. Allows the IT Admin to specify the period for auto-restart reminder notifications.
+Allows the IT Admin to specify the period for auto-restart reminder notifications.
The default value is 15 (minutes).
@@ -992,28 +1058,34 @@ Supported values are 15, 30, 60, 120, and 240 (minutes).
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -1030,7 +1102,7 @@ Supported values are 15, 30, 60, 120, and 240 (minutes).
-Added in Windows 10, version 1703. Allows the IT Admin to specify the method by which the auto-restart required notification is dismissed.
+Allows the IT Admin to specify the method by which the auto-restart required notification is dismissed.
@@ -1059,28 +1131,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
@@ -1135,28 +1213,34 @@ Supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -1173,7 +1257,7 @@ Supported values:
-Added in Windows 10, version 1607. Allows the IT admin to set which branch a device receives their updates from. As of 1903, the branch readiness levels of Semi-Annual Channel (Targeted) and Semi-Annual Channel have been combined into one Semi-Annual Channel set with a value of 16. For devices on 1903 and later releases, the value of 32 is not a supported value.
+Allows the IT admin to set which branch a device receives their updates from. As of 1903, the branch readiness levels of Semi-Annual Channel (Targeted) and Semi-Annual Channel have been combined into one Semi-Annual Channel set with a value of 16. For devices on 1903 and later releases, the value of 32 is not a supported value.
@@ -1205,28 +1289,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
@@ -1244,7 +1334,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809, 1803, and 1709. Allows IT admins to specify the number of days a user has before feature updates are installed on their devices automatically. Updates and restarts will occur regardless of active hours and the user will not be able to reschedule.
+Allows IT admins to specify the number of days a user has before feature updates are installed on their devices automatically. Updates and restarts will occur regardless of active hours and the user will not be able to reschedule.
ADMX Info:
@@ -1276,28 +1366,34 @@ Default value is 7.
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
@@ -1315,7 +1411,7 @@ Default value is 7.
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809, 1803, and 1709. Allows IT admins to specify the number of days a user has before quality updates are installed on their devices automatically. Updates and restarts will occur regardless of active hours and the user will not be able to reschedule.
+Allows IT admins to specify the number of days a user has before quality updates are installed on their devices automatically. Updates and restarts will occur regardless of active hours and the user will not be able to reschedule.
ADMX Info:
@@ -1347,28 +1443,34 @@ Default value is 7.
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
@@ -1386,7 +1488,7 @@ Default value is 7.
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809, 1803, and 1709. Allows the IT admin (when used with [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates) or [Update/ConfigureDeadlineForQualityUpdates](#update-configuredeadlineforqualityupdates)) to specify a minimum number of days until restarts occur automatically. Setting the grace period may extend the effective deadline set by the deadline policies.
+Allows the IT admin (when used with [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates) or [Update/ConfigureDeadlineForQualityUpdates](#update-configuredeadlineforqualityupdates)) to specify a minimum number of days until restarts occur automatically. Setting the grace period may extend the effective deadline set by the deadline policies.
@@ -1419,28 +1521,34 @@ Default value is 2.
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
@@ -1458,7 +1566,7 @@ Default value is 2.
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809, 1803, and 1709. If enabled (when used with [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates) or [Update/ConfigureDeadlineForQualityUpdates](#update-configuredeadlineforqualityupdates)), devices will not automatically restart outside of active hours until the deadline is reached, even if applicable updates are already installed and pending a restart.
+If enabled (when used with [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates) or [Update/ConfigureDeadlineForQualityUpdates](#update-configuredeadlineforqualityupdates)), devices will not automatically restart outside of active hours until the deadline is reached, even if applicable updates are already installed and pending a restart.
When disabled, if the device has installed the required updates and is outside of active hours, it may attempt an automatic restart before the deadline.
@@ -1492,28 +1600,34 @@ Supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
4
+
Yes
+
Yes
Business
-
4
+
Yes
+
Yes
Enterprise
-
4
+
Yes
+
Yes
Education
-
4
+
Yes
+
Yes
@@ -1530,7 +1644,7 @@ Supported values:
-Added in Windows 10, version 1803. Enable IT admin to configure feature update uninstall period. Values range 2 - 60 days. Default is 10 days.
+Enable IT admin to configure feature update uninstall period. Values range 2 - 60 days. Default is 10 days.
@@ -1543,28 +1657,34 @@ Added in Windows 10, version 1803. Enable IT admin to configure feature update u
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -1583,7 +1703,7 @@ Added in Windows 10, version 1803. Enable IT admin to configure feature update u
Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect.
-Added in Windows 10, version 1607. Defers Feature Updates for the specified number of days.
+Defers Feature Updates for the specified number of days.
Supported values are 0-365 days.
@@ -1610,28 +1730,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -1648,7 +1774,7 @@ ADMX Info:
-Added in Windows 10, version 1607. Defers Quality Updates for the specified number of days.
+Defers Quality Updates for the specified number of days.
Supported values are 0-30.
@@ -1672,28 +1798,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1819,28 +1951,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -1889,28 +2027,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -1927,7 +2071,7 @@ ADMX Info:
-Added in Windows 10, version 1703. Specifies the scan frequency from every 1 - 22 hours with a random variant of 0 - 4 hours. Default is 22 hours. This policy should only be enabled when Update/UpdateServiceUrl is configured to point the device at a WSUS server rather than Microsoft Update.
+Specifies the scan frequency from every 1 - 22 hours with a random variant of 0 - 4 hours. Default is 22 hours. This policy should only be enabled when Update/UpdateServiceUrl is configured to point the device at a WSUS server rather than Microsoft Update.
@@ -1949,28 +2093,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
3
+
Yes
+
Yes
Business
-
3
+
Yes
+
Yes
Enterprise
-
3
+
Yes
+
Yes
Education
-
3
+
Yes
+
Yes
@@ -1987,7 +2137,7 @@ ADMX Info:
-Added in Windows 10, version 1709, but was added to 1607 and 1703 service releases. Do not allow update deferral policies to cause scans against Windows Update. If this policy is not enabled, then configuring deferral policies will result in the client unexpectedly scanning Windows update. With the policy enabled, those scans are prevented, and users can configure deferral policies as much as they like.
+Do not allow update deferral policies to cause scans against Windows Update. If this policy is not enabled, then configuring deferral policies will result in the client unexpectedly scanning Windows update. With the policy enabled, those scans are prevented, and users can configure deferral policies as much as they like.
For more information about dual scan, see [Demystifying "Dual Scan"](/archive/blogs/wsus/demystifying-dual-scan) and [Improving Dual Scan on 1607](/archive/blogs/wsus/improving-dual-scan-on-1607).
@@ -2021,28 +2171,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
5
+
Yes
+
Yes
Business
-
5
+
Yes
+
Yes
Enterprise
-
5
+
Yes
+
Yes
Education
-
5
+
Yes
+
Yes
@@ -2100,28 +2256,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -2178,28 +2340,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
5
+
Yes
+
Yes
Business
-
5
+
Yes
+
Yes
Enterprise
-
5
+
Yes
+
Yes
Education
-
5
+
Yes
+
Yes
@@ -2251,28 +2419,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -2322,28 +2496,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
5
+
Yes
+
Yes
Business
-
5
+
Yes
+
Yes
Enterprise
-
5
+
Yes
+
Yes
Education
-
5
+
Yes
+
Yes
@@ -2393,28 +2573,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -2464,28 +2650,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
5
+
Yes
+
Yes
Business
-
5
+
Yes
+
Yes
Enterprise
-
5
+
Yes
+
Yes
Education
-
5
+
Yes
+
Yes
@@ -2535,28 +2727,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -2576,7 +2774,7 @@ ADMX Info:
> [!NOTE]
> Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect.
-Added in Windows 10, version 1607. Allows IT Admins to exclude Windows Update (WU) drivers during updates.
+Allows IT Admins to exclude Windows Update (WU) drivers during updates.
@@ -2604,28 +2802,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -2642,7 +2846,7 @@ The following list shows the supported values:
-Added in the April service release of Windows 10, version 1607. Allows Windows Update Agent to determine the download URL when it is missing from the metadata. This scenario will occur when intranet update service stores the metadata files but the download contents are stored in the ISV file cache (specified as the alternate download URL).
+Allows Windows Update Agent to determine the download URL when it is missing from the metadata. This scenario will occur when intranet update service stores the metadata files but the download contents are stored in the ISV file cache (specified as the alternate download URL).
> [!NOTE]
> This setting should only be used in combination with an alternate download URL and configured to use ISV file cache. This setting is used when the intranet update service does not provide download URLs in the update metadata for files which are available on the alternate download server.
@@ -2674,28 +2878,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -2712,7 +2922,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1703. Specifies whether to ignore the MO download limit (allow unlimited downloading) over a cellular network for apps and their updates. If lower-level limits (for example, mobile caps) are required, those limits are controlled by external policies.
+Specifies whether to ignore the MO download limit (allow unlimited downloading) over a cellular network for apps and their updates. If lower-level limits (for example, mobile caps) are required, those limits are controlled by external policies.
> [!WARNING]
> Setting this policy might cause devices to incur costs from MO operators.
@@ -2745,28 +2955,34 @@ To validate this policy:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -2783,7 +2999,7 @@ To validate this policy:
-Added in Windows 10, version 1703. Specifies whether to ignore the MO download limit (allow unlimited downloading) over a cellular network for OS updates. If lower-level limits (for example, mobile caps) are required, those limits are controlled by external policies.
+Specifies whether to ignore the MO download limit (allow unlimited downloading) over a cellular network for OS updates. If lower-level limits (for example, mobile caps) are required, those limits are controlled by external policies.
> [!WARNING]
> Setting this policy might cause devices to incur costs from MO operators.
@@ -2816,28 +3032,34 @@ To validate this policy:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
3
+
Yes
+
Yes
Business
-
3
+
Yes
+
Yes
Enterprise
-
3
+
Yes
+
Yes
Education
-
3
+
Yes
+
Yes
@@ -2854,7 +3076,7 @@ To validate this policy:
-Added in Windows 10, version 1709. Used to manage Windows 10 Insider Preview builds. Value type is integer.
+Used to manage Windows 10 Insider Preview builds. Value type is integer.
@@ -2884,28 +3106,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -2958,28 +3186,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -2999,7 +3233,7 @@ The following list shows the supported values:
Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect.
-Added in Windows 10, version 1607. Allows IT Admins to pause feature updates for up to 35 days. We recomment that you use the *Update/PauseFeatureUpdatesStartTime* policy if you are running Windows 10, version 1703 or later.
+Allows IT Admins to pause feature updates for up to 35 days. We recomment that you use the *Update/PauseFeatureUpdatesStartTime* policy if you are running Windows 10, version 1703 or later.
@@ -3028,28 +3262,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -3066,7 +3306,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1703. Specifies the date and time when the IT admin wants to start pausing the Feature Updates. When this policy is configured, Feature Updates will be paused for 35 days from the specified start date.
+Specifies the date and time when the IT admin wants to start pausing the Feature Updates. When this policy is configured, Feature Updates will be paused for 35 days from the specified start date.
Value type is string (yyyy-mm-dd, ex. 2018-10-28). Supported operations are Add, Get, Delete, and Replace.
@@ -3090,28 +3330,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -3128,7 +3374,7 @@ ADMX Info:
-Added in Windows 10, version 1607. Allows IT Admins to pause quality updates. For those running Windows 10, version 1703 or later, we recommend that you use *Update/PauseQualityUpdatesStartTime* instead.
+Allows IT Admins to pause quality updates. For those running Windows 10, version 1703 or later, we recommend that you use *Update/PauseQualityUpdatesStartTime* instead.
@@ -3157,28 +3403,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -3195,7 +3447,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1703. Specifies the date and time when the IT admin wants to start pausing the Quality Updates. When this policy is configured, Quality Updates will be paused for 35 days from the specified start date.
+Specifies the date and time when the IT admin wants to start pausing the Quality Updates. When this policy is configured, Quality Updates will be paused for 35 days from the specified start date.
Value type is string (yyyy-mm-dd, ex. 2018-10-28). Supported operations are Add, Get, Delete, and Replace.
@@ -3230,28 +3482,34 @@ This policy is deprecated. Use [Update/RequireUpdateApproval](#update-requireupd
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3299,28 +3557,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3363,28 +3627,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -3401,7 +3671,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1703. Allows the IT Admin to specify the period for auto-restart imminent warning notifications.
+Allows the IT Admin to specify the period for auto-restart imminent warning notifications.
The default value is 15 (minutes).
@@ -3429,28 +3699,34 @@ Supported values are 15, 30, or 60 (minutes).
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -3471,7 +3747,7 @@ Supported values are 15, 30, or 60 (minutes).
> This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education
-Added in Windows 10, version 1703. Allows the IT Admin to specify the period for auto-restart warning reminder notifications.
+Allows the IT Admin to specify the period for auto-restart warning reminder notifications.
The default value is 4 (hours).
@@ -3499,28 +3775,34 @@ Supported values are 2, 4, 8, 12, or 24 (hours).
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3576,28 +3858,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
3
+
Yes
+
Yes
Business
-
3
+
Yes
+
Yes
Enterprise
-
3
+
Yes
+
Yes
Education
-
3
+
Yes
+
Yes
@@ -3614,7 +3902,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1709. Enables the IT admin to schedule the update installation on the every week. Value type is integer. Supported values:
+Enables the IT admin to schedule the update installation on the every week. Value type is integer. Supported values:
0 - no update in the schedule
1 - update is scheduled every week
@@ -3640,28 +3928,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
3
+
Yes
+
Yes
Business
-
3
+
Yes
+
Yes
Enterprise
-
3
+
Yes
+
Yes
Education
-
3
+
Yes
+
Yes
@@ -3678,7 +3972,7 @@ ADMX Info:
-Added in Windows 10, version 1709. Enables the IT admin to schedule the update installation on the first week of the month. Value type is integer. Supported values:
+Enables the IT admin to schedule the update installation on the first week of the month. Value type is integer. Supported values:
0 - no update in the schedule
1 - update is scheduled every first week of the month
@@ -3704,28 +3998,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
3
+
Yes
+
Yes
Business
-
3
+
Yes
+
Yes
Enterprise
-
3
+
Yes
+
Yes
Education
-
3
+
Yes
+
Yes
@@ -3742,7 +4042,7 @@ ADMX Info:
-Added in Windows 10, version 1709. Enables the IT admin to schedule the update installation on the fourth week of the month. Value type is integer. Supported values:
+Enables the IT admin to schedule the update installation on the fourth week of the month. Value type is integer. Supported values:
0 - no update in the schedule
1 - update is scheduled every fourth week of the month
@@ -3768,28 +4068,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
3
+
Yes
+
Yes
Business
-
3
+
Yes
+
Yes
Enterprise
-
3
+
Yes
+
Yes
Education
-
3
+
Yes
+
Yes
@@ -3806,7 +4112,7 @@ ADMX Info:
-Added in Windows 10, version 1709. Enables the IT admin to schedule the update installation on the second week of the month. Value type is integer. Supported values:
+Enables the IT admin to schedule the update installation on the second week of the month. Value type is integer. Supported values:
0 - no update in the schedule
1 - update is scheduled every second week of the month
@@ -3832,28 +4138,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
3
+
Yes
+
Yes
Business
-
3
+
Yes
+
Yes
Enterprise
-
3
+
Yes
+
Yes
Education
-
3
+
Yes
+
Yes
@@ -3870,7 +4182,7 @@ ADMX Info:
-Added in Windows 10, version 1709. Enables the IT admin to schedule the update installation on the third week of the month. Value type is integer. Supported values:
+Enables the IT admin to schedule the update installation on the third week of the month. Value type is integer. Supported values:
0 - no update in the schedule
1 - update is scheduled every third week of the month
@@ -3896,28 +4208,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -3968,28 +4286,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -4006,7 +4330,7 @@ ADMX Info:
-Added in Windows 10, version 1703. Allows the IT Admin to disable auto-restart notifications for update installations.
+Allows the IT Admin to disable auto-restart notifications for update installations.
@@ -4035,28 +4359,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
5
+
Yes
+
Yes
Business
-
5
+
Yes
+
Yes
Enterprise
-
5
+
Yes
+
Yes
Education
-
5
+
Yes
+
Yes
@@ -4094,28 +4424,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
5
+
Yes
+
Yes
Business
-
5
+
Yes
+
Yes
Enterprise
-
5
+
Yes
+
Yes
Education
-
5
+
Yes
+
Yes
@@ -4153,28 +4489,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -4191,7 +4533,7 @@ ADMX Info:
-Added in Windows 10, version 1703. For devices in a cart, this policy skips all restart checks to ensure that the reboot will happen at ScheduledInstallTime.
+For devices in a cart, this policy skips all restart checks to ensure that the reboot will happen at ScheduledInstallTime.
When you set this policy along with Update/ActiveHoursStart, Update/ActiveHoursEnd, and ShareCartPC, it will defer all the update processes (scan, download, install, and reboot) to a time after Active Hours. After a buffer period after ActiveHoursEnd, the device will wake up several times to complete the processes. All processes are blocked before ActiveHoursStart.
@@ -4222,28 +4564,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -4373,28 +4721,34 @@ By using this Windows Update for Business policy to upgrade devices to a new pro
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
4
+
Yes
+
Yes
Business
-
4
+
Yes
+
Yes
Enterprise
-
4
+
Yes
+
Yes
Education
-
4
+
Yes
+
Yes
@@ -4441,28 +4795,34 @@ Value type is a string containing Windows 10 version number. For example, 1809,
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
5
+
Yes
+
Yes
Business
-
5
+
Yes
+
Yes
Enterprise
-
5
+
Yes
+
Yes
Education
-
5
+
Yes
+
Yes
@@ -4518,28 +4878,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -4610,28 +4976,34 @@ Example
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -4648,7 +5020,7 @@ Example
-Added in the January service release of Windows 10, version 1607. Specifies an alternate intranet server to host updates from Microsoft Update. You can then use this update service to automatically update computers on your network.
+Specifies an alternate intranet server to host updates from Microsoft Update. You can then use this update service to automatically update computers on your network.
This setting lets you specify a server on your network to function as an internal update service. The Automatic Updates client will search this service for updates that apply to the computers on your network.
@@ -4674,15 +5046,4 @@ ADMX Info:
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-
-1`
\ No newline at end of file
+
diff --git a/windows/client-management/mdm/policy-csp-userrights.md b/windows/client-management/mdm/policy-csp-userrights.md
index 7ac5e6f283..65fb6facfd 100644
--- a/windows/client-management/mdm/policy-csp-userrights.md
+++ b/windows/client-management/mdm/policy-csp-userrights.md
@@ -15,7 +15,6 @@ manager: dansimp
# Policy CSP - UserRights
-
User rights are assigned for user accounts or groups. The name of the policy defines the user right in question, and the values are always users or groups. Values can be represented as SIDs or strings. For reference, see [Well-Known SID Structures](/openspecs/windows_protocols/ms-dtyp/81d92bba-d22b-4a8c-908a-554ab29148ab).
@@ -200,28 +199,34 @@ For example, the following syntax grants user rights to a specific user or group
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -257,28 +262,34 @@ GP Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -316,28 +327,34 @@ GP Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -375,28 +392,34 @@ GP Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -434,28 +457,34 @@ GP Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -493,28 +522,34 @@ GP Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -550,28 +585,34 @@ GP Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -609,28 +650,34 @@ GP Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -666,28 +713,34 @@ GP Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -723,28 +776,34 @@ GP Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -784,28 +843,34 @@ GP Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -843,28 +908,34 @@ GP Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -902,28 +973,34 @@ GP Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -959,28 +1036,34 @@ GP Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -1018,28 +1101,34 @@ GP Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -1075,28 +1164,34 @@ GP Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -1134,28 +1229,34 @@ GP Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -1191,28 +1292,34 @@ GP Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -1258,28 +1365,34 @@ GP Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -1320,28 +1433,34 @@ GP Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -1379,28 +1498,34 @@ GP Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -1436,28 +1561,34 @@ GP Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -1493,28 +1624,34 @@ GP Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -1550,28 +1687,34 @@ GP Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -1609,28 +1752,34 @@ GP Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -1666,28 +1815,34 @@ GP Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -1723,28 +1878,34 @@ GP Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -1780,28 +1941,34 @@ GP Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -1839,28 +2006,34 @@ GP Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -1891,14 +2064,4 @@ GP Info:
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-wifi.md b/windows/client-management/mdm/policy-csp-wifi.md
index 0db9332538..77728974a0 100644
--- a/windows/client-management/mdm/policy-csp-wifi.md
+++ b/windows/client-management/mdm/policy-csp-wifi.md
@@ -15,7 +15,6 @@ manager: dansimp
# Policy CSP - Wifi
-
@@ -67,28 +66,34 @@ This policy has been deprecated.
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -135,28 +140,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -203,28 +214,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -266,28 +283,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -326,28 +349,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -364,7 +393,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1703. Allow WiFi Direct connection..
+Allow WiFi Direct connection..
@@ -384,28 +413,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -434,16 +469,6 @@ Supported operations are Add, Delete, Get, and Replace.
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md b/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md
index 9af69e0c2b..a5e847a460 100644
--- a/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md
+++ b/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md
@@ -36,28 +36,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -107,16 +113,6 @@ ADMX Info:
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
index 10c2f369a9..6b2e339e43 100644
--- a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
+++ b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
@@ -98,28 +98,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
3
+
Yes
+
Yes
Pro
-
3
+
Yes
+
Yes
Business
-
3
+
Yes
+
Yes
Enterprise
-
3
+
Yes
+
Yes
Education
-
3
+
Yes
+
Yes
@@ -136,7 +142,7 @@ manager: dansimp
-Added in Windows 10, version 1709. The company name that is displayed to the users. CompanyName is required for both EnableCustomizedToasts and EnableInAppCustomization. If you disable or do not configure this setting, or do not have EnableCustomizedToasts or EnableInAppCustomization enabled, then devices will not display the contact options.
+The company name that is displayed to the users. CompanyName is required for both EnableCustomizedToasts and EnableInAppCustomization. If you disable or do not configure this setting, or do not have EnableCustomizedToasts or EnableInAppCustomization enabled, then devices will not display the contact options.
Value type is string. Supported operations are Add, Get, Replace and Delete.
@@ -160,28 +166,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
4
+
Yes
+
Yes
Pro
-
4
+
Yes
+
Yes
Business
-
4
+
Yes
+
Yes
Enterprise
-
4
+
Yes
+
Yes
Education
-
4
+
Yes
+
Yes
@@ -198,7 +210,7 @@ ADMX Info:
-Added in Windows 10, next major release. Use this policy setting to specify if to display the Account protection area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area.
+Use this policy setting to specify if to display the Account protection area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area.
@@ -226,28 +238,34 @@ Valid values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
3
+
Yes
+
Yes
Pro
-
3
+
Yes
+
Yes
Business
-
3
+
Yes
+
Yes
Enterprise
-
3
+
Yes
+
Yes
Education
-
3
+
Yes
+
Yes
@@ -264,7 +282,7 @@ Valid values:
-Added in Windows 10, version 1709. Use this policy setting if you want to disable the display of the app and browser protection area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area.
+Use this policy setting if you want to disable the display of the app and browser protection area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area.
Value type is integer. Supported operations are Add, Get, Replace and Delete.
@@ -294,28 +312,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
5
+
Yes
+
Yes
Pro
-
5
+
Yes
+
Yes
Business
-
5
+
Yes
+
Yes
Enterprise
-
5
+
Yes
+
Yes
Education
-
5
+
Yes
+
Yes
@@ -376,28 +400,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
4
+
Yes
+
Yes
Pro
-
4
+
Yes
+
Yes
Business
-
4
+
Yes
+
Yes
Enterprise
-
4
+
Yes
+
Yes
Education
-
4
+
Yes
+
Yes
@@ -414,7 +444,7 @@ ADMX Info:
-Added in Windows 10, next major release. Use this policy setting if you want to disable the display of the Device security area in the Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area.
+Use this policy setting if you want to disable the display of the Device security area in the Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area.
@@ -442,28 +472,34 @@ Valid values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
3
+
Yes
+
Yes
Pro
-
3
+
Yes
+
Yes
Business
-
3
+
Yes
+
Yes
Enterprise
-
3
+
Yes
+
Yes
Education
-
3
+
Yes
+
Yes
@@ -480,7 +516,7 @@ Valid values:
-Added in Windows 10, version 1709. Use this policy if you want Windows Defender Security Center to only display notifications which are considered critical. If you disable or do not configure this setting, Windows Defender Security Center will display critical and non-critical notifications to users.
+Use this policy if you want Windows Defender Security Center to only display notifications which are considered critical. If you disable or do not configure this setting, Windows Defender Security Center will display critical and non-critical notifications to users.
> [!NOTE]
> If Suppress notification is enabled then users will not see critical or non-critical messages.
@@ -513,28 +549,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
3
+
Yes
+
Yes
Pro
-
3
+
Yes
+
Yes
Business
-
3
+
Yes
+
Yes
Enterprise
-
3
+
Yes
+
Yes
Education
-
3
+
Yes
+
Yes
@@ -551,7 +593,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1709. Use this policy setting if you want to disable the display of the family options area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area.
+Use this policy setting if you want to disable the display of the family options area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area.
Value type is integer. Supported operations are Add, Get, Replace and Delete.
@@ -581,28 +623,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
3
+
Yes
+
Yes
Pro
-
3
+
Yes
+
Yes
Business
-
3
+
Yes
+
Yes
Enterprise
-
3
+
Yes
+
Yes
Education
-
3
+
Yes
+
Yes
@@ -619,7 +667,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1709. Use this policy setting if you want to disable the display of the device performance and health area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area.
+Use this policy setting if you want to disable the display of the device performance and health area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area.
Value type is integer. Supported operations are Add, Get, Replace and Delete.
@@ -649,28 +697,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
3
+
Yes
+
Yes
Pro
-
3
+
Yes
+
Yes
Business
-
3
+
Yes
+
Yes
Enterprise
-
3
+
Yes
+
Yes
Education
-
3
+
Yes
+
Yes
@@ -687,7 +741,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1709. Use this policy setting if you want to disable the display of the firewall and network protection area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area.
+Use this policy setting if you want to disable the display of the firewall and network protection area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area.
Value type is integer. Supported operations are Add, Get, Replace and Delete.
@@ -717,28 +771,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
3
+
Yes
+
Yes
Pro
-
3
+
Yes
+
Yes
Business
-
3
+
Yes
+
Yes
Enterprise
-
3
+
Yes
+
Yes
Education
-
3
+
Yes
+
Yes
@@ -755,7 +815,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1709. Use this policy setting if you want to disable the display of Windows Defender Security Center notifications. If you disable or do not configure this setting, Windows Defender Security Center notifications will display on devices.
+Use this policy setting if you want to disable the display of Windows Defender Security Center notifications. If you disable or do not configure this setting, Windows Defender Security Center notifications will display on devices.
Value type is integer. Supported operations are Add, Get, Replace and Delete.
@@ -785,28 +845,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
5
+
Yes
+
Yes
Pro
-
5
+
Yes
+
Yes
Business
-
5
+
Yes
+
Yes
Enterprise
-
5
+
Yes
+
Yes
Education
-
5
+
Yes
+
Yes
@@ -867,28 +933,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
3
+
Yes
+
Yes
Pro
-
3
+
Yes
+
Yes
Business
-
3
+
Yes
+
Yes
Enterprise
-
3
+
Yes
+
Yes
Education
-
3
+
Yes
+
Yes
@@ -905,7 +977,7 @@ ADMX Info:
-Added in Windows 10, version 1709. Use this policy setting if you want to disable the display of the virus and threat protection area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area.
+Use this policy setting if you want to disable the display of the virus and threat protection area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area.
Value type is integer. Supported operations are Add, Get, Replace and Delete.
@@ -935,28 +1007,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
3
+
Yes
+
Yes
Pro
-
3
+
Yes
+
Yes
Business
-
3
+
Yes
+
Yes
Enterprise
-
3
+
Yes
+
Yes
Education
-
3
+
Yes
+
Yes
@@ -973,7 +1051,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1709. Prevent users from making changes to the exploit protection settings area in the Windows Defender Security Center. If you disable or do not configure this setting, local users can make changes in the exploit protection settings area.
+Prevent users from making changes to the exploit protection settings area in the Windows Defender Security Center. If you disable or do not configure this setting, local users can make changes in the exploit protection settings area.
Value type is integer. Supported operations are Add, Get, Replace and Delete.
@@ -1003,28 +1081,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
3
+
Yes
+
Yes
Pro
-
3
+
Yes
+
Yes
Business
-
3
+
Yes
+
Yes
Enterprise
-
3
+
Yes
+
Yes
Education
-
3
+
Yes
+
Yes
@@ -1041,7 +1125,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1709. The email address that is displayed to users. The default mail application is used to initiate email actions. If you disable or do not configure this setting, or do not have EnableCustomizedToasts or EnableInAppCustomization enabled, then devices will not display contact options.
+The email address that is displayed to users. The default mail application is used to initiate email actions. If you disable or do not configure this setting, or do not have EnableCustomizedToasts or EnableInAppCustomization enabled, then devices will not display contact options.
Value type is string. Supported operations are Add, Get, Replace and Delete.
@@ -1065,28 +1149,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
3
+
Yes
+
Yes
Pro
-
3
+
Yes
+
Yes
Business
-
3
+
Yes
+
Yes
Enterprise
-
3
+
Yes
+
Yes
Education
-
3
+
Yes
+
Yes
@@ -1103,7 +1193,7 @@ ADMX Info:
-Added in Windows 10, version 1709. Enable this policy to display your company name and contact options in the notifications. If you disable or do not configure this setting, or do not provide CompanyName and a minimum of one contact method (Phone using Skype, Email, Help portal URL) Windows Defender Security Center will display a default notification text.
+Enable this policy to display your company name and contact options in the notifications. If you disable or do not configure this setting, or do not provide CompanyName and a minimum of one contact method (Phone using Skype, Email, Help portal URL) Windows Defender Security Center will display a default notification text.
Value type is integer. Supported operations are Add, Get, Replace, and Delete.
@@ -1133,28 +1223,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
3
+
Yes
+
Yes
Pro
-
3
+
Yes
+
Yes
Business
-
3
+
Yes
+
Yes
Enterprise
-
3
+
Yes
+
Yes
Education
-
3
+
Yes
+
Yes
@@ -1171,7 +1267,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1709. Enable this policy to have your company name and contact options displayed in a contact card fly out in Windows Defender Security Center. If you disable or do not configure this setting, or do not provide CompanyName and a minimum of one contact method (Phone using Skype, Email, Help portal URL) Windows Defender Security Center will not display the contact card fly out notification.
+Enable this policy to have your company name and contact options displayed in a contact card fly out in Windows Defender Security Center. If you disable or do not configure this setting, or do not provide CompanyName and a minimum of one contact method (Phone using Skype, Email, Help portal URL) Windows Defender Security Center will not display the contact card fly out notification.
Value type is integer. Supported operations are Add, Get, Replace, and Delete.
@@ -1201,28 +1297,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
4
+
Yes
+
Yes
Pro
-
4
+
Yes
+
Yes
Business
-
4
+
Yes
+
Yes
Enterprise
-
4
+
Yes
+
Yes
Education
-
4
+
Yes
+
Yes
@@ -1239,7 +1341,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1803. Use this policy setting to hide the Ransomware data recovery area in Windows Defender Security Center.
+Use this policy setting to hide the Ransomware data recovery area in Windows Defender Security Center.
@@ -1267,28 +1369,34 @@ Valid values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
4
+
Yes
+
Yes
Pro
-
4
+
Yes
+
Yes
Business
-
4
+
Yes
+
Yes
Enterprise
-
4
+
Yes
+
Yes
Education
-
4
+
Yes
+
Yes
@@ -1305,7 +1413,7 @@ Valid values:
-Added in Windows 10, version 1803. Use this policy to hide the Secure boot area in the Windows Defender Security Center.
+Use this policy to hide the Secure boot area in the Windows Defender Security Center.
@@ -1333,28 +1441,34 @@ Valid values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
4
+
Yes
+
Yes
Pro
-
4
+
Yes
+
Yes
Business
-
4
+
Yes
+
Yes
Enterprise
-
4
+
Yes
+
Yes
Education
-
4
+
Yes
+
Yes
@@ -1371,7 +1485,7 @@ Valid values:
-Added in Windows 10, version 1803. Use this policy to hide the Security processor (TPM) troubleshooting area in the Windows Defender Security Center.
+Use this policy to hide the Security processor (TPM) troubleshooting area in the Windows Defender Security Center.
@@ -1399,28 +1513,34 @@ Valid values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
5
+
Yes
+
Yes
Pro
-
5
+
Yes
+
Yes
Business
-
5
+
Yes
+
Yes
Enterprise
-
5
+
Yes
+
Yes
Education
-
5
+
Yes
+
Yes
@@ -1483,28 +1603,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
3
+
Yes
+
Yes
Pro
-
3
+
Yes
+
Yes
Business
-
3
+
Yes
+
Yes
Enterprise
-
3
+
Yes
+
Yes
Education
-
3
+
Yes
+
Yes
@@ -1521,7 +1647,7 @@ ADMX Info:
-Added in Windows 10, version 1709. The phone number or Skype ID that is displayed to users. Skype is used to initiate the call. If you disable or do not configure this setting, or do not have EnableCustomizedToasts or EnableInAppCustomization enabled, then devices will not display contact options.
+The phone number or Skype ID that is displayed to users. Skype is used to initiate the call. If you disable or do not configure this setting, or do not have EnableCustomizedToasts or EnableInAppCustomization enabled, then devices will not display contact options.
Value type is string. Supported operations are Add, Get, Replace, and Delete.
@@ -1545,28 +1671,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
3
+
Yes
+
Yes
Pro
-
3
+
Yes
+
Yes
Business
-
3
+
Yes
+
Yes
Enterprise
-
3
+
Yes
+
Yes
Education
-
3
+
Yes
+
Yes
@@ -1583,7 +1715,7 @@ ADMX Info:
-Added in Windows 10, version 1709. The help portal URL this is displayed to users. The default browser is used to initiate this action. If you disable or do not configure this setting, or do not have EnableCustomizedToasts or EnableInAppCustomization enabled, then the device will not display contact options.
+The help portal URL this is displayed to users. The default browser is used to initiate this action. If you disable or do not configure this setting, or do not have EnableCustomizedToasts or EnableInAppCustomization enabled, then the device will not display contact options.
Value type is Value type is string. Supported operations are Add, Get, Replace, and Delete.
@@ -1600,16 +1732,5 @@ ADMX Info:
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-
diff --git a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md
index b352b0818c..f463131d83 100644
--- a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md
+++ b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md
@@ -15,7 +15,6 @@ manager: dansimp
# Policy CSP - WindowsInkWorkspace
-
@@ -39,28 +38,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -77,7 +82,7 @@ manager: dansimp
-Added in Windows 10, version 1607. Show recommended app suggestions in the ink workspace.
+Show recommended app suggestions in the ink workspace.
@@ -105,28 +110,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -143,7 +154,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1607. Specifies whether to allow the user to access the ink workspace.
+Specifies whether to allow the user to access the ink workspace.
@@ -166,16 +177,5 @@ Value type is int. The following list shows the supported values:
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-
diff --git a/windows/client-management/mdm/policy-csp-windowslogon.md b/windows/client-management/mdm/policy-csp-windowslogon.md
index 4d822efc0c..94a49ce87c 100644
--- a/windows/client-management/mdm/policy-csp-windowslogon.md
+++ b/windows/client-management/mdm/policy-csp-windowslogon.md
@@ -45,6 +45,13 @@ manager: dansimp
+> [!TIP]
+> Some of these are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
@@ -54,28 +61,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
6
+
Yes
+
Yes
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
@@ -105,12 +118,6 @@ After enabling this policy, you can configure its settings through the [ConfigAu
If you disable this policy setting, the device does not configure automatic sign in. The user’s lock screen apps are not restarted after the system restarts.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -139,28 +146,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
6
+
Yes
+
Yes
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
@@ -190,12 +203,6 @@ BitLocker is suspended during updates if:
If you disable or do not configure this setting, automatic sign on defaults to the “Enabled if BitLocker is on and not suspended” behavior.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -224,28 +231,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -269,12 +282,6 @@ If you enable this policy setting, no app notifications are displayed on the loc
If you disable or do not configure this policy setting, users can choose which apps display notifications on the lock screen.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -294,28 +301,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -364,12 +377,6 @@ Here is an example to enable this policy:
```
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -389,28 +396,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
Yes
+
Yes
Pro
-
6
+
Yes
+
Yes
Business
-
6
+
Yes
+
Yes
Enterprise
-
6
+
Yes
+
Yes
Education
-
6
+
Yes
+
Yes
@@ -468,28 +481,34 @@ Supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -513,12 +532,6 @@ If you enable this policy setting, Logon UI will enumerate all local users on do
If you disable or do not configure this policy setting, the Logon UI will not enumerate local users on domain-joined computers.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -538,28 +551,34 @@ ADMX Info:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -576,7 +595,7 @@ ADMX Info:
-Added in Windows 10, version 1703. This policy setting allows you to hide the Switch account button on the sign-in screen, Start, and the Task Manager. If you enable this policy setting, the Switch account button is hidden from the user who is attempting to sign-in or is signed in to the computer that has this policy applied. If you disable or do not configure this policy setting, the Switch account button is accessible to the user in the three locations.
+This policy setting allows you to hide the Switch account button on the sign-in screen, Start, and the Task Manager. If you enable this policy setting, the Switch account button is hidden from the user who is attempting to sign-in or is signed in to the computer that has this policy applied. If you disable or do not configure this policy setting, the Switch account button is accessible to the user in the three locations.
@@ -604,16 +623,5 @@ To validate on Desktop, do the following:
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-
diff --git a/windows/client-management/mdm/policy-csp-windowspowershell.md b/windows/client-management/mdm/policy-csp-windowspowershell.md
index 3cf0a24d74..a67752e251 100644
--- a/windows/client-management/mdm/policy-csp-windowspowershell.md
+++ b/windows/client-management/mdm/policy-csp-windowspowershell.md
@@ -36,28 +36,34 @@ manager: dansimp
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
Yes
+
Yes
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -104,16 +110,6 @@ ADMX Info:
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-windowssandbox.md b/windows/client-management/mdm/policy-csp-windowssandbox.md
index e1e54793b4..f3fd70ab14 100644
--- a/windows/client-management/mdm/policy-csp-windowssandbox.md
+++ b/windows/client-management/mdm/policy-csp-windowssandbox.md
@@ -12,9 +12,6 @@ ms.date: 10/14/2020
# Policy CSP - WindowsSandbox
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
-
@@ -53,28 +50,34 @@ Available in the latest Windows 10 insider preview build.
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -141,28 +144,34 @@ Available in the latest Windows 10 insider preview build.
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -226,28 +235,34 @@ Available in the latest Windows 10 insider preview build.
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -309,28 +324,34 @@ Available in the latest Windows 10 insider preview build.
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -393,28 +414,34 @@ Available in the latest Windows 10 insider preview build.
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
+
Yes
+
Yes
Business
-
+
No
+
No
Enterprise
-
+
Yes
+
Yes
Education
-
+
Yes
+
Yes
@@ -480,28 +507,34 @@ Available in the latest Windows 10 insider preview build.
@@ -93,7 +99,7 @@ manager: dansimp
-Added in Windows 10, version 1709. This policy setting allows you to turn off the Wireless Display multicast DNS service advertisement from a Wireless Display receiver. If the network administrator is concerned about network congestion, they may set this policy to 0, disabling mDNS advertisement.
+This policy setting allows you to turn off the Wireless Display multicast DNS service advertisement from a Wireless Display receiver. If the network administrator is concerned about network congestion, they may set this policy to 0, disabling mDNS advertisement.
@@ -113,28 +119,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
3
+
Yes
+
Yes
Business
-
3
+
Yes
+
Yes
Enterprise
-
3
+
Yes
+
Yes
Education
-
3
+
Yes
+
Yes
@@ -151,7 +163,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1709. This policy setting allows you to turn off discovering the display service advertised over multicast DNS by a Wireless Display receiver. If the network administrator is concerned about network congestion, they may set this policy to 0, disabling mDNS discovery.
+This policy setting allows you to turn off discovering the display service advertised over multicast DNS by a Wireless Display receiver. If the network administrator is concerned about network congestion, they may set this policy to 0, disabling mDNS discovery.
@@ -171,28 +183,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -209,7 +227,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1703. This policy allows you to turn off projection from a PC.
+This policy allows you to turn off projection from a PC.
@@ -229,28 +247,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -267,7 +291,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1703. This policy allows you to turn off projection from a PC over infrastructure.
+This policy allows you to turn off projection from a PC over infrastructure.
@@ -287,28 +311,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -325,7 +355,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1607. Allow or disallow turning off the projection to a PC.
+Allow or disallow turning off the projection to a PC.
If you set it to 0 (zero), your PC is not discoverable and you cannot project to it. If you set it to 1, your PC is discoverable and you can project to it above the lock screen. The user has an option to turn it always on or always off except for manual launch. In PCs that support Miracast, after the policy is applied you can verify the setting from the user interface in **Settings** > **System** > **Projecting to this PC**.
@@ -357,28 +387,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -395,7 +431,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1703. This policy setting allows you to turn off projection to a PC over infrastructure.
+This policy setting allows you to turn off projection to a PC over infrastructure.
@@ -415,28 +451,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
2
+
Yes
+
Yes
Business
-
2
+
Yes
+
Yes
Enterprise
-
2
+
Yes
+
Yes
Education
-
2
+
Yes
+
Yes
@@ -453,7 +495,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1703. Setting this policy controls whether or not the wireless display can send input—keyboard, mouse, pen, and touch input if the display supports it—back to the source device.
+Setting this policy controls whether or not the wireless display can send input—keyboard, mouse, pen, and touch input if the display supports it—back to the source device.
@@ -473,28 +515,34 @@ The following list shows the supported values:
-
Windows Edition
-
Supported?
+
Edition
+
Windows 10
+
Windows 11
Home
-
+
No
+
No
Pro
-
1
+
Yes
+
Yes
Business
-
1
+
Yes
+
Yes
Enterprise
-
1
+
Yes
+
Yes
Education
-
1
+
Yes
+
Yes
@@ -511,7 +559,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1607. Allow or disallow requirement for a PIN for pairing.
+Allow or disallow requirement for a PIN for pairing.
If you turn this on, the pairing ceremony for new devices will always require a PIN. If you turn this off or do not configure it, a PIN is not required for pairing. In PCs that support Miracast, after the policy is applied you can verify the setting from the user interface in **Settings** > **System** > **Projecting to this PC**.
@@ -536,16 +584,5 @@ The following list shows the supported values:
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-
diff --git a/windows/configuration/customize-taskbar-windows-11.md b/windows/configuration/customize-taskbar-windows-11.md
index 5cbfc1ef09..30af3044b2 100644
--- a/windows/configuration/customize-taskbar-windows-11.md
+++ b/windows/configuration/customize-taskbar-windows-11.md
@@ -62,8 +62,8 @@ This article shows you how to create the XML file, add apps to the XML, and depl
-
-
+
+
@@ -102,25 +102,25 @@ This article shows you how to create the XML file, add apps to the XML, and depl
-
-
-
-
+
+
+
+
-
-
-
-
+
+
+
+
-
-
-
+
+
+
diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml
index 11ce81a381..60be0cc925 100644
--- a/windows/deployment/TOC.yml
+++ b/windows/deployment/TOC.yml
@@ -116,7 +116,7 @@
- name: Replace a device
href: deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md
- name: In-place upgrade
- href: deploy-windows-cm/upgrade-to-windows-10-with-configuraton-manager.md
+ href: deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md
- name: Deploy Windows client with MDT
items:
- name: Deploy to a new device
diff --git a/windows/deployment/deploy-windows-cm/TOC.yml b/windows/deployment/deploy-windows-cm/TOC.yml
index 06bf59500f..f47a156a14 100644
--- a/windows/deployment/deploy-windows-cm/TOC.yml
+++ b/windows/deployment/deploy-windows-cm/TOC.yml
@@ -25,4 +25,4 @@
- name: Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager
href: replace-a-windows-7-client-with-windows-10-using-configuration-manager.md
- name: Perform an in-place upgrade to Windows 10 using Configuration Manager
- href: upgrade-to-windows-10-with-configuraton-manager.md
+ href: upgrade-to-windows-10-with-configuration-manager.md
diff --git a/windows/deployment/deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md b/windows/deployment/deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md
index 43b188d08e..34244e4af1 100644
--- a/windows/deployment/deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md
@@ -201,7 +201,7 @@ When the process is complete, you will have a new Windows 10 computer in your do
-Next, see [Perform an in-place upgrade to Windows 10 using Configuration Manager](upgrade-to-windows-10-with-configuraton-manager.md).
+Next, see [Perform an in-place upgrade to Windows 10 using Configuration Manager](upgrade-to-windows-10-with-configuration-manager.md).
## Related topics
diff --git a/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuraton-manager.md b/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md
similarity index 99%
rename from windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuraton-manager.md
rename to windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md
index da8eb45f78..dc7ae9b53f 100644
--- a/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuraton-manager.md
+++ b/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md
@@ -135,8 +135,6 @@ On **PC0004**:
-In-place upgrade with Configuration Manager
-
## Related topics
[Windows 10 deployment scenarios](../windows-10-deployment-scenarios.md)
diff --git a/windows/deployment/planning/features-lifecycle.md b/windows/deployment/planning/features-lifecycle.md
index 6aa1667383..ee30d55e62 100644
--- a/windows/deployment/planning/features-lifecycle.md
+++ b/windows/deployment/planning/features-lifecycle.md
@@ -12,7 +12,7 @@ ms.author: greglin
ms.topic: article
ms.custom: seo-marvel-apr2020
---
-# Windows 10 features lifecycle
+# Windows client features lifecycle
Applies to:
- Windows 10
@@ -20,6 +20,10 @@ Applies to:
Each release of Windows 10 and Windows 11 contains many new and improved features. Occasionally we also remove features and functionality, usually because there is a better option.
+## Windows 11 features
+
+For information about features that are impacted when you upgrade from Windows 10 to Windows 11, see [Feature deprecations and removals](https://www.microsoft.com/windows/windows-11-specifications#table3).
+
## Features no longer being developed
The following topic lists features that are no longer being developed. These features might be removed in a future release.
diff --git a/windows/deployment/planning/index.md b/windows/deployment/planning/index.md
index 9581461533..3452a3fd88 100644
--- a/windows/deployment/planning/index.md
+++ b/windows/deployment/planning/index.md
@@ -30,6 +30,6 @@ Windows 10 provides new deployment capabilities, scenarios, and tools by buildi
- [Deploy Windows 10 with MDT](../deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md)
- [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](../deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)
- [Upgrade to Windows 10 with MDT](../deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md)
-- [Upgrade to Windows 10 with Configuration Manager](../deploy-windows-cm/upgrade-to-windows-10-with-configuraton-manager.md)
+- [Upgrade to Windows 10 with Configuration Manager](../deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md)
- [Windows Imaging and Configuration Designer](/windows/configuration/provisioning-packages/provisioning-install-icd)
\ No newline at end of file
diff --git a/windows/deployment/planning/windows-10-deprecated-features.md b/windows/deployment/planning/windows-10-deprecated-features.md
index c23e505800..749e56b321 100644
--- a/windows/deployment/planning/windows-10-deprecated-features.md
+++ b/windows/deployment/planning/windows-10-deprecated-features.md
@@ -17,6 +17,8 @@ ms.topic: article
Each version of Windows 10 adds new features and functionality; occasionally we also remove features and functionality, often because we've added a better option. Below are the details about the features and functionalities that are no longer being developed in Windows 10. For information about features that have been removed, see [Features we removed](windows-10-removed-features.md).
+For information about features in Windows 11, see [Feature deprecations and removals](https://www.microsoft.com/windows/windows-11-specifications#table3).
+
The features described below are no longer being actively developed, and might be removed in a future update. Some features have been replaced with other features or functionality and some are now available from other sources.
**The following list is subject to change and might not include every affected feature or functionality.**
diff --git a/windows/deployment/planning/windows-10-enterprise-faq-itpro.yml b/windows/deployment/planning/windows-10-enterprise-faq-itpro.yml
index b832a4fcdd..8ca699331f 100644
--- a/windows/deployment/planning/windows-10-enterprise-faq-itpro.yml
+++ b/windows/deployment/planning/windows-10-enterprise-faq-itpro.yml
@@ -79,7 +79,7 @@ sections:
- question: |
Can I upgrade computers from Windows 7 or Windows 8.1 without deploying a new image?
answer: |
- Computers running Windows 7 or Windows 8.1 can be upgraded directly to Windows 10 through the in-place upgrade process without a need to reimage the device using MDT and/or Configuration Manager. For more information, see [Upgrade to Windows 10 with Microsoft Endpoint Configuration Manager](../deploy-windows-cm/upgrade-to-windows-10-with-configuraton-manager.md) or [Upgrade to Windows 10 with the Microsoft Deployment Toolkit](../deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md).
+ Computers running Windows 7 or Windows 8.1 can be upgraded directly to Windows 10 through the in-place upgrade process without a need to reimage the device using MDT and/or Configuration Manager. For more information, see [Upgrade to Windows 10 with Microsoft Endpoint Configuration Manager](../deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md) or [Upgrade to Windows 10 with the Microsoft Deployment Toolkit](../deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md).
- question: |
Can I upgrade from Windows 7 Enterprise or Windows 8.1 Enterprise to Windows 10 Enterprise for free?
diff --git a/windows/deployment/planning/windows-10-removed-features.md b/windows/deployment/planning/windows-10-removed-features.md
index 2725d29de0..b842f08ba3 100644
--- a/windows/deployment/planning/windows-10-removed-features.md
+++ b/windows/deployment/planning/windows-10-removed-features.md
@@ -24,6 +24,8 @@ For information about features that might be removed in a future release, see [W
> [!NOTE]
> Join the [Windows Insider program](https://insider.windows.com) to get early access to new Windows 10 builds and test these changes yourself.
+For information about features in Windows 11, see [Feature deprecations and removals](https://www.microsoft.com/windows/windows-11-specifications#table3).
+
The following features and functionalities have been removed from the installed product image for Windows 10. Applications or code that depend on these features won't function in the release when it was removed, or in later releases.
|Feature | Details and mitigation | Removed in version |
diff --git a/windows/deployment/update/get-started-updates-channels-tools.md b/windows/deployment/update/get-started-updates-channels-tools.md
index 726454837e..f1d6c2488e 100644
--- a/windows/deployment/update/get-started-updates-channels-tools.md
+++ b/windows/deployment/update/get-started-updates-channels-tools.md
@@ -67,9 +67,9 @@ We recommend that you use the Windows Insider Release Preview channel for valida
### Long-term Servicing Channel
-The **Long-Term Servicing Channel** is designed to be used only for specialized devices (which typically don't run Office) such as ones that control medical equipment or ATMs. Devices on this channel receive new feature releases every two to three years. LTSB releases service a special LTSB edition of Windows 10 and are only available through the [Microsoft Volume Licensing Center](https://www.microsoft.com/Licensing/servicecenter/default.aspx).
+The **Long-Term Servicing Channel** is designed to be used only for specialized devices (which typically don't run Office) such as ones that control medical equipment or ATMs. Devices on this channel receive new feature releases every two to three years. LTSC releases service a special LTSC edition of Windows 10 and are only available through the [Microsoft Volume Licensing Center](https://www.microsoft.com/Licensing/servicecenter/default.aspx).
-The General Availability Channel is the default servicing channel for all Windows devices except those with the LTSB edition installed. The following table shows the servicing channels available to each edition.
+The General Availability Channel is the default servicing channel for all Windows devices except those with the LTSC edition installed. The following table shows the servicing channels available to each edition.
| Edition | General Availability Channel | Insider Program | Long-Term Servicing Channel |
@@ -77,7 +77,7 @@ The General Availability Channel is the default servicing channel for all Window
| Home | | | |
| Pro |  |  | |
| Enterprise |  | | |
-| Enterprise LTSB |  | | |
+| Enterprise LTSC |  | | |
| Pro Education |  |  | |
| Education |  |  | |
diff --git a/windows/deployment/update/update-compliance-configuration-manual.md b/windows/deployment/update/update-compliance-configuration-manual.md
index 339e8ed571..57c0e11d5b 100644
--- a/windows/deployment/update/update-compliance-configuration-manual.md
+++ b/windows/deployment/update/update-compliance-configuration-manual.md
@@ -17,10 +17,15 @@ ms.topic: article
# Manually Configuring Devices for Update Compliance
+**Applies to**
+
+- Windows 10
+- Windows 11
+
> [!NOTE]
> As of May 10, 2021, a new policy is required to use Update Compliance: "Allow Update Compliance Processing." For more details, see the Mobile Device Management policies and Group policies tables.
-There are a number of requirements to consider when manually configuring devices for Update Compliance. These can potentially change with newer versions of Windows 10. The [Update Compliance Configuration Script](update-compliance-configuration-script.md) will be updated when any configuration requirements change so only a redeployment of the script will be required.
+There are a number of requirements to consider when manually configuring devices for Update Compliance. These can potentially change with newer versions of Windows client. The [Update Compliance Configuration Script](update-compliance-configuration-script.md) will be updated when any configuration requirements change so only a redeployment of the script will be required.
The requirements are separated into different categories:
diff --git a/windows/deployment/update/update-compliance-configuration-mem.md b/windows/deployment/update/update-compliance-configuration-mem.md
index 55c83a3ecc..8b67a949ea 100644
--- a/windows/deployment/update/update-compliance-configuration-mem.md
+++ b/windows/deployment/update/update-compliance-configuration-mem.md
@@ -16,10 +16,11 @@ ms.topic: article
---
# Configuring Microsoft Endpoint Manager devices for Update Compliance
+
**Applies to**
-- Windows 10
-- Windows 11
+- Windows 10
+- Windows 11
> [!NOTE]
> As of May 10, 2021, a new policy is required to use Update Compliance: "Allow Update Compliance Processing." For more details, see the Mobile Device Management policies and Group policies tables.
diff --git a/windows/deployment/update/update-compliance-configuration-script.md b/windows/deployment/update/update-compliance-configuration-script.md
index 085bf545d6..3bd9ab7dd2 100644
--- a/windows/deployment/update/update-compliance-configuration-script.md
+++ b/windows/deployment/update/update-compliance-configuration-script.md
@@ -17,6 +17,11 @@ ms.topic: article
# Configuring devices through the Update Compliance Configuration Script
+**Applies to**
+
+- Windows 10
+- Windows 11
+
> [!NOTE]
> A new policy is required to use Update Compliance: "AllowUpdateComplianceProcessing." If you're already using Update Compliance and have configured your devices prior to May 10, 2021, you must rerun the script so the new policy can be configured.
diff --git a/windows/deployment/update/update-compliance-delivery-optimization.md b/windows/deployment/update/update-compliance-delivery-optimization.md
index 1c544e9fbb..1aa38de12a 100644
--- a/windows/deployment/update/update-compliance-delivery-optimization.md
+++ b/windows/deployment/update/update-compliance-delivery-optimization.md
@@ -1,5 +1,5 @@
---
-title: Delivery Optimization in Update Compliance (Windows 10)
+title: Delivery Optimization in Update Compliance
ms.reviewer:
manager: laurawi
description: Learn how the Update Compliance solution provides you with information about your Delivery Optimization configuration.
@@ -17,6 +17,12 @@ ms.custom: seo-marvel-apr2020
---
# Delivery Optimization in Update Compliance
+
+**Applies to**
+
+- Windows 10
+- Windows 11
+
The Update Compliance solution provides you with information about your Delivery Optimization configuration, including the observed bandwidth savings across all devices that used peer-to-peer distribution over the past 28 days.
@@ -30,7 +36,7 @@ The Delivery Optimization Status section includes three blades:
## Device Configuration blade
-Devices can be set to use different download modes; these download modes determine in what situations Delivery Optimization will use peer-to-peer distribution to accomplish the downloads. The top section shows the number of devices configured to use peer-to-peer distribution in *Peering On* compared to *Peering Off* modes. The table shows a breakdown of the various download mode configurations seen in your environment. For more information about the different configuration options, see [Configure Delivery Optimization for Windows 10 updates](waas-delivery-optimization-setup.md).
+Devices can be set to use different download modes; these download modes determine in what situations Delivery Optimization will use peer-to-peer distribution to accomplish the downloads. The top section shows the number of devices configured to use peer-to-peer distribution in *Peering On* compared to *Peering Off* modes. The table shows a breakdown of the various download mode configurations seen in your environment. For more information about the different configuration options, see [Configure Delivery Optimization for Windows client updates](waas-delivery-optimization-setup.md).
## Content Distribution (%) blade
The first of two blades showing information on content breakdown, this blade shows a ring chart summarizing **Bandwidth Savings %**, which is the percentage of data received from peer sources out of the total data downloaded (for any device that used peer-to-peer distribution).
diff --git a/windows/deployment/update/update-compliance-feature-update-status.md b/windows/deployment/update/update-compliance-feature-update-status.md
index 4476c5c96d..9b3662595f 100644
--- a/windows/deployment/update/update-compliance-feature-update-status.md
+++ b/windows/deployment/update/update-compliance-feature-update-status.md
@@ -17,6 +17,11 @@ ms.custom: seo-marvel-apr2020
# Feature Update Status
+**Applies to**
+
+- Windows 10
+- Windows 11
+
[  ](images/UC_workspace_FU_status.png#lightbox)
The Feature Update Status section provides information about the status of [feature updates](waas-quick-start.md#definitions) across all devices. This section tile in the [Overview Blade](update-compliance-using.md#overview-blade) gives a percentage of devices that are on the latest applicable feature update; [Servicing Channel](waas-overview.md#servicing-channels) is considered in determining applicability. Within this section are two blades; one providing a holistic view of feature updates, the other containing three **Deployment Status** tiles, each charged with tracking the deployment for a different [Servicing Channel](waas-overview.md#servicing-channels).
@@ -38,7 +43,7 @@ Refer to the following list for what each state means:
## Safeguard holds
-Microsoft uses diagnostic data to determine whether devices that use Windows Update are ready for a feature update in order to ensure a smooth experience. When Microsoft determines a device is not ready to update due to a known issue, a *safeguard hold* is generated to delay the device's upgrade and protect the end-user experience. Holds are released over time as diagnostic data is analyzed and fixes are addressed. Details are provided on some, but not all safeguard holds on the Windows 10 release information page for any given release.
+Microsoft uses diagnostic data to determine whether devices that use Windows Update are ready for a feature update in order to ensure a smooth experience. When Microsoft determines a device is not ready to update due to a known issue, a *safeguard hold* is generated to delay the device's upgrade and protect the end-user experience. Holds are released over time as diagnostic data is analyzed and fixes are addressed. Details are provided on some, but not all safeguard holds on the Windows client release information pages for any given release.
## Queries for safeguard holds
diff --git a/windows/deployment/update/update-compliance-get-started.md b/windows/deployment/update/update-compliance-get-started.md
index f1c18585dd..bb55b0dff1 100644
--- a/windows/deployment/update/update-compliance-get-started.md
+++ b/windows/deployment/update/update-compliance-get-started.md
@@ -17,6 +17,11 @@ ms.topic: article
# Get started with Update Compliance
+**Applies to**
+
+- Windows 10
+- Windows 11
+
> [!IMPORTANT]
> **A new policy is required to use Update Compliance: "AllowUpdateComplianceProcessing"**. If you're already using Update Compliance and have configured your devices prior to May 10, 2021, you must configure devices with this additional policy. You can do this by rerunning the [Update Compliance Configuration Script](update-compliance-configuration-script.md) if you configure your devices through Group Policy, or refer to [Manually configuring devices for Update Compliance](update-compliance-configuration-manual.md) for details on manually configuring the new policy for both Group Policy and MDM.
@@ -35,11 +40,11 @@ After adding the solution to Azure and configuring devices, it can take some tim
Before you begin the process to add Update Compliance to your Azure subscription, first ensure you can meet the prerequisites:
-- **Compatible Operating Systems and Editions**: Update Compliance works only with Windows 10 Professional, Education, and Enterprise editions. Update Compliance supports both the typical Windows 10 Enterprise edition, as well as [Windows 10 Enterprise multi-session](/azure/virtual-desktop/windows-10-multisession-faq). Update Compliance only provides data for the standard Desktop Windows 10 version and is not currently compatible with Windows Server, Surface Hub, IoT, etc.
-- **Compatible Windows 10 Servicing Channels**: Update Compliance supports Windows 10 devices on the Semi-Annual Channel and the Long-term Servicing Channel (LTSC). Update Compliance *counts* Windows Insider Preview (WIP) devices, but does not currently provide detailed deployment insights for them.
+- **Compatible operating systems and editions**: Update Compliance works only with Windows 10 or Windows 11 Professional, Education, and Enterprise editions. Update Compliance supports both the typical Windows 10 or Windows 11 Enterprise edition, as well as [Windows 10 Enterprise multi-session](/azure/virtual-desktop/windows-10-multisession-faq). Update Compliance only provides data for the standard Desktop Windows client version and is not currently compatible with Windows Server, Surface Hub, IoT, or other versions.
+- **Compatible Windows client servicing channels**: Update Compliance supports Windows client devices on the General Availability Channel and the Long-term Servicing Channel (LTSC). Update Compliance *counts* Windows Insider Preview devices, but does not currently provide detailed deployment insights for them.
- **Diagnostic data requirements**: Update Compliance requires devices be configured to send diagnostic data at *Required* level (previously *Basic*). To learn more about what's included in different diagnostic levels, see [Diagnostics, feedback, and privacy in Windows 10](https://support.microsoft.com/help/4468236/diagnostics-feedback-and-privacy-in-windows-10-microsoft-privacy).
- **Data transmission requirements**: Devices must be able to contact specific endpoints required to authenticate and send diagnostic data. These are enumerated in detail at [Configuring Devices for Update Compliance manually](update-compliance-configuration-manual.md).
-- **Showing Device Names in Update Compliance**: For Windows 10, version 1803 or later, device names will not appear in Update Compliance unless you individually opt-in devices by using policy. The steps to accomplish this is outlined in [Configuring Devices for Update Compliance](update-compliance-configuration-manual.md).
+- **Showing device names in Update Compliance**: For Windows 10, version 1803 or later, device names will not appear in Update Compliance unless you individually opt-in devices by using policy. The steps to accomplish this is outlined in [Configuring Devices for Update Compliance](update-compliance-configuration-manual.md).
## Add Update Compliance to your Azure subscription
diff --git a/windows/deployment/update/update-compliance-monitor.md b/windows/deployment/update/update-compliance-monitor.md
index 7d3ea12222..de2b593b39 100644
--- a/windows/deployment/update/update-compliance-monitor.md
+++ b/windows/deployment/update/update-compliance-monitor.md
@@ -1,8 +1,8 @@
---
-title: Monitor Windows Updates and Microsoft Defender AV with Update Compliance (Windows 10)
+title: Monitor Windows Updates and Microsoft Defender AV with Update Compliance
ms.reviewer:
manager: laurawi
-description: You can use Update Compliance in Azure Portal to monitor the progress of updates and key antimalware protection features on devices in your network.
+description: You can use Update Compliance in Azure portal to monitor the progress of updates and key anti-malware protection features on devices in your network.
keywords: oms, operations management suite, wdav, updates, upgrades, antivirus, antimalware, signature, log analytics
ms.prod: w10
ms.mktglfcycl: deploy
@@ -18,24 +18,29 @@ ms.custom: seo-marvel-apr2020
# Monitor Windows Updates with Update Compliance
+**Applies to**
+
+- Windows 10
+- Windows 11
+
## Introduction
Update Compliance enables organizations to:
-* Monitor security, quality, and feature updates for Windows 10 Professional, Education, and Enterprise editions.
+* Monitor security, quality, and feature updates for Windows 10 or Windows 11 Professional, Education, and Enterprise editions.
* View a report of device and update issues related to compliance that need attention.
* Check bandwidth savings incurred across multiple content types by using [Delivery Optimization](waas-delivery-optimization.md).
-Update Compliance is offered through the Azure portal, and is included as part of Windows 10 licenses listed in the [prerequisites](update-compliance-get-started.md#update-compliance-prerequisites). Azure Log Analytics ingestion and retention charges are not incurred on your Azure subscription for Update Compliance data.
+Update Compliance is offered through the Azure portal, and is included as part of Windows 10 or Windows 11 licenses listed in the [prerequisites](update-compliance-get-started.md#update-compliance-prerequisites). Azure Log Analytics ingestion and retention charges are not incurred on your Azure subscription for Update Compliance data.
-Update Compliance uses Windows 10 diagnostic data for all of its reporting. It collects system data including update deployment progress, [Windows Update for Business](waas-manage-updates-wufb.md) configuration data, and Delivery Optimization usage data, and then sends this data to a customer-owned [Azure Log Analytics](/azure/log-analytics/query-language/get-started-analytics-portal) workspace to power the experience.
+Update Compliance uses Windows client diagnostic data for all of its reporting. It collects system data including update deployment progress, [Windows Update for Business](waas-manage-updates-wufb.md) configuration data, and Delivery Optimization usage data, and then sends this data to a customer-owned [Azure Log Analytics](/azure/log-analytics/query-language/get-started-analytics-portal) workspace to power the experience.
-See the following topics in this guide for detailed information about configuring and using the Update Compliance solution:
+See the following articles in this guide for detailed information about configuring and using the Update Compliance solution:
- [Get started with Update Compliance](update-compliance-get-started.md) provides directions on adding Update Compliance to your Azure subscription and configuring devices to send data to Update Compliance.
- [Using Update Compliance](update-compliance-using.md) breaks down every aspect of the Update Compliance experience.
-## Related topics
+## Related articles
* [Get started with Update Compliance](update-compliance-get-started.md)
* [Use Update Compliance to monitor Windows Updates](update-compliance-using.md)
diff --git a/windows/deployment/update/update-compliance-need-attention.md b/windows/deployment/update/update-compliance-need-attention.md
index 527be5a54e..f8d8daa42b 100644
--- a/windows/deployment/update/update-compliance-need-attention.md
+++ b/windows/deployment/update/update-compliance-need-attention.md
@@ -14,9 +14,15 @@ ms.prod: w10
---
# Needs attention!
+
+**Applies to**
+
+- Windows 10
+- Windows 11
+
-The **Needs attention!** section provides a breakdown of all Windows 10 device and update issues detected by Update Compliance. The summary tile for this section counts the number of devices that have issues, while the blades within break down the issues encountered. Finally, a [list of queries](#list-of-queries) blade in this section contains queries that provide values but do not fit within any other main section.
+The **Needs attention!** section provides a breakdown of all Windows client device and update issues detected by Update Compliance. The summary tile for this section counts the number of devices that have issues, while the blades within break down the issues encountered. Finally, a [list of queries](#list-of-queries) blade in this section contains queries that provide values but do not fit within any other main section.
> [!NOTE]
> The summary tile counts the number of devices that have issues, while the blades within the section break down the issues encountered. A single device can have more than one issue, so these numbers might not add up.
@@ -26,7 +32,7 @@ The different issues are broken down by Device Issues and Update Issues:
## Device Issues
* **Missing multiple security updates:** This issue occurs when a device is behind by two or more security updates. These devices might be more vulnerable and should be investigated and updated.
-* **Out of support OS Version:** This issue occurs when a device has fallen out of support due to the version of Windows 10 it is running. When a device has fallen out of support, it will no longer receive important security updates, and might be vulnerable. These devices should be updated to a supported version of Windows 10.
+* **Out of support OS Version:** This issue occurs when a device has fallen out of support due to the version of Windows client it is running. When a device has fallen out of support, it will no longer receive important security updates, and might be vulnerable. These devices should be updated to a supported version of Windows client.
## Update Issues
@@ -39,7 +45,7 @@ The different issues are broken down by Device Issues and Update Issues:
Selecting any of the issues will take you to a [Log Analytics](/azure/log-analytics/query-language/get-started-analytics-portal) view with all devices that have the given issue.
> [!NOTE]
-> This blade also has a link to the [Setup Diagnostic Tool](../upgrade/setupdiag.md), a standalone tool you can use to obtain details about why a Windows 10 feature update was unsuccessful.
+> This blade also has a link to the [Setup Diagnostic Tool](../upgrade/setupdiag.md), a standalone tool you can use to obtain details about why a Windows client feature update was unsuccessful.
## List of Queries
diff --git a/windows/deployment/update/update-compliance-privacy.md b/windows/deployment/update/update-compliance-privacy.md
index b7c5407a53..b8f5508589 100644
--- a/windows/deployment/update/update-compliance-privacy.md
+++ b/windows/deployment/update/update-compliance-privacy.md
@@ -16,9 +16,14 @@ ms.topic: article
# Privacy in Update Compliance
+**Applies to**
+
+- Windows 10
+- Windows 11
+
Update Compliance is fully committed to privacy, centering on these tenets:
-- **Transparency:** Windows 10 diagnostic data events that are required for Update Compliance's operation are fully documented (see the links for additional information) so you can review them with your company's security and compliance teams. The Diagnostic Data Viewer lets you see diagnostic data sent from a given device (see [Diagnostic Data Viewer Overview](/windows/configuration/diagnostic-data-viewer-overview) for details).
+- **Transparency:** Windows client diagnostic data events that are required for Update Compliance's operation are fully documented (see the links for additional information) so you can review them with your company's security and compliance teams. The Diagnostic Data Viewer lets you see diagnostic data sent from a given device (see [Diagnostic Data Viewer Overview](/windows/configuration/diagnostic-data-viewer-overview) for details).
- **Control:** You ultimately control the level of diagnostic data you wish to share. In Windows 10, version 1709 we added a new policy to Limit enhanced diagnostic data to the minimum required by Windows Analytics.
- **Security:** Your data is protected with strong security and encryption.
- **Trust:** Update Compliance supports the Online Services Terms.
diff --git a/windows/deployment/update/update-compliance-security-update-status.md b/windows/deployment/update/update-compliance-security-update-status.md
index 27a37f5e71..28735cdb61 100644
--- a/windows/deployment/update/update-compliance-security-update-status.md
+++ b/windows/deployment/update/update-compliance-security-update-status.md
@@ -15,12 +15,17 @@ ms.custom: seo-marvel-apr2020
# Security Update Status
+**Applies to**
+
+- Windows 10
+- Windows 11
+
-The Security Update Status section provides information about [security updates](waas-quick-start.md#definitions) across all devices. The section tile within the [Overview Blade](update-compliance-using.md#overview-blade) lists the percentage of devices on the latest security update available. Meanwhile, the blades within show the percentage of devices on the latest security update for each Windows 10 version and the deployment progress toward the latest two security updates.
+The Security Update Status section provides information about [security updates](waas-quick-start.md#definitions) across all devices. The section tile within the [Overview Blade](update-compliance-using.md#overview-blade) lists the percentage of devices on the latest security update available. Meanwhile, the blades within show the percentage of devices on the latest security update for each Windows client version and the deployment progress toward the latest two security updates.
The **Overall Security Update Status** blade provides a visualization of devices that are and do not have the latest security updates. Below the visualization are all devices further broken down by operating system version and a count of devices that are up to date and not up to date. The **Not up to date** column also provides a count of update failures.
-The **Latest Security Update Status** and **Previous Security Update Status** tiles are stacked to form one blade. The **Latest Security Update Status** provides a visualization of the different deployment states devices are in regarding the latest update for each build (or version) of Windows 10, along with the revision of that update. The **Previous Security Update Status** blade provides the same information without the accompanying visualization.
+The **Latest Security Update Status** and **Previous Security Update Status** tiles are stacked to form one blade. The **Latest Security Update Status** provides a visualization of the different deployment states devices are in regarding the latest update for each build (or version) of Windows client, along with the revision of that update. The **Previous Security Update Status** blade provides the same information without the accompanying visualization.
The rows of each tile in this section are interactive; selecting them will navigate you to the query that is representative of that row and section.
diff --git a/windows/deployment/update/update-compliance-using.md b/windows/deployment/update/update-compliance-using.md
index 26c96388b7..d27fd0af96 100644
--- a/windows/deployment/update/update-compliance-using.md
+++ b/windows/deployment/update/update-compliance-using.md
@@ -1,5 +1,5 @@
---
-title: Using Update Compliance (Windows 10)
+title: Using Update Compliance
ms.reviewer:
manager: laurawi
description: Learn how to use Update Compliance to monitor your device's Windows updates.
@@ -18,11 +18,16 @@ ms.custom: seo-marvel-apr2020
# Use Update Compliance
+**Applies to**
+
+- Windows 10
+- Windows 11
+
In this section you'll learn how to use Update Compliance to monitor your device's Windows updates and Microsoft Defender Antivirus status. To configure your environment for use with Update Compliance, refer to [Get started with Update Compliance](update-compliance-get-started.md).
Update Compliance:
-- Provides detailed deployment monitoring for Windows 10 Feature and Quality updates.
+- Provides detailed deployment monitoring for Windows client feature and quality updates.
- Reports when devices need attention due to issues related to update deployment.
- Shows bandwidth usage and savings for devices that are configured to use [Delivery Optimization](waas-delivery-optimization.md).
- Provides all of the above data in [Log Analytics](#using-log-analytics), which affords additional querying and export capabilities.
@@ -49,21 +54,21 @@ When you select this tile, you will be redirected to the Update Compliance works
Update Compliance's overview blade summarizes all the data Update Compliance provides. It functions as a hub from which you can navigate to different sections. The total number of devices detected by Update Compliance is reported in the title of this blade. What follows is a distribution for all devices as to whether they are up to date on the following items:
-* Security updates: A device is up to date on quality updates whenever it has the latest applicable quality update installed. Quality updates are monthly cumulative updates that are specific to a version of Windows 10.
+* Security updates: A device is up to date on quality updates whenever it has the latest applicable quality update installed. Quality updates are monthly cumulative updates that are specific to a version of Windows client.
* Feature updates: A device is up to date on feature updates whenever it has the latest applicable feature update installed. Update Compliance considers [Servicing Channel](waas-overview.md#servicing-channels) when determining update applicability.
* AV Signature: A device is up to date on Antivirus Signature when the latest Windows Defender Signatures have been downloaded. This distribution only considers devices that are running Microsoft Defender Antivirus.
The blade also provides the time at which your Update Compliance workspace was [refreshed](#update-compliance-data-latency).
The following is a breakdown of the different sections available in Update Compliance:
-* [Need Attention!](update-compliance-need-attention.md) - This section is the default section when arriving to your Update Compliance workspace. It provides a summary of the different issues devices are facing relative to Windows 10 updates.
-* [Security Update Status](update-compliance-security-update-status.md) - This section lists the percentage of devices that are on the latest security update released for the version of Windows 10 it is running. Selecting this section provides blades that summarize the overall status of security updates across all devices and a summary of their deployment progress towards the latest two security updates.
-* [Feature Update Status](update-compliance-feature-update-status.md) - This section lists the percentage of devices that are on the latest feature update that is applicable to a given device. Selecting this section provides blades that summarize the overall feature update status across all devices and a summary of deployment status for different versions of Windows 10 in your environment.
+* [Need Attention!](update-compliance-need-attention.md) - This section is the default section when arriving to your Update Compliance workspace. It provides a summary of the different issues devices are facing relative to Windows client updates.
+* [Security Update Status](update-compliance-security-update-status.md) - This section lists the percentage of devices that are on the latest security update released for the version of Windows client it is running. Selecting this section provides blades that summarize the overall status of security updates across all devices and a summary of their deployment progress towards the latest two security updates.
+* [Feature Update Status](update-compliance-feature-update-status.md) - This section lists the percentage of devices that are on the latest feature update that is applicable to a given device. Selecting this section provides blades that summarize the overall feature update status across all devices and a summary of deployment status for different versions of Windows client in your environment.
* [Delivery Optimization Status](update-compliance-delivery-optimization.md) - This section summarizes bandwidth savings incurred by utilizing Delivery Optimization in your environment. It provides a breakdown of Delivery Optimization configuration across devices, and summarizes bandwidth savings and utilization across multiple content types.
## Update Compliance data latency
-Update Compliance uses Windows 10 diagnostic data as its data source. After you add Update Compliance and appropriately configure your devices, it could take 48-72 hours before they first appear.
+Update Compliance uses Windows client diagnostic data as its data source. After you add Update Compliance and appropriately configure your devices, it could take 48-72 hours before they first appear.
The data powering Update Compliance is refreshed every 24 hours, and refreshes with the latest data from all devices part of your organization that have been seen in the past 28 days. The entire set of data is refreshed in each daily snapshot, which means that the same data can be re-ingested even if no new data actually arrived from the device since the last snapshot. Snapshot time can be determined by the TimeGenerated field for each record, while LastScan can be used to roughly determine the freshness of each record's data.
diff --git a/windows/deployment/update/waas-branchcache.md b/windows/deployment/update/waas-branchcache.md
index 7963fab1a7..9cfa2f188d 100644
--- a/windows/deployment/update/waas-branchcache.md
+++ b/windows/deployment/update/waas-branchcache.md
@@ -1,5 +1,5 @@
---
-title: Configure BranchCache for Windows 10 updates (Windows 10)
+title: Configure BranchCache for Windows client updates
description: In this article, learn how to use BranchCache to optimize network bandwidth during update deployment.
ms.prod: w10
ms.mktglfcycl: manage
@@ -12,21 +12,22 @@ ms.topic: article
ms.custom: seo-marvel-apr2020
---
-# Configure BranchCache for Windows 10 updates
+# Configure BranchCache for Windows client updates
**Applies to**
- Windows 10
+- Windows 11
> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
BranchCache is a bandwidth-optimization feature that has been available since the Windows Server 2008 R2 and Windows 7 operating systems. Each client has a cache and acts as an alternate source for content that devices on its own network request. Windows Server Update Services (WSUS) and Microsoft Endpoint Manager can use BranchCache to optimize network bandwidth during update deployment, and it's easy to configure for either of them. BranchCache has two operating modes: Distributed Cache mode and Hosted Cache mode.
-- Distributed Cache mode operates like the [Delivery Optimization](waas-delivery-optimization.md) feature in Windows 10: each client contains a cached version of the BranchCache-enabled files it requests and acts as a distributed cache for other clients requesting that same file.
+- Distributed Cache mode operates like the [Delivery Optimization](waas-delivery-optimization.md) feature in Windows client: each client contains a cached version of the BranchCache-enabled files it requests and acts as a distributed cache for other clients requesting that same file.
>[!TIP]
- >Distributed Cache mode is preferred to Hosted Cache mode for Windows 10 updates to get the most benefit from peer-to-peer distribution.
+ >Distributed Cache mode is preferred to Hosted Cache mode for Windows clients updates to get the most benefit from peer-to-peer distribution.
- In Hosted Cache mode, designated servers at specific locations act as a cache for files requested by clients in its area. Then, rather than clients retrieving files from a latent source, the hosted cache server provides the content on its behalf.
@@ -36,7 +37,7 @@ For detailed information about how Distributed Cache mode and Hosted Cache mode
Whether you use BranchCache with Configuration Manager or WSUS, each client that uses BranchCache must be configured to do so. You typically make your configurations through Group Policy. For step-by-step instructions on how to use Group Policy to configure BranchCache for Windows clients, see [Client Configuration](/previous-versions/windows/it-pro/windows-7/dd637820(v=ws.10)) in the [BranchCache Early Adopter's Guide](/previous-versions/windows/it-pro/windows-7/dd637762(v=ws.10)).
-In Windows 10, version 1607, the Windows Update Agent uses Delivery Optimization by default, even when the updates are retrieved from WSUS. When using BranchCache with Windows 10, simply set the Delivery Optimization mode to Bypass to allow clients to use the Background Intelligent Transfer Service (BITS) protocol with BranchCache instead. For instructions on how to use BranchCache in Distributed Cache mode with WSUS, see the section WSUS and Configuration Manager with BranchCache in Distributed Cache mode.
+In Windows 10, version 1607, the Windows Update Agent uses Delivery Optimization by default, even when the updates are retrieved from WSUS. When using BranchCache with Windows client, simply set the Delivery Optimization mode to Bypass to allow clients to use the Background Intelligent Transfer Service (BITS) protocol with BranchCache instead. For instructions on how to use BranchCache in Distributed Cache mode with WSUS, see the section WSUS and Configuration Manager with BranchCache in Distributed Cache mode.
## Configure servers for BranchCache
@@ -49,21 +50,3 @@ In addition to these steps, there is one requirement for WSUS to be able to use
>[!NOTE]
>Configuration Manager only supports Distributed Cache mode.
-
-## Related topics
-
-- [Update Windows 10 in the enterprise](index.md)
-- [Overview of Windows as a service](waas-overview.md)
-- [Prepare servicing strategy for Windows 10 updates](waas-servicing-strategy-windows-10-updates.md)
-- [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md)
-- [Assign devices to servicing channels for Windows 10 updates](waas-servicing-channels-windows-10-updates.md)
-- [Optimize update delivery for Windows 10 updates](waas-optimize-windows-10-updates.md)
-- [Configure Delivery Optimization for Windows 10 updates](waas-delivery-optimization.md)
-- [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md)
-- [Configure Windows Update for Business](waas-configure-wufb.md)
-- [Integrate Windows Update for Business with management solutions](waas-integrate-wufb.md)
-- [Walkthrough: use Group Policy to configure Windows Update for Business](waas-wufb-group-policy.md)
-- [Walkthrough: use Intune to configure Windows Update for Business](/intune/windows-update-for-business-configure)
-- [Deploy Windows 10 updates using Windows Server Update Services](waas-manage-updates-wsus.md)
-- [Deploy Windows 10 updates using Configuration Manager](/mem/configmgr/osd/deploy-use/manage-windows-as-a-service)
-- [Manage device restarts after updates](waas-restart.md)
\ No newline at end of file
diff --git a/windows/deployment/update/waas-overview.md b/windows/deployment/update/waas-overview.md
index e7ab6970ad..5947bdc897 100644
--- a/windows/deployment/update/waas-overview.md
+++ b/windows/deployment/update/waas-overview.md
@@ -104,18 +104,18 @@ When Microsoft officially releases a feature update, we make it available to any
### Long-term Servicing Channel
-Specialized systems—such as devices that control medical equipment, point-of-sale systems, and ATMs—often require a longer servicing option because of their purpose. These devices typically perform a single important task and don’t need feature updates as frequently as other devices in the organization. It’s more important that these devices be kept as stable and secure as possible than up to date with user interface changes. The LTSC servicing model prevents Enterprise LTSB devices from receiving the usual feature updates and provides only quality updates to ensure that device security stays up to date. With this in mind, quality updates are still immediately available to Windows 10 Enterprise LTSB clients, but customers can choose to defer them by using one of the servicing tools mentioned in the section Servicing tools.
+Specialized systems—such as devices that control medical equipment, point-of-sale systems, and ATMs—often require a longer servicing option because of their purpose. These devices typically perform a single important task and don’t need feature updates as frequently as other devices in the organization. It’s more important that these devices be kept as stable and secure as possible than up to date with user interface changes. The LTSC servicing model prevents Enterprise LTSC devices from receiving the usual feature updates and provides only quality updates to ensure that device security stays up to date. With this in mind, quality updates are still immediately available to Windows 10 Enterprise LTSC clients, but customers can choose to defer them by using one of the servicing tools mentioned in the section Servicing tools.
> [!NOTE]
>
> The Long-term Servicing channel is not intended for deployment on most or all the devices in an organization; it should be used only for special-purpose devices. As a general guideline, a device with Microsoft Office installed is a general-purpose device, typically used by an information worker, and therefore it is better suited for the General Availability channel.
-Microsoft never publishes feature updates through Windows Update on devices that run Windows 10 or Windows 11 Enterprise LTSB. Instead, it typically offers new LTSC releases every 2–3 years, and organizations can choose to install them as in-place upgrades or even skip releases over a 10-year life cycle.
+Microsoft never publishes feature updates through Windows Update on devices that run Windows 10 Enterprise LTSC. Instead, it typically offers new LTSC releases every 2–3 years, and organizations can choose to install them as in-place upgrades or even skip releases over a 10-year life cycle.
> [!NOTE]
-> LTSB releases will support the currently released processors and chipsets at the time of release of the LTSB. As future CPU generations are released, support will be created through future LTSB releases that customers can deploy for those systems. For more information, see **Supporting the latest processor and chipsets on Windows** in [Lifecycle support policy FAQ - Windows Products](https://support.microsoft.com/help/18581/lifecycle-support-policy-faq-windows-products).
+> LTSC releases will support the currently released processors and chipsets at the time of release of the LTSC. As future CPU generations are released, support will be created through future LTSC releases that customers can deploy for those systems. For more information, see **Supporting the latest processor and chipsets on Windows** in [Lifecycle support policy FAQ - Windows Products](https://support.microsoft.com/help/18581/lifecycle-support-policy-faq-windows-products).
-The Long-term Servicing Channel is available only in the Windows 10 or Windows 11 Enterprise LTSB editions. This edition of Windows doesn’t include a number of applications, such as Microsoft Edge, Microsoft Store, Cortana (though limited search capabilities remain available), Microsoft Mail, Calendar, OneNote, Weather, News, Sports, Money, Photos, Camera, Music, and Clock. These apps are not supported in the Enterprise LTSB editions, even if you install by using sideloading.
+The Long-term Servicing Channel is available only in the Windows 10 Enterprise LTSC editions. This edition of Windows doesn’t include a number of applications, such as Microsoft Edge, Microsoft Store, Cortana (though limited search capabilities remain available), Microsoft Mail, Calendar, OneNote, Weather, News, Sports, Money, Photos, Camera, Music, and Clock. These apps are not supported in the Enterprise LTSC editions, even if you install by using sideloading.
### Windows Insider
diff --git a/windows/deployment/update/waas-quick-start.md b/windows/deployment/update/waas-quick-start.md
index 73ce0f828a..f9c793095d 100644
--- a/windows/deployment/update/waas-quick-start.md
+++ b/windows/deployment/update/waas-quick-start.md
@@ -41,7 +41,7 @@ For some interesting in-depth information about how cumulative updates work, see
With each release in the General Availability Channel, we recommend beginning deployment right away to devices selected for early adoption (targeted validation) and ramp up to full deployment at your discretion.
-Windows 10 and Windows 11 Enterprise LTSB are separate **Long-Term Servicing Channel** versions. Each release is supported for a total of 10 years (five years standard support, five years extended support). New releases are expected about every three years.
+Windows 10 Enterprise LTSC are separate **Long-Term Servicing Channel** versions. Each release is supported for a total of 10 years (five years standard support, five years extended support). New releases are expected about every three years.
For more information, see [Assign devices to servicing channels for Windows client updates](waas-servicing-channels-windows-10-updates.md).
diff --git a/windows/deployment/update/waas-servicing-channels-windows-10-updates.md b/windows/deployment/update/waas-servicing-channels-windows-10-updates.md
index 16f4cf2368..cbf9133ff3 100644
--- a/windows/deployment/update/waas-servicing-channels-windows-10-updates.md
+++ b/windows/deployment/update/waas-servicing-channels-windows-10-updates.md
@@ -27,20 +27,20 @@ ms.custom:
>[!TIP]
>If you're not familiar with the servicing or release channels, read [Servicing Channels](waas-overview.md#servicing-channels) first.
-The General Availability Channel is the default servicing channel for all Windows 10 and Windows 11 devices except devices with the LTSB edition installed. The following table shows the servicing channels available to each edition.
+The General Availability Channel is the default servicing channel for all Windows 10 and Windows 11 devices except devices with the LTSC edition installed. The following table shows the servicing channels available to each edition.
| Edition | General Availability Channel | Long-Term Servicing Channel | Insider Program |
| --- | --- | --- | --- |
| Home |  |  |  |
| Pro |  |  |  |
| Enterprise |  |  |  |
-| Enterprise LTSB |  |  |  |
+| Enterprise LTSC |  |  |  |
| Pro Education |  |  |  |
| Education |  |  |  |
>[!NOTE]
->The LTSB edition is only available through the [Microsoft Volume Licensing Center](https://www.microsoft.com/Licensing/servicecenter/default.aspx).
+>The LTSC edition is only available through the [Microsoft Volume Licensing Center](https://www.microsoft.com/Licensing/servicecenter/default.aspx).
>[!NOTE]
>Devices will automatically receive updates from the Semi-Annual Channel, unless they are configured to receive preview updates through the Windows Insider Program.
diff --git a/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md b/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md
index fba2cf1830..3fda1c0024 100644
--- a/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md
+++ b/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md
@@ -25,8 +25,8 @@ ms.collection: m365initiative-coredeploy
Here’s an example of what this process might look like:
-- **Configure test devices.** Configure test devices in the Windows Insider Program so that Insiders can test feature updates before they’re available to the General Avialability Channel. Typically, this population would be a few test devices that IT staff members use to evaluate pre-release builds of Windows. Microsoft provides current development builds to Windows Insider members approximately every week so that interested users can see the functionality Microsoft is adding. See the section Windows Insider for details on how to enroll in the Windows Insider Program for Business.
-- **Identify excluded devices.** For some organizations, special-purpose devices such as those used to control factory or medical equipment or run ATMs require a stricter, less frequent feature update cycle than the General Availability Channel can offer. For those devices, install the Enterprise LTSB edition to avoid feature updates for up to 10 years. Identify these devices, and separate them from the phased deployment and servicing cycles to help remove confusion for your administrators and ensure that devices are handled correctly.
+- **Configure test devices.** Configure test devices in the Windows Insider Program so that Insiders can test feature updates before they’re available to the General Availability Channel. Typically, this population would be a few test devices that IT staff members use to evaluate pre-release builds of Windows. Microsoft provides current development builds to Windows Insider members approximately every week so that interested users can see the functionality Microsoft is adding. See the section Windows Insider for details on how to enroll in the Windows Insider Program for Business.
+- **Identify excluded devices.** For some organizations, special-purpose devices such as those used to control factory or medical equipment or run ATMs require a stricter, less frequent feature update cycle than the General Availability Channel can offer. For those devices, install the Enterprise LTSC edition to avoid feature updates for up to 10 years. Identify these devices, and separate them from the phased deployment and servicing cycles to help remove confusion for your administrators and ensure that devices are handled correctly.
- **Recruit volunteers.** The purpose of testing a deployment is to receive feedback. One effective way to recruit pilot users is to request volunteers. When doing so, clearly state that you’re looking for feedback rather than people to just “try it out” and that there could be occasional issues involved with accepting feature updates right away. With Windows as a service, the expectation is that there should be few issues, but if an issue does arise, you want testers to let you know as soon as possible. When considering whom to recruit for pilot groups, be sure to include members who provide the broadest set of applications and devices to validate the largest number of apps and devices possible.
- **Update Group Policy.** Each feature update includes new group policies to manage new features. If you use Group Policy to manage devices, the Group Policy Admin for the Active Directory domain will need to download an .admx package and copy it to their [Central Store](https://support.microsoft.com/help/929841/how-to-create-the-central-store-for-group-policy-administrative-templa) (or to the [PolicyDefinitions](/previous-versions/dotnet/articles/bb530196(v=msdn.10)) directory in the SYSVOL folder of a domain controller if not using a Central Store). You can manage new group policies from the latest release of Windows by using Remote Server Administration Tools. The ADMX download package is created at the end of each development cycle and then posted for download. To find the ADMX download package for a given Windows build, search for “ADMX download for Windows build xxxx”. For details about Group Policy management, see [How to create and manage the Central Store for Group Policy Administrative Templates in Windows](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra)
- **Choose a servicing tool.** Decide which product you’ll use to manage the Windows updates in your environment. If you’re currently using Windows Server Update Services (WSUS) or Microsoft Endpoint Manager to manage your Windows updates, you can continue using those products to manage Windows 10 or Windows 11 updates. Alternatively, you can use Windows Update for Business. In addition to which product you’ll use, consider how you’ll deliver the updates. Multiple peer-to-peer options are available to make update distribution faster. For a comparison of tools, see [Servicing tools](waas-overview.md#servicing-tools).
diff --git a/windows/deployment/windows-10-deployment-scenarios.md b/windows/deployment/windows-10-deployment-scenarios.md
index 7bbf4ab431..402a6d2c80 100644
--- a/windows/deployment/windows-10-deployment-scenarios.md
+++ b/windows/deployment/windows-10-deployment-scenarios.md
@@ -55,7 +55,7 @@ The following table summarizes various Windows 10 deployment scenarios. The scen
Use Windows Setup to update your OS and migrate apps and settings. Rollback data is saved in Windows.old.
@@ -262,14 +262,15 @@ The deployment process for the replace scenario is as follows:
2. Deploy the new computer as a bare-metal deployment.
- **Note** In some situations, you can use the replace scenario even if the target is the same machine. For example, you can use replace if you want to modify the disk layout from the master boot record (MBR) to the GUID partition table (GPT), which will allow you to take advantage of the Unified Extensible Firmware Interface (UEFI) functionality. You can also use replace if the disk needs to be repartitioned since user data needs to be transferred off the disk.
+ > [!NOTE]
+ > In some situations, you can use the replace scenario even if the target is the same machine. For example, you can use replace if you want to modify the disk layout from the master boot record (MBR) to the GUID partition table (GPT), which will allow you to take advantage of the Unified Extensible Firmware Interface (UEFI) functionality. You can also use replace if the disk needs to be repartitioned since user data needs to be transferred off the disk.
## Related topics
- [Upgrade to Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md)
-- [Upgrade to Windows 10 with Microsoft Endpoint Configuration Manager](./deploy-windows-cm/upgrade-to-windows-10-with-configuraton-manager.md)
+- [Upgrade to Windows 10 with Microsoft Endpoint Configuration Manager](./deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md)
- [Deploy Windows 10 with System Center 2012 R2 Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=620230)
- [Deploy Windows 10 with the Microsoft Deployment Toolkit](./deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md)
- [Windows setup technical reference](/windows-hardware/manufacture/desktop/windows-setup-technical-reference)
- [Windows Imaging and Configuration Designer](/windows/configuration/provisioning-packages/provisioning-install-icd)
-- [UEFI firmware](/windows-hardware/design/device-experiences/oem-uefi)
\ No newline at end of file
+- [UEFI firmware](/windows-hardware/design/device-experiences/oem-uefi)
diff --git a/windows/hub/images/winlogo.svg b/windows/hub/images/winlogo.svg
new file mode 100644
index 0000000000..393eb5b882
--- /dev/null
+++ b/windows/hub/images/winlogo.svg
@@ -0,0 +1,96 @@
+
+
+
+
diff --git a/windows/hub/index.yml b/windows/hub/index.yml
index e3a2448009..5a0881cad0 100644
--- a/windows/hub/index.yml
+++ b/windows/hub/index.yml
@@ -1,121 +1,243 @@
-### YamlMime:Landing
+### YamlMime:Hub
-title: Windows client resources and documentation for IT Pros # < 60 chars
-summary: Plan, deploy, secure, and manage devices running Windows 10 and Windows 11. # < 160 chars
+title: Windows client documentation for IT Pros # < 60 chars
+summary: Evaluate, plan, deploy, secure, and manage devices running Windows 10 and Windows 11. # < 160 chars
+# brand: aspnet | azure | dotnet | dynamics | m365 | ms-graph | office | power-apps | power-automate | power-bi | power-platform | power-virtual-agents | sql | sql-server | vs | visual-studio | windows | xamarin
+brand: windows
metadata:
title: Windows client documentation for IT Pros # Required; page title displayed in search results. Include the brand. < 60 chars.
description: Evaluate, plan, deploy, secure, and manage devices running Windows 10 and Windows 11. # Required; article description that is displayed in search results. < 160 chars.
services: windows-10
- ms.service: windows-10 #Required; service per approved list. service slug assigned to your service by ACOM.
- ms.subservice: subservice
- ms.topic: landing-page # Required
- ms.collection: windows-10
- author: greg-lindsay #Required; your GitHub user alias, with correct capitalization.
- ms.author: greglin #Required; microsoft alias of author; optional team alias.
- ms.date: 06/01/2020 #Required; mm/dd/yyyy format.
+ ms.service: subservice #Required; service per approved list. service slug assigned to your service by ACOM.
+ ms.subservice: subservice # Optional; Remove if no subservice is used.
+ ms.topic: hub-page # Required
+ ms.collection: windows-10 # Optional; Remove if no collection is used.
+ author: dougeby #Required; your GitHub user alias, with correct capitalization.
+ ms.author: dougeby #Required; microsoft alias of author; optional team alias.
+ ms.date: 10/01/2021 #Required; mm/dd/yyyy format.
localization_priority: medium
-
-# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new
-landingContent:
-# Cards and links should be based on top customer tasks or top subjects
-# Start card title with a verb
- # Card (optional)
- - title: What's new
- linkLists:
- - linkListType: overview
- links:
- - text: Windows 11 overview
- url: /windows/whats-new/windows-11
- - text: Windows 11 requirements
- url: /windows/whats-new/windows-11-requirements
- - text: Plan for Windows 11
- url: /windows/whats-new/windows-11-plan
- - text: Prepare for Windows 11
- url: /windows/whats-new/windows-11-prepare
- - text: What's new in Windows 10, version 21H1
- url: /windows/whats-new/whats-new-windows-10-version-21H1
- - text: Windows release information
- url: /windows/release-health/release-information
+# highlightedContent section (optional)
+# Maximum of 8 items
+highlightedContent:
+# itemType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | sample | tutorial | video | whats-new
+ items:
+ # Card
+ - title: Become a Windows Insider
+ itemType: overview
+ url: https://insider.windows.com
+ # Card
+ - title: See what's new in Windows release health
+ itemType: overview
+ url: /windows/release-health/
+ # Card
+ - title: Learn more about Hybrid Work
+ itemType: overview
+ url: https://www.microsoft.com/hybridwork/
+
+
+# productDirectory section (optional)
+productDirectory:
+ title: Get to know Windows 11 # < 60 chars (optional)
+ summary: Learn more about what's new, what's updated, and what you get in Windows 11 # < 160 chars (optional)
+ items:
+ # Card
+ - title: What's new in Windows 11
+ imageSrc: /windows/resources/images/winlogo.svg
+ summary: Get more information about features and improvements that are important to admins
+ url: /windows/whats-new/windows-11-whats-new
+ - title: Windows 11 requirements
+ imageSrc: /windows/resources/images/winlogo.svg
+ summary: See the system requirements for Windows 11, including running Windows 11 on a virtual machine
+ url: /windows/whats-new/windows-11-requirements
+ - title: Trusted Platform Module (TPM)
+ imageSrc: /windows/resources/images/winlogo.svg
+ summary: Learn more about TPM, and why it's a good thing
+ url: /windows/security/information-protection/tpm/trusted-platform-module-overview
+
+# conceptualContent section (optional)
+conceptualContent:
+# Supports up to 3 sections
+# itemType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | sample | tutorial | video | whats-new
+
+ title: Windows client resources and documentation for IT Pros
+ summary: Plan, deploy, secure, and manage devices running Windows 10 and Windows 11.
+ items:
+ # card
+ - title: Overview
+ links:
+ - url: /windows/whats-new/windows-11-whats-new
+ itemType: overview
+ text: What's new in Windows 11
+ - url: /windows/whats-new/windows-11-plan
+ itemType: overview
+ text: Plan for Windows 11
+ - url: /windows/whats-new/windows-11-prepare
+ itemType: overview
+ text: Prepare for Windows 11
+ - url: /windows/whats-new/whats-new-windows-10-version-21H1
+ itemType: overview
+ text: What's new in Windows 10, version 21H1
+ - url: /windows/release-health/release-information
+ itemType: overview
+ text: Windows release information
# Card (optional)
- - title: Configuration
- linkLists:
- - linkListType: how-to-guide
- links:
- - text: Configure Windows
- url: /windows/configuration/index
- - text: Accessibility information for IT Pros
- url: /windows/configuration/windows-10-accessibility-for-itpros
- - text: Configure access to Microsoft Store
- url: /windows/configuration/stop-employees-from-using-microsoft-store
- - text: Set up a shared or guest PC
- url: /windows/configuration/set-up-shared-or-guest-pc
+ - title: Configuration
+ links:
+ - url: /windows/configuration/index
+ itemType: overview
+ text: Configure Windows
+ - url: /windows/configuration/provisioning-packages/provisioning-packages
+ itemType: how-to-guide
+ text: Use Provisioning packages to configure new devices
+ - url: /windows/configuration/windows-10-accessibility-for-itpros
+ itemType: overview
+ text: Accessibility information for IT Pros
+ - url: /windows/configuration/customize-start-menu-layout-windows-11
+ itemType: how-to-guide
+ text: Customize the Start menu layout
+ - url: /windows/configuration/stop-employees-from-using-microsoft-store
+ itemType: how-to-guide
+ text: Control access to Microsoft Store
+ - url: /windows/configuration/set-up-shared-or-guest-pc
+ itemType: how-to-guide
+ text: Set up a shared or guest PC
# Card (optional)
- - title: Deployment
- linkLists:
- - linkListType: deploy
- links:
- - text: Deploy and update Windows
- url: /windows/deployment/index
- - text: Windows deployment scenarios
- url: /windows/deployment/windows-10-deployment-scenarios
- - text: Create a deployment plan
- url: /windows/deployment/update/create-deployment-plan
- - text: Prepare to deploy Windows client
- url: /windows/deployment/update/prepare-deploy-windows
-
+ - title: Deployment
+ links:
+ - url: /windows/deployment/index
+ itemType: deploy
+ text: Deploy and update Windows
+ - url: /windows/deployment/windows-10-deployment-scenarios
+ itemType: deploy
+ text: Windows deployment scenarios
+ - url: /windows/deployment/update/create-deployment-plan
+ itemType: deploy
+ text: Create a deployment plan
+ - url: /windows/deployment/update/prepare-deploy-windows
+ itemType: deploy
+ text: Prepare to deploy Windows client
# Card
- - title: App management
- linkLists:
- - linkListType: how-to-guide
- links:
- - text: Windows application management
- url: /windows/application-management/index
- - text: Understand the different apps included in Windows 10
- url: /windows/application-management/apps-in-windows-10
- - text: Get started with App-V for Windows 10
- url: /windows/application-management/app-v/appv-getting-started
- - text: Keep removed apps from returning during an update
- url: /windows/application-management/remove-provisioned-apps-during-update
+ - title: App management
+ links:
+ - url: /windows/application-management/index
+ itemType: overview
+ text: Windows application management
+ - url: /windows/application-management/apps-in-windows-10
+ itemType: overview
+ text: Learn more about the different apps types for Windows
+ - url: /windows/application-management/private-app-repository-mdm-company-portal-windows-11
+ itemType: how-to-guide
+ text: Use the private app repo on Windows 11
+ - url: /windows/application-management/remove-provisioned-apps-during-update
+ itemType: how-to-guide
+ text: Keep removed apps from returning during an update
# Card
- - title: Client management
- linkLists:
- - linkListType: how-to-guide
- links:
- - text: Windows client management
- url: /windows/client-management/index
- - text: Administrative tools
- url: /windows/client-management/administrative-tools-in-windows-10
- - text: Create mandatory user profiles
- url: /windows/client-management/mandatory-user-profile
- - text: New policies for Windows 10
- url: /windows/client-management/new-policies-for-windows-10
- - text: Configuration service provider reference
- url: /windows/client-management/mdm/configuration-service-provider-reference
+ - title: Client management
+ links:
+
+ - url: /windows/client-management/index
+ itemType: overview
+ text: Windows client management
+ - url: /windows/client-management/administrative-tools-in-windows-10
+ itemType: overview
+ text: Administrative tools
+ - url: /windows/client-management/mandatory-user-profile
+ itemType: how-to-guide
+ text: Create mandatory user profiles
+ - url: /windows/client-management/new-policies-for-windows-10
+ itemType: overview
+ text: New policies for Windows 10
+ - url: /windows/client-management/mdm/configuration-service-provider-reference
+ itemType: reference
+ text: Configuration service provider reference
# Card (optional)
- - title: Security and Privacy
- linkLists:
- - linkListType: how-to-guide
- links:
- - text: Windows Enterprise Security
- url: /windows/security/index
- - text: Windows Privacy
- url: /windows/privacy/index
- - text: Identity and access management
- url: /windows/security/identity-protection/index
- - text: Threat protection
- url: /windows/security/threat-protection/index
- - text: Information protection
- url: /windows/security/information-protection/index
- - text: Required diagnostic data
- url: /windows/privacy/required-windows-diagnostic-data-events-and-fields-2004
- - text: Optional diagnostic data
- url: /windows/privacy/windows-diagnostic-data
- - text: Changes to Windows diagnostic data collection
- url: /windows/privacy/changes-to-windows-diagnostic-data-collection
\ No newline at end of file
+ - title: Security and Privacy
+ links:
+ - url: /windows/security/index
+ itemType: overview
+ text: Windows Enterprise Security
+ - url: /windows/privacy/index
+ itemType: overview
+ text: Windows Privacy
+ - url: /windows/security/hardware
+ itemType: overview
+ text: Hardware security
+ - url: /windows/security/operating-system
+ itemType: overview
+ text: Operating system security
+ - url: /windows/security/apps
+ itemType: overview
+ text: Application security
+ - url: /windows/security/identity
+ itemType: overview
+ text: User and identity security
+ - url: /windows/security/cloud
+ itemType: overview
+ text: Cloud services
+
+# additionalContent section (optional)
+# Card with summary style
+additionalContent:
+ # Supports up to 4 subsections
+ sections:
+ - title: More Windows resources # < 60 chars (optional)
+ items:
+ # Card
+ - title: Windows 11 product site
+ summary: Find out more about Windows 11 for enterprise and Windows 11 for business
+ url: https://www.microsoft.com/microsoft-365/windows
+ - title: Windows blogs
+ summary: Keep up with the latest news about Windows
+ url: https://blogs.windows.com/
+ - title: "Planning for Windows 11: best practices for organizations"
+ summary: Blog article with best practices to help you plan for Windows 11
+ url: https://aka.ms/Windows/blog002
+ - title: Windows 11 security explained
+ summary: Blog article to learn how Windows 11 enables security by design from the chip to the cloud
+ url: https://aka.ms/Windows/blog010
+ # Card
+ - title: Participate in the Tech Community
+ summary: Learn how to be part of the Windows Tech Community
+ url: https://techcommunity.microsoft.com/t5/windows/ct-p/Windows10
+ # Card
+ - title: Ask the community
+ summary: Get help, and help others
+ url: https://answers.microsoft.com/windows/forum
+
+ - title: Other resources
+ items:
+ - title: Microsoft Endpoint Manager
+ links:
+ - text: Microsoft Endpoint Manager documentation
+ url: /mem
+ - text: Overview of Microsoft Endpoint Manager
+ url: /mem/endpoint-manager-overview
+ - text: Getting started with Microsoft Endpoint Manager
+ url: /mem/endpoint-manager-getting-started
+ - text: Microsoft Endpoint Manager blog
+ url: https://aka.ms/memblog
+ - title: Windows 365
+ links:
+ - text: Windows 365 documentation
+ url: /windows-365
+ - text: What is Windows 365
+ url: /windows-365/overview
+ - text: Windows 365 blog
+ url: https://www.microsoft.com/microsoft-365/blog/
+ - title: Windows Server
+ links:
+ - text: Windows Server documentation
+ url: /windows-server
+ - text: What's new in Windows Server 2022?
+ url: /windows-server/get-started/whats-new-in-windows-server-2022
+ - text: Get started with Windows Server
+ url: /windows-server/get-started/get-started-with-windows-server
+ - text: Windows Server blog
+ url: https://cloudblogs.microsoft.com/windowsserver/
\ No newline at end of file
diff --git a/windows/privacy/Microsoft-DiagnosticDataViewer.md b/windows/privacy/Microsoft-DiagnosticDataViewer.md
index 5852e85928..32ba2bc16a 100644
--- a/windows/privacy/Microsoft-DiagnosticDataViewer.md
+++ b/windows/privacy/Microsoft-DiagnosticDataViewer.md
@@ -21,7 +21,8 @@ ms.reviewer:
**Applies to**
-- Windows 10, version 1803 and newer
+- Windows 11
+- Windows 10, version 1803 and later
- Windows Server, version 1803
- Windows Server 2019
diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md
index 2abc6b7ebe..16e94c4bd9 100644
--- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md
+++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md
@@ -13,7 +13,7 @@ manager: dansimp
ms.collection: M365-security-compliance
ms.topic: article
audience: ITPro
-ms.date: 04/28/2021
+ms.date: 09/08/2021
ms.reviewer:
---
@@ -33,7 +33,8 @@ Use this article to learn about diagnostic events, grouped by event area, and th
You can learn more about Windows functional and diagnostic data through these articles:
-- [Windows 10, version 21H1, Windows 10, version 20H2 and Windows 10, version 2004 basic diagnostic events and fields](required-windows-diagnostic-data-events-and-fields-2004.md)
+- [Required Windows 11 diagnostic events and fields](required-windows-11-diagnostic-events-and-fields.md)
+- [Windows 10, version 20H2 and Windows 10, version 2004 basic diagnostic events and fields](required-windows-diagnostic-data-events-and-fields-2004.md)
- [Windows 10, version 1903 and Windows 10, version 1909 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1903.md)
- [Windows 10, version 1809 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md)
- [Windows 10, version 1803 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1803.md)
@@ -2692,7 +2693,7 @@ The following fields are available:
- **Slot** Slot to which the DRAM is plugged into the motherboard.
- **Speed** The configured memory slot speed in MHz.
- **Type** Reports DDR as an enumeration value as per the DMTF SMBIOS standard version 3.3.0, section 7.18.2.
-- **TypeDetails** Reports Non-volatile as a bit flag enumeration per the DMTF SMBIOS standard version 3.3.0, section 7.18.3.
+- **TypeDetails** Reports Non-volatile as a bit flag enumeration as per the DMTF SMBIOS standard version 3.3.0, section 7.18.3.
### Microsoft.Windows.Inventory.General.InventoryMiscellaneousMemorySlotArrayInfoStartSync
@@ -6247,6 +6248,21 @@ The following fields are available:
- **ResultId** The final result of the interaction campaign.
+### Microsoft.Windows.WindowsUpdate.RUXIM.ICSEvaluateInteractionCampaign
+
+This event is generated when the RUXIM Interaction Campaign Scheduler (RUXIMICS.EXE) finishes processing an interaction campaign. The data collected with this event is used to help keep Windows up to date and performing properly.
+
+The following fields are available:
+
+- **ControlId** String identifying the control (if any) that was selected by the user during presentation.
+- **hrInteractionHandler** The error (if any) reported by the RUXIM Interaction Handler while processing the interaction campaign.
+- **hrScheduler** The error (if any) encountered by RUXIM Interaction Campaign Scheduler itself while processing the interaction campaign.
+- **InteractionCampaignID** The ID of the interaction campaign that was processed.
+- **ResultId** The result of the evaluation/presentation.
+- **WasCompleted** True if the interaction campaign is complete.
+- **WasPresented** True if the Interaction Handler displayed the interaction campaign to the user.
+
+
### Microsoft.Windows.WindowsUpdate.RUXIM.ICSExit
This event is generated when the RUXIM Interaction Campaign Scheduler (RUXIMICS) exits. The data collected with this event is used to help keep Windows up to date and performing properly.
@@ -6278,6 +6294,20 @@ This event is sent when RUXIM begins checking with OneSettings to retrieve any U
+### Microsoft.Windows.WindowsUpdate.RUXIM.IHEvaluateAndPresent
+
+This event is generated when the RUXIM Interaction Handler finishes evaluating, and possibly presenting an interaction campaign. The data collected with this event is used to help keep Windows up to date and performing properly.
+
+The following fields are available:
+
+- **hrLocal** The error (if any) encountered by RUXIM Interaction Handler during evaluation and presentation.
+- **hrPresentation** The error (if any) reported by RUXIM Presentation Handler during presentation.
+- **InteractionCampaignID** GUID; the user interaction campaign processed by RUXIM Interaction Handler.
+- **ResultId** The result generated by the evaluation and presentation.
+- **WasCompleted** True if the user interaction campaign is complete.
+- **WasPresented** True if the user interaction campaign is displayed to the user.
+
+
### Microsoft.Windows.WindowsUpdate.RUXIM.IHExit
This event is generated when the RUXIM Interaction Handler (RUXIMIH.EXE) exits. The data collected with this event is used to help keep Windows up to date and performing properly.
diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md
index 6dc4ef0157..fe2e57d529 100644
--- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md
+++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md
@@ -13,7 +13,7 @@ manager: dansimp
ms.collection: M365-security-compliance
ms.topic: article
audience: ITPro
-ms.date: 04/28/2021
+ms.date: 09/08/2021
ms.reviewer:
---
@@ -33,7 +33,8 @@ Use this article to learn about diagnostic events, grouped by event area, and th
You can learn more about Windows functional and diagnostic data through these articles:
-- [Windows 10, version 21H1, Windows 10, version 20H2 and Windows 10, version 2004 basic diagnostic events and fields](required-windows-diagnostic-data-events-and-fields-2004.md)
+- [Required Windows 11 diagnostic events and fields](required-windows-11-diagnostic-events-and-fields.md)
+- [Windows 10, version 20H2 and Windows 10, version 2004 basic diagnostic events and fields](required-windows-diagnostic-data-events-and-fields-2004.md)
- [Windows 10, version 1903 and Windows 10, version 1909 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1903.md)
- [Windows 10, version 1809 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md)
- [Windows 10, version 1803 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1803.md)
@@ -2734,8 +2735,8 @@ The following fields are available:
- **Model** Model and sub-model of the memory
- **Slot** Slot to which the DRAM is plugged into the motherboard.
- **Speed** The configured memory slot speed in MHz.
-- **Type** Reports DDR as an enumeration value as per the DMTF SMBIOS standard version 3.3.0, section 7.18.2.
-- **TypeDetails** Reports Non-volatile as a bit flag enumeration per the DMTF SMBIOS standard version 3.3.0, section 7.18.3.
+- **Type** Reports DDR as an enumeration value per DMTF SMBIOS standard version 3.3.0, section 7.18.2.
+- **TypeDetails** Reports Non-volatile as a bit flag enumeration per DMTF SMBIOS standard version 3.3.0, section 7.18.3.
### Microsoft.Windows.Inventory.General.InventoryMiscellaneousMemorySlotArrayInfoStartSync
@@ -3028,6 +3029,22 @@ The following fields are available:
- **winInetError** The HResult of the operation.
+
+## Other events
+
+### Microsoft.ServerManagementExperience.Gateway.Service.ManagedNodeProperties
+
+This is a periodic rundown event that contains more detailed information about the nodes added to this Windows Admin Center gateway for management.
+
+The following fields are available:
+
+- **nodeId** The nodeTypeId concatenated with the hostname or IP address that gateway uses to connect to this node.
+- **nodeOperatingSystem** A user friendly description of the node's OS version.
+- **nodeOSVersion** A major or minor build version string for the node's OS.
+- **nodeTypeId** A string that distinguishes between a connection target, whether it is a client, server, cluster or a hyper-converged cluster.
+- **otherProperties** Contains a JSON object with variable content and may contain: "nodes": a list of host names or IP addresses of the servers belonging to a cluster, "aliases": the alias if it is set for this connection, "lastUpdatedTime": the number of milliseconds since Unix epoch when this connection was last updated, "ncUri", "caption", "version", "productType", "networkName", "operatingSystem", "computerManufacturer", "computerModel", "isS2dEnabled". This JSON object is formatted as an quotes-escaped string.
+
+
## Privacy logging notification events
### Microsoft.Windows.Shell.PrivacyNotifierLogging.PrivacyNotifierCompleted
@@ -6409,6 +6426,21 @@ The following fields are available:
- **ResultId** The final result of the interaction campaign.
+### Microsoft.Windows.WindowsUpdate.RUXIM.ICSEvaluateInteractionCampaign
+
+This event is generated when the RUXIM Interaction Campaign Scheduler (RUXIMICS.EXE) finishes processing an interaction campaign. The data collected with this event is used to help keep Windows up to date and performing properly.
+
+The following fields are available:
+
+- **ControlId** String identifying the control (if any) that was selected by the user during presentation.
+- **hrInteractionHandler** The error (if any) reported by the RUXIM Interaction Handler while processing the interaction campaign.
+- **hrScheduler** The error (if any) encountered by RUXIM Interaction Campaign Scheduler itself while processing the interaction campaign.
+- **InteractionCampaignID** The ID of the interaction campaign that was processed.
+- **ResultId** The result of the evaluation/presentation.
+- **WasCompleted** True if the interaction campaign is complete.
+- **WasPresented** True if the Interaction Handler displayed the interaction campaign to the user.
+
+
### Microsoft.Windows.WindowsUpdate.RUXIM.ICSExit
This event is generated when the RUXIM Interaction Campaign Scheduler (RUXIMICS) exits. The data collected with this event is used to help keep Windows up to date and performing properly.
@@ -6440,6 +6472,20 @@ This event is sent when RUXIM begins checking with OneSettings to retrieve any U
+### Microsoft.Windows.WindowsUpdate.RUXIM.IHEvaluateAndPresent
+
+This event is generated when the RUXIM Interaction Handler finishes evaluating, and possibly presenting an interaction campaign. The data collected with this event is used to help keep Windows up to date and performing properly.
+
+The following fields are available:
+
+- **hrLocal** The error (if any) encountered by RUXIM Interaction Handler during evaluation and presentation.
+- **hrPresentation** The error (if any) reported by RUXIM Presentation Handler during presentation.
+- **InteractionCampaignID** GUID; the user interaction campaign processed by RUXIM Interaction Handler.
+- **ResultId** The result generated by the evaluation and presentation.
+- **WasCompleted** True if the user interaction campaign is complete.
+- **WasPresented** True if the user interaction campaign is displayed to the user.
+
+
### Microsoft.Windows.WindowsUpdate.RUXIM.IHExit
This event is generated when the RUXIM Interaction Handler (RUXIMIH.EXE) exits. The data collected with this event is used to help keep Windows up to date and performing properly.
diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md
index 8a5eb64108..27ad38b904 100644
--- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md
+++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md
@@ -13,7 +13,7 @@ manager: dansimp
ms.collection: M365-security-compliance
ms.topic: article
audience: ITPro
-ms.date: 04/28/2021
+ms.date: 09/08/2021
ms.reviewer:
---
@@ -33,7 +33,8 @@ Use this article to learn about diagnostic events, grouped by event area, and th
You can learn more about Windows functional and diagnostic data through these articles:
-- [Windows 10, version 21H1, Windows 10, version 20H2 and Windows 10, version 2004 basic diagnostic events and fields](required-windows-diagnostic-data-events-and-fields-2004.md)
+- [Required Windows 11 diagnostic events and fields](required-windows-11-diagnostic-events-and-fields.md)
+- [Windows 10, version 20H2 and Windows 10, version 2004 basic diagnostic events and fields](required-windows-diagnostic-data-events-and-fields-2004.md)
- [Windows 10, version 1903 and Windows 10, version 1909 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1903.md)
- [Windows 10, version 1809 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md)
- [Windows 10, version 1709 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1709.md)
@@ -3007,6 +3008,32 @@ The following fields are available:
- **WDDMVersion** The Windows Display Driver Model version.
+### DxgKrnlTelemetry.GPUAdapterStop
+
+This event collects information about an adapter when it stops. The data collected with this event is used to help keep Windows up to date and performing properly.
+
+The following fields are available:
+
+- **AdapterLuid** Local Identifier for the adapter.
+- **AdapterTypeValue** Numeric value indicating the type of the adapter.
+- **DriverDate** Date of the driver.
+- **DriverVersion** Version of the driver.
+- **GPUDeviceID** Device identifier for the adapter.
+- **GPUVendorID** Vendor identifier for the adapter.
+- **InterfaceId** Identifier for the adapter.
+- **IsDetachable** Boolean value indicating whether the adapter is removable or detachable.
+- **IsDisplayDevice** Boolean value indicating whether the adapter has display capabilities.
+- **IsHybridDiscrete** Boolean value indicating whether the adapter is a discrete adapter in a hybrid configuration.
+- **IsHybridIntegrated** Boolean value indicating whether the adapter is an integrated adapter in a hybrid configuration.
+- **IsRenderDevice** Boolean value indicating whether the adapter has rendering capabilities.
+- **IsSoftwareDevice** Boolean value indicating whether the adapter is implemented in software.
+- **IsSurpriseRemoved** Boolean value indicating whether the adapter was surprise removed.
+- **SubSystemID** Subsystem identifier for the adapter.
+- **SubVendorID** Sub-vendor identifier for the adapter.
+- **version** Version of the schema for this event.
+- **WDDMVersion** Display driver model version for the driver.
+
+
## Failover Clustering events
### Microsoft.Windows.Server.FailoverClusteringCritical.ClusterSummary2
@@ -3674,7 +3701,7 @@ The following fields are available:
- **Slot** Slot to which the DRAM is plugged into the motherboard.
- **Speed** The configured memory slot speed in MHz.
- **Type** Reports DDR as an enumeration value as per the DMTF SMBIOS standard version 3.3.0, section 7.18.2.
-- **TypeDetails** Reports Non-volatile as a bit flag enumeration per the DMTF SMBIOS standard version 3.3.0, section 7.18.3.
+- **TypeDetails** Reports Non-volatile as a bit flag enumeration as per the DMTF SMBIOS standard version 3.3.0, section 7.18.3.
### Microsoft.Windows.Inventory.General.InventoryMiscellaneousMemorySlotArrayInfoStartSync
@@ -4340,6 +4367,19 @@ The following fields are available:
- **winInetError** The HResult of the operation.
+
+## Other events
+
+### Microsoft.Surface.Battery.Prod.BatteryInfoEvent
+
+This event includes the hardware level data about battery performance. The data collected with this event is used to help keep Windows products and services performing properly.
+
+The following fields are available:
+
+- **pszBatteryDataXml** Battery performance data.
+- **szBatteryInfo** Battery performance data.
+
+
## Privacy consent logging events
### Microsoft.Windows.Shell.PrivacyConsentLogging.PrivacyConsentCompleted
@@ -5433,16 +5473,6 @@ The following fields are available:
- **UpdateId** The update ID for a specific piece of content.
- **ValidityWindowInDays** The validity window that's in effect when verifying the timestamp.
-## Surface events
-
-### Microsoft.Surface.Battery.Prod.BatteryInfoEvent
-
-This event includes the hardware level data about battery performance. The data collected with this event is used to help keep Windows products and services performing properly.
-
-The following fields are available:
-
-- **pszBatteryDataXml** Battery performance data.
-- **szBatteryInfo** Battery performance data.
## Update Assistant events
@@ -8032,6 +8062,21 @@ The following fields are available:
- **ResultId** The final result of the interaction campaign.
+### Microsoft.Windows.WindowsUpdate.RUXIM.ICSEvaluateInteractionCampaign
+
+This event is generated when the RUXIM Interaction Campaign Scheduler (RUXIMICS.EXE) finishes processing an interaction campaign. The data collected with this event is used to help keep Windows up to date and performing properly.
+
+The following fields are available:
+
+- **ControlId** String identifying the control (if any) that was selected by the user during presentation.
+- **hrInteractionHandler** The error (if any) reported by the RUXIM Interaction Handler while processing the interaction campaign.
+- **hrScheduler** The error (if any) encountered by RUXIM Interaction Campaign Scheduler itself while processing the interaction campaign.
+- **InteractionCampaignID** The ID of the interaction campaign that was processed.
+- **ResultId** The result of the evaluation/presentation.
+- **WasCompleted** True if the interaction campaign is complete.
+- **WasPresented** True if the Interaction Handler displayed the interaction campaign to the user.
+
+
### Microsoft.Windows.WindowsUpdate.RUXIM.ICSExit
This event is generated when the RUXIM Interaction Campaign Scheduler (RUXIMICS) exits. The data collected with this event is used to help keep Windows up to date and performing properly.
diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md
index 99cc79b6ea..e45351e107 100644
--- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md
+++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md
@@ -13,7 +13,7 @@ manager: dansimp
ms.collection: M365-security-compliance
ms.topic: article
audience: ITPro
-ms.date: 04/29/2021
+ms.date: 09/08/2021
ms.reviewer:
---
@@ -33,7 +33,8 @@ Use this article to learn about diagnostic events, grouped by event area, and th
You can learn more about Windows functional and diagnostic data through these articles:
-- [Windows 10, version 21H1, Windows 10, version 20H2 and Windows 10, version 2004 basic diagnostic events and fields](required-windows-diagnostic-data-events-and-fields-2004.md)
+- [Required Windows 11 diagnostic events and fields](required-windows-11-diagnostic-events-and-fields.md)
+- [Windows 10, version 20H2 and Windows 10, version 2004 basic diagnostic events and fields](required-windows-diagnostic-data-events-and-fields-2004.md)
- [Windows 10, version 1903 and Windows 10, version 1909 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1903.md)
- [Windows 10, version 1803 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1803.md)
- [Windows 10, version 1709 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1709.md)
@@ -312,7 +313,7 @@ The following fields are available:
- **DatasourceApplicationFile_19H1Setup** The total number of objects of this type present on this device.
- **DatasourceApplicationFile_20H1** The total number of objects of this type present on this device.
- **DatasourceApplicationFile_20H1Setup** The total number of objects of this type present on this device.
-- **DatasourceApplicationFile_21H1Setup** The total number of objects of this type present on this device.
+- **DatasourceApplicationFile_21H1Setup** The count of the number of this particular object type present on this device.
- **DatasourceApplicationFile_RS1** The total number of objects of this type present on this device.
- **DatasourceApplicationFile_RS2** The total number of objects of this type present on this device.
- **DatasourceApplicationFile_RS3** The total number of objects of this type present on this device.
@@ -324,11 +325,11 @@ The following fields are available:
- **DatasourceApplicationFile_TH1** The total number of objects of this type present on this device.
- **DatasourceApplicationFile_TH2** The total number of objects of this type present on this device.
- **DatasourceDevicePnp_19ASetup** The total number of objects of this type present on this device.
-- **DatasourceDevicePnp_19H1** The total number of objects of this type present on this device.
+- **DatasourceDevicePnp_19H1** The count of the number of this particular object type present on this device.
- **DatasourceDevicePnp_19H1Setup** The total number of objects of this type present on this device.
- **DatasourceDevicePnp_20H1** The total number of objects of this type present on this device.
- **DatasourceDevicePnp_20H1Setup** The total number of objects of this type present on this device.
-- **DatasourceDevicePnp_21H1Setup** The total number of objects of this type present on this device.
+- **DatasourceDevicePnp_21H1Setup** The count of the number of this particular object type present on this device.
- **DatasourceDevicePnp_RS1** The total number of objects of this type present on this device.
- **DatasourceDevicePnp_RS2** The total number of objects of this type present on this device.
- **DatasourceDevicePnp_RS3** The total number of objects of this type present on this device.
@@ -344,7 +345,7 @@ The following fields are available:
- **DatasourceDriverPackage_19H1Setup** The total number of objects of this type present on this device.
- **DatasourceDriverPackage_20H1** The total number of objects of this type present on this device.
- **DatasourceDriverPackage_20H1Setup** The total number of objects of this type present on this device.
-- **DatasourceDriverPackage_21H1Setup** The total number of objects of this type present on this device.
+- **DatasourceDriverPackage_21H1Setup** The count of the number of this particular object type present on this device.
- **DatasourceDriverPackage_RS1** The total number of objects of this type present on this device.
- **DatasourceDriverPackage_RS2** The total number of objects of this type present on this device.
- **DatasourceDriverPackage_RS3** The total number of objects of this type present on this device.
@@ -360,7 +361,7 @@ The following fields are available:
- **DataSourceMatchingInfoBlock_19H1Setup** The total number of objects of this type present on this device.
- **DataSourceMatchingInfoBlock_20H1** The total number of objects of this type present on this device.
- **DataSourceMatchingInfoBlock_20H1Setup** The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoBlock_21H1Setup** The total number of objects of this type present on this device.
+- **DataSourceMatchingInfoBlock_21H1Setup** The count of the number of this particular object type present on this device.
- **DataSourceMatchingInfoBlock_RS1** The total number of objects of this type present on this device.
- **DataSourceMatchingInfoBlock_RS2** The total number of objects of this type present on this device.
- **DataSourceMatchingInfoBlock_RS3** The total number of objects of this type present on this device.
@@ -376,7 +377,7 @@ The following fields are available:
- **DataSourceMatchingInfoPassive_19H1Setup** The total number of objects of this type present on this device.
- **DataSourceMatchingInfoPassive_20H1** The total number of objects of this type present on this device.
- **DataSourceMatchingInfoPassive_20H1Setup** The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoPassive_21H1Setup** The total number of objects of this type present on this device.
+- **DataSourceMatchingInfoPassive_21H1Setup** The count of the number of this particular object type present on this device.
- **DataSourceMatchingInfoPassive_RS1** The total number of objects of this type present on this device.
- **DataSourceMatchingInfoPassive_RS2** The total number of objects of this type present on this device.
- **DataSourceMatchingInfoPassive_RS3** The total number of objects of this type present on this device.
@@ -392,7 +393,7 @@ The following fields are available:
- **DataSourceMatchingInfoPostUpgrade_19H1Setup** The total number of objects of this type present on this device.
- **DataSourceMatchingInfoPostUpgrade_20H1** The total number of objects of this type present on this device.
- **DataSourceMatchingInfoPostUpgrade_20H1Setup** The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoPostUpgrade_21H1Setup** The total number of objects of this type present on this device.
+- **DataSourceMatchingInfoPostUpgrade_21H1Setup** The count of the number of this particular object type present on this device.
- **DataSourceMatchingInfoPostUpgrade_RS1** The total number of objects of this type present on this device.
- **DataSourceMatchingInfoPostUpgrade_RS2** The total number of objects of this type present on this device.
- **DataSourceMatchingInfoPostUpgrade_RS3** The total number of objects of this type present on this device.
@@ -408,7 +409,7 @@ The following fields are available:
- **DatasourceSystemBios_19H1Setup** The total number of objects of this type present on this device.
- **DatasourceSystemBios_20H1** The total number of objects of this type present on this device.
- **DatasourceSystemBios_20H1Setup** The total number of objects of this type present on this device.
-- **DatasourceSystemBios_21H1Setup** The total number of objects of this type present on this device.
+- **DatasourceSystemBios_21H1Setup** The count of the number of this particular object type present on this device.
- **DatasourceSystemBios_RS1** The total number of objects of this type present on this device.
- **DatasourceSystemBios_RS2** The total number of objects of this type present on this device.
- **DatasourceSystemBios_RS3** The total number of objects of this type present on this device.
@@ -424,7 +425,7 @@ The following fields are available:
- **DecisionApplicationFile_19H1Setup** The total number of objects of this type present on this device.
- **DecisionApplicationFile_20H1** The total number of objects of this type present on this device.
- **DecisionApplicationFile_20H1Setup** The total number of objects of this type present on this device.
-- **DecisionApplicationFile_21H1Setup** The total number of objects of this type present on this device.
+- **DecisionApplicationFile_21H1Setup** The count of the number of this particular object type present on this device.
- **DecisionApplicationFile_RS1** The total number of objects of this type present on this device.
- **DecisionApplicationFile_RS2** The total number of objects of this type present on this device.
- **DecisionApplicationFile_RS3** The total number of objects of this type present on this device.
@@ -440,7 +441,7 @@ The following fields are available:
- **DecisionDevicePnp_19H1Setup** The total number of objects of this type present on this device.
- **DecisionDevicePnp_20H1** The total number of objects of this type present on this device.
- **DecisionDevicePnp_20H1Setup** The total number of objects of this type present on this device.
-- **DecisionDevicePnp_21H1Setup** The total number of objects of this type present on this device.
+- **DecisionDevicePnp_21H1Setup** The count of the number of this particular object type present on this device.
- **DecisionDevicePnp_RS1** The total number of objects of this type present on this device.
- **DecisionDevicePnp_RS2** The total number of objects of this type present on this device.
- **DecisionDevicePnp_RS3** The total number of objects of this type present on this device.
@@ -456,7 +457,7 @@ The following fields are available:
- **DecisionDriverPackage_19H1Setup** The total number of objects of this type present on this device.
- **DecisionDriverPackage_20H1** The total number of objects of this type present on this device.
- **DecisionDriverPackage_20H1Setup** The total number of objects of this type present on this device.
-- **DecisionDriverPackage_21H1Setup** The total number of objects of this type present on this device.
+- **DecisionDriverPackage_21H1Setup** The count of the number of this particular object type present on this device.
- **DecisionDriverPackage_RS1** The total number of objects of this type present on this device.
- **DecisionDriverPackage_RS2** The total number of objects of this type present on this device.
- **DecisionDriverPackage_RS3** The total number of objects of this type present on this device.
@@ -472,7 +473,7 @@ The following fields are available:
- **DecisionMatchingInfoBlock_19H1Setup** The total number of objects of this type present on this device.
- **DecisionMatchingInfoBlock_20H1** The total number of objects of this type present on this device.
- **DecisionMatchingInfoBlock_20H1Setup** The total number of objects of this type present on this device.
-- **DecisionMatchingInfoBlock_21H1Setup** The total number of objects of this type present on this device.
+- **DecisionMatchingInfoBlock_21H1Setup** The count of the number of this particular object type present on this device.
- **DecisionMatchingInfoBlock_RS1** The total number of objects of this type present on this device.
- **DecisionMatchingInfoBlock_RS2** The total number of objects of this type present on this device.
- **DecisionMatchingInfoBlock_RS3** The total number of objects of this type present on this device.
@@ -488,7 +489,7 @@ The following fields are available:
- **DecisionMatchingInfoPassive_19H1Setup** The total number of objects of this type present on this device.
- **DecisionMatchingInfoPassive_20H1** The total number of objects of this type present on this device.
- **DecisionMatchingInfoPassive_20H1Setup** The total number of objects of this type present on this device.
-- **DecisionMatchingInfoPassive_21H1Setup** The total number of objects of this type present on this device.
+- **DecisionMatchingInfoPassive_21H1Setup** The count of the number of this particular object type present on this device.
- **DecisionMatchingInfoPassive_RS1** The total number of objects of this type present on this device.
- **DecisionMatchingInfoPassive_RS2** The total number of objects of this type present on this device.
- **DecisionMatchingInfoPassive_RS3** The total number of objects of this type present on this device.
@@ -504,7 +505,7 @@ The following fields are available:
- **DecisionMatchingInfoPostUpgrade_19H1Setup** The total number of objects of this type present on this device.
- **DecisionMatchingInfoPostUpgrade_20H1** The total number of objects of this type present on this device.
- **DecisionMatchingInfoPostUpgrade_20H1Setup** The total number of objects of this type present on this device.
-- **DecisionMatchingInfoPostUpgrade_21H1Setup** The total number of objects of this type present on this device.
+- **DecisionMatchingInfoPostUpgrade_21H1Setup** The count of the number of this particular object type present on this device.
- **DecisionMatchingInfoPostUpgrade_RS1** The total number of objects of this type present on this device.
- **DecisionMatchingInfoPostUpgrade_RS2** The total number of objects of this type present on this device.
- **DecisionMatchingInfoPostUpgrade_RS3** The total number of objects of this type present on this device.
@@ -520,7 +521,7 @@ The following fields are available:
- **DecisionMediaCenter_19H1Setup** The total number of objects of this type present on this device.
- **DecisionMediaCenter_20H1** The total number of objects of this type present on this device.
- **DecisionMediaCenter_20H1Setup** The total number of objects of this type present on this device.
-- **DecisionMediaCenter_21H1Setup** The total number of objects of this type present on this device.
+- **DecisionMediaCenter_21H1Setup** The count of the number of this particular object type present on this device.
- **DecisionMediaCenter_RS1** The total number of objects of this type present on this device.
- **DecisionMediaCenter_RS2** The total number of objects of this type present on this device.
- **DecisionMediaCenter_RS3** The total number of objects of this type present on this device.
@@ -536,7 +537,7 @@ The following fields are available:
- **DecisionSystemBios_19H1Setup** The total number of objects of this type present on this device.
- **DecisionSystemBios_20H1** The total number of objects of this type present on this device.
- **DecisionSystemBios_20H1Setup** The total number of objects of this type present on this device.
-- **DecisionSystemBios_21H1Setup** The total number of objects of this type present on this device.
+- **DecisionSystemBios_21H1Setup** The count of the number of this particular object type present on this device.
- **DecisionSystemBios_RS1** The total number of objects of this type present on this device.
- **DecisionSystemBios_RS2** The total number of objects of this type present on this device.
- **DecisionSystemBios_RS3** The total number of objects of this type present on this device.
@@ -579,7 +580,7 @@ The following fields are available:
- **Wmdrm_19H1Setup** The total number of objects of this type present on this device.
- **Wmdrm_20H1** The total number of objects of this type present on this device.
- **Wmdrm_20H1Setup** The total number of objects of this type present on this device.
-- **Wmdrm_21H1Setup** The total number of objects of this type present on this device.
+- **Wmdrm_21H1Setup** The count of the number of this particular object type present on this device.
- **Wmdrm_RS1** The total number of objects of this type present on this device.
- **Wmdrm_RS2** The total number of objects of this type present on this device.
- **Wmdrm_RS3** The total number of objects of this type present on this device.
@@ -1219,6 +1220,28 @@ The following fields are available:
- **AppraiserVersion** The version of the appraiser file generating the events.
+### Microsoft.Windows.Appraiser.General.DecisionSystemMemoryAdd
+
+This event sends compatibility decision data about the system memory to help keep Windows up to date. Microsoft uses this information to understand and address problems regarding system memory for computers receiving updates.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **Blocking** Blocking information.
+- **BlockingSystemGeneralScenario** Decision about upgrade eligibility based on RAM.
+- **MemoryRequirementViolated** Memory information.
+- **SystemRequirementViolatedGeneral** System requirement information.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionSystemMemoryStartSync
+
+The DecisionSystemMemoryStartSync event indicates that a new set of DecisionSystemMemoryAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+
+
### Microsoft.Windows.Appraiser.General.DecisionSystemProcessorCpuCoresAdd
This data attribute refers to the number of Cores a CPU supports. The data collected with this event is used to help keep Windows up to date.
@@ -1243,6 +1266,34 @@ The following fields are available:
- **AppraiserVersion** The version of the appraiser file generating the events.
+### Microsoft.Windows.Appraiser.General.DecisionSystemProcessorCpuModelAdd
+
+This event sends true/false compatibility decision data about the CPU. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the appraiser file generating the events.
+- **Armv81Support** Arm v8.1 Atomics support.
+- **Blocking** Appraiser decision about eligibility to upgrade.
+- **CpuFamily** Cpu family.
+- **CpuModel** Cpu model.
+- **CpuStepping** Cpu stepping.
+- **CpuVendor** Cpu vendor.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionSystemProcessorCpuModelStartSync
+
+The DecisionSystemProcessorCpuModelStartSync event indicates that a new set of DecisionSystemProcessorCpuModelAdd events will be sent. This event is used to make compatibility decisions about the CPU. Microsoft uses this information to understand and address problems regarding the CPU for computers receiving updates. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the appraiser file generating the events.
+
+
### Microsoft.Windows.Appraiser.General.DecisionSystemProcessorCpuSpeedAdd
This event sends compatibility decision data about the CPU, to help keep Windows up to date.
@@ -4796,6 +4847,29 @@ The following fields are available:
- **InventoryVersion** The version of the inventory file generating the events.
+### Microsoft.Windows.Inventory.Core.InventoryDeviceSensorAdd
+
+This event sends basic metadata about sensor devices on a machine. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory binary generating the events.
+- **Manufacturer** Sensor manufacturer.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDeviceSensorStartSync
+
+This event indicates that a new set of InventoryDeviceSensor events will be sent. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory binary generating the events.
+
+
### Microsoft.Windows.Inventory.Core.InventoryDeviceUsbHubClassAdd
This event sends basic metadata about the USB hubs on the device. The data collected with this event is used to keep Windows performing properly.
@@ -5128,7 +5202,7 @@ The following fields are available:
- **FirmwareResetReasonPch** Reason for system reset provided by firmware.
- **FirmwareResetReasonPchAdditional** Additional information on system reset reason provided by firmware if needed.
- **FirmwareResetReasonSupplied** Flag indicating that a reason for system reset was provided by firmware.
-- **IO** Amount of data written to and read from the disk by the OS Loader during boot. See IO.
+- **IO** Amount of data written to and read from the disk by the OS Loader during boot.
- **LastBootSucceeded** Flag indicating whether the last boot was successful.
- **LastShutdownSucceeded** Flag indicating whether the last shutdown was successful.
- **MaxAbove4GbFreeRange** This field describes the largest memory range available above 4Gb.
@@ -5716,6 +5790,36 @@ The following fields are available:
- **totalRunDuration** Total running/evaluation time from last time.
- **totalRuns** Total number of running/evaluation from last time.
+
+## Other events
+
+### Microsoft.ServerManagementExperience.Gateway.Service.ManagedNodeProperties
+
+This is a periodic rundown event that contains more detailed information about the nodes added to this Windows Admin Center gateway for management.
+
+The following fields are available:
+
+- **nodeId** The nodeTypeId concatenated with the hostname or IP address that gateway uses to connect to this node.
+- **nodeOperatingSystem** A user friendly description of the node's OS version.
+- **nodeOSVersion** A major or minor build version string for the node's OS.
+- **nodeTypeId** A string that distinguishes between a connection target, whether it is a client, server, cluster or a hyper-converged cluster.
+- **otherProperties** Contains a JSON object with variable content and may contain: "nodes": a list of host names or IP addresses of the servers belonging to a cluster, "aliases": the alias if it is set for this connection, "lastUpdatedTime": the number of milliseconds since Unix epoch when this connection was last updated, "ncUri", "caption", "version", "productType", "networkName", "operatingSystem", "computerManufacturer", "computerModel", "isS2dEnabled". This JSON object is formatted as an quotes-escaped string.
+
+
+### Microsoft.Surface.Battery.Prod.BatteryInfoEvent
+
+This event includes the hardware level data about battery performance. The data collected with this event is used to help keep Windows products and services performing properly.
+
+The following fields are available:
+
+- **batteryData.data()** Battery performance data.
+- **BatteryDataSize:** Size of the battery performance data.
+- **batteryInfo.data()** Battery performance data.
+- **BatteryInfoSize:** Size of the battery performance data.
+- **pszBatteryDataXml** Battery performance data.
+- **szBatteryInfo** Battery performance data.
+
+
## Privacy consent logging events
### Microsoft.Windows.Shell.PrivacyConsentLogging.PrivacyConsentCompleted
@@ -6925,20 +7029,6 @@ The following fields are available:
- **UpdateId** The update ID for a specific piece of content.
- **ValidityWindowInDays** The validity window that's in effect when verifying the timestamp.
-## Surface events
-
-### Microsoft.Surface.Battery.Prod.BatteryInfoEvent
-
-This event includes the hardware level data about battery performance. The data collected with this event is used to help keep Windows products and services performing properly.
-
-The following fields are available:
-
-- **batteryData.data()** Battery performance data.
-- **BatteryDataSize:** Size of the battery performance data.
-- **batteryInfo.data()** Battery performance data.
-- **BatteryInfoSize:** Size of the battery performance data.
-- **pszBatteryDataXml** Battery performance data.
-- **szBatteryInfo** Battery performance data.
## System Resource Usage Monitor events
@@ -7772,7 +7862,7 @@ The following fields are available:
- **DPRange** Maximum mean value range.
- **DPValue** Randomized bit value (0 or 1) that can be reconstituted over a large population to estimate the mean.
-- **Value** Standard UTC emitted DP value structure See Value.
+- **Value** Standard UTC emitted DP value structure.
## Windows Store events
@@ -8161,7 +8251,7 @@ The following fields are available:
### Microsoft.Windows.Kits.WSK.WskImageCreate
-This event sends simple data when a user is using the Windows System Kit to create new OS “images”. The data includes the version of the Windows System Kit and the state of the event and is used to help investigate “image” creation failures. The data collected with this event is used to keep Windows performing properly.
+This event sends simple Product and Service usage data when a user is using the Windows System Kit to create new OS “images”. The data includes the version of the Windows System Kit and the state of the event and is used to help investigate “image” creation failures. The data collected with this event is used to keep Windows performing properly.
The following fields are available:
@@ -8176,7 +8266,7 @@ The following fields are available:
### Microsoft.Windows.Kits.WSK.WskImageCustomization
-This event sends simple data when a user is using the Windows System Kit to create/modify configuration files allowing the customization of a new OS image with Apps or Drivers. The data includes the version of the Windows System Kit, the state of the event, the customization type (drivers or apps) and the mode (new or updating) and is used to help investigate configuration file creation failures. The data collected with this event is used to keep Windows performing properly.
+This event sends simple Product and Service usage data when a user is using the Windows System Kit to create/modify configuration files allowing the customization of a new OS image with Apps or Drivers. The data includes the version of the Windows System Kit, the state of the event, the customization type (drivers or apps) and the mode (new or updating) and is used to help investigate configuration file creation failures. The data collected with this event is used to keep Windows performing properly.
The following fields are available:
@@ -9596,6 +9686,21 @@ The following fields are available:
- **PackageVersion** Current package version of remediation.
+### Microsoft.Windows.WindowsUpdate.RUXIM.ICSEvaluateInteractionCampaign
+
+This event is generated when the RUXIM Interaction Campaign Scheduler (RUXIMICS.EXE) finishes processing an interaction campaign. The data collected with this event is used to help keep Windows up to date and performing properly.
+
+The following fields are available:
+
+- **ControlId** String identifying the control (if any) that was selected by the user during presentation.
+- **hrInteractionHandler** The error (if any) reported by the RUXIM Interaction Handler while processing the interaction campaign.
+- **hrScheduler** The error (if any) encountered by RUXIM Interaction Campaign Scheduler itself while processing the interaction campaign.
+- **InteractionCampaignID** The ID of the interaction campaign that was processed.
+- **ResultId** The result of the evaluation/presentation.
+- **WasCompleted** True if the interaction campaign is complete.
+- **WasPresented** True if the Interaction Handler displayed the interaction campaign to the user.
+
+
### Microsoft.Windows.WindowsUpdate.RUXIM.ICSExit
This event is generated when the RUXIM Interaction Campaign Scheduler (RUXIMICS) exits. The data collected with this event is used to help keep Windows up to date and performing properly.
@@ -9627,6 +9732,72 @@ This event is sent when RUXIM begins checking with OneSettings to retrieve any U
+### Microsoft.Windows.WindowsUpdate.RUXIM.IHBeginPresentation
+
+This event is generated when RUXIM is about to present an interaction campaign to the user. The data collected with this event is used to help keep Windows up to date and performing properly.
+
+The following fields are available:
+
+- **InteractionCampaignID** GUID identifying interaction campaign being presented.
+
+
+### Microsoft.Windows.WindowsUpdate.RUXIM.IHEndPresentation
+
+This event is generated when Interaction Handler completes presenting an interaction campaign to the user. The data collected with this event is used to help keep Windows up to date and performing properly.
+
+The following fields are available:
+
+- **hrPresentation** Error, if any, occurring during the presentation.
+- **InteractionCampaignID** GUID identifying the interaction campaign being presented.
+- **ResultId** Result generated by the presentation.
+- **WasCompleted** True if the interaction campaign is now considered complete.
+
+
+### Microsoft.Windows.WindowsUpdate.RUXIM.IHEvaluateAndPresent
+
+This event is generated when the RUXIM Interaction Handler finishes evaluating, and possibly presenting an interaction campaign. The data collected with this event is used to help keep Windows up to date and performing properly.
+
+The following fields are available:
+
+- **hrLocal** The error (if any) encountered by RUXIM Interaction Handler during evaluation and presentation.
+- **hrPresentation** The error (if any) reported by RUXIM Presentation Handler during presentation.
+- **InteractionCampaignID** GUID; the user interaction campaign processed by RUXIM Interaction Handler.
+- **ResultId** The result generated by the evaluation and presentation.
+- **WasCompleted** True if the user interaction campaign is complete.
+- **WasPresented** True if the user interaction campaign is displayed to the user.
+
+
+### Microsoft.Windows.WindowsUpdate.RUXIM.IHExit
+
+This event is generated when the RUXIM Interaction Handler (RUXIMIH.EXE) exits. The data collected with this event is used to help keep Windows up to date and performing properly.
+
+The following fields are available:
+
+- **InteractionCampaignID** GUID identifying the interaction campaign that RUXIMIH processed.
+
+
+### Microsoft.Windows.WindowsUpdate.RUXIM.IHLaunch
+
+This event is generated when the RUXIM Interaction Handler (RUXIMIH.EXE) is launched. The data collected with this event is used to help keep Windows up to date and performing properly.
+
+The following fields are available:
+
+- **CommandLine** The command line used to launch RUXIMIH.
+- **InteractionCampaignID** GUID identifying the user interaction campaign that the Interaction Handler will process.
+
+
+### Microsoft.Windows.WindowsUpdate.RUXIM.SystemEvaluator.Evaluation
+
+This event is generated whenever the RUXIM Evaluator DLL performs an evaluation. The data collected with this event is used to help keep Windows up to date and performing properly.
+
+The following fields are available:
+
+- **HRESULT** Error, if any, that occurred during evaluation. (Note that if errors encountered during individual checks do not affect the overall result of the evaluation, those errors will be reported in NodeEvaluationData, but this HRESULT will still be zero.)
+- **Id** GUID passed in by the caller to identify the evaluation.
+- **NodeEvaluationData** Structure showing the results of individual checks that occurred during the overall evaluation.
+- **Result** Overall result generated by the evaluation.
+
+
## Windows Update mitigation events
### Mitigation360Telemetry.MitigationCustom.CleanupSafeOsImages
diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md
index 23b3637f84..d9cf6ceee1 100644
--- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md
+++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md
@@ -13,7 +13,7 @@ manager: dansimp
ms.collection: M365-security-compliance
ms.topic: article
audience: ITPro
-ms.date: 04/29/2021
+ms.date: 09/08/2021
---
@@ -38,7 +38,8 @@ Use this article to learn about diagnostic events, grouped by event area, and th
You can learn more about Windows functional and diagnostic data through these articles:
-- [Windows 10, version 21H1, Windows 10, version 20H2 and Windows 10, version 2004 basic diagnostic events and fields](required-windows-diagnostic-data-events-and-fields-2004.md)
+- [Required Windows 11 diagnostic events and fields](required-windows-11-diagnostic-events-and-fields.md)
+- [Windows 10, version 20H2 and Windows 10, version 2004 basic diagnostic events and fields](required-windows-diagnostic-data-events-and-fields-2004.md)
- [Windows 10, version 1809 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md)
- [Windows 10, version 1803 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1803.md)
- [Windows 10, version 1709 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1709.md)
@@ -468,8 +469,17 @@ The following fields are available:
- **DecisionMediaCenter_RS5** The total number of objects of this type present on this device.
- **DecisionMediaCenter_TH1** The total number of objects of this type present on this device.
- **DecisionMediaCenter_TH2** The total number of objects of this type present on this device.
+- **DecisionSModeState_19H1** The total number of objects of this type present on this device.
- **DecisionSModeState_20H1** The total number of objects of this type present on this device.
+- **DecisionSModeState_20H1Setup** The total number of objects of this type present on this device.
- **DecisionSModeState_21H1** The total number of objects of this type present on this device.
+- **DecisionSModeState_RS1** The total number of objects of this type present on this device.
+- **DecisionSModeState_RS2** The total number of objects of this type present on this device.
+- **DecisionSModeState_RS3** The total number of objects of this type present on this device.
+- **DecisionSModeState_RS4** The total number of objects of this type present on this device.
+- **DecisionSModeState_RS5** The total number of objects of this type present on this device.
+- **DecisionSModeState_TH1** The total number of objects of this type present on this device.
+- **DecisionSModeState_TH2** The total number of objects of this type present on this device.
- **DecisionSystemBios_19ASetup** The total number of objects of this type present on this device.
- **DecisionSystemBios_19H1** The total number of objects of this type present on this device.
- **DecisionSystemBios_19H1Setup** The total number of objects of this type present on this device.
@@ -487,17 +497,62 @@ The following fields are available:
- **DecisionSystemBios_RS5Setup** The total number of objects of this type present on this device.
- **DecisionSystemBios_TH1** The total number of objects of this type present on this device.
- **DecisionSystemBios_TH2** The total number of objects of this type present on this device.
+- **DecisionSystemDiskSize_19H1** The total number of objects of this type present on this device.
- **DecisionSystemDiskSize_20H1** The total number of objects of this type present on this device.
+- **DecisionSystemDiskSize_20H1Setup** The total number of objects of this type present on this device.
- **DecisionSystemDiskSize_21H1** The total number of objects of this type present on this device.
+- **DecisionSystemDiskSize_RS1** The total number of objects of this type present on this device.
+- **DecisionSystemDiskSize_RS2** The total number of objects of this type present on this device.
+- **DecisionSystemDiskSize_RS3** The total number of objects of this type present on this device.
+- **DecisionSystemDiskSize_RS4** The total number of objects of this type present on this device.
+- **DecisionSystemDiskSize_RS5** The total number of objects of this type present on this device.
+- **DecisionSystemDiskSize_TH1** The total number of objects of this type present on this device.
+- **DecisionSystemDiskSize_TH2** The total number of objects of this type present on this device.
+- **DecisionSystemMemory_19H1** The total number of objects of this type present on this device.
- **DecisionSystemMemory_20H1** The total number of objects of this type present on this device.
+- **DecisionSystemMemory_20H1Setup** The total number of objects of this type present on this device.
- **DecisionSystemMemory_21H1** The total number of objects of this type present on this device.
+- **DecisionSystemMemory_RS1** The total number of objects of this type present on this device.
+- **DecisionSystemMemory_RS2** The total number of objects of this type present on this device.
+- **DecisionSystemMemory_RS3** The total number of objects of this type present on this device.
+- **DecisionSystemMemory_RS4** The total number of objects of this type present on this device.
+- **DecisionSystemMemory_RS5** The total number of objects of this type present on this device.
+- **DecisionSystemMemory_TH1** The total number of objects of this type present on this device.
+- **DecisionSystemMemory_TH2** The total number of objects of this type present on this device.
- **DecisionSystemProcessor_RS2** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuCores_19H1** The total number of objects of this type present on this device.
- **DecisionSystemProcessorCpuCores_20H1** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuCores_20H1Setup** The total number of objects of this type present on this device.
- **DecisionSystemProcessorCpuCores_21H1** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuCores_RS1** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuCores_RS2** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuCores_RS3** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuCores_RS4** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuCores_RS5** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuCores_TH1** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuCores_TH2** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuModel_19H1** The total number of objects of this type present on this device.
- **DecisionSystemProcessorCpuModel_20H1** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuModel_20H1Setup** The total number of objects of this type present on this device.
- **DecisionSystemProcessorCpuModel_21H1** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuModel_RS1** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuModel_RS2** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuModel_RS3** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuModel_RS4** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuModel_RS5** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuModel_TH1** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuModel_TH2** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuSpeed_19H1** The total number of objects of this type present on this device.
- **DecisionSystemProcessorCpuSpeed_20H1** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuSpeed_20H1Setup** The total number of objects of this type present on this device.
- **DecisionSystemProcessorCpuSpeed_21H1** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuSpeed_RS1** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuSpeed_RS2** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuSpeed_RS3** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuSpeed_RS4** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuSpeed_RS5** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuSpeed_TH1** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuSpeed_TH2** The total number of objects of this type present on this device.
- **DecisionTest_19H1** The total number of objects of this type present on this device.
- **DecisionTest_20H1** The total number of objects of this type present on this device.
- **DecisionTest_20H1Setup** The total number of objects of this type present on this device.
@@ -510,10 +565,28 @@ The following fields are available:
- **DecisionTest_RS5** The total number of objects of this type present on this device.
- **DecisionTest_TH1** The total number of objects of this type present on this device.
- **DecisionTest_TH2** The total number of objects of this type present on this device.
+- **DecisionTpmVersion_19H1** The total number of objects of this type present on this device.
- **DecisionTpmVersion_20H1** The total number of objects of this type present on this device.
+- **DecisionTpmVersion_20H1Setup** The total number of objects of this type present on this device.
- **DecisionTpmVersion_21H1** The total number of objects of this type present on this device.
+- **DecisionTpmVersion_RS1** The total number of objects of this type present on this device.
+- **DecisionTpmVersion_RS2** The total number of objects of this type present on this device.
+- **DecisionTpmVersion_RS3** The total number of objects of this type present on this device.
+- **DecisionTpmVersion_RS4** The total number of objects of this type present on this device.
+- **DecisionTpmVersion_RS5** The total number of objects of this type present on this device.
+- **DecisionTpmVersion_TH1** The total number of objects of this type present on this device.
+- **DecisionTpmVersion_TH2** The total number of objects of this type present on this device.
+- **DecisionUefiSecureBoot_19H1** The total number of objects of this type present on this device.
- **DecisionUefiSecureBoot_20H1** The total number of objects of this type present on this device.
+- **DecisionUefiSecureBoot_20H1Setup** The total number of objects of this type present on this device.
- **DecisionUefiSecureBoot_21H1** The total number of objects of this type present on this device.
+- **DecisionUefiSecureBoot_RS1** The total number of objects of this type present on this device.
+- **DecisionUefiSecureBoot_RS2** The total number of objects of this type present on this device.
+- **DecisionUefiSecureBoot_RS3** The total number of objects of this type present on this device.
+- **DecisionUefiSecureBoot_RS4** The total number of objects of this type present on this device.
+- **DecisionUefiSecureBoot_RS5** The total number of objects of this type present on this device.
+- **DecisionUefiSecureBoot_TH1** The total number of objects of this type present on this device.
+- **DecisionUefiSecureBoot_TH2** The total number of objects of this type present on this device.
- **InventoryApplicationFile** The total number of objects of this type present on this device.
- **InventoryDeviceContainer** The total number of objects of this type present on this device.
- **InventoryDevicePnp** The total number of objects of this type present on this device.
@@ -1173,6 +1246,31 @@ The following fields are available:
- **AppraiserVersion** The version of the appraiser file generating the events.
+### Microsoft.Windows.Appraiser.General.DecisionSystemMemoryAdd
+
+This event sends compatibility decision data about the system memory to help keep Windows up to date. Microsoft uses this information to understand and address problems regarding system memory for computers receiving updates.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the appraiser file generating the events.
+- **Blocking** Blocking information.
+- **MemoryRequirementViolated** Memory information.
+- **ramKB** Memory information in KB.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionSystemMemoryStartSync
+
+The DecisionSystemMemoryStartSync event indicates that a new set of DecisionSystemMemoryAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the appraiser file generating the events.
+
+
### Microsoft.Windows.Appraiser.General.DecisionSystemProcessorCpuCoresAdd
This data attribute refers to the number of Cores a CPU supports. The data collected with this event is used to help keep Windows up to date.
@@ -1212,6 +1310,8 @@ The following fields are available:
- **CpuModel** Cpu model.
- **CpuStepping** Cpu stepping.
- **CpuVendor** Cpu vendor.
+- **PlatformId** CPU platform identifier.
+- **SysReqOverride** Appraiser decision about system requirements override.
### Microsoft.Windows.Appraiser.General.DecisionSystemProcessorCpuModelStartSync
@@ -1294,6 +1394,7 @@ The following fields are available:
- **AppraiserVersion** The version of the appraiser file generating the events.
- **Blocking** Appraiser upgradeability decision based on the device's TPM support.
+- **SysReqOverride** Appraiser decision about system requirements override.
- **TpmVersionInfo** The version of Trusted Platform Module (TPM) technology in the device.
@@ -1534,7 +1635,7 @@ The following fields are available:
### Microsoft.Windows.Appraiser.General.InventoryTestAdd
-This event provides diagnostic data for testing event adds.
+This event provides diagnostic data for testing event adds to help keep windows up to date.
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
@@ -2422,6 +2523,7 @@ The following fields are available:
- **ProcessorManufacturer** Name of the processor manufacturer.
- **ProcessorModel** Name of the processor model.
- **ProcessorPhysicalCores** Number of physical cores in the processor.
+- **ProcessorPlatformSpecificField1** Registry value HKLM\HARDWARE\DESCRIPTION\System\CentralProcessor\0, @Platform Specific Field 1. Platform Specific Field 1 of the Processor. Each vendor (e.g. Intel) defines the meaning differently. On Intel this is used to differentiate processors of the same generation, (e.g. Kaby Lake, KBL-G, KBL-H, KBL-R).
- **ProcessorUpdateRevision** The microcode revision.
- **ProcessorUpdateStatus** Enum value that represents the processor microcode load status
- **SocketCount** Count of CPU sockets.
@@ -3193,6 +3295,7 @@ The following fields are available:
- **CanCollectWindowsAnalyticsEvents** True if we can collect Windows Analytics data, false otherwise.
- **CanPerformDiagnosticEscalations** True if we can perform diagnostic escalation collection, false otherwise.
- **CanReportScenarios** True if we can report scenario completions, false otherwise.
+- **IsProcessorMode** True if it is Processor Mode, false otherwise.
- **PreviousPermissions** Bitmask of previous telemetry state.
- **TransitionFromEverythingOff** True if we are transitioning from all telemetry being disabled, false otherwise.
@@ -3734,6 +3837,19 @@ The following fields are available:
- **CV_new** New correlation vector.
+### Microsoft.Windows.DirectToUpdate.DTUHandlerCheckIfCoordinatorMinApplicableVersionSuccess
+
+This event indicates that the Handler CheckIfCoordinatorMinApplicableVersion call succeeded. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **CampaignID** ID of the update campaign being run.
+- **CheckIfCoordinatorMinApplicableVersionResult** Result of CheckIfCoordinatorMinApplicableVersion function.
+- **ClientID** ID of the client receiving the update.
+- **CoordinatorVersion** Coordinator version of Direct to Update.
+- **CV** Correlation vector.
+
+
### Microsoft.Windows.DirectToUpdate.DTUHandlerCommitGenericFailure
This event indicates that we have received an unexpected error in the Direct to Update (DTU) Handler Commit call. The data collected with this event is used to help keep Windows secure and up to date.
@@ -3748,6 +3864,19 @@ The following fields are available:
- **hResult** HRESULT of the failure.
+### Microsoft.Windows.DirectToUpdate.DTUHandlerCommitSuccess
+
+This event indicates that the Handler Commit call succeeded. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **CampaignID** ID of the update campaign being run.run
+- **ClientID** ID of the client receiving the update.
+- **CoordinatorVersion** Coordinator version of Direct to Update.
+- **CV** Correlation vector.
+- **CV_new** New correlation vector.
+
+
### Microsoft.Windows.DirectToUpdate.DTUHandlerDownloadAndExtractCabAlreadyDownloaded
This event indicates that the Handler Download and Extract cab returned a value indicating that the cab has already been downloaded. The data collected with this event is used to help keep Windows secure and up to date.
@@ -4171,9 +4300,11 @@ The following fields are available:
- **DeviceInstanceId** The unique identifier of the device in the system.
- **FirstInstallDate** The first time a driver was installed on this device.
+- **InstallFlags** Flag indicating how driver setup was called.
- **LastDriverDate** Date of the driver that is being replaced.
- **LastDriverInbox** Indicates whether the previous driver was included with Windows.
- **LastDriverInfName** Name of the INF file (the setup information file) of the driver being replaced.
+- **LastDriverPackageId** ID of the driver package installed on the device before the current install operation began. ID contains the name + architecture + hash.
- **LastDriverVersion** The version of the driver that is being replaced.
- **LastFirmwareDate** The date of the last firmware reported from the EFI System Resource Table (ESRT).
- **LastFirmwareRevision** The last firmware revision number reported from EFI System Resource Table (ESRT).
@@ -4475,43 +4606,43 @@ This event captures basic checksum data about the device inventory items stored
The following fields are available:
-- **Device** A count of device objects in the cache.
-- **DeviceCensus** A count of device census objects in the cache.
-- **DriverPackageExtended** A count of driverpackageextended objects in the cache.
-- **File** A count of file objects in the cache.
-- **FileSigningInfo** A count of file signing objects in the cache.
-- **Generic** A count of generic objects in the cache.
-- **HwItem** A count of hwitem objects in the cache.
-- **InventoryAcpiPhatHealthRecord** A count of ACPI PHAT health record objects in the cache.
-- **InventoryAcpiPhatVersionElement** A count of ACPI PHAT version element objects in the cache.
-- **InventoryApplication** A count of application objects in the cache.
-- **InventoryApplicationAppV** A count of application AppV objects in the cache.
-- **InventoryApplicationDriver** A count of application driver objects in the cache
-- **InventoryApplicationFile** A count of application file objects in the cache.
-- **InventoryApplicationFramework** A count of application framework objects in the cache
-- **InventoryApplicationShortcut** A count of application shortcut objects in the cache
-- **InventoryDeviceContainer** A count of device container objects in the cache.
-- **InventoryDeviceInterface** A count of Plug and Play device interface objects in the cache.
-- **InventoryDeviceMediaClass** A count of device media objects in the cache.
-- **InventoryDevicePnp** A count of device Plug and Play objects in the cache.
-- **InventoryDeviceSensor** A count of device sensor objects in the cache.
-- **InventoryDeviceUsbHubClass** A count of device usb objects in the cache
-- **InventoryDriverBinary** A count of driver binary objects in the cache.
-- **InventoryDriverPackage** A count of device objects in the cache.
-- **InventoryMiscellaneousOfficeAddIn** A count of office add-in objects in the cache
-- **InventoryMiscellaneousOfficeAddInUsage** A count of office add-in usage objects in the cache.
-- **InventoryMiscellaneousOfficeIdentifiers** A count of office identifier objects in the cache.
-- **InventoryMiscellaneousOfficeIESettings** A count of office ie settings objects in the cache.
-- **InventoryMiscellaneousOfficeInsights** A count of office insights objects in the cache.
-- **InventoryMiscellaneousOfficeProducts** A count of office products objects in the cache.
-- **InventoryMiscellaneousOfficeSettings** A count of office settings objects in the cache.
-- **InventoryMiscellaneousOfficeVBA** A count of office vba objects in the cache.
-- **InventoryMiscellaneousOfficeVBARuleViolations** A count of office vba rule violations objects in the cache.
-- **InventoryMiscellaneousUUPInfo** A count of uup info objects in the cache.
-- **InventoryVersion** The version of the inventory components.
-- **Metadata** A count of metadata objects in the cache.
-- **Orphan** A count of orphan file objects in the cache.
-- **Programs** A count of program objects in the cache.
+- **Device** A count of device objects in cache.
+- **DeviceCensus** A count of device census objects in cache.
+- **DriverPackageExtended** A count of driverpackageextended objects in cache.
+- **File** A count of file objects in cache.
+- **FileSigningInfo** A count of file signing objects in cache.
+- **Generic** A count of generic objects in cache.
+- **HwItem** A count of hwitem objects in cache.
+- **InventoryAcpiPhatHealthRecord** A count of ACPI PHAT health records in cache.
+- **InventoryAcpiPhatVersionElement** A count of ACPI PHAT version elements in cache
+- **InventoryApplication** A count of application objects in cache.
+- **InventoryApplicationAppV** A count of application AppV objects in cache.
+- **InventoryApplicationDriver** A count of application driver objects in cache
+- **InventoryApplicationFile** A count of application file objects in cache.
+- **InventoryApplicationFramework** A count of application framework objects in cache
+- **InventoryApplicationShortcut** A count of application shortcut objects in cache
+- **InventoryDeviceContainer** A count of device container objects in cache.
+- **InventoryDeviceInterface** A count of Plug and Play device interface objects in cache.
+- **InventoryDeviceMediaClass** A count of device media objects in cache.
+- **InventoryDevicePnp** A count of device Plug and Play objects in cache.
+- **InventoryDeviceSensor** A count of device sensors in cache.
+- **InventoryDeviceUsbHubClass** A count of device usb objects in cache
+- **InventoryDriverBinary** A count of driver binary objects in cache.
+- **InventoryDriverPackage** A count of device objects in cache.
+- **InventoryMiscellaneousOfficeAddIn** A count of office add-in objects in cache
+- **InventoryMiscellaneousOfficeAddInUsage** A count of office add-in usage objects in cache.
+- **InventoryMiscellaneousOfficeIdentifiers** A count of office identifier objects in cache
+- **InventoryMiscellaneousOfficeIESettings** A count of office ie settings objects in cache
+- **InventoryMiscellaneousOfficeInsights** A count of office insights objects in cache
+- **InventoryMiscellaneousOfficeProducts** A count of office products objects in cache
+- **InventoryMiscellaneousOfficeSettings** A count of office settings objects in cache
+- **InventoryMiscellaneousOfficeVBA** A count of office vba objects in cache
+- **InventoryMiscellaneousOfficeVBARuleViolations** A count of office vba rule violations objects in cache
+- **InventoryMiscellaneousUUPInfo** A count of uup info objects in cache
+- **InventoryVersion** The version of the inventory binary generating the events.
+- **Metadata** A count of metadata objects in cache.
+- **Orphan** A count of orphan file objects in cache.
+- **Programs** A count of program objects in cache.
### Microsoft.Windows.Inventory.Core.AmiTelCacheVersions
@@ -4550,6 +4681,7 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic
The following fields are available:
+- **AndroidPackageId** A unique identifier for an Android app.
- **HiddenArp** Indicates whether a program hides itself from showing up in ARP.
- **InstallDate** The date the application was installed (a best guess based on folder creation date heuristics).
- **InstallDateArpLastModified** The date of the registry ARP key for a given application. Hints at install date but not always accurate. Passed as an array. Example: 4/11/2015 00:00:00
@@ -4821,7 +4953,7 @@ The following fields are available:
- **HWID** The version of the driver loaded for the device.
- **Inf** The bus that enumerated the device.
- **InstallDate** The date of the most recent installation of the device on the machine.
-- **InstallState** The device installation state. For a list of values, see: [Device Install State](https://msdn.microsoft.com/library/windows/hardware/ff543130.aspx)
+- **InstallState** The device installation state. For a list of values, see [Device Install State](https://msdn.microsoft.com/library/windows/hardware/ff543130.aspx).
- **InventoryVersion** List of hardware ids for the device.
- **LowerClassFilters** Lower filter class drivers IDs installed for the device
- **LowerFilters** Lower filter drivers IDs installed for the device
@@ -5326,9 +5458,10 @@ The following fields are available:
- **ConnectionType** The first reported type of network connection currently connected. This can be one of Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth.
- **container_client_id** The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode.
- **container_session_id** The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode.
+- **device_sample_rate** A number representing how often the device sends telemetry, expressed as a percentage. Low values indicate that device sends more events and high values indicate that device sends fewer events. The value is rounded to 5 significant figures for privacy reasons and if an error is hit in getting the device sample number value from the registry then this will be -1; and if client is not on a UTC-enabled platform, then this value will not be set.
- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied.
- **EventInfo.Level** The minimum Windows diagnostic data level required for the event, where 1 is basic, 2 is enhanced, and 3 is full.
-- **experimentation_mode** A number representing the value set for the ExperimentationAndConfigurationServiceControl group policy. See https://docs.microsoft.com/DeployEdge/microsoft-edge-policies#experimentationandconfigurationservicecontrol for more details on this policy.
+- **experimentation_mode** A number representing the value set for the ExperimentationAndConfigurationServiceControl group policy. See [Microsoft Edge - Policies](/DeployEdge/microsoft-edge-policies#experimentationandconfigurationservicecontrol) for more details on this policy.
- **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour.
- **installSource** An enumeration representing the source of this installation: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13).
- **installSourceName** A string representation of the installation source.
@@ -5351,15 +5484,17 @@ The following fields are available:
- **app_sample_rate** A number representing how often the client sends telemetry, expressed as a percentage. Low values indicate that said client sends more events and high values indicate that said client sends fewer events.
- **app_version** The internal Edge build version string, taken from the UMA metrics field system_profile.app_version.
- **appConsentState** Bit flags describing consent for data collection on the machine or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000).
+- **AppSessionGuid** An identifier of a particular application session starting at process creation time and persisting until process end.
- **brandCode** Contains the 4 character brand code or distribution tag that has been assigned to a partner. Not every Windows install will have a brand code.
- **Channel** An integer indicating the channel of the installation (Canary or Dev).
- **client_id** A unique identifier with which all other diagnostic client data is associated, taken from the UMA metrics provider. This ID is effectively unique per device, per OS user profile, per release channel (e.g. Canary/Dev/Beta/Stable). client_id is not durable, based on user preferences. client_id is initialized on the first application launch under each OS user profile. client_id is linkable, but not unique across devices or OS user profiles. client_id is reset whenever UMA data collection is disabled, or when the application is uninstalled.
- **ConnectionType** The first reported type of network connection currently connected. This can be one of Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth.
- **container_client_id** The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode.
- **container_session_id** The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode.
+- **device_sample_rate** A number representing how often the device sends telemetry, expressed as a percentage. Low values indicate that device sends more events and high values indicate that device sends fewer events. The value is rounded to 5 significant figures for privacy reasons and if an error is hit in getting the device sample number value from the registry then this will be -1; and if client is not on a UTC-enabled platform, then this value will not be set.
- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied.
- **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full.
-- **experimentation_mode** A number representing the value set for the ExperimentationAndConfigurationServiceControl group policy. See https://docs.microsoft.com/DeployEdge/microsoft-edge-policies#experimentationandconfigurationservicecontrol for more details on this policy.
+- **experimentation_mode** A number representing the value set for the ExperimentationAndConfigurationServiceControl group policy. See [Microsoft Edge - Policies](/DeployEdge/microsoft-edge-policies#experimentationandconfigurationservicecontrol) for more details on this policy.
- **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour.
- **installSource** An enumeration representing the source of this installation: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13).
- **installSourceName** A string representation of the installation source.
@@ -5391,9 +5526,10 @@ The following fields are available:
- **container_client_id** The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode.
- **container_localId** If the device is using Windows Defender Application Guard, this is the Software Quality Metrics (SQM) ID of the container.
- **container_session_id** The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode.
+- **device_sample_rate** A number representing how often the device sends telemetry, expressed as a percentage. Low values indicate that device sends more events and high values indicate that device sends fewer events. The value is rounded to 5 significant figures for privacy reasons and if an error is hit in getting the device sample number value from the registry then this will be -1; and if client is not on a UTC-enabled platform, then this value will not be set.
- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied.
- **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full.
-- **experimentation_mode** A number representing the value set for the ExperimentationAndConfigurationServiceControl group policy. See https://docs.microsoft.com/DeployEdge/microsoft-edge-policies#experimentationandconfigurationservicecontrol for more details on this policy.
+- **experimentation_mode** A number representing the value set for the ExperimentationAndConfigurationServiceControl group policy. See [Microsoft Edge - Policies](/DeployEdge/microsoft-edge-policies#experimentationandconfigurationservicecontrol) for more details on this policy.
- **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour.
- **installSource** An enumeration representing the source of this installation: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13).
- **installSourceName** A string representation of the installation source.
@@ -5423,9 +5559,10 @@ The following fields are available:
- **ConnectionType** The first reported type of network connection currently connected. This can be one of Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth.
- **container_client_id** The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode.
- **container_session_id** The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode.
+- **device_sample_rate** A number representing how often the device sends telemetry, expressed as a percentage. Low values indicate that device sends more events and high values indicate that device sends fewer events. The value is rounded to 5 significant figures for privacy reasons and if an error is hit in getting the device sample number value from the registry then this will be -1; and if client is not on a UTC-enabled platform, then this value will not be set.
- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied.
- **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full.
-- **experimentation_mode** A number representing the value set for the ExperimentationAndConfigurationServiceControl group policy. See https://docs.microsoft.com/DeployEdge/microsoft-edge-policies#experimentationandconfigurationservicecontrol for more details on this policy.
+- **experimentation_mode** A number representing the value set for the ExperimentationAndConfigurationServiceControl group policy. See [Microsoft Edge - Policies](/DeployEdge/microsoft-edge-policies#experimentationandconfigurationservicecontrol) for more details on this policy.
- **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour.
- **installSource** An enumeration representing the source of this installation: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13).
- **installSourceName** A string representation of the installation source.
@@ -5456,10 +5593,13 @@ The following fields are available:
- **appConsentState** Bit flags describing the diagnostic data disclosure and response flow where 1 indicates the affirmative and 0 indicates the negative or unspecified data. Bit 1 indicates consent was given, bit 2 indicates data originated from the download page, bit 18 indicates choice for sending data about how the browser is used, and bit 19 indicates choice for sending data about websites visited.
- **appDayOfInstall** The date-based counting equivalent of appInstallTimeDiffSec (the numeric calendar day that the app was installed on). This value is provided by the server in the response to the first request in the installation flow. The client MAY fuzz this value to the week granularity (e.g. send '0' for 0 through 6, '7' for 7 through 13, etc.). The first communication to the server should use a special value of '-1'. A value of '-2' indicates that this value is not known. Please see the wiki for additional information. Default: '-2'.
- **appExperiments** A key/value list of experiment identifiers. Experiment labels are used to track membership in different experimental groups, and may be set at install or update time. The experiments string is formatted as a semicolon-delimited concatenation of experiment label strings. An experiment label string is an experiment Name, followed by the '=' character, followed by an experimental label value. For example: 'crdiff=got_bsdiff;optimized=O3'. The client should not transmit the expiration date of any experiments it has, even if the server previously specified a specific expiration date. Default: ''.
+- **appInstallTime** The product install time in seconds. '0' if unknown. Default: '-1'.
- **appInstallTimeDiffSec** The difference between the current time and the install date in seconds. '0' if unknown. Default: '-1'.
- **appLang** The language of the product install, in IETF BCP 47 representation. Default: ''.
+- **appLastLaunchTime** The time when browser was last launched.
- **appNextVersion** The version of the app that the update flow to which this event belongs attempted to reach, regardless of the success or failure of the update operation. Please see the wiki for additional information. Default: '0.0.0.0'.
- **appPingEventAppSize** The total number of bytes of all downloaded packages. Default: '0'.
+- **appPingEventDoneBeforeOOBEComplete** Indicates whether the install or update was completed before Windows Out of the Box Experience ends. 1 means event completed before OOBE finishes; 0 means event was not completed before OOBE finishes; -1 means the field does not apply.
- **appPingEventDownloadMetricsCdnCCC** ISO 2 character country code that matches to the country updated binaries are delivered from. E.g.: US.
- **appPingEventDownloadMetricsCdnCID** Numeric value used to internally track the origins of the updated binaries. For example, 2.
- **appPingEventDownloadMetricsDownloadedBytes** For events representing a download, the number of bytes expected to be downloaded. For events representing an entire update flow, the sum of all such expected bytes over the course of the update flow. Default: '0'.
@@ -5476,9 +5616,11 @@ The following fields are available:
- **appPingEventExtraCode1** Additional numeric information about the operation's result, encoded as a signed, base-10 integer. Default: '0'.
- **appPingEventInstallTimeMs** For events representing an install, the time elapsed between the start of the install and the end of the install, in milliseconds. For events representing an entire update flow, the sum of all such durations. Sent in events that have an event type of '2' and '3' only. Default: '0'.
- **appPingEventNumBytesDownloaded** The number of bytes downloaded for the specified application. Default: '0'.
+- **appPingEventPackageCacheResult** Indicates whether there is an existing package cached in the system to update or install. 1 means that there's a cache hit under the expected key; 2 means there's a cache hit under a different key; 0 means that there's a cache miss; -1 means the field does not apply.
- **appPingEventSequenceId** An id that uniquely identifies particular events within one requestId. Since a request can contain multiple ping events, this field is necessary to uniquely identify each possible event.
- **appPingEventSourceUrlIndex** For events representing a download, the position of the download URL in the list of URLs supplied by the server in a "urls" tag.
- **appPingEventUpdateCheckTimeMs** For events representing an entire update flow, the time elapsed between the start of the update check and the end of the update check, in milliseconds. Sent in events that have an event type of '2' and '3' only. Default: '0'.
+- **appReferralHash** The hash of the referral code used to install the product. '0' if unknown. Default: '0'.
- **appUpdateCheckIsUpdateDisabled** The state of whether app updates are restricted by group policy. True if updates have been restricted by group policy or false if they have not.
- **appUpdateCheckTargetVersionPrefix** A component-wise prefix of a version number, or a complete version number suffixed with the $ character. The server should not return an update instruction to a version number that does not match the prefix or complete version number. The prefix is interpreted a dotted-tuple that specifies the exactly-matching elements; it is not a lexical prefix (for example, '1.2.3' must match '1.2.3.4' but must not match '1.2.34'). Default: ''.
- **appUpdateCheckTtToken** An opaque access token that can be used to identify the requesting client as a member of a trusted-tester group. If non-empty, the request should be sent over SSL or another secure protocol. Default: ''.
@@ -5537,9 +5679,10 @@ The following fields are available:
- **ConnectionType** The first reported type of network connection currently connected. This can be one of Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth.
- **container_client_id** The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode.
- **container_session_id** The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode.
+- **device_sample_rate** A number representing how often the device sends telemetry, expressed as a percentage. Low values indicate that device sends more events and high values indicate that device sends fewer events. The value is rounded to 5 significant figures for privacy reasons and if an error is hit in getting the device sample number value from the registry then this will be -1; and if client is not on a UTC-enabled platform, then this value will not be set.
- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied.
- **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full.
-- **experimentation_mode** A number representing the value set for the ExperimentationAndConfigurationServiceControl group policy. See https://docs.microsoft.com/DeployEdge/microsoft-edge-policies#experimentationandconfigurationservicecontrol for more details on this policy.
+- **experimentation_mode** A number representing the value set for the ExperimentationAndConfigurationServiceControl group policy. See [Microsoft Edge - Policies](/DeployEdge/microsoft-edge-policies#experimentationandconfigurationservicecontrol) for more details on this policy.
- **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour.
- **installSource** An enumeration representing the source of this installation: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13).
- **installSourceName** A string representation of the installation source.
@@ -5772,7 +5915,7 @@ The following fields are available:
- **SourceOSVersion** The source version of the operating system.
-## ONNX runtime events
+## Other events
### Microsoft.ML.ONNXRuntime.ProcessInfo
@@ -5798,6 +5941,402 @@ The following fields are available:
- **totalRunDuration** Total running/evaluation time from last time.
- **totalRuns** Total number of running/evaluation from last time.
+
+### Microsoft.Surface.Battery.Prod.BatteryInfoEvent
+
+This event includes the hardware level data about battery performance. The data collected with this event is used to help keep Windows products and services performing properly.
+
+The following fields are available:
+
+- **batteryData** Hardware level data about battery performance.
+- **batteryData.data()** Battery performance data.
+- **BatteryDataSize:** Size of the battery performance data.
+- **batteryInfo.data()** Battery performance data.
+- **BatteryInfoSize:** Battery performance data.
+- **pszBatteryDataXml** Battery performance data.
+- **szBatteryInfo** Battery performance data.
+
+
+### Microsoft.Windows.UpdateHealthTools.ExpediteBlocked
+
+This event indicates that an update detection has occurred and the targeted install has been blocked. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **CV** A correlation vector.
+- **ExpeditePolicyId** The policy id of the expedite request.
+- **ExpediteUpdaterOfferedUpdateId** An Update Id of the LCU expected to be expedited
+- **ExpediteUpdatesInProgress** A list of update IDs in progress.
+- **ExpediteUsoCorrelationVector** The correlation vector for the current USO session.
+- **ExpediteUsoLastError** The last error returned by USO
+- **GlobalEventCounter** Counts the number of events for this provider.
+- **PackageVersion** The package version of the label.
+
+
+### Microsoft.Windows.UpdateHealthTools.ExpediteCompleted
+
+This event indicates that the update has been completed. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **CV** A correlation vector.
+- **ExpeditePolicyId** The policy Id of the expedite request.
+- **ExpediteUpdaterOfferedUpdateId** The Update Id of the LCU expected to be expedited.
+- **ExpediteUpdatesInProgress** The list of update IDs in progress.
+- **ExpediteUsoCorrelationVector** The correlation vector for the current USO session.
+- **ExpediteUsoLastError** The last error returned by USO.
+- **GlobalEventCounter** Counts the number of events for this provider.
+- **PackageVersion** The package version of the label.
+
+
+### Microsoft.Windows.UpdateHealthTools.ExpediteDetectionStarted
+
+This event indicates that the detection phase of USO has started. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **CV** Correlation vector.
+- **ExpeditePolicyId** The policy ID of the expedite request.
+- **ExpediteUpdaterOfferedUpdateId** UpdateId of the LCU expected to be expedited.
+- **ExpediteUpdatesInProgress** List of update IDs in progress.
+- **ExpediteUsoCorrelationVector** The correlation vector for the current USO session.
+- **ExpediteUsoLastError** The last error returned by USO.
+- **GlobalEventCounter** Counts the number of events for this provider.
+- **PackageVersion** The package version label.
+
+
+### Microsoft.Windows.UpdateHealthTools.ExpediteDownloadStarted
+
+This event indicates that the download phase of USO has started. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **CV** A correlation vector.
+- **ExpeditePolicyId** The policy Id of the expedite request.
+- **ExpediteUpdaterOfferedUpdateId** Update Id of the LCU expected to be expedited.
+- **ExpediteUpdatesInProgress** A list of update IDs in progress.
+- **ExpediteUsoCorrelationVector** The correlation vector for the current USO session.
+- **ExpediteUsoLastError** The last error returned by USO.
+- **GlobalEventCounter** Counts the number of events for this provider.
+- **PackageVersion** The package version label.
+
+
+### Microsoft.Windows.UpdateHealthTools.ExpediteInstallStarted
+
+This event indicates that the install phase of USO has started. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **CV** Correlation vector.
+- **ExpeditePolicyId** The policy ID of the expedite request.
+- **ExpediteUpdaterOfferedUpdateId** UpdateId of the LCU expected to be expedited.
+- **ExpediteUpdatesInProgress** List of update IDs in progress.
+- **ExpediteUsoCorrelationVector** The correlation vector for the current USO session.
+- **ExpediteUsoLastError** The last error returned by USO.
+- **GlobalEventCounter** Counts the number of events for this provider.
+- **PackageVersion** The package version label.
+
+
+### Microsoft.Windows.UpdateHealthTools.ExpediteUpdaterAlreadyExpectedUbr
+
+This event indicates that the device is already on the expected UBR. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **CV** Correlation vector.
+- **ExpediteErrorBitMap** Bit map value for any error code.
+- **ExpeditePolicyId** The policy id of the expedite request.
+- **ExpediteResult** Boolean value for success or failure.
+- **ExpediteUpdaterCurrentUbr** The ubr of the device.
+- **ExpediteUpdaterExpectedUbr** The expected ubr of the device.
+- **ExpediteUpdaterOfferedUpdateId** Update Id of the LCU expected to be expedited.
+- **ExpediteUpdaterPolicyRestoreResult** HRESULT of the policy restore.
+- **GlobalEventCounter** Counts the number of events for this provider.
+- **PackageVersion** The package version label.
+
+
+### Microsoft.Windows.UpdateHealthTools.ExpediteUpdaterFailedToUpdateToExpectedUbr
+
+This event indicates the expected UBR of the device. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **CV** Correlation vector.
+- **ExpediteErrorBitMap** Bit map value for any error code.
+- **ExpeditePolicyId** The policy ID of the expedite request.
+- **ExpediteResult** Boolean value for success or failure.
+- **ExpediteUpdaterOfferedUpdateId** UpdateId of the LCU expected to be expedited.
+- **ExpediteUpdaterPolicyRestoreResult** HRESULT of the policy restore.
+- **GlobalEventCounter** Counts the number of events for this provider.
+- **PackageVersion** The package version label.
+
+
+### Microsoft.Windows.UpdateHealthTools.ExpediteUpdaterRebootComplete
+
+This event indicates that the expedite update is completed with reboot. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **CV** Correlation vector.
+- **ExpeditePolicyId** The policy id of the expedite request.
+- **ExpediteResult** Boolean value for success or failure.
+- **ExpediteUpdaterCurrentUbr** The ubr of the device.
+- **ExpediteUpdaterOfferedUpdateId** Update Id of the LCU expected to be expedited.
+- **ExpediteUpdaterPolicyRestoreResult** HRESULT of the policy restore.
+- **ExpediteUpdatesInProgress** Comma delimited list of updates in progress.
+- **ExpediteUsoCorrelationVector** The current USO correlation vector as surfaced from the USO store.
+- **ExpediteUsoLastError** The last error as surfaced from the USO store.
+- **GlobalEventCounter** Counts the number of events for this provider.
+- **PackageVersion** The package version label.
+
+
+### Microsoft.Windows.UpdateHealthTools.ExpediteUpdaterRebootRequired
+
+This event indicates that the device has finished servicing and a reboot is required. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **CV** Correlation vector.
+- **ExpeditePolicyId** The policy ID of the expedite request.
+- **ExpediteUpdaterOfferedUpdateId** UpdateId of the LCU expected to be expedited.
+- **ExpediteUpdatesInProgress** Comma delimited list of update IDs currently being offered.
+- **ExpediteUsoCorrelationVector** The correlation vector from the USO session.
+- **ExpediteUsoLastError** Last HResult from the current USO session.
+- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user.
+- **PackageVersion** Current package version of UpdateHealthTools.
+
+
+### Microsoft.Windows.UpdateHealthTools.ExpediteUpdaterScanCompleted
+
+This event sends results of the expedite USO scan. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **CV** Correlation vector.
+- **ExpediteCbsServicingInProgressStatus** True if servicing is in progress in cbs for the device.
+- **ExpediteErrorBitMap** Bit map value for any error code.
+- **ExpeditePolicyId** The policy ID of the expedite request.
+- **ExpediteResult** Boolean value for success or failure.
+- **ExpediteScheduledTaskCreated** Indicates whether the scheduled task was created (true/false).
+- **ExpediteScheduledTaskHresult** HRESULT for scheduled task creation.
+- **ExpediteUpdaterCurrentUbr** The UBR of the device.
+- **ExpediteUpdaterExpectedUbr** The expected UBR of the device.
+- **ExpediteUpdaterMonitorResult** HRESULT of the USO monitoring.
+- **ExpediteUpdaterOfferedUpdateId** UpdateId of the LCU expected to be expedited.
+- **ExpediteUpdaterScanResult** HRESULT of the expedite USO scan.
+- **ExpediteUpdaterUsoResult** HRESULT of the USO initialization and resume API calls.
+- **ExpediteUsoCorrelationVector** The correlation vector for the current USO session.
+- **ExpediteUsoLastError** The last error returned by USO.
+- **GlobalEventCounter** Counts the number of events for this provider.
+- **PackageVersion** The package version label.
+- **UsoFrequencyKey** Indicates whether the USO frequency key was found on the device (true/false).
+
+
+### Microsoft.Windows.UpdateHealthTools.ExpediteUpdaterScanStarted
+
+This event sends telemetry that USO scan has been started. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **CV** Correlation vector.
+- **ExpediteErrorBitMap** Bit map value for any error code.
+- **ExpediteHoursOfUpTimeSincePolicy** The number of hours the device has been active since it received a policy.
+- **ExpeditePolicyId** The policy Id of the expedite request.
+- **ExpediteResult** Boolean value for success or failure.
+- **ExpediteUpdaterCurrentUbr** The UBR of the device.
+- **ExpediteUpdaterExpectedUbr** The expected UBR of the device.
+- **ExpediteUpdaterOfferedUpdateId** UpdateId of the LCU expected to be expedited.
+- **ExpediteUpdaterUsoIntiatedScan** True when USO scan has been called.
+- **ExpediteUsoCorrelationVector** The correlation vector for the current USO session.
+- **ExpediteUsoLastError** The last error returned by USO.
+- **GlobalEventCounter** Counts the number of events for this provider.
+- **PackageVersion** The package version label.
+- **UsoFrequencyKey** Indicates whether the USO frequency key was found on the device (true/false).
+
+
+### Microsoft.Windows.UpdateHealthTools.UnifiedInstallerEnd
+
+This event indicates that the unified installer has completed. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **CV** Correlation vector.
+- **GlobalEventCounter** The event counter for telemetry events on the device for currency tools.
+- **PackageVersion** The package version label for currency tools.
+- **UnifiedInstallerInstallResult** The final result code for the unified installer.
+- **UnifiedInstallerPlatformResult** The result code from determination of the platform type.
+- **UnifiedInstallerPlatformType** The enum indicating the platform type.
+
+
+### Microsoft.Windows.UpdateHealthTools.UnifiedInstallerStart
+
+This event indicates that the installation has started for the unified installer. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **CV** The correlation vector.
+- **GlobalEventCounter** Counts the events at the global level for telemetry.
+- **PackageVersion** The package version for currency tools.
+- **UnifiedInstallerDeviceAADJoinedHresult** The result code after checking if device is AAD joined.
+- **UnifiedInstallerDeviceInDssPolicy** Boolean indicating whether the device is found to be in a DSS policy.
+- **UnifiedInstallerDeviceInDssPolicyHresult** The result code for checking whether the device is found to be in a DSS policy.
+- **UnifiedInstallerDeviceIsAADJoined** Boolean indicating whether a device is AADJ.
+- **UnifiedInstallerDeviceIsAdJoined** Boolean indicating whether a device is AD joined.
+- **UnifiedInstallerDeviceIsAdJoinedHresult** The result code for checking whether a device is AD joined.
+- **UnifiedInstallerDeviceIsEducationSku** Boolean indicating whether a device is Education SKU.
+- **UnifiedInstallerDeviceIsEducationSkuHresult** The result code from checking whether a device is Education SKU.
+- **UnifiedInstallerDeviceIsEnterpriseSku** Boolean indicating whether a device is Enterprise SKU.
+- **UnifiedInstallerDeviceIsEnterpriseSkuHresult** The result code from checking whether a device is Enterprise SKU.
+- **UnifiedInstallerDeviceIsHomeSku** Boolean indicating whether a device is Home SKU.
+- **UnifiedInstallerDeviceIsHomeSkuHresult** The result code from checking whether device is Home SKU.
+- **UnifiedInstallerDeviceIsMdmManaged** Boolean indicating whether a device is MDM managed.
+- **UnifiedInstallerDeviceIsMdmManagedHresult** The result code from checking whether a device is MDM managed.
+- **UnifiedInstallerDeviceIsProSku** Boolean indicating whether a device is Pro SKU.
+- **UnifiedInstallerDeviceIsProSkuHresult** The result code from checking whether a device is Pro SKU.
+- **UnifiedInstallerDeviceIsSccmManaged** Boolean indicating whether a device is SCCM managed.
+- **UnifiedInstallerDeviceIsSccmManagedHresult** The result code from checking whether a device is SCCM managed.
+- **UnifiedInstallerDeviceWufbManaged** Boolean indicating whether a device is Wufb managed.
+- **UnifiedInstallerDeviceWufbManagedHresult** The result code from checking whether a device is Wufb managed.
+- **UnifiedInstallerPlatformResult** The result code from checking what platform type the device is.
+- **UnifiedInstallerPlatformType** The enum indicating the type of platform detected.
+- **UnifiedInstUnifiedInstallerDeviceIsHomeSkuHresultllerDeviceIsHomeSku** The result code from checking whether a device is Home SKU.
+
+
+### Microsoft.Windows.UpdateHealthTools.UpdateHealthToolsBlobNotificationRetrieved
+
+This event is sent when a blob notification is received. The data collected with this event is used to help keep Windows up to date and secure.
+
+The following fields are available:
+
+- **CV** Correlation vector.
+- **GlobalEventCounter** Counts the number of events for this provider.
+- **PackageVersion** The package version of the label.
+- **UpdateHealthToolsBlobNotificationNotEmpty** True if the blob notification is not empty.
+
+
+### Microsoft.Windows.UpdateHealthTools.UpdateHealthToolsDeviceInformationUploaded
+
+This event is received when the UpdateHealthTools service uploads device information. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **CV** Correlation vector.
+- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user.
+- **PackageVersion** Current package version of remediation.
+- **UpdateHealthToolsDeviceUbrChanged** 1 if the Ubr just changed, 0 otherwise.
+- **UpdateHealthToolsDeviceUri** The URI to be used for push notifications on this device.
+
+
+### Microsoft.Windows.UpdateHealthTools.UpdateHealthToolsDeviceInformationUploadFailed
+
+This event provides information for device which failed to upload the details. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **CV** Correlation vector.
+- **GlobalEventCounter** Telemetry event counter.
+- **PackageVersion** Version label of the package sending telemetry.
+- **UpdateHealthToolsEnterpriseActionResult** Result of running the tool expressed as an HRESULT.
+
+
+### Microsoft.Windows.UpdateHealthTools.UpdateHealthToolsPushNotificationCompleted
+
+This event is received when a push notification has been completed by the UpdateHealthTools service. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **CV** Correlation vector.
+- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user.
+- **PackageVersion** Current package version of UpdateHealthTools.
+- **UpdateHealthToolsEnterpriseActionResult** The HRESULT return by the enterprise action.
+- **UpdateHealthToolsEnterpriseActionType** Enum describing the type of action requested by the push.
+
+
+### Microsoft.Windows.UpdateHealthTools.UpdateHealthToolsPushNotificationReceived
+
+This event is received when the UpdateHealthTools service receives a push notification. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **CV** Correlation vector.
+- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user.
+- **PackageVersion** Current package version of UpdateHealthTools.
+- **UpdateHealthToolsDeviceUri** The URI to be used for push notifications on this device.
+- **UpdateHealthToolsEnterpriseActionType** Enum describing the type of action requested by the push.
+- **UpdateHealthToolsPushCurrentChannel** The channel used to receive notification.
+- **UpdateHealthToolsPushCurrentRequestId** The request ID for the push.
+- **UpdateHealthToolsPushCurrentResults** The results from the push request.
+- **UpdateHealthToolsPushCurrentStep** The current step for the push notification.
+
+
+### Microsoft.Windows.UpdateHealthTools.UpdateHealthToolsPushNotificationStatus
+
+This event is received when there is status on a push notification. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **CV** Correlation vector.
+- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user.
+- **PackageVersion** Current package version of UpdateHealthTools.
+- **UpdateHealthToolsDeviceUri** The URI to be used for push notifications on this device.
+- **UpdateHealthToolsEnterpriseActionType** Enum describing the type of action requested by the push.
+- **UpdateHealthToolsPushCurrentRequestId** The request ID for the push.
+- **UpdateHealthToolsPushCurrentResults** The results from the push request.
+- **UpdateHealthToolsPushCurrentStep** The current step for the push notification
+
+
+### Microsoft.Windows.UpdateHealthTools.UpdateHealthToolsServiceBlobDocumentDetails
+
+The event indicates the details about the blob used for update health tools. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **CV** A correlation vector.
+- **GlobalEventCounter** This is a client side counter which indicates ordering of events sent by the user.
+- **PackageVersion** The package version of the label.
+- **UpdateHealthToolsDevicePolicyFileName** The default name of the policy blob file.
+- **UpdateHealthToolsDssDeviceApiSegment** The URI segment for reading the DSS device pointer.
+- **UpdateHealthToolsDssDeviceId** The AAD ID of the device used to create the device ID hash.
+- **UpdateHealthToolsDssDevicePolicyApiSegment** The segment of the device policy API pointer.
+- **UpdateHealthToolsDssTenantId** The tenant id of the device used to create the tenant id hash.
+- **UpdateHealthToolsHashedDeviceId** The SHA256 hash of the device id.
+- **UpdateHealthToolsHashedTenantId** The SHA256 hash of the device tenant id.
+
+
+### Microsoft.Windows.UpdateHealthTools.UpdateHealthToolsServiceBlockedByNoDSSJoin
+
+The event is sent when the device is not joined to AAD. The data collected with this event is used to help keep Windows up to date and secure.
+
+The following fields are available:
+
+- **CV** Correlation vector.
+- **GlobalEventCounter** The global event counter counts the total events for the provider.
+- **PackageVersion** The version for the current package.
+- **UpdateHealthToolsServiceBlockedByNoDSSJoinHr** The result code returned when checking for WUFB cloud membership.
+
+
+### Microsoft.Windows.UpdateHealthTools.UpdateHealthToolsServiceIsDSSJoin
+
+This event is sent when a device has been detected as DSS device. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **CV** A correlation vector.
+- **GlobalEventCounter** This is a client side counter which indicates ordering of events sent by this user.
+- **PackageVersion** The package version of the label.
+
+
+### Microsoft.Windows.UpdateHealthTools.UpdateHealthToolsServiceStarted
+
+This event is sent when the service first starts. It is a heartbeat indicating that the service is available on the device. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **CV** Correlation vector.
+- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user.
+- **PackageVersion** Current package version of remediation.
+
+
## Privacy consent logging events
### Microsoft.Windows.Shell.PrivacyConsentLogging.PrivacyConsentCompleted
@@ -6487,21 +7026,6 @@ The following fields are available:
## Surface events
-### Microsoft.Surface.Battery.Prod.BatteryInfoEvent
-
-This event includes the hardware level data about battery performance. The data collected with this event is used to help keep Windows products and services performing properly.
-
-The following fields are available:
-
-- **batteryData** Hardware level data about battery performance.
-- **batteryData.data()** Battery performance data.
-- **BatteryDataSize:** Size of the battery performance data.
-- **batteryInfo.data()** Battery performance data.
-- **BatteryInfoSize:** Battery performance data.
-- **pszBatteryDataXml** Battery performance data.
-- **szBatteryInfo** Battery performance data.
-
-
### Microsoft.Surface.Health.Binary.Prod.McuHealthLog
This event collects information to keep track of health indicator of the built-in micro controller. For example, the number of abnormal shutdowns due to power issues during boot sequence, type of display panel attached to base, thermal indicator, throttling data in hardware etc. The data collected with this event is used to help keep Windows secure and performing properly.
@@ -6899,7 +7423,7 @@ The following fields are available:
- **ScenarioId** Indicates the update scenario.
- **SessionId** Unique value for each update attempt.
- **UpdateId** Unique ID for each update.
-- **Version** Version of update.
+- **Version** Version of update
### Update360Telemetry.UpdateAgentOneSettings
@@ -9032,6 +9556,7 @@ The following fields are available:
- **hrInteractionHandler** The error (if any) reported by the RUXIM Interaction Handler while processing the interaction campaign.
- **hrScheduler** The error (if any) encountered by RUXIM Interaction Campaign Scheduler itself while processing the interaction campaign.
- **InteractionCampaignID** The ID of the interaction campaign that was processed.
+- **LanguageCode** The language used to display the interaction campaign.
- **ResultId** The result of the evaluation/presentation.
- **WasCompleted** True if the interaction campaign is complete.
- **WasPresented** True if the Interaction Handler displayed the interaction campaign to the user.
@@ -9058,6 +9583,7 @@ This event is sent when RUXIM completes checking with OneSettings to retrieve an
The following fields are available:
+- **ETagValue** eTag for sync.
- **hrInitialize** Error, if any, that occurred while initializing OneSettings.
- **hrQuery** Error, if any, that occurred while retrieving UX interaction campaign data from OneSettings.
@@ -9068,6 +9594,27 @@ This event is sent when RUXIM begins checking with OneSettings to retrieve any U
+### Microsoft.Windows.WindowsUpdate.RUXIM.IHBeginPresentation
+
+This event is generated when RUXIM is about to present an interaction campaign to the user. The data collected with this event is used to help keep Windows up to date and performing properly.
+
+The following fields are available:
+
+- **InteractionCampaignID** GUID identifying interaction campaign being presented.
+
+
+### Microsoft.Windows.WindowsUpdate.RUXIM.IHEndPresentation
+
+This event is generated when Interaction Handler completes presenting an interaction campaign to the user. The data collected with this event is used to help keep Windows up to date and performing properly.
+
+The following fields are available:
+
+- **hrPresentation** Error, if any, occurring during the presentation.
+- **InteractionCampaignID** GUID identifying the interaction campaign being presented.
+- **ResultId** Result generated by the presentation.
+- **WasCompleted** True if the interaction campaign is now considered complete.
+
+
### Microsoft.Windows.WindowsUpdate.RUXIM.IHEvaluateAndPresent
This event is generated when the RUXIM Interaction Handler finishes evaluating, and possibly presenting an interaction campaign. The data collected with this event is used to help keep Windows up to date and performing properly.
@@ -9112,384 +9659,6 @@ The following fields are available:
- **NodeEvaluationData** Structure showing the results of individual checks that occurred during the overall evaluation.
- **Result** Overall result generated by the evaluation.
-### Microsoft.Windows.UpdateHealthTools.ExpediteBlocked
-
-This event indicates that an update detection has occurred and the targeted install has been blocked. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CV** A correlation vector.
-- **ExpeditePolicyId** The policy id of the expedite request.
-- **ExpediteUpdaterOfferedUpdateId** An Update Id of the LCU expected to be expedited
-- **ExpediteUpdatesInProgress** A list of update IDs in progress.
-- **ExpediteUsoCorrelationVector** The correlation vector for the current USO session.
-- **ExpediteUsoLastError** The last error returned by USO
-- **GlobalEventCounter** Counts the number of events for this provider.
-- **PackageVersion** The package version of the label.
-
-
-### Microsoft.Windows.UpdateHealthTools.ExpediteCompleted
-
-This event indicates that the update has been completed. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CV** A correlation vector.
-- **ExpeditePolicyId** The policy Id of the expedite request.
-- **ExpediteUpdaterOfferedUpdateId** The Update Id of the LCU expected to be expedited.
-- **ExpediteUpdatesInProgress** The list of update IDs in progress.
-- **ExpediteUsoCorrelationVector** The correlation vector for the current USO session.
-- **ExpediteUsoLastError** The last error returned by USO.
-- **GlobalEventCounter** Counts the number of events for this provider.
-- **PackageVersion** The package version of the label.
-
-
-### Microsoft.Windows.UpdateHealthTools.ExpediteDetectionStarted
-
-This event indicates that the detection phase of USO has started. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CV** Correlation vector.
-- **ExpeditePolicyId** The policy ID of the expedite request.
-- **ExpediteUpdaterOfferedUpdateId** UpdateId of the LCU expected to be expedited.
-- **ExpediteUpdatesInProgress** List of update IDs in progress.
-- **ExpediteUsoCorrelationVector** The correlation vector for the current USO session.
-- **ExpediteUsoLastError** The last error returned by USO.
-- **GlobalEventCounter** Counts the number of events for this provider.
-- **PackageVersion** The package version label.
-
-
-### Microsoft.Windows.UpdateHealthTools.ExpediteDownloadStarted
-
-This event indicates that the download phase of USO has started. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CV** A correlation vector.
-- **ExpeditePolicyId** The policy Id of the expedite request.
-- **ExpediteUpdaterOfferedUpdateId** Update Id of the LCU expected to be expedited.
-- **ExpediteUpdatesInProgress** A list of update IDs in progress.
-- **ExpediteUsoCorrelationVector** The correlation vector for the current USO session.
-- **ExpediteUsoLastError** The last error returned by USO.
-- **GlobalEventCounter** Counts the number of events for this provider.
-- **PackageVersion** The package version label.
-
-
-### Microsoft.Windows.UpdateHealthTools.ExpediteInstallStarted
-
-This event indicates that the install phase of USO has started. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CV** Correlation vector.
-- **ExpeditePolicyId** The policy ID of the expedite request.
-- **ExpediteUpdaterOfferedUpdateId** UpdateId of the LCU expected to be expedited.
-- **ExpediteUpdatesInProgress** List of update IDs in progress.
-- **ExpediteUsoCorrelationVector** The correlation vector for the current USO session.
-- **ExpediteUsoLastError** The last error returned by USO.
-- **GlobalEventCounter** Counts the number of events for this provider.
-- **PackageVersion** The package version label.
-
-
-### Microsoft.Windows.UpdateHealthTools.ExpediteUpdaterAlreadyExpectedUbr
-
-This event indicates that the device is already on the expected UBR. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CV** Correlation vector.
-- **ExpediteErrorBitMap** Bit map value for any error code.
-- **ExpeditePolicyId** The policy id of the expedite request.
-- **ExpediteResult** Boolean value for success or failure.
-- **ExpediteUpdaterCurrentUbr** The ubr of the device.
-- **ExpediteUpdaterExpectedUbr** The expected ubr of the device.
-- **ExpediteUpdaterOfferedUpdateId** Update Id of the LCU expected to be expedited.
-- **ExpediteUpdaterPolicyRestoreResult** HRESULT of the policy restore.
-- **GlobalEventCounter** Counts the number of events for this provider.
-- **PackageVersion** The package version label.
-
-
-### Microsoft.Windows.UpdateHealthTools.ExpediteUpdaterFailedToUpdateToExpectedUbr
-
-This event indicates the expected UBR of the device. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CV** Correlation vector.
-- **ExpediteErrorBitMap** Bit map value for any error code.
-- **ExpeditePolicyId** The policy ID of the expedite request.
-- **ExpediteResult** Boolean value for success or failure.
-- **ExpediteUpdaterOfferedUpdateId** UpdateId of the LCU expected to be expedited.
-- **ExpediteUpdaterPolicyRestoreResult** HRESULT of the policy restore.
-- **GlobalEventCounter** Counts the number of events for this provider.
-- **PackageVersion** The package version label.
-
-
-### Microsoft.Windows.UpdateHealthTools.ExpediteUpdaterRebootComplete
-
-This event indicates that the expedite update is completed with reboot. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CV** Correlation vector.
-- **ExpeditePolicyId** The policy id of the expedite request.
-- **ExpediteResult** Boolean value for success or failure.
-- **ExpediteUpdaterCurrentUbr** The ubr of the device.
-- **ExpediteUpdaterOfferedUpdateId** Update Id of the LCU expected to be expedited.
-- **ExpediteUpdaterPolicyRestoreResult** HRESULT of the policy restore.
-- **ExpediteUpdatesInProgress** Comma delimited list of updates in progress.
-- **ExpediteUsoCorrelationVector** The current USO correlation vector as surfaced from the USO store.
-- **ExpediteUsoLastError** The last error as surfaced from the USO store.
-- **GlobalEventCounter** Counts the number of events for this provider.
-- **PackageVersion** The package version label.
-
-
-### Microsoft.Windows.UpdateHealthTools.ExpediteUpdaterRebootRequired
-
-This event indicates that the device has finished servicing and a reboot is required. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CV** Correlation vector.
-- **ExpeditePolicyId** The policy ID of the expedite request.
-- **ExpediteUpdaterOfferedUpdateId** UpdateId of the LCU expected to be expedited.
-- **ExpediteUpdatesInProgress** Comma delimited list of update IDs currently being offered.
-- **ExpediteUsoCorrelationVector** The correlation vector from the USO session.
-- **ExpediteUsoLastError** Last HResult from the current USO session.
-- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user.
-- **PackageVersion** Current package version of UpdateHealthTools.
-
-
-### Microsoft.Windows.UpdateHealthTools.ExpediteUpdaterScanCompleted
-
-This event sends results of the expedite USO scan. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CV** Correlation vector.
-- **ExpediteCbsServicingInProgressStatus** True if servicing is in progress in cbs for the device.
-- **ExpediteErrorBitMap** Bit map value for any error code.
-- **ExpeditePolicyId** The policy ID of the expedite request.
-- **ExpediteResult** Boolean value for success or failure.
-- **ExpediteScheduledTaskCreated** Indicates whether the scheduled task was created (true/false).
-- **ExpediteScheduledTaskHresult** HRESULT for scheduled task creation.
-- **ExpediteUpdaterCurrentUbr** The UBR of the device.
-- **ExpediteUpdaterExpectedUbr** The expected UBR of the device.
-- **ExpediteUpdaterMonitorResult** HRESULT of the USO monitoring.
-- **ExpediteUpdaterOfferedUpdateId** UpdateId of the LCU expected to be expedited.
-- **ExpediteUpdaterScanResult** HRESULT of the expedite USO scan.
-- **ExpediteUpdaterUsoResult** HRESULT of the USO initialization and resume API calls.
-- **ExpediteUsoCorrelationVector** The correlation vector for the current USO session.
-- **ExpediteUsoLastError** The last error returned by USO.
-- **GlobalEventCounter** Counts the number of events for this provider.
-- **PackageVersion** The package version label.
-- **UsoFrequencyKey** Indicates whether the USO frequency key was found on the device (true/false).
-
-
-### Microsoft.Windows.UpdateHealthTools.ExpediteUpdaterScanStarted
-
-This event sends telemetry that USO scan has been started. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CV** Correlation vector.
-- **ExpediteErrorBitMap** Bit map value for any error code.
-- **ExpediteHoursOfUpTimeSincePolicy** The number of hours the device has been active since it received a policy.
-- **ExpeditePolicyId** The policy Id of the expedite request.
-- **ExpediteResult** Boolean value for success or failure.
-- **ExpediteUpdaterCurrentUbr** The UBR of the device.
-- **ExpediteUpdaterExpectedUbr** The expected UBR of the device.
-- **ExpediteUpdaterOfferedUpdateId** UpdateId of the LCU expected to be expedited.
-- **ExpediteUpdaterUsoIntiatedScan** True when USO scan has been called.
-- **ExpediteUsoCorrelationVector** The correlation vector for the current USO session.
-- **ExpediteUsoLastError** The last error returned by USO.
-- **GlobalEventCounter** Counts the number of events for this provider.
-- **PackageVersion** The package version label.
-- **UsoFrequencyKey** Indicates whether the USO frequency key was found on the device (true/false).
-
-
-### Microsoft.Windows.UpdateHealthTools.UnifiedInstallerEnd
-
-This event indicates that the unified installer has completed. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CV** Correlation vector.
-- **GlobalEventCounter** The event counter for telemetry events on the device for currency tools.
-- **PackageVersion** The package version label for currency tools.
-- **UnifiedInstallerInstallResult** The final result code for the unified installer.
-- **UnifiedInstallerPlatformResult** The result code from determination of the platform type.
-- **UnifiedInstallerPlatformType** The enum indicating the platform type.
-
-
-### Microsoft.Windows.UpdateHealthTools.UnifiedInstallerStart
-
-This event indicates that the installation has started for the unified installer. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CV** The correlation vector.
-- **GlobalEventCounter** Counts the events at the global level for telemetry.
-- **PackageVersion** The package version for currency tools.
-- **UnifiedInstallerDeviceAADJoinedHresult** The result code after checking if device is AAD joined.
-- **UnifiedInstallerDeviceInDssPolicy** Boolean indicating whether the device is found to be in a DSS policy.
-- **UnifiedInstallerDeviceInDssPolicyHresult** The result code for checking whether the device is found to be in a DSS policy.
-- **UnifiedInstallerDeviceIsAADJoined** Boolean indicating whether a device is AADJ.
-- **UnifiedInstallerDeviceIsAdJoined** Boolean indicating whether a device is AD joined.
-- **UnifiedInstallerDeviceIsAdJoinedHresult** The result code for checking whether a device is AD joined.
-- **UnifiedInstallerDeviceIsEducationSku** Boolean indicating whether a device is Education SKU.
-- **UnifiedInstallerDeviceIsEducationSkuHresult** The result code from checking whether a device is Education SKU.
-- **UnifiedInstallerDeviceIsEnterpriseSku** Boolean indicating whether a device is Enterprise SKU.
-- **UnifiedInstallerDeviceIsEnterpriseSkuHresult** The result code from checking whether a device is Enterprise SKU.
-- **UnifiedInstallerDeviceIsHomeSku** Boolean indicating whether a device is Home SKU.
-- **UnifiedInstallerDeviceIsHomeSkuHresult** The result code from checking whether device is Home SKU.
-- **UnifiedInstallerDeviceIsMdmManaged** Boolean indicating whether a device is MDM managed.
-- **UnifiedInstallerDeviceIsMdmManagedHresult** The result code from checking whether a device is MDM managed.
-- **UnifiedInstallerDeviceIsProSku** Boolean indicating whether a device is Pro SKU.
-- **UnifiedInstallerDeviceIsProSkuHresult** The result code from checking whether a device is Pro SKU.
-- **UnifiedInstallerDeviceIsSccmManaged** Boolean indicating whether a device is SCCM managed.
-- **UnifiedInstallerDeviceIsSccmManagedHresult** The result code from checking whether a device is SCCM managed.
-- **UnifiedInstallerDeviceWufbManaged** Boolean indicating whether a device is Wufb managed.
-- **UnifiedInstallerDeviceWufbManagedHresult** The result code from checking whether a device is Wufb managed.
-- **UnifiedInstallerPlatformResult** The result code from checking what platform type the device is.
-- **UnifiedInstallerPlatformType** The enum indicating the type of platform detected.
-- **UnifiedInstUnifiedInstallerDeviceIsHomeSkuHresultllerDeviceIsHomeSku** The result code from checking whether a device is Home SKU.
-
-
-### Microsoft.Windows.UpdateHealthTools.UpdateHealthToolsBlobNotificationRetrieved
-
-This event is sent when a blob notification is received. The data collected with this event is used to help keep Windows up to date and secure.
-
-The following fields are available:
-
-- **CV** Correlation vector.
-- **GlobalEventCounter** Counts the number of events for this provider.
-- **PackageVersion** The package version of the label.
-- **UpdateHealthToolsBlobNotificationNotEmpty** True if the blob notification is not empty.
-
-
-### Microsoft.Windows.UpdateHealthTools.UpdateHealthToolsDeviceInformationUploaded
-
-This event is received when the UpdateHealthTools service uploads device information. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CV** Correlation vector.
-- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user.
-- **PackageVersion** Current package version of remediation.
-- **UpdateHealthToolsDeviceUbrChanged** 1 if the Ubr just changed, 0 otherwise.
-- **UpdateHealthToolsDeviceUri** The URI to be used for push notifications on this device.
-
-
-### Microsoft.Windows.UpdateHealthTools.UpdateHealthToolsDeviceInformationUploadFailed
-
-This event provides information for device which failed to upload the details. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CV** Correlation vector.
-- **GlobalEventCounter** Telemetry event counter.
-- **PackageVersion** Version label of the package sending telemetry.
-- **UpdateHealthToolsEnterpriseActionResult** Result of running the tool expressed as an HRESULT.
-
-
-### Microsoft.Windows.UpdateHealthTools.UpdateHealthToolsPushNotificationCompleted
-
-This event is received when a push notification has been completed by the UpdateHealthTools service. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CV** Correlation vector.
-- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user.
-- **PackageVersion** Current package version of UpdateHealthTools.
-- **UpdateHealthToolsEnterpriseActionResult** The HRESULT return by the enterprise action.
-- **UpdateHealthToolsEnterpriseActionType** Enum describing the type of action requested by the push.
-
-
-### Microsoft.Windows.UpdateHealthTools.UpdateHealthToolsPushNotificationReceived
-
-This event is received when the UpdateHealthTools service receives a push notification. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CV** Correlation vector.
-- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user.
-- **PackageVersion** Current package version of UpdateHealthTools.
-- **UpdateHealthToolsDeviceUri** The URI to be used for push notifications on this device.
-- **UpdateHealthToolsEnterpriseActionType** Enum describing the type of action requested by the push.
-- **UpdateHealthToolsPushCurrentChannel** The channel used to receive notification.
-- **UpdateHealthToolsPushCurrentRequestId** The request ID for the push.
-- **UpdateHealthToolsPushCurrentResults** The results from the push request.
-- **UpdateHealthToolsPushCurrentStep** The current step for the push notification.
-
-
-### Microsoft.Windows.UpdateHealthTools.UpdateHealthToolsPushNotificationStatus
-
-This event is received when there is status on a push notification. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CV** Correlation vector.
-- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user.
-- **PackageVersion** Current package version of UpdateHealthTools.
-- **UpdateHealthToolsDeviceUri** The URI to be used for push notifications on this device.
-- **UpdateHealthToolsEnterpriseActionType** Enum describing the type of action requested by the push.
-- **UpdateHealthToolsPushCurrentRequestId** The request ID for the push.
-- **UpdateHealthToolsPushCurrentResults** The results from the push request.
-- **UpdateHealthToolsPushCurrentStep** The current step for the push notification
-
-
-### Microsoft.Windows.UpdateHealthTools.UpdateHealthToolsServiceBlobDocumentDetails
-
-The event indicates the details about the blob used for update health tools. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CV** A correlation vector.
-- **GlobalEventCounter** This is a client side counter which indicates ordering of events sent by the user.
-- **PackageVersion** The package version of the label.
-- **UpdateHealthToolsDevicePolicyFileName** The default name of the policy blob file.
-- **UpdateHealthToolsDssDeviceApiSegment** The URI segment for reading the DSS device pointer.
-- **UpdateHealthToolsDssDeviceId** The AAD ID of the device used to create the device ID hash.
-- **UpdateHealthToolsDssDevicePolicyApiSegment** The segment of the device policy API pointer.
-- **UpdateHealthToolsDssTenantId** The tenant id of the device used to create the tenant id hash.
-- **UpdateHealthToolsHashedDeviceId** The SHA256 hash of the device id.
-- **UpdateHealthToolsHashedTenantId** The SHA256 hash of the device tenant id.
-
-
-### Microsoft.Windows.UpdateHealthTools.UpdateHealthToolsServiceBlockedByNoDSSJoin
-
-The event is sent when the device is not joined to AAD. The data collected with this event is used to help keep Windows up to date and secure.
-
-The following fields are available:
-
-- **CV** Correlation vector.
-- **GlobalEventCounter** The global event counter counts the total events for the provider.
-- **PackageVersion** The version for the current package.
-
-
-### Microsoft.Windows.UpdateHealthTools.UpdateHealthToolsServiceIsDSSJoin
-
-This event is sent when a device has been detected as DSS device. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CV** A correlation vector.
-- **GlobalEventCounter** This is a client side counter which indicates ordering of events sent by this user.
-- **PackageVersion** The package version of the label.
-
-
-### Microsoft.Windows.UpdateHealthTools.UpdateHealthToolsServiceStarted
-
-This event is sent when the service first starts. It is a heartbeat indicating that the service is available on the device. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CV** Correlation vector.
-- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user.
-- **PackageVersion** Current package version of remediation.
-
### wilActivity
@@ -9712,6 +9881,7 @@ This event is sent when the Update Reserve Manager clears one of the reserves. T
The following fields are available:
- **FinalReserveUsedSpace** The amount of used space for the reserve after it was cleared.
+- **Flags** The context of clearing the reserves.
- **InitialReserveUsedSpace** The amount of used space for the reserve before it was cleared.
- **ReserveId** The ID of the reserve that needs to be cleared.
diff --git a/windows/privacy/changes-to-windows-diagnostic-data-collection.md b/windows/privacy/changes-to-windows-diagnostic-data-collection.md
index 826c5527fe..92d8a694b7 100644
--- a/windows/privacy/changes-to-windows-diagnostic-data-collection.md
+++ b/windows/privacy/changes-to-windows-diagnostic-data-collection.md
@@ -1,6 +1,6 @@
---
title: Changes to Windows diagnostic data collection
-description: This article provides information on changes to Windows diagnostic data collection Windows 10.
+description: This article provides information on changes to Windows diagnostic data collection Windows 10 and Windows 11.
keywords: privacy, diagnostic data
ms.prod: w10
ms.mktglfcycl: manage
@@ -13,34 +13,32 @@ author: dansimp
manager: dansimp
ms.collection: M365-security-compliance
ms.topic: article
-ms.date: 07/21/2020
+ms.date: 09/17/2021
---
# Changes to Windows diagnostic data collection
**Applies to**
-- Windows 10, version 1903 and newer
-- The next version of Windows Server
+- Windows 11
+- Windows 10, version 1903 and later
+- Windows Server 2022
-Microsoft is committed to providing you with effective controls over your data and ongoing transparency into our data handling practices. As part of this effort, we are moving our major products and services to a model where data sent back to Microsoft from customer devices will be classified as either **Required** or **Optional**. We believe this will provide our customers with a simpler experience – information should be easier to find, easier to understand, and easier to act upon through the tools we provide.
+Microsoft is committed to providing you with effective controls over your data and ongoing transparency into our data handling practices. As part of this effort, we have moved our major products and services to a model where data sent back to Microsoft from customer devices will be classified as either **Required** or **Optional**. We believe this will provide our customers with a simpler experience – information should be easier to find, easier to understand, and easier to act upon through the tools we provide.
This article is meant for IT administrators and explains the changes Windows is making to align to the new data collection taxonomy. These changes are focused in two areas:
- [Taxonomy changes](#taxonomy-changes)
- [Behavioral changes](#behavioral-changes)
-> [!NOTE]
-> You can test the behavioral changes now in Windows 10 Insider Preview build 19577 and later.
-
## Summary of changes
-In Windows 10, version 1903 and newer, you will see taxonomy updates in both the **Out-of-box-experience** (OOBE) and the **Diagnostics & feedback** privacy settings page. These changes are explained in the section named **Taxonomy** changes.
+In Windows 10, version 1903 and later, you will see taxonomy updates in both the **Out-of-box-experience** (OOBE) and the **Diagnostics & feedback** privacy settings page. These changes are explained in the section named **Taxonomy** changes.
-Additionally, in an upcoming release of Windows 10, we’re simplifying your diagnostic data controls by moving from four diagnostic data controls to three: **Diagnostic data off**, **Required**, and **Optional**. We’re also clarifying the Security diagnostic data level to reflect its behavior more accurately by changing it to **Diagnostic data off**. All these changes are explained in the section named **Behavioral changes**.
+Additionally, starting in Windows 11 and Windows Server 2022, we’re simplifying your diagnostic data controls by moving from four diagnostic data controls to three: **Diagnostic data off**, **Required**, and **Optional**. We’re also clarifying the Security diagnostic data level to reflect its behavior more accurately by changing it to **Diagnostic data off**. All these changes are explained in the section named **Behavioral changes**.
## Taxonomy changes
-Starting in Windows 10, version 1903 and newer, both the **Out-of-Box-Experience** (OOBE) and the **Diagnostics & feedback** privacy setting pages will reflect the following changes:
+Starting in Windows 10, version 1903 and later, both the **Out-of-Box-Experience** (OOBE) and the **Diagnostics & feedback** privacy setting pages will reflect the following changes:
- The **Basic** diagnostic data level is being labeled as **Required**.
- The **Full** diagnostic data level is being labeled as **Optional**.
@@ -50,9 +48,9 @@ Starting in Windows 10, version 1903 and newer, both the **Out-of-Box-Experience
## Behavioral changes
-In an upcoming release of Windows 10, we’re simplifying your diagnostic data controls by moving from four diagnostic data controls to three: **Diagnostic data off**, **Required**, and **Optional**. If your devices are set to **Enhanced** when they are upgraded, the device settings will be evaluated to be at the more privacy-preserving setting of **Required diagnostic data**, which means that analytic services that leverage enhanced data collection may not work properly. For a list of services, see [Services that rely on Enhanced diagnostic data](#services-that-rely-on-enhanced-diagnostic-data). Administrators should read through the details and determine whether to apply these new policies to restore the same collection settings as they had before this change. For a list of steps, see [Configure a Windows 11 device to limit crash dumps and logs](#configure-a-windows-11-device-to-limit-crash-dumps-and-logs). For more information on services that rely on Enhanced diagnostic data, see [Services that rely on Enhanced diagnostic data](#services-that-rely-on-enhanced-diagnostic-data).
+Starting in Windows 11 and Windows Server 2022, we’re simplifying the Windows diagnostic data controls by moving from four diagnostic data settings to three: **Diagnostic data off**, **Required**, and **Optional**. If your devices are set to **Enhanced** when they are upgraded to a supported version of the operating system, the device settings will be evaluated to be at the more privacy-preserving setting of **Required diagnostic data**, which means that analytic services that leverage enhanced data collection may not work properly. For a list of services, see [Services that rely on Enhanced diagnostic data](#services-that-rely-on-enhanced-diagnostic-data). Administrators should read through the details and determine whether to apply these new policies to restore the same collection settings as they had before this change.
-Additionally, you will see the following policy changes in an upcoming release of Windows Holographic, version 21H1 (HoloLens 2), Windows Server 2022 and Windows 11:
+Additionally, you will see the following policy changes in Windows Server 2022, Windows 11, and Windows Holographic, version 21H1 (HoloLens 2):
| Policy type | Current policy | Renamed policy |
| --- | --- | --- |
@@ -69,18 +67,7 @@ A final set of changes includes two new policies that can help you fine-tune dia
- Group Policy: Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds > **Limit Diagnostic Log Collection**
- MDM policy: System/LimitDiagnosticLogCollection
->[!Important]
->All the changes mentioned in this section will not be released on versions of Windows, version 1809 and earlier as well as Windows Server 2019 and earlier.
-
-## Configure a Windows 11 device to limit crash dumps and logs
-
-With the Enhanced diagnostic data level being split out into new policies, we're providing additional controls to manage what types of crash dumps are collected and whether to send additional diagnostic logs. Here are some steps on how to configure them:
-
-1. Choose to send optional diagnostic data by setting one of the following policies:
- - Group Policy: Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds > **Allow Diagnostic Data**. Set the policy value to **Send optional diagnostic data**.
- - MDM: System/AllowTelemetry. Set the policy value to **3**.
-2. Enable the following Group Policy: Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds > **Limit Dump Collection**
-3. Enable the following Group Policy: Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds > **Limit Diagnostic Log Collection**
+For more info, see [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md).
## Services that rely on Enhanced diagnostic data
@@ -93,12 +80,12 @@ The following provides information on the current configurations:
## New Windows diagnostic data processor configuration
-**Applies to**
-- Windows 10 Edu, Pro, Enterprise editions, version 1809 with July 2021 update and newer
+Enterprise customers have an option for controlling their Windows diagnostic data for their Azure Active Directory joined devices. This configuration option is supported on the following versions of Windows:
-Enterprise customers will now have a new option for controlling their Windows diagnostic data for their Azure Active Directory joined devices.
+- Windows 11 Enterprise, Professional, and Education
+- Windows 10, Enterprise, Professional, and Education, version 1809 with at least the July 2021 update.
-Previously, enterprise customers had two options in managing their Windows diagnostic data: 1) allow Microsoft to be the [controller](/compliance/regulatory/gdpr#terminology) of that data and responsible for determining the purposes and means of the processing of Windows diagnostic data in order to improve the Windows 10 operating system and deliver analytical services, or 2) turn off diagnostic data flows altogether.
+Previously, enterprise customers had two options in managing their Windows diagnostic data: 1) allow Microsoft to be the [controller](/compliance/regulatory/gdpr#terminology) of that data and responsible for determining the purposes and means of the processing of Windows diagnostic data in order to improve the Windows operating system and deliver analytical services, or 2) turn off diagnostic data flows altogether.
Now, customers will have a third option that allows them to be the controller for their Windows diagnostic data, while still benefiting from the purposes that this data serves, such as quality of updates and device drivers. Under this approach, Microsoft will act as a data [processor](/compliance/regulatory/gdpr#terminology), processing Windows diagnostic data on behalf of the controller.
diff --git a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md
index 25b389048a..a1e4e10922 100644
--- a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md
+++ b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md
@@ -1,6 +1,6 @@
---
-description: Use this article to make informed decisions about how you can configure diagnostic data in your organization.
-title: Configure Windows diagnostic data in your organization (Windows 10)
+description: Use this article to make informed decisions about how you can configure Windows diagnostic data in your organization.
+title: Configure Windows diagnostic data in your organization (Windows 10 and Windows 11)
keywords: privacy
ms.prod: w10
ms.mktglfcycl: manage
@@ -13,38 +13,40 @@ ms.author: dansimp
manager: dansimp
ms.collection: M365-security-compliance
ms.topic: article
-ms.date: 10/13/2020
+ms.date: 09/08/2021
---
# Configure Windows diagnostic data in your organization
**Applies to**
+- Windows 11 Enterprise
+- Windows 11 Education
+- Windows 11 Professional
- Windows 10 Enterprise
- Windows 10 Education
- Windows 10 Professional
-- Windows Server 2016 and newer
+- Windows Server 2016 and later
+- Surface Hub
+- Hololens
-This article applies to Windows 10, Windows Server, Surface Hub, and HoloLens diagnostic data only. It describes the types of diagnostic data sent back to Microsoft and the ways you can manage it within your organization. Microsoft uses the data to quickly identify and address issues affecting its customers.
-
->[!IMPORTANT]
->Microsoft is [increasing transparency](https://blogs.microsoft.com/on-the-issues/2019/04/30/increasing-transparency-and-customer-control-over-data/) by categorizing the data we collect as required or optional. Windows 10 is in the process of updating devices to reflect this new categorization, and during this transition Basic diagnostic data will be recategorized as Required diagnostic data and Full diagnostic data will be recategorized as Optional diagnostic data. For more information, see [Changes to Windows diagnostic data](changes-to-windows-diagnostic-data-collection.md).
+This topic describes the types of Windows diagnostic data sent back to Microsoft and the ways you can manage it within your organization. Microsoft uses the data to quickly identify and address issues affecting its customers.
## Overview
Microsoft collects Windows diagnostic data to solve problems and to keep Windows up to date, secure, and operating properly. It also helps us improve Windows and related Microsoft products and services and, for customers who have turned on the **Tailored experiences** setting, to provide more relevant tips and recommendations to enhance Microsoft and third-party products and services for each customer’s needs.
-For more information about how Windows diagnostic data is used, see [Diagnostics, feedback, and privacy in Windows 10](https://support.microsoft.com/help/4468236/diagnostics-feedback-and-privacy-in-windows-10-microsoft-privacy).
+For more information about how Windows diagnostic data is used, see [Diagnostics, feedback, and privacy in Windows](https://support.microsoft.com/help/4468236/diagnostics-feedback-and-privacy-in-windows-10-microsoft-privacy).
### Diagnostic data gives users a voice
-Diagnostic data gives every user a voice in the operating system’s development and ongoing improvement. It helps us understand how Windows 10 and Windows Server behave in the real world, focus on user priorities, and make informed decisions that benefit both consumer and enterprise customers. The following sections offer real examples of these benefits.
+Diagnostic data gives every user a voice in the operating system’s development and ongoing improvement. It helps us understand how Windows behave in the real world, focus on user priorities, and make informed decisions that benefit both consumer and enterprise customers. The following sections offer real examples of these benefits.
### _Improve app and driver quality_
Our ability to collect diagnostic data that drives improvements to Windows and Windows Server helps raise the bar for app and device driver quality. Diagnostic data helps us to quickly identify and fix critical reliability and security issues with apps and device drivers used on Windows. For example, we can identify an app that hangs on devices using a specific version of a video driver, allowing us to work with the app and device driver vendor to quickly fix the issue. The result is less downtime and reduced costs and increased productivity associated with troubleshooting these issues.
-For example, in an earlier version of Windows 10 there was a version of a video driver that was crashing on some devices, causing the device to restart. We detected the problem in our diagnostic data, and immediately contacted the third-party developer who builds the video driver. Working with the developer, we provided an updated driver to Windows Insiders within 24 hours. Based on diagnostic data from the Windows Insiders’ devices, we were able to validate the new version of the video driver and rolled it out to the broad public as an update the next day. Diagnostic data helped us find, fix, and resolve this problem in just 48 hours, providing a better user experience and reducing costly support calls.
+For example, in an earlier version of Windows there was a version of a video driver that was crashing on some devices, causing the device to restart. We detected the problem in our diagnostic data, and immediately contacted the third-party developer who builds the video driver. Working with the developer, we provided an updated driver to Windows Insiders within 24 hours. Based on diagnostic data from the Windows Insiders’ devices, we were able to validate the new version of the video driver and rolled it out to the broad public as an update the next day. Diagnostic data helped us find, fix, and resolve this problem in just 48 hours, providing a better user experience and reducing costly support calls.
### _Improve end-user productivity_
@@ -54,7 +56,7 @@ Windows diagnostic data also helps Microsoft better understand how customers use
- **Cortana.** We use diagnostic data to monitor the scalability of our cloud service, improving search performance.
-- **Application switching.** Research and observations from earlier Windows versions showed that people rarely used Alt+Tab to switch between apps. After discussing this with some users, we learned they loved the feature, saying that it would be highly productive, but they did not know about it previously. Based on this, we created the Task View button in Windows 10 to make this feature more discoverable. Later diagnostic data showed significantly higher usage of this feature.
+- **Application switching.** Research and observations from earlier Windows versions showed that people rarely used Alt+Tab to switch between apps. After discussing this with some users, we learned they loved the feature, saying that it would be highly productive, but they did not know about it previously. Based on this, we created the Task View button in Windows to make this feature more discoverable. Later diagnostic data showed significantly higher usage of this feature.
## How Microsoft handles diagnostic data
@@ -66,7 +68,7 @@ Depending on the diagnostic data settings on the device, diagnostic data can be
- Small payloads of structured information referred to as diagnostic data events, managed by the Connected User Experiences and Telemetry component.
- - Diagnostic logs for additional troubleshooting, also managed by the Connected User Experience and Telemetry component.
+ - Diagnostic logs for additional troubleshooting, also managed by the Connected User Experiences and Telemetry component.
- Crash reporting and crash dumps, managed by [Windows Error Reporting](/windows/win32/wer/windows-error-reporting).
@@ -78,7 +80,7 @@ All diagnostic data is encrypted using Transport Layer Security (TLS) and uses c
### Endpoints
-The following table lists the endpoints related to how you can manage the collection and control of diagnostic data. For more information around the endpoints that are used to send data back to Microsoft, see [Manage connection endpoints for Windows 10 Enterprise, version 1903](manage-windows-1903-endpoints.md).
+The following table lists the endpoints related to how you can manage the collection and control of diagnostic data. For more information around the endpoints that are used to send data back to Microsoft, see the **Manage connection endpoints** section of the left-hand navigation menu.
| Windows service | Endpoint |
| - | - |
@@ -86,7 +88,7 @@ The following table lists the endpoints related to how you can manage the collec
| [Windows Error Reporting](/windows/win32/wer/windows-error-reporting) | watson.telemetry.microsoft.com watson.microsoft.com umwatsonc.telemetry.microsoft.com umwatsonc.events.data.microsoft.com *-umwatsonc.events.data.microsoft.com ceuswatcab01.blob.core.windows.net ceuswatcab02.blob.core.windows.net eaus2watcab01.blob.core.windows.net eaus2watcab02.blob.core.windows.net weus2watcab01.blob.core.windows.net weus2watcab02.blob.core.windows.net |
|Authentication | login.live.com
IMPORTANT: This endpoint is used for device authentication. We do not recommend disabling this endpoint.|
| [Online Crash Analysis](/windows/win32/dxtecharts/crash-dump-analysis) | oca.telemetry.microsoft.com oca.microsoft.com kmwatsonc.telemetry.microsoft.com *-kmwatsonc.telemetry.microsoft.com |
-|Settings | settings-win.data.microsoft.com
IMPORTANT: This endpoint is used to remotely configure diagnostics-related settings and data collection. For example, we use the settings endpoint to remotely block an event from being sent back to Microsoft. We do not recommend disabling this endpoint. This endpoint does not upload Windows diagnostic data |
+|Settings | settings-win.data.microsoft.com
IMPORTANT: This endpoint is used to remotely configure diagnostics-related settings and data collection. For example, we use the settings endpoint to remotely block an event from being sent back to Microsoft. We do not recommend disabling this endpoint. This endpoint does not upload Windows diagnostic data. |
### Data access
@@ -102,7 +104,7 @@ There are four diagnostic data collection settings. Each setting is described in
- Diagnostic data off (Security)
- Required diagnostic data (Basic)
-- Enhanced
+- Enhanced (This setting is only available on devices running Windows 10, Windows Server 2016, and Windows Server 2019.)
- Optional diagnostic data (Full)
Here’s a summary of the types of data that is included with each setting:
@@ -111,14 +113,14 @@ Here’s a summary of the types of data that is included with each setting:
| --- | --- | --- | --- | --- |
| **Diagnostic data events** | No Windows diagnostic data sent. | Minimum data required to keep the device secure, up to date, and performing as expected. | Additional data about the websites you browse, how Windows and apps are used and how they perform, and device activity. The additional data helps Microsoft to fix and improve products and services for all users. | Additional data about the websites you browse, how Windows and apps are used and how they perform. This data also includes data about device activity, and enhanced error reporting that helps Microsoft to fix and improve products and services for all users.|
| **Crash Metadata** | N/A | Yes | Yes | Yes |
-| **Crash Dumps** | N/A | No | Triage dumps only For more information about crash dumps, see [Windows Error Reporting](/windows/win32/wer/windows-error-reporting). | Full memory dumps For more information about crash dumps, see [Windows Error Reporting](/windows/win32/wer/windows-error-reporting). |
+| **Crash Dumps** | N/A | No | Triage dumps only For more information about crash dumps, see [Windows Error Reporting](/windows/win32/wer/windows-error-reporting). | Full and triage memory dumps For more information about crash dumps, see [Windows Error Reporting](/windows/win32/wer/windows-error-reporting). |
| **Diagnostic logs** | N/A | No | No | Yes |
| **Data collection** | N/A | 100% | Sampling applies | Sampling applies |
### Diagnostic data off
-This setting was previously labeled as **Security**. When you configure this setting, no Windows diagnostic data is sent from your device. This is only available on Windows Server, Windows 10 Enterprise, and Windows 10 Education. If you choose this setting, devices in your organization will still be secure.
+This setting was previously labeled as **Security**. When you configure this setting, no Windows diagnostic data is sent from your device. This is only available on Windows Server, Windows Enterprise, and Windows Education editions. If you choose this setting, devices in your organization will still be secure.
>[!NOTE]
> If your organization relies on Windows Update, the minimum recommended setting is **Required diagnostic data**. Because no Windows Update information is collected when diagnostic data is off, important information about update failures is not sent. Microsoft uses this information to fix the causes of those failures and improve the quality of our updates.
@@ -127,7 +129,7 @@ This setting was previously labeled as **Security**. When you configure this set
Required diagnostic data, previously labeled as **Basic**, gathers a limited set of data that’s critical for understanding the device and its configuration. This data helps to identify problems that can occur on a specific hardware or software configuration. For example, it can help determine if crashes are more frequent on devices with a specific amount of memory or that are running a specific driver version.
-This is the default setting for Windows 10 Education editions, as well as all desktop editions starting with Windows 10, version 1903.
+This is the default setting for current releases of Windows, Windows 10, version 1903.
Required diagnostic data includes:
@@ -157,10 +159,12 @@ Required diagnostic data includes:
### Enhanced diagnostic data
->[!NOTE]
->We’re simplifying your diagnostic data controls by moving from four diagnostic data controls to three: **Diagnostic data off**, **Required**, and **Optional**. making changes to the enhanced diagnostic data level. For more info about this change, see [Changes to Windows diagnostic data](changes-to-windows-diagnostic-data-collection.md).
+In Windows 10 and Windows Server 2019, enhanced diagnostic data includes data about the websites you browse, how Windows and apps are used and how they perform, and device activity. The additional data helps Microsoft to fix and improve products and services for all users.
-Enhanced diagnostic data includes data about the websites you browse, how Windows and apps are used and how they perform, and device activity. The additional data helps Microsoft to fix and improve products and services for all users. When you choose to send enhanced diagnostic data, required diagnostic data will always be included, and we collect the following additional information:
+>[!Important]
+>This diagnostic data setting is not available on Windows 11 and Windows Server 2022 and has been replaced with policies that can control the amount of optional diagnostic data that is sent. More information on these settings are available in the **Manage diagnostic data using Group Policy and MDM** section of this topic.
+
+When you choose to send enhanced diagnostic data, required diagnostic data will always be included, and we collect the following additional information:
- Operating system events that help to gain insights into different areas of the operating system, including networking, Hyper-V, Cortana, storage, file system, and other components.
@@ -187,7 +191,7 @@ Optional diagnostic data, previously labeled as **Full**, includes more detailed
>[!Note]
>Crash dumps collected in optional diagnostic data may unintentionally contain personal data, such as portions of memory from a document and a web page. For more information about crash dumps, see [Windows Error Reporting](/windows/win32/wer/windows-error-reporting).
-## Manage enterprise diagnostic data
+## Manage diagnostic data using Group Policy and MDM
Use the steps in this section to configure the diagnostic data settings for Windows and Windows Server in your organization.
@@ -214,16 +218,42 @@ You can use Group Policy to set your organization’s diagnostic data setting:
1. From the Group Policy Management Console, go to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Data Collection and Preview Builds**.
-2. Double-click **Allow Telemetry**.
+2. Double-click **Allow Telemetry** (or **Allow diagnostic data** on Windows 11 and Windows Server 2022).
> [!NOTE]
- > If devices in your organization are running Windows 10, 1803 and newer, the user can still use Settings to set the diagnostic data setting to a more restrictive value, unless the **Configure diagnostic data opt-in settings user interface** policy is set.
+ > If devices in your organization are running Windows 10, 1803 and later, the user can still use Settings to set the diagnostic data setting to a more restrictive value, unless the **Configure diagnostic data opt-in settings user interface** policy is set.
+
+3. In the **Options** box, choose the setting that you want to configure, and then click **OK**.
+
+
+### Use Group Policy to manage optional diagnostic data collection
+
+The following policy lets you limit the types of [crash dumps](/windows/win32/dxtecharts/crash-dump-analysis) that can be sent back to Microsoft. If this policy is enabled, Windows Error Reporting will send only kernel mini dumps and user mode triage dumps.
+
+1. From the Group Policy Management Console, go to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Data Collection and Preview Builds**.
+
+2. Double-click **Limit dump collection**.
+
+3. In the **Options** box, choose the setting that you want to configure, and then click **OK**.
+
+You can also limit the number of diagnostic logs that are sent back to Microsoft. If this policy is enabled, diagnostic logs are not sent back to Microsoft.
+
+1. From the Group Policy Management Console, go to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Data Collection and Preview Builds**.
+
+2. Double-click **Limit diagnostic log collection**.
3. In the **Options** box, choose the setting that you want to configure, and then click **OK**.
### Use MDM to manage diagnostic data collection
-Use [Policy Configuration Service Provider (CSP)](/windows/client-management/mdm/policy-configuration-service-provider) to apply the System/AllowTelemetry MDM policy.
+Use [Policy Configuration Service Provider (CSP)](/windows/client-management/mdm/policy-configuration-service-provider) to apply the following MDM policies:
+
+ - System/AllowTelemetry
+ - System/LimitDumpCollection
+ - System/LimitDiagnosticLogCollection
+
+> [!NOTE]
+> The last two policies are only available on Windows 11 and Windows Server 2022.
## Enable Windows diagnostic data processor configuration
@@ -231,7 +261,9 @@ The Windows diagnostic data processor configuration enables you to be the contro
### Prerequisites
-- The device must have Windows 10 Pro, Education or Enterprise edition, version 1809 with July 2021 update or newer.
+- The device must be any of the following releases of Windows:
+ - Windows 11 Enterprise, Professional, or Education edition
+ - Windows 10 Enterprise, Education, or Professional edition, version 1809 with July 2021 update or later.
- The device must be joined to Azure Active Directory.
The diagnostic data setting on the device should be set to Required diagnostic data or higher, and the following endpoints need to be reachable:
@@ -295,5 +327,3 @@ For more information about how to limit the diagnostic data to the minimum requi
## Change privacy settings on a single server
You can also change the privacy settings on a server running either the Azure Stack HCI operating system or Windows Server. For more information, see [Change privacy settings on individual servers](/azure-stack/hci/manage/change-privacy-settings).
-
-To manage privacy settings in your enterprise as a whole, see [Manage enterprise diagnostic data](#manage-enterprise-diagnostic-data).
\ No newline at end of file
diff --git a/windows/privacy/diagnostic-data-viewer-overview.md b/windows/privacy/diagnostic-data-viewer-overview.md
index dc9a127179..7818a1c9ef 100644
--- a/windows/privacy/diagnostic-data-viewer-overview.md
+++ b/windows/privacy/diagnostic-data-viewer-overview.md
@@ -1,5 +1,5 @@
---
-title: Diagnostic Data Viewer Overview (Windows 10)
+title: Diagnostic Data Viewer Overview (Windows 10 and Windows 11)
description: Use this article to use the Diagnostic Data Viewer application to review the diagnostic data sent to Microsoft by your device.
keywords: privacy
ms.prod: w10
@@ -21,9 +21,10 @@ ms.reviewer:
**Applies to**
-- Windows 10, version 1803 and newer
+- Windows 10, version 1803 and later and Windows 11
## Introduction
+
The Diagnostic Data Viewer is a Windows app that lets you review the Windows diagnostic data your device is sending to Microsoft, grouping the info into simple categories based on how it's used by Microsoft.
## Install and Use the Diagnostic Data Viewer
@@ -31,9 +32,11 @@ The Diagnostic Data Viewer is a Windows app that lets you review the Windows dia
You must download the app before you can use the Diagnostic Data Viewer to review your device's diagnostic data.
### Turn on data viewing
+
Before you can use this tool for viewing Windows diagnostic data, you must turn on data viewing in the **Settings** panel. Turning on data viewing lets Windows store your device's diagnostic data until you turn it off. Turning off data viewing stops Windows from collecting your diagnostic data and clears the existing diagnostic data from your device. Note that this setting does not affect your Office data viewing or history.
**To turn on data viewing**
+
1. Go to **Start**, select **Settings** > **Privacy** > **Diagnostics & feedback**.
2. Under **Diagnostic data**, turn on the **If data viewing is enabled, you can see your diagnostics data** option.
@@ -41,21 +44,24 @@ Before you can use this tool for viewing Windows diagnostic data, you must turn
### Download the Diagnostic Data Viewer
+
Download the app from the [Microsoft Store Diagnostic Data Viewer](https://www.microsoft.com/store/p/diagnostic-data-viewer/9n8wtrrsq8f7?rtc=1) page.
> [!Important]
> It's possible that your Windows device doesn't have the Microsoft Store available (for example, Windows Server). If this is the case, see [Diagnostic Data Viewer for PowerShell](./microsoft-diagnosticdataviewer.md).
### Start the Diagnostic Data Viewer
+
You can start this app from the **Settings** panel.
**To start the Diagnostic Data Viewer**
+
1. Go to **Start**, select **Settings** > **Privacy** > **Diagnostics & feedback**.
2. Under **Diagnostic data**, select the **Diagnostic Data Viewer** button.
-OR-
-
+
Go to **Start** and search for _Diagnostic Data Viewer_.
3. Close the Diagnostic Data Viewer app, use your device as you normally would for a few days, and then open Diagnostic Data Viewer again to review the updated list of diagnostic data.
@@ -64,18 +70,19 @@ You can start this app from the **Settings** panel.
>Turning on data viewing can use up to 1GB (by default) of disk space on your system drive. We strongly recommend that you turn off data viewing when you're done using the Diagnostic Data Viewer. For info about turning off data viewing, see the [Turn off data viewing](#turn-off-data-viewing) section in this article.
### Use the Diagnostic Data Viewer
+
The Diagnostic Data Viewer provides you with the following features to view and filter your device's diagnostic data.
- **View your Windows diagnostic events.** In the left column, you can review your diagnostic events. These events reflect activities that occurred and were sent to Microsoft.
Selecting an event opens the detailed JSON view, which provides the exact details uploaded to Microsoft. Microsoft uses this info to continually improve the Windows operating system.
-
+
>[!Important]
>Seeing an event does not necessarily mean it has been uploaded yet. It’s possible that some events are still queued and will be uploaded at a later time.
-- **Search your diagnostic events.** The **Search** box at the top of the screen lets you search amongst all of the diagnostic event details. The returned search results include any diagnostic event that contains the matching text.
+- **Search your diagnostic events.** The **Search** box at the top of the screen lets you search amongst all of the diagnostic event details. The returned search results include any diagnostic event that contains the matching text.
Selecting an event opens the detailed JSON view, with the matching text highlighted.
@@ -83,31 +90,34 @@ The Diagnostic Data Viewer provides you with the following features to view and
- **Help to make your Windows experience better.** Microsoft only needs diagnostic data from a small amount of devices to make big improvements to the Windows operating system and ultimately, your experience. If you’re a part of this small device group and you experience issues, Microsoft will collect the associated event diagnostic data, allowing your info to potentially help fix the issue for others.
- To signify your contribution, you’ll see this icon () if your device is part of the group. In addition, if any of your diagnostic data events are sent from your device to Microsoft to help make improvements, you’ll see this icon ().
+ To signify your contribution, you’ll see this icon () if your device is part of the group. In addition, if any of your diagnostic data events are sent from your device to Microsoft to help make improvements, you’ll see this icon ().
- **Provide diagnostic event feedback.** The **Feedback** icon in the upper right corner of the window opens the Feedback Hub app, letting you provide feedback about the Diagnostic Data Viewer and the diagnostic events.
Selecting a specific event in the Diagnostic Data Viewer automatically fills in the field in the Feedback Hub. You can add your comments to the box labeled, **Give us more detail (optional)**.
-
+
>[!Important]
>All content in the Feedback Hub is publicly viewable. Therefore, make sure you don't put any personal info into your feedback comments.
- **View a summary of the data you've shared with us over time.** Available for users on build 19H1+, 'About my data' in Diagnostic Data Viewer lets you see an overview of the Windows data you've shared with Microsoft.
Through this feature, you can checkout how much data you send on average each day, the breakdown of your data by category, the top components and services that have sent data, and more.
-
+
>[!Important]
>This content is a reflection of the history of Windows data the app has stored. If you'd like to have extended analyses, please modify the storage capacity of Diagnostic Data Viewer.
## View Office Diagnostic Data
+
By default, Diagnostic Data Viewer shows you Windows data. You can also view Office diagnostic data by enabling the feature in the app settings page. To learn more about how to view Office diagnostic data, please visit this [page](https://go.microsoft.com/fwlink/?linkid=2023830).
## Turn off data viewing
+
When you're done reviewing your diagnostic data, you should turn of data viewing. This will also remove your Windows data history. Note that this setting does not affect your Office data viewing or history.
**To turn off data viewing**
+
1. Go to **Start**, select **Settings** > **Privacy** > **Diagnostics & feedback**.
2. Under **Diagnostic data**, turn off the **If data viewing is enabled, you can see your diagnostics data** option.
@@ -115,23 +125,25 @@ When you're done reviewing your diagnostic data, you should turn of data viewing
## Modifying the size of your data history
-By default, Diagnostic Data Viewer shows you up to 1GB or 30 days of data (whichever comes first) for Windows diagnostic data. Once either the time or space limit is reached, the data is incrementally dropped with the oldest data points dropped first.
+
+By default, Diagnostic Data Viewer shows you up to 1GB or 30 days of data (whichever comes first) for Windows diagnostic data. Once either the time or space limit is reached, the data is incrementally dropped with the oldest data points dropped first.
> [!Important]
> Note that if you have [Office diagnostic data viewing enabled](#view-office-diagnostic-data), the Office data history is fixed at 1 GB and cannot be modified.
**Modify the size of your data history**
-
+
To make changes to the size of your Windows diagnostic data history, visit the **app settings**, located at the bottom of the navigation menu. Data will be incrementally dropped with the oldest data points first once your chosen size or time limit is reached.
> [!Important]
> Decreasing the maximum amount of diagnostic data viewable through the tool will remove all data history and requires a reboot of your device. Additionally, increasing the maximum amount of diagnostic data viewable by the tool may come with performance impacts to your machine.
## View additional diagnostic data in the View problem reports tool
-Available on Windows 1809 and higher, you can review additional Windows Error Reporting diagnostic data in the **View problem reports** page within the Diagnostic Data Viewer.
-This page provides you with a summary of various crash reports that are sent to Microsoft as part of Windows Error Reporting.
-We use this data to find and fix specific issues that are hard to replicate and to improve the Windows operating system.
+Available on Windows 10 1809 and higher and Windows 11, you can review additional Windows Error Reporting diagnostic data in the **View problem reports** page within the Diagnostic Data Viewer.
+
+This page provides you with a summary of various crash reports that are sent to Microsoft as part of Windows Error Reporting.
+We use this data to find and fix specific issues that are hard to replicate and to improve the Windows operating system.
You can also use the Windows Error Reporting tool available in the Control Panel.
@@ -139,7 +151,7 @@ You can also use the Windows Error Reporting tool available in the Control Panel
Starting with Windows 1809 and higher, you can review Windows Error Reporting diagnostic data in the Diagnostic Data Viewer.
-
+
**To view your Windows Error Reporting diagnostic data using the Control Panel**
diff --git a/windows/privacy/index.yml b/windows/privacy/index.yml
index 2fd2b1fc97..63d295f52a 100644
--- a/windows/privacy/index.yml
+++ b/windows/privacy/index.yml
@@ -14,7 +14,7 @@ metadata:
author: dansimp
ms.author: dansimp
manager: dansimp
- ms.date: 07/21/2020 #Required; mm/dd/yyyy format.
+ ms.date: 09/08/2021 #Required; mm/dd/yyyy format.
ms.localizationpriority: high
# highlightedContent section (optional)
@@ -37,25 +37,25 @@ highlightedContent:
# productDirectory section (optional)
productDirectory:
- title: Understand Windows diagnostic data in Windows 10
- summary: For the latest Windows 10 version, learn more about what Windows diagnostic data is collected at various diagnostics levels.
+ title: Understand Windows diagnostic data in Windows 10 and Windows 11
+ summary: For the latest Windows 10 version and Windows 11, learn more about what Windows diagnostic data is collected under the different settings.
items:
# Card
- - title: Required diagnostic data
+ - title: Windows 11 required diagnostic data
# imageSrc should be square in ratio with no whitespace
imageSrc: https://docs.microsoft.com/media/common/i_extend.svg
summary: Learn more about basic Windows diagnostic data events and fields collected.
- url: required-windows-diagnostic-data-events-and-fields-2004.md
+ url: required-windows-11-diagnostic-events-and-fields.md
+ # Card
+ - title: Windows 10 required diagnostic data
+ imageSrc: https://docs.microsoft.com/media/common/i_build.svg
+ summary: See what changes Windows is making to align to the new data collection taxonomy
+ url: required-windows-diagnostic-data-events-and-fields-2004.md
# Card
- title: Optional diagnostic data
imageSrc: https://docs.microsoft.com/media/common/i_get-started.svg
summary: Get examples of the types of optional diagnostic data collected from Windows
url: windows-diagnostic-data.md
- # Card
- - title: Changes to Windows diagnostic data collection
- imageSrc: https://docs.microsoft.com/media/common/i_build.svg
- summary: See what changes Windows is making to align to the new data collection taxonomy
- url: changes-to-windows-diagnostic-data-collection.md
# conceptualContent section (optional)
# conceptualContent:
diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md
index 27e6a0cc39..482413653a 100644
--- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md
+++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md
@@ -14,19 +14,20 @@ manager: robsize
ms.date: 12/1/2020
---
-# Manage connections from Windows 10 operating system components to Microsoft services using Microsoft Intune MDM Server
+# Manage connections from Windows 10 and Windows 11 operating system components to Microsoft services using Microsoft Intune MDM Server
**Applies to**
-- Windows 10 Enterprise 1903 version and newer
+- Windows 11
+- Windows 10 Enterprise 1903 version and newer
-This article describes the network connections that Windows 10 components make to Microsoft and the Mobile Device Management/Configuration Service Provider (MDM/CSP) and custom Open Mobile Alliance Uniform Resource Identifier ([OMA URI](/intune/custom-settings-windows-10)) policies available to IT Professionals using Microsoft Intune to help manage the data shared with Microsoft. If you want to minimize connections from Windows to Microsoft services, or configure privacy settings, there are a number of settings for consideration. For example, you can configure diagnostic data to the lowest level for your edition of Windows and evaluate other connections Windows makes to Microsoft services you want to turn off using the instructions in this article. While it is possible to minimize network connections to Microsoft, there are many reasons why these communications are enabled by default, such as updating malware definitions and maintaining current certificate revocation lists. This data helps us deliver a secure, reliable, and up-to-date experience.
+This article describes the network connections that Windows 10 and Windows 11 components make to Microsoft and the Mobile Device Management/Configuration Service Provider (MDM/CSP) and custom Open Mobile Alliance Uniform Resource Identifier ([OMA URI](/intune/custom-settings-windows-10)) policies available to IT Professionals using Microsoft Intune to help manage the data shared with Microsoft. If you want to minimize connections from Windows to Microsoft services, or configure privacy settings, there are a number of settings for consideration. For example, you can configure diagnostic data to the lowest level for your edition of Windows and evaluate other connections Windows makes to Microsoft services you want to turn off using the instructions in this article. While it is possible to minimize network connections to Microsoft, there are many reasons why these communications are enabled by default, such as updating malware definitions and maintaining current certificate revocation lists. This data helps us deliver a secure, reliable, and up-to-date experience.
>[!IMPORTANT]
>- The Allowed Traffic endpoints for an MDM configuration are here: [Allowed Traffic](#bkmk-mdm-allowedtraffic)
> - CRL (Certificate Revocation List) and OCSP (Online Certificate Status Protocol) network traffic cannot be disabled and will still show up in network traces. CRL and OCSP checks are made to the issuing certificate authorities. Microsoft is one of these authorities. There are many others such as DigiCert, Thawte, Google, Symantec, and VeriSign.
-> - There is some traffic which is specifically required for the Microsoft Intune based management of Windows 10 devices. This traffic includes Windows Notifications Service (WNS), Automatic Root Certificates Update (ARCU), and some Windows Update related traffic. The aforementioned traffic comprises the Allowed Traffic for Microsoft Intune MDM Server to manage Windows 10 devices.
+> - There is some traffic which is specifically required for the Microsoft Intune based management of Windows 10 and Windows 11 devices. This traffic includes Windows Notifications Service (WNS), Automatic Root Certificates Update (ARCU), and some Windows Update related traffic. The aforementioned traffic comprises the Allowed Traffic for Microsoft Intune MDM Server to manage Windows 10 and Windows 11 devices.
>- For security reasons, it is important to take care in deciding which settings to configure as some of them may result in a less secure device. Examples of settings that can lead to a less secure device configuration include: disabling Windows Update, disabling Automatic Root Certificates Update, and disabling Windows Defender. Accordingly, we do not recommend disabling any of these features.
>- To ensure CSPs take priority over Group Policies in case of conflicts, use the [ControlPolicyConflict](/windows/client-management/mdm/policy-csp-controlpolicyconflict) policy.
>- The **Get Help** and **Give us Feedback** links in Windows may no longer work after applying some or all of the MDM/CSP settings.
@@ -36,16 +37,16 @@ This article describes the network connections that Windows 10 components make t
For more information on Microsoft Intune please see [Transform IT service delivery for your modern workplace](https://www.microsoft.com/en-us/enterprise-mobility-security/microsoft-intune?rtc=1) and [Microsoft Intune documentation](/intune/).
-For detailed information about managing network connections to Microsoft services using Windows Settings, Group Policies and Registry settings see [Manage connections from Windows 10 operating system components to Microsoft services](./manage-connections-from-windows-operating-system-components-to-microsoft-services.md).
+For detailed information about managing network connections to Microsoft services using Windows Settings, Group Policies and Registry settings see [Manage connections from Windows operating system components to Microsoft services](./manage-connections-from-windows-operating-system-components-to-microsoft-services.md).
We are always striving to improve our documentation and welcome your feedback. You can provide feedback by sending email to **telmhelp**@**microsoft.com**.
-## Settings for Windows 10 Enterprise edition 1903 and newer
+## Settings for Windows 10 Enterprise edition 1903 and later and Windows 11
The following table lists management options for each setting.
-For Windows 10, the following MDM policies are available in the [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider).
+For Windows 10 and Windows 11, the following MDM policies are available in the [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider).
1. **Automatic Root Certificates Update**
1. MDM Policy: There is intentionally no MDM available for Automatic Root Certificate Update. This MDM does not exist since it would prevent the operation and management of MDM management of devices.
@@ -104,7 +105,7 @@ For Windows 10, the following MDM policies are available in the [Policy CSP](/wi
1. **OneDrive**
1. MDM Policy: [DisableOneDriveFileSync](/windows/client-management/mdm/policy-csp-system#system-disableonedrivefilesync). Allows IT Admins to prevent apps and features from working with files on OneDrive. **Set to 1 (one)**
- 1. Ingest the ADMX - To get the latest OneDrive ADMX file you need an up-to-date Windows 10 client. The ADMX files are located under the following path: %LocalAppData%\Microsoft\OneDrive\ there's a folder with the current OneDrive build (e.g. "18.162.0812.0001"). There is a folder named "adm" which contains the admx and adml policy definition files.
+ 1. Ingest the ADMX - To get the latest OneDrive ADMX file you need an up-to-date Windows 10 or Windows 11 client. The ADMX files are located under the following path: %LocalAppData%\Microsoft\OneDrive\ there's a folder with the current OneDrive build (e.g. "18.162.0812.0001"). There is a folder named "adm" which contains the admx and adml policy definition files.
1. MDM Policy: Prevent Network Traffic before User SignIn. **PreventNetworkTrafficPreUserSignIn**. The OMA-URI value is: **./Device/Vendor/MSFT/Policy/Config/OneDriveNGSC\~Policy\~OneDriveNGSC/PreventNetworkTrafficPreUserSignIn**, Data type: **String**, Value: **\**
@@ -135,33 +136,33 @@ For Windows 10, the following MDM policies are available in the [Policy CSP](/wi
1. App Diagnostics - [Privacy/LetAppsGetDiagnosticInfo](/windows/client-management/mdm/policy-csp-privacy#privacy-letappsgetdiagnosticinfo). Force allow, force deny or give user control of apps that can get diagnostic information about other running apps. **Set to 2 (two)**
1. **Software Protection Platform** - [Licensing/DisallowKMSClientOnlineAVSValidation](/windows/client-management/mdm/policy-csp-licensing#licensing-disallowkmsclientonlineavsvalidation). Opt out of sending KMS client activation data to Microsoft automatically. **Set to 1 (one)**
1. **Storage Health** - [Storage/AllowDiskHealthModelUpdates](/windows/client-management/mdm/policy-csp-storage#storage-allowdiskhealthmodelupdates). Allows disk health model updates. **Set to 0 (zero)**
-1. **Sync your settings** - [Experience/AllowSyncMySettings](/windows/client-management/mdm/policy-csp-experience#experience-allowsyncmysettings). Control whether your settings are synchronized. **Set to 0 (zero)**
-1. **Teredo** - No MDM needed. Teredo is **Off by default**. Delivery Optimization (DO) can turn on Teredo, but DO itself is turned Off via MDM.
-1. **Wi-Fi Sense** - No MDM needed. Wi-Fi Sense is no longer available from Windows 10 version 1803 and newer.
+1. **Sync your settings** - [Experience/AllowSyncMySettings](/windows/client-management/mdm/policy-csp-experience#experience-allowsyncmysettings). Control whether your settings are synchronized. **Set to 0 (zero)**
+1. **Teredo** - No MDM needed. Teredo is **Off by default**. Delivery Optimization (DO) can turn on Teredo, but DO itself is turned Off via MDM.
+1. **Wi-Fi Sense** - No MDM needed. Wi-Fi Sense is no longer available from Windows 10 version 1803 and later or Windows 11.
1. **Windows Defender**
- 1. [Defender/AllowCloudProtection](/windows/client-management/mdm/policy-csp-defender#defender-allowcloudprotection). Disconnect from the Microsoft Antimalware Protection Service. **Set to 0 (zero)**
+ 1. [Defender/AllowCloudProtection](/windows/client-management/mdm/policy-csp-defender#defender-allowcloudprotection). Disconnect from the Microsoft Antimalware Protection Service. **Set to 0 (zero)**
1. [Defender/SubmitSamplesConsent](/windows/client-management/mdm/policy-csp-defender#defender-submitsamplesconsent). Stop sending file samples back to Microsoft. **Set to 2 (two)**
1. [Defender/EnableSmartScreenInShell](/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-available-settings#mdm-settings). Turns off SmartScreen in Windows for app and file execution. **Set to 0 (zero)**
1. Windows Defender SmartScreen - [Browser/AllowSmartScreen](/windows/client-management/mdm/policy-csp-browser#browser-allowsmartscreen). Disable Windows Defender SmartScreen. **Set to 0 (zero)**
- 1. Windows Defender SmartScreen EnableAppInstallControl - [SmartScreen/EnableAppInstallControl](/windows/client-management/mdm/policy-csp-smartscreen#smartscreen-enableappinstallcontrol). Controls whether users are allowed to install apps from places other than the Microsoft Store. **Set to 0 (zero)**
+ 1. Windows Defender SmartScreen EnableAppInstallControl - [SmartScreen/EnableAppInstallControl](/windows/client-management/mdm/policy-csp-smartscreen#smartscreen-enableappinstallcontrol). Controls whether users are allowed to install apps from places other than the Microsoft Store. **Set to 0 (zero)**
1. Windows Defender Potentially Unwanted Applications(PUA) Protection - [Defender/PUAProtection](/windows/client-management/mdm/policy-csp-defender#defender-puaprotection). Specifies the level of detection for potentially unwanted applications (PUAs). **Set to 1 (one)**
1. [Defender/SignatureUpdateFallbackOrder](). Allows you to define the order in which different definition update sources should be contacted. The OMA-URI for this is: **./Vendor/MSFT/Policy/Config/Defender/SignatureUpdateFallbackOrder**, Data type: **String**, Value: **FileShares**
1. **Windows Spotlight** - [Experience/AllowWindowsSpotlight](/windows/client-management/mdm/policy-csp-experience#experience-allowwindowsspotlight). Disable Windows Spotlight. **Set to 0 (zero)**
1. **Microsoft Store**
1. [ApplicationManagement/DisableStoreOriginatedApps](/windows/client-management/mdm/policy-csp-applicationmanagement#applicationmanagement-disablestoreoriginatedapps). Boolean value that disables the launch of all apps from Microsoft Store that came pre-installed or were downloaded. **Set to 1 (one)**
1. [ApplicationManagement/AllowAppStoreAutoUpdate](/windows/client-management/mdm/policy-csp-applicationmanagement#applicationmanagement-allowappstoreautoupdate). Specifies whether automatic update of apps from Microsoft Store are allowed. **Set to 0 (zero)**
-1. **Apps for websites** - [ApplicationDefaults/EnableAppUriHandlers](/windows/client-management/mdm/policy-csp-applicationdefaults#applicationdefaults-enableappurihandlers). This policy setting determines whether Windows supports web-to-app linking with app URI handlers. **Set to 0 (zero)**
+1. **Apps for websites** - [ApplicationDefaults/EnableAppUriHandlers](/windows/client-management/mdm/policy-csp-applicationdefaults#applicationdefaults-enableappurihandlers). This policy setting determines whether Windows supports web-to-app linking with app URI handlers. **Set to 0 (zero)**
1. **Windows Update Delivery Optimization** - The following Delivery Optimization MDM policies are available in the [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider).
1. [DeliveryOptimization/DODownloadMode](/windows/client-management/mdm/policy-csp-deliveryoptimization#deliveryoptimization-dodownloadmode). Let’s you choose where Delivery Optimization gets or sends updates and apps. **Set to 99 (ninety-nine)**
1. **Windows Update**
1. [Update/AllowAutoUpdate](/windows/client-management/mdm/policy-csp-update#update-allowautoupdate). Control automatic updates. **Set to 5 (five)**
1. Windows Update Allow Update Service - [Update/AllowUpdateService](/windows/client-management/mdm/policy-csp-update#update-allowupdateservice). Specifies whether the device could use Microsoft Update, Windows Server Update Services (WSUS), or Microsoft Store. **Set to 0 (zero)**
- 1. Windows Update Service URL - [Update/UpdateServiceUrl](/windows/client-management/mdm/policy-csp-update#update-updateserviceurl). Allows the device to check for updates from a WSUS server instead of Microsoft Update. **Set to String** with the Value:
+ 1. Windows Update Service URL - [Update/UpdateServiceUrl](/windows/client-management/mdm/policy-csp-update#update-updateserviceurl). Allows the device to check for updates from a WSUS server instead of Microsoft Update. **Set to String** with the Value:
1. **\\$CmdID$\\\chr\text/plain\\ \./Vendor/MSFT/Policy/Config/Update/UpdateServiceUrl\\http://abcd-srv:8530\\**
### Allowed traffic for Microsoft Intune / MDM configurations
-|**Allowed traffic endpoints** |
+|**Allowed traffic endpoints**
| --- |
|activation-v2.sls.microsoft.com/*|
|cdn.onenote.net|
diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
index f1f0d9469a..aef42b510b 100644
--- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
+++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
@@ -1,5 +1,5 @@
---
-title: Manage connections from Windows 10 operating system components to Microsoft services
+title: Manage connections from Windows 10 and Windows 11 operating system components to Microsoft services
description: Learn how to minimize connections from Windows to Microsoft services, and configure particular privacy settings related to these connections.
ms.assetid: ACCEB0DD-BC6F-41B1-B359-140B242183D9
ms.reviewer:
@@ -17,17 +17,18 @@ ms.topic: article
ms.date: 5/21/2021
---
-# Manage connections from Windows 10 operating system components to Microsoft services
+# Manage connections from Windows 10 and Windows 11 operating system components to Microsoft services
**Applies to**
-- Windows 10 Enterprise, version 1607 and newer
+- Windows 11 Enterprise
+- Windows 10 Enterprise, version 1607 and later
- Windows Server 2016
- Windows Server 2019
-This article describes the network connections that Windows 10 components make to Microsoft and the Windows Settings, Group Policies and registry settings available to IT Professionals to help manage the data shared with Microsoft. If you want to minimize connections from Windows to Microsoft services, or configure privacy settings, there are a number of settings for consideration. For example, you can configure diagnostic data to the lowest level for your edition of Windows and evaluate other connections Windows makes to Microsoft services you want to turn off using the instructions in this article. While it is possible to minimize network connections to Microsoft, there are many reasons why these communications are enabled by default, such as updating malware definitions and maintaining current certificate revocation lists. This data helps us deliver a secure, reliable, and up-to-date experience.
+This article describes the network connections that Windows 10 and Windows 11 components make to Microsoft and the Windows Settings, Group Policies and registry settings available to IT Professionals to help manage the data shared with Microsoft. If you want to minimize connections from Windows to Microsoft services, or configure privacy settings, there are a number of settings for consideration. For example, you can configure diagnostic data to the lowest level for your edition of Windows and evaluate other connections Windows makes to Microsoft services you want to turn off using the instructions in this article. While it is possible to minimize network connections to Microsoft, there are many reasons why these communications are enabled by default, such as updating malware definitions and maintaining current certificate revocation lists. This data helps us deliver a secure, reliable, and up-to-date experience.
-Microsoft provides a [Windows Restricted Traffic Limited Functionality Baseline](https://go.microsoft.com/fwlink/?linkid=828887) package that will allow your organization to quickly configure the settings covered in this document to restrict connections from Windows 10 to Microsoft. The Windows Restricted Traffic Limited Baseline is based on [Group Policy Administrative Template](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra) functionality and the package you download contains further instructions on how to deploy to devices in your organization. Since some of the settings can reduce the functionality and security configuration of your device, **before deploying Windows Restricted Traffic Limited Functionality Baseline** make sure you **choose the right settings configuration for your environment** and **ensure that Windows and Microsoft Defender Antivirus are fully up to date**. Failure to do so may result in errors or unexpected behavior. You should not extract this package to the windows\system32 folder because it will not apply correctly.
+Microsoft provides a [Windows Restricted Traffic Limited Functionality Baseline](https://go.microsoft.com/fwlink/?linkid=828887) package that will allow your organization to quickly configure the settings covered in this document to restrict connections from Windows 10 and Windows 11 to Microsoft. The Windows Restricted Traffic Limited Baseline is based on [Group Policy Administrative Template](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra) functionality and the package you download contains further instructions on how to deploy to devices in your organization. Since some of the settings can reduce the functionality and security configuration of your device, **before deploying Windows Restricted Traffic Limited Functionality Baseline** make sure you **choose the right settings configuration for your environment** and **ensure that Windows and Microsoft Defender Antivirus are fully up to date**. Failure to do so may result in errors or unexpected behavior. You should not extract this package to the windows\system32 folder because it will not apply correctly.
> [!IMPORTANT]
> - The downloadable Windows 10, version 1903 scripts/settings can be used on Windows 10, version 1909 devices.
@@ -42,7 +43,7 @@ Microsoft provides a [Windows Restricted Traffic Limited Functionality Baseline]
> - To restrict a device effectively (first time or subsequently), it is recommended to apply the Restricted Traffic Limited Functionality Baseline settings package in offline mode.
> - During update or upgrade of Windows, egress traffic may occur.
-To use Microsoft Intune cloud-based device management for restricting traffic please refer to the [Manage connections from Windows 10 operating system components to Microsoft services using Microsoft Intune MDM Server](manage-connections-from-windows-operating-system-components-to-microsoft-services-using-mdm.md).
+To use Microsoft Intune cloud-based device management for restricting traffic please refer to the [Manage connections from Windows 10 and Windows 11 operating system components to Microsoft services using Microsoft Intune MDM Server](manage-connections-from-windows-operating-system-components-to-microsoft-services-using-mdm.md).
We are always striving to improve our documentation and welcome your feedback. You can provide feedback by contacting **telmhelp**@**microsoft.com**.
@@ -50,9 +51,9 @@ We are always striving to improve our documentation and welcome your feedback. Y
The following sections list the components that make network connections to Microsoft services by default. You can configure these settings to control the data that is sent to Microsoft. To prevent Windows from sending any data to Microsoft, configure diagnostic data at the Security level, turn off Microsoft Defender Antivirus diagnostic data and MSRT reporting, and turn off all of these connections
-### Settings for Windows 10 Enterprise edition
+### Settings for Windows 10 and Windows 11 Enterprise edition
-The following table lists management options for each setting, beginning with Windows 10 Enterprise version 1607.
+The following table lists management options for each setting, For Windows 10 (beginning with Windows 10 Enterprise version 1607) and Windows 11.
| Setting | UI | Group Policy | Registry |
@@ -74,7 +75,7 @@ The following table lists management options for each setting, beginning with Wi
| [15. Offline maps](#bkmk-offlinemaps) |  |  |  |
| [16. OneDrive](#bkmk-onedrive) | |  |  |
| [17. Preinstalled apps](#bkmk-preinstalledapps) |  | | |
-| [18. Settings > Privacy](#bkmk-settingssection) | | | |
+| [18. Settings > Privacy & security](#bkmk-settingssection) | | | |
| [18.1 General](#bkmk-general) |  |  |  |
| [18.2 Location](#bkmk-priv-location) |  |  |  |
| [18.3 Camera](#bkmk-priv-camera) |  |  |  |
@@ -130,7 +131,7 @@ See the following table for a summary of the management settings for Windows Ser
| [12. Microsoft Account](#bkmk-microsoft-account) | | |  |
| [14. Network Connection Status Indicator](#bkmk-ncsi) | |  |  |
| [16. OneDrive](#bkmk-onedrive) | |  |  |
-| [18. Settings > Privacy](#bkmk-settingssection) | | | |
+| [18. Settings > Privacy & security](#bkmk-settingssection) | | | |
| [19. Software Protection Platform](#bkmk-spp) | |  |  |
| [22. Teredo](#bkmk-teredo) | |  |  |
| [24. Microsoft Defender Antivirus](#bkmk-defender) | |  |  |
@@ -186,7 +187,7 @@ See the following table for a summary of the management settings for Windows Ser
| [15. Offline maps](#bkmk-offlinemaps) |  |  |  |
| [16. OneDrive](#bkmk-onedrive) | |  |  |
| [17. Preinstalled apps](#bkmk-preinstalledapps) |  | | |
-| [18. Settings > Privacy](#bkmk-settingssection) | | | |
+| [18. Settings > Privacy & security](#bkmk-settingssection) | | | |
| [18.1 General](#bkmk-general) |  |  |  |
| [18.2 Location](#bkmk-priv-location) |  |  |  |
| [18.3 Camera](#bkmk-priv-camera) |  |  |  |
@@ -237,7 +238,7 @@ Although not recommended, you can turn off Automatic Root Certificates Update, w
> [!CAUTION]
> By not automatically downloading the root certificates the device may not be able to connect to some websites.
-For Windows 10, Windows Server 2016 with Desktop Experience, and Windows Server 2016 Server Core:
+For Windows 10, Windows Server 2016 with Desktop Experience, Windows Server 2016 Server Core, and Windows 11:
- Enable the Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **Internet Communication Management** > **Internet Communication Settings** > **Turn off Automatic Root Certificates Update**
@@ -293,7 +294,7 @@ You can also apply the Group Policies using the following registry keys:
> [!IMPORTANT]
-> Using the Group Policy editor these steps are required for all supported versions of Windows 10, however they are not required for devices running Windows 10, version 1607 or Windows Server 2016.
+> Using the Group Policy editor these steps are required for all supported versions of Windows 10 and Windows 11, however they are not required for devices running Windows 10, version 1607 or Windows Server 2016.
1. Expand **Computer Configuration** > **Windows Settings** > **Security Settings** > **Windows Defender Firewall with Advanced Security** > **Windows Defender Firewall with Advanced Security - <LDAP name>**, and then click **Outbound Rules**.
@@ -389,21 +390,21 @@ If you're running Windows 10, version 1607, Windows Server 2016, or later:
### 7. Insider Preview builds
-The Windows Insider Preview program lets you help shape the future of Windows, be part of the community, and get early access to releases of Windows 10. This setting stops communication with the Windows Insider Preview service that checks for new builds.
-Windows Insider Preview builds only apply to Windows 10 and are not available for Windows Server 2016.
+The Windows Insider Preview program lets you help shape the future of Windows, be part of the community, and get early access to releases of Windows 10 and Windows 11. This setting stops communication with the Windows Insider Preview service that checks for new builds.
+Windows Insider Preview builds only apply to Windows 10 and Windows 11 and are not available for Windows Server 2016.
> [!NOTE]
> If you upgrade a device that is configured to minimize connections from Windows to Microsoft services (that is, a device configured for Restricted Traffic) to a Windows Insider Preview build, the Feedback & Diagnostic setting will automatically be set to **Optional (Full)**. Although the diagnostic data level may initially appear as **Required (Basic)**, a few hours after the UI is refreshed or the machine is rebooted, the setting will become **Optional (Full)**.
-To turn off Insider Preview builds for a released version of Windows 10:
+To turn off Insider Preview builds for a released version of Windows 10 or Windows 11:
- **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Data Collection and Preview Builds** > **Toggle user control over Insider builds**.
-To turn off Insider Preview builds for Windows 10:
+To turn off Insider Preview builds for Windows 10 and Windows 11:
> [!NOTE]
-> If you're running a preview version of Windows 10, you must roll back to a released version before you can turn off Insider Preview builds.
+> If you're running a preview version of Windows 10 or Windows 11, you must roll back to a released version before you can turn off Insider Preview builds.
- Turn off the feature in the UI: **Settings** > **Update & security** > **Windows Insider Program** > **Stop Insider Preview builds**.
@@ -529,7 +530,7 @@ To turn off Live Tiles:
- Create a REG_DWORD registry setting named **NoCloudApplicationNotification** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\PushNotifications** with a **value of 1 (one)**
-In Windows 10 Mobile, you must also unpin all tiles that are pinned to Start.
+In Windows 10 or Windows 11 Mobile, you must also unpin all tiles that are pinned to Start.
### 11. Mail synchronization
@@ -548,7 +549,7 @@ To turn off the Windows Mail app:
### 12. Microsoft Account
-Use the below setting to prevent communication to the Microsoft Account cloud authentication service. Many apps and system components that depend on Microsoft Account authentication may lose functionality. Some of them could be in unexpected ways. For example, Windows Update will no longer offer feature updates to devices running Windows 10 1709 or higher. See [Feature updates are not being offered while other updates are](/windows/deployment/update/windows-update-troubleshooting#feature-updates-are-not-being-offered-while-other-updates-are).
+Use the below setting to prevent communication to the Microsoft Account cloud authentication service. Many apps and system components that depend on Microsoft Account authentication may lose functionality. Some of them could be in unexpected ways. For example, Windows Update will no longer offer feature updates to devices running Windows 10 1709 or higher and Windows 11. See [Feature updates are not being offered while other updates are](/windows/deployment/update/windows-update-troubleshooting#feature-updates-are-not-being-offered-while-other-updates-are).
To disable the Microsoft Account Sign-In Assistant:
@@ -657,7 +658,7 @@ You can turn off the ability to download and update offline maps.
-and-
-- In Windows 10, version 1607 and later, **Enable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Maps** > **Turn off unsolicited network traffic on the Offline Maps settings page**
+- In Windows 10, version 1607 and later, and Windows 11 **Enable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Maps** > **Turn off unsolicited network traffic on the Offline Maps settings page**
-or-
@@ -805,9 +806,9 @@ To remove the Sticky notes app:
- Remove the app for the current user. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxPackage Microsoft.MicrosoftStickyNotes | Remove-AppxPackage**
-### 18. Settings > Privacy
+### 18. Settings > Privacy & security
-Use Settings > Privacy to configure some settings that may be important to your organization. Except for the Feedback & Diagnostics page, these settings must be configured for every user account that signs into the PC.
+Use Settings > Privacy & security to configure some settings that may be important to your organization. Except for the Feedback & Diagnostics page, these settings must be configured for every user account that signs into the PC.
- [18.1 General](#bkmk-general)
@@ -1268,7 +1269,7 @@ In the **Other Devices** area, you can choose whether devices that aren't paired
To turn off **Let apps automatically share and sync info with wireless devices that don't explicitly pair with your PC, tablet, or phone**:
-- Turn off the feature in the UI by going to Settings > Privacy > Other devices > "Communicate with unpaired devices. Let apps automatically share and sync info with wireless devices that don't explicitly pair with your PC, tablet, or phone" and **Turn it OFF**.
+- Turn off the feature in the UI by going to Settings > Privacy & security > Other devices > "Communicate with unpaired devices. Let apps automatically share and sync info with wireless devices that don't explicitly pair with your PC, tablet, or phone" and **Turn it OFF**.
-or-
@@ -1342,7 +1343,7 @@ To change the level of diagnostic and usage data sent when you **Send your devic
- Create a REG_DWORD registry setting in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\DataCollection\\AllowTelemetry** with a **value of 0**.
> [!NOTE]
-> If the **Security** option is configured by using Group Policy or the Registry, the value will not be reflected in the UI. The **Security** option is only available in Windows 10 Enterprise edition.
+> If the **Security** option is configured by using Group Policy or the Registry, the value will not be reflected in the UI. The **Security** option is only available in Windows 10 and Windows 11 Enterprise edition.
To turn off tailored experiences with relevant tips and recommendations by using your diagnostics data:
@@ -1380,7 +1381,7 @@ To turn off **Let apps run in the background**:
-or-
-- **Enable** the Group Policy (only applicable for Windows 10 version 1703 and above): **Computer Configuration** > **Administrative Templates** > **Windows Components** > **App Privacy** > **Let Windows apps run in the background** and set the **Select a setting** box to **Force Deny**.
+- **Enable** the Group Policy (only applicable for Windows 10 version 1703 and above and Windows 11): **Computer Configuration** > **Administrative Templates** > **Windows Components** > **App Privacy** > **Let Windows apps run in the background** and set the **Select a setting** box to **Force Deny**.
-or-
@@ -1527,7 +1528,7 @@ To turn this Off in the UI:
Enterprise customers can manage their Windows activation status with volume licensing using an on-premises Key Management Server. You can opt out of sending KMS client activation data to Microsoft automatically by doing one of the following:
-**For Windows 10:**
+**For Windows 10 and Windows 11:**
- **Enable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Software Protection Platform** > **Turn off KMS Client Online AVS Validation**
@@ -1555,7 +1556,7 @@ Enterprise customers can manage their Windows activation status with volume lice
Enterprise customers can manage updates to the Disk Failure Prediction Model.
-For Windows 10:
+For Windows 10 and Windows 11:
- **Disable** this Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **Storage Health** > **Allow downloading updates to the Disk Failure Prediction Model**
-or-
@@ -1723,12 +1724,12 @@ In Group Policy, configure:
Windows Spotlight provides features such as different background images and text on the lock screen, suggested apps, Microsoft account notifications, and Windows tips. You can control it by using the user interface or Group Policy.
-If you're running Windows 10, version 1607 or later, you need to:
+If you're running Windows 10, version 1607 or later, or Windows 11, you need to:
- **Enable** the following Group Policy **User Configuration** > **Administrative Templates** > **Windows Components** > **Cloud Content** > **Turn off all Windows spotlight features**
> [!NOTE]
- > This must be done within 15 minutes after Windows 10 is installed. Alternatively, you can create an image with this setting.
+ > This must be done within 15 minutes after Windows 10 or Windows 11 is installed. Alternatively, you can create an image with this setting.
-or-
@@ -1840,11 +1841,11 @@ You can turn off apps for websites, preventing customers who visit websites that
Delivery Optimization is the downloader of Windows updates, Microsoft Store apps, Office and other content from Microsoft. Delivery Optimization can also download from sources in addition to Microsoft, which not only helps when you have a limited or unreliable Internet connection, but can also help you reduce the amount of bandwidth needed to keep all of your organization's PCs up-to-date. If you have Delivery Optimization Peer-to-Peer option turned on, PCs on your network may send and receive updates and apps to other PCs on your local network, if you choose, or to PCs on the Internet.
-By default, PCs running Windows 10 will only use Delivery Optimization to get and receive updates for PCs and apps on your local network.
+By default, PCs running Windows 10 or Windows 11 will only use Delivery Optimization to get and receive updates for PCs and apps on your local network.
Use the UI, Group Policy, or Registry Keys to set up Delivery Optimization.
-In Windows 10 version 1607 and above you can stop network traffic related to Delivery Optimization Cloud Service by setting **Download Mode** to **Simple Mode** (99), as described below.
+In Windows 10, version 1607 and above, and Windows 11 you can stop network traffic related to Delivery Optimization Cloud Service by setting **Download Mode** to **Simple Mode** (99), as described below.
### 28.1 Settings > Update & security
@@ -1933,7 +1934,7 @@ For China releases of Windows 10 there is one additional Regkey to be set to pre
### 30. Cloud Clipboard
-Specifies whether clipboard items roam across devices. When this is allowed, an item copied to the clipboard is uploaded to the cloud so that other devices can access it. Clipboard items in the cloud can be downloaded and pasted across your Windows 10 devices.
+Specifies whether clipboard items roam across devices. When this is allowed, an item copied to the clipboard is uploaded to the cloud so that other devices can access it. Clipboard items in the cloud can be downloaded and pasted across your Windows 10 and Windows 11 devices.
Most restricted value is 0.
diff --git a/windows/privacy/manage-windows-11-endpoints.md b/windows/privacy/manage-windows-11-endpoints.md
new file mode 100644
index 0000000000..2d099697dc
--- /dev/null
+++ b/windows/privacy/manage-windows-11-endpoints.md
@@ -0,0 +1,159 @@
+---
+title: Connection endpoints for Windows 11 Enterprise
+description: Explains what Windows 11 endpoints are used for, how to turn off traffic to them, and the impact. Specific to Windows 11.
+keywords: privacy, manage connections to Microsoft, Windows 11
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.localizationpriority: high
+audience: ITPro
+author: gental-giant
+ms.author: v-hakima
+manager: robsize
+ms.collection: M365-security-compliance
+ms.topic: article
+ms.date: 12/17/2020
+---
+
+# Manage connection endpoints for Windows 11 Enterprise
+
+**Applies to**
+
+- Windows 11 Enterprise
+
+Some Windows components, app, and related services transfer data to Microsoft network endpoints. Some examples include:
+
+- Connecting to Microsoft Office and Windows sites to download the latest app and security updates.
+- Connecting to email servers to send and receive email.
+- Connecting to the web for every day web browsing.
+- Connecting to the cloud to store and access backups.
+- Using your location to show a weather forecast.
+
+Details about the different ways to control traffic to these endpoints are covered in [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md).
+Where applicable, each endpoint covered in this topic includes a link to the specific details on how to control that traffic.
+
+The following methodology was used to derive these network endpoints:
+
+1. Set up the latest version of Windows 11 on a test virtual machine using the default settings.
+2. Leave the device(s) running idle for a week ("idle" means a user is not interacting with the system/device).
+3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic.
+4. Compile reports on traffic going to public IP addresses.
+5. The test virtual machine(s) was logged into using a local account, and was not joined to a domain or Azure Active Directory.
+6. All traffic was captured in our lab using a IPV4 network. Therefore, no IPV6 traffic is reported here.
+7. These tests were conducted in an approved Microsoft lab. It's possible your results may be different.
+8. These tests were conducted for one week, but if you capture traffic for longer you may have different results.
+
+> [!NOTE]
+> Microsoft uses global load balancers that can appear in network trace-routes. For example, an endpoint for *.akadns.net might be used to load balance requests to an Azure datacenter, which can change over time.
+
+
+## Windows 11 Enterprise connection endpoints
+
+|Area|Description|Protocol|Destination|
+|----------------|----------|----------|------------|
+|Apps|||[Learn how to turn off traffic to the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore)|
+||The following endpoint is used for the Weather app. To turn off traffic for this endpoint, either uninstall the Weather app or disable the Microsoft Store. If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|HTTP|tile-service.weather.microsoft.com|
+||The following endpoint is used for OneNote Live Tile. To turn off traffic for this endpoint, either uninstall OneNote or disable the Microsoft Store. If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|TLSv1.2/HTTPS/HTTP|cdn.onenote.net|
+||The following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office in a browser. To turn off traffic for this endpoint, either uninstall the Photos app or disable the Microsoft Store. If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|TLSv1.2/HTTPS|evoke-windowsservices-tas.msedge.net
+|Certificates|The following endpoint is used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available. It is possible to turn off traffic to this endpoint, but it is not recommended because as root certificates are updated over time, applications and websites may stop working because they did not receive an updated root certificate the application uses. Additionally, it is used to download certificates that are publicly known to be fraudulent. These settings are critical for both Windows security and the overall security of the Internet. We do not recommend blocking this endpoint. If traffic to this endpoint is turned off, Windows no longer automatically downloads certificates known to be fraudulent, which increases the attack vector on the device.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#automatic-root-certificates-update)|
+|||TLSv1.2/HTTPS/HTTP|ctldl.windowsupdate.com|
+|Cortana and Live Tiles|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana)|
+||The following endpoints are related to Cortana and Live Tiles. If you turn off traffic for this endpoint, you will block updates to Cortana greetings, tips, and Live Tiles.|TLSv1.2/HTTPS/HTTP|www.bing.com*|
+|||TLSv1.2/HTTPS/HTTP|fp.msedge.net|
+|||TLSv1.2|I-ring.msedge.net|
+|||HTTPS|s-ring.msedge.net|
+|Device authentication|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback)|
+||The following endpoint is used to authenticate a device. If you turn off traffic for this endpoint, the device will not be authenticated.|HTTPS|login.live.com*|
+|Device metadata|The following endpoint is used to retrieve device metadata. If you turn off traffic for this endpoint, metadata will not be updated for the device.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#4-device-metadata-retrieval)|
+|||HTTP|dmd.metaservices.microsoft.com|
+|Diagnostic Data|The following endpoints are used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service. If you turn off traffic for this endpoint, diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, will not be sent back to Microsoft. ||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback)|
+|||TLSv1.2/HTTPS/HTTP|v10.events.data.microsoft.com|
+||The following endpoints are used by Windows Error Reporting. To turn off traffic for these endpoints, enable the following Group Policy: Administrative Templates > Windows Components > Windows Error Reporting > Disable Windows Error Reporting. This means error reporting information will not be sent back to Microsoft.|TLSv1.2|telecommand.telemetry.microsoft.com|
+|||TLS v1.2/HTTPS/HTTP|watson.*.microsoft.com|
+|Font Streaming|The following endpoints are used to download fonts on demand. If you turn off traffic for these endpoints, you will not be able to download fonts on demand.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#6-font-streaming)|
+|||HTTPS|fs.microsoft.com|
+|Licensing|The following endpoint is used for online activation and some app licensing. To turn off traffic for this endpoint, disable the Windows License Manager Service. This will also block online activation and app licensing may not work.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#9-license-manager)|
+|||TLSv1.2/HTTPS/HTTP|licensing.mp.microsoft.com|
+|Maps|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-offlinemaps)|
+||The following endpoints are used to check for updates to maps that have been downloaded for offline use. If you turn off traffic for this endpoint, offline maps will not be updated.|TLSv1.2/HTTPS/HTTP|maps.windows.com|
+|Microsoft Account|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-microsoft-account)|
+||The following endpoints are used for Microsoft accounts to sign in. If you turn off traffic for these endpoints, users cannot sign in with Microsoft accounts. |TLSv1.2/HTTPS|login.live.com|
+|Microsoft Edge|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#13-microsoft-edge)|
+||This network traffic is related to the Microsoft Edge browser. The Microsoft Edge browser requires this endpoint to contact external websites.|HTTPS|iecvlist.microsoft.com|
+||The following endpoint is used by Microsoft Edge Update service to check for new updates. If you disable this endpoint, Microsoft Edge won’t be able to check for and apply new edge updates.|TLSv1.2/HTTPS/HTTP|msedge.api.cdp.microsoft.com|
+|Microsoft Store|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
+||The following endpoint is used to download image files that are called when applications run (Microsoft Store or Inbox MSN Apps). If you turn off traffic for these endpoints, the image files won't be downloaded, and apps cannot be installed or updated from the Microsoft Store. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.|HTTPS|img-prod-cms-rt-microsoft-com.akamaized.net|
+||The following endpoint is needed to load the content in the Microsoft Store app.|HTTPS|livetileedge.dsx.mp.microsoft.com|
+||The following endpoint is used for the Windows Push Notification Services (WNS). WNS enables third-party developers to send toast, tile, badge, and raw updates from their own cloud service. This provides a mechanism to deliver new updates to your users in a power-efficient and dependable way. If you turn off traffic for this endpoint, push notifications will no longer work, including MDM device management, mail synchronization, settings synchronization.|TLSv1.2/HTTPS|*.wns.windows.com|
+||The following endpoints are used to revoke licenses for malicious apps in the Microsoft Store. To turn off traffic for this endpoint, either uninstall the app or disable the Microsoft Store. If you disable the Microsoft Store, other Microsoft Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them|TLSv1.2/HTTPS/HTTP|storecatalogrevocation.storequality.microsoft.com|
+||The following endpoint is used to get Microsoft Store analytics.|HTTPS|manage.devcenter.microsoft.com|
+||The following endpoints are used to communicate with Microsoft Store. If you turn off traffic for these endpoints, apps cannot be installed or updated from the Microsoft Store.|TLSv1.2/HTTPS/HTTP|displaycatalog.mp.microsoft.com|
+|||HTTPS|pti.store.microsoft.com|
+|||HTTP|share.microsoft.com|
+||The following endpoint is used to get Microsoft Store analytics.|TLSv1.2/HTTPS/HTTP|manage.devcenter.microsoft.com|
+|Network Connection Status Indicator (NCSI)|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-ncsi)|
+||Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to this endpoint to determine if the device can communicate with the Internet. If you turn off traffic for this endpoint, NCSI won't be able to determine if the device is connected to the Internet and the network status tray icon will show a warning.|HTTPS|www.msftconnecttest.com*|
+|Office|The following endpoints are used to connect to the Office 365 portal's shared infrastructure, including Office in a browser. For more info, see Office 365 URLs and IP address ranges. You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps. If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
+|||HTTPS|www.office.com|
+|||HTTPS|blobs.officehome.msocdn.com|
+|||HTTPS|officehomeblobs.blob.core.windows.net|
+|||HTTPS|self.events.data.microsoft.com|
+|||TLSv1.2/HTTPS/HTTP|outlookmobile-office365-tas.msedge.net|
+|OneDrive|The following endpoints are related to OneDrive. If you turn off traffic for these endpoints, anything that relies on g.live.com to get updated URL information will no longer work.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-onedrive)|
+|||TLSv1.2/HTTPS/HTTP|g.live.com|
+|||TLSv1.2/HTTPS/HTTP|oneclient.sfx.ms|
+|||HTTPS| logincdn.msauth.net|
+|Settings|The following endpoint is used as a way for apps to dynamically update their configuration. Apps such as System Initiated User Feedback and the Xbox app use it. If you turn off traffic for this endpoint, an app that uses this endpoint may stop working.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback)|
+|||TLSv1.2/HTTPS/HTTP|settings-win.data.microsoft.com|
+|||HTTPS|settings.data.microsoft.com|
+|Skype|The following endpoint is used to retrieve Skype configuration values. To turn off traffic for this endpoint, either uninstall the app or disable the Microsoft Store. If you disable the Microsoft store, other Microsoft Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore)|
+|||HTTPS/HTTP|*.pipe.aria.microsoft.com|
+|||TLSv1.2/HTTPS/HTTP|config.edge.skype.com|
+|Teams|The following endpoint is used for Microsoft Teams application.||[Learn how to turn off traffic to all of the following endpoint(s).]( manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
+|||TLSv1.2/HTTPS/HTTP|config.teams.microsoft.com|
+|Microsoft Defender Antivirus|The following endpoint is used for Windows Defender when Cloud-based Protection is enabled. If you turn off traffic for this endpoint, the device will not use Cloud-based Protection.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-defender)|
+|||HTTPS/TLSv1.2|wdcp.microsoft.com|
+||The following endpoints are used for Windows Defender SmartScreen reporting and notifications. If you turn off traffic for these endpoints, SmartScreen notifications will not appear.|HTTPS|*smartscreen-prod.microsoft.com|
+|||HTTPS/HTTP|checkappexec.microsoft.com|
+|Windows Spotlight|The following endpoints are used to retrieve Windows Spotlight metadata that describes content, such as references to image locations, as well as suggested apps, Microsoft account notifications, and Windows tips. If you turn off traffic for these endpoints, Windows Spotlight will still try to deliver new lock screen images and updated content but it will fail; suggested apps, Microsoft account notifications, and Windows tips will not be downloaded. For more information, see Windows Spotlight.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-spotlight)|
+|||TLSv1.2/HTTPS/HTTP|arc.msn.com|
+|||HTTPS|ris.api.iris.microsoft.com|
+|Windows Update|The following endpoint is used for Windows Update downloads of apps and OS updates, including HTTP downloads or HTTP downloads blended with peers. If you turn off traffic for this endpoint, Windows Update downloads will not be managed, as critical metadata that is used to make downloads more resilient is blocked. Downloads may be impacted by corruption (resulting in re-downloads of full files). Additionally, downloads of the same update by multiple devices on the same local network will not use peer devices for bandwidth reduction.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-updates)|
+|||TLSv1.2/HTTPS/HTTP|*.prod.do.dsp.mp.microsoft.com|
+|||HTTP|emdl.ws.microsoft.com|
+||The following endpoints are used to download operating system patches, updates, and apps from Microsoft Store. If you turn off traffic for these endpoints, the device will not be able to download updates for the operating system.|TLSv1.2/HTTPS/HTTP|*.dl.delivery.mp.microsoft.com|
+|||HTTP|*.windowsupdate.com|
+||The following endpoints enable connections to Windows Update, Microsoft Update, and the online services of the Store. If you turn off traffic for these endpoints, the device will not be able to connect to Windows Update and Microsoft Update to help keep the device secure. Also, the device will not be able to acquire and update apps from the Store. These are dependent on also enabling "Device authentication" and "Microsoft Account" endpoints.|TLSv1.2/HTTPS/HTTP|*.delivery.mp.microsoft.com|
+|||TLSv1.2/HTTPS/HTTP|*.update.microsoft.com|
+||The following endpoint is used for compatibility database updates for Windows.|HTTPS|adl.windows.com|
+||The following endpoint is used for content regulation. If you turn off traffic for this endpoint, the Windows Update Agent will be unable to contact the endpoint and fallback behavior will be used. This may result in content being either incorrectly downloaded or not downloaded at all.|TLSv1.2/HTTPS/HTTP|tsfe.trafficshaping.dsp.mp.microsoft.com|
+|Xbox Live|The following endpoint is used for Xbox Live.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
+|||HTTPS|dlassets-ssl.xboxlive.com|
+
+
+## Other Windows 10 editions
+
+To view endpoints for other versions of Windows 10 Enterprise, see:
+
+- [Manage connection endpoints for Windows 10, version 21H1](manage-windows-21H1-endpoints.md)
+- [Manage connection endpoints for Windows 10, version 2004](manage-windows-2004-endpoints.md)
+- [Manage connection endpoints for Windows 10, version 1909](manage-windows-1909-endpoints.md)
+- [Manage connection endpoints for Windows 10, version 1903](manage-windows-1903-endpoints.md)
+- [Manage connection endpoints for Windows 10, version 1809](manage-windows-1809-endpoints.md)
+- [Manage connection endpoints for Windows 10, version 1803](manage-windows-1803-endpoints.md)
+- [Manage connection endpoints for Windows 10, version 1709](manage-windows-1709-endpoints.md)
+
+To view endpoints for non-Enterprise Windows 10 editions, see:
+
+- [Windows 10, version 21H1, connection endpoints for non-Enterprise editions](windows-endpoints-21H1-non-enterprise-editions.md)
+- [Windows 10, version 2004, connection endpoints for non-Enterprise editions](windows-endpoints-2004-non-enterprise-editions.md)
+- [Windows 10, version 1909, connection endpoints for non-Enterprise editions](windows-endpoints-1909-non-enterprise-editions.md)
+- [Windows 10, version 1903, connection endpoints for non-Enterprise editions](windows-endpoints-1903-non-enterprise-editions.md)
+- [Windows 10, version 1809, connection endpoints for non-Enterprise editions](windows-endpoints-1809-non-enterprise-editions.md)
+- [Windows 10, version 1803, connection endpoints for non-Enterprise editions](windows-endpoints-1803-non-enterprise-editions.md)
+- [Windows 10, version 1709, connection endpoints for non-Enterprise editions](windows-endpoints-1709-non-enterprise-editions.md)
+
+## Related links
+
+- [Office 365 URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US)
+- [Network infrastructure requirements for Microsoft Intune](/mem/intune/fundamentals/intune-endpoints)
\ No newline at end of file
diff --git a/windows/privacy/manage-windows-21H1-endpoints.md b/windows/privacy/manage-windows-21H1-endpoints.md
new file mode 100644
index 0000000000..52fc822b24
--- /dev/null
+++ b/windows/privacy/manage-windows-21H1-endpoints.md
@@ -0,0 +1,157 @@
+---
+title: Connection endpoints for Windows 10 Enterprise, version 21H1
+description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact. Specific to Windows 10 Enterprise, version 21H1.
+keywords: privacy, manage connections to Microsoft, Windows 10
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.localizationpriority: high
+audience: ITPro
+author: gental-giant
+ms.author: v-hakima
+manager: robsize
+ms.collection: M365-security-compliance
+ms.topic: article
+ms.date: 12/17/2020
+---
+
+# Manage connection endpoints for Windows 10 Enterprise, version 21H1
+
+**Applies to**
+
+- Windows 10 Enterprise, version 21H1
+
+Some Windows components, app, and related services transfer data to Microsoft network endpoints. Some examples include:
+
+- Connecting to Microsoft Office and Windows sites to download the latest app and security updates.
+- Connecting to email servers to send and receive email.
+- Connecting to the web for every day web browsing.
+- Connecting to the cloud to store and access backups.
+- Using your location to show a weather forecast.
+
+Details about the different ways to control traffic to these endpoints are covered in [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md).
+Where applicable, each endpoint covered in this topic includes a link to the specific details on how to control that traffic.
+
+The following methodology was used to derive these network endpoints:
+
+1. Set up the latest version of Windows 10 on a test virtual machine using the default settings.
+2. Leave the device(s) running idle for a week ("idle" means a user is not interacting with the system/device).
+3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic.
+4. Compile reports on traffic going to public IP addresses.
+5. The test virtual machine(s) was logged into using a local account, and was not joined to a domain or Azure Active Directory.
+6. All traffic was captured in our lab using a IPV4 network. Therefore, no IPV6 traffic is reported here.
+7. These tests were conducted in an approved Microsoft lab. It's possible your results may be different.
+8. These tests were conducted for one week, but if you capture traffic for longer you may have different results.
+
+> [!NOTE]
+> Microsoft uses global load balancers that can appear in network trace-routes. For example, an endpoint for *.akadns.net might be used to load balance requests to an Azure datacenter, which can change over time.
+
+## Windows 10 21H1 Enterprise connection endpoints
+
+|Area|Description|Protocol|Destination|
+|----------------|----------|----------|------------|
+|Apps|||[Learn how to turn off traffic to the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore)|
+||The following endpoint is used for the Weather app. To turn off traffic for this endpoint, either uninstall the Weather app or disable the Microsoft Store. If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|HTTP|tile-service.weather.microsoft.com|
+||The following endpoint is used for OneNote Live Tile. To turn off traffic for this endpoint, either uninstall OneNote or disable the Microsoft Store. If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|TLSv1.2/HTTPS/HTTP|cdn.onenote.net|
+||The following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office in a browser. To turn off traffic for this endpoint, either uninstall the Photos app or disable the Microsoft Store. If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|TLSv1.2/HTTPS|evoke-windowsservices-tas.msedge.net
+|Certificates|The following endpoint is used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available. It is possible to turn off traffic to this endpoint, but it is not recommended because as root certificates are updated over time, applications and websites may stop working because they did not receive an updated root certificate the application uses. Additionally, it is used to download certificates that are publicly known to be fraudulent. These settings are critical for both Windows security and the overall security of the Internet. We do not recommend blocking this endpoint. If traffic to this endpoint is turned off, Windows no longer automatically downloads certificates known to be fraudulent, which increases the attack vector on the device.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#automatic-root-certificates-update)|
+|||TLSv1.2/HTTPS/HTTP|ctldl.windowsupdate.com|
+|Cortana and Live Tiles|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana)|
+||The following endpoints are related to Cortana and Live Tiles. If you turn off traffic for this endpoint, you will block updates to Cortana greetings, tips, and Live Tiles.|TLSv1.2/HTTPS/HTTP|www.bing.com*|
+|||TLSv1.2/HTTPS/HTTP|fp.msedge.net|
+|||TLSv1.2|I-ring.msedge.net|
+|||HTTPS|s-ring.msedge.net|
+|Device authentication|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback)|
+||The following endpoint is used to authenticate a device. If you turn off traffic for this endpoint, the device will not be authenticated.|HTTPS|login.live.com*|
+|Device metadata|The following endpoint is used to retrieve device metadata. If you turn off traffic for this endpoint, metadata will not be updated for the device.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#4-device-metadata-retrieval)|
+|||HTTP|dmd.metaservices.microsoft.com|
+|Diagnostic Data|The following endpoints are used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service. If you turn off traffic for this endpoint, diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, will not be sent back to Microsoft. ||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback)|
+|||TLSv1.2/HTTPS/HTTP|v10.events.data.microsoft.com|
+||The following endpoints are used by Windows Error Reporting. To turn off traffic for these endpoints, enable the following Group Policy: Administrative Templates > Windows Components > Windows Error Reporting > Disable Windows Error Reporting. This means error reporting information will not be sent back to Microsoft.|TLSv1.2|telecommand.telemetry.microsoft.com|
+|||TLS v1.2/HTTPS/HTTP|watson.*.microsoft.com|
+|Font Streaming|The following endpoints are used to download fonts on demand. If you turn off traffic for these endpoints, you will not be able to download fonts on demand.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#6-font-streaming)|
+|||HTTPS|fs.microsoft.com|
+|Licensing|The following endpoint is used for online activation and some app licensing. To turn off traffic for this endpoint, disable the Windows License Manager Service. This will also block online activation and app licensing may not work.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#9-license-manager)|
+|||TLSv1.2/HTTPS/HTTP|licensing.mp.microsoft.com|
+|Maps|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-offlinemaps)|
+||The following endpoints are used to check for updates to maps that have been downloaded for offline use. If you turn off traffic for this endpoint, offline maps will not be updated.|TLSv1.2/HTTPS/HTTP|maps.windows.com|
+|Microsoft Account|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-microsoft-account)|
+||The following endpoints are used for Microsoft accounts to sign in. If you turn off traffic for these endpoints, users cannot sign in with Microsoft accounts. |TLSv1.2/HTTPS|login.live.com|
+|Microsoft Edge|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#13-microsoft-edge)|
+||This traffic is related to the Microsoft Edge browser.|HTTPS|iecvlist.microsoft.com|
+||The following endpoint is used by Microsoft Edge Update service to check for new updates. If you disable this endpoint, Microsoft Edge won’t be able to check for and apply new edge updates.|TLSv1.2/HTTPS/HTTP|msedge.api.cdp.microsoft.com|
+|Microsoft forward link redirection service (FWLink)|The following endpoint is used by the Microsoft forward link redirection service (FWLink) to redirect permanent web links to their actual, sometimes transitory, URL. FWlinks are similar to URL shorteners, just longer. If you disable this endpoint, Windows Defender won't be able to update its malware definitions; links from Windows and other Microsoft products to the Web won't work; and PowerShell updateable Help won't update. To disable the traffic, instead disable the traffic that's getting forwarded.|HTTP|go.microsoft.com|
+|Microsoft Store|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
+||The following endpoint is used to download image files that are called when applications run (Microsoft Store or Inbox MSN Apps). If you turn off traffic for these endpoints, the image files won't be downloaded, and apps cannot be installed or updated from the Microsoft Store. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.|HTTPS|img-prod-cms-rt-microsoft-com.akamaized.net|
+||The following endpoint is needed to load the content in the Microsoft Store app.|HTTPS|livetileedge.dsx.mp.microsoft.com|
+||The following endpoint is used for the Windows Push Notification Services (WNS). WNS enables third-party developers to send toast, tile, badge, and raw updates from their own cloud service. This provides a mechanism to deliver new updates to your users in a power-efficient and dependable way. If you turn off traffic for this endpoint, push notifications will no longer work, including MDM device management, mail synchronization, settings synchronization.|TLSv1.2/HTTPS|*.wns.windows.com|
+||The following endpoints are used to revoke licenses for malicious apps in the Microsoft Store. To turn off traffic for this endpoint, either uninstall the app or disable the Microsoft Store. If you disable the Microsoft Store, other Microsoft Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them|TLSv1.2/HTTPS/HTTP|storecatalogrevocation.storequality.microsoft.com|
+||The following endpoint is used to get Microsoft Store analytics.|HTTPS|manage.devcenter.microsoft.com|
+||The following endpoints are used to communicate with Microsoft Store. If you turn off traffic for these endpoints, apps cannot be installed or updated from the Microsoft Store.|TLSv1.2/HTTPS/HTTP|displaycatalog.mp.microsoft.com|
+|||HTTPS|pti.store.microsoft.com|
+|||HTTP|share.microsoft.com|
+||The following endpoint is used to get Microsoft Store analytics.|TLSv1.2/HTTPS/HTTP|manage.devcenter.microsoft.com|
+|Network Connection Status Indicator (NCSI)|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-ncsi)|
+||Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to this endpoint to determine if the device can communicate with the Internet. If you turn off traffic for this endpoint, NCSI won't be able to determine if the device is connected to the Internet and the network status tray icon will show a warning.|HTTPS|www.msftconnecttest.com*|
+|Office|The following endpoints are used to connect to the Office 365 portal's shared infrastructure, including Office in a browser. For more info, see Office 365 URLs and IP address ranges. You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps. If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
+|||HTTPS|www.office.com|
+|||HTTPS|blobs.officehome.msocdn.com|
+|||HTTPS|officehomeblobs.blob.core.windows.net|
+|||HTTPS|self.events.data.microsoft.com|
+|||TLSv1.2/HTTPS/HTTP|outlookmobile-office365-tas.msedge.net|
+|OneDrive|The following endpoints are related to OneDrive. If you turn off traffic for these endpoints, anything that relies on g.live.com to get updated URL information will no longer work.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-onedrive)|
+|||TLSv1.2/HTTPS/HTTP|g.live.com|
+|||TLSv1.2/HTTPS/HTTP|oneclient.sfx.ms|
+|||HTTPS| logincdn.msauth.net|
+|Settings|The following endpoint is used as a way for apps to dynamically update their configuration. Apps such as System Initiated User Feedback and the Xbox app use it. If you turn off traffic for this endpoint, an app that uses this endpoint may stop working.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback)|
+|||TLSv1.2/HTTPS/HTTP|settings-win.data.microsoft.com|
+|||HTTPS|settings.data.microsoft.com|
+|Skype|The following endpoint is used to retrieve Skype configuration values. To turn off traffic for this endpoint, either uninstall the app or disable the Microsoft Store. If you disable the Microsoft store, other Microsoft Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore)|
+|||HTTPS/HTTP|*.pipe.aria.microsoft.com|
+|||TLSv1.2/HTTPS/HTTP|config.edge.skype.com|
+|Teams|The following endpoint is used for Microsoft Teams application.||[Learn how to turn off traffic to all of the following endpoint(s).]( manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
+|||TLSv1.2/HTTPS/HTTP|config.teams.microsoft.com|
+|Windows Defender|The following endpoint is used for Windows Defender when Cloud-based Protection is enabled. If you turn off traffic for this endpoint, the device will not use Cloud-based Protection.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-defender)|
+|||HTTPS/TLSv1.2|wdcp.microsoft.com|
+||The following endpoints are used for Windows Defender SmartScreen reporting and notifications. If you turn off traffic for these endpoints, SmartScreen notifications will not appear.|HTTPS|*smartscreen-prod.microsoft.com|
+|||HTTPS/HTTP|checkappexec.microsoft.com|
+|Windows Spotlight|The following endpoints are used to retrieve Windows Spotlight metadata that describes content, such as references to image locations, as well as suggested apps, Microsoft account notifications, and Windows tips. If you turn off traffic for these endpoints, Windows Spotlight will still try to deliver new lock screen images and updated content but it will fail; suggested apps, Microsoft account notifications, and Windows tips will not be downloaded. For more information, see Windows Spotlight.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-spotlight)|
+|||TLSv1.2/HTTPS/HTTP|arc.msn.com|
+|||HTTPS|ris.api.iris.microsoft.com|
+|Windows Update|The following endpoint is used for Windows Update downloads of apps and OS updates, including HTTP downloads or HTTP downloads blended with peers. If you turn off traffic for this endpoint, Windows Update downloads will not be managed, as critical metadata that is used to make downloads more resilient is blocked. Downloads may be impacted by corruption (resulting in re-downloads of full files). Additionally, downloads of the same update by multiple devices on the same local network will not use peer devices for bandwidth reduction.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-updates)|
+|||TLSv1.2/HTTPS/HTTP|*.prod.do.dsp.mp.microsoft.com|
+|||HTTP|emdl.ws.microsoft.com|
+||The following endpoints are used to download operating system patches, updates, and apps from Microsoft Store. If you turn off traffic for these endpoints, the device will not be able to download updates for the operating system.|TLSv1.2/HTTPS/HTTP|*.dl.delivery.mp.microsoft.com|
+|||HTTP|*.windowsupdate.com|
+||The following endpoints enable connections to Windows Update, Microsoft Update, and the online services of the Store. If you turn off traffic for these endpoints, the device will not be able to connect to Windows Update and Microsoft Update to help keep the device secure. Also, the device will not be able to acquire and update apps from the Store. These are dependent on also enabling "Device authentication" and "Microsoft Account" endpoints.|TLSv1.2/HTTPS/HTTP|*.delivery.mp.microsoft.com|
+|||TLSv1.2/HTTPS/HTTP|*.update.microsoft.com|
+||The following endpoint is used for compatibility database updates for Windows.|HTTPS|adl.windows.com|
+||The following endpoint is used for content regulation. If you turn off traffic for this endpoint, the Windows Update Agent will be unable to contact the endpoint and fallback behavior will be used. This may result in content being either incorrectly downloaded or not downloaded at all.|TLSv1.2/HTTPS/HTTP|tsfe.trafficshaping.dsp.mp.microsoft.com|
+|Xbox Live|The following endpoint is used for Xbox Live.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
+|||HTTPS|dlassets-ssl.xboxlive.com|
+
+
+## Other Windows 10 editions
+
+To view endpoints for other versions of Windows 10 Enterprise, see:
+
+- [Manage connection endpoints for Windows 10, version 2004](manage-windows-2004-endpoints.md)
+- [Manage connection endpoints for Windows 10, version 1909](manage-windows-1909-endpoints.md)
+- [Manage connection endpoints for Windows 10, version 1903](manage-windows-1903-endpoints.md)
+- [Manage connection endpoints for Windows 10, version 1809](manage-windows-1809-endpoints.md)
+- [Manage connection endpoints for Windows 10, version 1803](manage-windows-1803-endpoints.md)
+- [Manage connection endpoints for Windows 10, version 1709](manage-windows-1709-endpoints.md)
+
+To view endpoints for non-Enterprise Windows 10 editions, see:
+
+- [Windows 10, version 2004, connection endpoints for non-Enterprise editions](windows-endpoints-2004-non-enterprise-editions.md)
+- [Windows 10, version 1909, connection endpoints for non-Enterprise editions](windows-endpoints-1909-non-enterprise-editions.md)
+- [Windows 10, version 1903, connection endpoints for non-Enterprise editions](windows-endpoints-1903-non-enterprise-editions.md)
+- [Windows 10, version 1809, connection endpoints for non-Enterprise editions](windows-endpoints-1809-non-enterprise-editions.md)
+- [Windows 10, version 1803, connection endpoints for non-Enterprise editions](windows-endpoints-1803-non-enterprise-editions.md)
+- [Windows 10, version 1709, connection endpoints for non-Enterprise editions](windows-endpoints-1709-non-enterprise-editions.md)
+
+## Related links
+
+- [Office 365 URLs and IP address ranges](https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US)
+- [Network infrastructure requirements for Microsoft Intune](/mem/intune/fundamentals/intune-endpoints)
\ No newline at end of file
diff --git a/windows/privacy/required-windows-11-diagnostic-events-and-fields.md b/windows/privacy/required-windows-11-diagnostic-events-and-fields.md
new file mode 100644
index 0000000000..ca5559ec2d
--- /dev/null
+++ b/windows/privacy/required-windows-11-diagnostic-events-and-fields.md
@@ -0,0 +1,8338 @@
+---
+description: Use this article to learn more about what Windows diagnostic data is gathered at the basic level.
+title: Required Windows 11 diagnostic events and fields
+keywords: privacy, telemetry
+ms.prod: w11
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.pagetype: security
+localizationpriority: high
+author: brianlic-msft
+ms.author: brianlic
+manager: dansimp
+ms.collection: M365-security-compliance
+ms.topic: article
+audience: ITPro
+ms.date: 09/08/2021
+---
+
+
+# Required Windows 11 diagnostic events and fields
+
+> [!IMPORTANT]
+> Windows is moving to classifying the data collected from customer’s devices as either Required or Optional.
+
+
+ **Applies to**
+
+- Windows 11
+
+
+Required diagnostic data gathers a limited set of information that is critical for understanding the device and its configuration including: basic device information, quality-related information, app compatibility, and Microsoft Store.
+
+Required diagnostic data helps to identify problems that can occur on a particular device hardware or software configuration. For example, it can help determine if crashes are more frequent on devices with a specific amount of memory or that are running a particular driver version. This helps Microsoft fix operating system or app problems.
+
+Use this article to learn about diagnostic events, grouped by event area, and the fields within each event. A brief description is provided for each field. Every event generated includes common data, which collects device data.
+
+You can learn more about Windows functional and diagnostic data through these articles:
+
+- [Windows 10, version 20H2 and Windows 10, version 2004 basic diagnostic events and fields](required-windows-diagnostic-data-events-and-fields-2004.md)
+- [Windows 10, version 1809 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md)
+- [Windows 10, version 1803 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1803.md)
+- [Windows 10, version 1709 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1709.md)
+- [Windows 10, version 1703 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md)
+- [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md)
+- [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md)
+
+
+
+
+## AppPlatform events
+
+### AppPlatform.InstallActivity
+
+This event is required to track health of the install pipeline on the console. It tracks the install, the type of install, and the error codes hit during the install. The data collected with this event is used to keep Windows performing properly.
+
+The following fields are available:
+
+- **BuildId** The unique identifier for this build.
+- **BuildVer** The build number for the set of binaries being installed.
+- **ClientAppId** Represents an optional identifier for the client application or service that initiated the install.
+- **ContentId** The Content ID of the package. Key for content updates.
+- **ContentType** The type of content being installed, mapped from XVD_CONTENT_TYPE.
+- **Cv** The correlation vector for this install or action. If this is the Cv to a specific action, the RelatedCv field will contain the Cv for the install.
+- **DestinationHardwareID** The hardware ID of the destination device, if it is external storage. Empty if not an external storage device.
+- **DestinationPath** The path to the destination we are installing to.
+- **DownloadSize** The size in bytes needed to download the package.
+- **ErrorText** Optional text describing any errors.
+- **InstallationActionId** The type of action ( 0 - Unknown, 1 - Install Started, 2 - Install Paused, 3 - Install Resumed, 4 - Installation Ready to Play, 5 - Change Source (Merged Install), 6 - Install Error, 7 - Install Complete, 8 - Install Aborted, 9 - Change Source (Auto Select), 10 - Change Source (Apply Update))
+- **InstallationErrorSource** The source of the error: 0 - None, 1 - Optical Drive, 2 - Network, 3 - Local, 4 - Destination, 5 - Licensing, 6 - Registration, 7 - Other
+- **InstallationSessionId** The unique Identifier for the installation session of this install. Goes from ‘Start’ to ‘End’ and all chunks/points in between.
+- **InstallationStageId** The stage of install ( 0 - Unknown, 1 - Package, 2 - Pls )
+- **InstallationStatus** HRESULT of the installation. Should be null except for the end or error events.
+- **InstallationTypeId** The type of install ( 0 - Unknown, 1 - Network, 2 - Disc, 3 - Hybrid, 4 - Update, 5 - Move, 6 - Copy ).
+- **OriginalStatus** The untransformed error code. The transformed, public value is stored in InstallationStatus.
+- **PackageSize** The size in bytes of the package.
+- **PackageSpecifiers** The map of Intelligent Delivery region specifiers present in the installing package.
+- **PlanId** The ID of the streaming plan being used to install the content.
+- **ProductId** The product ID of the application associated with this event.
+- **RelatedCv** The related correlation vector. This optional value contains the correlation vector for this install if the Cv value is representing an actiuon tracked by a correlation vector.
+- **RequestSpecifiers** The map of Intelligent Delivery region specifiers requested by the system/user/title as a part of the install activity.
+- **SourceHardwareID** The hardware ID of the source device, if it is external storage. Empty if not an external storage device.
+- **SourcePath** The source path we are installing from. May be a CDN (Content Delivery Network) or a local disk drive.
+- **TotalPercentComplete** The percent of install that is complete.
+- **XvddType** The type of the streaming operation as determined by the XVDD driver.
+
+
+## Appraiser events
+
+### Microsoft.Windows.Appraiser.General.ChecksumTotalPictureCount
+
+This event lists the types of objects and how many of each exist on the client device. This allows for a quick way to ensure that the records present on the server match what is present on the client. The data collected with this event is used to help keep Windows up to date.
+
+The following fields are available:
+
+- **DatasourceApplicationFile_19H1** The count of the number of this particular object type present on this device.
+- **DatasourceApplicationFile_21H1** The total number of objects of this type present on this device.
+- **DatasourceApplicationFile_21H1Setup** The count of the number of this particular object type present on this device.
+- **DatasourceApplicationFile_RS2** The total number of objects of this type present on this device.
+- **DatasourceApplicationFile_RS3** The total number of objects of this type present on this device.
+- **DatasourceDevicePnp_19H1** The count of the number of this particular object type present on this device.
+- **DatasourceDevicePnp_19H1Setup** The count of the number of this particular object type present on this device.
+- **DatasourceDevicePnp_20H1Setup** The count of the number of this particular object type present on this device.
+- **DatasourceDevicePnp_21H1** The count of the number of this particular object type present on this device.
+- **DatasourceDevicePnp_21H1Setup** The count of the number of this particular object type present on this device.
+- **DatasourceDevicePnp_RS2** The total number of objects of this type present on this device.
+- **DatasourceDevicePnp_RS3** The total number of objects of this type present on this device.
+- **DatasourceDriverPackage_19H1** The count of the number of this particular object type present on this device.
+- **DatasourceDriverPackage_19H1Setup** The count of the number of this particular object type present on this device.
+- **DatasourceDriverPackage_20H1Setup** The count of the number of this particular object type present on this device.
+- **DatasourceDriverPackage_21H1** The total number of objects of this type present on this device.
+- **DatasourceDriverPackage_21H1Setup** The count of the number of this particular object type present on this device.
+- **DatasourceDriverPackage_RS2** The total number of objects of this type present on this device.
+- **DatasourceDriverPackage_RS3** The total number of objects of this type present on this device.
+- **DataSourceMatchingInfoBlock_19H1** The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoBlock_21H1** The total number of objects of this type present on this device.
+- **DataSourceMatchingInfoBlock_21H1Setup** The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoBlock_RS2** The total number of objects of this type present on this device.
+- **DataSourceMatchingInfoBlock_RS3** The total number of objects of this type present on this device.
+- **DataSourceMatchingInfoPassive_19H1** The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoPassive_21H1** The total number of objects of this type present on this device.
+- **DataSourceMatchingInfoPassive_21H1Setup** The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoPassive_RS2** The total number of objects of this type present on this device.
+- **DataSourceMatchingInfoPassive_RS3** The total number of objects of this type present on this device.
+- **DataSourceMatchingInfoPostUpgrade_19H1** The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoPostUpgrade_21H1** The total number of objects of this type present on this device.
+- **DataSourceMatchingInfoPostUpgrade_21H1Setup** The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoPostUpgrade_RS2** The total number of objects of this type present on this device.
+- **DataSourceMatchingInfoPostUpgrade_RS3** The total number of objects of this type present on this device.
+- **DatasourceSystemBios_19H1** The count of the number of this particular object type present on this device.
+- **DatasourceSystemBios_19H1Setup** The total number of objects of this type present on this device.
+- **DatasourceSystemBios_20H1Setup** The count of the number of this particular object type present on this device.
+- **DatasourceSystemBios_21H1** The total number of objects of this type present on this device.
+- **DatasourceSystemBios_21H1Setup** The count of the number of this particular object type present on this device.
+- **DatasourceSystemBios_RS2** The total number of objects of this type present on this device.
+- **DatasourceSystemBios_RS3** The total number of objects of this type present on this device.
+- **DecisionApplicationFile_19H1** The count of the number of this particular object type present on this device.
+- **DecisionApplicationFile_21H1** The total number of objects of this type present on this device.
+- **DecisionApplicationFile_21H1Setup** The count of the number of this particular object type present on this device.
+- **DecisionApplicationFile_RS2** The total number of objects of this type present on this device.
+- **DecisionApplicationFile_RS3** The total number of objects of this type present on this device.
+- **DecisionDevicePnp_19H1** The count of the number of this particular object type present on this device.
+- **DecisionDevicePnp_19H1Setup** The count of the number of this particular object type present on this device.
+- **DecisionDevicePnp_20H1Setup** The count of the number of this particular object type present on this device.
+- **DecisionDevicePnp_21H1** The total number of objects of this type present on this device.
+- **DecisionDevicePnp_21H1Setup** The count of the number of this particular object type present on this device.
+- **DecisionDevicePnp_RS2** The total number of objects of this type present on this device.
+- **DecisionDevicePnp_RS3** The total number of objects of this type present on this device.
+- **DecisionDriverPackage_19H1** The count of the number of this particular object type present on this device.
+- **DecisionDriverPackage_19H1Setup** The count of the number of this particular object type present on this device.
+- **DecisionDriverPackage_20H1Setup** The count of the number of this particular object type present on this device.
+- **DecisionDriverPackage_21H1** The total number of objects of this type present on this device.
+- **DecisionDriverPackage_21H1Setup** The count of the number of this particular object type present on this device.
+- **DecisionDriverPackage_RS2** The total number of objects of this type present on this device.
+- **DecisionDriverPackage_RS3** The total number of objects of this type present on this device.
+- **DecisionMatchingInfoBlock_19H1** The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoBlock_21H1** The total number of objects of this type present on this device.
+- **DecisionMatchingInfoBlock_21H1Setup** The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoBlock_RS2** The total number of objects of this type present on this device.
+- **DecisionMatchingInfoBlock_RS3** The total number of objects of this type present on this device.
+- **DecisionMatchingInfoPassive_19H1** The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoPassive_21H1** The total number of objects of this type present on this device.
+- **DecisionMatchingInfoPassive_21H1Setup** The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoPassive_RS2** The total number of objects of this type present on this device.
+- **DecisionMatchingInfoPassive_RS3** The total number of objects of this type present on this device.
+- **DecisionMatchingInfoPostUpgrade_19H1** The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoPostUpgrade_21H1** The total number of objects of this type present on this device.
+- **DecisionMatchingInfoPostUpgrade_21H1Setup** The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoPostUpgrade_RS2** The total number of objects of this type present on this device.
+- **DecisionMatchingInfoPostUpgrade_RS3** The total number of objects of this type present on this device.
+- **DecisionMediaCenter_19H1** The count of the number of this particular object type present on this device.
+- **DecisionMediaCenter_21H1** The total number of objects of this type present on this device.
+- **DecisionMediaCenter_21H1Setup** The count of the number of this particular object type present on this device.
+- **DecisionMediaCenter_RS2** The total number of objects of this type present on this device.
+- **DecisionMediaCenter_RS3** The total number of objects of this type present on this device.
+- **DecisionSystemBios_19H1** The count of the number of this particular object type present on this device.
+- **DecisionSystemBios_19H1Setup** The total DecisionSystemBios objects targeting the next release of Windows on this device.
+- **DecisionSystemBios_20H1Setup** The total number of objects of this type present on this device.
+- **DecisionSystemBios_21H1** The total number of objects of this type present on this device.
+- **DecisionSystemBios_21H1Setup** The count of the number of this particular object type present on this device.
+- **DecisionSystemBios_RS2** The total number of objects of this type present on this device.
+- **DecisionSystemBios_RS3** The total number of objects of this type present on this device.
+- **DecisionTest_19H1** The total number of objects of this type present on this device.
+- **DecisionTest_21H1** The total number of objects of this type present on this device.
+- **DecisionTest_21H1Setup** The total number of objects of this type present on this device.
+- **DecisionTest_RS2** The total number of objects of this type present on this device.
+- **DecisionTest_RS3** The total number of objects of this type present on this device.
+- **InventoryApplicationFile** The count of the number of this particular object type present on this device.
+- **InventoryLanguagePack** The count of the number of this particular object type present on this device.
+- **InventoryMediaCenter** The count of the number of this particular object type present on this device.
+- **InventorySystemBios** The count of the number of this particular object type present on this device.
+- **InventoryTest** The count of the number of this particular object type present on this device.
+- **InventoryUplevelDriverPackage** The count of the number of this particular object type present on this device.
+- **PCFP** The count of the number of this particular object type present on this device.
+- **SystemMemory** The count of the number of this particular object type present on this device.
+- **SystemProcessorCompareExchange** The count of the number of this particular object type present on this device.
+- **SystemProcessorLahfSahf** The count of the number of this particular object type present on this device.
+- **SystemProcessorNx** The total number of objects of this type present on this device.
+- **SystemProcessorPrefetchW** The total number of objects of this type present on this device.
+- **SystemProcessorSse2** The total number of objects of this type present on this device.
+- **SystemTouch** The count of the number of this particular object type present on this device.
+- **SystemWim** The total number of objects of this type present on this device.
+- **SystemWindowsActivationStatus** The count of the number of this particular object type present on this device.
+- **SystemWlan** The total number of objects of this type present on this device.
+- **Wmdrm_19H1** The count of the number of this particular object type present on this device.
+- **Wmdrm_21H1** The total number of objects of this type present on this device.
+- **Wmdrm_21H1Setup** The count of the number of this particular object type present on this device.
+- **Wmdrm_RS2** The total number of objects of this type present on this device.
+- **Wmdrm_RS3** The total number of objects of this type present on this device.
+
+
+### Microsoft.Windows.Appraiser.General.DatasourceApplicationFileAdd
+
+This event represents the basic metadata about specific application files installed on the system. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the appraiser file that is generating the events.
+- **AvDisplayName** If the app is an anti-virus app, this is its display name.
+- **CompatModelIndex** The compatibility prediction for this file.
+- **HasCitData** Indicates whether the file is present in CIT data.
+- **HasUpgradeExe** Indicates whether the anti-virus app has an upgrade.exe file.
+- **IsAv** Is the file an anti-virus reporting EXE?
+- **ResolveAttempted** This will always be an empty string when sending diagnostic data.
+- **SdbEntries** An array of fields that indicates the SDB entries that apply to this file.
+
+
+### Microsoft.Windows.Appraiser.General.DatasourceApplicationFileRemove
+
+This event indicates that the DatasourceApplicationFile object is no longer present. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DatasourceApplicationFileStartSync
+
+This event indicates that a new set of DatasourceApplicationFileAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DatasourceDevicePnpAdd
+
+This event sends compatibility data for a Plug and Play device, to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **ActiveNetworkConnection** Indicates whether the device is an active network device.
+- **AppraiserVersion** The version of the appraiser file generating the events.
+- **IsBootCritical** Indicates whether the device boot is critical.
+- **SdbEntries** Deprecated in RS3.
+- **WuDriverCoverage** Indicates whether there is a driver uplevel for this device, according to Windows Update.
+- **WuDriverUpdateId** The Windows Update ID of the applicable uplevel driver.
+- **WuPopulatedFromId** The expected uplevel driver matching ID based on driver coverage from Windows Update.
+
+
+### Microsoft.Windows.Appraiser.General.DatasourceDevicePnpRemove
+
+This event indicates that the DatasourceDevicePnp object is no longer present. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DatasourceDevicePnpStartSync
+
+This event indicates that a new set of DatasourceDevicePnpAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DatasourceDriverPackageAdd
+
+This event sends compatibility database data about driver packages to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the appraiser file generating the events.
+- **SdbEntries** Deprecated in RS3.
+
+
+### Microsoft.Windows.Appraiser.General.DatasourceDriverPackageRemove
+
+This event indicates that the DatasourceDriverPackage object is no longer present. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DatasourceDriverPackageStartSync
+
+This event indicates that a new set of DatasourceDriverPackageAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoBlockAdd
+
+This event sends blocking data about any compatibility blocking entries on the system that are not directly related to specific applications or devices, to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the appraiser file generating the events.
+- **ResolveAttempted** This will always be an empty string when sending diagnostic data.
+- **SdbEntries** Deprecated in RS3.
+
+
+### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoBlockRemove
+
+This event indicates that the DataSourceMatchingInfoBlock object is no longer present. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoBlockStartSync
+
+This event indicates that a full set of DataSourceMatchingInfoBlockStAdd events has completed being sent. This event is used to make compatibility decisions about files to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPassiveAdd
+
+This event sends compatibility database information about non-blocking compatibility entries on the system that are not keyed by either applications or devices, to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the appraiser file generating the events.
+- **SdbEntries** Deprecated in RS3.
+
+
+### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPassiveRemove
+
+This event indicates that the DataSourceMatchingInfoPassive object is no longer present. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPassiveStartSync
+
+This event indicates that a new set of DataSourceMatchingInfoPassiveAdd events will be sent. This event is used to make compatibility decisions about files to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPostUpgradeAdd
+
+This event sends compatibility database information about entries requiring reinstallation after an upgrade on the system that are not keyed by either applications or devices, to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the appraiser file generating the events.
+- **SdbEntries** Deprecated in RS3.
+
+
+### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPostUpgradeRemove
+
+This event indicates that the DataSourceMatchingInfoPostUpgrade object is no longer present. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPostUpgradeStartSync
+
+This event indicates that a new set of DataSourceMatchingInfoPostUpgradeAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DatasourceSystemBiosAdd
+
+This event sends compatibility database information about the BIOS to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file generating the events.
+- **SdbEntries** Deprecated in RS3.
+
+
+### Microsoft.Windows.Appraiser.General.DatasourceSystemBiosRemove
+
+This event indicates that the DatasourceSystemBios object is no longer present. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DatasourceSystemBiosStartSync
+
+This event indicates that a new set of DatasourceSystemBiosAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionApplicationFileAdd
+
+This event sends compatibility decision data about a file to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the appraiser file that is generating the events.
+- **BlockAlreadyInbox** The uplevel runtime block on the file already existed on the current OS.
+- **BlockingApplication** Indicates whether there are any application issues that interfere with the upgrade due to the file in question.
+- **DisplayGenericMessage** Will be a generic message be shown for this file?
+- **DisplayGenericMessageGated** Indicates whether a generic message be shown for this file.
+- **HardBlock** This file is blocked in the SDB.
+- **HasUxBlockOverride** Does the file have a block that is overridden by a tag in the SDB?
+- **MigApplication** Does the file have a MigXML from the SDB associated with it that applies to the current upgrade mode?
+- **MigRemoval** Does the file have a MigXML from the SDB that will cause the app to be removed on upgrade?
+- **NeedsDismissAction** Will the file cause an action that can be dismissed?
+- **NeedsInstallPostUpgradeData** After upgrade, the file will have a post-upgrade notification to install a replacement for the app.
+- **NeedsNotifyPostUpgradeData** Does the file have a notification that should be shown after upgrade?
+- **NeedsReinstallPostUpgradeData** After upgrade, this file will have a post-upgrade notification to reinstall the app.
+- **NeedsUninstallAction** The file must be uninstalled to complete the upgrade.
+- **SdbBlockUpgrade** The file is tagged as blocking upgrade in the SDB,
+- **SdbBlockUpgradeCanReinstall** The file is tagged as blocking upgrade in the SDB. It can be reinstalled after upgrade.
+- **SdbBlockUpgradeUntilUpdate** The file is tagged as blocking upgrade in the SDB. If the app is updated, the upgrade can proceed.
+- **SdbReinstallUpgrade** The file is tagged as needing to be reinstalled after upgrade in the SDB. It does not block upgrade.
+- **SdbReinstallUpgradeWarn** The file is tagged as needing to be reinstalled after upgrade with a warning in the SDB. It does not block upgrade.
+- **SoftBlock** The file is softblocked in the SDB and has a warning.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionApplicationFileRemove
+
+This event indicates that the DecisionApplicationFile object is no longer present. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionApplicationFileStartSync
+
+This event indicates that a new set of DecisionApplicationFileAdd events will be sent. This event is used to make compatibility decisions about a file to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionDevicePnpAdd
+
+This event sends compatibility decision data about a Plug and Play (PNP) device to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the appraiser file generating the events.
+- **AssociatedDriverIsBlocked** Is the driver associated with this PNP device blocked?
+- **AssociatedDriverWillNotMigrate** Will the driver associated with this plug-and-play device migrate?
+- **BlockAssociatedDriver** Should the driver associated with this PNP device be blocked?
+- **BlockingDevice** Is this PNP device blocking upgrade?
+- **BlockUpgradeIfDriverBlocked** Is the PNP device both boot critical and does not have a driver included with the OS?
+- **BlockUpgradeIfDriverBlockedAndOnlyActiveNetwork** Is this PNP device the only active network device?
+- **DisplayGenericMessage** Will a generic message be shown during Setup for this PNP device?
+- **DisplayGenericMessageGated** Indicates whether a generic message will be shown during Setup for this PNP device.
+- **DriverAvailableInbox** Is a driver included with the operating system for this PNP device?
+- **DriverAvailableOnline** Is there a driver for this PNP device on Windows Update?
+- **DriverAvailableUplevel** Is there a driver on Windows Update or included with the operating system for this PNP device?
+- **DriverBlockOverridden** Is there is a driver block on the device that has been overridden?
+- **NeedsDismissAction** Will the user would need to dismiss a warning during Setup for this device?
+- **NotRegressed** Does the device have a problem code on the source OS that is no better than the one it would have on the target OS?
+- **SdbDeviceBlockUpgrade** Is there an SDB block on the PNP device that blocks upgrade?
+- **SdbDriverBlockOverridden** Is there an SDB block on the PNP device that blocks upgrade, but that block was overridden?
+
+
+### Microsoft.Windows.Appraiser.General.DecisionDevicePnpRemove
+
+This event Indicates that the DecisionDevicePnp object represented by the objectInstanceId is no longer present. This event is used to make compatibility decisions about PNP devices to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionDevicePnpStartSync
+
+The DecisionDevicePnpStartSync event indicates that a new set of DecisionDevicePnpAdd events will be sent and helps to keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionDriverPackageAdd
+
+This event sends decision data about driver package compatibility to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the appraiser file generating the events.
+- **DisplayGenericMessageGated** Indicates whether a generic offer block message will be shown for this driver package.
+- **DriverBlockOverridden** Does the driver package have an SDB block that blocks it from migrating, but that block has been overridden?
+- **DriverIsDeviceBlocked** Was the driver package was blocked because of a device block?
+- **DriverIsDriverBlocked** Is the driver package blocked because of a driver block?
+- **DriverShouldNotMigrate** Should the driver package be migrated during upgrade?
+- **SdbDriverBlockOverridden** Does the driver package have an SDB block that blocks it from migrating, but that block has been overridden?
+
+
+### Microsoft.Windows.Appraiser.General.DecisionDriverPackageRemove
+
+This event indicates that the DecisionDriverPackage object represented by the objectInstanceId is no longer present. This event is used to make compatibility decisions about driver packages to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionDriverPackageStartSync
+
+The DecisionDriverPackageStartSync event indicates that a new set of DecisionDriverPackageAdd events will be sent. This event is used to make compatibility decisions about driver packages to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoBlockAdd
+
+This event sends compatibility decision data about blocking entries on the system that are not keyed by either applications or devices, to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the appraiser file generating the events.
+- **BlockingApplication** Are there are any application issues that interfere with upgrade due to matching info blocks?
+- **DisplayGenericMessage** Will a generic message be shown for this block?
+- **NeedsDismissAction** Will the file cause an action that can be dismissed?
+- **NeedsUninstallAction** Does the user need to take an action in setup due to a matching info block?
+- **SdbBlockUpgrade** Is a matching info block blocking upgrade?
+- **SdbBlockUpgradeCanReinstall** Is a matching info block blocking upgrade, but has the can reinstall tag?
+- **SdbBlockUpgradeUntilUpdate** Is a matching info block blocking upgrade but has the until update tag?
+- **SdbReinstallUpgradeWarn** The file is tagged as needing to be reinstalled after upgrade with a warning in the SDB. It does not block upgrade.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoBlockRemove
+
+This event indicates that the DecisionMatchingInfoBlock object is no longer present. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoBlockStartSync
+
+This event indicates that a new set of DecisionMatchingInfoBlockAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPassiveAdd
+
+This event sends compatibility decision data about non-blocking entries on the system that are not keyed by either applications or devices, to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+- **BlockingApplication** Are there any application issues that interfere with upgrade due to matching info blocks?
+- **DisplayGenericMessageGated** Indicates whether a generic offer block message will be shown due to matching info blocks.
+- **MigApplication** Is there a matching info block with a mig for the current mode of upgrade?
+
+
+### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPassiveRemove
+
+This event Indicates that the DecisionMatchingInfoPassive object is no longer present. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPassiveStartSync
+
+This event indicates that a new set of DecisionMatchingInfoPassiveAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPostUpgradeAdd
+
+This event sends compatibility decision data about entries that require reinstall after upgrade. It's used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+- **NeedsInstallPostUpgradeData** Will the file have a notification after upgrade to install a replacement for the app?
+- **NeedsNotifyPostUpgradeData** Should a notification be shown for this file after upgrade?
+- **NeedsReinstallPostUpgradeData** Will the file have a notification after upgrade to reinstall the app?
+- **SdbReinstallUpgrade** The file is tagged as needing to be reinstalled after upgrade in the compatibility database (but is not blocking upgrade).
+
+
+### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPostUpgradeRemove
+
+This event indicates that the DecisionMatchingInfoPostUpgrade object is no longer present. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPostUpgradeStartSync
+
+This event indicates that a new set of DecisionMatchingInfoPostUpgradeAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionMediaCenterAdd
+
+This event sends decision data about the presence of Windows Media Center, to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file generating the events.
+- **BlockingApplication** Is there any application issues that interfere with upgrade due to Windows Media Center?
+- **MediaCenterActivelyUsed** If Windows Media Center is supported on the edition, has it been run at least once and are the MediaCenterIndicators are true?
+- **MediaCenterIndicators** Do any indicators imply that Windows Media Center is in active use?
+- **MediaCenterInUse** Is Windows Media Center actively being used?
+- **MediaCenterPaidOrActivelyUsed** Is Windows Media Center actively being used or is it running on a supported edition?
+- **NeedsDismissAction** Are there any actions that can be dismissed coming from Windows Media Center?
+
+
+### Microsoft.Windows.Appraiser.General.DecisionMediaCenterRemove
+
+This event indicates that the DecisionMediaCenter object is no longer present. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionMediaCenterStartSync
+
+This event indicates that a new set of DecisionMediaCenterAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionSModeStateAdd
+
+This event sends true/false compatibility decision data about the S mode state. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+- **Blocking** Appraiser decision about eligibility to upgrade.
+- **HostOsSku** The SKU of the Host OS.
+- **LockdownMode** S mode lockdown mode.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionSModeStateRemove
+
+This event indicates that the DecisionTpmVersion object represented by the objectInstanceId is no longer present. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionSModeStateStartSync
+
+The DecisionSModeStateStartSync event indicates that a new set of DecisionSModeStateAdd events will be sent. This event is used to make compatibility decisions about the S mode state. Microsoft uses this information to understand and address problems regarding the S mode state for computers receiving updates. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionSystemBiosAdd
+
+This event sends compatibility decision data about the BIOS to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file generating the events.
+- **Blocking** Is the device blocked from upgrade due to a BIOS block?
+- **DisplayGenericMessageGated** Indicates whether a generic offer block message will be shown for the bios.
+- **HasBiosBlock** Does the device have a BIOS block?
+
+
+### Microsoft.Windows.Appraiser.General.DecisionSystemBiosRemove
+
+This event indicates that the DecisionSystemBios object is no longer present. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionSystemBiosStartSync
+
+This event indicates that a new set of DecisionSystemBiosAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionSystemDiskSizeAdd
+
+This event indicates that this object type was added. This data refers to the Disk size in the device. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the appraiser file generating the events.
+- **Blocking** Appraiser decision during evaluation of hardware requirements during OS upgrade.
+- **TotalSize** Total disk size in Mb.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionSystemDiskSizeRemove
+
+This event indicates that the DecisionSystemDiskSize object represented by the objectInstanceId is no longer present. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionSystemDiskSizeStartSync
+
+Start sync event for physical disk size data. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the appraiser file generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionSystemMemoryAdd
+
+This event sends compatibility decision data about the system memory to help keep Windows up to date. Microsoft uses this information to understand and address problems regarding system memory for computers receiving updates.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the appraiser file generating the events.
+- **Blocking** Blocking information.
+- **ramKB** Memory information in KB.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionSystemMemoryRemove
+
+This event indicates that the DecisionSystemMemory object represented by the objectInstanceId is no longer present. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionSystemMemoryStartSync
+
+The DecisionSystemMemoryStartSync event indicates that a new set of DecisionSystemMemoryAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the appraiser file generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionSystemProcessorCpuCoresAdd
+
+This data attribute refers to the number of Cores a CPU supports. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the appraiser file generating the events.
+- **Blocking** The Appraisal decision about eligibility to upgrade.
+- **CpuCores** Number of CPU Cores.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionSystemProcessorCpuCoresRemove
+
+This event indicates that the DecisionSystemProcessorCpuCores object represented by the objectInstanceId is no longer present. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionSystemProcessorCpuCoresStartSync
+
+This event signals the start of telemetry collection for CPU cores in Appraiser. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the appraiser file generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionSystemProcessorCpuModelAdd
+
+This event sends true/false compatibility decision data about the CPU. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the appraiser file generating the events.
+- **Armv81Support** Arm v8.1 Atomics support.
+- **Blocking** Appraiser decision about eligibility to upgrade.
+- **CpuFamily** Cpu family.
+- **CpuModel** Cpu model.
+- **CpuStepping** Cpu stepping.
+- **CpuVendor** Cpu vendor.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionSystemProcessorCpuModelRemove
+
+This event indicates that the DecisionSystemProcessorCpuModel object represented by the objectInstanceId is no longer present. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionSystemProcessorCpuModelStartSync
+
+The DecisionSystemProcessorCpuModelStartSync event indicates that a new set of DecisionSystemProcessorCpuModelAdd events will be sent. This event is used to make compatibility decisions about the CPU. Microsoft uses this information to understand and address problems regarding the CPU for computers receiving updates. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the appraiser file generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionSystemProcessorCpuSpeedAdd
+
+This event sends compatibility decision data about the CPU, to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the appraiser file generating the events.
+- **Blocking** Appraiser OS eligibility decision.
+- **Mhz** CPU speed in MHz.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionSystemProcessorCpuSpeedRemove
+
+This event indicates that the DecisionSystemProcessorCpuSpeed object represented by the objectInstanceId is no longer present. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionSystemProcessorCpuSpeedStartSync
+
+This event collects data for CPU speed in MHz. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the appraiser file generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionTestAdd
+
+This event provides diagnostic data for testing decision add events. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the appraiser binary generating the events.
+- **TestDecisionDataPoint1** Test data point 1.
+- **TestDecisionDataPoint2** Test data point 2.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionTestRemove
+
+This event provides data that allows testing of “Remove” decisions to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the appraiser binary (executable) generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionTestStartSync
+
+This event provides data that allows testing of “Start Sync” decisions to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the appraiser binary (executable) generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionTpmVersionAdd
+
+This event collects data about the Trusted Platform Module (TPM) in the device. TPM technology is designed to provide hardware-based, security-related functions. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the appraiser file generating the events.
+- **Blocking** Appraiser upgradeability decision based on the device's TPM support.
+- **TpmVersionInfo** The version of Trusted Platform Module (TPM) technology in the device.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionTpmVersionRemove
+
+This event indicates that the DecisionTpmVersion object represented by the objectInstanceId is no longer present. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionTpmVersionStartSync
+
+The DecisionTpmVersionStartSync event indicates that a new set of DecisionTpmVersionAdd events will be sent. This event is used to make compatibility decisions about the TPM. Microsoft uses this information to understand and address problems regarding the TPM for computers receiving updates. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the appraiser file generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionUefiSecureBootAdd
+
+This event collects information about data on support and state of UEFI Secure boot. UEFI is a verification mechanism for ensuring that code launched by firmware is trusted. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the appraiser file generating the events.
+- **Blocking** Appraiser upgradeability decision when checking for UEFI support.
+- **SecureBootCapable** Is UEFI supported?
+- **SecureBootEnabled** Is UEFI enabled?
+
+
+### Microsoft.Windows.Appraiser.General.DecisionUefiSecureBootRemove
+
+This event indicates that the DecisionUefiSecureBoot object represented by the objectInstanceId is no longer present. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionUefiSecureBootStartSync
+
+Start sync event data for UEFI Secure boot. UEFI is a verification mechanism for ensuring that code launched by firmware is trusted. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the appraiser file generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.GatedRegChange
+
+This event sends data about the results of running a set of quick-blocking instructions, to help keep Windows up to date.
+
+The following fields are available:
+
+- **NewData** The data in the registry value after the scan completed.
+- **OldData** The previous data in the registry value before the scan ran.
+- **PCFP** An ID for the system calculated by hashing hardware identifiers.
+- **RegKey** The registry key name for which a result is being sent.
+- **RegValue** The registry value for which a result is being sent.
+- **Time** The client time of the event.
+
+
+### Microsoft.Windows.Appraiser.General.InventoryApplicationFileAdd
+
+This event represents the basic metadata about a file on the system. The file must be part of an app and either have a block in the compatibility database or be part of an antivirus program. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file generating the events.
+- **AvDisplayName** If the app is an antivirus app, this is its display name.
+- **AvProductState** Indicates whether the antivirus program is turned on and the signatures are up to date.
+- **BinaryType** A binary type. Example: UNINITIALIZED, ZERO_BYTE, DATA_ONLY, DOS_MODULE, NE16_MODULE, PE32_UNKNOWN, PE32_I386, PE32_ARM, PE64_UNKNOWN, PE64_AMD64, PE64_ARM64, PE64_IA64, PE32_CLR_32, PE32_CLR_IL, PE32_CLR_IL_PREFER32, PE64_CLR_64.
+- **BinFileVersion** An attempt to clean up FileVersion at the client that tries to place the version into 4 octets.
+- **BinProductVersion** An attempt to clean up ProductVersion at the client that tries to place the version into 4 octets.
+- **BoeProgramId** If there is no entry in Add/Remove Programs, this is the ProgramID that is generated from the file metadata.
+- **CompanyName** The company name of the vendor who developed this file.
+- **FileId** A hash that uniquely identifies a file.
+- **FileVersion** The File version field from the file metadata under Properties -> Details.
+- **HasUpgradeExe** Indicates whether the antivirus app has an upgrade.exe file.
+- **IsAv** Indicates whether the file an antivirus reporting EXE.
+- **LinkDate** The date and time that this file was linked on.
+- **LowerCaseLongPath** The full file path to the file that was inventoried on the device.
+- **Name** The name of the file that was inventoried.
+- **ProductName** The Product name field from the file metadata under Properties -> Details.
+- **ProductVersion** The Product version field from the file metadata under Properties -> Details.
+- **ProgramId** A hash of the Name, Version, Publisher, and Language of an application used to identify it.
+- **Size** The size of the file (in hexadecimal bytes).
+
+
+### Microsoft.Windows.Appraiser.General.InventoryApplicationFileRemove
+
+This event indicates that the InventoryApplicationFile object is no longer present. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.InventoryApplicationFileStartSync
+
+This event indicates that a new set of InventoryApplicationFileAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.InventoryLanguagePackAdd
+
+This event sends data about the number of language packs installed on the system, to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+- **HasLanguagePack** Indicates whether this device has 2 or more language packs.
+- **LanguagePackCount** The number of language packs are installed.
+
+
+### Microsoft.Windows.Appraiser.General.InventoryLanguagePackRemove
+
+This event indicates that the InventoryLanguagePack object is no longer present. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.InventoryLanguagePackStartSync
+
+This event indicates that a new set of InventoryLanguagePackAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.InventoryMediaCenterAdd
+
+This event sends true/false data about decision points used to understand whether Windows Media Center is used on the system, to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file generating the events.
+- **EverLaunched** Has Windows Media Center ever been launched?
+- **HasConfiguredTv** Has the user configured a TV tuner through Windows Media Center?
+- **HasExtendedUserAccounts** Are any Windows Media Center Extender user accounts configured?
+- **HasWatchedFolders** Are any folders configured for Windows Media Center to watch?
+- **IsDefaultLauncher** Is Windows Media Center the default app for opening music or video files?
+- **IsPaid** Is the user running a Windows Media Center edition that implies they paid for Windows Media Center?
+- **IsSupported** Does the running OS support Windows Media Center?
+
+
+### Microsoft.Windows.Appraiser.General.InventoryMediaCenterRemove
+
+This event indicates that the InventoryMediaCenter object is no longer present. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.InventoryMediaCenterStartSync
+
+This event indicates that a new set of InventoryMediaCenterAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.InventorySystemBiosAdd
+
+This event sends basic metadata about the BIOS to determine whether it has a compatibility block. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+- **biosDate** The release date of the BIOS in UTC format.
+- **BiosDate** The release date of the BIOS in UTC format.
+- **biosName** The name field from Win32_BIOS.
+- **BiosName** The name field from Win32_BIOS.
+- **manufacturer** The manufacturer field from Win32_ComputerSystem.
+- **Manufacturer** The manufacturer field from Win32_ComputerSystem.
+- **model** The model field from Win32_ComputerSystem.
+- **Model** The model field from Win32_ComputerSystem.
+
+
+### Microsoft.Windows.Appraiser.General.InventorySystemBiosRemove
+
+This event indicates that the InventorySystemBios object is no longer present. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.InventorySystemBiosStartSync
+
+This event indicates that a new set of InventorySystemBiosAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser binary (executable) generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.InventoryTestAdd
+
+This event provides diagnostic data for testing event adds to help keep windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the component sending the data.
+- **TestInvDataPoint1** Test inventory data point 1.
+- **TestInvDataPoint2** Test inventory data point 2.
+
+
+### Microsoft.Windows.Appraiser.General.InventoryTestRemove
+
+This event provides data that allows testing of “Remove” decisions to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the appraiser binary (executable) generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.InventoryTestStartSync
+
+This event provides data that allows testing of “Start Sync” decisions to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the appraiser binary (executable) generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.InventoryUplevelDriverPackageAdd
+
+This event runs only during setup. It provides a listing of the uplevel driver packages that were downloaded before the upgrade. It is critical in understanding if failures in setup can be traced to not having sufficient uplevel drivers before the upgrade. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+- **BootCritical** Is the driver package marked as boot critical?
+- **Build** The build value from the driver package.
+- **CatalogFile** The name of the catalog file within the driver package.
+- **Class** The device class from the driver package.
+- **ClassGuid** The device class unique ID from the driver package.
+- **Date** The date from the driver package.
+- **Inbox** Is the driver package of a driver that is included with Windows?
+- **OriginalName** The original name of the INF file before it was renamed. Generally a path under $WINDOWS.~BT\Drivers\DU.
+- **Provider** The provider of the driver package.
+- **PublishedName** The name of the INF file after it was renamed.
+- **Revision** The revision of the driver package.
+- **SignatureStatus** Indicates if the driver package is signed. Unknown = 0, Unsigned = 1, Signed = 2.
+- **VersionMajor** The major version of the driver package.
+- **VersionMinor** The minor version of the driver package.
+
+
+### Microsoft.Windows.Appraiser.General.InventoryUplevelDriverPackageRemove
+
+This event indicates that the InventoryUplevelDriverPackage object is no longer present. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.InventoryUplevelDriverPackageStartSync
+
+This event indicates that a new set of InventoryUplevelDriverPackageAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.RunContext
+
+This event is sent at the beginning of an appraiser run, the RunContext indicates what should be expected in the following data payload. This event is used with the other Appraiser events to make compatibility decisions to keep Windows up to date.
+
+The following fields are available:
+
+- **AppraiserBranch** The source branch in which the currently running version of Appraiser was built.
+- **AppraiserProcess** The name of the process that launched Appraiser.
+- **AppraiserVersion** The version of the Appraiser file generating the events.
+- **Context** Indicates what mode Appraiser is running in. Example: Setup or Telemetry.
+- **PCFP** An ID for the system calculated by hashing hardware identifiers.
+- **Subcontext** Indicates what categories of incompatibilities appraiser is scanning for. Can be N/A, Resolve, or a semicolon-delimited list that can include App, Dev, Sys, Gat, or Rescan.
+- **Time** The client time of the event.
+
+
+### Microsoft.Windows.Appraiser.General.SystemMemoryAdd
+
+This event sends data on the amount of memory on the system and whether it meets requirements, to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file generating the events.
+- **Blocking** Is the device from upgrade due to memory restrictions?
+- **MemoryRequirementViolated** Was a memory requirement violated?
+- **pageFile** The current committed memory limit for the system or the current process, whichever is smaller (in bytes).
+- **ram** The amount of memory on the device.
+- **ramKB** The amount of memory (in KB).
+- **virtual** The size of the user-mode portion of the virtual address space of the calling process (in bytes).
+- **virtualKB** The amount of virtual memory (in KB).
+
+
+### Microsoft.Windows.Appraiser.General.SystemMemoryRemove
+
+This event that the SystemMemory object is no longer present. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.SystemMemoryStartSync
+
+This event indicates that a new set of SystemMemoryAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.SystemProcessorCompareExchangeAdd
+
+This event sends data indicating whether the system supports the CompareExchange128 CPU requirement, to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file generating the events.
+- **Blocking** Is the upgrade blocked due to the processor?
+- **CompareExchange128Support** Does the CPU support CompareExchange128?
+
+
+### Microsoft.Windows.Appraiser.General.SystemProcessorCompareExchangeRemove
+
+This event indicates that the SystemProcessorCompareExchange object is no longer present. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.SystemProcessorCompareExchangeStartSync
+
+This event indicates that a new set of SystemProcessorCompareExchangeAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.SystemProcessorLahfSahfAdd
+
+This event sends data indicating whether the system supports the LAHF & SAHF CPU requirement, to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file generating the events.
+- **Blocking** Is the upgrade blocked due to the processor?
+- **LahfSahfSupport** Does the CPU support LAHF/SAHF?
+
+
+### Microsoft.Windows.Appraiser.General.SystemProcessorLahfSahfRemove
+
+This event indicates that the SystemProcessorLahfSahf object is no longer present. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.SystemProcessorLahfSahfStartSync
+
+This event indicates that a new set of SystemProcessorLahfSahfAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.SystemProcessorNxAdd
+
+This event sends data indicating whether the system supports the NX CPU requirement, to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+- **Blocking** Is the upgrade blocked due to the processor?
+- **NXDriverResult** The result of the driver used to do a non-deterministic check for NX support.
+- **NXProcessorSupport** Does the processor support NX?
+
+
+### Microsoft.Windows.Appraiser.General.SystemProcessorNxRemove
+
+This event indicates that the SystemProcessorNx object is no longer present. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.SystemProcessorNxStartSync
+
+This event indicates that a new set of SystemProcessorNxAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.SystemProcessorPrefetchWAdd
+
+This event sends data indicating whether the system supports the PrefetchW CPU requirement, to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+- **Blocking** Is the upgrade blocked due to the processor?
+- **PrefetchWSupport** Does the processor support PrefetchW?
+
+
+### Microsoft.Windows.Appraiser.General.SystemProcessorPrefetchWRemove
+
+This event indicates that the SystemProcessorPrefetchW object is no longer present. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.SystemProcessorPrefetchWStartSync
+
+This event indicates that a new set of SystemProcessorPrefetchWAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.SystemProcessorSse2Add
+
+This event sends data indicating whether the system supports the SSE2 CPU requirement, to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+- **Blocking** Is the upgrade blocked due to the processor?
+- **SSE2ProcessorSupport** Does the processor support SSE2?
+
+
+### Microsoft.Windows.Appraiser.General.SystemProcessorSse2Remove
+
+This event indicates that the SystemProcessorSse2 object is no longer present. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.SystemProcessorSse2StartSync
+
+This event indicates that a new set of SystemProcessorSse2Add events will be sent. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.SystemTouchAdd
+
+This event sends data indicating whether the system supports touch, to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+- **IntegratedTouchDigitizerPresent** Is there an integrated touch digitizer?
+- **MaximumTouches** The maximum number of touch points supported by the device hardware.
+
+
+### Microsoft.Windows.Appraiser.General.SystemTouchRemove
+
+This event indicates that the SystemTouch object is no longer present. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.SystemTouchStartSync
+
+This event indicates that a new set of SystemTouchAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.SystemWimAdd
+
+This event sends data indicating whether the operating system is running from a compressed Windows Imaging Format (WIM) file, to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+- **IsWimBoot** Is the current operating system running from a compressed WIM file?
+- **RegistryWimBootValue** The raw value from the registry that is used to indicate if the device is running from a WIM.
+
+
+### Microsoft.Windows.Appraiser.General.SystemWimRemove
+
+This event indicates that the SystemWim object is no longer present. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.SystemWimStartSync
+
+This event indicates that a new set of SystemWimAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.SystemWindowsActivationStatusAdd
+
+This event sends data indicating whether the current operating system is activated, to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+- **WindowsIsLicensedApiValue** The result from the API that's used to indicate if operating system is activated.
+- **WindowsNotActivatedDecision** Is the current operating system activated?
+
+
+### Microsoft.Windows.Appraiser.General.SystemWindowsActivationStatusRemove
+
+This event indicates that the SystemWindowsActivationStatus object is no longer present. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.SystemWindowsActivationStatusStartSync
+
+This event indicates that a new set of SystemWindowsActivationStatusAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.SystemWlanAdd
+
+This event sends data indicating whether the system has WLAN, and if so, whether it uses an emulated driver that could block an upgrade, to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+- **Blocking** Is the upgrade blocked because of an emulated WLAN driver?
+- **HasWlanBlock** Does the emulated WLAN driver have an upgrade block?
+- **WlanEmulatedDriver** Does the device have an emulated WLAN driver?
+- **WlanExists** Does the device support WLAN at all?
+- **WlanModulePresent** Are any WLAN modules present?
+- **WlanNativeDriver** Does the device have a non-emulated WLAN driver?
+
+
+### Microsoft.Windows.Appraiser.General.SystemWlanRemove
+
+This event indicates that the SystemWlan object is no longer present. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.SystemWlanStartSync
+
+This event indicates that a new set of SystemWlanAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.TelemetryRunHealth
+
+This event indicates the parameters and result of a diagnostic data run. This allows the rest of the data sent over the course of the run to be properly contextualized and understood, which is then used to keep Windows up to date.
+
+The following fields are available:
+
+- **AppraiserBranch** The source branch in which the version of Appraiser that is running was built.
+- **AppraiserDataVersion** The version of the data files being used by the Appraiser diagnostic data run.
+- **AppraiserProcess** The name of the process that launched Appraiser.
+- **AppraiserVersion** The file version (major, minor and build) of the Appraiser DLL, concatenated without dots.
+- **AuxFinal** Obsolete, always set to false.
+- **AuxInitial** Obsolete, indicates if Appraiser is writing data files to be read by the Get Windows 10 app.
+- **CountCustomSdbs** The number of custom Sdbs used by Appraiser.
+- **CustomSdbGuids** Guids of the custom Sdbs used by Appraiser; Semicolon delimited list.
+- **DeadlineDate** A timestamp representing the deadline date, which is the time until which appraiser will wait to do a full scan.
+- **EnterpriseRun** Indicates whether the diagnostic data run is an enterprise run, which means appraiser was run from the command line with an extra enterprise parameter.
+- **FullSync** Indicates if Appraiser is performing a full sync, which means that full set of events representing the state of the machine are sent. Otherwise, only the changes from the previous run are sent.
+- **InboxDataVersion** The original version of the data files before retrieving any newer version.
+- **IndicatorsWritten** Indicates if all relevant UEX indicators were successfully written or updated.
+- **InventoryFullSync** Indicates if inventory is performing a full sync, which means that the full set of events representing the inventory of machine are sent.
+- **PCFP** An ID for the system calculated by hashing hardware identifiers.
+- **PerfBackoff** Indicates if the run was invoked with logic to stop running when a user is present. Helps to understand why a run may have a longer elapsed time than normal.
+- **PerfBackoffInsurance** Indicates if appraiser is running without performance backoff because it has run with perf backoff and failed to complete several times in a row.
+- **RunAppraiser** Indicates if Appraiser was set to run at all. If this if false, it is understood that data events will not be received from this device.
+- **RunDate** The date that the diagnostic data run was stated, expressed as a filetime.
+- **RunGeneralTel** Indicates if the generaltel.dll component was run. Generaltel collects additional diagnostic data on an infrequent schedule and only from machines at diagnostic data levels higher than Basic.
+- **RunOnline** Indicates if appraiser was able to connect to Windows Update and theefore is making decisions using up-to-date driver coverage information.
+- **RunResult** The hresult of the Appraiser diagnostic data run.
+- **ScheduledUploadDay** The day scheduled for the upload.
+- **SendingUtc** Indicates whether the Appraiser client is sending events during the current diagnostic data run.
+- **StoreHandleIsNotNull** Obsolete, always set to false
+- **TelementrySent** Indicates whether diagnostic data was successfully sent.
+- **ThrottlingUtc** Indicates whether the Appraiser client is throttling its output of CUET events to avoid being disabled. This increases runtime but also diagnostic data reliability.
+- **Time** The client time of the event.
+- **VerboseMode** Indicates if appraiser ran in Verbose mode, which is a test-only mode with extra logging.
+- **WhyFullSyncWithoutTablePrefix** Indicates the reason or reasons that a full sync was generated.
+
+
+### Microsoft.Windows.Appraiser.General.WmdrmAdd
+
+This event sends data about the usage of older digital rights management on the system, to help keep Windows up to date. This data does not indicate the details of the media using the digital rights management, only whether any such files exist. Collecting this data was critical to ensuring the correct mitigation for customers, and should be able to be removed once all mitigations are in place.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+- **BlockingApplication** Same as NeedsDismissAction.
+- **NeedsDismissAction** Indicates if a dismissible message is needed to warn the user about a potential loss of data due to DRM deprecation.
+- **WmdrmApiResult** Raw value of the API used to gather DRM state.
+- **WmdrmCdRipped** Indicates if the system has any files encrypted with personal DRM, which was used for ripped CDs.
+- **WmdrmIndicators** WmdrmCdRipped OR WmdrmPurchased.
+- **WmdrmInUse** WmdrmIndicators AND dismissible block in setup was not dismissed.
+- **WmdrmNonPermanent** Indicates if the system has any files with non-permanent licenses.
+- **WmdrmPurchased** Indicates if the system has any files with permanent licenses.
+
+
+### Microsoft.Windows.Appraiser.General.WmdrmRemove
+
+This event indicates that the Wmdrm object is no longer present. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.WmdrmStartSync
+
+The WmdrmStartSync event indicates that a new set of WmdrmAdd events will be sent. This event is used to understand the usage of older digital rights management on the system, to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+## Census events
+
+### Census.App
+
+This event sends version data about the Apps running on this device, to help keep Windows up to date.
+
+The following fields are available:
+
+- **AppraiserTaskEnabled** Whether the Appraiser task is enabled.
+- **CensusVersion** The version of Census that generated the current data for this device.
+
+
+### Census.Azure
+
+This event returns data from Microsoft-internal Azure server machines (only from Microsoft-internal machines with Server SKUs). All other machines (those outside Microsoft and/or machines that are not part of the “Azure fleet”) return empty data sets. The data collected with this event is used to help keep Windows secure.
+
+The following fields are available:
+
+- **CloudCoreBuildEx** The Azure CloudCore build number.
+- **CloudCoreSupportBuildEx** The Azure CloudCore support build number.
+- **NodeID** The node identifier on the device that indicates whether the device is part of the Azure fleet.
+
+
+### Census.Battery
+
+This event sends type and capacity data about the battery on the device, as well as the number of connected standby devices in use. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **InternalBatteryCapablities** Represents information about what the battery is capable of doing.
+- **InternalBatteryCapacityCurrent** Represents the battery's current fully charged capacity in mWh (or relative). Compare this value to DesignedCapacity to estimate the battery's wear.
+- **InternalBatteryCapacityDesign** Represents the theoretical capacity of the battery when new, in mWh.
+- **InternalBatteryNumberOfCharges** Provides the number of battery charges. This is used when creating new products and validating that existing products meets targeted functionality performance.
+- **IsAlwaysOnAlwaysConnectedCapable** Represents whether the battery enables the device to be AlwaysOnAlwaysConnected . Boolean value.
+
+
+### Census.Enterprise
+
+This event sends data about Azure presence, type, and cloud domain use in order to provide an understanding of the use and integration of devices in an enterprise, cloud, and server environment. The data collected with this event is used to help keep Windows secure.
+
+The following fields are available:
+
+- **AADDeviceId** Azure Active Directory device ID.
+- **AzureOSIDPresent** Represents the field used to identify an Azure machine.
+- **AzureVMType** Represents whether the instance is Azure VM PAAS, Azure VM IAAS or any other VMs.
+- **CDJType** Represents the type of cloud domain joined for the machine.
+- **CommercialId** Represents the GUID for the commercial entity which the device is a member of. Will be used to reflect insights back to customers.
+- **ContainerType** The type of container, such as process or virtual machine hosted.
+- **EnrollmentType** Defines the type of MDM enrollment on the device.
+- **HashedDomain** The hashed representation of the user domain used for login.
+- **IsCloudDomainJoined** Is this device joined to an Azure Active Directory (AAD) tenant? true/false
+- **IsDERequirementMet** Represents if the device can do device encryption.
+- **IsDeviceProtected** Represents if Device protected by BitLocker/Device Encryption
+- **IsEDPEnabled** Represents if Enterprise data protected on the device.
+- **IsMDMEnrolled** Whether the device has been MDM Enrolled or not.
+- **MDMServiceProvider** A hash of the specific MDM authority, such as Microsoft Intune, that is managing the device.
+- **MPNId** Returns the Partner ID/MPN ID from Regkey. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\DeployID
+- **SCCMClientId** This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an Enterprise SCCM environment.
+- **ServerFeatures** Represents the features installed on a Windows Server. This can be used by developers and administrators who need to automate the process of determining the features installed on a set of server computers.
+- **SystemCenterID** The SCCM ID is an anonymized one-way hash of the Active Directory Organization identifier
+
+
+### Census.Firmware
+
+This event sends data about the BIOS and startup embedded in the device. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **FirmwareManufacturer** Represents the manufacturer of the device's firmware (BIOS).
+- **FirmwareReleaseDate** Represents the date the current firmware was released.
+- **FirmwareType** Represents the firmware type. The various types can be unknown, BIOS, UEFI.
+- **FirmwareVersion** Represents the version of the current firmware.
+
+
+### Census.Flighting
+
+This event sends Windows Insider data from customers participating in improvement testing and feedback programs. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **DeviceSampleRate** The telemetry sample rate assigned to the device.
+- **DriverTargetRing** Indicates if the device is participating in receiving pre-release drivers and firmware contrent.
+- **EnablePreviewBuilds** Used to enable Windows Insider builds on a device.
+- **FlightIds** A list of the different Windows Insider builds on this device.
+- **FlightingBranchName** The name of the Windows Insider branch currently used by the device.
+- **IsFlightsDisabled** Represents if the device is participating in the Windows Insider program.
+- **MSA_Accounts** Represents a list of hashed IDs of the Microsoft Accounts that are flighting (pre-release builds) on this device.
+- **SSRK** Retrieves the mobile targeting settings.
+
+
+### Census.Hardware
+
+This event sends data about the device, including hardware type, OEM brand, model line, model, telemetry level setting, and TPM support. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **ActiveMicCount** The number of active microphones attached to the device.
+- **ChassisType** Represents the type of device chassis, such as desktop or low profile desktop. The possible values can range between 1 - 36.
+- **ComputerHardwareID** Identifies a device class that is represented by a hash of different SMBIOS fields.
+- **D3DMaxFeatureLevel** Supported Direct3D version.
+- **DeviceForm** Indicates the form as per the device classification.
+- **DeviceName** The device name that is set by the user.
+- **DigitizerSupport** Is a digitizer supported?
+- **EnclosureKind** Windows.Devices.Enclosure.EnclosureKind enum values representing each unique enclosure posture kind.
+- **Gyroscope** Indicates whether the device has a gyroscope (a mechanical component that measures and maintains orientation).
+- **InventoryId** The device ID used for compatibility testing.
+- **Magnetometer** Indicates whether the device has a magnetometer (a mechanical component that works like a compass).
+- **NFCProximity** Indicates whether the device supports NFC (a set of communication protocols that helps establish communication when applicable devices are brought close together.)
+- **OEMDigitalMarkerFileName** The name of the file placed in the \Windows\system32\drivers directory that specifies the OEM and model name of the device.
+- **OEMManufacturerName** The device manufacturer name. The OEMName for an inactive device is not reprocessed even if the clean OEM name is changed at a later date.
+- **OEMModelBaseBoard** The baseboard model used by the OEM.
+- **OEMModelBaseBoardVersion** Differentiates between developer and retail devices.
+- **OEMModelNumber** The device model number.
+- **OEMModelSKU** The device edition that is defined by the manufacturer.
+- **OEMModelSystemFamily** The system family set on the device by an OEM.
+- **OEMModelSystemVersion** The system model version set on the device by the OEM.
+- **OEMOptionalIdentifier** A Microsoft assigned value that represents a specific OEM subsidiary.
+- **OEMSerialNumber** The serial number of the device that is set by the manufacturer.
+- **PowerPlatformRole** The OEM preferred power management profile. It's used to help to identify the basic form factor of the device.
+- **SoCName** The firmware manufacturer of the device.
+- **TelemetryLevel** The telemetry level the user has opted into, such as Basic or Enhanced.
+- **TelemetryLevelLimitEnhanced** The telemetry level for Windows Analytics-based solutions.
+- **TelemetrySettingAuthority** Determines who set the telemetry level, such as GP, MDM, or the user.
+- **TPMManufacturerId** The ID of the TPM manufacturer.
+- **TPMManufacturerVersion** The version of the TPM manufacturer.
+- **TPMVersion** The supported Trusted Platform Module (TPM) on the device. If no TPM is present, the value is 0.
+- **VoiceSupported** Does the device have a cellular radio capable of making voice calls?
+
+
+### Census.Memory
+
+This event sends data about the memory on the device, including ROM and RAM. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **TotalPhysicalRAM** Represents the physical memory (in MB).
+- **TotalVisibleMemory** Represents the memory that is not reserved by the system.
+
+
+### Census.Network
+
+This event sends data about the mobile and cellular network used by the device (mobile service provider, network, device ID, and service cost factors). The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **CellularModemHWInstanceId0** HardwareInstanceId of the embedded Mobile broadband modem, as reported and used by PnP system to identify the WWAN modem device in Windows system. Empty string (null string) indicates that this property is unknown for telemetry.
+- **IMEI0** Represents the International Mobile Station Equipment Identity. This number is usually unique and used by the mobile operator to distinguish different phone hardware. Microsoft does not have access to mobile operator billing data so collecting this data does not expose or identify the user. The two fields represent phone with dual sim coverage.
+- **IMEI1** Represents the International Mobile Station Equipment Identity. This number is usually unique and used by the mobile operator to distinguish different phone hardware. Microsoft does not have access to mobile operator billing data so collecting this data does not expose or identify the user. The two fields represent phone with dual sim coverage.
+- **MCC0** Represents the Mobile Country Code (MCC). It used with the Mobile Network Code (MNC) to uniquely identify a mobile network operator. The two fields represent phone with dual sim coverage.
+- **MCC1** Represents the Mobile Country Code (MCC). It used with the Mobile Network Code (MNC) to uniquely identify a mobile network operator. The two fields represent phone with dual sim coverage.
+- **MNC0** Retrieves the Mobile Network Code (MNC). It used with the Mobile Country Code (MCC) to uniquely identify a mobile network operator. The two fields represent phone with dual sim coverage.
+- **MNC1** Retrieves the Mobile Network Code (MNC). It used with the Mobile Country Code (MCC) to uniquely identify a mobile network operator. The two fields represent phone with dual sim coverage.
+- **MobileOperatorNetwork0** Represents the operator of the current mobile network that the device is used on. (AT&T, T-Mobile, Vodafone). The two fields represent phone with dual sim coverage.
+- **MobileOperatorNetwork1** Represents the operator of the current mobile network that the device is used on. (AT&T, T-Mobile, Vodafone). The two fields represent phone with dual sim coverage.
+- **ModemOptionalCapabilityBitMap0** A bit map of optional capabilities in modem, such as eSIM support.
+- **NetworkAdapterGUID** The GUID of the primary network adapter.
+- **SPN0** Retrieves the Service Provider Name (SPN). For example, these might be AT&T, Sprint, T-Mobile, or Verizon. The two fields represent phone with dual sim coverage.
+- **SPN1** Retrieves the Service Provider Name (SPN). For example, these might be AT&T, Sprint, T-Mobile, or Verizon. The two fields represent phone with dual sim coverage.
+- **SupportedDataClassBitMap0** A bit map of the supported data classes (i.g, 5g 4g...) that the modem is capable of.
+- **SupportedDataSubClassBitMap0** A bit map of data subclasses that the modem is capable of.
+
+
+### Census.OS
+
+This event sends data about the operating system such as the version, locale, update service configuration, when and how it was originally installed, and whether it is a virtual device. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **ActivationChannel** Retrieves the retail license key or Volume license key for a machine.
+- **AssignedAccessStatus** Kiosk configuration mode.
+- **CompactOS** Indicates if the Compact OS feature from Win10 is enabled.
+- **DeveloperUnlockStatus** Represents if a device has been developer unlocked by the user or Group Policy.
+- **DeviceTimeZone** The time zone that is set on the device. Example: Pacific Standard Time
+- **GenuineState** Retrieves the ID Value specifying the OS Genuine check.
+- **InstallationType** Retrieves the type of OS installation. (Clean, Upgrade, Reset, Refresh, Update).
+- **InstallLanguage** The first language installed on the user machine.
+- **IsDeviceRetailDemo** Retrieves if the device is running in demo mode.
+- **IsEduData** Returns Boolean if the education data policy is enabled.
+- **IsPortableOperatingSystem** Retrieves whether OS is running Windows-To-Go
+- **IsSecureBootEnabled** Retrieves whether Boot chain is signed under UEFI.
+- **LanguagePacks** The list of language packages installed on the device.
+- **LicenseStateReason** Retrieves why (or how) a system is licensed or unlicensed. The HRESULT may indicate an error code that indicates a key blocked error, or it may indicate that we are running an OS License granted by the MS store.
+- **OA3xOriginalProductKey** Retrieves the License key stamped by the OEM to the machine.
+- **OSEdition** Retrieves the version of the current OS.
+- **OSInstallType** Retrieves a numeric description of what install was used on the device i.e. clean, upgrade, refresh, reset, etc
+- **OSOOBEDateTime** Retrieves Out of Box Experience (OOBE) Date in Coordinated Universal Time (UTC).
+- **OSSKU** Retrieves the Friendly Name of OS Edition.
+- **OSSubscriptionStatus** Represents the existing status for enterprise subscription feature for PRO machines.
+- **OSSubscriptionTypeId** Returns boolean for enterprise subscription feature for selected PRO machines.
+- **OSUILocale** Retrieves the locale of the UI that is currently used by the OS.
+- **ProductActivationResult** Returns Boolean if the OS Activation was successful.
+- **ProductActivationTime** Returns the OS Activation time for tracking piracy issues.
+- **ProductKeyID2** Retrieves the License key if the machine is updated with a new license key.
+- **RACw7Id** Retrieves the Microsoft Reliability Analysis Component (RAC) Win7 Identifier. RAC is used to monitor and analyze system usage and reliability.
+- **ServiceMachineIP** Retrieves the IP address of the KMS host used for anti-piracy.
+- **ServiceMachinePort** Retrieves the port of the KMS host used for anti-piracy.
+- **ServiceProductKeyID** Retrieves the License key of the KMS
+- **SharedPCMode** Returns Boolean for education devices used as shared cart
+- **Signature** Retrieves if it is a signature machine sold by Microsoft store.
+- **SLICStatus** Whether a SLIC table exists on the device.
+- **SLICVersion** Returns OS type/version from SLIC table.
+
+
+### Census.PrivacySettings
+
+This event provides information about the device level privacy settings and whether device-level access was granted to these capabilities. Not all settings are applicable to all devices. Each field records the consent state for the corresponding privacy setting. The consent state is encoded as a 16-bit signed integer, where the first 8 bits represents the effective consent value, and the last 8 bits represent the authority that set the value. The effective consent (first 8 bits) is one of the following values: -3 = unexpected consent value, -2 = value was not requested, -1 = an error occurred while attempting to retrieve the value, 0 = undefined, 1 = allow, 2 = deny, 3 = prompt. The consent authority (last 8 bits) is one of the following values: -3 = unexpected authority, -2 = value was not requested, -1 = an error occurred while attempting to retrieve the value, 0 = system, 1 = a higher authority (a gating setting, the system-wide setting, or a group policy), 2 = advertising ID group policy, 3 = advertising ID policy for child account, 4 = privacy setting provider doesn't know the actual consent authority, 5 = consent was not configured and a default set in code was used, 6 = system default, 7 = organization policy, 8 = OneSettings. The data collected with this event is used to help keep Windows secure.
+
+The following fields are available:
+
+- **Activity** Current state of the activity history setting.
+- **ActivityHistoryCloudSync** Current state of the activity history cloud sync setting.
+- **ActivityHistoryCollection** Current state of the activity history collection setting.
+- **AdvertisingId** Current state of the advertising ID setting.
+- **AppDiagnostics** Current state of the app diagnostics setting.
+- **Appointments** Current state of the calendar setting.
+- **Bluetooth** Current state of the Bluetooth capability setting.
+- **BluetoothSync** Current state of the Bluetooth sync capability setting.
+- **BroadFileSystemAccess** Current state of the broad file system access setting.
+- **CellularData** Current state of the cellular data capability setting.
+- **Chat** Current state of the chat setting.
+- **Contacts** Current state of the contacts setting.
+- **DocumentsLibrary** Current state of the documents library setting.
+- **Email** Current state of the email setting.
+- **FindMyDevice** Current state of the "find my device" setting.
+- **GazeInput** Current state of the gaze input setting.
+- **HumanInterfaceDevice** Current state of the human interface device setting.
+- **InkTypeImprovement** Current state of the improve inking and typing setting.
+- **Location** Current state of the location setting.
+- **LocationHistory** Current state of the location history setting.
+- **Microphone** Current state of the microphone setting.
+- **PhoneCall** Current state of the phone call setting.
+- **PhoneCallHistory** Current state of the call history setting.
+- **PicturesLibrary** Current state of the pictures library setting.
+- **Radios** Current state of the radios setting.
+- **SensorsCustom** Current state of the custom sensor setting.
+- **SerialCommunication** Current state of the serial communication setting.
+- **Sms** Current state of the text messaging setting.
+- **SpeechPersonalization** Current state of the speech services setting.
+- **USB** Current state of the USB setting.
+- **UserAccountInformation** Current state of the account information setting.
+- **UserDataTasks** Current state of the tasks setting.
+- **UserNotificationListener** Current state of the notifications setting.
+- **VideosLibrary** Current state of the videos library setting.
+- **Webcam** Current state of the camera setting.
+- **WifiData** Current state of the Wi-Fi data setting.
+- **WiFiDirect** Current state of the Wi-Fi direct setting.
+
+
+### Census.Processor
+
+This event sends data about the processor to help keep Windows up to date.
+
+The following fields are available:
+
+- **KvaShadow** This is the micro code information of the processor.
+- **MMSettingOverride** Microcode setting of the processor.
+- **MMSettingOverrideMask** Microcode setting override of the processor.
+- **PreviousUpdateRevision** Previous microcode revision
+- **ProcessorArchitecture** Retrieves the processor architecture of the installed operating system.
+- **ProcessorClockSpeed** Clock speed of the processor in MHz.
+- **ProcessorCores** Number of logical cores in the processor.
+- **ProcessorIdentifier** Processor Identifier of a manufacturer.
+- **ProcessorManufacturer** Name of the processor manufacturer.
+- **ProcessorModel** Name of the processor model.
+- **ProcessorPhysicalCores** Number of physical cores in the processor.
+- **ProcessorUpdateRevision** The microcode revision.
+- **ProcessorUpdateStatus** Enum value that represents the processor microcode load status
+- **SocketCount** Count of CPU sockets.
+- **SpeculationControl** If the system has enabled protections needed to validate the speculation control vulnerability.
+
+
+### Census.Security
+
+This event provides information about security settings. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **AvailableSecurityProperties** This field helps to enumerate and report state on the relevant security properties for Device Guard.
+- **CGRunning** Credential Guard isolates and hardens key system and user secrets against compromise, helping to minimize the impact and breadth of a Pass the Hash style attack in the event that malicious code is already running via a local or network based vector. This field tells if Credential Guard is running.
+- **DGState** This field summarizes the Device Guard state.
+- **HVCIRunning** Hypervisor Code Integrity (HVCI) enables Device Guard to help protect kernel mode processes and drivers from vulnerability exploits and zero days. HVCI uses the processor’s functionality to force all software running in kernel mode to safely allocate memory. This field tells if HVCI is running.
+- **IsSawGuest** Indicates whether the device is running as a Secure Admin Workstation Guest.
+- **IsSawHost** Indicates whether the device is running as a Secure Admin Workstation Host.
+- **IsWdagFeatureEnabled** Indicates whether Windows Defender Application Guard is enabled.
+- **NGCSecurityProperties** String representation of NGC security information.
+- **RequiredSecurityProperties** Describes the required security properties to enable virtualization-based security.
+- **SecureBootCapable** Systems that support Secure Boot can have the feature turned off via BIOS. This field tells if the system is capable of running Secure Boot, regardless of the BIOS setting.
+- **ShadowStack** The bit fields of SYSTEM_SHADOW_STACK_INFORMATION representing the state of the Intel CET (Control Enforcement Technology) hardware security feature.
+- **SModeState** The Windows S mode trail state.
+- **SystemGuardState** Indicates the SystemGuard state. NotCapable (0), Capable (1), Enabled (2), Error (0xFF).
+- **TpmReadyState** Indicates the TPM ready state. NotReady (0), ReadyForStorage (1), ReadyForAttestation (2), Error (0xFF).
+- **VBSState** Virtualization-based security (VBS) uses the hypervisor to help protect the kernel and other parts of the operating system. Credential Guard and Hypervisor Code Integrity (HVCI) both depend on VBS to isolate/protect secrets, and kernel-mode code integrity validation. VBS has a tri-state that can be Disabled, Enabled, or Running.
+- **WdagPolicyValue** The Windows Defender Application Guard policy.
+
+
+### Census.Speech
+
+This event is used to gather basic speech settings on the device. The data collected with this event is used to help keep Windows secure.
+
+The following fields are available:
+
+- **AboveLockEnabled** Cortana setting that represents if Cortana can be invoked when the device is locked.
+- **GPAllowInputPersonalization** Indicates if a Group Policy setting has enabled speech functionalities.
+- **HolographicSpeechInputDisabled** Holographic setting that represents if the attached HMD devices have speech functionality disabled by the user.
+- **HolographicSpeechInputDisabledRemote** Indicates if a remote policy has disabled speech functionalities for the HMD devices.
+- **KeyVer** Version information for the census speech event.
+- **KWSEnabled** Cortana setting that represents if a user has enabled the "Hey Cortana" keyword spotter (KWS).
+- **MDMAllowInputPersonalization** Indicates if an MDM policy has enabled speech functionalities.
+- **RemotelyManaged** Indicates if the device is being controlled by a remote administrator (MDM or Group Policy) in the context of speech functionalities.
+- **SpeakerIdEnabled** Cortana setting that represents if keyword detection has been trained to try to respond to a single user's voice.
+- **SpeechServicesEnabled** Windows setting that represents whether a user is opted-in for speech services on the device.
+- **SpeechServicesValueSource** Indicates the deciding factor for the effective online speech recognition privacy policy settings: remote admin, local admin, or user preference.
+
+
+### Census.Storage
+
+This event sends data about the total capacity of the system volume and primary disk. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **PrimaryDiskTotalCapacity** Retrieves the amount of disk space on the primary disk of the device in MB.
+- **PrimaryDiskType** Retrieves an enumerator value of type STORAGE_BUS_TYPE that indicates the type of bus to which the device is connected. This should be used to interpret the raw device properties at the end of this structure (if any).
+- **StorageReservePassedPolicy** Indicates whether the Storage Reserve policy, which ensures that updates have enough disk space and customers are on the latest OS, is enabled on this device.
+- **SystemVolumeTotalCapacity** Retrieves the size of the partition that the System volume is installed on in MB.
+
+
+### Census.Userdefault
+
+This event sends data about the current user's default preferences for browser and several of the most popular extensions and protocols. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **CalendarType** The calendar identifiers that are used to specify different calendars.
+- **DefaultApp** The current user's default program selected for the following extension or protocol: .html, .htm, .jpg, .jpeg, .png, .mp3, .mp4, .mov, .pdf.
+- **DefaultBrowserProgId** The ProgramId of the current user's default browser.
+- **LocaleName** Name of the current user locale given by LOCALE_SNAME via the GetLocaleInfoEx() function.
+- **LongDateFormat** The long date format the user has selected.
+- **ShortDateFormat** The short date format the user has selected.
+
+
+### Census.UserDisplay
+
+This event sends data about the logical/physical display size, resolution and number of internal/external displays, and VRAM on the system. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **InternalPrimaryDisplayLogicalDPIX** Retrieves the logical DPI in the x-direction of the internal display.
+- **InternalPrimaryDisplayLogicalDPIY** Retrieves the logical DPI in the y-direction of the internal display.
+- **InternalPrimaryDisplayPhysicalDPIX** Retrieves the physical DPI in the x-direction of the internal display.
+- **InternalPrimaryDisplayPhysicalDPIY** Retrieves the physical DPI in the y-direction of the internal display.
+- **InternalPrimaryDisplayResolutionHorizontal** Retrieves the number of pixels in the horizontal direction of the internal display.
+- **InternalPrimaryDisplayResolutionVertical** Retrieves the number of pixels in the vertical direction of the internal display.
+- **InternalPrimaryDisplaySizePhysicalH** Retrieves the physical horizontal length of the display in mm. Used for calculating the diagonal length in inches .
+- **InternalPrimaryDisplaySizePhysicalY** Retrieves the physical vertical length of the display in mm. Used for calculating the diagonal length in inches
+- **NumberofExternalDisplays** Retrieves the number of external displays connected to the machine
+- **NumberofInternalDisplays** Retrieves the number of internal displays in a machine.
+- **VRAMDedicated** Retrieves the video RAM in MB.
+- **VRAMDedicatedSystem** Retrieves the amount of memory on the dedicated video card.
+- **VRAMSharedSystem** Retrieves the amount of RAM memory that the video card can use.
+
+
+### Census.UserNLS
+
+This event sends data about the default app language, input, and display language preferences set by the user. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **DefaultAppLanguage** The current user Default App Language.
+- **DisplayLanguage** The current user preferred Windows Display Language.
+- **HomeLocation** The current user location, which is populated using GetUserGeoId() function.
+- **KeyboardInputLanguages** The Keyboard input languages installed on the device.
+- **SpeechInputLanguages** The Speech Input languages installed on the device.
+
+
+### Census.UserPrivacySettings
+
+This event provides information about the current users privacy settings and whether device-level access was granted to these capabilities. Not all settings are applicable to all devices. Each field records the consent state for the corresponding privacy setting. The consent state is encoded as a 16-bit signed integer, where the first 8 bits represents the effective consent value, and the last 8 bits represents the authority that set the value. The effective consent is one of the following values: -3 = unexpected consent value, -2 = value was not requested, -1 = an error occurred while attempting to retrieve the value, 0 = undefined, 1 = allow, 2 = deny, 3 = prompt. The consent authority is one of the following values: -3 = unexpected authority, -2 = value was not requested, -1 = an error occurred while attempting to retrieve the value, 0 = user, 1 = a higher authority (a gating setting, the system-wide setting, or a group policy), 2 = advertising ID group policy, 3 = advertising ID policy for child account, 4 = privacy setting provider doesn't know the actual consent authority, 5 = consent was not configured and a default set in code was used, 6 = system default, 7 = organization policy, 8 = OneSettings. The data collected with this event is used to help keep Windows secure.
+
+The following fields are available:
+
+- **Activity** Current state of the activity history setting.
+- **ActivityHistoryCloudSync** Current state of the activity history cloud sync setting.
+- **ActivityHistoryCollection** Current state of the activity history collection setting.
+- **AdvertisingId** Current state of the advertising ID setting.
+- **AppDiagnostics** Current state of the app diagnostics setting.
+- **Appointments** Current state of the calendar setting.
+- **Bluetooth** Current state of the Bluetooth capability setting.
+- **BluetoothSync** Current state of the Bluetooth sync capability setting.
+- **BroadFileSystemAccess** Current state of the broad file system access setting.
+- **CellularData** Current state of the cellular data capability setting.
+- **Chat** Current state of the chat setting.
+- **Contacts** Current state of the contacts setting.
+- **DocumentsLibrary** Current state of the documents library setting.
+- **Email** Current state of the email setting.
+- **GazeInput** Current state of the gaze input setting.
+- **HumanInterfaceDevice** Current state of the human interface device setting.
+- **InkTypeImprovement** Current state of the improve inking and typing setting.
+- **InkTypePersonalization** Current state of the inking and typing personalization setting.
+- **Location** Current state of the location setting.
+- **LocationHistory** Current state of the location history setting.
+- **Microphone** Current state of the microphone setting.
+- **PhoneCall** Current state of the phone call setting.
+- **PhoneCallHistory** Current state of the call history setting.
+- **PicturesLibrary** Current state of the pictures library setting.
+- **Radios** Current state of the radios setting.
+- **SensorsCustom** Current state of the custom sensor setting.
+- **SerialCommunication** Current state of the serial communication setting.
+- **Sms** Current state of the text messaging setting.
+- **SpeechPersonalization** Current state of the speech services setting.
+- **USB** Current state of the USB setting.
+- **UserAccountInformation** Current state of the account information setting.
+- **UserDataTasks** Current state of the tasks setting.
+- **UserNotificationListener** Current state of the notifications setting.
+- **VideosLibrary** Current state of the videos library setting.
+- **Webcam** Current state of the camera setting.
+- **WifiData** Current state of the Wi-Fi data setting.
+- **WiFiDirect** Current state of the Wi-Fi direct setting.
+
+
+### Census.VM
+
+This event sends data indicating whether virtualization is enabled on the device, and its various characteristics. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **CloudService** Indicates which cloud service, if any, that this virtual machine is running within.
+- **HyperVisor** Retrieves whether the current OS is running on top of a Hypervisor.
+- **IOMMUPresent** Represents if an input/output memory management unit (IOMMU) is present.
+- **IsVDI** Is the device using Virtual Desktop Infrastructure?
+- **IsVirtualDevice** Retrieves that when the Hypervisor is Microsoft's Hyper-V Hypervisor or other Hv#1 Hypervisor, this field will be set to FALSE for the Hyper-V host OS and TRUE for any guest OS's. This field should not be relied upon for non-Hv#1 Hypervisors.
+- **IsWVDSessionHost** Indicates if this is a Windows Virtual Device session host.
+- **SLATSupported** Represents whether Second Level Address Translation (SLAT) is supported by the hardware.
+- **VirtualizationFirmwareEnabled** Represents whether virtualization is enabled in the firmware.
+- **VMId** A string that identifies a virtual machine.
+- **WVDEnvironment** Represents the WVD service environment to which this session host has been joined.
+
+
+### Census.WU
+
+This event sends data about the Windows update server and other App store policies. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **AppraiserGatedStatus** Indicates whether a device has been gated for upgrading.
+- **AppStoreAutoUpdate** Retrieves the Appstore settings for auto upgrade. (Enable/Disabled).
+- **AppStoreAutoUpdateMDM** Retrieves the App Auto Update value for MDM: 0 - Disallowed. 1 - Allowed. 2 - Not configured. Default: [2] Not configured
+- **AppStoreAutoUpdatePolicy** Retrieves the Microsoft Store App Auto Update group policy setting
+- **DelayUpgrade** Retrieves the Windows upgrade flag for delaying upgrades.
+- **IsHotPatchEnrolled** Represents the current state of the device in relation to enrollment in the hotpatch program.
+- **OSAssessmentFeatureOutOfDate** How many days has it been since a the last feature update was released but the device did not install it?
+- **OSAssessmentForFeatureUpdate** Is the device is on the latest feature update?
+- **OSAssessmentForQualityUpdate** Is the device on the latest quality update?
+- **OSAssessmentForSecurityUpdate** Is the device on the latest security update?
+- **OSAssessmentQualityOutOfDate** How many days has it been since a the last quality update was released but the device did not install it?
+- **OSAssessmentReleaseInfoTime** The freshness of release information used to perform an assessment.
+- **OSRollbackCount** The number of times feature updates have rolled back on the device.
+- **OSRolledBack** A flag that represents when a feature update has rolled back during setup.
+- **OSUninstalled** A flag that represents when a feature update is uninstalled on a device .
+- **OSWUAutoUpdateOptions** Retrieves the auto update settings on the device.
+- **OSWUAutoUpdateOptionsSource** The source of auto update setting that appears in the OSWUAutoUpdateOptions field. For example: Group Policy (GP), Mobile Device Management (MDM), and Default.
+- **UninstallActive** A flag that represents when a device has uninstalled a previous upgrade recently.
+- **UpdateServiceURLConfigured** Retrieves if the device is managed by Windows Server Update Services (WSUS).
+- **WUDeferUpdatePeriod** Retrieves if deferral is set for Updates.
+- **WUDeferUpgradePeriod** Retrieves if deferral is set for Upgrades.
+- **WUDODownloadMode** Retrieves whether DO is turned on and how to acquire/distribute updates Delivery Optimization (DO) allows users to deploy previously downloaded WU updates to other devices on the same network.
+- **WULCUVersion** Version of the LCU Installed on the machine.
+- **WUMachineId** Retrieves the Windows Update (WU) Machine Identifier.
+- **WUPauseState** Retrieves WU setting to determine if updates are paused.
+- **WUServer** Retrieves the HTTP(S) URL of the WSUS server that is used by Automatic Updates and API callers (by default).
+
+
+### Census.Xbox
+
+This event sends data about the Xbox Console, such as Serial Number and DeviceId, to help keep Windows up to date.
+
+The following fields are available:
+
+- **XboxConsolePreferredLanguage** Retrieves the preferred language selected by the user on Xbox console.
+- **XboxConsoleSerialNumber** Retrieves the serial number of the Xbox console.
+- **XboxLiveDeviceId** Retrieves the unique device ID of the console.
+- **XboxLiveSandboxId** Retrieves the developer sandbox ID if the device is internal to Microsoft.
+
+
+## Cloud experience host events
+
+### Microsoft.Windows.Shell.CloudExperienceHost.AppActivityRequired
+
+This event is a WIL activity starting at the beginning of the Windows OOBE CloudExperienceHost scenario, and ending at the scenario completion. Its main purpose is to help detect blocking errors occurring during OOBE flow. The data collected with this event is used to keep Windows performing properly.
+
+The following fields are available:
+
+- **appResult** The AppResult for the CXH OOBE scenario, e.g. "success" or "fail". This is logged on scenario completion, i.e. with the stop event.
+- **experience** A JSON blob containing properties pertinent for the CXH scenario launch, with PII removed. Examples: host, port, protocol, surface. Logged on the start event.
+- **source** The scenario for which CXH was launched. Since this event is restricted to OOBE timeframe, this will be FRXINCLUSIVE or FRXOOBELITE. Logged with the start event.
+- **wilActivity** Common data logged with all Wil activities. See [wilActivity](#wilactivity).
+
+
+### Microsoft.Windows.Shell.CloudExperienceHost.ExpectedReboot
+
+This event fires during OOBE when an expected reboot occurs- for example, as a result of language change or autopilot. The event doesn't fire if the user forcibly initiates a reboot/shutdown. The data collected with this event is used to keep Windows performing properly.
+
+The following fields are available:
+
+- **wilActivity** Common data logged with all Wil activities.
+
+
+## Code Integrity events
+
+### Microsoft.Windows.Security.CodeIntegrity.State.Current
+
+This event indicates the overall CodeIntegrity Policy state and count of policies, fired on reboot and when policy changes rebootlessly. The data collected with this event is used to help keep Windows secure.
+
+The following fields are available:
+
+- **EModeEnabled** Whether policy that defines "E Mode" is present and active on device.
+- **GlobalCiPolicyState** Bitfield containing global CodeIntegrity State (Audit Mode, etc.).
+- **PolicyCount** Number of CodeIntegrity policies present on device.
+
+
+### Microsoft.Windows.Security.CodeIntegrity.State.IsProductionConfiguration
+
+This event logs device production configuration status information. The data collected with this event is used to help keep Windows secure.
+
+The following fields are available:
+
+- **ErrorCode** Error code returned by WldpIsProductionConfiguration API.
+- **FailedConfigurationChecks** Bits indicating list of configuration checks that the device failed.
+- **RequiredConfigurationChecks** Bits indicating list of configuration checks that are required to run for the device.
+- **WldpIsWcosProductionConfiguration** Boolean value indicating whether the device is properly configured for production or not.
+
+
+### Microsoft.Windows.Security.CodeIntegrity.State.PolicyDetails
+
+This individual policy state event fires once per policy on reboot and whenever any policy change occurs rebootlessly. The data collected with this event is used to help keep Windows secure.
+
+The following fields are available:
+
+- **BasePolicyId** ID of the base policy this policy supplements if this is a supplemental. Same as PolicyID if this is a base policy.
+- **IsBasePolicy** True if this is a base policy.
+- **IsLegacyPolicy** True if this policy is one of the legacy policy types (WinSiPolicy/AtpSiPolicy/SiPolicy.p7b), as opposed to being the new multiple policy format (guid.cip).
+- **PolicyAllowKernelSigners** Whether Secureboot allows custom kernel signers for the policy's SignatureType.
+- **PolicyCount** Total number of policies.
+- **PolicyHVCIOptions** HVCI related bitfield.
+- **PolicyId** ID of this policy.
+- **PolicyIndex** Index of this policy in total number of policies.
+- **PolicyInfoId** String ID defined in policy securesettings.
+- **PolicyInfoName** String policy name defined in securesettings.
+- **PolicyOptions** Bitfield of RuleOptions defined in policy.
+- **PolicyVersionEx** Policy version # used for rollback protection of signed policy.
+- **SignatureType** Enum containing info about policy signer if one is present (e.g. windows signed).
+
+
+## Common data extensions
+
+### Common Data Extensions.app
+
+Describes the properties of the running application. This extension could be populated by a client app or a web app.
+
+The following fields are available:
+
+- **asId** An integer value that represents the app session. This value starts at 0 on the first app launch and increments after each subsequent app launch per boot session.
+- **env** The environment from which the event was logged.
+- **expId** Associates a flight, such as an OS flight, or an experiment, such as a web site UX experiment, with an event.
+- **id** Represents a unique identifier of the client application currently loaded in the process producing the event; and is used to group events together and understand usage pattern, errors by application.
+- **locale** The locale of the app.
+- **name** The name of the app.
+- **userId** The userID as known by the application.
+- **ver** Represents the version number of the application. Used to understand errors by Version, Usage by Version across an app.
+
+
+### Common Data Extensions.container
+
+Describes the properties of the container for events logged within a container.
+
+The following fields are available:
+
+- **epoch** An ID that's incremented for each SDK initialization.
+- **localId** The device ID as known by the client.
+- **osVer** The operating system version.
+- **seq** An ID that's incremented for each event.
+- **type** The container type. Examples: Process or VMHost
+
+
+### Common Data Extensions.device
+
+Describes the device-related fields.
+
+The following fields are available:
+
+- **deviceClass** The device classification. For example, Desktop, Server, or Mobile.
+- **localId** A locally-defined unique ID for the device. This is not the human-readable device name. Most likely equal to the value stored at HKLM\Software\Microsoft\SQMClient\MachineId
+- **make** Device manufacturer.
+- **model** Device model.
+
+
+### Common Data Extensions.Envelope
+
+Represents an envelope that contains all of the common data extensions.
+
+The following fields are available:
+
+- **data** Represents the optional unique diagnostic data for a particular event schema.
+- **ext_app** Describes the properties of the running application. This extension could be populated by either a client app or a web app. See [Common Data Extensions.app](#common-data-extensionsapp).
+- **ext_container** Describes the properties of the container for events logged within a container. See [Common Data Extensions.container](#common-data-extensionscontainer).
+- **ext_device** Describes the device-related fields. See [Common Data Extensions.device](#common-data-extensionsdevice).
+- **ext_mscv** Describes the correlation vector-related fields. See [Common Data Extensions.mscv](#common-data-extensionsmscv).
+- **ext_os** Describes the operating system properties that would be populated by the client. See [Common Data Extensions.os](#common-data-extensionsos).
+- **ext_sdk** Describes the fields related to a platform library required for a specific SDK. See [Common Data Extensions.sdk](#common-data-extensionssdk).
+- **ext_user** Describes the fields related to a user. See [Common Data Extensions.user](#common-data-extensionsuser).
+- **ext_utc** Describes the fields that might be populated by a logging library on Windows. See [Common Data Extensions.utc](#common-data-extensionsutc).
+- **ext_xbl** Describes the fields related to XBOX Live. See [Common Data Extensions.xbl](#common-data-extensionsxbl).
+- **iKey** Represents an ID for applications or other logical groupings of events.
+- **name** Represents the uniquely qualified name for the event.
+- **time** Represents the event date time in Coordinated Universal Time (UTC) when the event was generated on the client. This should be in ISO 8601 format.
+- **ver** Represents the major and minor version of the extension.
+
+
+### Common Data Extensions.mscv
+
+Describes the correlation vector-related fields.
+
+The following fields are available:
+
+- **cV** Represents the Correlation Vector: A single field for tracking partial order of related events across component boundaries.
+
+
+### Common Data Extensions.os
+
+Describes some properties of the operating system.
+
+The following fields are available:
+
+- **bootId** An integer value that represents the boot session. This value starts at 0 on first boot after OS install and increments after every reboot.
+- **expId** Represents the experiment ID. The standard for associating a flight, such as an OS flight (pre-release build), or an experiment, such as a web site UX experiment, with an event is to record the flight / experiment IDs in Part A of the common schema.
+- **locale** Represents the locale of the operating system.
+- **name** Represents the operating system name.
+- **ver** Represents the major and minor version of the extension.
+
+
+### Common Data Extensions.sdk
+
+Used by platform specific libraries to record fields that are required for a specific SDK.
+
+The following fields are available:
+
+- **epoch** An ID that is incremented for each SDK initialization.
+- **installId** An ID that's created during the initialization of the SDK for the first time.
+- **libVer** The SDK version.
+- **seq** An ID that is incremented for each event.
+- **ver** The version of the logging SDK.
+
+
+### Common Data Extensions.user
+
+Describes the fields related to a user.
+
+The following fields are available:
+
+- **authId** This is an ID of the user associated with this event that is deduced from a token such as a Microsoft Account ticket or an XBOX token.
+- **locale** The language and region.
+- **localId** Represents a unique user identity that is created locally and added by the client. This is not the user's account ID.
+
+
+### Common Data Extensions.utc
+
+Describes the properties that could be populated by a logging library on Windows.
+
+The following fields are available:
+
+- **aId** Represents the ETW ActivityId. Logged via TraceLogging or directly via ETW.
+- **bSeq** Upload buffer sequence number in the format: buffer identifier:sequence number
+- **cat** Represents a bitmask of the ETW Keywords associated with the event.
+- **cpId** The composer ID, such as Reference, Desktop, Phone, Holographic, Hub, IoT Composer.
+- **epoch** Represents the epoch and seqNum fields, which help track how many events were fired and how many events were uploaded, and enables identification of data lost during upload and de-duplication of events on the ingress server.
+- **eventFlags** Represents a collection of bits that describe how the event should be processed by the Connected User Experience and Telemetry component pipeline. The lowest-order byte is the event persistence. The next byte is the event latency.
+- **flags** Represents the bitmap that captures various Windows specific flags.
+- **loggingBinary** The binary (executable, library, driver, etc.) that fired the event.
+- **mon** Combined monitor and event sequence numbers in the format: monitor sequence : event sequence
+- **op** Represents the ETW Op Code.
+- **pgName** The short form of the provider group name associated with the event.
+- **popSample** Represents the effective sample rate for this event at the time it was generated by a client.
+- **providerGuid** The ETW provider ID associated with the provider name.
+- **raId** Represents the ETW Related ActivityId. Logged via TraceLogging or directly via ETW.
+- **seq** Represents the sequence field used to track absolute order of uploaded events. It is an incrementing identifier for each event added to the upload queue. The Sequence helps track how many events were fired and how many events were uploaded and enables identification of data lost during upload and de-duplication of events on the ingress server.
+- **sqmId** The Windows SQM (Software Quality Metrics—a precursor of Windows 10 Diagnostic Data collection) device identifier.
+- **stId** Represents the Scenario Entry Point ID. This is a unique GUID for each event in a diagnostic scenario. This used to be Scenario Trigger ID.
+- **wcmp** The Windows Shell Composer ID.
+- **wPId** The Windows Core OS product ID.
+- **wsId** The Windows Core OS session ID.
+
+
+### Common Data Extensions.xbl
+
+Describes the fields that are related to XBOX Live.
+
+The following fields are available:
+
+- **claims** Any additional claims whose short claim name hasn't been added to this structure.
+- **did** XBOX device ID
+- **dty** XBOX device type
+- **dvr** The version of the operating system on the device.
+- **eid** A unique ID that represents the developer entity.
+- **exp** Expiration time
+- **ip** The IP address of the client device.
+- **nbf** Not before time
+- **pid** A comma separated list of PUIDs listed as base10 numbers.
+- **sbx** XBOX sandbox identifier
+- **sid** The service instance ID.
+- **sty** The service type.
+- **tid** The XBOX Live title ID.
+- **tvr** The XBOX Live title version.
+- **uts** A bit field, with 2 bits being assigned to each user ID listed in xid. This field is omitted if all users are retail accounts.
+- **xid** A list of base10-encoded XBOX User IDs.
+
+## Common data fields
+
+### Ms.Device.DeviceInventoryChange
+
+Describes the installation state for all hardware and software components available on a particular device.
+
+The following fields are available:
+
+- **action** The change that was invoked on a device inventory object.
+- **inventoryId** Device ID used for Compatibility testing
+- **objectInstanceId** Object identity which is unique within the device scope.
+- **objectType** Indicates the object type that the event applies to.
+- **syncId** A string used to group StartSync, EndSync, Add, and Remove operations that belong together. This field is unique by Sync period and is used to disambiguate in situations where multiple agents perform overlapping inventories for the same object.
+
+## Component-based servicing events
+
+### CbsServicingProvider.CbsCapabilityEnumeration
+
+This event reports on the results of scanning for optional Windows content on Windows Update to keep Windows up to date.
+
+The following fields are available:
+
+- **architecture** Indicates the scan was limited to the specified architecture.
+- **capabilityCount** The number of optional content packages found during the scan.
+- **clientId** The name of the application requesting the optional content.
+- **duration** The amount of time it took to complete the scan.
+- **hrStatus** The HReturn code of the scan.
+- **language** Indicates the scan was limited to the specified language.
+- **majorVersion** Indicates the scan was limited to the specified major version.
+- **minorVersion** Indicates the scan was limited to the specified minor version.
+- **namespace** Indicates the scan was limited to packages in the specified namespace.
+- **sourceFilter** A bitmask indicating the scan checked for locally available optional content.
+- **stackBuild** The build number of the servicing stack.
+- **stackMajorVersion** The major version number of the servicing stack.
+- **stackMinorVersion** The minor version number of the servicing stack.
+- **stackRevision** The revision number of the servicing stack.
+
+
+### CbsServicingProvider.CbsCapabilitySessionFinalize
+
+This event provides information about the results of installing or uninstalling optional Windows content from Windows Update. The data collected with this event is used to help keep Windows up to date.
+
+The following fields are available:
+
+- **capabilities** The names of the optional content packages that were installed.
+- **clientId** The name of the application requesting the optional content.
+- **currentID** The ID of the current install session.
+- **downloadSource** The source of the download.
+- **highestState** The highest final install state of the optional content.
+- **hrLCUReservicingStatus** Indicates whether the optional content was updated to the latest available version.
+- **hrStatus** The HReturn code of the install operation.
+- **rebootCount** The number of reboots required to complete the install.
+- **retryID** The session ID that will be used to retry a failed operation.
+- **retryStatus** Indicates whether the install will be retried in the event of failure.
+- **stackBuild** The build number of the servicing stack.
+- **stackMajorVersion** The major version number of the servicing stack.
+- **stackMinorVersion** The minor version number of the servicing stack.
+- **stackRevision** The revision number of the servicing stack.
+
+
+### CbsServicingProvider.CbsCapabilitySessionPended
+
+This event provides information about the results of installing optional Windows content that requires a reboot to keep Windows up to date.
+
+The following fields are available:
+
+- **clientId** The name of the application requesting the optional content.
+- **pendingDecision** Indicates the cause of reboot, if applicable.
+
+
+### CbsServicingProvider.CbsPackageRemoval
+
+This event provides information about the results of uninstalling a Windows Cumulative Security Update to help keep Windows up to date.
+
+The following fields are available:
+
+- **buildVersion** The build number of the security update being uninstalled.
+- **clientId** The name of the application requesting the uninstall.
+- **currentStateEnd** The final state of the update after the operation.
+- **failureDetails** Information about the cause of a failure, if applicable.
+- **failureSourceEnd** The stage during the uninstall where the failure occurred.
+- **hrStatusEnd** The overall exit code of the operation.
+- **initiatedOffline** Indicates if the uninstall was initiated for a mounted Windows image.
+- **majorVersion** The major version number of the security update being uninstalled.
+- **minorVersion** The minor version number of the security update being uninstalled.
+- **originalState** The starting state of the update before the operation.
+- **pendingDecision** Indicates the cause of reboot, if applicable.
+- **primitiveExecutionContext** The state during system startup when the uninstall was completed.
+- **revisionVersion** The revision number of the security update being uninstalled.
+- **transactionCanceled** Indicates whether the uninstall was cancelled.
+
+
+### CbsServicingProvider.CbsQualityUpdateInstall
+
+This event reports on the performance and reliability results of installing Servicing content from Windows Update to keep Windows up to date.
+
+The following fields are available:
+
+- **buildVersion** The build version number of the update package.
+- **clientId** The name of the application requesting the optional content.
+- **corruptionHistoryFlags** A bitmask of the types of component store corruption that have caused update failures on the device.
+- **corruptionType** An enumeration listing the type of data corruption responsible for the current update failure.
+- **currentStateEnd** The final state of the package after the operation has completed.
+- **doqTimeSeconds** The time in seconds spent updating drivers.
+- **executeTimeSeconds** The number of seconds required to execute the install.
+- **failureSourceEnd** An enumeration indicating at what phase of the update a failure occurred.
+- **hrStatusEnd** The return code of the install operation.
+- **initiatedOffline** A true or false value indicating whether the package was installed into an offline Windows Imaging Format (WIM) file.
+- **majorVersion** The major version number of the update package.
+- **minorVersion** The minor version number of the update package.
+- **originalState** The starting state of the package.
+- **overallTimeSeconds** The time (in seconds) to perform the overall servicing operation.
+- **planTimeSeconds** The time in seconds required to plan the update operations.
+- **poqTimeSeconds** The time in seconds processing file and registry operations.
+- **postRebootTimeSeconds** The time (in seconds) to do startup processing for the update.
+- **preRebootTimeSeconds** The time (in seconds) between execution of the installation and the reboot.
+- **primitiveExecutionContext** An enumeration indicating at what phase of shutdown or startup the update was installed.
+- **rebootCount** The number of reboots required to install the update.
+- **rebootTimeSeconds** The time (in seconds) before startup processing begins for the update.
+- **resolveTimeSeconds** The time in seconds required to resolve the packages that are part of the update.
+- **revisionVersion** The revision version number of the update package.
+- **rptTimeSeconds** The time in seconds spent executing installer plugins.
+- **shutdownTimeSeconds** The time (in seconds) required to do shutdown processing for the update.
+- **stackRevision** The revision number of the servicing stack.
+- **stageTimeSeconds** The time (in seconds) required to stage all files that are part of the update.
+
+
+### CbsServicingProvider.CbsSelectableUpdateChangeV2
+
+This event reports the results of enabling or disabling optional Windows Content to keep Windows up to date.
+
+The following fields are available:
+
+- **applicableUpdateState** Indicates the highest applicable state of the optional content.
+- **buildVersion** The build version of the package being installed.
+- **clientId** The name of the application requesting the optional content change.
+- **downloadSource** Indicates if optional content was obtained from Windows Update or a locally accessible file.
+- **downloadtimeInSeconds** Indicates if optional content was obtained from Windows Update or a locally accessible file.
+- **executionID** A unique ID used to identify events associated with a single servicing operation and not reused for future operations.
+- **executionSequence** A counter that tracks the number of servicing operations attempted on the device.
+- **firstMergedExecutionSequence** The value of a pervious executionSequence counter that is being merged with the current operation, if applicable.
+- **firstMergedID** A unique ID of a pervious servicing operation that is being merged with this operation, if applicable.
+- **hrDownloadResult** The return code of the download operation.
+- **hrStatusUpdate** The return code of the servicing operation.
+- **identityHash** A pseudonymized (hashed) identifier for the Windows Package that is being installed or uninstalled.
+- **initiatedOffline** Indicates whether the operation was performed against an offline Windows image file or a running instance of Windows.
+- **majorVersion** The major version of the package being installed.
+- **minorVersion** The minor version of the package being installed.
+- **packageArchitecture** The architecture of the package being installed.
+- **packageLanguage** The language of the package being installed.
+- **packageName** The name of the package being installed.
+- **rebootRequired** Indicates whether a reboot is required to complete the operation.
+- **revisionVersion** The revision number of the package being installed.
+- **stackBuild** The build number of the servicing stack binary performing the installation.
+- **stackMajorVersion** The major version number of the servicing stack binary performing the installation.
+- **stackMinorVersion** The minor version number of the servicing stack binary performing the installation.
+- **stackRevision** The revision number of the servicing stack binary performing the installation.
+- **updateName** The name of the optional Windows Operation System feature being enabled or disabled.
+- **updateStartState** A value indicating the state of the optional content before the operation started.
+- **updateTargetState** A value indicating the desired state of the optional content.
+
+
+### CbsServicingProvider.CbsUpdateDeferred
+
+This event reports the results of deferring Windows Content to keep Windows up to date.
+
+
+
+### Microsoft.Windows.CbsLite.CbsLiteFinalizeCommit
+
+The event reports basic information about the end of the last phase of updates. The data collected with this event is used to keep windows up to date.
+
+The following fields are available:
+
+- **bootAvailable** Indicates if storage pool version supports Oneshot Boot functionality.
+- **cbsLiteSessionID** An ID to associate other cbs events related to this update session.
+- **duration** The number of milliseconds taken to complete the operation.
+- **result** The return code of the operation.
+
+
+### Microsoft.Windows.CbsLite.CbsLiteUpdateReserve
+
+This event updates the size of the update reserve on WCOS devices. The data collected with this event is used to help keep Windows up to date and secure.
+
+The following fields are available:
+
+- **cbsLiteSessionID** The ID of the CBS Lite Session.
+- **CurrentReserveCapacityBytes** Indicates the size of the reserve before the change.
+- **NewReserveCapacityBytes** Indicates the new size of the reserve.
+- **ReserveId** The ID of the reserve changed.
+- **Result** The return code for the operation.
+
+
+## Deployment events
+
+### Microsoft.Windows.Deployment.Imaging.AppExit
+
+This event is sent on imaging application exit. The data collected with this event is used to help keep Windows up to date.
+
+The following fields are available:
+
+- **hr** HResult returned from app exit.
+- **totalTimeInMs** Total time taken in Ms.
+
+
+### Microsoft.Windows.Deployment.Imaging.AppInvoked
+
+This event is sent when the app for image creation is invoked. The data collected with this event is used to help keep Windows up to date.
+
+The following fields are available:
+
+- **branch** Corresponding branch for the image.
+- **isInDbg** Whether the app is in debug mode or not.
+- **isWSK** Whether the app is building images using WSK or not.
+
+
+### Microsoft.Windows.Deployment.Imaging.Failed
+
+This failure event is sent when imaging fails. The data collected with this event is used to help keep Windows up to date.
+
+The following fields are available:
+
+- **cs** Line that failed.
+- **ec** Execution status.
+- **hr** HResult returned.
+- **msg** Message returned.
+- **stack** Stack information.
+
+
+### Microsoft.Windows.Deployment.Imaging.ImagingCompleted
+
+This event is sent when imaging is done. The data collected with this event is used to help keep Windows up to date.
+
+The following fields are available:
+
+- **appExecTimeInMs** Execution time in milliseconds.
+- **buildInfo** Information of the build.
+- **compDbPrepTimeInMs** Preparation time in milliseconds for the CompDBs.
+- **executeUpdateTimeInMs** Update execution time in milliseconds.
+- **fileStageTimeInMs** File staging time in milliseconds.
+- **hr** HResult returned from imaging.
+- **imgSizeInMB** Image size in MB.
+- **mutexWaitTimeInMs** Mutex wait time in milliseconds.
+- **prepareUpdateTimeInMs** Update preparation time in milliseconds.
+- **totalRunTimeInMs** Total running time in milliseconds.
+- **updateOsTimeInMs** Time in milliseconds spent in update OS.
+
+
+### Microsoft.Windows.Deployment.Imaging.ImagingStarted
+
+This event is sent when an imaging session starts. The data collected with this event is used to help keep Windows up to date.
+
+The following fields are available:
+
+- **arch** Architecture of the image.
+- **device** Device type for which the image is built.
+- **imgFormat** Format of the image.
+- **imgSkip** Parameter for skipping certain image types when building.
+- **imgType** The type of image being built.
+- **lang** Language of the image being built.
+- **prod** Image product type.
+
+
+## Diagnostic data events
+
+### TelClientSynthetic.AbnormalShutdown_0
+
+This event sends data about boot IDs for which a normal clean shutdown was not observed. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
+
+The following fields are available:
+
+- **AbnormalShutdownBootId** BootId of the abnormal shutdown being reported by this event.
+- **AbsCausedbyAutoChk** This flag is set when AutoCheck forces a device restart to indicate that the shutdown was not an abnormal shutdown.
+- **AcDcStateAtLastShutdown** Identifies if the device was on battery or plugged in.
+- **BatteryLevelAtLastShutdown** The last recorded battery level.
+- **BatteryPercentageAtLastShutdown** The battery percentage at the last shutdown.
+- **CrashDumpEnabled** Are crash dumps enabled?
+- **CumulativeCrashCount** Cumulative count of operating system crashes since the BootId reset.
+- **CurrentBootId** BootId at the time the abnormal shutdown event was being reported.
+- **Firmwaredata->ResetReasonEmbeddedController** The reset reason that was supplied by the firmware.
+- **Firmwaredata->ResetReasonEmbeddedControllerAdditional** Additional data related to reset reason provided by the firmware.
+- **Firmwaredata->ResetReasonPch** The reset reason that was supplied by the hardware.
+- **Firmwaredata->ResetReasonPchAdditional** Additional data related to the reset reason supplied by the hardware.
+- **Firmwaredata->ResetReasonSupplied** Indicates whether the firmware supplied any reset reason or not.
+- **FirmwareType** ID of the FirmwareType as enumerated in DimFirmwareType.
+- **HardwareWatchdogTimerGeneratedLastReset** Indicates whether the hardware watchdog timer caused the last reset.
+- **HardwareWatchdogTimerPresent** Indicates whether hardware watchdog timer was present or not.
+- **InvalidBootStat** This is a sanity check flag that ensures the validity of the bootstat file.
+- **LastBugCheckBootId** bootId of the last captured crash.
+- **LastBugCheckCode** Code that indicates the type of error.
+- **LastBugCheckContextFlags** Additional crash dump settings.
+- **LastBugCheckOriginalDumpType** The type of crash dump the system intended to save.
+- **LastBugCheckOtherSettings** Other crash dump settings.
+- **LastBugCheckParameter1** The first parameter with additional info on the type of the error.
+- **LastBugCheckProgress** Progress towards writing out the last crash dump.
+- **LastBugCheckVersion** The version of the information struct written during the crash.
+- **LastSuccessfullyShutdownBootId** BootId of the last fully successful shutdown.
+- **LongPowerButtonPressDetected** Identifies if the user was pressing and holding power button.
+- **LongPowerButtonPressInstanceGuid** The Instance GUID for the user state of pressing and holding the power button.
+- **OOBEInProgress** Identifies if OOBE is running.
+- **OSSetupInProgress** Identifies if the operating system setup is running.
+- **PowerButtonCumulativePressCount** How many times has the power button been pressed?
+- **PowerButtonCumulativeReleaseCount** How many times has the power button been released?
+- **PowerButtonErrorCount** Indicates the number of times there was an error attempting to record power button metrics.
+- **PowerButtonLastPressBootId** BootId of the last time the power button was pressed.
+- **PowerButtonLastPressTime** Date and time of the last time the power button was pressed.
+- **PowerButtonLastReleaseBootId** BootId of the last time the power button was released.
+- **PowerButtonLastReleaseTime** Date and time of the last time the power button was released.
+- **PowerButtonPressCurrentCsPhase** Represents the phase of Connected Standby exit when the power button was pressed.
+- **PowerButtonPressIsShutdownInProgress** Indicates whether a system shutdown was in progress at the last time the power button was pressed.
+- **PowerButtonPressLastPowerWatchdogStage** Progress while the monitor is being turned on.
+- **PowerButtonPressPowerWatchdogArmed** Indicates whether or not the watchdog for the monitor was active at the time of the last power button press.
+- **ShutdownDeviceType** Identifies who triggered a shutdown. Is it because of battery, thermal zones, or through a Kernel API.
+- **SleepCheckpoint** Provides the last checkpoint when there is a failure during a sleep transition.
+- **SleepCheckpointSource** Indicates whether the source is the EFI variable or bootstat file.
+- **SleepCheckpointStatus** Indicates whether the checkpoint information is valid.
+- **StaleBootStatData** Identifies if the data from bootstat is stale.
+- **TransitionInfoBootId** BootId of the captured transition info.
+- **TransitionInfoCSCount** l number of times the system transitioned from Connected Standby mode.
+- **TransitionInfoCSEntryReason** Indicates the reason the device last entered Connected Standby mode.
+- **TransitionInfoCSExitReason** Indicates the reason the device last exited Connected Standby mode.
+- **TransitionInfoCSInProgress** At the time the last marker was saved, the system was in or entering Connected Standby mode.
+- **TransitionInfoLastReferenceTimeChecksum** The checksum of TransitionInfoLastReferenceTimestamp,
+- **TransitionInfoLastReferenceTimestamp** The date and time that the marker was last saved.
+- **TransitionInfoLidState** Describes the state of the laptop lid.
+- **TransitionInfoPowerButtonTimestamp** The date and time of the last time the power button was pressed.
+- **TransitionInfoSleepInProgress** At the time the last marker was saved, the system was in or entering sleep mode.
+- **TransitionInfoSleepTranstionsToOn** Total number of times the device transitioned from sleep mode.
+- **TransitionInfoSystemRunning** At the time the last marker was saved, the device was running.
+- **TransitionInfoSystemShutdownInProgress** Indicates whether a device shutdown was in progress when the power button was pressed.
+- **TransitionInfoUserShutdownInProgress** Indicates whether a user shutdown was in progress when the power button was pressed.
+- **TransitionLatestCheckpointId** Represents a unique identifier for a checkpoint during the device state transition.
+- **TransitionLatestCheckpointSeqNumber** Represents the chronological sequence number of the checkpoint.
+- **TransitionLatestCheckpointType** Represents the type of the checkpoint, which can be the start of a phase, end of a phase, or just informational.
+- **VirtualMachineId** If the operating system is on a virtual Machine, it gives the virtual Machine ID (GUID) that can be used to correlate events on the host.
+
+
+### TelClientSynthetic.AuthorizationInfo_RuntimeTransition
+
+This event is fired by UTC at state transitions to signal what data we are allowed to collect. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
+
+The following fields are available:
+
+- **CanAddMsaToMsTelemetry** True if we can add MSA PUID and CID to telemetry, false otherwise.
+- **CanCollectAnyTelemetry** True if we are allowed to collect partner telemetry, false otherwise.
+- **CanCollectClearUserIds** True if we are allowed to collect clear user IDs, false if we can only collect omitted IDs.
+- **CanCollectCoreTelemetry** True if we can collect CORE/Basic telemetry, false otherwise.
+- **CanCollectHeartbeats** True if we can collect heartbeat telemetry, false otherwise.
+- **CanCollectOsTelemetry** True if we can collect diagnostic data telemetry, false otherwise.
+- **CanCollectWindowsAnalyticsEvents** True if we can collect Windows Analytics data, false otherwise.
+- **CanIncludeDeviceNameInDiagnosticData** True if we are allowed to add the device name to diagnostic data, false otherwise.
+- **CanPerformDiagnosticEscalations** True if we can perform diagnostic escalation collection, false otherwise.
+- **CanPerformSiufEscalations** True if we can perform SIUF escalation collection, false otherwise.
+- **CanReportScenarios** True if we can report scenario completions, false otherwise.
+- **CanReportUifEscalations** True if we can report UIF escalation, false otherwise.
+- **CanUseAuthenticatedProxy** True if we can use authenticated proxy, false otherwise.
+- **IsProcessorMode** True if it is Processor Mode, false otherwise.
+- **PreviousPermissions** Bitmask of previous telemetry state.
+- **TransitionFromEverythingOff** True if we are transitioning from all telemetry being disabled, false otherwise.
+
+
+### TelClientSynthetic.AuthorizationInfo_Startup
+
+This event is fired by UTC at startup to signal what data we are allowed to collect. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
+
+The following fields are available:
+
+- **CanAddMsaToMsTelemetry** True if we can add MSA PUID and CID to telemetry, false otherwise.
+- **CanCollectAnyTelemetry** True if we are allowed to collect partner telemetry, false otherwise.
+- **CanCollectClearUserIds** True if we are allowed to collect clear user IDs, false if we can only collect omitted IDs.
+- **CanCollectCoreTelemetry** True if we can collect CORE/Basic telemetry, false otherwise.
+- **CanCollectHeartbeats** True if we can collect heartbeat telemetry, false otherwise.
+- **CanCollectOsTelemetry** True if we can collect diagnostic data telemetry, false otherwise.
+- **CanCollectWindowsAnalyticsEvents** True if we can collect Windows Analytics data, false otherwise.
+- **CanIncludeDeviceNameInDiagnosticData** True if we are allowed to add the device name to diagnostic data, false otherwise.
+- **CanPerformDiagnosticEscalations** True if we can perform diagnostic escalation collection, false otherwise.
+- **CanPerformSiufEscalations** True if we can perform System Initiated User Feedback escalation collection, false otherwise.
+- **CanReportScenarios** True if we can report scenario completions, false otherwise.
+- **CanReportUifEscalations** True if we can perform User Initiated Feedback escalation collection, false otherwise.
+- **CanUseAuthenticatedProxy** True if we can use an authenticated proxy to send data, false otherwise.
+- **IsProcessorMode** True if it is Processor Mode, false otherwise.
+- **PreviousPermissions** Bitmask of previous telemetry state.
+- **TransitionFromEverythingOff** True if we are transitioning from all telemetry being disabled, false otherwise.
+
+
+### TelClientSynthetic.ConnectivityHeartBeat_0
+
+This event sends data about the connectivity status of the Connected User Experience and Telemetry component that uploads telemetry events. If an unrestricted free network (such as Wi-Fi) is available, this event updates the last successful upload time. Otherwise, it checks whether a Connectivity Heartbeat event was fired in the past 24 hours, and if not, it sends an event. A Connectivity Heartbeat event is also sent when a device recovers from costed network to free network.
+
+The following fields are available:
+
+- **CensusExitCode** Returns last execution codes from census client run.
+- **CensusStartTime** Returns timestamp corresponding to last successful census run.
+- **CensusTaskEnabled** Returns Boolean value for the census task (Enable/Disable) on client machine.
+- **LastConnectivityLossTime** The FILETIME at which the last free network loss occurred.
+- **NetworkState** Retrieves the network state: 0 = No network. 1 = Restricted network. 2 = Free network.
+- **NoNetworkTime** Retrieves the time spent with no network (since the last time) in seconds.
+- **RestrictedNetworkTime** The total number of seconds with restricted network during this heartbeat period.
+
+
+### TelClientSynthetic.HeartBeat_5
+
+This event sends data about the health and quality of the diagnostic data from the given device, to help keep Windows up to date. It also enables data analysts to determine how 'trusted' the data is from a given device.
+
+The following fields are available:
+
+- **AgentConnectionErrorsCount** Number of non-timeout errors associated with the host/agent channel.
+- **CensusExitCode** The last exit code of the Census task.
+- **CensusStartTime** Time of last Census run.
+- **CensusTaskEnabled** True if Census is enabled, false otherwise.
+- **CompressedBytesUploaded** Number of compressed bytes uploaded.
+- **ConsumerDroppedCount** Number of events dropped at consumer layer of telemetry client.
+- **CriticalDataDbDroppedCount** Number of critical data sampled events dropped at the database layer.
+- **CriticalDataThrottleDroppedCount** The number of critical data sampled events that were dropped because of throttling.
+- **CriticalOverflowEntersCounter** Number of times critical overflow mode was entered in event DB.
+- **DbCriticalDroppedCount** Total number of dropped critical events in event DB.
+- **DbDroppedCount** Number of events dropped due to DB fullness.
+- **DbDroppedFailureCount** Number of events dropped due to DB failures.
+- **DbDroppedFullCount** Number of events dropped due to DB fullness.
+- **DecodingDroppedCount** Number of events dropped due to decoding failures.
+- **EnteringCriticalOverflowDroppedCounter** Number of events dropped due to critical overflow mode being initiated.
+- **EtwDroppedBufferCount** Number of buffers dropped in the UTC ETW session.
+- **EtwDroppedCount** Number of events dropped at ETW layer of telemetry client.
+- **EventsPersistedCount** Number of events that reached the PersistEvent stage.
+- **EventStoreLifetimeResetCounter** Number of times event DB was reset for the lifetime of UTC.
+- **EventStoreResetCounter** Number of times event DB was reset.
+- **EventStoreResetSizeSum** Total size of event DB across all resets reports in this instance.
+- **EventsUploaded** Number of events uploaded.
+- **Flags** Flags indicating device state such as network state, battery state, and opt-in state.
+- **FullTriggerBufferDroppedCount** Number of events dropped due to trigger buffer being full.
+- **HeartBeatSequenceNumber** The sequence number of this heartbeat.
+- **InvalidHttpCodeCount** Number of invalid HTTP codes received from contacting Vortex.
+- **LastAgentConnectionError** Last non-timeout error encountered in the host/agent channel.
+- **LastEventSizeOffender** Event name of last event which exceeded max event size.
+- **LastInvalidHttpCode** Last invalid HTTP code received from Vortex.
+- **MaxActiveAgentConnectionCount** The maximum number of active agents during this heartbeat timeframe.
+- **MaxInUseScenarioCounter** Soft maximum number of scenarios loaded by UTC.
+- **PreviousHeartBeatTime** Time of last heartbeat event (allows chaining of events).
+- **PrivacyBlockedCount** The number of events blocked due to privacy settings or tags.
+- **RepeatedUploadFailureDropped** Number of events lost due to repeated upload failures for a single buffer.
+- **SettingsHttpAttempts** Number of attempts to contact OneSettings service.
+- **SettingsHttpFailures** The number of failures from contacting the OneSettings service.
+- **ThrottledDroppedCount** Number of events dropped due to throttling of noisy providers.
+- **TopUploaderErrors** List of top errors received from the upload endpoint.
+- **UploaderDroppedCount** Number of events dropped at the uploader layer of telemetry client.
+- **UploaderErrorCount** Number of errors received from the upload endpoint.
+- **VortexFailuresTimeout** The number of timeout failures received from Vortex.
+- **VortexHttpAttempts** Number of attempts to contact Vortex.
+- **VortexHttpFailures4xx** Number of 400-499 error codes received from Vortex.
+- **VortexHttpFailures5xx** Number of 500-599 error codes received from Vortex.
+- **VortexHttpResponseFailures** Number of Vortex responses that are not 2XX or 400.
+- **VortexHttpResponsesWithDroppedEvents** Number of Vortex responses containing at least 1 dropped event.
+
+
+### TelClientSynthetic.PrivacyGuardReport
+
+Reports that the Connected User Experiences and Telemetry service encountered an event that may contain privacy data. The event contains information needed to identify and study the source event that triggered the report. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
+
+The following fields are available:
+
+- **EventEpoch** The epoch in which the source event that triggered the report was fired.
+- **EventName** The name of the source event that triggered the report.
+- **EventSeq** The sequence number of the source event that triggered the report.
+- **FieldName** The field of interest in the source event that triggered the report.
+- **IsAllowedToSend** True if the field of interest was sent unmodified in the source event that triggered the report, false if the field of interest was anonymized.
+- **IsDebug** True if the event was logged in a debug build of Windows.
+- **TelemetryApi** The application programming interface used to log the source event that triggered the report. Current values for this field can be "etw" or "rpc".
+- **TypeAsText** The type of issue detected in the source event that triggered the report. Current values for this field can be "UserName" or "DeviceName".
+
+
+## DISM events
+
+### Microsoft.Windows.StartRepairCore.DISMLatestInstalledLCU
+
+The DISM Latest Installed LCU sends information to report result of search for latest installed LCU after last successful boot. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
+
+The following fields are available:
+
+- **dismInstalledLCUPackageName** The name of the latest installed package.
+
+
+### Microsoft.Windows.StartRepairCore.DISMPendingInstall
+
+The DISM Pending Install event sends information to report pending package installation found. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
+
+The following fields are available:
+
+- **dismPendingInstallPackageName** The name of the pending package.
+
+
+### Microsoft.Windows.StartRepairCore.DISMRevertPendingActions
+
+The DISM Pending Install event sends information to report pending package installation found. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
+
+The following fields are available:
+
+- **errorCode** The result code returned by the event.
+
+
+### Microsoft.Windows.StartRepairCore.DISMUninstallLCU
+
+The DISM Uninstall LCU sends information to report result of uninstall attempt for found LCU. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
+
+The following fields are available:
+
+- **errorCode** The result code returned by the event.
+
+
+### Microsoft.Windows.StartRepairCore.SRTRepairActionEnd
+
+The SRT Repair Action End event sends information to report repair operation ended for given plug-in. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
+
+The following fields are available:
+
+- **errorCode** The result code returned by the event.
+- **failedUninstallCount** The number of driver updates that failed to uninstall.
+- **failedUninstallFlightIds** The Flight IDs (identifiers of beta releases) of driver updates that failed to uninstall.
+- **foundDriverUpdateCount** The number of found driver updates.
+- **srtRepairAction** The scenario name for a repair.
+- **successfulUninstallCount** The number of successfully uninstalled driver updates.
+- **successfulUninstallFlightIds** The Flight IDs (identifiers of beta releases) of successfully uninstalled driver updates.
+
+
+### Microsoft.Windows.StartRepairCore.SRTRepairActionStart
+
+The SRT Repair Action Start event sends information to report repair operation started for given plug-in. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
+
+The following fields are available:
+
+- **srtRepairAction** The scenario name for a repair.
+
+
+### Microsoft.Windows.StartRepairCore.SRTRootCauseDiagEnd
+
+The SRT Root Cause Diagnosis End event sends information to report diagnosis operation completed for given plug-in. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
+
+The following fields are available:
+
+- **errorCode** The result code returned by the event.
+- **flightIds** The Flight IDs (identifier of the beta release) of found driver updates.
+- **foundDriverUpdateCount** The number of found driver updates.
+- **srtRootCauseDiag** The scenario name for a diagnosis event.
+
+
+### Microsoft.Windows.StartRepairCore.SRTRootCauseDiagStart
+
+The SRT Root Cause Diagnosis Start event sends information to report diagnosis operation started for given plug-in. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
+
+The following fields are available:
+
+- **srtRootCauseDiag** The scenario name for a diagnosis event.
+
+
+## Driver installation events
+
+### Microsoft.Windows.DriverInstall.DeviceInstall
+
+This critical event sends information about the driver installation that took place. The data collected with this event is used to help keep Windows up to date and performing properly.
+
+The following fields are available:
+
+- **ClassGuid** The unique ID for the device class.
+- **ClassLowerFilters** The list of lower filter class drivers.
+- **ClassUpperFilters** The list of upper filter class drivers.
+- **CoInstallers** The list of coinstallers.
+- **ConfigFlags** The device configuration flags.
+- **DeviceConfigured** Indicates whether this device was configured through the kernel configuration.
+- **DeviceInstalled** Indicates whether the legacy install code path was used.
+- **DeviceInstanceId** The unique identifier of the device in the system.
+- **DeviceStack** The device stack of the driver being installed.
+- **DriverDate** The date of the driver.
+- **DriverDescription** A description of the driver function.
+- **DriverInfName** Name of the INF file (the setup information file) for the driver.
+- **DriverInfSectionName** Name of the DDInstall section within the driver INF file.
+- **DriverPackageId** The ID of the driver package that is staged to the driver store.
+- **DriverProvider** The driver manufacturer or provider.
+- **DriverUpdated** Indicates whether the driver is replacing an old driver.
+- **DriverVersion** The version of the driver file.
+- **EndTime** The time the installation completed.
+- **Error** Provides the WIN32 error code for the installation.
+- **ExtensionDrivers** List of extension drivers that complement this installation.
+- **FinishInstallAction** Indicates whether the co-installer invoked the finish-install action.
+- **FinishInstallUI** Indicates whether the installation process shows the user interface.
+- **FirmwareDate** The firmware date that will be stored in the EFI System Resource Table (ESRT).
+- **FirmwareRevision** The firmware revision that will be stored in the EFI System Resource Table (ESRT).
+- **FirmwareVersion** The firmware version that will be stored in the EFI System Resource Table (ESRT).
+- **FirstHardwareId** The ID in the hardware ID list that provides the most specific device description.
+- **FlightIds** A list of the different Windows Insider builds on the device.
+- **GenericDriver** Indicates whether the driver is a generic driver.
+- **Inbox** Indicates whether the driver package is included with Windows.
+- **InstallDate** The date the driver was installed.
+- **LastCompatibleId** The ID in the hardware ID list that provides the least specific device description.
+- **LastInstallFunction** The last install function invoked in a co-installer if the install timeout was reached while a co-installer was executing.
+- **LegacyInstallReasonError** The error code for the legacy installation.
+- **LowerFilters** The list of lower filter drivers.
+- **MatchingDeviceId** The hardware ID or compatible ID that Windows used to install the device instance.
+- **NeedReboot** Indicates whether the driver requires a reboot.
+- **OriginalDriverInfName** The original name of the INF file before it was renamed.
+- **ParentDeviceInstanceId** The device instance ID of the parent of the device.
+- **PendedUntilReboot** Indicates whether the installation is pending until the device is rebooted.
+- **Problem** Error code returned by the device after installation.
+- **ProblemStatus** The status of the device after the driver installation.
+- **RebootRequiredReason** DWORD (Double Word—32-bit unsigned integer) containing the reason why the device required a reboot during install.
+- **SecondaryDevice** Indicates whether the device is a secondary device.
+- **ServiceName** The service name of the driver.
+- **SessionGuid** GUID (Globally Unique IDentifier) for the update session.
+- **SetupMode** Indicates whether the driver installation took place before the Out Of Box Experience (OOBE) was completed.
+- **StartTime** The time when the installation started.
+- **SubmissionId** The driver submission identifier assigned by the Windows Hardware Development Center.
+- **UpperFilters** The list of upper filter drivers.
+
+
+### Microsoft.Windows.DriverInstall.NewDevInstallDeviceEnd
+
+This event sends data about the driver installation once it is completed. The data collected with this event is used to help keep Windows up to date and performing properly.
+
+The following fields are available:
+
+- **DeviceInstanceId** The unique identifier of the device in the system.
+- **DriverUpdated** Indicates whether the driver was updated.
+- **Error** The Win32 error code of the installation.
+- **FlightId** The ID of the Windows Insider build the device received.
+- **InstallDate** The date the driver was installed.
+- **InstallFlags** The driver installation flags.
+- **OptionalData** Metadata specific to WU (Windows Update) associated with the driver (flight IDs, recovery IDs, etc.)
+- **RebootRequired** Indicates whether a reboot is required after the installation.
+- **RollbackPossible** Indicates whether this driver can be rolled back.
+
+
+### Microsoft.Windows.DriverInstall.NewDevInstallDeviceStart
+
+This event sends data about the driver that the new driver installation is replacing. The data collected with this event is used to help keep Windows up to date and performing properly.
+
+The following fields are available:
+
+- **DeviceInstanceId** The unique identifier of the device in the system.
+- **FirstInstallDate** The first time a driver was installed on this device.
+- **InstallFlags** Flag indicating how driver setup was called.
+- **LastDriverDate** Date of the driver that is being replaced.
+- **LastDriverInbox** Indicates whether the previous driver was included with Windows.
+- **LastDriverInfName** Name of the INF file (the setup information file) of the driver being replaced.
+- **LastDriverPackageId** ID of the driver package installed on the device before the current install operation began. ID contains the name + architecture + hash.
+- **LastDriverVersion** The version of the driver that is being replaced.
+- **LastFirmwareDate** The date of the last firmware reported from the EFI System Resource Table (ESRT).
+- **LastFirmwareRevision** The last firmware revision number reported from EFI System Resource Table (ESRT).
+- **LastFirmwareVersion** The last firmware version reported from the EFI System Resource Table (ESRT).
+- **LastInstallDate** The date a driver was last installed on this device.
+- **LastMatchingDeviceId** The hardware ID or compatible ID that Windows last used to install the device instance.
+- **LastProblem** The previous problem code that was set on the device.
+- **LastProblemStatus** The previous problem code that was set on the device.
+- **LastSubmissionId** The driver submission identifier of the driver that is being replaced.
+
+
+## DxgKernelTelemetry events
+
+### DxgKrnlTelemetry.GPUAdapterInventoryV2
+
+This event sends basic GPU and display driver information to keep Windows and display drivers up-to-date.
+
+The following fields are available:
+
+- **AdapterTypeValue** The numeric value indicating the type of Graphics adapter.
+- **aiSeqId** The event sequence ID.
+- **bootId** The system boot ID.
+- **BrightnessVersionViaDDI** The version of the Display Brightness Interface.
+- **ComputePreemptionLevel** The maximum preemption level supported by GPU for compute payload.
+- **DDIInterfaceVersion** The device driver interface version.
+- **DedicatedSystemMemoryB** The amount of system memory dedicated for GPU use (in bytes).
+- **DedicatedVideoMemoryB** The amount of dedicated VRAM of the GPU (in bytes).
+- **Display1UMDFilePath** The file path to the location of the Display User Mode Driver in the Driver Store.
+- **DisplayAdapterLuid** The display adapter LUID.
+- **DriverDate** The date of the display driver.
+- **DriverRank** The rank of the display driver.
+- **DriverVersion** The display driver version.
+- **DriverWorkarounds** Numeric value indicating the driver workarounds that are enabled for this device.
+- **DX10UMDFilePath** The file path to the location of the DirectX 10 Display User Mode Driver in the Driver Store.
+- **DX11UMDFilePath** The file path to the location of the DirectX 11 Display User Mode Driver in the Driver Store.
+- **DX12UMDFilePath** The file path to the location of the DirectX 12 Display User Mode Driver in the Driver Store.
+- **DX9UMDFilePath** The file path to the location of the DirectX 9 Display User Mode Driver in the Driver Store.
+- **GPUDeviceID** The GPU device ID.
+- **GPUPreemptionLevel** The maximum preemption level supported by GPU for graphics payload.
+- **GPURevisionID** The GPU revision ID.
+- **GPUVendorID** The GPU vendor ID.
+- **HwFlipQueueSupportState** Numeric value indicating the adapter's support for hardware flip queues.
+- **HwSchSupportState** Numeric value indicating the adapter's support for hardware scheduling.
+- **IddPairedRenderAdapterLuid** Identifier for the render adapter paired with this display adapter.
+- **InterfaceFuncPointersProvided1** Number of device driver interface function pointers provided.
+- **InterfaceFuncPointersProvided2** Number of device driver interface function pointers provided.
+- **InterfaceFuncPointersProvided3** Number of device driver interface function pointers provided.
+- **InterfaceId** The GPU interface ID.
+- **IsDisplayDevice** Does the GPU have displaying capabilities?
+- **IsHwFlipQueueEnabled** Boolean value indicating whether hardware flip queues are enabled.
+- **IsHwSchEnabled** Boolean value indicating whether hardware scheduling is enabled.
+- **IsHybridDiscrete** Does the GPU have discrete GPU capabilities in a hybrid device?
+- **IsHybridIntegrated** Does the GPU have integrated GPU capabilities in a hybrid device?
+- **IsLDA** Is the GPU comprised of Linked Display Adapters?
+- **IsMiracastSupported** Does the GPU support Miracast?
+- **IsMismatchLDA** Is at least one device in the Linked Display Adapters chain from a different vendor?
+- **IsMPOSupported** Does the GPU support Multi-Plane Overlays?
+- **IsMsMiracastSupported** Are the GPU Miracast capabilities driven by a Microsoft solution?
+- **IsPostAdapter** Is this GPU the POST GPU in the device?
+- **IsRemovable** TRUE if the adapter supports being disabled or removed.
+- **IsRenderDevice** Does the GPU have rendering capabilities?
+- **IsSoftwareDevice** Is this a software implementation of the GPU?
+- **IsVirtualRefreshRateSupported** Boolean value indicating whether the adapter supports virtual refresh rates.
+- **KMDFilePath** The file path to the location of the Display Kernel Mode Driver in the Driver Store.
+- **MeasureEnabled** Is the device listening to MICROSOFT_KEYWORD_MEASURES?
+- **NumNonVidPnTargets** Number of display targets.
+- **NumVidPnSources** The number of supported display output sources.
+- **NumVidPnTargets** The number of supported display output targets.
+- **SharedSystemMemoryB** The amount of system memory shared by GPU and CPU (in bytes).
+- **SubSystemID** The subsystem ID.
+- **SubVendorID** The GPU sub vendor ID.
+- **TelemetryEnabled** Is the device listening to MICROSOFT_KEYWORD_TELEMETRY?
+- **TelInvEvntTrigger** What triggered this event to be logged? Example: 0 (GPU enumeration) or 1 (DxgKrnlTelemetry provider toggling)
+- **version** The event version.
+- **WDDMVersion** The Windows Display Driver Model version.
+
+
+## Fault Reporting events
+
+### Microsoft.Windows.FaultReporting.AppCrashEvent
+
+This event sends data about crashes for both native and managed applications, to help keep Windows up to date. The data includes information about the crashing process and a summary of its exception record. It does not contain any Watson bucketing information. The bucketing information is recorded in a Windows Error Reporting (WER) event that is generated when the WER client reports the crash to the Watson service, and the WER event will contain the same ReportID (see field 14 of crash event, field 19 of WER event) as the crash event for the crash being reported. AppCrash is emitted once for each crash handled by WER (e.g. from an unhandled exception or FailFast or ReportException). Note that Generic Watson event types (e.g. from PLM) that may be considered crashes\" by a user DO NOT emit this event.
+
+The following fields are available:
+
+- **AppName** The name of the app that has crashed.
+- **AppSessionGuid** GUID made up of process ID and is used as a correlation vector for process instances in the telemetry backend.
+- **AppTimeStamp** The date/time stamp of the app.
+- **AppVersion** The version of the app that has crashed.
+- **ExceptionCode** The exception code returned by the process that has crashed.
+- **ExceptionOffset** The address where the exception had occurred.
+- **Flags** Flags indicating how reporting is done. For example, queue the report, do not offer JIT debugging, or do not terminate the process after reporting.
+- **FriendlyAppName** The description of the app that has crashed, if different from the AppName. Otherwise, the process name.
+- **IsFatal** True/False to indicate whether the crash resulted in process termination.
+- **ModName** Exception module name (e.g. bar.dll).
+- **ModTimeStamp** The date/time stamp of the module.
+- **ModVersion** The version of the module that has crashed.
+- **PackageFullName** Store application identity.
+- **PackageRelativeAppId** Store application identity.
+- **ProcessArchitecture** Architecture of the crashing process, as one of the PROCESSOR_ARCHITECTURE_* constants: 0: PROCESSOR_ARCHITECTURE_INTEL. 5: PROCESSOR_ARCHITECTURE_ARM. 9: PROCESSOR_ARCHITECTURE_AMD64. 12: PROCESSOR_ARCHITECTURE_ARM64.
+- **ProcessCreateTime** The time of creation of the process that has crashed.
+- **ProcessId** The ID of the process that has crashed.
+- **ReportId** A GUID used to identify the report. This can used to track the report across Watson.
+- **TargetAppId** The kernel reported AppId of the application being reported.
+- **TargetAppVer** The specific version of the application being reported
+- **TargetAsId** The sequence number for the hanging process.
+
+
+## Feature quality events
+
+### Microsoft.Windows.FeatureQuality.Heartbeat
+
+This event indicates the feature status heartbeat. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
+
+The following fields are available:
+
+- **Features** Array of features.
+
+
+### Microsoft.Windows.FeatureQuality.StateChange
+
+This event indicates the change of feature state. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
+
+The following fields are available:
+
+- **flightId** Flight id.
+- **state** New state.
+
+
+### Microsoft.Windows.FeatureQuality.Status
+
+This event indicates the feature status. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
+
+The following fields are available:
+
+- **featureId** Feature id.
+- **flightId** Flight id.
+- **time** Time of status change.
+- **variantId** Variant id.
+
+
+## Feature update events
+
+### Microsoft.Windows.Upgrade.Uninstall.UninstallFailed
+
+This event sends diagnostic data about failures when uninstalling a feature update, to help resolve any issues preventing customers from reverting to a known state. The data collected with this event is used to help keep Windows up to date and performing properly.
+
+The following fields are available:
+
+- **failureReason** Provides data about the uninstall initialization operation failure.
+- **hr** Provides the Win32 error code for the operation failure.
+
+
+### Microsoft.Windows.Upgrade.Uninstall.UninstallFinalizedAndRebootTriggered
+
+This event indicates that the uninstall was properly configured and that a system reboot was initiated. The data collected with this event is used to help keep Windows up to date and performing properly.
+
+
+
+## Hang Reporting events
+
+### Microsoft.Windows.HangReporting.AppHangEvent
+
+This event sends data about hangs for both native and managed applications, to help keep Windows up to date. It does not contain any Watson bucketing information. The bucketing information is recorded in a Windows Error Reporting (WER) event that is generated when the WER client reports the hang to the Watson service, and the WER event will contain the same ReportID (see field 13 of hang event, field 19 of WER event) as the hang event for the hang being reported. AppHang is reported only on PC devices. It handles classic Win32 hangs and is emitted only once per report. Some behaviors that may be perceived by a user as a hang are reported by app managers (e.g. PLM/RM/EM) as Watson Generics and will not produce AppHang events.
+
+The following fields are available:
+
+- **AppName** The name of the app that has hung.
+- **AppSessionGuid** GUID made up of process id used as a correlation vector for process instances in the telemetry backend.
+- **AppVersion** The version of the app that has hung.
+- **IsFatal** True/False based on whether the hung application caused the creation of a Fatal Hang Report.
+- **PackageFullName** Store application identity.
+- **PackageRelativeAppId** Store application identity.
+- **ProcessArchitecture** Architecture of the hung process, as one of the PROCESSOR_ARCHITECTURE_* constants: 0: PROCESSOR_ARCHITECTURE_INTEL. 5: PROCESSOR_ARCHITECTURE_ARM. 9: PROCESSOR_ARCHITECTURE_AMD64. 12: PROCESSOR_ARCHITECTURE_ARM64.
+- **ProcessCreateTime** The time of creation of the process that has hung.
+- **ProcessId** The ID of the process that has hung.
+- **ReportId** A GUID used to identify the report. This can used to track the report across Watson.
+- **TargetAppId** The kernel reported AppId of the application being reported.
+- **TargetAppVer** The specific version of the application being reported.
+- **TargetAsId** The sequence number for the hanging process.
+- **TypeCode** Bitmap describing the hang type.
+- **WaitingOnAppName** If this is a cross process hang waiting for an application, this has the name of the application.
+- **WaitingOnAppVersion** If this is a cross process hang, this has the version of the application for which it is waiting.
+- **WaitingOnPackageFullName** If this is a cross process hang waiting for a package, this has the full name of the package for which it is waiting.
+- **WaitingOnPackageRelativeAppId** If this is a cross process hang waiting for a package, this has the relative application id of the package.
+
+
+## Holographic events
+
+### Microsoft.Windows.Analog.Spectrum.TelemetryHolographicDeviceAdded
+
+This event indicates Windows Mixed Reality device state. This event is also used to count WMR device. The data collected with this event is used to keep Windows performing properly.
+
+The following fields are available:
+
+- **ClassGuid** Windows Mixed Reality device class GUID.
+- **DeviceInterfaceId** Windows Mixed Reality device interface ID.
+- **DriverVersion** Windows Mixed Reality device driver version.
+- **FirmwareVersion** Windows Mixed Reality firmware version.
+- **Manufacturer** Windows Mixed Reality device manufacturer.
+- **ModelName** Windows Mixed Reality device model name.
+- **SerialNumber** Windows Mixed Reality device serial number.
+
+
+### Microsoft.Windows.Analog.Spectrum.TelemetryHolographicDeviceRemoved
+
+This event indicates Windows Mixed Reality device state. The data collected with this event is used to keep Windows and Windows Mixed Reality performing properly.
+
+The following fields are available:
+
+- **DeviceInterfaceId** Device Interface ID.
+
+
+### Microsoft.Windows.Holographic.Coordinator.HoloShellStateUpdated
+
+This event indicates Windows Mixed Reality HoloShell State. This event is also used to count WMR device. The data collected with this event is used to keep Windows performing properly.
+
+The following fields are available:
+
+- **HmdState** Windows Mixed Reality Headset HMD state.
+- **NewHoloShellState** Windows Mixed Reality HoloShell state.
+- **PriorHoloShellState** Windows Mixed Reality state prior to entering to HoloShell.
+- **SimulationEnabled** Windows Mixed Reality Simulation state.
+
+
+### Microsoft.Windows.Shell.HolographicFirstRun.AppActivated
+
+This event indicates Windows Mixed Reality Portal app activation state. This event also used to count WMR device. The data collected with this event is used to keep Windows performing properly.
+
+The following fields are available:
+
+- **IsDemoMode** Windows Mixed Reality Portal app state of demo mode.
+- **IsDeviceSetupComplete** Windows Mixed Reality Portal app state of device setup completion.
+- **PackageVersion** Windows Mixed Reality Portal app package version.
+- **PreviousExecutionState** Windows Mixed Reality Portal app prior execution state.
+- **wilActivity** Windows Mixed Reality Portal app wilActivity ID. See [wilActivity](#wilactivity).
+
+
+### Microsoft.Windows.Shell.HolographicFirstRun.AppLifecycleService_Resuming
+
+This event indicates Windows Mixed Reality Portal app resuming. This event is also used to count WMR device. The data collected with this event is used to keep Windows performing properly.
+
+
+
+### Microsoft.Windows.Shell.HolographicFirstRun.SomethingWentWrong
+
+This event is emitted when something went wrong error occurs. The data collected with this event is used to keep Windows and Windows Mixed Reality performing properly.
+
+The following fields are available:
+
+- **ErrorSource** Source of error, obsoleted always 0.
+- **StartupContext** Start up state.
+- **StatusCode** Error status code.
+- **SubstatusCode** Error sub status code.
+
+
+### TraceLoggingHoloLensSensorsProvider.OnDeviceAdd
+
+This event provides Windows Mixed Reality device state with new process that hosts the driver. The data collected with this event is used to keep Windows and Windows Mixed Reality performing properly.
+
+The following fields are available:
+
+- **Process** Process ID.
+- **Thread** Thread ID.
+
+
+### TraceLoggingOasisUsbHostApiProvider.DeviceInformation
+
+This event provides Windows Mixed Reality device information. This event is also used to count WMR device and device type. The data collected with this event is used to keep Windows performing properly.
+
+The following fields are available:
+
+- **BootloaderMajorVer** Windows Mixed Reality device boot loader major version.
+- **BootloaderMinorVer** Windows Mixed Reality device boot loader minor version.
+- **BootloaderRevisionNumber** Windows Mixed Reality device boot loader revision number.
+- **BTHFWMajorVer** Windows Mixed Reality device BTHFW major version. This event also used to count WMR device.
+- **BTHFWMinorVer** Windows Mixed Reality device BTHFW minor version. This event also used to count WMR device.
+- **BTHFWRevisionNumber** Windows Mixed Reality device BTHFW revision number.
+- **CalibrationBlobSize** Windows Mixed Reality device calibration blob size.
+- **CalibrationFwMajorVer** Windows Mixed Reality device calibration firmware major version.
+- **CalibrationFwMinorVer** Windows Mixed Reality device calibration firmware minor version.
+- **CalibrationFwRevNum** Windows Mixed Reality device calibration firmware revision number.
+- **DeviceInfoFlags** Windows Mixed Reality device info flags.
+- **DeviceName** Windows Mixed Reality device Name. This event is also used to count WMR device.
+- **DeviceReleaseNumber** Windows Mixed Reality device release number.
+- **FirmwareMajorVer** Windows Mixed Reality device firmware major version.
+- **FirmwareMinorVer** Windows Mixed Reality device firmware minor version.
+- **FirmwareRevisionNumber** Windows Mixed Reality device calibration firmware revision number.
+- **FpgaFwMajorVer** Windows Mixed Reality device FPGA firmware major version.
+- **FpgaFwMinorVer** Windows Mixed Reality device FPGA firmware minor version.
+- **FpgaFwRevisionNumber** Windows Mixed Reality device FPGA firmware revision number.
+- **FriendlyName** Windows Mixed Reality device friendly name.
+- **HashedSerialNumber** Windows Mixed Reality device hashed serial number.
+- **HeaderSize** Windows Mixed Reality device header size.
+- **HeaderVersion** Windows Mixed Reality device header version.
+- **LicenseKey** Windows Mixed Reality device header license key.
+- **Make** Windows Mixed Reality device make.
+- **ManufacturingDate** Windows Mixed Reality device manufacturing date.
+- **Model** Windows Mixed Reality device model.
+- **PresenceSensorHidVendorPage** Windows Mixed Reality device presence sensor HID vendor page.
+- **PresenceSensorHidVendorUsage** Windows Mixed Reality device presence sensor HID vendor usage.
+- **PresenceSensorUsbVid** Windows Mixed Reality device presence sensor USB VId.
+- **ProductBoardRevision** Windows Mixed Reality device product board revision number.
+- **SerialNumber** Windows Mixed Reality device serial number.
+
+
+## Inventory events
+
+### Microsoft.Windows.Inventory.Core.AmiTelCacheChecksum
+
+This event captures basic checksum data about the device inventory items stored in the cache for use in validating data completeness for Microsoft.Windows.Inventory.Core events. The fields in this event may change over time, but they will always represent a count of a given object. The data collected with this event is used to keep Windows performing properly.
+
+The following fields are available:
+
+- **DriverPackageExtended** A count of driverpackageextended objects in cache.
+- **InventoryApplication** A count of application objects in cache.
+- **InventoryApplicationDriver** A count of application driver objects in cache
+- **InventoryApplicationFramework** A count of application framework objects in cache
+- **InventoryDeviceContainer** A count of device container objects in cache.
+- **InventoryDeviceInterface** A count of Plug and Play device interface objects in cache.
+- **InventoryDeviceMediaClass** A count of device media objects in cache.
+- **InventoryDevicePnp** A count of device Plug and Play objects in cache.
+- **InventoryDeviceUsbHubClass** A count of device usb objects in cache
+- **InventoryDriverBinary** A count of driver binary objects in cache.
+- **InventoryDriverPackage** A count of device objects in cache.
+- **InventoryMiscellaneousOfficeAddIn** A count of office add-in objects in cache
+- **InventoryMiscellaneousOfficeIdentifiers** A count of office identifier objects in cache
+- **InventoryMiscellaneousOfficeIESettings** A count of office ie settings objects in cache
+- **InventoryMiscellaneousOfficeInsights** A count of office insights objects in cache
+- **InventoryMiscellaneousOfficeProducts** A count of office products objects in cache
+- **InventoryMiscellaneousOfficeSettings** A count of office settings objects in cache
+- **InventoryMiscellaneousOfficeVBA** A count of office vba objects in cache
+- **InventoryMiscellaneousOfficeVBARuleViolations** A count of office vba rule violations objects in cache
+- **InventoryVersion** The version of the inventory binary generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryAcpiPhatHealthRecordAdd
+
+This event sends basic metadata about ACPI PHAT Health Record structure on the machine. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AmHealthy** Indicates if the is device healthy. 0 - Errors found. 1 - No errors. 2 - Unknown. 3 - Advisory.
+- **DevicePathSubtype** The device path subtype associated with the record producer.
+- **DevicePathType** The device path type associated with the record producer.
+- **InventoryVersion** The version of the inventory binary generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryAcpiPhatHealthRecordStartSync
+
+This event indicates a new set of InventoryAcpiPhatHealthRecord events will be sent. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory binary generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryAcpiPhatVersionElementAdd
+
+This event sends basic metadata for ACPI PHAT Version Element structure. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory binary generating the events.
+- **ProducerId** The ACPI vendor ID.
+- **VersionValue** The 64 bit component version value.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryAcpiPhatVersionElementStartSync
+
+This event indicates that a new set of InventoryAcpiPhatVersionElement events will be sent. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory binary generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryApplicationAdd
+
+This event sends basic metadata about an application on the system. The data collected with this event is used to keep Windows performing properly and up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **HiddenArp** Indicates whether a program hides itself from showing up in ARP.
+- **InstallDate** The date the application was installed (a best guess based on folder creation date heuristics).
+- **InventoryVersion** The version of the inventory file generating the events.
+- **Language** The language code of the program.
+- **LattePackageId** The ID of the Latte package.
+- **MsiInstallDate** The install date recorded in the program's MSI package.
+- **MsiPackageCode** A GUID that describes the MSI Package. Multiple 'Products' (apps) can make up an MsiPackage.
+- **MsiProductCode** A GUID that describe the MSI Product.
+- **Name** The name of the application.
+- **OSVersionAtInstallTime** The four octets from the OS version at the time of the application's install.
+- **PackageFullName** The package full name for a Store application.
+- **ProgramInstanceId** A hash of the file IDs in an app.
+- **Publisher** The Publisher of the application. Location pulled from depends on the 'Source' field.
+- **RootDirPath** The path to the root directory where the program was installed.
+- **Source** How the program was installed (for example, ARP, MSI, Appx).
+- **StoreAppType** A sub-classification for the type of Microsoft Store app, such as UWP or Win8StoreApp.
+- **Type** One of ("Application", "Hotfix", "BOE", "Service", "Unknown"). Application indicates Win32 or Appx app, Hotfix indicates app updates (KBs), BOE indicates it's an app with no ARP or MSI entry, Service indicates that it is a service. Application and BOE are the ones most likely seen.
+- **Version** The version number of the program.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryApplicationFrameworkAdd
+
+This event provides the basic metadata about the frameworks an application may depend on. The data collected with this event is used to keep Windows performing properly.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **FileId** A hash that uniquely identifies a file.
+- **Frameworks** The list of frameworks this file depends on.
+- **InventoryVersion** The version of the inventory file generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryApplicationFrameworkStartSync
+
+This event indicates that a new set of InventoryApplicationFrameworkAdd events will be sent. The data collected with this event is used to keep Windows performing properly.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory file generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryApplicationRemove
+
+This event indicates that a new set of InventoryDevicePnpAdd events will be sent. The data collected with this event is used to keep Windows performing properly.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory file generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryApplicationStartSync
+
+This event indicates that a new set of InventoryApplicationAdd events will be sent. The data collected with this event is used to keep Windows performing properly.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory file generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDeviceContainerAdd
+
+This event sends basic metadata about a device container (such as a monitor or printer as opposed to a Plug and Play device). The data collected with this event is used to help keep Windows up to date and to keep Windows performing properly.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **Categories** A comma separated list of functional categories in which the container belongs.
+- **DiscoveryMethod** The discovery method for the device container.
+- **FriendlyName** The name of the device container.
+- **InventoryVersion** The version of the inventory file generating the events.
+- **IsActive** Is the device connected, or has it been seen in the last 14 days?
+- **IsConnected** For a physically attached device, this value is the same as IsPresent. For wireless a device, this value represents a communication link.
+- **IsMachineContainer** Is the container the root device itself?
+- **IsNetworked** Is this a networked device?
+- **IsPaired** Does the device container require pairing?
+- **Manufacturer** The manufacturer name for the device container.
+- **ModelId** A unique model ID.
+- **ModelName** The model name.
+- **ModelNumber** The model number for the device container.
+- **PrimaryCategory** The primary category for the device container.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDeviceContainerRemove
+
+This event indicates that the InventoryDeviceContainer object is no longer present. The data collected with this event is used to keep Windows performing properly.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory file generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDeviceContainerStartSync
+
+This event indicates that a new set of InventoryDeviceContainerAdd events will be sent. The data collected with this event is used to keep Windows performing properly.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory file generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDeviceInterfaceAdd
+
+This event retrieves information about what sensor interfaces are available on the device. The data collected with this event is used to keep Windows performing properly.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **Accelerometer3D** Indicates if an Accelerator3D sensor is found.
+- **ActivityDetection** Indicates if an Activity Detection sensor is found.
+- **AmbientLight** Indicates if an Ambient Light sensor is found.
+- **Barometer** Indicates if a Barometer sensor is found.
+- **Custom** Indicates if a Custom sensor is found.
+- **EnergyMeter** Indicates if an Energy sensor is found.
+- **FloorElevation** Indicates if a Floor Elevation sensor is found.
+- **GeomagneticOrientation** Indicates if a Geo Magnetic Orientation sensor is found.
+- **GravityVector** Indicates if a Gravity Detector sensor is found.
+- **Gyrometer3D** Indicates if a Gyrometer3D sensor is found.
+- **Humidity** Indicates if a Humidity sensor is found.
+- **InventoryVersion** The version of the inventory file generating the events.
+- **LinearAccelerometer** Indicates if a Linear Accelerometer sensor is found.
+- **Magnetometer3D** Indicates if a Magnetometer3D sensor is found.
+- **Orientation** Indicates if an Orientation sensor is found.
+- **Pedometer** Indicates if a Pedometer sensor is found.
+- **Proximity** Indicates if a Proximity sensor is found.
+- **RelativeOrientation** Indicates if a Relative Orientation sensor is found.
+- **SimpleDeviceOrientation** Indicates if a Simple Device Orientation sensor is found.
+- **Temperature** Indicates if a Temperature sensor is found.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDeviceInterfaceStartSync
+
+This event indicates that a new set of InventoryDeviceInterfaceAdd events will be sent. The data collected with this event is used to keep Windows performing properly.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory file generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDeviceMediaClassAdd
+
+This event sends additional metadata about a Plug and Play device that is specific to a particular class of devices. The data collected with this event is used to help keep Windows up to date and performing properly while reducing overall size of data payload.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **Audio_CaptureDriver** The Audio device capture driver endpoint.
+- **Audio_RenderDriver** The Audio device render driver endpoint.
+- **InventoryVersion** The version of the inventory file generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDeviceMediaClassRemove
+
+This event indicates that the InventoryDeviceMediaClass object represented by the objectInstanceId is no longer present. This event is used to understand a PNP device that is specific to a particular class of devices. The data collected with this event is used to help keep Windows up to date and performing properly while reducing overall size of data payload.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory file generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDeviceMediaClassStartSync
+
+This event indicates that a new set of InventoryDeviceMediaClassSAdd events will be sent. The data collected with this event is used to keep Windows performing properly.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory file generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDevicePnpAdd
+
+This event sends basic metadata about a PNP device and its associated driver to help keep Windows up to date. This information is used to assess if the PNP device and driver will remain compatible when upgrading Windows.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **BusReportedDescription** The description of the device reported by the bux.
+- **Class** The device setup class of the driver loaded for the device.
+- **ClassGuid** The device class GUID from the driver package
+- **COMPID** The device setup class guid of the driver loaded for the device.
+- **ContainerId** The list of compat ids for the device.
+- **Description** System-supplied GUID that uniquely groups the functional devices associated with a single-function or multifunction device installed in the computer.
+- **DeviceInterfaceClasses** The device interfaces that this device implements.
+- **DeviceState** The device description.
+- **DriverId** DeviceState is a bitmask of the following: DEVICE_IS_CONNECTED 0x0001 (currently only for container). DEVICE_IS_NETWORK_DEVICE 0x0002 (currently only for container). DEVICE_IS_PAIRED 0x0004 (currently only for container). DEVICE_IS_ACTIVE 0x0008 (currently never set). DEVICE_IS_MACHINE 0x0010 (currently only for container). DEVICE_IS_PRESENT 0x0020 (currently always set). DEVICE_IS_HIDDEN 0x0040. DEVICE_IS_PRINTER 0x0080 (currently only for container). DEVICE_IS_WIRELESS 0x0100. DEVICE_IS_WIRELESS_FAT 0x0200. The most common values are therefore: 32 (0x20)= device is present. 96 (0x60)= device is present but hidden. 288 (0x120)= device is a wireless device that is present
+- **DriverName** A unique identifier for the driver installed.
+- **DriverPackageStrongName** The immediate parent directory name in the Directory field of InventoryDriverPackage
+- **DriverVerDate** Name of the .sys image file (or wudfrd.sys if using user mode driver framework).
+- **DriverVerVersion** The immediate parent directory name in the Directory field of InventoryDriverPackage.
+- **Enumerator** The date of the driver loaded for the device.
+- **ExtendedInfs** The extended INF file names.
+- **FirstInstallDate** The first time this device was installed on the machine.
+- **HWID** The version of the driver loaded for the device.
+- **Inf** The bus that enumerated the device.
+- **InstallDate** The date of the most recent installation of the device on the machine.
+- **InstallState** The device installation state. For a list of values, see [Device Install State](https://msdn.microsoft.com/library/windows/hardware/ff543130.aspx).
+- **InventoryVersion** List of hardware ids for the device.
+- **LowerClassFilters** Lower filter class drivers IDs installed for the device
+- **LowerFilters** The identifiers of the Lower filters installed for the device.
+- **Manufacturer** The manufacturer of the device.
+- **MatchingID** The Hardware ID or Compatible ID that Windows uses to install a device instance.
+- **Model** Identifies the model of the device.
+- **ParentId** The Device Instance ID of the parent of the device.
+- **ProblemCode** The error code currently returned by the device, if applicable.
+- **Provider** Identifies the device provider.
+- **Service** The name of the device service.
+- **STACKID** The list of hardware IDs for the stack.
+- **UpperClassFilters** The identifiers of the Upper Class filters installed for the device.
+- **UpperFilters** The identifiers of the Upper filters installed for the device.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDevicePnpRemove
+
+This event indicates that the InventoryDevicePnpRemove object is no longer present. The data collected with this event is used to keep Windows performing properly.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory file generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDevicePnpStartSync
+
+This event indicates that a new set of InventoryDevicePnpAdd events will be sent. The data collected with this event is used to keep Windows performing properly.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory file generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDeviceSensorAdd
+
+This event sends basic metadata about sensor devices on a machine. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory binary generating the events.
+- **Manufacturer** Sensor manufacturer.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDeviceSensorRemove
+
+This event is used to indicate a sensor has been removed from a machine. The data collected with this event is used to keep Windows performing properly.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory binary generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDeviceSensorStartSync
+
+This event indicates that a new set of InventoryDeviceSensor events will be sent. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory binary generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDeviceUsbHubClassAdd
+
+This event sends basic metadata about the USB hubs on the device. The data collected with this event is used to keep Windows performing properly.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory file generating the events.
+- **TotalUserConnectablePorts** Total number of connectable USB ports.
+- **TotalUserConnectableTypeCPorts** Total number of connectable USB Type C ports.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDeviceUsbHubClassStartSync
+
+This event indicates that a new set of InventoryDeviceUsbHubClassAdd events will be sent. The data collected with this event is used to keep Windows performing properly.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory file generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDriverBinaryAdd
+
+This event sends basic metadata about driver binaries running on the system. The data collected with this event is used to help keep Windows up to date and performing properly.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **DriverCheckSum** The checksum of the driver file.
+- **DriverCompany** The company name that developed the driver.
+- **DriverInBox** Is the driver included with the operating system?
+- **DriverIsKernelMode** Is it a kernel mode driver?
+- **DriverName** The file name of the driver.
+- **DriverPackageStrongName** The strong name of the driver package
+- **DriverSigned** The strong name of the driver package
+- **DriverTimeStamp** The low 32 bits of the time stamp of the driver file.
+- **DriverType** A bitfield of driver attributes: 1. define DRIVER_MAP_DRIVER_TYPE_PRINTER 0x0001. 2. define DRIVER_MAP_DRIVER_TYPE_KERNEL 0x0002. 3. define DRIVER_MAP_DRIVER_TYPE_USER 0x0004. 4. define DRIVER_MAP_DRIVER_IS_SIGNED 0x0008. 5. define DRIVER_MAP_DRIVER_IS_INBOX 0x0010. 6. define DRIVER_MAP_DRIVER_IS_WINQUAL 0x0040. 7. define DRIVER_MAP_DRIVER_IS_SELF_SIGNED 0x0020. 8. define DRIVER_MAP_DRIVER_IS_CI_SIGNED 0x0080. 9. define DRIVER_MAP_DRIVER_HAS_BOOT_SERVICE 0x0100. 10. define DRIVER_MAP_DRIVER_TYPE_I386 0x10000. 11. define DRIVER_MAP_DRIVER_TYPE_IA64 0x20000. 12. define DRIVER_MAP_DRIVER_TYPE_AMD64 0x40000. 13. define DRIVER_MAP_DRIVER_TYPE_ARM 0x100000. 14. define DRIVER_MAP_DRIVER_TYPE_THUMB 0x200000. 15. define DRIVER_MAP_DRIVER_TYPE_ARMNT 0x400000. 16. define DRIVER_MAP_DRIVER_IS_TIME_STAMPED 0x800000.
+- **DriverVersion** The version of the driver file.
+- **ImageSize** The size of the driver file.
+- **Inf** The name of the INF file.
+- **InventoryVersion** The version of the inventory file generating the events.
+- **Product** The product name that is included in the driver file.
+- **ProductVersion** The product version that is included in the driver file.
+- **Service** The name of the service that is installed for the device.
+- **WdfVersion** The Windows Driver Framework version.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDriverBinaryRemove
+
+This event indicates that the InventoryDriverBinary object is no longer present. The data collected with this event is used to keep Windows performing properly.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory file generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDriverBinaryStartSync
+
+This event indicates that a new set of InventoryDriverBinaryAdd events will be sent. The data collected with this event is used to keep Windows performing properly.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory file generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDriverPackageAdd
+
+This event sends basic metadata about drive packages installed on the system. The data collected with this event is used to help keep Windows up to date and performing properly.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **Class** The class name for the device driver.
+- **ClassGuid** The class GUID for the device driver.
+- **Date** The driver package date.
+- **Directory** The path to the driver package.
+- **DriverInBox** Is the driver included with the operating system?
+- **FlightIds** Driver Flight IDs.
+- **Inf** The INF name of the driver package.
+- **InventoryVersion** The version of the inventory file generating the events.
+- **Provider** The provider for the driver package.
+- **RecoveryIds** Driver recovery IDs.
+- **SubmissionId** The HLK submission ID for the driver package.
+- **Version** The version of the driver package.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDriverPackageRemove
+
+This event indicates that the InventoryDriverPackageRemove object is no longer present. The data collected with this event is used to keep Windows performing properly.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory file generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDriverPackageStartSync
+
+This event indicates that a new set of InventoryDriverPackageAdd events will be sent. The data collected with this event is used to keep Windows performing properly.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory file generating the events.
+
+
+### Microsoft.Windows.Inventory.General.AppHealthStaticAdd
+
+This event sends details collected for a specific application on the source device. The data collected with this event is used to keep Windows performing properly.
+
+
+
+### Microsoft.Windows.Inventory.General.AppHealthStaticStartSync
+
+This event indicates the beginning of a series of AppHealthStaticAdd events. The data collected with this event is used to keep Windows performing properly.
+
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousMemorySlotArrayInfoAdd
+
+This event provides basic information about active memory slots on the device.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **Capacity** Memory size in bytes
+- **Manufacturer** Name of the DRAM manufacturer
+- **Model** Model and sub-model of the memory
+- **Slot** Slot to which the DRAM is plugged into the motherboard.
+- **Speed** The configured memory slot speed in MHz.
+- **Type** Reports DDR as an enumeration value as per the DMTF SMBIOS standard version 3.3.0, section 7.18.2.
+- **TypeDetails** Reports Non-volatile as a bit flag enumeration per DMTF SMBIOS standard version 3.3.0, section 7.18.3.
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousMemorySlotArrayInfoRemove
+
+This event indicates that this particular data object represented by the objectInstanceId is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousMemorySlotArrayInfoStartSync
+
+This diagnostic event indicates a new sync is being generated for this object type.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeAddInAdd
+
+This event provides data on the installed Office add-ins. The data collected with this event is used to keep Windows performing properly.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AddinCLSID** The class identifier key for the Microsoft Office add-in.
+- **AddInId** The identifier for the Microsoft Office add-in.
+- **AddinType** The type of the Microsoft Office add-in.
+- **BinFileTimestamp** The timestamp of the Office add-in.
+- **BinFileVersion** The version of the Microsoft Office add-in.
+- **Description** Description of the Microsoft Office add-in.
+- **FileId** The file identifier of the Microsoft Office add-in.
+- **FileSize** The file size of the Microsoft Office add-in.
+- **FriendlyName** The friendly name for the Microsoft Office add-in.
+- **FullPath** The full path to the Microsoft Office add-in.
+- **InventoryVersion** The version of the inventory binary generating the events.
+- **LoadBehavior** Integer that describes the load behavior.
+- **OfficeApplication** The Microsoft Office application associated with the add-in.
+- **OfficeArchitecture** The architecture of the add-in.
+- **OfficeVersion** The Microsoft Office version for this add-in.
+- **OutlookCrashingAddin** Indicates whether crashes have been found for this add-in.
+- **ProductCompany** The name of the company associated with the Office add-in.
+- **ProductName** The product name associated with the Microsoft Office add-in.
+- **ProductVersion** The version associated with the Office add-in.
+- **ProgramId** The unique program identifier of the Microsoft Office add-in.
+- **Provider** Name of the provider for this add-in.
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeAddInRemove
+
+This event indicates that the particular data object represented by the objectInstanceId is no longer present. The data collected with this event is used to keep Windows performing properly.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory binary generating the events.
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeAddInStartSync
+
+This event indicates that a new sync is being generated for this object type. The data collected with this event is used to keep Windows performing properly.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory binary generating the events.
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousUUPInfoAdd
+
+This event provides data on Unified Update Platform (UUP) products and what version they are at. The data collected with this event is used to keep Windows performing properly.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **Identifier** UUP identifier
+- **LastActivatedVersion** Last activated version
+- **PreviousVersion** Previous version
+- **Source** UUP source
+- **Version** UUP version
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousUUPInfoRemove
+
+This event indicates that this particular data object represented by the objectInstanceId is no longer present. The data collected with this event is used to keep Windows performing properly.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousUUPInfoStartSync
+
+This is a diagnostic event that indicates a new sync is being generated for this object type. The data collected with this event is used to keep Windows performing properly.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+
+
+### Microsoft.Windows.Inventory.Indicators.Checksum
+
+This event summarizes the counts for the InventoryMiscellaneousUexIndicatorAdd events. The data collected with this event is used to keep Windows performing properly.
+
+The following fields are available:
+
+- **ChecksumDictionary** A count of each operating system indicator.
+- **PCFP** Equivalent to the InventoryId field that is found in other core events.
+
+
+### Microsoft.Windows.Inventory.Indicators.InventoryMiscellaneousUexIndicatorAdd
+
+This event represents the basic metadata about the OS indicators installed on the system. The data collected with this event helps ensure the device is up to date and keeps Windows performing properly.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **IndicatorValue** The indicator value.
+
+
+### Microsoft.Windows.Inventory.Indicators.InventoryMiscellaneousUexIndicatorRemove
+
+This event indicates that this particular data object represented by the objectInstanceId is no longer present. This event is used to understand the OS indicators installed on the system. The data collected with this event helps ensure the device is current and Windows is up to date and performing properly.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+
+
+### Microsoft.Windows.Inventory.Indicators.InventoryMiscellaneousUexIndicatorStartSync
+
+This event indicates that this particular data object represented by the objectInstanceId is no longer present. This event is used to understand the OS indicators installed on the system. The data collected with this event helps ensure the device is current and Windows is up to date and performing properly.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+
+
+## Kernel events
+
+### Microsoft.Windows.Kernel.DeviceConfig.DeviceConfig
+
+This critical device configuration event provides information about drivers for a driver installation that took place within the kernel. The data collected with this event is used to help keep Windows up to date and performing properly.
+
+The following fields are available:
+
+- **ClassGuid** The unique ID for the device class.
+- **DeviceInstanceId** The unique ID for the device on the system.
+- **DriverDate** The date of the driver.
+- **DriverFlightIds** The IDs for the driver flights.
+- **DriverInfName** Driver INF file name.
+- **DriverProvider** The driver manufacturer or provider.
+- **DriverSubmissionId** The driver submission ID assigned by the hardware developer center.
+- **DriverVersion** The driver version number.
+- **ExtensionDrivers** The list of extension driver INF files, extension IDs, and associated flight IDs.
+- **FirstHardwareId** The ID in the hardware ID list that provides the most specific device description.
+- **InboxDriver** Indicates whether the driver package is included with Windows.
+- **InstallDate** Date the driver was installed.
+- **LastCompatibleId** The ID in the hardware ID list that provides the least specific device description.
+- **Legacy** Indicates whether the driver is a legacy driver.
+- **NeedReboot** Indicates whether the driver requires a reboot.
+- **RebootRequiredReason** Provides the reason why a reboot is required.
+- **SetupMode** Indicates whether the device configuration occurred during the Out Of Box Experience (OOBE).
+- **StatusCode** The NTSTATUS of device configuration operation.
+
+
+### Microsoft.Windows.Kernel.PnP.AggregateClearDevNodeProblem
+
+This event is sent when a problem code is cleared from a device. The data collected with this event is used to help keep Windows up to date and performing properly.
+
+The following fields are available:
+
+- **Count** The total number of events.
+- **DeviceInstanceId** The unique identifier of the device on the system.
+- **LastProblem** The previous problem that was cleared.
+- **LastProblemStatus** The previous NTSTATUS value that was cleared.
+- **ServiceName** The name of the driver or service attached to the device.
+
+
+### Microsoft.Windows.Kernel.PnP.AggregateSetDevNodeProblem
+
+This event is sent when a new problem code is assigned to a device. The data collected with this event is used to help keep Windows up to date and performing properly.
+
+The following fields are available:
+
+- **Count** The total number of events.
+- **DeviceInstanceId** The unique identifier of the device in the system.
+- **LastProblem** The previous problem code that was set on the device.
+- **LastProblemStatus** The previous NTSTATUS value that was set on the device.
+- **Problem** The new problem code that was set on the device.
+- **ProblemStatus** The new NTSTATUS value that was set on the device.
+- **ServiceName** The driver or service name that is attached to the device.
+
+
+### Microsoft.Windows.Kernel.Power.ExecutePowerAction
+
+This event supplies power state transition parameters. This information is used to monitor state transition requests and catch exceptions. The data collected with this event is used to keep Windows performing properly.
+
+The following fields are available:
+
+- **Disabled** Supplies whether the LocalAction or alternative action can be performed.
+- **LightestState** The lightest state to transmit to.
+- **LocalAction** The updated POWER_ACTION to perform.
+- **LocalActionEventCode** The updated bitmask of level of user notifications.
+- **LocalActionFlags** The updated bitmask of POWER_ACTION_*.
+- **PowerAction** The original POWER_ACTION that the requester intents to perform.
+- **PowerActionEventCode** The original bitmask of level of user notifcations, supplied by the requester.
+- **PowerActionFlags** The original bitmask of level of user notifcations, supplied by requester.
+- **RequesterName** Name of the process raises the request.
+- **RequesterNameLength** Length of RequesterName.
+- **SubstitutionPolicy** The policy to pick substituted states.
+- **TriggerFlags** Bitmask of PO_TRG_*.
+- **TriggerType** Type of the trigger from POWER_POLICY_DEVICE_TYPE.
+- **UserNotify** Bitmask of PO_NOTIFY_EVENT_*.
+
+
+### Microsoft.Windows.Kernel.Power.PreviousShutdownWasThermalShutdown
+
+This event sends Product and Service Performance data on which area of the device exceeded safe temperature limits and caused the device to shutdown. This information is used to ensure devices are behaving as they are expected to. The data collected with this event is used to keep Windows performing properly.
+
+The following fields are available:
+
+- **temperature** Contains the actual temperature measurement, in tenths of degrees Kelvin, for the area that exceeded the limit.
+- **thermalZone** Contains an identifier that specifies which area it was that exceeded temperature limits.
+
+
+## Manufacturing events
+
+### ManufacturingPlatformTel.ManufacturingPlatformActivityEvent
+
+These is the Activity event coming from the Manufacturing Platform. The data collected with this event is used to help keep Windows up to date and performing properly.
+
+The following fields are available:
+
+- **BootOptionDescription** This field describes the boot option that is retrieved using EFI protocols from the DUT side.
+- **BootOptionDevicePath** The device path for the boot option.
+- **ChunkSizeInBytes** Indicates the chunk size, in bytes, of an FFU image.
+- **CurrentDUTTime** Indicates the time on the DUT (or target device), using EFI protocols, when the event was logged.
+- **DeviceTargetInfo** Describes general manufacturing and product information about the device and is retrieved via SMBIOS on the DUT (target device).
+- **DUTActivityGuid** The activity guid, from TraceLoggingActivity, that is associated with that operation on the DUT (target device).
+- **DUTDeviceUniqueId** A GUID that uniquely identifies a target device.
+- **DUTSessionGuid** A GUID that uniquely identifies a section on the DUT (target device).
+- **EventName** Indicates the specific event from ManufacturingPlatform. A list of all possible events can be found in ufptelemetryevents.h. An example is: "GetFlashingImageData" or "GetFlashingStatus".
+- **FFUFilePath** Describes to the name of the FFU file that we are flashing.
+- **FFUHeaderSize** Refers to the size of the header in an FFU image.
+- **FFUPayloadSize** Refers to the payload size of an FFU image.
+- **FieldName** Provides a description of the value field. If relevant, it also includes the unit. Example: "ErrorMessage" or "TimeInSec".
+- **HeaderFileOffset** Indicates the header file offset in an FFU image.
+- **HostStartTime** Refers to the UTC system time on the host that is recorded when the host starts a telemetry logging session on the DUT (target device).
+- **Identifier** Identifies the phase in ManufacturingPlatform we are in. In FlashingPlatform, this field is empty. In FlashingDevice, it includes the DeviceUniqueId, and in an activity, it also includes the operation name.
+- **ImageDeviceTargetInfo** Describes the device target information that has been included in the FFU image. These values can be found in the image header.
+- **ImageHeaderData** Describes critical data in the image header of an FFU image.
+- **OperationName** The name of the operation the host is triggering a logging session on the DUT (target device) for.
+- **PayloadFileOffset** Indicates the header file offset in an FFU image.
+- **SectorSize** Indicates the sector size of the FFU image.
+- **StoreHeaderData** Describes critical data of important fields found in the store header of an FFU image.
+- **UFPImplementationVersionMajor** Implementation major version for the UFP binaries on the DUT (target device) side.
+- **UFPImplementationVersionMinor** Implementation minor version for the UFP binaries on the DUT (target device) side.
+- **UFPProtocolVersionMajor** Protocol major version for the UFP binaries on the DUT (target device) side.
+- **UFPProtocolVersionMinor** Protocol minor version for the UFP binaries on the DUT (target device) side.
+- **ValueStr** The value to be logged. Described by field name and relevant to the event name.
+- **ValueUInt64** The value to be logged. Described by field name and relevant to the event name.
+- **ValueWideStr** The value to log. Described by field name and relevant to the event name.
+
+
+### ManufacturingPlatformTel.ManufacturingPlatformActivityEventStart
+
+This is the Event Start Activity event coming from the Manufacturing Platform. The data collected with this event is used to help keep Windows up to date and performing properly.
+
+The following fields are available:
+
+- **DeviceTargetInfo** Describes general manufacturing and product information about the device and is retrieved using SMBIOS on the DUT (target device).
+- **m_Identifier** Indicates the phase in ManufacturingPlatform that we are in. In FlashingPlatform, this field is empty. In FlashingDevice, it includes the DeviceUniqueId, and in an activity, it also includes the operation name.
+
+
+### ManufacturingPlatformTel.ManufacturingPlatformActivityEventStop
+
+This is the Event Stop Activity event coming from the Manufacturing Platform. The data collected with this event is used to help keep Windows up to date and performing properly.
+
+The following fields are available:
+
+- **DeviceTargetInfo** Describes general manufacturing and product information about the device, retrieved using SMBIOS on the DUT (target device).
+- **m_Identifier** Indicates the phase in ManufacturingPlatform that we are in. In FlashingPlatform, this field is empty. In FlashingDevice, it includes the DeviceUniqueId, and in an activity, it also includes the operation name.
+
+
+### ManufacturingPlatformTel.ManufacturingPlatformEvent
+
+This is the manufacturing event coming from the Manufacturing Platform. The data collected with this event is used to help keep Windows up to date and performing properly.
+
+The following fields are available:
+
+- **CurrentDUTTime** Indicates the time on the DUT (or target device) using EFI protocols when the event was logged.
+- **DeviceFriendlyName** Friendly name of the device as retrieved from SMBIOS on the DUT (target device).
+- **DeviceTargetInfo** Describes general manufacturing and product information about the device and is retrieved using SMBIOS on the DUT (target device).
+- **DUTActivityGuid** The activity GUID that comes from TraceLoggingActivity associated with that operation on the DUT (target device).
+- **DUTDeviceUniqueId** A GUID to uniquely describes a target device.
+- **DUTSessionGuid** The session GUID given to the DUT (target device) when the host triggers an operation in the DUT.
+- **EventName** Refers to the specific event occurring from ManufacturingPlatform. A list of all possible events can be found in ufptelemetryevents.h. An example is: "GetFlashingImageData" or "GetFlashingStatus"
+- **FieldName** Describes the value field. If relevant it also includes the unit. Example: "ErrorMessage" or "TimeInSec"
+- **HostStartTime** Indicates the UTC system time on the host, recorded when the host starts a telemetry logging session on the DUT (target device)
+- **Identifier** Indicates the phase the ManufacturingPlatform is in. In FlashingPlatform, this field is empty. In FlashingDevice, it includes the DeviceUniqueId, and in an activity, it also includes the operation name.
+- **MajorVersionUInt64** Refers to the major version of the host UFP binaries.
+- **MinorVersionUInt64** Refers to the minor version of the host UFP binaries.
+- **OperationName** The name of the operation the host is triggering a logging session on the DUT (target device) for.
+- **ValueStr** The value to log. Described by field name and relevant to the event name.
+- **ValueUInt64** The value to log. Described by field name and relevant to the event name.
+- **ValueWideStr** The value to log. Described by field name and relevant to the event name.
+
+
+## Microsoft Edge events
+
+### Aria.160f0649efde47b7832f05ed000fc453.Microsoft.WebBrowser.SystemInfo.Config
+
+This config event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure.
+
+The following fields are available:
+
+- **app_sample_rate** A number representing how often the client sends telemetry, expressed as a percentage. Low values indicate that said client sends more events and high values indicate that said client sends fewer events.
+- **app_version** The internal Edge build version string, taken from the UMA metrics field system_profile.app_version.
+- **appConsentState** Bit flags describing consent for data collection on the machine or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000).
+- **brandCode** Contains the 4 character brand code or distribution tag that has been assigned to a partner. Not every Windows install will have a brand code.
+- **Channel** An integer indicating the channel of the installation (Canary or Dev).
+- **client_id** A unique identifier with which all other diagnostic client data is associated, taken from the UMA metrics provider. This ID is effectively unique per device, per OS user profile, per release channel (e.g. Canary/Dev/Beta/Stable). client_id is not durable, based on user preferences. client_id is initialized on the first application launch under each OS user profile. client_id is linkable, but not unique across devices or OS user profiles. client_id is reset whenever UMA data collection is disabled, or when the application is uninstalled.
+- **ConnectionType** The first reported type of network connection currently connected. This can be one of Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth.
+- **container_client_id** The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode.
+- **container_session_id** The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode.
+- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied.
+- **EventInfo.Level** The minimum Windows diagnostic data level required for the event, where 1 is basic, 2 is enhanced, and 3 is full.
+- **experimentation_mode** A number representing the value set for the ExperimentationAndConfigurationServiceControl group policy. See [Microsoft Edge - Policies](/DeployEdge/microsoft-edge-policies#experimentationandconfigurationservicecontrol) for more details on this policy.
+- **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour.
+- **installSource** An enumeration representing the source of this installation: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13).
+- **installSourceName** A string representation of the installation source.
+- **PayloadClass** The base class used to serialize and deserialize the Protobuf binary payload.
+- **PayloadGUID** A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission.
+- **PayloadLogType** The log type for the event correlating with 0 for unknown, 1 for stability, 2 for on-going, 3 for independent, 4 for UKM, or 5 for instance level.
+- **pop_sample** A value indicating how the device's data is being sampled.
+- **reactivationBrandCode** Contains the 4 character reactivation brand code or distribution tag that has been assigned to a partner. Not every Windows install will have a brand code.
+- **session_id** An identifier that is incremented each time the user launches the application, irrespective of any client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade.
+- **utc_flags** Event Tracing for Windows (ETW) flags required for the event as part of the data collection process.
+
+
+### Aria.29e24d069f27450385c7acaa2f07e277.Microsoft.WebBrowser.SystemInfo.Config
+
+This config event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure.
+
+The following fields are available:
+
+- **app_sample_rate** A number representing how often the client sends telemetry, expressed as a percentage. Low values indicate that said client sends more events and high values indicate that said client sends fewer events.
+- **app_version** The internal Edge build version string, taken from the UMA metrics field system_profile.app_version.
+- **appConsentState** Bit flags describing consent for data collection on the machine or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000).
+- **brandCode** Contains the 4 character brand code or distribution tag that has been assigned to a partner. Not every Windows install will have a brand code.
+- **Channel** An integer indicating the channel of the installation (Canary or Dev).
+- **client_id** A unique identifier with which all other diagnostic client data is associated, taken from the UMA metrics provider. This ID is effectively unique per device, per OS user profile, per release channel (e.g. Canary/Dev/Beta/Stable). client_id is not durable, based on user preferences. client_id is initialized on the first application launch under each OS user profile. client_id is linkable, but not unique across devices or OS user profiles. client_id is reset whenever UMA data collection is disabled, or when the application is uninstalled.
+- **ConnectionType** The first reported type of network connection currently connected. This can be one of Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth.
+- **container_client_id** The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode.
+- **container_session_id** The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode.
+- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied.
+- **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full.
+- **experimentation_mode** A number representing the value set for the ExperimentationAndConfigurationServiceControl group policy. See [Microsoft Edge - Policies](/DeployEdge/microsoft-edge-policies#experimentationandconfigurationservicecontrol) for more details on this policy.
+- **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour.
+- **installSource** An enumeration representing the source of this installation: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13).
+- **installSourceName** A string representation of the installation source.
+- **PayloadClass** The base class used to serialize and deserialize the Protobuf binary payload.
+- **PayloadGUID** A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission.
+- **PayloadLogType** The log type for the event correlating with 0 for unknown, 1 for stability, 2 for on-going, 3 for independent, 4 for UKM, or 5 for instance level.
+- **pop_sample** A value indicating how the device's data is being sampled.
+- **reactivationBrandCode** Contains the 4 character reactivation brand code or distribution tag that has been assigned to a partner. Not every Windows install will have a brand code.
+- **session_id** An identifier that is incremented each time the user launches the application, irrespective of any client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade.
+- **utc_flags** Event Tracing for Windows (ETW) flags required for the event as part of the data collection process.
+
+
+### Aria.7005b72804a64fa4b2138faab88f877b.Microsoft.WebBrowser.SystemInfo.Config
+
+This config event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure.
+
+The following fields are available:
+
+- **app_sample_rate** A number representing how often the client sends telemetry, expressed as a percentage. Low values indicate that said client sends more events and high values indicate that said client sends fewer events.
+- **app_version** The internal Edge build version string, taken from the UMA metrics field system_profile.app_version.
+- **appConsentState** Bit flags describing consent for data collection on the machine or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000).
+- **brandCode** Contains the 4 character brand code or distribution tag that has been assigned to a partner. Not every Windows install will have a brand code.
+- **Channel** An integer indicating the channel of the installation (Canary or Dev).
+- **client_id** A unique identifier with which all other diagnostic client data is associated, taken from the UMA metrics provider. This ID is effectively unique per device, per OS user profile, per release channel (e.g. Canary/Dev/Beta/Stable). client_id is not durable, based on user preferences. client_id is initialized on the first application launch under each OS user profile. client_id is linkable, but not unique across devices or OS user profiles. client_id is reset whenever UMA data collection is disabled, or when the application is uninstalled.
+- **ConnectionType** The first reported type of network connection currently connected. This can be one of Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth.
+- **container_client_id** The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode.
+- **container_session_id** The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode.
+- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied.
+- **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full.
+- **experimentation_mode** A number representing the value set for the ExperimentationAndConfigurationServiceControl group policy. See [Microsoft Edge - Policies](/DeployEdge/microsoft-edge-policies#experimentationandconfigurationservicecontrol) for more details on this policy.
+- **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour.
+- **installSource** An enumeration representing the source of this installation: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13).
+- **installSourceName** A string representation of the installation source.
+- **PayloadClass** The base class used to serialize and deserialize the Protobuf binary payload.
+- **PayloadGUID** A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission.
+- **PayloadLogType** The log type for the event correlating with 0 for unknown, 1 for stability, 2 for on-going, 3 for independent, 4 for UKM, or 5 for instance level.
+- **pop_sample** A value indicating how the device's data is being sampled.
+- **reactivationBrandCode** Contains the 4 character reactivation brand code or distribution tag that has been assigned to a partner. Not every Windows install will have a brand code.
+- **session_id** An identifier that is incremented each time the user launches the application, irrespective of any client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade.
+- **utc_flags** Event Tracing for Windows (ETW) flags required for the event as part of the data collection process.
+
+
+### Aria.754de735ccd546b28d0bfca8ac52c3de.Microsoft.WebBrowser.SystemInfo.Config
+
+This config event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure.
+
+The following fields are available:
+
+- **app_sample_rate** A number representing how often the client sends telemetry, expressed as a percentage. Low values indicate that said client sends more events and high values indicate that said client sends fewer events.
+- **app_version** The internal Edge build version string, taken from the UMA metrics field system_profile.app_version.
+- **appConsentState** Bit flags describing consent for data collection on the machine or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000).
+- **brandCode** Contains the 4 character brand code or distribution tag that has been assigned to a partner. Not every Windows install will have a brand code.
+- **Channel** An integer indicating the channel of the installation (Canary or Dev).
+- **client_id** A unique identifier with which all other diagnostic client data is associated, taken from the UMA metrics provider. This ID is effectively unique per device, per OS user profile, per release channel (e.g. Canary/Dev/Beta/Stable). client_id is not durable, based on user preferences. client_id is initialized on the first application launch under each OS user profile. client_id is linkable, but not unique across devices or OS user profiles. client_id is reset whenever UMA data collection is disabled, or when the application is uninstalled.
+- **ConnectionType** The first reported type of network connection currently connected. This can be one of Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth.
+- **container_client_id** The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode.
+- **container_session_id** The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode.
+- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied.
+- **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full.
+- **experimentation_mode** A number representing the value set for the ExperimentationAndConfigurationServiceControl group policy. See [Microsoft Edge - Policies](/DeployEdge/microsoft-edge-policies#experimentationandconfigurationservicecontrol) for more details on this policy.
+- **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour.
+- **installSource** An enumeration representing the source of this installation: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13).
+- **installSourceName** A string representation of the installation source.
+- **PayloadClass** The base class used to serialize and deserialize the Protobuf binary payload.
+- **PayloadGUID** A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission.
+- **PayloadLogType** The log type for the event correlating with 0 for unknown, 1 for stability, 2 for on-going, 3 for independent, 4 for UKM, or 5 for instance level.
+- **pop_sample** A value indicating how the device's data is being sampled.
+- **reactivationBrandCode** Contains the 4 character reactivation brand code or distribution tag that has been assigned to a partner. Not every Windows install will have a brand code.
+- **session_id** An identifier that is incremented each time the user launches the application, irrespective of any client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade.
+- **utc_flags** Event Tracing for Windows (ETW) flags required for the event as part of the data collection process.
+
+
+### Aria.af397ef28e484961ba48646a5d38cf54.Microsoft.WebBrowser.Installer.EdgeUpdate.Ping
+
+This Ping event sends a detailed inventory of software and hardware information about the EdgeUpdate service, Edge applications, and the current system environment including app configuration, update configuration, and hardware capabilities. This event contains Device Connectivity and Configuration, Product and Service Performance, and Software Setup and Inventory data. One or more events is sent each time any installation, update, or uninstallation occurs with the EdgeUpdate service or with Edge applications. This event is used to measure the reliability and performance of the EdgeUpdate service and if Edge applications are up to date. This is an indication that the event is designed to keep Windows secure and up to date.
+
+The following fields are available:
+
+- **appAp** Any additional parameters for the specified application. Default: ''.
+- **appAppId** The GUID that identifies the product. Compatible clients must transmit this attribute. Please see the wiki for additional information. Default: undefined.
+- **appBrandCode** The brand code under which the product was installed, if any. A brand code is a short (4-character) string used to identify installations that took place as a result of partner deals or website promotions. Default: ''.
+- **appChannel** An integer indicating the channel of the installation (i.e. Canary or Dev).
+- **appClientId** A generalized form of the brand code that can accept a wider range of values and is used for similar purposes. Default: ''.
+- **appCohort** A machine-readable string identifying the release cohort (channel) that the app belongs to. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''.
+- **appCohortHint** A machine-readable enum indicating that the client has a desire to switch to a different release cohort. The exact legal values are app-specific and should be shared between the server and app implementations. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''.
+- **appCohortName** A stable non-localized human-readable enum indicating which (if any) set of messages the app should display to the user. For example, an app with a cohort Name of 'beta' might display beta-specific branding to the user. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''.
+- **appConsentState** Bit flags describing the diagnostic data disclosure and response flow where 1 indicates the affirmative and 0 indicates the negative or unspecified data. Bit 1 indicates consent was given, bit 2 indicates data originated from the download page, bit 18 indicates choice for sending data about how the browser is used, and bit 19 indicates choice for sending data about websites visited.
+- **appDayOfInstall** The date-based counting equivalent of appInstallTimeDiffSec (the numeric calendar day that the app was installed on). This value is provided by the server in the response to the first request in the installation flow. The client MAY fuzz this value to the week granularity (e.g. send '0' for 0 through 6, '7' for 7 through 13, etc.). The first communication to the server should use a special value of '-1'. A value of '-2' indicates that this value is not known. Please see the wiki for additional information. Default: '-2'.
+- **appExperiments** A key/value list of experiment identifiers. Experiment labels are used to track membership in different experimental groups, and may be set at install or update time. The experiments string is formatted as a semicolon-delimited concatenation of experiment label strings. An experiment label string is an experiment Name, followed by the '=' character, followed by an experimental label value. For example: 'crdiff=got_bsdiff;optimized=O3'. The client should not transmit the expiration date of any experiments it has, even if the server previously specified a specific expiration date. Default: ''.
+- **appInstallTimeDiffSec** The difference between the current time and the install date in seconds. '0' if unknown. Default: '-1'.
+- **appLang** The language of the product install, in IETF BCP 47 representation. Default: ''.
+- **appNextVersion** The version of the app that the update flow to which this event belongs attempted to reach, regardless of the success or failure of the update operation. Please see the wiki for additional information. Default: '0.0.0.0'.
+- **appPingEventAppSize** The total number of bytes of all downloaded packages. Default: '0'.
+- **appPingEventDownloadMetricsCdnCCC** ISO 2 character country code that matches to the country updated binaries are delivered from. E.g.: US.
+- **appPingEventDownloadMetricsCdnCID** Numeric value used to internally track the origins of the updated binaries. For example, 2.
+- **appPingEventDownloadMetricsDownloadedBytes** For events representing a download, the number of bytes expected to be downloaded. For events representing an entire update flow, the sum of all such expected bytes over the course of the update flow. Default: '0'.
+- **appPingEventDownloadMetricsDownloader** A string identifying the download algorithm and/or stack. Example values include: 'bits', 'direct', 'winhttp', 'p2p'. Sent in events that have an event type of '14' only. Default: ''.
+- **appPingEventDownloadMetricsDownloadTimeMs** For events representing a download, the time elapsed between the start of the download and the end of the download, in milliseconds. For events representing an entire update flow, the sum of all such download times over the course of the update flow. Sent in events that have an event type of '1', '2', '3', and '14' only. Default: '0'.
+- **appPingEventDownloadMetricsError** The error code (if any) of the operation, encoded as a signed base-10 integer. Default: '0'.
+- **appPingEventDownloadMetricsServerIpHint** For events representing a download, the CDN Host IP address that corresponds to the update file server. The CDN host is controlled by Microsoft servers and always maps to IP addresses hosting *.delivery.mp.microsoft.com or msedgesetup.azureedge.net. Default: ''.
+- **appPingEventDownloadMetricsTotalBytes** For events representing a download, the number of bytes expected to be downloaded. For events representing an entire update flow, the sum of all such expected bytes over the course of the update flow. Default: '0'.
+- **appPingEventDownloadMetricsUrl** For events representing a download, the CDN URL provided by the update server for the client to download the update, the URL is controlled by Microsoft servers and always maps back to either *.delivery.mp.microsoft.com or msedgesetup.azureedge.net. Default: ''.
+- **appPingEventDownloadTimeMs** For events representing a download, the time elapsed between the start of the download and the end of the download, in milliseconds. For events representing an entire update flow, the sum of all such download times over the course of the update flow. Sent in events that have an event type of '1', '2', '3', and '14' only. Default: '0'.
+- **appPingEventErrorCode** The error code (if any) of the operation, encoded as a signed, base-10 integer. Default: '0'.
+- **appPingEventEventResult** An enum indicating the result of the event. Please see the wiki for additional information. Default: '0'.
+- **appPingEventEventType** An enum indicating the type of the event. Compatible clients MUST transmit this attribute. Please see the wiki for additional information.
+- **appPingEventExtraCode1** Additional numeric information about the operation's result, encoded as a signed, base-10 integer. Default: '0'.
+- **appPingEventInstallTimeMs** For events representing an install, the time elapsed between the start of the install and the end of the install, in milliseconds. For events representing an entire update flow, the sum of all such durations. Sent in events that have an event type of '2' and '3' only. Default: '0'.
+- **appPingEventNumBytesDownloaded** The number of bytes downloaded for the specified application. Default: '0'.
+- **appPingEventSequenceId** An id that uniquely identifies particular events within one requestId. Since a request can contain multiple ping events, this field is necessary to uniquely identify each possible event.
+- **appPingEventSourceUrlIndex** For events representing a download, the position of the download URL in the list of URLs supplied by the server in a "urls" tag.
+- **appPingEventUpdateCheckTimeMs** For events representing an entire update flow, the time elapsed between the start of the update check and the end of the update check, in milliseconds. Sent in events that have an event type of '2' and '3' only. Default: '0'.
+- **appUpdateCheckIsUpdateDisabled** The state of whether app updates are restricted by group policy. True if updates have been restricted by group policy or false if they have not.
+- **appUpdateCheckTargetVersionPrefix** A component-wise prefix of a version number, or a complete version number suffixed with the $ character. The server should not return an update instruction to a version number that does not match the prefix or complete version number. The prefix is interpreted a dotted-tuple that specifies the exactly-matching elements; it is not a lexical prefix (for example, '1.2.3' must match '1.2.3.4' but must not match '1.2.34'). Default: ''.
+- **appUpdateCheckTtToken** An opaque access token that can be used to identify the requesting client as a member of a trusted-tester group. If non-empty, the request should be sent over SSL or another secure protocol. Default: ''.
+- **appVersion** The version of the product install. Please see the wiki for additional information. Default: '0.0.0.0'.
+- **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full.
+- **eventType** A string indicating the type of the event. Please see the wiki for additional information.
+- **hwHasAvx** '1' if the client's hardware supports the AVX instruction set. '0' if the client's hardware does not support the AVX instruction set. '-1' if unknown. Default: '-1'.
+- **hwHasSse** '1' if the client's hardware supports the SSE instruction set. '0' if the client's hardware does not support the SSE instruction set. '-1' if unknown. Default: '-1'.
+- **hwHasSse2** '1' if the client's hardware supports the SSE2 instruction set. '0' if the client's hardware does not support the SSE2 instruction set. '-1' if unknown. Default: '-1'.
+- **hwHasSse3** '1' if the client's hardware supports the SSE3 instruction set. '0' if the client's hardware does not support the SSE3 instruction set. '-1' if unknown. Default: '-1'.
+- **hwHasSse41** '1' if the client's hardware supports the SSE4.1 instruction set. '0' if the client's hardware does not support the SSE4.1 instruction set. '-1' if unknown. Default: '-1'.
+- **hwHasSse42** '1' if the client's hardware supports the SSE4.2 instruction set. '0' if the client's hardware does not support the SSE4.2 instruction set. '-1' if unknown. Default: '-1'.
+- **hwHasSsse3** '1' if the client's hardware supports the SSSE3 instruction set. '0' if the client's hardware does not support the SSSE3 instruction set. '-1' if unknown. Default: '-1'.
+- **hwPhysmemory** The physical memory available to the client, truncated down to the nearest gibibyte. '-1' if unknown. This value is intended to reflect the maximum theoretical storage capacity of the client, not including any hard drive or paging to a hard drive or peripheral. Default: '-1'.
+- **isMsftDomainJoined** '1' if the client is a member of a Microsoft domain. '0' otherwise. Default: '0'.
+- **osArch** The architecture of the operating system (e.g. 'x86', 'x64', 'arm'). '' if unknown. Default: ''.
+- **osPlatform** The operating system family that the within which the Omaha client is running (e.g. 'win', 'mac', 'linux', 'ios', 'android'). '' if unknown. The operating system Name should be transmitted in lowercase with minimal formatting. Default: ''.
+- **osServicePack** The secondary version of the operating system. '' if unknown. Default: ''.
+- **osVersion** The primary version of the operating system. '' if unknown. Default: ''.
+- **requestCheckPeriodSec** The update interval in seconds. The value is read from the registry. Default: '-1'.
+- **requestDlpref** A comma-separated list of values specifying the preferred download URL behavior. The first value is the highest priority, further values reflect secondary, tertiary, et cetera priorities. Legal values are '' (in which case the entire list must be empty, indicating unknown or no-preference) or 'cacheable' (the server should prioritize sending URLs that are easily cacheable). Default: ''.
+- **requestDomainJoined** '1' if the machine is part of a managed enterprise domain. Otherwise '0'.
+- **requestInstallSource** A string specifying the cause of the update flow. For example: 'ondemand', or 'scheduledtask'. Default: ''.
+- **requestIsMachine** '1' if the client is known to be installed with system-level or administrator privileges. '0' otherwise. Default: '0'.
+- **requestOmahaShellVersion** The version of the Omaha installation folder. Default: ''.
+- **requestOmahaVersion** The version of the Omaha updater itself (the entity sending this request). Default: '0.0.0.0'.
+- **requestProtocolVersion** The version of the Omaha protocol. Compatible clients MUST provide a value of '3.0'. Compatible clients must always transmit this attribute. Default: undefined.
+- **requestRequestId** A randomly-generated (uniformly distributed) GUID, corresponding to the Omaha request. Each request attempt should have (with high probability) a unique request id. Default: ''.
+- **requestSessionCorrelationVectorBase** A client generated random MS Correlation Vector base code used to correlate the update session with update and CDN servers. Default: ''.
+- **requestSessionId** A randomly-generated (uniformly distributed) GUID. Each single update flow (e.g. update check, update application, event ping sequence) should have (with high probability) a single unique session ID. Default: ''.
+- **requestTestSource** Either '', 'dev', 'qa', 'prober', 'auto', or 'ossdev'. Any value except '' indicates that the request is a test and should not be counted toward normal metrics. Default: ''.
+- **requestUid** A randomly-generated (uniformly distributed) GUID, corresponding to the Omaha user. Each request attempt SHOULD have (with high probability) a unique request id. Default: ''.
+
+
+## Migration events
+
+### Microsoft.Windows.MigrationCore.MigObjectCountDLUsr
+
+This event returns data to track the count of the migration objects across various phases during feature update. The data collected with this event is used to help keep Windows secure and to track data loss scenarios.
+
+The following fields are available:
+
+- **currentSid** Indicates the user SID for which the migration is being performed.
+- **migDiagSession->CString** The phase of the upgrade where migration occurs. (E.g.: Validate tracked content)
+- **objectCount** The count for the number of objects that are being transferred.
+- **sfInfo.Name** This event identifies the phase of the upgrade where migration happens.
+
+
+### Microsoft.Windows.MigrationCore.MigObjectCountKFSys
+
+This event returns data about the count of the migration objects across various phases during feature update. The data collected with this event is used to help keep Windows secure and to track data loss scenarios.
+
+The following fields are available:
+
+- **migDiagSession->CString** Identifies the phase of the upgrade where migration happens.
+- **objectCount** The count of the number of objects that are being transferred.
+- **sfInfo.Name** The predefined folder path locations. For example, FOLDERID_PublicDownloads
+
+
+### Microsoft.Windows.MigrationCore.MigObjectCountKFUsr
+
+This event returns data to track the count of the migration objects across various phases during feature update. The data collected with this event is used to help keep Windows secure and to track data loss scenarios.
+
+The following fields are available:
+
+- **currentSid** Indicates the user SID for which the migration is being performed.
+- **migDiagSession->CString** The phase of the upgrade where the migration occurs. (For example, Validate tracked content.)
+- **objectCount** The number of objects that are being transferred.
+- **sfInfo.Name** The predefined folder path locations. For example, FOLDERID_PublicDownloads.
+
+
+## OneSettings events
+
+### Microsoft.Windows.OneSettingsClient.Heartbeat
+
+This event indicates the config state heartbeat. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
+
+The following fields are available:
+
+- **Configs** Array of configs.
+
+
+### Microsoft.Windows.OneSettingsClient.StateChange
+
+This event indicates the change in config state. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
+
+The following fields are available:
+
+- **flightId** Flight id.
+- **state** New state.
+
+
+### Microsoft.Windows.OneSettingsClient.Status
+
+This event indicates the config usage of status update. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
+
+The following fields are available:
+
+- **flightId** Flight id.
+- **time** Time.
+
+
+## OOBE events
+
+### Microsoft.Windows.Shell.Oobe.ExpeditedUpdate.ExpeditedUpdateExpeditionChoiceCommitted
+
+This event requests a commit work for expedited update. The data collected with this event is used to help keep Windows secure, up to date, and performing properly.
+
+The following fields are available:
+
+- **oobeExpeditedUpdateCommitOption** Type of commit work for expedited update.
+- **resultCode** HR result of operation.
+
+
+### Microsoft.Windows.Shell.Oobe.ExpeditedUpdate.ExpeditedUpdatePageSkipped
+
+This event provides information about skipping expedited update page. The data collected with this event is used to help keep Windows secure, up to date, and performing properly.
+
+The following fields are available:
+
+- **reason** Reason for skip.
+- **skippedReasonFlag** Flag representing reason for skip.
+
+
+### Microsoft.Windows.Shell.Oobe.ExpeditedUpdate.ExpeditedUpdateStartUSOScan
+
+This event indicates USO Scan API call. The data collected with this event is used to help keep Windows secure, up to date, and performing properly.
+
+The following fields are available:
+
+- **oobeExpeditedUpdateCommitOption** Expedited update commit work type.
+- **resultCode** HR result of operation.
+
+
+### Microsoft.Windows.Shell.Oobe.ExpeditedUpdate.ExpeditedUpdateStatusResult
+
+This event provides status of expedited update. The data collected with this event is used to help keep Windows secure, up to date, and performing properly.
+
+The following fields are available:
+
+- **oobeExpeditedUpdateStatus** Expedited update status.
+- **reason** Reason for the status.
+- **resultCode** HR result of operation.
+
+
+## Privacy consent logging events
+
+### Microsoft.Windows.Shell.PrivacyConsentLogging.PrivacyConsentCompleted
+
+This event is used to determine whether the user successfully completed the privacy consent experience. The data collected with this event is used to help keep Windows up to date.
+
+The following fields are available:
+
+- **presentationVersion** Which display version of the privacy consent experience the user completed
+- **privacyConsentState** The current state of the privacy consent experience
+- **settingsVersion** Which setting version of the privacy consent experience the user completed
+- **userOobeExitReason** The exit reason of the privacy consent experience
+
+
+### Microsoft.Windows.Shell.PrivacyConsentLogging.PrivacyConsentStatus
+
+This event provides the effectiveness of new privacy experience. The data collected with this event is used to help keep Windows up to date.
+
+The following fields are available:
+
+- **isAdmin** whether the person who is logging in is an admin
+- **isExistingUser** whether the account existed in a downlevel OS
+- **isLaunching** Whether or not the privacy consent experience will be launched
+- **isSilentElevation** whether the user has most restrictive UAC controls
+- **privacyConsentState** whether the user has completed privacy experience
+- **userRegionCode** The current user's region setting
+
+
+## Servicing API events
+
+### Microsoft.Windows.ServicingUAPI.ModifyFeaturesEnd
+
+This event sends Software Setup and Inventory data regarding the end of an operation to modify a feature. The data collected with this event is used to help keep Windows secure, up to date, and performing properly.
+
+The following fields are available:
+
+- **Actions** A numeric flag that indicates whether the operations are Inbox.
+- **ClientId** A unique, human-readable identifier for telemetry/diagnostic purposes.
+- **Duration** Duration of operation in milliseconds.
+- **Flags** A numeric flag indicating the type of operation being requested.
+- **NetRequiredBytes** Net space required after operation completes or after reboot if operation requires one.
+- **RebootRequired** A true or false value indicating if a reboot is required to complete the operation.
+- **RequiredDownloadBytes** Space required to acquire content (compressed).
+- **Result** HResult at operation end.
+- **TotalMaxRequiredBytes** Total maximum space required during operation.
+
+
+### Microsoft.Windows.ServicingUAPI.ModifyFeaturesResult
+
+This event sends Software Setup and Inventory data regarding a result that occurred during an operation to modify a feature. The data collected with this event is used to help keep Windows secure, up to date, and performing properly.
+
+The following fields are available:
+
+- **ClientId** A unique, human-readable identifier for telemetry/diagnostic purposes.
+- **FeatureIntentFlags** A numeric flag indicating the reason that the feature is being modified.
+- **FeatureName** Feature name which includes language-specific version if in the Language namespace.
+- **FeatureNewIntentFlags** A numeric flag indicating the new reason that the feature is absent or installed.
+- **FeatureNewStateFlags** A numeric flag indicating the new state of the feature.
+- **FeatureStateFlags** A numeric flag indicating the current state of the feature.
+- **Result** HResult from operation to modify a feature.
+
+
+## Setup events
+
+### Microsoft.Windows.Setup.WinSetupBoot.BootBlockStart
+
+This event emits the start of the windows setup boot routine during upgrade. This routine determines the state of the upgrade and handles properly moving the upgrade forward or rolling back the device. The data collected with this event is used to help keep Windows up to date and performing properly.
+
+The following fields are available:
+
+- **Action** It indicates phase/stage of operation.
+- **Detail** It indicates details about the phase/stage of the operation.
+- **Rollback** It is blank as this event triggers in success scenario only.
+- **Status** It indicates details about the status for getting the disk device object during boot.
+
+
+### Microsoft.Windows.Setup.WinSetupBoot.BootBlockStop
+
+This event emits the stop of the windows setup boot routine during upgrade. This routine determines the state of the upgrade and handles properly moving the upgrade forward or rolling back the device. The data collected with this event is used to help keep Windows up to date and performing properly.
+
+The following fields are available:
+
+- **Action** It indicates phase/stage of operation.
+- **Detail** It indicates details about the phase/stage of the operation.
+- **Rollback** It is blank as this event triggers in success scenario only.
+- **Status** It indicates details about the status for getting the disk device object during boot.
+
+
+### Microsoft.Windows.Setup.WinSetupBoot.Success
+
+This event sends data indicating that the device has invoked the WinSetupBoot successfully. The data collected with this event is used to help keep Windows up to date.
+
+The following fields are available:
+
+- **Action** It indicates phase/stage of operation. As success event fires on exiting the operation, this value must be 'Exiting'.
+- **Duration(ms)** Duration of filter setup instance operation in milliseconds.
+- **Rollback** It is blank as this event triggers in success scenario only.
+
+
+### Microsoft.Windows.Setup.WinSetupBoot.Warning
+
+This event is used to indicate whether there were any warnings when we were trying to skip a reboot during feature upgrade. The data collected with this event helps keep Windows product and service up to date.
+
+The following fields are available:
+
+- **Action** Action indicates what operation was being performed by the filter driver (Ex: Waiting, Exiting).
+- **Detail** Add detail to the operation listed above (Ex: Blocked thread timed out).
+- **Rollback** Indicates whether a rollback was triggered (0 or 1).
+- **Status** Indicates the status code for the operation (Ex: 0, 258 etc.).
+
+
+### Microsoft.Windows.Setup.WinSetupMon.ProtectionViolation
+
+This event provides information about move or deletion of a file or a directory which is being monitored for data safety during feature updates. The data collected with this event is used to help keep Windows up to date.
+
+The following fields are available:
+
+- **Path** Path to the file or the directory which is being moved or deleted.
+- **Process** Path to the process which is requesting the move or the deletion.
+- **TargetPath** (Optional) If the operation is a move, the target path to which the file or directory is being moved.
+
+
+### SetupPlatformTel.SetupPlatformTelActivityEvent
+
+This event sends basic metadata about the SetupPlatform update installation process, to help keep Windows up to date.
+
+The following fields are available:
+
+- **FieldName** Retrieves the event name/data point. Examples: InstallStartTime, InstallEndtime, OverallResult etc.
+- **GroupName** Retrieves the groupname the event belongs to. Example: Install Information, DU Information, Disk Space Information etc.
+- **InstanceID** This is a unique GUID to track individual instances of SetupPlatform that will help us tie events from a single instance together.
+- **Value** Value associated with the corresponding event name. For example, time-related events will include the system time
+
+
+### SetupPlatformTel.SetupPlatformTelActivityStarted
+
+This event sends basic metadata about the update installation process generated by SetupPlatform to help keep Windows up to date.
+
+The following fields are available:
+
+- **Name** The name of the dynamic update type. Example: GDR driver
+
+
+### SetupPlatformTel.SetupPlatformTelActivityStopped
+
+This event sends basic metadata about the update installation process generated by SetupPlatform to help keep Windows up to date.
+
+
+
+### SetupPlatformTel.SetupPlatformTelEvent
+
+This service retrieves events generated by SetupPlatform, the engine that drives the various deployment scenarios, to help keep Windows up to date.
+
+The following fields are available:
+
+- **FieldName** Retrieves the event name/data point. Examples: InstallStartTime, InstallEndtime, OverallResult etc.
+- **GroupName** Retrieves the groupname the event belongs to. Example: Install Information, DU Information, Disk Space Information etc.
+- **InstanceID** This is a unique GUID to track individual instances of SetupPlatform that will help us tie events from a single instance together.
+- **Value** Retrieves the value associated with the corresponding event name (Field Name). For example: For time related events this will include the system time.
+
+
+## SIH events
+
+### SIHEngineTelemetry.EvalApplicability
+
+This event is sent when targeting logic is evaluated to determine if a device is eligible for a given action. The data collected with this event is used to help keep Windows up to date.
+
+The following fields are available:
+
+- **ActionReasons** If an action has been assessed as inapplicable, the additional logic prevented it.
+- **AdditionalReasons** If an action has been assessed as inapplicable, the additional logic prevented it.
+- **CachedEngineVersion** The engine DLL version that is being used.
+- **EventInstanceID** A unique identifier for event instance.
+- **EventScenario** Indicates the purpose of sending this event – whether because the software distribution just started checking for content, or whether it was cancelled, succeeded, or failed.
+- **HandlerReasons** If an action has been assessed as inapplicable, the installer technology-specific logic prevented it.
+- **IsExecutingAction** If the action is presently being executed.
+- **ServiceGuid** A unique identifier that represents which service the software distribution client is connecting to (SIH, Windows Update, Microsoft Store, etc.).
+- **SihclientVersion** The client version that is being used.
+- **StandardReasons** If an action has been assessed as inapplicable, the standard logic the prevented it.
+- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
+- **UpdateID** A unique identifier for the action being acted upon.
+- **WuapiVersion** The Windows Update API version that is currently installed.
+- **WuaucltVersion** The Windows Update client version that is currently installed.
+- **WuauengVersion** The Windows Update engine version that is currently installed.
+- **WUDeviceID** The unique identifier controlled by the software distribution client.
+
+
+### SIHEngineTelemetry.ExecuteAction
+
+This event is triggered with SIH attempts to execute (e.g. install) the update or action in question. Includes important information like if the update required a reboot. The data collected with this event is used to help keep Windows up to date.
+
+The following fields are available:
+
+- **CachedEngineVersion** The engine DLL version that is being used.
+- **EventInstanceID** A unique identifier for event instance.
+- **EventScenario** Indicates the purpose of sending this event, whether because the software distribution just started checking for content, or whether it was cancelled, succeeded, or failed.
+- **RebootRequired** Indicates if a reboot was required to complete the action.
+- **ServiceGuid** A unique identifier that represents which service the software distribution client is connecting to (SIH, Windows Update, Microsoft Store, etc.).
+- **SihclientVersion** The SIH version.
+- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
+- **UpdateID** A unique identifier for the action being acted upon.
+- **WuapiVersion** The Windows Update API version.
+- **WuaucltVersion** The Windows Update version identifier for SIH.
+- **WuauengVersion** The Windows Update engine version identifier.
+- **WUDeviceID** The unique identifier controlled by the software distribution client.
+
+
+## Software update events
+
+### SoftwareUpdateClientTelemetry.CheckForUpdates
+
+This is a scan process event on Windows Update client. See the EventScenario field for specifics (started/failed/succeeded). The data collected with this event is used to help keep Windows up to date.
+
+The following fields are available:
+
+- **ActivityMatchingId** Contains a unique ID identifying a single CheckForUpdates session from initialization to completion.
+- **AllowCachedResults** Indicates if the scan allowed using cached results.
+- **ApplicableUpdateInfo** Metadata for the updates which were detected as applicable
+- **BranchReadinessLevel** The servicing branch configured on the device.
+- **CachedEngineVersion** For self-initiated healing, the version of the SIH engine that is cached on the device. If the SIH engine does not exist, the value is null.
+- **CallerApplicationName** The name provided by the caller who initiated API calls into the software distribution client.
+- **CapabilityDetectoidGuid** The GUID for a hardware applicability detectoid that could not be evaluated.
+- **CDNCountryCode** Two letter country abbreviation for the Content Distribution Network (CDN) location.
+- **CDNId** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue.
+- **ClientVersion** The version number of the software distribution client.
+- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. No data is currently reported in this field. Expected value for this field is 0.
+- **Context** Gives context on where the error has occurred. Example: AutoEnable, GetSLSData, AddService, Misc, or Unknown
+- **DeferralPolicySources** Sources for any update deferral policies defined (GPO = 0x10, MDM = 0x100, Flight = 0x1000, UX = 0x10000).
+- **DeferredUpdates** Update IDs which are currently being deferred until a later time
+- **DriverError** The error code hit during a driver scan. This is 0 if no error was encountered.
+- **DriverExclusionPolicy** Indicates if the policy for not including drivers with Windows Update is enabled.
+- **DriverSyncPassPerformed** Were drivers scanned this time?
+- **EventInstanceID** A globally unique identifier for event instance.
+- **EventScenario** Indicates the purpose of sending this event - whether because the software distribution just started checking for content, or whether it was cancelled, succeeded, or failed.
+- **ExtendedMetadataCabUrl** Hostname that is used to download an update.
+- **ExtendedStatusCode** Secondary error code for certain scenarios where StatusCode wasn't specific enough.
+- **FailedUpdateGuids** The GUIDs for the updates that failed to be evaluated during the scan.
+- **FailedUpdatesCount** The number of updates that failed to be evaluated during the scan.
+- **FeatureUpdateDeferral** The deferral period configured for feature OS updates on the device (in days).
+- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device.
+- **FeatureUpdatePausePeriod** The pause duration configured for feature OS updates on the device (in days).
+- **IntentPFNs** Intended application-set metadata for atomic update scenarios.
+- **IPVersion** Indicates whether the download took place over IPv4 or IPv6
+- **IsWUfBDualScanEnabled** Indicates if Windows Update for Business dual scan is enabled on the device.
+- **IsWUfBEnabled** Indicates if Windows Update for Business is enabled on the device.
+- **IsWUfBFederatedScanDisabled** Indicates if Windows Update for Business federated scan is disabled on the device.
+- **IsWUfBTargetVersionEnabled** Flag that indicates if the WU-for-Business target version policy is enabled on the device.
+- **MetadataIntegrityMode** The mode of the update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce
+- **MSIError** The last error that was encountered during a scan for updates.
+- **NetworkConnectivityDetected** Indicates the type of network connectivity that was detected. 0 - IPv4, 1 - IPv6
+- **NumberOfApplicableUpdates** The number of updates which were ultimately deemed applicable to the system after the detection process is complete
+- **NumberOfApplicationsCategoryScanEvaluated** The number of categories (apps) for which an app update scan checked
+- **NumberOfLoop** The number of round trips the scan required
+- **NumberOfNewUpdatesFromServiceSync** The number of updates which were seen for the first time in this scan
+- **NumberOfUpdatesEvaluated** The total number of updates which were evaluated as a part of the scan
+- **NumFailedMetadataSignatures** The number of metadata signatures checks which failed for new metadata synced down.
+- **Online** Indicates if this was an online scan.
+- **PausedUpdates** A list of UpdateIds which that currently being paused.
+- **PauseFeatureUpdatesEndTime** If feature OS updates are paused on the device, this is the date and time for the end of the pause time window.
+- **PauseFeatureUpdatesStartTime** If feature OS updates are paused on the device, this is the date and time for the beginning of the pause time window.
+- **PauseQualityUpdatesEndTime** If quality OS updates are paused on the device, this is the date and time for the end of the pause time window.
+- **PauseQualityUpdatesStartTime** If quality OS updates are paused on the device, this is the date and time for the beginning of the pause time window.
+- **ProcessName** The process name of the caller who initiated API calls, in the event where CallerApplicationName was not provided.
+- **QualityUpdateDeferral** The deferral period configured for quality OS updates on the device (in days).
+- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device.
+- **QualityUpdatePausePeriod** The pause duration configured for quality OS updates on the device (in days).
+- **RelatedCV** The previous Correlation Vector that was used before swapping with a new one
+- **ScanDurationInSeconds** The number of seconds a scan took
+- **ScanEnqueueTime** The number of seconds it took to initialize a scan
+- **ScanProps** This is a 32-bit integer containing Boolean properties for a given Windows Update scan. The following bits are used; all remaining bits are reserved and set to zero. Bit 0 (0x1): IsInteractive - is set to 1 if the scan is requested by a user, or 0 if the scan is requested by Automatic Updates. Bit 1 (0x2): IsSeeker - is set to 1 if the Windows Update client's Seeker functionality is enabled. Seeker functionality is enabled on certain interactive scans, and results in the scans returning certain updates that are in the initial stages of release (not yet released for full adoption via Automatic Updates).
+- **ServiceGuid** An ID which represents which service the software distribution client is checking for content (Windows Update, Microsoft Store, etc.).
+- **ServiceUrl** The environment URL a device is configured to scan with
+- **StatusCode** Indicates the result of a CheckForUpdates event (success, cancellation, failure code HResult).
+- **SyncType** Describes the type of scan the event was
+- **TargetMetadataVersion** For self-initiated healing, this is the target version of the SIH engine to download (if needed). If not, the value is null.
+- **TargetReleaseVersion** The value selected for the target release version policy.
+- **TotalNumMetadataSignatures** The total number of metadata signatures checks done for new metadata that was synced down.
+- **WebServiceRetryMethods** Web service method requests that needed to be retried to complete operation.
+- **WUDeviceID** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue.
+
+
+### SoftwareUpdateClientTelemetry.Commit
+
+This event sends data on whether the Update Service has been called to execute an upgrade, to help keep Windows up to date.
+
+The following fields are available:
+
+- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found.
+- **BundleRevisionNumber** Identifies the revision number of the content bundle
+- **CallerApplicationName** Name provided by the caller who initiated API calls into the software distribution client
+- **ClassificationId** Classification identifier of the update content.
+- **DeploymentMutexId** Mutex identifier of the deployment operation.
+- **DeploymentProviderHostModule** Name of the module which is hosting the Update Deployment Provider for deployment operation.
+- **DeploymentProviderMode** The mode of operation of the update deployment provider.
+- **EventScenario** Indicates the purpose of the event - whether because scan started, succeded, failed, etc.
+- **EventType** Possible values are "Child", "Bundle", "Relase" or "Driver".
+- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough.
+- **FlightId** The specific id of the flight the device is getting
+- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.)
+- **RevisionNumber** Identifies the revision number of this specific piece of content
+- **ServiceGuid** A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc).
+- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
+- **UpdateId** Identifier associated with the specific piece of content
+
+
+### SoftwareUpdateClientTelemetry.Download
+
+This event sends tracking data about the software distribution client download of the content for that update, to help keep Windows up to date.
+
+The following fields are available:
+
+- **ActiveDownloadTime** Number of seconds the update was actively being downloaded.
+- **AppXBlockHashFailures** Indicates the number of blocks that failed hash validation during download.
+- **AppXScope** Indicates the scope of the app download.
+- **BundleBytesDownloaded** Number of bytes downloaded for the specific content bundle.
+- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found.
+- **BundleRepeatFailCount** Indicates whether this particular update bundle previously failed.
+- **BundleRevisionNumber** Identifies the revision number of the content bundle.
+- **BytesDownloaded** Number of bytes that were downloaded for an individual piece of content (not the entire bundle).
+- **CallerApplicationName** The name provided by the caller who initiated API calls into the software distribution client.
+- **CbsMethod** The method used for downloading the update content related to the Component Based Servicing (CBS) technology.
+- **CDNCountryCode** Two letter country abbreviation for the Content Distribution Network (CDN) location.
+- **CDNId** ID which defines which CDN the software distribution client downloaded the content from.
+- **ClientVersion** The version number of the software distribution client.
+- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior.
+- **ConnectTime** Indicates the cumulative amount of time (in seconds) it took to establish the connection for all updates in an update bundle.
+- **DownloadPriority** Indicates whether a download happened at background, normal, or foreground priority.
+- **DownloadProps** Information about the download operation properties in the form of a bitmask.
+- **EventInstanceID** A globally unique identifier for event instance.
+- **EventScenario** Indicates the purpose of sending this event - whether because the software distribution just started downloading content, or whether it was cancelled, succeeded, or failed.
+- **EventType** Possible values are Child, Bundle, or Driver.
+- **ExtendedStatusCode** Secondary error code for certain scenarios where StatusCode wasn't specific enough.
+- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device.
+- **FlightBuildNumber** If this download was for a flight (pre-release build), this indicates the build number of that flight.
+- **FlightId** The specific ID of the flight (pre-release build) the device is getting.
+- **HardwareId** If this download was for a driver targeted to a particular device model, this ID indicates the model of the device.
+- **HostName** The hostname URL the content is downloading from.
+- **IPVersion** Indicates whether the download took place over IPv4 or IPv6.
+- **IsWUfBDualScanEnabled** Indicates if Windows Update for Business dual scan is enabled on the device.
+- **IsWUfBEnabled** Indicates if Windows Update for Business is enabled on the device.
+- **IsWUfBTargetVersionEnabled** Flag that indicates if the WU-for-Business target version policy is enabled on the device.
+- **NetworkCost** A flag indicating the cost of the network (congested, fixed, variable, over data limit, roaming, etc.) used for downloading the update content.
+- **NetworkRestrictionStatus** More general version of NetworkCostBitMask, specifying whether Windows considered the current network to be "metered."
+- **PackageFullName** The package name of the content.
+- **PostDnldTime** Time taken (in seconds) to signal download completion after the last job has completed downloading payload.
+- **ProcessName** The process name of the caller who initiated API calls, in the event where CallerApplicationName was not provided.
+- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device.
+- **Reason** A 32-bit integer representing the reason the update is blocked from being downloaded in the background.
+- **RegulationResult** The result code (HResult) of the last attempt to contact the regulation web service for download regulation of update content.
+- **RelatedCV** The previous Correlation Vector that was used before swapping with a new one.
+- **RepeatFailCount** Indicates whether this specific content has previously failed.
+- **RevisionNumber** The revision number of the specified piece of content.
+- **ServiceGuid** A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc).
+- **SizeCalcTime** Time taken (in seconds) to calculate the total download size of the payload.
+- **StatusCode** Indicates the result of a Download event (success, cancellation, failure code HResult).
+- **TotalExpectedBytes** The total count of bytes that the download is expected to be.
+- **UpdateId** An identifier associated with the specific piece of content.
+- **UpdateImportance** Indicates whether a piece of content was marked as Important, Recommended, or Optional.
+- **UsedDO** Whether the download used the delivery optimization service.
+- **WUDeviceID** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue.
+
+
+### SoftwareUpdateClientTelemetry.DownloadCheckpoint
+
+This event provides a checkpoint between each of the Windows Update download phases for UUP content. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
+
+The following fields are available:
+
+- **CallerApplicationName** The name provided by the caller who initiated API calls into the software distribution client
+- **ClientVersion** The version number of the software distribution client
+- **EventScenario** Indicates the purpose of sending this event - whether because the software distribution just started checking for content, or whether it was cancelled, succeeded, or failed
+- **EventType** Possible values are "Child", "Bundle", "Relase" or "Driver"
+- **ExtendedStatusCode** Secondary error code for certain scenarios where StatusCode wasn't specific enough
+- **FileId** A hash that uniquely identifies a file
+- **FileName** Name of the downloaded file
+- **FlightId** The unique identifier for each flight
+- **RelatedCV** The previous Correlation Vector that was used before swapping with a new one
+- **RevisionNumber** Unique revision number of Update
+- **ServiceGuid** An ID which represents which service the software distribution client is checking for content (Windows Update, Microsoft Store, etc.)
+- **StatusCode** Indicates the result of a CheckForUpdates event (success, cancellation, failure code HResult)
+- **UpdateId** Unique Update ID
+- **WUDeviceID** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue
+
+
+### SoftwareUpdateClientTelemetry.DownloadHeartbeat
+
+This event allows tracking of ongoing downloads and contains data to explain the current state of the download. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
+
+The following fields are available:
+
+- **BytesTotal** Total bytes to transfer for this content
+- **BytesTransferred** Total bytes transferred for this content at the time of heartbeat
+- **CallerApplicationName** Name provided by the caller who initiated API calls into the software distribution client
+- **ClientVersion** The version number of the software distribution client
+- **ConnectionStatus** Indicates the connectivity state of the device at the time of heartbeat
+- **CurrentError** Last (transient) error encountered by the active download
+- **DownloadFlags** Flags indicating if power state is ignored
+- **DownloadState** Current state of the active download for this content (queued, suspended, or progressing)
+- **EventType** Possible values are "Child", "Bundle", or "Driver"
+- **FlightId** The unique identifier for each flight
+- **IsNetworkMetered** Indicates whether Windows considered the current network to be ?metered"
+- **MOAppDownloadLimit** Mobile operator cap on size of application downloads, if any
+- **MOUpdateDownloadLimit** Mobile operator cap on size of operating system update downloads, if any
+- **PowerState** Indicates the power state of the device at the time of heartbeart (DC, AC, Battery Saver, or Connected Standby)
+- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one
+- **ResumeCount** Number of times this active download has resumed from a suspended state
+- **RevisionNumber** Identifies the revision number of this specific piece of content
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Microsoft Store, etc)
+- **SuspendCount** Number of times this active download has entered a suspended state
+- **SuspendReason** Last reason for why this active download entered a suspended state
+- **UpdateId** Identifier associated with the specific piece of content
+- **WUDeviceID** Unique device id controlled by the software distribution client
+
+
+### SoftwareUpdateClientTelemetry.Install
+
+This event sends tracking data about the software distribution client installation of the content for that update, to help keep Windows up to date.
+
+The following fields are available:
+
+- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found.
+- **BundleRepeatFailCount** Indicates whether this particular update bundle has previously failed.
+- **BundleRevisionNumber** Identifies the revision number of the content bundle.
+- **CallerApplicationName** The name provided by the caller who initiated API calls into the software distribution client.
+- **ClassificationId** Classification identifier of the update content.
+- **ClientVersion** The version number of the software distribution client.
+- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. No value is currently reported in this field. Expected value for this field is 0.
+- **CSIErrorType** The stage of CBS installation where it failed.
+- **DeploymentMutexId** Mutex identifier of the deployment operation.
+- **DeploymentProviderHostModule** Name of the module which is hosting the Update Deployment Provider for deployment operation.
+- **DeploymentProviderMode** The mode of operation of the update deployment provider.
+- **DriverPingBack** Contains information about the previous driver and system state.
+- **DriverRecoveryIds** The list of identifiers that could be used for uninstalling the drivers if a recovery is required.
+- **EventInstanceID** A globally unique identifier for event instance.
+- **EventScenario** Indicates the purpose of sending this event - whether because the software distribution just started installing content, or whether it was cancelled, succeeded, or failed.
+- **EventType** Possible values are Child, Bundle, or Driver.
+- **ExtendedErrorCode** The extended error code.
+- **ExtendedStatusCode** Secondary error code for certain scenarios where StatusCode is not specific enough.
+- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device.
+- **FlightBuildNumber** If this installation was for a Windows Insider build, this is the build number of that build.
+- **FlightId** The specific ID of the Windows Insider build the device is getting.
+- **HandlerType** Indicates what kind of content is being installed (for example, app, driver, Windows update).
+- **HardwareId** If this install was for a driver targeted to a particular device model, this ID indicates the model of the device.
+- **InstallProps** A bitmask for future flags associated with the install operation. No value is currently reported in this field. Expected value for this field is 0.
+- **IntentPFNs** Intended application-set metadata for atomic update scenarios.
+- **IsFinalOutcomeEvent** Indicates whether this event signals the end of the update/upgrade process.
+- **IsFirmware** Indicates whether this update is a firmware update.
+- **IsSuccessFailurePostReboot** Indicates whether the update succeeded and then failed after a restart.
+- **IsWUfBDualScanEnabled** Indicates whether Windows Update for Business dual scan is enabled on the device.
+- **IsWUfBEnabled** Indicates whether Windows Update for Business is enabled on the device.
+- **IsWUfBTargetVersionEnabled** Flag that indicates if the WU-for-Business target version policy is enabled on the device.
+- **MergedUpdate** Indicates whether the OS update and a BSP update merged for installation.
+- **MsiAction** The stage of MSI installation where it failed.
+- **MsiProductCode** The unique identifier of the MSI installer.
+- **PackageFullName** The package name of the content being installed.
+- **ProcessName** The process name of the caller who initiated API calls, in the event that CallerApplicationName was not provided.
+- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device.
+- **RelatedCV** The previous Correlation Vector that was used before swapping with a new one
+- **RepeatFailCount** Indicates whether this specific piece of content has previously failed.
+- **RevisionNumber** The revision number of this specific piece of content.
+- **ServiceGuid** An ID which represents which service the software distribution client is installing content for (Windows Update, Microsoft Store, etc.).
+- **StatusCode** Indicates the result of an installation event (success, cancellation, failure code HResult).
+- **TargetGroupId** For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver.
+- **TargetingVersion** For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device.
+- **TransactionCode** The ID that represents a given MSI installation.
+- **UpdateId** Unique update ID.
+- **UpdateImportance** Indicates whether a piece of content was marked as Important, Recommended, or Optional.
+- **UsedSystemVolume** Indicates whether the content was downloaded and then installed from the device's main system storage drive, or an alternate storage drive.
+- **WUDeviceID** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue.
+
+
+### SoftwareUpdateClientTelemetry.Revert
+
+This is a revert event for target update on Windows Update Client. See EventScenario field for specifics (for example, Started/Failed/Succeeded). The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
+
+The following fields are available:
+
+- **BundleId** Identifier associated with the specific content bundle. Should not be all zeros if the BundleId was found.
+- **BundleRepeatFailCount** Indicates whether this particular update bundle has previously failed.
+- **BundleRevisionNumber** Identifies the revision number of the content bundle.
+- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
+- **ClassificationId** Classification identifier of the update content.
+- **ClientVersion** Version number of the software distribution client.
+- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. There is no value being reported in this field right now. Expected value for this field is 0.
+- **CSIErrorType** Stage of CBS installation that failed.
+- **DeploymentMutexId** Mutex identifier of the deployment operation.
+- **DeploymentProviderHostModule** Name of the module which is hosting the Update Deployment Provider for deployment operation.
+- **DeploymentProviderMode** The mode of operation of the update deployment provider.
+- **DriverPingBack** Contains information about the previous driver and system state.
+- **DriverRecoveryIds** The list of identifiers that could be used for uninstalling the drivers if a recovery is required.
+- **EventInstanceID** A globally unique identifier for event instance.
+- **EventScenario** Indicates the purpose of the event (scan started, succeeded, failed, etc.).
+- **EventType** Event type (Child, Bundle, Release, or Driver).
+- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode is not specific enough.
+- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device.
+- **FlightBuildNumber** Indicates the build number of the flight.
+- **FlightId** The specific ID of the flight the device is getting.
+- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.).
+- **HardwareId** If this download was for a driver targeted to a particular device model, this ID indicates the model of the device.
+- **IsFinalOutcomeEvent** Indicates whether this event signals the end of the update/upgrade process.
+- **IsFirmware** Indicates whether an update was a firmware update.
+- **IsSuccessFailurePostReboot** Indicates whether an initial success was a failure after a reboot.
+- **IsWUfBDualScanEnabled** Flag indicating whether WU-for-Business dual scan is enabled on the device.
+- **IsWUfBEnabled** Flag indicating whether WU-for-Business is enabled on the device.
+- **IsWUfBTargetVersionEnabled** Flag that indicates if the WU-for-Business target version policy is enabled on the device.
+- **MergedUpdate** Indicates whether an OS update and a BSP update were merged for install.
+- **ProcessName** Process name of the caller who initiated API calls into the software distribution client.
+- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device.
+- **RelatedCV** The previous correlation vector that was used by the client before swapping with a new one.
+- **RepeatFailCount** Indicates whether this specific piece of content has previously failed.
+- **RevisionNumber** Identifies the revision number of this specific piece of content.
+- **ServiceGuid** A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc).
+- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
+- **TargetGroupId** For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver.
+- **TargetingVersion** For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device.
+- **UpdateId** The identifier associated with the specific piece of content.
+- **UpdateImportance** Indicates the importance of a driver, and why it received that importance level (0-Unknown, 1-Optional, 2-Important-DNF, 3-Important-Generic, 4-Important-Other, 5-Recommended).
+- **UsedSystemVolume** Indicates whether the device's main system storage drive or an alternate storage drive was used.
+- **WUDeviceID** Unique device ID controlled by the software distribution client.
+
+
+### SoftwareUpdateClientTelemetry.TaskRun
+
+This is a start event for Server Initiated Healing client. See EventScenario field for specifics (for example, started/completed). The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
+
+The following fields are available:
+
+- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
+- **ClientVersion** Version number of the software distribution client.
+- **CmdLineArgs** Command line arguments passed in by the caller.
+- **EventInstanceID** A globally unique identifier for the event instance.
+- **EventScenario** Indicates the purpose of the event (scan started, succeeded, failed, etc.).
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Microsoft Store, etc.).
+- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
+- **WUDeviceID** Unique device ID controlled by the software distribution client.
+
+
+### SoftwareUpdateClientTelemetry.Uninstall
+
+This is an uninstall event for target update on Windows Update Client. See EventScenario field for specifics (for example, Started/Failed/Succeeded). The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
+
+The following fields are available:
+
+- **BundleId** The identifier associated with the specific content bundle. This should not be all zeros if the bundleID was found.
+- **BundleRepeatFailCount** Indicates whether this particular update bundle previously failed.
+- **BundleRevisionNumber** Identifies the revision number of the content bundle.
+- **CallerApplicationName** Name of the application making the Windows Update request. Used to identify context of request.
+- **ClassificationId** Classification identifier of the update content.
+- **ClientVersion** Version number of the software distribution client.
+- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. There is no value being reported in this field right now. Expected value for this field is 0.
+- **DeploymentMutexId** Mutex identifier of the deployment operation.
+- **DeploymentProviderHostModule** Name of the module which is hosting the Update Deployment Provider for deployment operation.
+- **DeploymentProviderMode** The mode of operation of the Update Deployment Provider.
+- **DriverPingBack** Contains information about the previous driver and system state.
+- **DriverRecoveryIds** The list of identifiers that could be used for uninstalling the drivers when a recovery is required.
+- **EventInstanceID** A globally unique identifier for event instance.
+- **EventScenario** Indicates the purpose of the event (a scan started, succeded, failed, etc.).
+- **EventType** Indicates the event type. Possible values are "Child", "Bundle", "Release" or "Driver".
+- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode is not specific enough.
+- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device.
+- **FlightBuildNumber** Indicates the build number of the flight.
+- **FlightId** The specific ID of the flight the device is getting.
+- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.).
+- **HardwareId** If the download was for a driver targeted to a particular device model, this ID indicates the model of the device.
+- **IsFinalOutcomeEvent** Indicates whether this event signals the end of the update/upgrade process.
+- **IsFirmware** Indicates whether an update was a firmware update.
+- **IsSuccessFailurePostReboot** Indicates whether an initial success was then a failure after a reboot.
+- **IsWUfBDualScanEnabled** Flag indicating whether WU-for-Business dual scan is enabled on the device.
+- **IsWUfBEnabled** Flag indicating whether WU-for-Business is enabled on the device.
+- **IsWUfBTargetVersionEnabled** Flag that indicates if the WU-for-Business target version policy is enabled on the device.
+- **MergedUpdate** Indicates whether an OS update and a BSP update were merged for install.
+- **ProcessName** Process name of the caller who initiated API calls into the software distribution client.
+- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device.
+- **RelatedCV** The previous correlation vector that was used by the client before swapping with a new one.
+- **RepeatFailCount** Indicates whether this specific piece of content previously failed.
+- **RevisionNumber** Identifies the revision number of this specific piece of content.
+- **ServiceGuid** A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc).
+- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
+- **TargetGroupId** For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver.
+- **TargetingVersion** For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device.
+- **UpdateId** Identifier associated with the specific piece of content.
+- **UpdateImportance** Indicates the importance of a driver and why it received that importance level (0-Unknown, 1-Optional, 2-Important-DNF, 3-Important-Generic, 4-Important-Other, 5-Recommended).
+- **UsedSystemVolume** Indicates whether the device’s main system storage drive or an alternate storage drive was used.
+- **WUDeviceID** Unique device ID controlled by the software distribution client.
+
+
+### SoftwareUpdateClientTelemetry.UpdateDetected
+
+This event sends data about an AppX app that has been updated from the Microsoft Store, including what app needs an update and what version/architecture is required, in order to understand and address problems with apps getting required updates. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
+
+The following fields are available:
+
+- **ApplicableUpdateInfo** Metadata for the updates which were detected as applicable.
+- **CallerApplicationName** The name provided by the caller who initiated API calls into the software distribution client.
+- **IntentPFNs** Intended application-set metadata for atomic update scenarios.
+- **NumberOfApplicableUpdates** The number of updates ultimately deemed applicable to the system after the detection process is complete.
+- **RelatedCV** The previous Correlation Vector that was used before swapping with a new one.
+- **ServiceGuid** An ID that represents which service the software distribution client is connecting to (Windows Update, Microsoft Store, etc.).
+- **WUDeviceID** The unique device ID controlled by the software distribution client.
+
+
+### SoftwareUpdateClientTelemetry.UpdateMetadataIntegrity
+
+This event helps to identify whether update content has been tampered with and protects against man-in-the-middle attack. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
+
+The following fields are available:
+
+- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
+- **EndpointUrl** The endpoint URL where the device obtains update metadata. This is used to distinguish between test, staging, and production environments.
+- **EventScenario** The purpose of this event, such as scan started, scan succeeded, or scan failed.
+- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough.
+- **LeafCertId** The integral ID from the FragmentSigning data for the certificate that failed.
+- **MetadataIntegrityMode** The mode of the transport metadata integrity check. 0 = unknown; 1 = ignore; 2 = audit; 3 = enforce
+- **MetadataSignature** A base64-encoded string of the signature associated with the update metadata (specified by revision ID).
+- **RawMode** The raw unparsed mode string from the SLS response. This field is null if not applicable.
+- **RevisionId** The revision ID for a specific piece of content.
+- **RevisionNumber** The revision number for a specific piece of content.
+- **ServiceGuid** Identifies the service to which the software distribution client is connected. Example: Windows Update or Microsoft Store
+- **SHA256OfLeafCertPublicKey** A base64 encoding of the hash of the Base64CertData in the FragmentSigning data of the leaf certificate.
+- **SHA256OfTimestampToken** An encoded string of the timestamp token.
+- **SignatureAlgorithm** The hash algorithm for the metadata signature.
+- **SLSPrograms** A test program to which a device may have opted in. Example: Insider Fast
+- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
+- **TimestampTokenId** The time this was created. It is encoded in a timestamp blob and will be zero if the token is malformed.
+- **UpdateId** The update ID for a specific piece of content.
+
+
+## Surface events
+
+### Microsoft.Surface.Battery.Prod.BatteryInfoEvent
+
+This event includes the hardware level data about battery performance. The data collected with this event is used to help keep Windows products and services performing properly.
+
+The following fields are available:
+
+- **pszBatteryDataXml** Battery performance data.
+
+
+### Microsoft.Surface.Battery.Prod.BatteryInfoEventV2_BPM
+
+This event includes the hardware level data about battery performance. The data collected with this event is used to keep Windows performing properly.
+
+The following fields are available:
+
+- **BPMCurrentlyEngaged** Instantaneous snapshot if BPM is engaged on device.
+- **BPMExitCriteria** What is the BPM exit criteria - 20%SOC or 50%SOC?
+- **BPMHvtCountA** Current HVT count for BPM counter A.
+- **BPMHvtCountB** Current HVT count for BPM counter B.
+- **bpmOptOutLifetimeCount** BPM OptOut Lifetime Count.
+- **BPMRsocBucketsHighTemp_Values** Time in temperature range 46°C -60°C and in the following true RSOC ranges: 0%-49%; 50%-79%; 80%-89%; 90%-94%; 95%-100%.
+- **BPMRsocBucketsLowTemp_Values** Time in temperature range 0°C -20°C and in the following true RSOC ranges: 0%-49%; 50%-79%; 80%-89%; 90%-94%; 95%-100%.
+- **BPMRsocBucketsMediumHighTemp_Values** Time in temperature range 36°C -45°C and in the following true RSOC ranges: 0%-49%; 50%-79%; 80%-89%; 90%-94%; 95%-100%.
+- **BPMRsocBucketsMediumLowTemp_Values** Time in temperature range 21°C-35°C and in the following true RSOC ranges: 0%-49%; 50%-79%; 80%-89%; 90%-94%; 95%-100%.
+- **BPMTotalEngagedMinutes** Total time that BPM was engaged.
+- **BPMTotalEntryEvents** Total number of times entering BPM.
+- **ComponentId** Component ID.
+- **FwVersion** FW version that created this log.
+- **LogClass** Log Class.
+- **LogInstance** Log instance within class (1..n).
+- **LogVersion** Log MGR version.
+- **MCUInstance** Instance id used to identify multiple MCU's in a product.
+- **ProductId** Product ID.
+- **SeqNum** Sequence Number.
+- **TimeStamp** UTC seconds when log was created.
+- **Ver** Schema version.
+
+
+### Microsoft.Surface.Battery.Prod.BatteryInfoEventV2_CTT
+
+This event includes the hardware level data about battery performance. The data collected with this event is used to keep Windows performing properly.
+
+The following fields are available:
+
+- **BPMKioskModeStartDateInSeconds** First time Battery Limit was turned on
+- **BPMKioskModeTotalEngagedMinutes** Total time Battery Limit was on (SOC value at 50%)
+- **ComponentId** Component ID.
+- **CTTEqvTimeat35C** Poll time every minute. Add to lifetime counter based on temperature. Only count time above 80% SOC.
+- **CTTEqvTimeat35CinBPM** Poll time every minute. Add to lifetime counter based on temperature. Only count time above 55% SOC and when device is in BPM. Round up.
+- **CTTMinSOC1day** Rolling 1 day minimum SOC. Value set to 0 initially.
+- **CTTMinSOC28day** Rolling 28 day minimum SOC. Value set to 0 initially
+- **CTTMinSOC3day** Rolling 3 day minimum SOC. Value set to 0 initially
+- **CTTMinSOC7day** Rolling 7 day minimum SOC. Value set to 0 initially
+- **CTTStartDateInSeconds** Indicates the start date of when device starting being used.
+- **currentAuthenticationState** Current Authentication State.
+- **FwVersion** FW version that created this log.
+- **LogClass** LOG CLASS.
+- **LogInstance** Log instance within class (1..n).
+- **LogVersion** LOG MGR VERSION.
+- **MCUInstance** Instance id used to identify multiple MCU's in a product.
+- **newSnFruUpdateCount** New Sn FRU Update Count.
+- **newSnUpdateCount** New Sn Update Count.
+- **ProductId** Product ID.
+- **ProtectionPolicy** Battery limit engaged. True (0 False)
+- **SeqNum** Represents the sequence number.
+- **TimeStamp** UTC seconds when log was created.
+- **Ver** The schema version used.
+- **VoltageOptimization** Current CTT reduction in mV
+
+
+### Microsoft.Surface.Battery.Prod.BatteryInfoEventV2_GG
+
+This event includes the hardware level data about battery performance. The data collected with this event is used to keep Windows performing properly.
+
+The following fields are available:
+
+- **cbTimeCell_Values** cb time for different cells.
+- **ComponentId** Component ID.
+- **cycleCount** Cycle Count.
+- **deltaVoltage** Delta voltage.
+- **eocChargeVoltage_Values** EOC Charge voltage values.
+- **fullChargeCapacity** Full Charge Capacity.
+- **FwVersion** FW version that created this log.
+- **lastCovEvent** Last Cov event.
+- **lastCuvEvent** Last Cuv event.
+- **LogClass** LOG_CLASS.
+- **LogInstance** Log instance within class (1..n).
+- **LogVersion** LOG_MGR_VERSION.
+- **manufacturerName** Manufacturer name.
+- **maxChargeCurrent** Max charge current.
+- **maxDeltaCellVoltage** Max delta cell voltage.
+- **maxDischargeCurrent** Max discharge current.
+- **maxTempCell** Max temp cell.
+- **maxVoltage_Values** Max voltage values.
+- **MCUInstance** Instance id used to identify multiple MCU's in a product.
+- **minTempCell** Min temp cell.
+- **minVoltage_Values** Min voltage values.
+- **numberOfCovEvents** Number of Cov events.
+- **numberOfCuvEvents** Number of Cuv events.
+- **numberOfOCD1Events** Number of OCD1 events.
+- **numberOfOCD2Events** Number of OCD2 events.
+- **numberOfQmaxUpdates** Number of Qmax updates.
+- **numberOfRaUpdates** Number of Ra updates.
+- **numberOfShutdowns** Number of shutdowns.
+- **pfStatus_Values** pf status values.
+- **ProductId** Product ID.
+- **qmax_Values** Qmax values for different cells.
+- **SeqNum** Sequence Number.
+- **TimeStamp** UTC seconds when log was created.
+- **Ver** Schema version.
+
+
+### Microsoft.Surface.Battery.Prod.BatteryInfoEventV2_GGExt
+
+This event includes the hardware level data about battery performance. The data collected with this event is used to keep Windows performing properly.
+
+The following fields are available:
+
+- **avgCurrLastRun** Average current last run.
+- **avgPowLastRun** Average power last run.
+- **batteryMSPN** BatteryMSPN
+- **batteryMSSN** BatteryMSSN.
+- **cell0Ra3** Cell0Ra3.
+- **cell1Ra3** Cell1Ra3.
+- **cell2Ra3** Cell2Ra3.
+- **cell3Ra3** Cell3Ra3.
+- **ComponentId** Component ID.
+- **currentAtEoc** Current at Eoc.
+- **firstPFstatusA** First PF status-A.
+- **firstPFstatusB** First PF status-B.
+- **firstPFstatusC** First PF status-C.
+- **firstPFstatusD** First PF status-D.
+- **FwVersion** FW version that created this log.
+- **lastQmaxUpdate** Last Qmax update.
+- **lastRaDisable** Last Ra disable.
+- **lastRaUpdate** Last Ra update.
+- **lastValidChargeTerm** Last valid charge term.
+- **LogClass** LOG CLASS.
+- **LogInstance** Log instance within class (1..n).
+- **LogVersion** LOG MGR VERSION.
+- **maxAvgCurrLastRun** Max average current last run.
+- **maxAvgPowLastRun** Max average power last run.
+- **MCUInstance** Instance id used to identify multiple MCU's in a product.
+- **mfgInfoBlockB01** MFG info Block B01.
+- **mfgInfoBlockB02** MFG info Block B02.
+- **mfgInfoBlockB03** MFG info Block B03.
+- **mfgInfoBlockB04** MFG info Block B04.
+- **numOfRaDisable** Number of Ra disable.
+- **numOfValidChargeTerm** Number of valid charge term.
+- **ProductId** Product ID.
+- **qmaxCycleCount** Qmax cycle count.
+- **SeqNum** Sequence Number.
+- **stateOfHealthEnergy** State of health energy.
+- **stateOfHealthFcc** State of health Fcc.
+- **stateOfHealthPercent** State of health percent.
+- **TimeStamp** UTC seconds when log was created.
+- **totalFwRuntime** Total FW runtime.
+- **updateStatus** Update status.
+- **Ver** Schema version.
+
+
+### Microsoft.Surface.Health.Binary.Prod.McuHealthLog
+
+This event collects information to keep track of health indicator of the built-in micro controller. For example, the number of abnormal shutdowns due to power issues during boot sequence, type of display panel attached to base, thermal indicator, throttling data in hardware etc. The data collected with this event is used to help keep Windows secure and performing properly.
+
+The following fields are available:
+
+- **CUtility::GetTargetNameA(Target)** Sub component name.
+- **HealthLog** Health indicator log.
+- **healthLogSize** 4KB.
+- **productId** Identifier for product model.
+
+
+### Microsoft.Surface.SystemReset.Prod.ResetCauseEventV2
+
+This event sends reason for SAM, PCH and SoC reset. The data collected with this event is used to keep Windows performing properly.
+
+The following fields are available:
+
+- **HostResetCause** Host reset cause.
+- **PchResetCause** PCH reset cause.
+- **SamResetCause** SAM reset cause.
+
+
+## UEFI events
+
+### Microsoft.Windows.UEFI.ESRT
+
+This event sends basic data during boot about the firmware loaded or recently installed on the machine. The data collected with this event is used to help keep Windows up to date and performing properly.
+
+The following fields are available:
+
+- **DriverFirmwareFilename** The firmware file name reported by the device hardware key.
+- **DriverFirmwareIntegrityFilename** Filename of the integrity package that is supplied in the firmware package.
+- **DriverFirmwarePolicy** The optional version update policy value.
+- **DriverFirmwareStatus** The firmware status reported by the device hardware key.
+- **DriverFirmwareVersion** The firmware version reported by the device hardware key.
+- **FirmwareId** The UEFI (Unified Extensible Firmware Interface) identifier.
+- **FirmwareLastAttemptStatus** The reported status of the most recent firmware installation attempt, as reported by the EFI System Resource Table (ESRT).
+- **FirmwareLastAttemptVersion** The version of the most recent attempted firmware installation, as reported by the EFI System Resource Table (ESRT).
+- **FirmwareType** The UEFI (Unified Extensible Firmware Interface) type.
+- **FirmwareVersion** The UEFI (Unified Extensible Firmware Interface) version as reported by the EFI System Resource Table (ESRT).
+- **InitiateUpdate** Indicates whether the system is ready to initiate an update.
+- **LastAttemptDate** The date of the most recent attempted firmware installation.
+- **LastAttemptStatus** The result of the most recent attempted firmware installation.
+- **LastAttemptVersion** The version of the most recent attempted firmware installation.
+- **LowestSupportedFirmwareVersion** The oldest (lowest) version of firmware supported.
+- **MaxRetryCount** The maximum number of retries, defined by the firmware class key.
+- **RetryCount** The number of attempted installations (retries), reported by the driver software key.
+- **Status** The status returned to the PnP (Plug-and-Play) manager.
+- **UpdateAttempted** Indicates if installation of the current update has been attempted before.
+
+
+## Update Assistant events
+
+### Microsoft.Windows.RecommendedTroubleshootingService.MitigationFailed
+
+This event is raised after an executable delivered by Mitigation Service has run and failed. Data from this event is used to measure the health of mitigations used by engineers to solve in-market problems on internal, insider, and retail devices. Failure data will also be used for root-cause investigation by feature teams, as signal to halt mitigation rollout and, possible follow-up action on specific devices still impacted by the problem because the mitigation failed (i.e. reoffer it to impacted devices). The data collected with this event is used to help keep Windows up to date and performing properly.
+
+The following fields are available:
+
+- **activeProcesses** Number of active processes.
+- **atleastOneMitigationSucceeded** Bool flag indicating if at least one mitigation succeeded.
+- **callerId** Identifier (GUID) of the caller requesting a system initiated troubleshooter.
+- **contactTSServiceAttempts** Number of attempts made by TroubleshootingSvc in a single Scanner session to get Troubleshooter metadata from the Troubleshooting cloud service.
+- **countDownloadedPayload** Count instances of payload downloaded.
+- **description** Description of failure.
+- **devicePreference** Recommended Troubleshooting Setting on the device.
+- **downloadBinaryAttempts** Number of attempts made by TroubleshootingSvc in a single Scanner session to download Troubleshooter Exe.
+- **downloadCabAttempts** Number of attempts made by TroubleshootingSvc in a single Scanner session to download PrivilegedActions Cab.
+- **executionHR** HR code of the execution of the mitigation.
+- **executionPreference** Current Execution level Preference. This may not be same as devicePreference, eg when executing Critical troubleshooters, the executionPreference is set to the Silent option.
+- **exitCode** Exit code of the execution of the mitigation.
+- **experimentFeatureId** Experiment feature ID.
+- **experimentFeatureState** Config state of the experiment.
+- **hr** HRESULT for error code.
+- **isActiveSessionPresent** If an active user session is present on the device.
+- **isCriticalMitigationAvailable** If a critical mitigation is available to this device.
+- **isFilteringSuccessful** If the filtering operation was successful.
+- **isReApply** reApply status for the mitigation.
+- **mitigationId** ID value of the mitigation.
+- **mitigationProcessCycleTime** Process cycle time used by the mitigation.
+- **mitigationRequestWithCompressionFailed** Boolean flag indicating if HTTP request with compression failed for this device.
+- **mitigationServiceResultFetched** Boolean flag indicating if mitigation details were fetched from the admin service.
+- **mitigationVersion** String indicating version of the mitigation.
+- **oneSettingsMetadataParsed** If OneSettings metadata was parsed successfully.
+- **oneSettingsSchemaVersion** Schema version used by the OneSettings parser.
+- **onlyNoOptMitigationsPresent** Checks if all mitigations were no opt.
+- **parsedOneSettingsFile** Indicates if OneSettings parsing was successful.
+- **sessionAttempts** Number of Scanner sessions attempted so far by TroubleshootingSvc for this troubleshooter.
+- **SessionId** Random GUID used for grouping events in a session.
+- **subType** Error type.
+- **totalKernelTime** Total kernel time used by the mitigation.
+- **totalNumberOfApplicableMitigations** Total number of applicable mitigations.
+- **totalProcesses** Total number of processes assigned to the job object.
+- **totalTerminatedProcesses** Total number of processes in terminated state assigned to the job object.
+- **totalUserTime** Total user mode time used by the job object.
+
+
+### Microsoft.Windows.RecommendedTroubleshootingService.MitigationSucceeded
+
+This event is raised after an executable delivered by Mitigation Service has successfully run. Data from this event is used to measure the health of mitigations used by engineers to solve in-market problems on internal, insider, and retail devices. The data collected with this event is used to keep Windows performing properly.
+
+The following fields are available:
+
+- **activeProcesses** Number of active processes.
+- **callerId** Identifier (GUID) of the caller requesting a system initiated troubleshooter.
+- **contactTSServiceAttempts** Number of attempts made by TroubleshootingSvc in a single Scanner session to get Troubleshooter metadata from the Troubleshooting cloud service.
+- **devicePreference** Recommended troubleshooting setting on the device.
+- **downloadBinaryAttempts** Number of attempts made by TroubleshootingSvc in a single Scanner session to download Troubleshooter Exe.
+- **downloadCabAttempts** Number of attempts made by TroubleshootingSvc in a single Scanner session to download PrivilegedActions Cab.
+- **executionPreference** Current Execution level Preference. This may not be same as devicePreference, for example, when executing Critical troubleshooters, the executionPreference is set to the Silent option.
+- **exitCode** Exit code of the execution of the mitigation.
+- **exitCodeDefinition** String describing the meaning of the exit code returned by the mitigation (i.e. ProblemNotFound).
+- **experimentFeatureId** Experiment feature ID.
+- **experimentFeatureState** Feature state for the experiment.
+- **mitigationId** ID value of the mitigation.
+- **mitigationProcessCycleTime** Process cycle time used by the mitigation.
+- **mitigationVersion** String indicating version of the mitigation.
+- **sessionAttempts** Number of Scanner sessions attempted so far by TroubleshootingSvc for this troubleshooter.
+- **SessionId** Random GUID used for grouping events in a session.
+- **totalKernelTime** Total kernel time used by the mitigation.
+- **totalProcesses** Total number of processes assigned to the job object.
+- **totalTerminatedProcesses** Total number of processes in terminated state assigned to the job object.
+- **totalUserTime** Total user mode time used by the job object.
+
+
+### Microsoft.Windows.UpdateHealthTools.UpdateHealthToolsDeviceInformationUploaded
+
+This event is received when the UpdateHealthTools service uploads device information. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **CV** Correlation vector.
+- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user.
+- **PackageVersion** Current package version of remediation.
+- **UpdateHealthToolsDeviceUbrChanged** 1 if the Ubr just changed, 0 otherwise.
+- **UpdateHealthToolsDeviceUri** The URI to be used for push notifications on this device.
+
+
+### Microsoft.Windows.UpdateHealthTools.UpdateHealthToolsServiceIsDSSJoin
+
+This event is sent when a device has been detected as DSS device. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **CV** A correlation vector.
+- **GlobalEventCounter** This is a client side counter which indicates ordering of events sent by this user.
+- **PackageVersion** The package version of the label.
+
+
+
+## Update events
+
+### Update360Telemetry.DriverUpdateSummaryReport
+
+This event collects information regarding the state of devices and drivers on the system, following a reboot, after the install phase of the new device manifest UUP (Unified Update Platform) update scenario, which is used to install a device manifest describing a set of driver packages. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **AnalysisErrorCount** The number of driver packages that could not be analyzed because errors occurred during the analysis.
+- **AppendError** A Boolean indicating if there was an error appending more information to the summary string.
+- **DevicePopulateErrorCount** The number of errors that occurred during the population of the list of all devices on the system, includes information such as, hardware ID, compatible ID.
+- **ErrorCode** The error code returned.
+- **FlightId** The flight ID for the driver manifest update.
+- **ObjectId** The unique value for each diagnostics session.
+- **RelatedCV** Correlation vector value generated from the latest USO scan.
+- **Result** Indicates the result of the update.
+- **ScenarioId** Indicates the update scenario.
+- **SessionId** The unique value for each update session.
+- **Summary** A summary string that contains basic information about driver packages that are part of the device manifest and any devices on the system that those driver packages match.
+- **TruncatedDeviceCount** The number of devices missing from the summary string due to there not being enough room in the string.
+- **TruncatedDriverCount** The number of devices missing from the summary string due to there not being enough room in the string.
+- **UpdateId** Unique ID for each update.
+
+
+### Update360Telemetry.Revert
+
+This event sends data relating to the Revert phase of updating Windows. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **ErrorCode** The error code returned for the Revert phase.
+- **FlightId** Unique ID for the flight (test instance version).
+- **ObjectId** The unique value for each Update Agent mode.
+- **RebootRequired** Indicates reboot is required.
+- **RevertResult** The result code returned for the Revert operation.
+- **ScenarioId** The ID of the update scenario.
+- **SessionId** The ID of the update attempt.
+- **UpdateId** The ID of the update.
+
+
+### Update360Telemetry.UpdateAgentCommit
+
+This event collects information regarding the commit phase of the new Unified Update Platform (UUP) update scenario, which is leveraged by both Mobile and Desktop. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **CancelRequested** Boolean that indicates whether cancel was requested.
+- **ErrorCode** The error code returned for the current install phase.
+- **FlightId** Unique ID for each flight.
+- **ObjectId** Unique value for each Update Agent mode.
+- **RelatedCV** Correlation vector value generated from the latest USO scan.
+- **Result** Outcome of the install phase of the update.
+- **ScenarioId** Indicates the update scenario.
+- **SessionId** Unique value for each update attempt.
+- **UpdateId** Unique ID for each update.
+
+
+### Update360Telemetry.UpdateAgentDownloadRequest
+
+This event sends data for the download request phase of updating Windows via the new Unified Update Platform (UUP) scenario. Applicable to PC and Mobile. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **CancelRequested** Boolean indicating whether a cancel was requested.
+- **ContainsSafeOSDUPackage** Boolean indicating whether Safe DU packages are part of the payload.
+- **DeletedCorruptFiles** Boolean indicating whether corrupt payload was deleted.
+- **DownloadComplete** Indicates if the download is complete.
+- **DownloadedSizeBundle** Cumulative size (in bytes) of the downloaded bundle content.
+- **DownloadedSizeCanonical** Cumulative size (in bytes) of downloaded canonical content.
+- **DownloadedSizeDiff** Cumulative size (in bytes) of downloaded diff content.
+- **DownloadedSizeExpress** Cumulative size (in bytes) of downloaded express content.
+- **DownloadedSizePSFX** Cumulative size (in bytes) of downloaded PSFX content.
+- **DownloadRequests** Number of times a download was retried.
+- **ErrorCode** The error code returned for the current download request phase.
+- **ExtensionName** Indicates whether the payload is related to Operating System content or a plugin.
+- **FlightId** Unique ID for each flight.
+- **InternalFailureResult** Indicates a non-fatal error from a plugin.
+- **NumberOfHops** Number of intermediate packages used to reach target version.
+- **ObjectId** Unique value for each Update Agent mode (same concept as InstanceId for Setup360).
+- **PackageCategoriesSkipped** Indicates package categories that were skipped, if applicable.
+- **PackageCountOptional** Number of optional packages requested.
+- **PackageCountRequired** Number of required packages requested.
+- **PackageCountTotal** Total number of packages needed.
+- **PackageCountTotalBundle** Total number of bundle packages.
+- **PackageCountTotalCanonical** Total number of canonical packages.
+- **PackageCountTotalDiff** Total number of diff packages.
+- **PackageCountTotalExpress** Total number of express packages.
+- **PackageCountTotalPSFX** The total number of PSFX packages.
+- **PackageExpressType** Type of express package.
+- **PackageSizeCanonical** Size of canonical packages in bytes.
+- **PackageSizeDiff** Size of diff packages in bytes.
+- **PackageSizeExpress** Size of express packages in bytes.
+- **PackageSizePSFX** The size of PSFX packages, in bytes.
+- **RangeRequestState** Indicates the range request type used.
+- **RelatedCV** Correlation vector value generated from the latest USO scan.
+- **Result** Outcome of the download request phase of update.
+- **SandboxTaggedForReserves** The sandbox for reserves.
+- **ScenarioId** Indicates the update scenario.
+- **SessionId** Unique value for each attempt (same value for initialize, download, install commit phases).
+- **UpdateId** Unique ID for each update.
+
+
+### Update360Telemetry.UpdateAgentExpand
+
+This event collects information regarding the expansion phase of the new Unified Update Platform (UUP) update scenario, which is leveraged by both Mobile and Desktop. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **CancelRequested** Boolean that indicates whether a cancel was requested.
+- **CanonicalRequestedOnError** Indicates if an error caused a reversion to a different type of compressed update (TRUE or FALSE).
+- **ElapsedTickCount** Time taken for expand phase.
+- **EndFreeSpace** Free space after expand phase.
+- **EndSandboxSize** Sandbox size after expand phase.
+- **ErrorCode** The error code returned for the current install phase.
+- **FlightId** Unique ID for each flight.
+- **ObjectId** Unique value for each Update Agent mode.
+- **RelatedCV** Correlation vector value generated from the latest USO scan.
+- **ScenarioId** Indicates the update scenario.
+- **SessionId** Unique value for each update attempt.
+- **StartFreeSpace** Free space before expand phase.
+- **StartSandboxSize** Sandbox size after expand phase.
+- **UpdateId** Unique ID for each update.
+
+
+### Update360Telemetry.UpdateAgentInitialize
+
+This event sends data for the initialize phase of updating Windows via the new Unified Update Platform (UUP) scenario, which is applicable to both PCs and Mobile. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **ErrorCode** The error code returned for the current install phase.
+- **FlightId** Unique ID for each flight.
+- **FlightMetadata** Contains the FlightId and the build being flighted.
+- **ObjectId** Unique value for each Update Agent mode.
+- **RelatedCV** Correlation vector value generated from the latest USO scan.
+- **Result** Outcome of the install phase of the update.
+- **ScenarioId** Indicates the update scenario.
+- **SessionData** String containing instructions to update agent for processing FODs and DUICs (Null for other scenarios).
+- **SessionId** Unique value for each update attempt.
+- **UpdateId** Unique ID for each update.
+
+
+### Update360Telemetry.UpdateAgentInstall
+
+This event sends data for the install phase of updating Windows. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **CancelRequested** Boolean to indicate whether a cancel was requested.
+- **ErrorCode** The error code returned for the current install phase.
+- **ExtensionName** Indicates whether the payload is related to Operating System content or a plugin.
+- **FlightId** Unique value for each Update Agent mode (same concept as InstanceId for Setup360).
+- **InternalFailureResult** Indicates a non-fatal error from a plugin.
+- **ObjectId** Correlation vector value generated from the latest USO scan.
+- **RelatedCV** Correlation vector value generated from the latest USO scan.
+- **Result** The result for the current install phase.
+- **ScenarioId** Indicates the update scenario.
+- **SessionId** Unique value for each update attempt.
+- **UpdateId** Unique ID for each update.
+
+
+### Update360Telemetry.UpdateAgentMitigationResult
+
+This event sends data indicating the result of each update agent mitigation. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **Applicable** Indicates whether the mitigation is applicable for the current update.
+- **CommandCount** The number of command operations in the mitigation entry.
+- **CustomCount** The number of custom operations in the mitigation entry.
+- **FileCount** The number of file operations in the mitigation entry.
+- **FlightId** Unique identifier for each flight.
+- **Index** The mitigation index of this particular mitigation.
+- **MitigationScenario** The update scenario in which the mitigation was executed.
+- **Name** The friendly name of the mitigation.
+- **ObjectId** Unique value for each Update Agent mode.
+- **OperationIndex** The mitigation operation index (in the event of a failure).
+- **OperationName** The friendly name of the mitigation operation (in the event of failure).
+- **RegistryCount** The number of registry operations in the mitigation entry.
+- **RelatedCV** The correlation vector value generated from the latest USO scan.
+- **Result** The HResult of this operation.
+- **ScenarioId** The update agent scenario ID.
+- **SessionId** Unique value for each update attempt.
+- **TimeDiff** The amount of time spent performing the mitigation (in 100-nanosecond increments).
+- **UpdateId** Unique ID for each Update.
+
+
+### Update360Telemetry.UpdateAgentMitigationSummary
+
+This event sends a summary of all the update agent mitigations available for an this update. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **Applicable** The count of mitigations that were applicable to the system and scenario.
+- **Failed** The count of mitigations that failed.
+- **FlightId** Unique identifier for each flight.
+- **MitigationScenario** The update scenario in which the mitigations were attempted.
+- **ObjectId** The unique value for each Update Agent mode.
+- **RelatedCV** The correlation vector value generated from the latest USO scan.
+- **Result** The HResult of this operation.
+- **ScenarioId** The update agent scenario ID.
+- **SessionId** Unique value for each update attempt.
+- **TimeDiff** The amount of time spent performing all mitigations (in 100-nanosecond increments).
+- **Total** Total number of mitigations that were available.
+- **UpdateId** Unique ID for each update.
+
+
+### Update360Telemetry.UpdateAgentModeStart
+
+This event sends data for the start of each mode during the process of updating Windows via the new Unified Update Platform (UUP) scenario. Applicable to both PCs and Mobile. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **FlightId** Unique ID for each flight.
+- **Mode** Indicates the mode that has started.
+- **ObjectId** Unique value for each Update Agent mode.
+- **RelatedCV** Correlation vector value generated from the latest USO scan.
+- **ScenarioId** Indicates the update scenario.
+- **SessionId** Unique value for each update attempt.
+- **UpdateId** Unique ID for each update.
+- **Version** Version of update
+
+
+### Update360Telemetry.UpdateAgentOneSettings
+
+This event collects information regarding the post reboot phase of the new UUP (Unified Update Platform) update scenario; which is leveraged by both Mobile and Desktop. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **Count** The count of applicable OneSettings for the device.
+- **FlightId** Unique ID for the flight (test instance version).
+- **ObjectId** The unique value for each Update Agent mode.
+- **Parameters** The set of name value pair parameters sent to OneSettings to determine if there are any applicable OneSettings.
+- **RelatedCV** The correlation vector value generated from the latest USO (Update Service Orchestrator) scan.
+- **Result** The HResult of the event.
+- **ScenarioId** The ID of the update scenario.
+- **SessionId** The ID of the update attempt.
+- **UpdateId** The ID of the update.
+- **Values** The values sent back to the device, if applicable.
+
+
+### Update360Telemetry.UpdateAgentPostRebootResult
+
+This event collects information for both Mobile and Desktop regarding the post reboot phase of the new Unified Update Platform (UUP) update scenario. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **ErrorCode** The error code returned for the current post reboot phase.
+- **FlightId** The specific ID of the Windows Insider build the device is getting.
+- **ObjectId** Unique value for each Update Agent mode.
+- **PostRebootResult** Indicates the Hresult.
+- **RelatedCV** Correlation vector value generated from the latest USO scan.
+- **RollbackFailureReason** Indicates the cause of the rollback.
+- **ScenarioId** The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate.
+- **SessionId** Unique value for each update attempt.
+- **UpdateId** Unique ID for each update.
+- **UpdateOutputState** A numeric value indicating the state of the update at the time of reboot.
+
+
+### Update360Telemetry.UpdateAgentReboot
+
+This event sends information indicating that a request has been sent to suspend an update. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **ErrorCode** The error code returned for the current reboot.
+- **FlightId** Unique ID for the flight (test instance version).
+- **IsSuspendable** Indicates whether the update has the ability to be suspended and resumed at the time of reboot. When the machine is rebooted and the update is in middle of Predownload or Install and Setup.exe is running, this field is TRUE, if not its FALSE.
+- **ObjectId** The unique value for each Update Agent mode.
+- **Reason** Indicates the HResult why the machine could not be suspended. If it is successfully suspended, the result is 0.
+- **RelatedCV** The correlation vector value generated from the latest USO (Update Service Orchestrator) scan.
+- **ScenarioId** The ID of the update scenario.
+- **SessionId** The ID of the update attempt.
+- **UpdateId** The ID of the update.
+- **UpdateState** Indicates the state of the machine when Suspend is called. For example, Install, Download, Commit.
+
+
+### Update360Telemetry.UpdateAgentSetupBoxLaunch
+
+The UpdateAgent_SetupBoxLaunch event sends data for the launching of the setup box when updating Windows via the new Unified Update Platform (UUP) scenario. This event is only applicable to PCs. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **ContainsExpressPackage** Indicates whether the download package is express.
+- **FlightId** Unique ID for each flight.
+- **FreeSpace** Free space on OS partition.
+- **InstallCount** Number of install attempts using the same sandbox.
+- **ObjectId** Unique value for each Update Agent mode.
+- **Quiet** Indicates whether setup is running in quiet mode.
+- **RelatedCV** Correlation vector value generated from the latest USO scan.
+- **SandboxSize** Size of the sandbox.
+- **ScenarioId** Indicates the update scenario.
+- **SessionId** Unique value for each update attempt.
+- **SetupLaunchAttemptCount** Indicates the count of attempts to launch setup for the current Update Agent instance.
+- **SetupMode** Mode of setup to be launched.
+- **UpdateId** Unique ID for each Update.
+- **UserSession** Indicates whether install was invoked by user actions.
+
+
+## Upgrade events
+
+### FacilitatorTelemetry.DCATDownload
+
+This event indicates whether devices received additional or critical supplemental content during an OS Upgrade, to help keep Windows up to date and secure.
+
+The following fields are available:
+
+- **DownloadSize** Download size of payload.
+- **ElapsedTime** Time taken to download payload.
+- **MediaFallbackUsed** Used to determine if we used Media CompDBs to figure out package requirements for the upgrade.
+- **ResultCode** Result returned by the Facilitator DCAT call.
+- **Scenario** Dynamic update scenario (Image DU, or Setup DU).
+- **Type** Type of package that was downloaded.
+- **UpdateId** The ID of the update that was downloaded.
+
+
+### FacilitatorTelemetry.DUDownload
+
+This event returns data about the download of supplemental packages critical to upgrading a device to the next version of Windows. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **PackageCategoriesFailed** Lists the categories of packages that failed to download.
+- **PackageCategoriesSkipped** Lists the categories of package downloads that were skipped.
+
+
+### FacilitatorTelemetry.InitializeDU
+
+This event determines whether devices received additional or critical supplemental content during an OS upgrade. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **DownloadRequestAttributes** The attributes we send to DCAT.
+- **ResultCode** The result returned from the initiation of Facilitator with the URL/attributes.
+- **Scenario** Dynamic Update scenario (Image DU, or Setup DU).
+- **Url** The Delivery Catalog (DCAT) URL we send the request to.
+- **Version** Version of Facilitator.
+
+
+### Setup360Telemetry.Downlevel
+
+This event sends data indicating that the device has started the downlevel phase of the upgrade, to help keep Windows up to date and secure.
+
+The following fields are available:
+
+- **ClientId** If using Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, the default value is Media360, but it can be overwritten by the caller to a unique value.
+- **FlightData** Unique value that identifies the flight.
+- **HostOSBuildNumber** The build number of the downlevel OS.
+- **HostOsSkuName** The operating system edition which is running Setup360 instance (downlevel OS).
+- **InstanceId** A unique GUID that identifies each instance of setuphost.exe.
+- **ReportId** In the Windows Update scenario, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
+- **Setup360Extended** More detailed information about phase/action when the potential failure occurred.
+- **Setup360Mode** The phase of Setup360 (for example, Predownload, Install, Finalize, Rollback).
+- **Setup360Result** The result of Setup360 (HRESULT used to diagnose errors).
+- **Setup360Scenario** The Setup360 flow type (for example, Boot, Media, Update, MCT).
+- **SetupVersionBuildNumber** The build number of Setup360 (build number of the target OS).
+- **State** Exit state of given Setup360 run. Example: succeeded, failed, blocked, cancelled.
+- **TestId** An ID that uniquely identifies a group of events.
+- **WuId** This is the Windows Update Client ID. In the Windows Update scenario, this is the same as the clientId.
+
+
+### Setup360Telemetry.Finalize
+
+This event sends data indicating that the device has started the phase of finalizing the upgrade, to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **ClientId** With Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
+- **FlightData** Unique value that identifies the flight.
+- **HostOSBuildNumber** The build number of the previous OS.
+- **HostOsSkuName** The OS edition which is running Setup360 instance (previous OS).
+- **InstanceId** A unique GUID that identifies each instance of setuphost.exe
+- **ReportId** With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
+- **Setup360Extended** More detailed information about the phase/action when the potential failure occurred.
+- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
+- **Setup360Result** The result of Setup360. This is an HRESULT error code that is used to diagnose errors.
+- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT.
+- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS).
+- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled.
+- **TestId** ID that uniquely identifies a group of events.
+- **WuId** This is the Windows Update Client ID. With Windows Update, this is the same as the clientId.
+
+
+### Setup360Telemetry.OsUninstall
+
+This event sends data regarding OS updates and upgrades from Windows 7, Windows 8, Windows 10, and Windows 11. Specifically, it indicates the outcome of an OS uninstall. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **ClientId** For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
+- **FlightData** Unique value that identifies the flight.
+- **HostOSBuildNumber** The build number of the previous OS.
+- **HostOsSkuName** The OS edition which is running the Setup360 instance (previous OS).
+- **InstanceId** A unique GUID that identifies each instance of setuphost.exe.
+- **ReportId** For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, this is the GUID for the install.wim.
+- **Setup360Extended** Detailed information about the phase or action when the potential failure occurred.
+- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
+- **Setup360Result** The result of Setup360. This is an HRESULT error code that is used to diagnose errors.
+- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT
+- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS).
+- **State** Exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled.
+- **TestId** ID that uniquely identifies a group of events.
+- **WuId** Windows Update client ID.
+
+
+### Setup360Telemetry.PostRebootInstall
+
+This event sends data indicating that the device has invoked the post reboot install phase of the upgrade, to help keep Windows up-to-date.
+
+The following fields are available:
+
+- **ClientId** With Windows Update, this is the Windows Update client ID that is passed to Setup. In Media setup, the default value is Media360, but can be overwritten by the caller to a unique value.
+- **FlightData** Unique value that identifies the flight.
+- **HostOSBuildNumber** The build number of the previous OS.
+- **HostOsSkuName** The OS edition which is running Setup360 instance (previous OS).
+- **InstanceId** A unique GUID that identifies each instance of setuphost.exe.
+- **ReportId** With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
+- **Setup360Extended** Extension of result - more granular information about phase/action when the potential failure happened
+- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback
+- **Setup360Result** The result of Setup360. This is an HRESULT error code that's used to diagnose errors.
+- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT
+- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS).
+- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled
+- **TestId** A string to uniquely identify a group of events.
+- **WuId** This is the Windows Update Client ID. With Windows Update, this is the same as ClientId.
+
+
+### Setup360Telemetry.PreDownloadQuiet
+
+This event sends data indicating that the device has invoked the predownload quiet phase of the upgrade, to help keep Windows up to date.
+
+The following fields are available:
+
+- **ClientId** Using Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
+- **FlightData** Unique value that identifies the flight.
+- **HostOSBuildNumber** The build number of the previous OS.
+- **HostOsSkuName** The OS edition which is running Setup360 instance (previous operating system).
+- **InstanceId** A unique GUID that identifies each instance of setuphost.exe.
+- **ReportId** Using Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
+- **Setup360Extended** Detailed information about the phase/action when the potential failure occurred.
+- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
+- **Setup360Result** The result of Setup360. This is an HRESULT error code that is used to diagnose errors.
+- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT.
+- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS).
+- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, canceled.
+- **TestId** ID that uniquely identifies a group of events.
+- **WuId** This is the Windows Update Client ID. Using Windows Update, this is the same as the clientId.
+
+
+### Setup360Telemetry.PreDownloadUX
+
+This event sends data regarding OS Updates and Upgrades from Windows 7.X, Windows 8.X, Windows 10, Windows 11 and RS, to help keep Windows up-to-date and secure. Specifically, it indicates the outcome of the PredownloadUX portion of the update process.
+
+The following fields are available:
+
+- **ClientId** For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
+- **FlightData** In the WU scenario, this will be the WU client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
+- **HostOSBuildNumber** The build number of the previous operating system.
+- **HostOsSkuName** The OS edition which is running the Setup360 instance (previous operating system).
+- **InstanceId** Unique GUID that identifies each instance of setuphost.exe.
+- **ReportId** For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, this is the GUID for the install.wim.
+- **Setup360Extended** Detailed information about the phase/action when the potential failure occurred.
+- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
+- **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used to diagnose errors.
+- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT.
+- **SetupVersionBuildNumber** The build number of Setup360 (build number of the target OS).
+- **State** The exit state of the Setup360 run. Example: succeeded, failed, blocked, cancelled.
+- **TestId** ID that uniquely identifies a group of events.
+- **WuId** Windows Update client ID.
+
+
+### Setup360Telemetry.PreInstallQuiet
+
+This event sends data indicating that the device has invoked the preinstall quiet phase of the upgrade, to help keep Windows up-to-date.
+
+The following fields are available:
+
+- **ClientId** With Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
+- **FlightData** Unique value that identifies the flight.
+- **HostOSBuildNumber** The build number of the previous OS.
+- **HostOsSkuName** The OS edition which is running Setup360 instance (previous OS).
+- **InstanceId** A unique GUID that identifies each instance of setuphost.exe
+- **ReportId** With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
+- **Setup360Extended** Detailed information about the phase/action when the potential failure occurred.
+- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
+- **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used to diagnose errors.
+- **Setup360Scenario** Setup360 flow type (Boot, Media, Update, MCT).
+- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS).
+- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled.
+- **TestId** A string to uniquely identify a group of events.
+- **WuId** This is the Windows Update Client ID. With Windows Update, this is the same as the clientId.
+
+
+### Setup360Telemetry.PreInstallUX
+
+This event sends data regarding OS updates and upgrades from Windows 7, Windows 8, Windows 10, and Windows 11, to help keep Windows up-to-date. Specifically, it indicates the outcome of the PreinstallUX portion of the update process.
+
+The following fields are available:
+
+- **ClientId** For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
+- **FlightData** Unique value that identifies the flight.
+- **HostOSBuildNumber** The build number of the previous OS.
+- **HostOsSkuName** The OS edition which is running the Setup360 instance (previous OS).
+- **InstanceId** A unique GUID that identifies each instance of setuphost.exe.
+- **ReportId** For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, this is the GUID for the install.wim.
+- **Setup360Extended** Detailed information about the phase/action when the potential failure occurred.
+- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
+- **Setup360Result** The result of Setup360. This is an HRESULT error code that is used to diagnose errors.
+- **Setup360Scenario** The Setup360 flow type, Example: Boot, Media, Update, MCT.
+- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS).
+- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled.
+- **TestId** A string to uniquely identify a group of events.
+- **WuId** Windows Update client ID.
+
+
+### Setup360Telemetry.Setup360
+
+This event sends data about OS deployment scenarios, to help keep Windows up-to-date.
+
+The following fields are available:
+
+- **ClientId** Retrieves the upgrade ID. In the Windows Update scenario, this will be the Windows Update client ID. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
+- **FieldName** Retrieves the data point.
+- **FlightData** Specifies a unique identifier for each group of Windows Insider builds.
+- **InstanceId** Retrieves a unique identifier for each instance of a setup session.
+- **ReportId** Retrieves the report ID.
+- **ScenarioId** Retrieves the deployment scenario.
+- **Value** Retrieves the value associated with the corresponding FieldName.
+
+
+### Setup360Telemetry.Setup360DynamicUpdate
+
+This event helps determine whether the device received supplemental content during an operating system upgrade, to help keep Windows up-to-date.
+
+The following fields are available:
+
+- **FlightData** Specifies a unique identifier for each group of Windows Insider builds.
+- **InstanceId** Retrieves a unique identifier for each instance of a setup session.
+- **Operation** Facilitator's last known operation (scan, download, etc.).
+- **ReportId** ID for tying together events stream side.
+- **ResultCode** Result returned for the entire setup operation.
+- **Scenario** Dynamic Update scenario (Image DU, or Setup DU).
+- **ScenarioId** Identifies the update scenario.
+- **TargetBranch** Branch of the target OS.
+- **TargetBuild** Build of the target OS.
+
+
+### Setup360Telemetry.Setup360MitigationResult
+
+This event sends data indicating the result of each setup mitigation. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **Applicable** TRUE if the mitigation is applicable for the current update.
+- **ClientId** In the Windows Update scenario, this is the client ID passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
+- **CommandCount** The number of command operations in the mitigation entry.
+- **CustomCount** The number of custom operations in the mitigation entry.
+- **FileCount** The number of file operations in the mitigation entry.
+- **FlightData** The unique identifier for each flight (test release).
+- **Index** The mitigation index of this particular mitigation.
+- **InstanceId** The GUID (Globally Unique ID) that identifies each instance of SetupHost.EXE.
+- **MitigationScenario** The update scenario in which the mitigation was executed.
+- **Name** The friendly (descriptive) name of the mitigation.
+- **OperationIndex** The mitigation operation index (in the event of a failure).
+- **OperationName** The friendly (descriptive) name of the mitigation operation (in the event of failure).
+- **RegistryCount** The number of registry operations in the mitigation entry.
+- **ReportId** In the Windows Update scenario, the Update ID that is passed to Setup. In media setup, this is the GUID for the INSTALL.WIM.
+- **Result** HResult of this operation.
+- **ScenarioId** Setup360 flow type.
+- **TimeDiff** The amount of time spent performing the mitigation (in 100-nanosecond increments).
+
+
+### Setup360Telemetry.Setup360MitigationSummary
+
+This event sends a summary of all the setup mitigations available for this update. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **Applicable** The count of mitigations that were applicable to the system and scenario.
+- **ClientId** The Windows Update client ID passed to Setup.
+- **Failed** The count of mitigations that failed.
+- **FlightData** The unique identifier for each flight (test release).
+- **InstanceId** The GUID (Globally Unique ID) that identifies each instance of SetupHost.EXE.
+- **MitigationScenario** The update scenario in which the mitigations were attempted.
+- **ReportId** In the Windows Update scenario, the Update ID that is passed to Setup. In media setup, this is the GUID for the INSTALL.WIM.
+- **Result** HResult of this operation.
+- **ScenarioId** Setup360 flow type.
+- **TimeDiff** The amount of time spent performing the mitigation (in 100-nanosecond increments).
+- **Total** The total number of mitigations that were available.
+
+
+### Setup360Telemetry.Setup360OneSettings
+
+This event collects information regarding the post reboot phase of the new UUP (Unified Update Platform) update scenario; which is leveraged by both Mobile and Desktop. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **ClientId** The Windows Update client ID passed to Setup.
+- **Count** The count of applicable OneSettings for the device.
+- **FlightData** The ID for the flight (test instance version).
+- **InstanceId** The GUID (Globally-Unique ID) that identifies each instance of setuphost.exe.
+- **Parameters** The set of name value pair parameters sent to OneSettings to determine if there are any applicable OneSettings.
+- **ReportId** The Update ID passed to Setup.
+- **Result** The HResult of the event error.
+- **ScenarioId** The update scenario ID.
+- **Values** Values sent back to the device, if applicable.
+
+
+### Setup360Telemetry.UnexpectedEvent
+
+This event sends data indicating that the device has invoked the unexpected event phase of the upgrade, to help keep Windows up to date.
+
+The following fields are available:
+
+- **ClientId** With Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
+- **FlightData** Unique value that identifies the flight.
+- **HostOSBuildNumber** The build number of the previous OS.
+- **HostOsSkuName** The OS edition which is running Setup360 instance (previous OS).
+- **InstanceId** A unique GUID that identifies each instance of setuphost.exe
+- **ReportId** With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
+- **Setup360Extended** Detailed information about the phase/action when the potential failure occurred.
+- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
+- **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used used to diagnose errors.
+- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT.
+- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS).
+- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled.
+- **TestId** A string to uniquely identify a group of events.
+- **WuId** This is the Windows Update Client ID. With Windows Update, this is the same as the clientId.
+
+
+## Windows as a Service diagnostic events
+
+### Microsoft.Windows.WaaSMedic.StackDataResetPerformAction
+
+This event removes the datastore and allows corrupt devices to reattempt the update. The data collected with this event is used to help keep Windows up to date and performing properly.
+
+The following fields are available:
+
+- **DatastoreSizeInMB** Size of Datastore.edb file. Default: -1 if not set/unknown.
+- **FreeSpaceInGB** Free space on the device before deleting the datastore. Default: -1 if not set/unknown.
+- **HrLastFailure** Error code from the failed removal.
+- **HrResetDatastore** Result of the attempted removal.
+- **HrStopGroupOfServices** Result of stopping the services.
+- **MaskServicesStopped** Bit field to indicate which services were stopped succesfully. Bit on means success. List of services: usosvc(1<<0), dosvc(1<<1), wuauserv(1<<2), bits(1<<3).
+- **NumberServicesToStop** The number of services that require manual stopping.
+
+
+### Microsoft.Windows.WaaSMedic.SummaryEvent
+
+This event provides the result of the WaaSMedic operation. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **callerApplication** The name of the calling application.
+- **capsuleCount** The number of Sediment Pack capsules.
+- **capsuleFailureCount** The number of capsule failures.
+- **detectionSummary** Result of each applicable detection that was run.
+- **featureAssessmentImpact** WaaS Assessment impact for feature updates.
+- **hrEngineBlockReason** Indicates the reason for stopping WaaSMedic.
+- **hrEngineResult** Error code from the engine operation.
+- **hrLastSandboxError** The last error sent by the WaaSMedic sandbox.
+- **initSummary** Summary data of the initialization method.
+- **isInteractiveMode** The user started a run of WaaSMedic.
+- **isManaged** Device is managed for updates.
+- **isWUConnected** Device is connected to Windows Update.
+- **noMoreActions** No more applicable diagnostics.
+- **pluginFailureCount** The number of plugins that have failed.
+- **pluginsCount** The number of plugins.
+- **qualityAssessmentImpact** WaaS Assessment impact for quality updates.
+- **remediationSummary** Result of each operation performed on a device to fix an invalid state or configuration that's preventing the device from getting updates. For example, if Windows Update service is turned off, the fix is to turn the it back on.
+- **usingBackupFeatureAssessment** Relying on backup feature assessment.
+- **usingBackupQualityAssessment** Relying on backup quality assessment.
+- **usingCachedFeatureAssessment** WaaS Medic run did not get OS build age from the network on the previous run.
+- **usingCachedQualityAssessment** WaaS Medic run did not get OS revision age from the network on the previous run.
+- **versionString** Version of the WaaSMedic engine.
+- **waasMedicRunMode** Indicates whether this was a background regular run of the medic or whether it was triggered by a user launching Windows Update Troubleshooter.
+
+
+## Windows Error Reporting events
+
+### Microsoft.Windows.WERVertical.OSCrash
+
+This event sends binary data from the collected dump file wheneveer a bug check occurs, to help keep Windows up to date. The is the OneCore version of this event.
+
+The following fields are available:
+
+- **BootId** Uint32 identifying the boot number for this device.
+- **BugCheckCode** Uint64 "bugcheck code" that identifies a proximate cause of the bug check.
+- **BugCheckParameter1** Uint64 parameter providing additional information.
+- **BugCheckParameter2** Uint64 parameter providing additional information.
+- **BugCheckParameter3** Uint64 parameter providing additional information.
+- **BugCheckParameter4** Uint64 parameter providing additional information.
+- **DumpFileAttributes** Codes that identify the type of data contained in the dump file
+- **DumpFileSize** Size of the dump file
+- **IsValidDumpFile** True if the dump file is valid for the debugger, false otherwise
+- **ReportId** WER Report Id associated with this bug check (used for finding the corresponding report archive in Watson).
+
+
+## Windows Hardware Error Architecture events
+
+### WheaProvider.WheaDriverErrorExternal
+
+This event is sent when a common platform hardware error is recorded by an external WHEA error source driver. The data collected with this event is used to help keep Windows up to date and performing properly.
+
+The following fields are available:
+
+- **creatorId** A GUID that identifies the entity that created the error record.
+- **errorFlags** Flags set on the error record.
+- **notifyType** A GUID that identifies the notification mechanism by which an error condition is reported to the operating system.
+- **partitionId** A GUID that identifies the partition on which the hardware error occurred.
+- **platformId** A GUID that identifies the platform on which the hardware error occurred.
+- **record** A binary blob containing the full error record. Due to the nature of common platform error records we have no way of fully parsing this blob for any given record.
+- **recordId** The identifier of the error record. This identifier is unique only on the system that created the error record.
+- **sectionFlags** The flags for each section recorded in the error record.
+- **sectionTypes** A GUID that represents the type of sections contained in the error record.
+- **severityCount** The severity of each individual section.
+- **timeStamp** Error time stamp as recorded in the error record.
+
+
+### WheaProvider.WheaDriverExternalLogginLimitReached
+
+This event indicates that WHEA has reached the logging limit for critical events from external drivers. The data collected with this event is used to help keep Windows up to date and performing properly.
+
+The following fields are available:
+
+- **timeStamp** Time at which the logging limit was reached.
+
+
+### WheaProvider.WheaErrorRecord
+
+This event collects data about common platform hardware error recorded by the Windows Hardware Error Architecture (WHEA) mechanism. The data collected with this event is used to help keep Windows up to date and performing properly.
+
+The following fields are available:
+
+- **creatorId** The unique identifier for the entity that created the error record.
+- **errorFlags** Any flags set on the error record.
+- **notifyType** The unique identifier for the notification mechanism which reported the error to the operating system.
+- **partitionId** The unique identifier for the partition on which the hardware error occurred.
+- **platformId** The unique identifier for the platform on which the hardware error occurred.
+- **record** A collection of binary data containing the full error record.
+- **recordId** The identifier of the error record.
+- **sectionFlags** The flags for each section recorded in the error record.
+- **sectionTypes** The unique identifier that represents the type of sections contained in the error record.
+- **severityCount** The severity of each individual section.
+- **timeStamp** The error time stamp as recorded in the error record.
+
+
+## Windows Update CSP events
+
+### Microsoft.Windows.UpdateCsp.ExecuteRollBackFeatureFailed
+
+This event sends basic telemetry on the failure of the Feature Rollback. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **current** Result of currency check.
+- **dismOperationSucceeded** Dism uninstall operation status.
+- **hResult** Failure error code.
+- **oSVersion** Build number of the device.
+- **paused** Indicates whether the device is paused.
+- **rebootRequestSucceeded** Reboot Configuration Service Provider (CSP) call success status.
+- **sacDevice** This is the device info.
+- **wUfBConnected** Result of WUfB connection check.
+
+
+### Microsoft.Windows.UpdateCsp.ExecuteRollBackFeatureNotApplicable
+
+This event sends basic telemetry on whether Feature Rollback (rolling back features updates) is applicable to a device. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **current** Result of currency check.
+- **dismOperationSucceeded** Dism uninstall operation status.
+- **oSVersion** Build number of the device.
+- **paused** Indicates whether the device is paused.
+- **rebootRequestSucceeded** Reboot Configuration Service Provider (CSP) call success status.
+- **sacDevice** Represents the device info.
+- **wUfBConnected** Result of WUfB connection check.
+
+
+### Microsoft.Windows.UpdateCsp.ExecuteRollBackFeatureStarted
+
+This event sends basic information indicating that Feature Rollback has started. The data collected with this event is used to help keep Windows secure and up to date.
+
+
+
+### Microsoft.Windows.UpdateCsp.ExecuteRollBackQualityFailed
+
+This event sends basic telemetry on the failure of the rollback of the Quality/LCU builds. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **current** Result of currency check.
+- **dismOperationSucceeded** Dism uninstall operation status.
+- **hResult** Failure Error code.
+- **oSVersion** Build number of the device.
+- **paused** Indicates whether the device is paused.
+- **rebootRequestSucceeded** Reboot Configuration Service Provider (CSP) call success status.
+- **sacDevice** Release Channel.
+- **wUfBConnected** Result of Windows Update for Business connection check.
+
+
+### Microsoft.Windows.UpdateCsp.ExecuteRollBackQualityNotApplicable
+
+This event informs you whether a rollback of Quality updates is applicable to the devices that you are attempting to rollback. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **current** Result of currency check.
+- **dismOperationSucceeded** Dism uninstall operation status.
+- **oSVersion** Build number of the device.
+- **paused** Indicates whether the device is paused.
+- **rebootRequestSucceeded** Reboot Configuration Service Provider (CSP) call success status.
+- **sacDevice** Device in the semi-annual channel.
+- **wUfBConnected** Result of WUfB connection check.
+
+
+### Microsoft.Windows.UpdateCsp.ExecuteRollBackQualityStarted
+
+This event indicates that the Quality Rollback process has started. The data collected with this event is used to help keep Windows secure and up to date.
+
+
+
+## Windows Update Delivery Optimization events
+
+### Microsoft.OSG.DU.DeliveryOptClient.DownloadCanceled
+
+This event describes when a download was canceled with Delivery Optimization. It's used to understand and address problems regarding downloads. The data collected with this event is used to help keep Windows up to date.
+
+The following fields are available:
+
+- **background** Is the download being done in the background?
+- **bytesFromCacheServer** Bytes received from a cache host.
+- **bytesFromCDN** The number of bytes received from a CDN source.
+- **bytesFromGroupPeers** The number of bytes received from a peer in the same group.
+- **bytesFromIntPeers** The number of bytes received from peers not in the same LAN or in the same group.
+- **bytesFromLedbat** The number of bytes received from a source using an Ledbat enabled connection.
+- **bytesFromLinkLocalPeers** The number of bytes received from local peers.
+- **bytesFromLocalCache** Bytes copied over from local (on disk) cache.
+- **bytesFromPeers** The number of bytes received from a peer in the same LAN.
+- **cdnErrorCodes** A list of CDN connection errors since the last FailureCDNCommunication event.
+- **cdnErrorCounts** The number of times each error in cdnErrorCodes was encountered.
+- **cdnIp** The IP Address of the source CDN (Content Delivery Network).
+- **cdnUrl** The URL of the source CDN (Content Delivery Network).
+- **dataSourcesTotal** Bytes received per source type, accumulated for the whole session.
+- **errorCode** The error code that was returned.
+- **experimentId** When running a test, this is used to correlate events that are part of the same test.
+- **fileID** The ID of the file being downloaded.
+- **isVpn** Is the device connected to a Virtual Private Network?
+- **jobID** Identifier for the Windows Update job.
+- **predefinedCallerName** The name of the API Caller.
+- **reasonCode** Reason the action or event occurred.
+- **routeToCacheServer** The cache server setting, source, and value.
+- **sessionID** The ID of the file download session.
+- **sessionTimeMs** The duration of the download session, spanning multiple jobs, in milliseconds.
+- **totalTimeMs** The duration of the download, in milliseconds.
+- **updateID** The ID of the update being downloaded.
+
+
+### Microsoft.OSG.DU.DeliveryOptClient.DownloadCompleted
+
+This event describes when a download has completed with Delivery Optimization. It's used to understand and address problems regarding downloads. The data collected with this event is used to help keep Windows up to date.
+
+The following fields are available:
+
+- **background** Is the download a background download?
+- **bytesFromCacheServer** Bytes received from a cache host.
+- **bytesFromCDN** The number of bytes received from a CDN source.
+- **bytesFromGroupPeers** The number of bytes received from a peer in the same domain group.
+- **bytesFromIntPeers** The number of bytes received from peers not in the same LAN or in the same domain group.
+- **bytesFromLedbat** The number of bytes received from source using an Ledbat enabled connection.
+- **bytesFromLinkLocalPeers** The number of bytes received from local peers.
+- **bytesFromLocalCache** Bytes copied over from local (on disk) cache.
+- **bytesFromPeers** The number of bytes received from a peer in the same LAN.
+- **bytesRequested** The total number of bytes requested for download.
+- **cacheServerConnectionCount** Number of connections made to cache hosts.
+- **cdnConnectionCount** The total number of connections made to the CDN.
+- **cdnErrorCodes** A list of CDN connection errors since the last FailureCDNCommunication event.
+- **cdnErrorCounts** The number of times each error in cdnErrorCodes was encountered.
+- **cdnIp** The IP address of the source CDN.
+- **cdnUrl** Url of the source Content Distribution Network (CDN).
+- **congestionPrevention** Indicates a download may have been suspended to prevent network congestion.
+- **dataSourcesTotal** Bytes received per source type, accumulated for the whole session.
+- **downlinkBps** The maximum measured available download bandwidth (in bytes per second).
+- **downlinkUsageBps** The download speed (in bytes per second).
+- **downloadMode** The download mode used for this file download session.
+- **downloadModeReason** Reason for the download.
+- **downloadModeSrc** Source of the DownloadMode setting.
+- **experimentId** When running a test, this is used to correlate with other events that are part of the same test.
+- **expiresAt** The time when the content will expire from the Delivery Optimization Cache.
+- **fileID** The ID of the file being downloaded.
+- **fileSize** The size of the file being downloaded.
+- **groupConnectionCount** The total number of connections made to peers in the same group.
+- **groupID** A GUID representing a custom group of devices.
+- **internetConnectionCount** The total number of connections made to peers not in the same LAN or the same group.
+- **isEncrypted** TRUE if the file is encrypted and will be decrypted after download.
+- **isThrottled** Event Rate throttled (event represents aggregated data).
+- **isVpn** Is the device connected to a Virtual Private Network?
+- **jobID** Identifier for the Windows Update job.
+- **lanConnectionCount** The total number of connections made to peers in the same LAN.
+- **linkLocalConnectionCount** The number of connections made to peers in the same Link-local network.
+- **numPeers** The total number of peers used for this download.
+- **numPeersLocal** The total number of local peers used for this download.
+- **predefinedCallerName** The name of the API Caller.
+- **restrictedUpload** Is the upload restricted?
+- **routeToCacheServer** The cache server setting, source, and value.
+- **sessionID** The ID of the download session.
+- **sessionTimeMs** The duration of the session, in milliseconds.
+- **totalTimeMs** Duration of the download (in seconds).
+- **updateID** The ID of the update being downloaded.
+- **uplinkBps** The maximum measured available upload bandwidth (in bytes per second).
+- **uplinkUsageBps** The upload speed (in bytes per second).
+
+
+### Microsoft.OSG.DU.DeliveryOptClient.DownloadPaused
+
+This event represents a temporary suspension of a download with Delivery Optimization. It's used to understand and address problems regarding downloads. The data collected with this event is used to help keep Windows up to date.
+
+The following fields are available:
+
+- **background** Is the download a background download?
+- **cdnUrl** The URL of the source CDN (Content Delivery Network).
+- **errorCode** The error code that was returned.
+- **experimentId** When running a test, this is used to correlate with other events that are part of the same test.
+- **fileID** The ID of the file being paused.
+- **isVpn** Is the device connected to a Virtual Private Network?
+- **jobID** Identifier for the Windows Update job.
+- **predefinedCallerName** The name of the API Caller object.
+- **reasonCode** The reason for pausing the download.
+- **routeToCacheServer** The cache server setting, source, and value.
+- **sessionID** The ID of the download session.
+- **sessionTimeMs** The duration of the download session, spanning multiple jobs, in milliseconds.
+- **totalTimeMs** The duration of the download, in milliseconds.
+- **updateID** The ID of the update being paused.
+
+
+### Microsoft.OSG.DU.DeliveryOptClient.DownloadStarted
+
+This event sends data describing the start of a new download to enable Delivery Optimization. It's used to understand and address problems regarding downloads. The data collected with this event is used to help keep Windows up to date.
+
+The following fields are available:
+
+- **background** Indicates whether the download is happening in the background.
+- **bytesRequested** Number of bytes requested for the download.
+- **cdnUrl** The URL of the source Content Distribution Network (CDN).
+- **costFlags** A set of flags representing network cost.
+- **deviceProfile** Identifies the usage or form factor (such as Desktop, Xbox, or VM).
+- **diceRoll** Random number used for determining if a client will use peering.
+- **doClientVersion** The version of the Delivery Optimization client.
+- **downloadMode** The download mode used for this file download session (CdnOnly = 0, Lan = 1, Group = 2, Internet = 3, Simple = 99, Bypass = 100).
+- **downloadModeReason** Reason for the download.
+- **downloadModeSrc** Source of the DownloadMode setting (KvsProvider = 0, GeoProvider = 1, GeoVerProvider = 2, CpProvider = 3, DiscoveryProvider = 4, RegistryProvider = 5, GroupPolicyProvider = 6, MdmProvider = 7, SettingsProvider = 8, InvalidProviderType = 9).
+- **errorCode** The error code that was returned.
+- **experimentId** ID used to correlate client/services calls that are part of the same test during A/B testing.
+- **fileID** The ID of the file being downloaded.
+- **filePath** The path to where the downloaded file will be written.
+- **fileSize** Total file size of the file that was downloaded.
+- **fileSizeCaller** Value for total file size provided by our caller.
+- **groupID** ID for the group.
+- **isEncrypted** Indicates whether the download is encrypted.
+- **isThrottled** Indicates the Event Rate was throttled (event represent aggregated data).
+- **isVpn** Indicates whether the device is connected to a Virtual Private Network.
+- **jobID** The ID of the Windows Update job.
+- **peerID** The ID for this delivery optimization client.
+- **predefinedCallerName** Name of the API caller.
+- **routeToCacheServer** Cache server setting, source, and value.
+- **sessionID** The ID for the file download session.
+- **setConfigs** A JSON representation of the configurations that have been set, and their sources.
+- **updateID** The ID of the update being downloaded.
+
+
+### Microsoft.OSG.DU.DeliveryOptClient.FailureCdnCommunication
+
+This event represents a failure to download from a CDN with Delivery Optimization. It's used to understand and address problems regarding downloads. The data collected with this event is used to help keep Windows up to date.
+
+The following fields are available:
+
+- **cdnHeaders** The HTTP headers returned by the CDN.
+- **cdnIp** The IP address of the CDN.
+- **cdnUrl** The URL of the CDN.
+- **errorCode** The error code that was returned.
+- **errorCount** The total number of times this error code was seen since the last FailureCdnCommunication event was encountered.
+- **experimentId** When running a test, this is used to correlate with other events that are part of the same test.
+- **fileID** The ID of the file being downloaded.
+- **httpStatusCode** The HTTP status code returned by the CDN.
+- **isHeadRequest** The type of HTTP request that was sent to the CDN. Example: HEAD or GET
+- **peerType** The type of peer (LAN, Group, Internet, CDN, Cache Host, etc.).
+- **requestOffset** The byte offset within the file in the sent request.
+- **requestSize** The size of the range requested from the CDN.
+- **responseSize** The size of the range response received from the CDN.
+- **sessionID** The ID of the download session.
+
+
+## Windows Update events
+
+### Microsoft.Windows.Update.DataMigrationFramework.DmfMigrationCompleted
+
+This event sends data collected at the end of the Data Migration Framework (DMF) and parameters involved in its invocation, to help keep Windows up to date.
+
+The following fields are available:
+
+- **CorrelationVectors** The correlation vectors associated with migration.
+- **MigrationDurationInMilliseconds** How long the DMF migration took (in milliseconds)
+- **MigrationEndTime** A system timestamp of when the DMF migration completed.
+- **WuClientId** The GUID of the Windows Update client responsible for triggering the DMF migration
+
+
+### Microsoft.Windows.Update.DataMigrationFramework.DmfMigrationStarted
+
+This event sends data collected at the beginning of the Data Migration Framework (DMF) and parameters involved in its invocation, to help keep Windows up to date.
+
+The following fields are available:
+
+- **CorrelationVectors** CVs associated with each phase.
+- **MigrationMicrosoftPhases** The number of Microsoft-authored migrators scheduled to be ran by DMF for this upgrade
+- **MigrationOEMPhases** The number of OEM-authored migrators scheduled to be ran by DMF for this upgrade
+- **MigrationStartTime** The timestamp representing the beginning of the DMF migration
+- **WuClientId** The GUID of the Windows Update client invoking DMF
+
+
+### Microsoft.Windows.Update.DataMigrationFramework.MigratorResult
+
+This event sends DMF migrator data to help keep Windows up to date.
+
+The following fields are available:
+
+- **CurrentStep** This is the last step the migrator reported before returning a result. This tells us how far through the individual migrator the device was before failure.
+- **ErrorCode** The result (as an HRESULT) of the migrator that just completed.
+- **MigratorId** A GUID identifying the migrator that just completed.
+- **MigratorName** The name of the migrator that just completed.
+- **RunDurationInSeconds** The time it took for the migrator to complete.
+- **TotalSteps** Migrators report progress in number of completed steps against the total steps. This is the total number of steps.
+
+
+### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentAnalysisSummary
+
+This event collects information regarding the state of devices and drivers on the system following a reboot after the install phase of the new device manifest UUP (Unified Update Platform) update scenario which is used to install a device manifest describing a set of driver packages. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **activated** Whether the entire device manifest update is considered activated and in use.
+- **analysisErrorCount** The number of driver packages that could not be analyzed because errors occurred during analysis.
+- **flightId** Unique ID for each flight.
+- **missingDriverCount** The number of driver packages delivered by the device manifest that are missing from the system.
+- **missingUpdateCount** The number of updates in the device manifest that are missing from the system.
+- **objectId** Unique value for each diagnostics session.
+- **publishedCount** The number of drivers packages delivered by the device manifest that are published and available to be used on devices.
+- **relatedCV** Correlation vector value generated from the latest USO scan.
+- **scenarioId** Indicates the update scenario.
+- **sessionId** Unique value for each update session.
+- **summary** A summary string that contains basic information about driver packages that are part of the device manifest and any devices on the system that those driver packages match.
+- **summaryAppendError** A Boolean indicating if there was an error appending more information to the summary string.
+- **truncatedDeviceCount** The number of devices missing from the summary string because there is not enough room in the string.
+- **truncatedDriverCount** The number of driver packages missing from the summary string because there is not enough room in the string.
+- **unpublishedCount** How many drivers packages that were delivered by the device manifest that are still unpublished and unavailable to be used on devices.
+- **updateId** The unique ID for each update.
+
+
+### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentDownloadRequest
+
+This event collects information regarding the download request phase of the new device manifest UUP (Unified Update Platform) update scenario, which is used to install a device manifest describing a set of driver packages. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **deletedCorruptFiles** Indicates if UpdateAgent found any corrupt payload files and whether the payload was deleted.
+- **errorCode** The error code returned for the current session initialization.
+- **flightId** The unique identifier for each flight.
+- **objectId** Unique value for each Update Agent mode.
+- **packageCountOptional** Number of optional packages requested.
+- **packageCountRequired** Number of required packages requested.
+- **packageCountTotal** Total number of packages needed.
+- **packageCountTotalCanonical** Total number of canonical packages.
+- **packageCountTotalDiff** Total number of diff packages.
+- **packageCountTotalExpress** Total number of express packages.
+- **packageSizeCanonical** Size of canonical packages in bytes.
+- **packageSizeDiff** Size of diff packages in bytes.
+- **packageSizeExpress** Size of express packages in bytes.
+- **rangeRequestState** Represents the state of the download range request.
+- **relatedCV** Correlation vector value generated from the latest USO scan.
+- **result** Result of the download request phase of update.
+- **scenarioId** The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate.
+- **sessionId** Unique value for each Update Agent mode attempt.
+- **updateId** Unique ID for each update.
+
+
+### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentInitialize
+
+This event sends data for initializing a new update session for the new device manifest UUP (Unified Update Platform) update scenario, which is used to install a device manifest describing a set of driver packages. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **errorCode** The error code returned for the current session initialization.
+- **flightId** The unique identifier for each flight.
+- **flightMetadata** Contains the FlightId and the build being flighted.
+- **objectId** Unique value for each Update Agent mode.
+- **relatedCV** Correlation vector value generated from the latest USO scan.
+- **result** Result of the initialize phase of the update. 0 = Succeeded, 1 = Failed, 2 = Cancelled, 3 = Blocked, 4 = BlockCancelled.
+- **scenarioId** The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate.
+- **sessionData** Contains instructions to update agent for processing FODs and DUICs (Null for other scenarios).
+- **sessionId** Unique value for each Update Agent mode attempt.
+- **updateId** Unique ID for each update.
+
+
+### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentInstall
+
+This event collects information regarding the install phase of the new device manifest UUP (Unified Update Platform) update scenario, which is used to install a device manifest describing a set of driver packages. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **errorCode** The error code returned for the current install phase.
+- **flightId** The unique identifier for each flight.
+- **objectId** The unique identifier for each diagnostics session.
+- **relatedCV** Correlation vector value generated from the latest USO scan.
+- **result** Outcome of the install phase of the update.
+- **scenarioId** The unique identifier for the update scenario.
+- **sessionId** The unique identifier for each update session.
+- **updateId** The unique identifier for each update.
+
+
+### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentModeStart
+
+This event sends data for the start of each mode during the process of updating device manifest assets via the UUP (Unified Update Platform) update scenario, which is used to install a device manifest describing a set of driver packages. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **flightId** The unique identifier for each flight.
+- **mode** The mode that is starting.
+- **objectId** The unique value for each diagnostics session.
+- **relatedCV** Correlation vector value generated from the latest USO scan.
+- **scenarioId** The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate.
+- **sessionId** Unique value for each Update Agent mode attempt.
+- **updateId** Unique identifier for each update.
+
+
+### Microsoft.Windows.Update.Orchestrator.Client.BizCriticalStoreAppInstallResult
+
+This event returns the result after installing a business critical store application. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **AppInstallState** The application installation state.
+- **HRESULT** The result code (HResult) of the install.
+- **PFN** The package family name of the package being installed.
+
+
+### Microsoft.Windows.Update.Orchestrator.Client.EdgeUpdateResult
+
+The event returns data on the result of invoking the edge updater. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **ExitCode** The exit code that was returned.
+- **HRESULT** The result code (HResult) of the operation.
+- **VelocityEnabled** A flag that indicates if velocity is enabled.
+- **WorkCompleted** A flag that indicates if work is completed.
+
+
+### Microsoft.Windows.Update.Orchestrator.Client.MACUpdateInstallResult
+
+This event reports the installation result details of the MACUpdate expedited application. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **Completed** Indicates whether the installation is complete.
+- **InstallFailureReason** Indicates the reason an install failed.
+- **IsRetriableError** Indications whether the error is retriable.
+- **OperationStatus** Returns the operation status result reported by the installation attempt.
+- **Succeeded** Indicates whether the installation succeeded.
+- **VelocityEnabled** Indicates whether the velocity tag for MACUpdate is enabled.
+
+
+### Microsoft.Windows.Update.Orchestrator.UX.InitiatingReboot
+
+This event indicates that a restart was initiated in to enable the update process. The data collected with this event is used to help keep Windows up to date.
+
+The following fields are available:
+
+- **correlationVector.c_str()** Represents the correlation vector.
+- **isInteractive** Indicates whether the reboot initiation stage of the update process was entered as a result of user action or not.
+- **isOnAC** Indicates whether the device was on AC power when the restart was initiated.
+- **isRebootOutsideOfActiveHours** is reboot outside active hours.
+- **isRebootScheduledByUser** is reboot scheduled by user.
+- **reduceDisruptionFlagSet** Indicates whether the disruptless overnight reboot behavior is enabled.
+- **updateIdList** list of Update ID.
+- **wokeToRestart** whether the device woke to perform the restart.
+
+
+### Microsoft.Windows.Update.Orchestrator.UX.RebootFailed
+
+This event indicates that the reboot failed and the update process failed to determine next steps. The data collected with this event is used to help keep Windows up to date.
+
+The following fields are available:
+
+- **batteryLevel** Battery level percentage.
+- **correlationVector.c_str()** correlation vector.
+- **error** error for reboot failed.
+- **isRebootOutsideOfActiveHours** Indicates the timing that the failed reboot was to occur to ensure the correct update process and experience is provided to keep Windows up to date.
+- **updateIdList** List of update ids.
+
+
+### Microsoft.Windows.Update.Orchestrator.Worker.OobeUpdateApproved
+
+This event signifies an update being approved around the OOBE time period. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **approved** Flag to determine if it is approved or not.
+- **provider** The provider related to which the update is approved.
+- **publisherIntent** The publisher intent of the Update.
+- **update** Additional information about the Update.
+
+
+### Microsoft.Windows.Update.Orchestrator.Worker.UpdateActionCritical
+
+This event informs the update related action being performed around the OOBE timeframe. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **action** The type of action being performed (Install or download etc.).
+- **connectivity** Informs if the device is connected to network while this action is performed.
+- **freeDiskSpaceInMB** Amount of free disk space.
+- **interactive** Informs if this action is caused due to user interaction.
+- **priority** The CPU and IO priority this action is being performed on.
+- **provider** The provider that is being invoked to perform this action (WU, Legacy UO Provider etc.).
+- **update** Update related metadata including UpdateId.
+- **uptimeMinutes** Duration USO for up for in the current boot session.
+- **wilActivity** Wil Activity related information.
+
+
+### Microsoft.Windows.Update.WUClient.CheckForUpdatesCanceled
+
+This event checks for updates canceled on the Windows Update client. The data collected with this event is used to help keep Windows up to date and secure.
+
+The following fields are available:
+
+- **ActivityMatchingId** Unique identifier for a single CheckForUpdates session from initialization to completion.
+- **AllowCachedResults** Indicates if the scan allowed using cached results.
+- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
+- **ClientVersion** Version number of the software distribution client.
+- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. There is no value being reported in this field right now. Expected value for this field is 0.
+- **DriverSyncPassPerformed** A flag indicating whether the driver sync is performed in a update scan.
+- **EventInstanceID** A globally unique identifier for event instance.
+- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough.
+- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device.
+- **IPVersion** Indicates whether download took place on IPv4 or IPv6 (0-Unknown, 1-IPv4, 2-IPv6).
+- **IsWUfBDualScanEnabled** Flag indicated is WU-for-Business dual scan is enabled on the device.
+- **IsWUfBEnabled** Flag indicated is WU-for-Business is enabled on the device.
+- **IsWUfBTargetVersionEnabled** Flag indicated is WU-For-Business target version is enabled on the device.
+- **MetadataIntegrityMode** Mode of update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce.
+- **NumberOfApplicationsCategoryScanEvaluated** Number of categories (apps) for which an app update scan checked.
+- **NumberOfLoop** Number of roundtrips the scan required.
+- **NumberOfNewUpdatesFromServiceSync** Number of updates which were seen for the first time in this scan.
+- **NumberOfUpdatesEvaluated** Number of updates evaluated by the scan.
+- **NumFailedMetadataSignatures** Number of metadata signatures checks which failed for new metadata synced down.
+- **Online** Indicates if this was an online scan.
+- **ProcessName** Process name of the caller who initiated API calls into the software distribution client.
+- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device.
+- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
+- **ScanDurationInSeconds** Number of seconds the scan took to complete.
+- **ScanEnqueueTime** Number of seconds it took to initialize the scan.
+- **ScanProps** This will be a 32-bit integer containing Boolean properties for a given Windows Update scan. The following bits will be used; all remaining bits will be reserved and set to zero. Bit 0 (0x1): IsInteractive -- will be set to 1 if the scan is requested by a user, or to 0 if the scan is requested by Automatic Updates. Bit 1 (0x2): IsSeeker -- will be set to 1 if the Windows Update client's Seeker functionality is enabled. Seeker functionality is enabled on certain interactive scans, and results in the scans returning certain updates that are in the initial stages of release (not yet released for full adoption via Automatic Updates).
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
+- **ServiceUrl** Environment URL for which a device is configured to scan.
+- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
+- **SyncType** Describes the type of scan for this event (1-Full Sync, 2-Delta Sync, 3-Full CatScan Sync, 4-Delta CatScan Sync).
+- **TotalNumMetadataSignatures** The detected version of the self healing engine that is currently downloading or downloaded.
+- **WUDeviceID** The detected version of the self healing engine that is currently downloading or downloaded.
+
+
+### Microsoft.Windows.Update.WUClient.CheckForUpdatesFailed
+
+This event checks for failed updates on the Windows Update client. The data collected with this event is used to help keep Windows up to date and secure.
+
+The following fields are available:
+
+- **ActivityMatchingId** Unique identifier for a single CheckForUpdates session from initialization to completion.
+- **AllowCachedResults** Indicates if the scan allowed using cached results.
+- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
+- **CapabilityDetectoidGuid** GUID for a hardware applicability detectoid that could not be evaluated.
+- **CDNCountryCode** Two letter country abbreviation for the CDN's location.
+- **CDNId** ID which defines which CDN the software distribution client downloaded the content from.
+- **ClientVersion** Version number of the software distribution client.
+- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. There is no value being reported in this field right now. Expected value for this field is 0.
+- **DriverError** The error code hit during a driver scan, or 0 if no error was hit.
+- **DriverSyncPassPerformed** A flag indicating whether the driver sync is performed in a update scan.
+- **EventInstanceID** A globally unique identifier for event instance.
+- **ExtendedMetadataCabUrl** URL for the extended metadata cab.
+- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough.
+- **FailedUpdateGuids** GUIDs for the updates that failed to be evaluated during the scan.
+- **FailedUpdatesCount** Number of updates that failed to be evaluated during the scan.
+- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device.
+- **IntentPFNs** Intended application-set metadata for atomic update scenarios.
+- **IPVersion** Indicates whether download took place on IPv4 or IPv6 (0-Unknown, 1-IPv4, 2-IPv6).
+- **IsWUfBDualScanEnabled** Flag indicated is WU-for-Business dual scan is enabled on the device.
+- **IsWUfBEnabled** Flag indicated is WU-for-Business is enabled on the device.
+- **IsWUfBTargetVersionEnabled** Flag indicated is WU-For-Business target version is enabled on the device.
+- **MetadataIntegrityMode** Mode of update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce.
+- **MSIError** The last error encountered during a scan for updates.
+- **NetworkConnectivityDetected** 0 when IPv4 is detected, 1 when IPv6 is detected.
+- **NumberOfApplicationsCategoryScanEvaluated** Number of categories (apps) for which an app update scan checked.
+- **NumberOfLoop** Number of roundtrips the scan required.
+- **NumberOfNewUpdatesFromServiceSync** Number of updates which were seen for the first time in this scan.
+- **NumberOfUpdatesEvaluated** Number of updates evaluated by the scan.
+- **NumFailedMetadataSignatures** Number of metadata signatures checks which failed for new metadata synced down.
+- **Online** Indicates if this was an online scan.
+- **ProcessName** Process name of the caller who initiated API calls into the software distribution client.
+- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device.
+- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
+- **ScanDurationInSeconds** Number of seconds the scan took to complete.
+- **ScanEnqueueTime** Number of seconds it took to initialize the scan.
+- **ScanProps** This will be a 32-bit integer containing Boolean properties for a given Windows Update scan. The following bits will be used; all remaining bits will be reserved and set to zero. Bit 0 (0x1): IsInteractive -- will be set to 1 if the scan is requested by a user, or to 0 if the scan is requested by Automatic Updates. Bit 1 (0x2): IsSeeker -- will be set to 1 if the Windows Update client's Seeker functionality is enabled. Seeker functionality is enabled on certain interactive scans, and results in the scans returning certain updates that are in the initial stages of release (not yet released for full adoption via Automatic Updates).
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
+- **ServiceUrl** Environment URL for which a device is configured to scan.
+- **StatusCode** Result code of the event (success, cancellation, failure code HResult.).
+- **SyncType** Describes the type of scan for this event (1-Full Sync, 2-Delta Sync, 3-Full CatScan Sync, 4-Delta CatScan Sync).
+- **TotalNumMetadataSignatures** The detected version of the self healing engine that is currently downloading or downloaded.
+- **WUDeviceID** Unique device id controlled by the software distribution client.
+
+
+### Microsoft.Windows.Update.WUClient.CheckForUpdatesRetry
+
+This event checks for update retries on the Windows Update client. The data collected with this event is used to help keep Windows up to date and secure.
+
+The following fields are available:
+
+- **ActivityMatchingId** Unique identifier for a single CheckForUpdates session from initialization to completion.
+- **AllowCachedResults** Indicates if the scan allowed using cached results.
+- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
+- **ClientVersion** Version number of the software distribution client.
+- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. There is no value being reported in this field right now. Expected value for this field is 0.
+- **DriverSyncPassPerformed** The list of identifiers which could be used for uninstalling the drivers when a recovery is required.
+- **EventInstanceID** A globally unique identifier for event instance.
+- **ExtendedStatusCode** Indicates the purpose of the event - whether because scan started, succeeded, failed, etc.
+- **FeatureUpdatePause** Failed Parse actions.
+- **IPVersion** Indicates whether download took place on IPv4 or IPv6 (0-Unknown, 1-IPv4, 2-IPv6).
+- **IsWUfBDualScanEnabled** Flag indicated is WU-for-Business dual scan is enabled on the device.
+- **IsWUfBEnabled** Flag indicated is WU-for-Business is enabled on the device.
+- **IsWUfBTargetVersionEnabled** Flag indicated is WU-for-Business targeted version is enabled on the device.
+- **MetadataIntegrityMode** Mode of update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce.
+- **NumberOfApplicationsCategoryScanEvaluated** Number of categories (apps) for which an app update scan checked.
+- **NumberOfLoop** Number of roundtrips the scan required.
+- **NumberOfNewUpdatesFromServiceSync** Number of updates which were seen for the first time in this scan.
+- **NumberOfUpdatesEvaluated** Number of updates evaluated by the scan.
+- **NumFailedMetadataSignatures** Number of metadata signatures checks which failed for new metadata synced down.
+- **Online** Indicates if this was an online scan.
+- **ProcessName** Process name of the caller who initiated API calls into the software distribution client.
+- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device.
+- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
+- **ScanDurationInSeconds** Number of seconds the scan took to complete.
+- **ScanEnqueueTime** Number of seconds it took to initialize the scan.
+- **ScanProps** This will be a 32-bit integer containing Boolean properties for a given Windows Update scan. The following bits will be used; all remaining bits will be reserved and set to zero. Bit 0 (0x1): IsInteractive -- will be set to 1 if the scan is requested by a user, or to 0 if the scan is requested by Automatic Updates. Bit 1 (0x2): IsSeeker -- will be set to 1 if the Windows Update client's Seeker functionality is enabled. Seeker functionality is enabled on certain interactive scans, and results in the scans returning certain updates that are in the initial stages of release (not yet released for full adoption via Automatic Updates).
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
+- **ServiceUrl** Environment URL for which a device is configured to scan.
+- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
+- **SyncType** Describes the type of scan for this event (1-Full Sync, 2-Delta Sync, 3-Full CatScan Sync, 4-Delta CatScan Sync).
+- **TotalNumMetadataSignatures** Total number of metadata signatures checks done for new metadata synced down.
+- **WUDeviceID** Unique device id controlled by the software distribution client.
+
+
+### Microsoft.Windows.Update.WUClient.CheckForUpdatesScanInitFailed
+
+This event checks for failed update initializations on the Windows Update client. The data collected with this event is used to help keep Windows up to date and secure.
+
+The following fields are available:
+
+- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
+- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
+- **WUDeviceID** Unique device id controlled by the software distribution client.
+
+
+### Microsoft.Windows.Update.WUClient.CheckForUpdatesServiceRegistrationFailed
+
+This event checks for updates for failed service registrations the Windows Update client. The data collected with this event is used to help keep Windows up to date and secure.
+
+The following fields are available:
+
+- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
+- **Context** Context of failure.
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
+- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
+- **WUDeviceID** Unique device id controlled by the software distribution client.
+
+
+### Microsoft.Windows.Update.WUClient.CheckForUpdatesStarted
+
+This event checks for updates started on the Windows Update client. The data collected with this event is used to help keep Windows up to date and secure.
+
+The following fields are available:
+
+- **ActivityMatchingId** Unique identifier for a single CheckForUpdates session from initialization to completion.
+- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
+- **ClientVersion** Version number of the software distribution client.
+- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. There is no value being reported in this field right now. Expected value for this field is 0.
+- **EventInstanceID** A globally unique identifier for event instance.
+- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device.
+- **IsWUfBDualScanEnabled** Flag indicated is WU-for-Business dual scan is enabled on the device.
+- **IsWUfBEnabled** Flag indicated is WU-for-Business is enabled on the device.
+- **IsWUfBFederatedScanDisabled** Flag indicated is WU-for-Business FederatedScan is disabled on the device.
+- **IsWUfBTargetVersionEnabled** Flag indicated is WU-for-Business targeted version is enabled on the device.
+- **ProcessName** Process name of the caller who initiated API calls into the software distribution client.
+- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device.
+- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
+- **WUDeviceID** Unique device id controlled by the software distribution client.
+
+
+### Microsoft.Windows.Update.WUClient.CheckForUpdatesSucceeded
+
+This event checks for successful updates on the Windows Update client. The data collected with this event is used to help keep Windows up to date and secure.
+
+The following fields are available:
+
+- **ActivityMatchingId** Unique identifier for a single CheckForUpdates session from initialization to completion.
+- **AllowCachedResults** Indicates if the scan allowed using cached results.
+- **ApplicableUpdateInfo** Metadata for the updates which were detected as applicable.
+- **BranchReadinessLevel** Servicing branch train configured on the device (CB, CBB, none).
+- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
+- **ClientVersion** Version number of the software distribution client.
+- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. There is no value being reported in this field right now. Expected value for this field is 0.
+- **DeferralPolicySources** Sources for any update deferral policies defined (GPO = 0x10, MDM = 0x100, Flight = 0x1000, UX = 0x10000).
+- **DeferredUpdates** UpdateIds which are currently being deferred until a later time.
+- **DriverExclusionPolicy** Indicates if policy for not including drivers with WU updates is enabled.
+- **DriverSyncPassPerformed** A flag indicating whether the driver sync is performed in a update scan.
+- **EventInstanceID** A globally unique identifier for event instance.
+- **ExcludedUpdateClasses** Update classifications being excluded via policy.
+- **ExcludedUpdates** UpdateIds which are currently being excluded via policy.
+- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough.
+- **FeatureUpdateDeferral** Deferral period configured for feature OS updates on the device, in days.
+- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device.
+- **FeatureUpdatePausePeriod** Pause duration configured for feature OS updates on the device, in days.
+- **IntentPFNs** Intended application-set metadata for atomic update scenarios.
+- **IPVersion** Indicates whether download took place on IPv4 or IPv6 (0-Unknown, 1-IPv4, 2-IPv6).
+- **IsWUfBDualScanEnabled** Flag indicated is WU-for-Business dual scan is enabled on the device.
+- **IsWUfBEnabled** Flag indicated is WU-for-Business is enabled on the device.
+- **IsWUfBTargetVersionEnabled** Flag indicated is WU-for-Business targeted version is enabled on the device.
+- **MetadataIntegrityMode** Mode of update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce.
+- **NumberOfApplicableUpdates** Number of updates which were ultimately deemed applicable to the system after detection process is complete.
+- **NumberOfApplicationsCategoryScanEvaluated** Number of categories (apps) for which an app update scan checked.
+- **NumberOfLoop** Number of roundtrips the scan required.
+- **NumberOfNewUpdatesFromServiceSync** Number of updates which were seen for the first time in this scan.
+- **NumberOfUpdatesEvaluated** Number of updates evaluated by the scan.
+- **NumFailedMetadataSignatures** Number of metadata signatures checks which failed for new metadata synced down.
+- **Online** Indicates if this was an online scan.
+- **PausedUpdates** UpdateIds which are currently being paused.
+- **PauseFeatureUpdatesEndTime** If feature OS updates are paused on the device, datetime for the end of the pause time window.
+- **PauseFeatureUpdatesStartTime** If feature OS updates are paused on the device, datetime for the beginning of the pause time window.
+- **PauseQualityUpdatesEndTime** If quality OS updates are paused on the device, datetime for the end of the pause time window.
+- **PauseQualityUpdatesStartTime** If quality OS updates are paused on the device, datetime for the beginning of the pause time window.
+- **ProcessName** Process name of the caller who initiated API calls into the software distribution client.
+- **QualityUpdateDeferral** Deferral period configured for quality OS updates on the device, in days.
+- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device.
+- **QualityUpdatePausePeriod** Pause duration configured for quality OS updates on the device, in days.
+- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
+- **ScanDurationInSeconds** Number of seconds the scan took to complete.
+- **ScanEnqueueTime** Number of seconds it took to initialize the scan.
+- **ScanProps** This will be a 32-bit integer containing Boolean properties for a given Windows Update scan. The following bits will be used; all remaining bits will be reserved and set to zero. Bit 0 (0x1): IsInteractive -- will be set to 1 if the scan is requested by a user, or to 0 if the scan is requested by Automatic Updates. Bit 1 (0x2): IsSeeker -- will be set to 1 if the Windows Update client's Seeker functionality is enabled. Seeker functionality is enabled on certain interactive scans, and results in the scans returning certain updates that are in the initial stages of release (not yet released for full adoption via Automatic Updates).
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
+- **ServiceUrl** Environment URL for which a device is configured to scan.
+- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
+- **SyncType** Describes the type of scan for this event (1-Full Sync, 2-Delta Sync, 3-Full CatScan Sync, 4-Delta CatScan Sync).
+- **TargetReleaseVersion** For drivers targeted to a specific device model, this is the version release of the drivers being distributed to the device.
+- **TotalNumMetadataSignatures** Total number of metadata signatures checks done for new metadata synced down.
+- **WebServiceRetryMethods** Web service method requests that needed to be retried to complete the operation.
+- **WUDeviceID** Unique device id controlled by the software distribution client.
+
+
+### Microsoft.Windows.Update.WUClient.CommitFailed
+
+This event checks for failed commits on the Windows Update client. The data collected with this event is used to help keep Windows up to date and secure.
+
+The following fields are available:
+
+- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found.
+- **BundleRevisionNumber** Identifies the revision number of the content bundle.
+- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
+- **ClassificationId** Classification identifier of the update content.
+- **DeploymentMutexId** Mutex identifier of the deployment operation.
+- **DeploymentProviderHostModule** Name of the module which is hosting the Update Deployment Provider for deployment operation.
+- **DeploymentProviderMode** Mode of operation of the Update Deployment Provider.
+- **EventType** Indicates the purpose of the event - whether because scan started, succeeded, failed, etc.
+- **ExtendedStatusCode** Possible values are "Child", "Bundle", "Release" or "Driver".
+- **FlightId** Secondary status code for certain scenarios where StatusCode was not specific enough.
+- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.).
+- **RevisionNumber** Identifies the revision number of this specific piece of content.
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
+- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
+- **UpdateId** Identifier associated with the specific piece of content.
+
+
+### Microsoft.Windows.Update.WUClient.CommitStarted
+
+This event tracks the commit started event on the Windows Update client. The data collected with this event is used to help keep Windows up to date and secure.
+
+The following fields are available:
+
+- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found.
+- **BundleRevisionNumber** Identifies the revision number of the content bundle.
+- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
+- **ClassificationId** Classification identifier of the update content.
+- **DeploymentMutexId** Mutex identifier of the deployment operation.
+- **DeploymentProviderHostModule** Name of the module which is hosting the Update Deployment Provider for deployment operation.
+- **DeploymentProviderMode** Mode of operation of the Update Deployment Provider.
+- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver".
+- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough.
+- **FlightId** The specific id of the flight the device is getting.
+- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.).
+- **RevisionNumber** Identifies the revision number of this specific piece of content.
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
+- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
+- **UpdateId** Identifier associated with the specific piece of content.
+
+
+### Microsoft.Windows.Update.WUClient.CommitSucceeded
+
+This event is used to track the commit succeeded process, after the update installation, when the software update client is trying to update the device. The data collected with this event is used to help keep Windows up to date and secure.
+
+The following fields are available:
+
+- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found.
+- **BundleRevisionNumber** Identifies the revision number of the content bundle.
+- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
+- **ClassificationId** Classification identifier of the update content.
+- **DeploymentMutexId** Mutex identifier of the deployment operation.
+- **DeploymentProviderHostModule** Name of the module which is hosting the Update Deployment Provider for deployment operation.
+- **DeploymentProviderMode** Mode of operation of the Update Deployment Provider.
+- **EventType** Indicates the purpose of the event - whether scan started, succeeded, failed, etc.
+- **ExtendedStatusCode** Possible values are "Child", "Bundle", "Release" or "Driver".
+- **FlightId** Secondary status code for certain scenarios where StatusCode was not specific enough.
+- **HandlerType** The specific id of the flight the device is getting.
+- **RevisionNumber** Indicates the kind of content (app, driver, windows patch, etc.).
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
+- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
+- **UpdateId** Identifier associated with the specific piece of content.
+
+
+### Microsoft.Windows.Update.WUClient.DownloadCanceled
+
+This event tracks the download canceled event when the update client is trying to update the device. The data collected with this event is used to help keep Windows up to date and secure.
+
+The following fields are available:
+
+- **ActiveDownloadTime** Identifies the active total transferring time in seconds.
+- **AppXBlockHashFailures** Number of block hash failures.
+- **AppXScope** Indicates the scope of the app download. The values can be one of the following: "RequiredContentOnly" - Only the content required to launch the app is being downloaded "AutomaticContentOnly" - Only the optional [automatic] content for the app, i.e. the ones that can downloaded after the app has been launched, is being downloaded "AllContent" - All content for the app, including the optional [automatic] content, is being downloaded.
+- **BundleBytesDownloaded** Number of bytes downloaded for bundle.
+- **BundleId** Name of application making the Windows Update request. Used to identify context of request.
+- **BundleRepeatFailCount** Identifies the number of repeated download failures.
+- **BundleRevisionNumber** Identifies the revision number of the content bundle.
+- **BytesDownloaded** Identifies the number of bytes downloaded.
+- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
+- **CancelReason** Reason why download is canceled.
+- **CbsMethod** Identifies the CBS SelfContained method.
+- **CDNCountryCode** CDN country identifier.
+- **CDNId** CDN Identifier.
+- **ClientVersion** Version number of the software distribution client.
+- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. There is no value being reported in this field right now. Expected value for this field is 0.
+- **ConnectTime** Identifies the total connection time in milliseconds.
+- **DownloadPriority** Indicates the priority of the download activity.
+- **DownloadProps** Indicates a bitmask for download operations indicating 1. If an update was downloaded to a system volume (least significant bit i.e. bit 0) 2. If the update was from a channel other than the installed channel (bit 1) 3. If the update was for a product pinned by policy (bit 2) 4. If the deployment action for the update is uninstall (bit 3).
+- **DownloadStartTime** Identifies the download start time.
+- **EventInstanceID** A globally unique identifier for event instance.
+- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver".
+- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough.
+- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device.
+- **FlightBuildNumber** Indicates the build number of that flight.
+- **FlightId** The specific id of the flight the device is getting.
+- **HardwareId** If this download was for a driver targeted to a particular device model, this ID indicates the model of the device.
+- **HostName** Identifies the hostname.
+- **IPVersion** Identifies the IP Connection Type version.
+- **IsWUfBDualScanEnabled** Flag indicated is WU-for-Business dual scan is enabled on the device.
+- **IsWUfBEnabled** Flag indicated is WU-for-Business is enabled on the device.
+- **IsWUfBTargetVersionEnabled** Flag that indicates if the WU-for-Business target version policy is enabled on the device.
+- **NetworkCost** Identifies the network cost.
+- **NetworkRestrictionStatus** When download is done, identifies whether network switch happened to restricted.
+- **PackageFullName** Package name of the content.
+- **PostDnldTime** Identifies the delay after last job in seconds.
+- **ProcessName** Process name of the caller who initiated API calls into the software distribution client.
+- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device.
+- **RegulationResult** The result code (HResult) of the last attempt to contact the regulation web service for download regulation of update content.
+- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
+- **RepeatFailCount** Identifies repeated download failure count.
+- **RevisionNumber** Identifies the revision number of this specific piece of content.
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
+- **SizeCalcTime** Identifies time taken for payload size calculation.
+- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
+- **TotalExpectedBytes** Identifies the total expected download bytes.
+- **UpdateId** Identifier associated with the specific piece of content.
+- **UpdateImportance** Indicates the importance of a driver, and why it received that importance level (0-Unknown, 1-Optional, 2-Important-DNF, 3-Important-Generic, 4-Important-Other, 5-Recommended).
+- **UsedDO** Identifies if used DO.
+- **WUDeviceID** Unique device id controlled by the software distribution client.
+
+
+### Microsoft.Windows.Update.WUClient.DownloadFailed
+
+This event tracks the download failed event when the update client is trying to update the device. The data collected with this event is used to help keep Windows up to date and secure.
+
+The following fields are available:
+
+- **ActiveDownloadTime** Identifies the active total transferring time in seconds.
+- **AppXBlockHashFailures** Number of block hash failures.
+- **AppXScope** Identifies streaming app phase.
+- **BundleBytesDownloaded** Number of bytes downloaded for bundle.
+- **BundleId** Name of application making the Windows Update request. Used to identify context of request.
+- **BundleRepeatFailCount** Identifies the number of repeated download failures.
+- **BundleRevisionNumber** Identifies the revision number of the content bundle.
+- **BytesDownloaded** Identifies the number of bytes downloaded.
+- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
+- **CbsMethod** Identifies the CBS SelfContained method.
+- **CDNCountryCode** Identifies the source CDN country code.
+- **CDNId** CDN Identifier.
+- **ClientVersion** Version number of the software distribution client.
+- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. There is no value being reported in this field right now. Expected value for this field is 0.
+- **ConnectTime** Identifies the total connection time in milliseconds.
+- **DownloadPriority** Indicates the priority of the download activity.
+- **DownloadProps** Indicates a bitmask for download operations indicating 1. If an update was downloaded to a system volume (least significant bit i.e. bit 0) 2. If the update was from a channel other than the installed channel (bit 1) 3. If the update was for a product pinned by policy (bit 2) 4. If the deployment action for the update is uninstall (bit 3).
+- **DownloadStartTime** Identifies the download start time.
+- **EventInstanceID** A globally unique identifier for event instance.
+- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver".
+- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough.
+- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device.
+- **FlightBuildNumber** Indicates the build number of that flight.
+- **FlightId** The specific id of the flight the device is getting.
+- **HardwareId** If this download was for a driver targeted to a particular device model, this ID indicates the model of the device.
+- **HostName** Identifies the hostname.
+- **IPVersion** Identifies the IP Connection Type version.
+- **IsWUfBDualScanEnabled** Flag indicated is WU-for-Business dual scan is enabled on the device.
+- **IsWUfBEnabled** Flag indicated is WU-for-Business is enabled on the device.
+- **IsWUfBTargetVersionEnabled** Flag that indicates if the WU-for-Business target version policy is enabled on the device.
+- **NetworkCost** Identifies the network cost.
+- **NetworkRestrictionStatus** When download is done, identifies whether network switch happened to restricted.
+- **PackageFullName** The package name of the content.
+- **PostDnldTime** Identifies the delay after last job in seconds.
+- **ProcessName** Process name of the caller who initiated API calls into the software distribution client.
+- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device.
+- **RegulationResult** The result code (HResult) of the last attempt to contact the regulation web service for download regulation of update content.
+- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
+- **RepeatFailCount** Identifies repeated download failure count.
+- **RevisionNumber** Identifies the revision number of this specific piece of content.
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
+- **SizeCalcTime** Identifies time taken for payload size calculation.
+- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
+- **TotalExpectedBytes** Identifies the total expected download bytes.
+- **UpdateId** Identifier associated with the specific piece of content.
+- **UpdateImportance** Indicates the importance of a driver, and why it received that importance level (0-Unknown, 1-Optional, 2-Important-DNF, 3-Important-Generic, 4-Important-Other, 5-Recommended).
+- **UsedDO** Identifies if used DO.
+- **WUDeviceID** Unique device id controlled by the software distribution client.
+
+
+### Microsoft.Windows.Update.WUClient.DownloadQueued
+
+This event tracks the download queued event when the update client is trying to update the device. The data collected with this event is used to help keep Windows up to date and secure.
+
+The following fields are available:
+
+- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found.
+- **BundleRevisionNumber** Identifies the revision number of the content bundle.
+- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
+- **ClientVersion** Version number of the software distribution client.
+- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. There is no value being reported in this field right now. Expected value for this field is 0.
+- **DownloadPriority** Indicates the priority of the download activity.
+- **DownloadProps** Indicates a bitmask for download operations indicating 1. If an update was downloaded to a system volume (least significant bit i.e. bit 0) 2. If the update was from a channel other than the installed channel (bit 1) 3. If the update was for a product pinned by policy (bit 2) 4. If the deployment action for the update is uninstall (bit 3).
+- **EventInstanceID** A globally unique identifier for event instance.
+- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver".
+- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device.
+- **FlightBuildNumber** Indicates the build number of that flight.
+- **FlightId** The specific id of the flight the device is getting.
+- **HardwareId** If this download was for a driver targeted to a particular device model, this ID indicates the model of the device.
+- **IsWUfBDualScanEnabled** Flag indicated is WU-for-Business dual scan is enabled on the device.
+- **IsWUfBEnabled** Flag indicated is WU-for-Business is enabled on the device.
+- **IsWUfBTargetVersionEnabled** Flag indicated is WU-for-Business targeted version is enabled on the device.
+- **PackageFullName** The package name of the content.
+- **ProcessName** Process name of the caller who initiated API calls into the software distribution client.
+- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device.
+- **Reason** Regulation reason of why queued.
+- **RegulationResult** The result code (HResult) of the last attempt to contact the regulation web service for download regulation of update content.
+- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
+- **RevisionNumber** Identifies the revision number of this specific piece of content.
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
+- **UpdateId** Identifier associated with the specific piece of content.
+- **UpdateImportance** Indicates the importance of a driver, and why it received that importance level (0-Unknown, 1-Optional, 2-Important-DNF, 3-Important-Generic, 4-Important-Other, 5-Recommended).
+- **WUDeviceID** Unique device id controlled by the software distribution client.
+
+
+### Microsoft.Windows.Update.WUClient.DownloadStarted
+
+This event tracks the download started event when the update client is trying to update the device. The data collected with this event is used to help keep Windows up to date and secure.
+
+The following fields are available:
+
+- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found.
+- **BundleRevisionNumber** Identifies the revision number of the content bundle.
+- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
+- **ClientVersion** Version number of the software distribution client.
+- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. There is no value being reported in this field right now. Expected value for this field is 0.
+- **DownloadPriority** Indicates the priority of the download activity.
+- **DownloadProps** Indicates a bitmask for download operations indicating 1. If an update was downloaded to a system volume (least significant bit i.e. bit 0) 2. If the update was from a channel other than the installed channel (bit 1) 3. If the update was for a product pinned by policy (bit 2) 4. If the deployment action for the update is uninstall (bit 3).
+- **EventInstanceID** A globally unique identifier for event instance.
+- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver".
+- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device.
+- **FlightBuildNumber** Indicates the build number of that flight.
+- **FlightId** The specific id of the flight the device is getting.
+- **HardwareId** If this download was for a driver targeted to a particular device model, this ID indicates the model of the device.
+- **IsWUfBDualScanEnabled** Flag indicated is WU-for-Business dual scan is enabled on the device.
+- **IsWUfBEnabled** Flag indicated is WU-for-Business is enabled on the device.
+- **IsWUfBTargetVersionEnabled** Flag indicated is WU-for-Business targeted version is enabled on the device.
+- **PackageFullName** The package name of the content.
+- **ProcessName** Process name of the caller who initiated API calls into the software distribution client.
+- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device.
+- **RegulationResult** The result code (HResult) of the last attempt to contact the regulation web service for download regulation of update content.
+- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
+- **RevisionNumber** Identifies the revision number of this specific piece of content.
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
+- **UpdateId** Identifier associated with the specific piece of content.
+- **UpdateImportance** Indicates the importance of a driver, and why it received that importance level (0-Unknown, 1-Optional, 2-Important-DNF, 3-Important-Generic, 4-Important-Other, 5-Recommended).
+- **WUDeviceID** Unique device id controlled by the software distribution client.
+
+
+### Microsoft.Windows.Update.WUClient.DownloadSucceeded
+
+This event tracks the successful download event when the update client is trying to update the device. The data collected with this event is used to help keep Windows up to date and secure.
+
+The following fields are available:
+
+- **ActiveDownloadTime** How long the download took, in seconds, excluding time where the update wasn’t actively being downloaded.
+- **AppXBlockHashFailures** Indicates the number of blocks that failed hash validation during download of the app payload.
+- **AppXScope** Indicates the scope of the app download. The values can be one of the following: "RequiredContentOnly" - Only the content required to launch the app is being downloaded "AutomaticContentOnly" - Only the optional [automatic] content for the app, i.e. the ones that can downloaded after the app has been launched, is being downloaded "AllContent" - All content for the app, including the optional [automatic] content, is being downloaded.
+- **BundleBytesDownloaded** Indicates the bytes downloaded for bundle.
+- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found.
+- **BundleRepeatFailCount** Identifies the number of repeated download failures.
+- **BundleRevisionNumber** Identifies the revision number of the content bundle.
+- **BytesDownloaded** How many bytes were downloaded for an individual piece of content (not the entire bundle).
+- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
+- **CbsMethod** The method used for downloading the update content related to the Component Based Servicing (CBS) technology. This value can be one of the following: 1. Express download method was used for download. 2. SelfContained download method was used for download indicating the update had no express content. 3. SelfContained download method was used indicating that the update has an express payload, but the server is not hosting it. 4. SelfContained download method was used indicating that range requests are not supported. 5. SelfContained download method was used indicating that the system does not support express download (dpx.dll is not present). 6. SelfContained download method was used indicating that self-contained download method was selected previously. 7. SelfContained download method was used indicating a fall back to self-contained if the number of requests made by DPX exceeds a certain threshold.
+- **CDNCountryCode** Two letter country abbreviation for the CDN's location.
+- **CDNId** ID which defines which CDN the software distribution client downloaded the content from.
+- **ClientVersion** Version number of the software distribution client.
+- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. There is no value being reported in this field right now. Expected value for this field is 0.
+- **ConnectTime** Indicates the cumulative sum (in seconds) of how long it took to establish the connection for all updates in an update bundle.
+- **DownloadPriority** Indicates the priority of the download activity.
+- **DownloadProps** Indicates a bitmask for download operations indicating 1. If an update was downloaded to a system volume (least significant bit i.e. bit 0) 2. If the update was from a channel other than the installed channel (bit 1) 3. If the update was for a product pinned by policy (bit 2) 4. If the deployment action for the update is uninstall (bit 3).
+- **DownloadStartTime** Start time in FILETIME for the download.
+- **EventInstanceID** A globally unique identifier for event instance.
+- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver".
+- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough.
+- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device.
+- **FlightBuildNumber** Indicates the build number of that flight.
+- **FlightId** The specific id of the flight the device is getting.
+- **HardwareId** If this download was for a driver targeted to a particular device model, this ID indicates the model of the device.
+- **HostName** The hostname URL the content is downloading from.
+- **IPVersion** Indicates whether download took place on IPv4 or IPv6 (0-Unknown, 1-IPv4, 2-IPv6)
+- **IsWUfBDualScanEnabled** Flag indicated is WU-for-Business dual scan is enabled on the device.
+- **IsWUfBEnabled** Flag indicated is WU-for-Business is enabled on the device.
+- **IsWUfBTargetVersionEnabled** Flag indicated is WU-for-Business targeted version is enabled on the device.
+- **NetworkCost** A flag indicating the cost of the network being used for downloading the update content. That could be one of the following values0x0 : Unkown0x1 : Network cost is unrestricted0x2 : Network cost is fixed0x4 : Network cost is variable0x10000 : Network cost over data limit0x20000 : Network cost congested0x40000 : Network cost roaming0x80000 : Network cost approaching data limit.
+- **NetworkRestrictionStatus** More general version of NetworkCostBitMask, specifying whether Windows considered the current network to be “metered”.
+- **PackageFullName** The package name of the content.
+- **PostDnldTime** Time taken, in seconds, to signal download completion after the last job has completed downloading payload.
+- **ProcessName** Process name of the caller who initiated API calls into the software distribution client.
+- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device.
+- **RegulationResult** The result code (HResult) of the last attempt to contact the regulation web service for download regulation of update content.
+- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
+- **RepeatFailCount** Indicates whether this specific piece of content had previously failed.
+- **RevisionNumber** Identifies the revision number of this specific piece of content.
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
+- **SizeCalcTime** Time taken, in seconds, to calculate the total download size of the payload.
+- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
+- **TotalExpectedBytes** Total count of bytes that the download is expected (total size of the download.).
+- **UpdateId** Identifier associated with the specific piece of content.
+- **UpdateImportance** Indicates the importance of a driver, and why it received that importance level (0-Unknown, 1-Optional, 2-Important-DNF, 3-Important-Generic, 4-Important-Other, 5-Recommended).
+- **UsedDO** Indicates whether the download used the delivery optimization service.
+- **WUDeviceID** Unique device id controlled by the software distribution client.
+
+
+### Microsoft.Windows.Update.WUClient.DownloadSwitchingToBITS
+
+This event tracks the download switching to BITS event when the update client is trying to update the device. The data collected with this event is used to help keep Windows up to date and secure.
+
+The following fields are available:
+
+- **BundleId** Name of application making the Windows Update request. Used to identify context of request.
+- **BundleRevisionNumber** Identifies the number of repeated download failures.
+- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
+- **ClientVersion** Version number of the software distribution client.
+- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. There is no value being reported in this field right now. Expected value for this field is 0.
+- **DownloadPriority** Indicates the priority of the download activity.
+- **DownloadProps** Indicates a bitmask for download operations indicating 1. If an update was downloaded to a system volume (least significant bit i.e. bit 0) 2. If the update was from a channel other than the installed channel (bit 1) 3. If the update was for a product pinned by policy (bit 2) 4. If the deployment action for the update is uninstall (bit 3).
+- **EventInstanceID** A globally unique identifier for event instance.
+- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver".
+- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough.
+- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device.
+- **FlightBuildNumber** Indicates the build number of that flight.
+- **FlightId** The specific id of the flight the device is getting.
+- **HardwareId** If this download was for a driver targeted to a particular device model, this ID indicates the model of the device.
+- **IsWUfBDualScanEnabled** Flag indicated is WU-for-Business dual scan is enabled on the device.
+- **IsWUfBEnabled** Flag indicated is WU-for-Business is enabled on the device.
+- **IsWUfBTargetVersionEnabled** Flag that indicates if the WU-for-Business target version policy is enabled on the device.
+- **PackageFullName** The package name of the content.
+- **ProcessName** Process name of the caller who initiated API calls into the software distribution client.
+- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device.
+- **RegulationResult** The result code (HResult) of the last attempt to contact the regulation web service for download regulation of update content.
+- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
+- **RevisionNumber** Identifies the revision number of this specific piece of content.
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
+- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
+- **UpdateId** Identifier associated with the specific piece of content.
+- **UpdateImportance** Indicates the importance of a driver, and why it received that importance level (0-Unknown, 1-Optional, 2-Important-DNF, 3-Important-Generic, 4-Important-Other, 5-Recommended).
+- **WUDeviceID** Unique device id controlled by the software distribution client.
+
+
+### Microsoft.Windows.Update.WUClient.InstallCanceled
+
+This event tracks the install canceled event when the update client is trying to update the device. The data collected with this event is used to help keep Windows up to date and secure.
+
+The following fields are available:
+
+- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found.
+- **BundleRepeatFailCount** Indicates whether this particular update bundle had previously failed.
+- **BundleRevisionNumber** Identifies the revision number of the content bundle.
+- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
+- **ClassificationId** Classification identifier of the update content.
+- **ClientVersion** Version number of the software distribution client.
+- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. There is no value being reported in this field right now. Expected value for this field is 0.
+- **CSIErrorType** Stage of CBS installation where it failed.
+- **DeploymentMutexId** Mutex identifier of the deployment operation.
+- **DeploymentProviderHostModule** Name of the module which is hosting the Update Deployment Provider for deployment operation.
+- **DeploymentProviderMode** Name of the module which is hosting the Update Deployment Provider for deployment operation.
+- **DriverPingBack** Contains information about the previous driver and system state.
+- **DriverRecoveryIds** The list of identifiers which could be used for uninstalling the drivers when a recovery is required.
+- **EventInstanceID** A globally unique identifier for event instance.
+- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver".
+- **ExtendedErrorCode** The extended error code.
+- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough.
+- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device.
+- **FlightBuildNumber** Indicates the build number of that flight.
+- **FlightId** The specific id of the flight the device is getting.
+- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.).
+- **HardwareId** If this download was for a driver targeted to a particular device model, this ID indicates the model of the device.
+- **InstallProps** A bitmask for future flags associated with the install operation. There is no value being reported in this field right now. Expected value for this field is 0.
+- **IntentPFNs** Intended application-set metadata for atomic update scenarios.
+- **IsFinalOutcomeEvent** Indicates if this event signal the end of the update/upgrade process.
+- **IsFirmware** Indicates whether an update was a firmware update.
+- **IsSuccessFailurePostReboot** Indicates whether an initial success was then a failure after a reboot.
+- **IsWUfBDualScanEnabled** Flag indicated is WU-for-Business dual scan is enabled on the device.
+- **IsWUfBEnabled** Flag indicated is WU-for-Business is enabled on the device.
+- **IsWUfBTargetVersionEnabled** Flag that indicates if the WU-for-Business target version policy is enabled on the device.
+- **MergedUpdate** Indicates whether an OS update and a BSP update were merged for install.
+- **MsiAction** Stage of MSI installation where it failed.
+- **MsiProductCode** Unique identifier of the MSI installer.
+- **PackageFullName** The package name of the content.
+- **ProcessName** Process name of the caller who initiated API calls into the software distribution client.
+- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device.
+- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
+- **RepeatFailCount** Indicates whether this specific piece of content had previously failed.
+- **RevisionNumber** Identifies the revision number of this specific piece of content.
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
+- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
+- **TargetGroupId** For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver.
+- **TargetingVersion** For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device.
+- **TransactionCode** ID which represents a given MSI installation.
+- **UpdateId** Identifier associated with the specific piece of content.
+- **UpdateImportance** Indicates the importance of a driver, and why it received that importance level (0-Unknown, 1-Optional, 2-Important-DNF, 3-Important-Generic, 4-Important-Other, 5-Recommended).
+- **UsedSystemVolume** Indicates whether the device’s main system storage drive or an alternate storage drive was used.
+- **WUDeviceID** Unique device id controlled by the software distribution client.
+
+
+### Microsoft.Windows.Update.WUClient.InstallFailed
+
+This event tracks the install failed event when the update client is trying to update the device. The data collected with this event is used to help keep Windows up to date and secure.
+
+The following fields are available:
+
+- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found.
+- **BundleRepeatFailCount** Indicates whether this particular update bundle had previously failed.
+- **BundleRevisionNumber** Identifies the revision number of the content bundle.
+- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
+- **ClassificationId** Classification identifier of the update content.
+- **ClientVersion** Version number of the software distribution client.
+- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. There is no value being reported in this field right now. Expected value for this field is 0.
+- **CSIErrorType** Stage of CBS installation where it failed.
+- **DeploymentMutexId** Mutex identifier of the deployment operation.
+- **DeploymentProviderHostModule** Name of the module which is hosting the Update Deployment Provider for deployment operation.
+- **DeploymentProviderMode** Mode of operation of the Update Deployment Provider.
+- **DriverPingBack** Contains information about the previous driver and system state.
+- **DriverRecoveryIds** The list of identifiers which could be used for uninstalling the drivers when a recovery is required.
+- **EventInstanceID** A globally unique identifier for event instance.
+- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver".
+- **ExtendedErrorCode** The extended error code.
+- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough.
+- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device.
+- **FlightBuildNumber** Indicates the build number of that flight.
+- **FlightId** The specific id of the flight the device is getting.
+- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.).
+- **HardwareId** If this download was for a driver targeted to a particular device model, this ID indicates the model of the device.
+- **InstallProps** A bitmask for future flags associated with the install operation. There is no value being reported in this field right now. Expected value for this field is 0.
+- **IntentPFNs** Intended application-set metadata for atomic update scenarios.
+- **IsFinalOutcomeEvent** Indicates if this event signal the end of the update/upgrade process.
+- **IsFirmware** Indicates whether an update was a firmware update.
+- **IsSuccessFailurePostReboot** Indicates whether an initial success was then a failure after a reboot.
+- **IsWUfBDualScanEnabled** Flag indicated is WU-for-Business dual scan is enabled on the device.
+- **IsWUfBEnabled** Flag indicated is WU-for-Business is enabled on the device.
+- **IsWUfBTargetVersionEnabled** Flag that indicates if the WU-for-Business target version policy is enabled on the device.
+- **MergedUpdate** Indicates whether an OS update and a BSP update were merged for install.
+- **MsiAction** Stage of MSI installation where it failed.
+- **MsiProductCode** Unique identifier of the MSI installer.
+- **PackageFullName** The package name of the content.
+- **ProcessName** Process name of the caller who initiated API calls into the software distribution client.
+- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device.
+- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
+- **RepeatFailCount** Indicates whether this specific piece of content had previously failed.
+- **RevisionNumber** Identifies the revision number of this specific piece of content.
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
+- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
+- **TargetGroupId** For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver.
+- **TargetingVersion** For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device.
+- **TransactionCode** ID which represents a given MSI installation.
+- **UpdateId** Identifier associated with the specific piece of content.
+- **UpdateImportance** Indicates the importance of a driver, and why it received that importance level (0-Unknown, 1-Optional, 2-Important-DNF, 3-Important-Generic, 4-Important-Other, 5-Recommended).
+- **UsedSystemVolume** Indicates whether the device’s main system storage drive or an alternate storage drive was used.
+- **WUDeviceID** Unique device id controlled by the software distribution client.
+
+
+### Microsoft.Windows.Update.WUClient.InstallRebootPending
+
+This event tracks the install reboot pending event when the update client is trying to update the device. The data collected with this event is used to help keep Windows up to date and secure.
+
+The following fields are available:
+
+- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found.
+- **BundleRepeatFailCount** Indicates whether this particular update bundle had previously failed.
+- **BundleRevisionNumber** Identifies the revision number of the content bundle.
+- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
+- **ClassificationId** Classification identifier of the update content.
+- **ClientVersion** Version number of the software distribution client.
+- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. There is no value being reported in this field right now. Expected value for this field is 0.
+- **CSIErrorType** Stage of CBS installation where it failed.
+- **DeploymentMutexId** Mutex identifier of the deployment operation.
+- **DeploymentProviderHostModule** Name of the module which is hosting the Update Deployment Provider for deployment operation.
+- **DeploymentProviderMode** Mode of operation of the Update Deployment Provider.
+- **DriverPingBack** Contains information about the previous driver and system state.
+- **DriverRecoveryIds** The list of identifiers which could be used for uninstalling the drivers when a recovery is required.
+- **EventInstanceID** A globally unique identifier for event instance.
+- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver".
+- **ExtendedErrorCode** The extended error code.
+- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough.
+- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device.
+- **FlightBuildNumber** Indicates the build number of that flight.
+- **FlightId** The specific id of the flight the device is getting.
+- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.).
+- **HardwareId** If this download was for a driver targeted to a particular device model, this ID indicates the model of the device.
+- **InstallProps** A bitmask for future flags associated with the install operation. There is no value being reported in this field right now. Expected value for this field is 0.
+- **IntentPFNs** Intended application-set metadata for atomic update scenarios.
+- **IsFinalOutcomeEvent** Indicates if this event signal the end of the update/upgrade process.
+- **IsFirmware** Indicates whether an update was a firmware update.
+- **IsSuccessFailurePostReboot** Indicates whether an initial success was then a failure after a reboot.
+- **IsWUfBDualScanEnabled** Flag indicated is WU-for-Business dual scan is enabled on the device.
+- **IsWUfBEnabled** Flag indicated is WU-for-Business is enabled on the device.
+- **IsWUfBTargetVersionEnabled** Flag that indicates if the WU-for-Business target version policy is enabled on the device.
+- **MergedUpdate** Indicates whether an OS update and a BSP update were merged for install.
+- **MsiAction** Stage of MSI installation where it failed.
+- **MsiProductCode** Unique identifier of the MSI installer.
+- **PackageFullName** The package name of the content.
+- **ProcessName** Process name of the caller who initiated API calls into the software distribution client.
+- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device.
+- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
+- **RepeatFailCount** Indicates whether this specific piece of content had previously failed.
+- **RevisionNumber** Identifies the revision number of this specific piece of content.
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc).
+- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
+- **TargetGroupId** For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver.
+- **TargetingVersion** For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device.
+- **TransactionCode** ID which represents a given MSI installation.
+- **UpdateId** Identifier associated with the specific piece of content.
+- **UpdateImportance** Indicates the importance of a driver, and why it received that importance level (0-Unknown, 1-Optional, 2-Important-DNF, 3-Important-Generic, 4-Important-Other, 5-Recommended).
+- **UsedSystemVolume** Indicates whether the device’s main system storage drive or an alternate storage drive was used.
+- **WUDeviceID** Unique device id controlled by the software distribution client.
+
+
+### Microsoft.Windows.Update.WUClient.InstallStarted
+
+The event tracks the install started event when the update client is trying to update the device. The data collected with this event is used to help keep Windows up to date and secure.
+
+The following fields are available:
+
+- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found.
+- **BundleRepeatFailCount** Indicates whether this particular update bundle had previously failed.
+- **BundleRevisionNumber** Identifies the revision number of the content bundle.
+- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
+- **ClassificationId** Classification identifier of the update content.
+- **ClientVersion** Version number of the software distribution client.
+- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. There is no value being reported in this field right now. Expected value for this field is 0.
+- **CSIErrorType** Stage of CBS installation where it failed.
+- **DeploymentMutexId** Mutex identifier of the deployment operation.
+- **DeploymentProviderHostModule** Name of the module which is hosting the Update Deployment Provider for deployment operation.
+- **DeploymentProviderMode** Mode of operation of the Update Deployment Provider.
+- **DriverPingBack** Contains information about the previous driver and system state.
+- **DriverRecoveryIds** The list of identifiers which could be used for uninstalling the drivers when a recovery is required.
+- **EventInstanceID** A globally unique identifier for event instance.
+- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver".
+- **ExtendedErrorCode** The extended error code.
+- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough.
+- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device.
+- **FlightBuildNumber** Indicates the build number of that flight.
+- **FlightId** The specific id of the flight the device is getting.
+- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.).
+- **HardwareId** If this download was for a driver targeted to a particular device model, this ID indicates the model of the device.
+- **InstallProps** A bitmask for future flags associated with the install operation. There is no value being reported in this field right now. Expected value for this field is 0.
+- **IntentPFNs** Intended application-set metadata for atomic update scenarios.
+- **IsFinalOutcomeEvent** Indicates if this event signal the end of the update/upgrade process.
+- **IsFirmware** Indicates whether an update was a firmware update.
+- **IsSuccessFailurePostReboot** Indicates whether an initial success was then a failure after a reboot.
+- **IsWUfBDualScanEnabled** Flag indicated is WU-for-Business dual scan is enabled on the device.
+- **IsWUfBEnabled** Flag indicated is WU-for-Business is enabled on the device.
+- **IsWUfBTargetVersionEnabled** Flag that indicates if the WU-for-Business target version policy is enabled on the device.
+- **MergedUpdate** Indicates whether an OS update and a BSP update were merged for install.
+- **MsiAction** Stage of MSI installation where it failed.
+- **MsiProductCode** Unique identifier of the MSI installer.
+- **PackageFullName** The package name of the content.
+- **ProcessName** Process name of the caller who initiated API calls into the software distribution client.
+- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device.
+- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
+- **RepeatFailCount** Indicates whether this specific piece of content had previously failed.
+- **RevisionNumber** Identifies the revision number of this specific piece of content.
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
+- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
+- **TargetGroupId** For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver.
+- **TargetingVersion** For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device.
+- **TransactionCode** ID which represents a given MSI installation.
+- **UpdateId** Identifier associated with the specific piece of content.
+- **UpdateImportance** Indicates the importance of a driver, and why it received that importance level (0-Unknown, 1-Optional, 2-Important-DNF, 3-Important-Generic, 4-Important-Other, 5-Recommended).
+- **UsedSystemVolume** Indicates whether the device’s main system storage drive or an alternate storage drive was used.
+- **WUDeviceID** Unique device id controlled by the software distribution client.
+
+
+### Microsoft.Windows.Update.WUClient.InstallSucceeded
+
+The event tracks the successful install event when the update client is trying to update the device. The data collected with this event is used to help keep Windows up to date and secure.
+
+The following fields are available:
+
+- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found.
+- **BundleRepeatFailCount** Indicates whether this particular update bundle had previously failed.
+- **BundleRevisionNumber** Identifies the revision number of the content bundle.
+- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
+- **ClassificationId** Classification identifier of the update content.
+- **ClientVersion** Version number of the software distribution client.
+- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. There is no value being reported in this field right now. Expected value for this field is 0.
+- **CSIErrorType** Stage of CBS installation where it failed.
+- **DeploymentMutexId** Mutex identifier of the deployment operation.
+- **DeploymentProviderHostModule** Name of the module which is hosting the Update Deployment Provider for deployment operation.
+- **DeploymentProviderMode** Mode of operation of the Update Deployment Provider.
+- **DriverPingBack** Contains information about the previous driver and system state.
+- **DriverRecoveryIds** The list of identifiers which could be used for uninstalling the drivers when a recovery is required.
+- **EventInstanceID** A globally unique identifier for event instance.
+- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver".
+- **ExtendedErrorCode** The extended error code.
+- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough.
+- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device.
+- **FlightBuildNumber** Indicates the build number of that flight.
+- **FlightId** The specific id of the flight the device is getting.
+- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.).
+- **HardwareId** If this download was for a driver targeted to a particular device model, this ID indicates the model of the device.
+- **InstallProps** A bitmask for future flags associated with the install operation. There is no value being reported in this field right now. Expected value for this field is 0.
+- **IntentPFNs** Intended application-set metadata for atomic update scenarios.
+- **IsFinalOutcomeEvent** Indicates if this event signal the end of the update/upgrade process.
+- **IsFirmware** Indicates whether an update was a firmware update.
+- **IsSuccessFailurePostReboot** Indicates whether an initial success was then a failure after a reboot.
+- **IsWUfBDualScanEnabled** Flag indicated is WU-for-Business dual scan is enabled on the device.
+- **IsWUfBEnabled** Flag indicated is WU-for-Business is enabled on the device.
+- **IsWUfBTargetVersionEnabled** Flag that indicates if the WU-for-Business target version policy is enabled on the device.
+- **MergedUpdate** Indicates whether an OS update and a BSP update were merged for install.
+- **MsiAction** Stage of MSI installation where it failed.
+- **MsiProductCode** Unique identifier of the MSI installer.
+- **PackageFullName** The package name of the content.
+- **ProcessName** Process name of the caller who initiated API calls into the software distribution client.
+- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device.
+- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
+- **RepeatFailCount** Indicates whether this specific piece of content had previously failed.
+- **RevisionNumber** Identifies the revision number of this specific piece of content.
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
+- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
+- **TargetGroupId** For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver.
+- **TargetingVersion** For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device.
+- **TransactionCode** ID which represents a given MSI installation.
+- **UpdateId** Identifier associated with the specific piece of content.
+- **UpdateImportance** Indicates the importance of a driver, and why it received that importance level (0-Unknown, 1-Optional, 2-Important-DNF, 3-Important-Generic, 4-Important-Other, 5-Recommended).
+- **UsedSystemVolume** Indicates whether the device’s main system storage drive or an alternate storage drive was used.
+- **WUDeviceID** Unique device id controlled by the software distribution client.
+
+
+### Microsoft.Windows.Update.WUClient.RevertFailed
+
+This event tracks the revert failed event when the update client is trying to update the device. The data collected with this event is used to help keep Windows up to date and secure.
+
+The following fields are available:
+
+- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found.
+- **BundleRepeatFailCount** Indicates whether this particular update bundle had previously failed.
+- **BundleRevisionNumber** Identifies the revision number of the content bundle.
+- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
+- **ClassificationId** Classification identifier of the update content.
+- **ClientVersion** Version number of the software distribution client.
+- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. There is no value being reported in this field right now. Expected value for this field is 0.
+- **CSIErrorType** Stage of CBS installation where it failed.
+- **DeploymentMutexId** Mutex identifier of the deployment operation.
+- **DeploymentProviderHostModule** Name of the module which is hosting the Update Deployment Provider for deployment operation.
+- **DeploymentProviderMode** Mode of operation of the Update Deployment Provider.
+- **DriverPingBack** Contains information about the previous driver and system state.
+- **DriverRecoveryIds** The list of identifiers which could be used for uninstalling the drivers when a recovery is required.
+- **EventInstanceID** A globally unique identifier for event instance.
+- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver".
+- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough.
+- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device.
+- **FlightBuildNumber** Indicates the build number of that flight.
+- **FlightId** The specific id of the flight the device is getting.
+- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.).
+- **HardwareId** If this download was for a driver targeted to a particular device model, this ID indicates the model of the device.
+- **IsFinalOutcomeEvent** Indicates if this event signal the end of the update/upgrade process.
+- **IsFirmware** Indicates whether an update was a firmware update.
+- **IsSuccessFailurePostReboot** Indicates whether an initial success was then a failure after a reboot.
+- **IsWUfBDualScanEnabled** Flag indicated is WU-for-Business dual scan is enabled on the device.
+- **IsWUfBEnabled** Flag indicated is WU-for-Business dual scan is enabled on the device.
+- **IsWUfBTargetVersionEnabled** Flag that indicates if the WU-for-Business target version policy is enabled on the device.
+- **MergedUpdate** Indicates whether an OS update and a BSP update were merged for install.
+- **ProcessName** Process name of the caller who initiated API calls into the software distribution client.
+- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device.
+- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
+- **RepeatFailCount** Indicates whether this specific piece of content had previously failed.
+- **RevisionNumber** Identifies the revision number of this specific piece of content.
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
+- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
+- **TargetGroupId** For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver.
+- **TargetingVersion** For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device.
+- **UpdateId** Identifier associated with the specific piece of content.
+- **UpdateImportance** Indicates the importance of a driver, and why it received that importance level (0-Unknown, 1-Optional, 2-Important-DNF, 3-Important-Generic, 4-Important-Other, 5-Recommended).
+- **UsedSystemVolume** Indicates whether the device’s main system storage drive or an alternate storage drive was used.
+- **WUDeviceID** Unique device id controlled by the software distribution client.
+
+
+### Microsoft.Windows.Update.WUClient.RevertStarted
+
+This event tracks the revert started event when the update client is trying to update the device. The data collected with this event is used to help keep Windows up to date and secure.
+
+The following fields are available:
+
+- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found.
+- **BundleRepeatFailCount** Indicates whether this particular update bundle had previously failed.
+- **BundleRevisionNumber** Identifies the revision number of the content bundle.
+- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
+- **ClassificationId** Classification identifier of the update content.
+- **ClientVersion** Version number of the software distribution client.
+- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. There is no value being reported in this field right now. Expected value for this field is 0.
+- **CSIErrorType** Stage of CBS installation where it failed.
+- **DeploymentMutexId** Mutex identifier of the deployment operation.
+- **DeploymentProviderHostModule** Name of the module which is hosting the Update Deployment Provider for deployment operation.
+- **DeploymentProviderMode** Mode of operation of the Update Deployment Provider.
+- **DriverPingBack** Contains information about the previous driver and system state.
+- **DriverRecoveryIds** The list of identifiers which could be used for uninstalling the drivers when a recovery is required.
+- **EventInstanceID** A globally unique identifier for event instance.
+- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver".
+- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough.
+- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device.
+- **FlightBuildNumber** Indicates the build number of that flight.
+- **FlightId** The specific id of the flight the device is getting.
+- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.).
+- **HardwareId** If this download was for a driver targeted to a particular device model, this ID indicates the model of the device.
+- **IsFinalOutcomeEvent** Indicates if this event signal the end of the update/upgrade process.
+- **IsFirmware** Indicates whether an update was a firmware update.
+- **IsSuccessFailurePostReboot** Indicates whether an initial success was then a failure after a reboot.
+- **IsWUfBDualScanEnabled** Flag indicated is WU-for-Business dual scan is enabled on the device.
+- **IsWUfBEnabled** Flag indicated is WU-for-Business is enabled on the device.
+- **IsWUfBTargetVersionEnabled** Flag that indicates if the WU-for-Business target version policy is enabled on the device.
+- **MergedUpdate** Indicates whether an OS update and a BSP update were merged for install.
+- **ProcessName** Process name of the caller who initiated API calls into the software distribution client.
+- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device.
+- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
+- **RepeatFailCount** Indicates whether this specific piece of content had previously failed.
+- **RevisionNumber** Identifies the revision number of this specific piece of content.
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
+- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
+- **TargetGroupId** For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver.
+- **TargetingVersion** For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device.
+- **UpdateId** Identifier associated with the specific piece of content.
+- **UpdateImportance** Indicates the importance of a driver, and why it received that importance level (0-Unknown, 1-Optional, 2-Important-DNF, 3-Important-Generic, 4-Important-Other, 5-Recommended).
+- **UsedSystemVolume** Indicates whether the device’s main system storage drive or an alternate storage drive was used.
+- **WUDeviceID** Unique device id controlled by the software distribution client.
+
+
+### Microsoft.Windows.Update.WUClient.RevertSucceeded
+
+The event tracks the successful revert event when the update client is trying to update the device. The data collected with this event is used to help keep Windows up to date and secure.
+
+The following fields are available:
+
+- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found.
+- **BundleRepeatFailCount** Indicates whether this particular update bundle had previously failed.
+- **BundleRevisionNumber** Identifies the revision number of the content bundle.
+- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
+- **ClassificationId** Classification identifier of the update content.
+- **ClientVersion** Version number of the software distribution client.
+- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. There is no value being reported in this field right now. Expected value for this field is 0.
+- **CSIErrorType** Stage of CBS installation where it failed.
+- **DeploymentMutexId** Mutex identifier of the deployment operation.
+- **DeploymentProviderHostModule** Name of the module which is hosting the Update Deployment Provider for deployment operation.
+- **DeploymentProviderMode** Mode of operation of the Update Deployment Provider.
+- **DriverPingBack** Contains information about the previous driver and system state.
+- **DriverRecoveryIds** The list of identifiers which could be used for uninstalling the drivers when a recovery is required.
+- **EventInstanceID** A globally unique identifier for event instance.
+- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver".
+- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough.
+- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device.
+- **FlightBuildNumber** Indicates the build number of that flight.
+- **FlightId** The specific id of the flight the device is getting.
+- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.).
+- **HardwareId** If this download was for a driver targeted to a particular device model, this ID indicates the model of the device.
+- **IsFinalOutcomeEvent** Indicates if this event signal the end of the update/upgrade process.
+- **IsFirmware** Indicates whether an update was a firmware update.
+- **IsSuccessFailurePostReboot** Indicates whether an initial success was then a failure after a reboot.
+- **IsWUfBDualScanEnabled** Flag indicated is WU-for-Business dual scan is enabled on the device.
+- **IsWUfBEnabled** Flag indicated is WU-for-Business is enabled on the device.
+- **IsWUfBTargetVersionEnabled** Flag that indicates if the WU-for-Business target version policy is enabled on the device.
+- **MergedUpdate** Indicates whether an OS update and a BSP update were merged for install.
+- **ProcessName** Process name of the caller who initiated API calls into the software distribution client.
+- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device.
+- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
+- **RepeatFailCount** Indicates whether this specific piece of content had previously failed.
+- **RevisionNumber** Identifies the revision number of this specific piece of content.
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
+- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
+- **TargetGroupId** For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver.
+- **TargetingVersion** For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device.
+- **UpdateId** Identifier associated with the specific piece of content.
+- **UpdateImportance** Indicates the importance of a driver, and why it received that importance level (0-Unknown, 1-Optional, 2-Important-DNF, 3-Important-Generic, 4-Important-Other, 5-Recommended).
+- **UsedSystemVolume** Indicates whether the device’s main system storage drive or an alternate storage drive was used.
+- **WUDeviceID** Unique device id controlled by the software distribution client.
+
+
+### Microsoft.Windows.Update.WUClient.UpdateDetected
+
+This event tracks the update detected event when the software update client is trying to update the device. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **ApplicableUpdateInfo** Metadata for the updates which were detected as applicable.
+- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
+- **IntentPFNs** Intended application-set metadata for atomic update scenarios.
+- **NumberOfApplicableUpdates** Number of updates which were ultimately deemed applicable to the system after detection process is complete.
+- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
+- **WUDeviceID** Unique device id controlled by the software distribution client.
+
+
+### Microsoft.Windows.Update.WUClientExt.DataStoreHealth
+
+This event tracks the health of the data store. The data store stores updated metadata synced from the update services, service endpoint information synced from SLS services, and in-progress update data so the update client can continue to serve after reboot. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **EventScenario** Indicates the purpose of the event, for example, whether the scan started, succeeded or failed.
+- **StatusCode** The result code of the event (success, cancellation, failure code HResult).
+
+
+### Microsoft.Windows.Update.WUClientExt.DownloadCheckpoint
+
+This is a checkpoint event between the Windows Update download phases for UUP content. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
+- **ClientVersion** Version number of the software distribution client.
+- **EventScenario** Indicates the purpose of the event - whether because scan started, succeeded, failed, etc.
+- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver".
+- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough.
+- **FileId** Unique identifier for the downloaded file.
+- **FileName** Name of the downloaded file.
+- **FlightId** The specific id of the flight the device is getting.
+- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
+- **RevisionNumber** Identifies the revision number of this specific piece of content.
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
+- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
+- **UpdateId** Identifier associated with the specific piece of content.
+- **WUDeviceID** Unique device id controlled by the software distribution client.
+
+
+### Microsoft.Windows.Update.WUClientExt.DownloadHeartbeat
+
+This event allows tracking of ongoing downloads and contains data to explain the current state of the download. The data collected with this event is used to help keep Windows up to date and secure.
+
+The following fields are available:
+
+- **BytesTotal** Total bytes to transfer for this content.
+- **BytesTransferred** Total bytes transferred for this content at the time of heartbeat.
+- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
+- **ClientVersion** Version number of the software distribution client.
+- **ConnectionStatus** Indicates the connectivity state of the device at the time of heartbeat.
+- **CurrentError** Last (transient) error encountered by the active download.
+- **DownloadFlags** Flags indicating if power state is ignored.
+- **DownloadState** Current state of the active download for this content (queued, suspended, progressing).
+- **EventType** Possible values are "Child", "Bundle", "Relase" or "Driver".
+- **FlightId** The specific id of the flight the device is getting.
+- **IsNetworkMetered** Indicates whether Windows considered the current network to be “metered”.
+- **MOAppDownloadLimit** Mobile operator cap on size of application downloads, if any.
+- **MOUpdateDownloadLimit** Mobile operator cap on size of OS update downloads, if any.
+- **PowerState** Indicates the power state of the device at the time of heartbeart (DC, AC, Battery Saver, Connected Standby).
+- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
+- **ResumeCount** Number of times this active download has resumed from a suspended state.
+- **RevisionNumber** Identifies the revision number of this specific piece of content.
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
+- **SuspendCount** Number of times this active download has entered a suspended state.
+- **SuspendReason** Last reason for which this active download has entered suspended state.
+- **UpdateId** Identifier associated with the specific piece of content.
+- **WUDeviceID** Unique device id controlled by the software distribution client.
+
+
+### Microsoft.Windows.Update.WUClientExt.UpdateMetadataIntegrity
+
+This event helps to identify whether update content has been tampered with and protects against man-in-the-middle attack. The data collected with this event is used to help keep Windows up to date and secure.
+
+The following fields are available:
+
+- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
+- **EndpointUrl** Endpoint where client obtains update metadata. Used to identify test vs staging vs production environments.
+- **EventScenario** Indicates the purpose of the event - whether because scan started, succeeded, failed, etc.
+- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough.
+- **LeafCertId** Integral id from the FragmentSigning data for certificate which failed.
+- **ListOfSHA256OfIntermediateCerData** Mode of update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce.
+- **MetadataIntegrityMode** Base64 string of the signature associated with the update metadata (specified by revision id).
+- **MetadataSignature** Mode of update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce.
+- **RawMode** Raw unparsed mode string from the SLS response. Null if not applicable.
+- **RawValidityWindowInDays** Raw unparsed mode string from the SLS response. May be null if not applicable.
+- **RevisionId** Identifies the revision of this specific piece of content.
+- **RevisionNumber** Identifies the revision number of this specific piece of content.
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
+- **SHA256OfLeafCerData** Base64 encoding of hash of the Base64CertData in the FragmentSigning data of leaf certificate.
+- **SHA256OfLeafCertPublicKey** Base64 string of hash of the leaf cert public key.
+- **SHA256OfTimestampToken** Base64 string of hash of the timestamp token blob.
+- **SignatureAlgorithm** Hash algorithm for the metadata signature.
+- **SLSPrograms** A test program a machine may be opted in. Examples include "Canary" and "Insider Fast".
+- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
+- **TimestampTokenId** Created time encoded in the timestamp blob. This will be zeroed if the token is itself malformed and decoding failed.
+- **UpdateId** Identifier associated with the specific piece of content.
+- **ValidityWindowInDays** Validity window in days.
+
+
+### Microsoft.Windows.Update.WUClientExt.UpdateMetadataIntegrityFragmentSigning
+
+This event helps to identify whether update content has been tampered with and protects against man-in-the-middle attack. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
+- **EndpointUrl** URL of the endpoint where client obtains update metadata. Used to identify test vs staging vs production environments.
+- **EventScenario** Field indicating the sub-phase event scenario.
+- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough.
+- **LeafCertId** Integral id from the FragmentSigning data for certificate which failed.
+- **ListOfSHA256OfIntermediateCerData** List of Base64 string of hash of intermediate cert data.
+- **MetadataIntegrityMode** Base64 string of the signature associated with the update metadata (specified by revision id).
+- **RawMode** Raw unparsed mode string from the SLS response. Null if not applicable.
+- **RawValidityWindowInDays** Raw unparsed string of validity window in effect when verifying the timestamp.
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
+- **SHA256OfLeafCerData** Base64 string of hash of the leaf cert data.
+- **SLSPrograms** A test program a machine may be opted in. Examples include "Canary" and "Insider Fast".
+- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
+
+
+### Microsoft.Windows.Update.WUClientExt.UpdateMetadataIntegritySignature
+
+This event helps to identify whether update content has been tampered with and protects against man-in-the-middle attack. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
+- **EndpointUrl** URL of the endpoint where client obtains update metadata. Used to identify test vs staging vs production environments.
+- **EventScenario** Field indicating the sub-phase event scenario.
+- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough.
+- **LeafCertId** Integral id from the FragmentSigning data for certificate which failed.
+- **MetadataIntegrityMode** Mode of update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce.
+- **MetadataSignature** Base64 string of the signature associated with the update metadata (specified by revision id).
+- **RawMode** Raw unparsed mode string from the SLS response. Null if not applicable.
+- **RevisionId** Identifies the revision of this specific piece of content.
+- **RevisionNumber** Identifies the revision number of this specific piece of content.
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
+- **SHA256OfLeafCertPublicKey** Base64 string of hash of the leaf cert public key.
+- **SHA256OfTimestampToken** Base64 string of hash of the timestamp token blob.
+- **SignatureAlgorithm** Hash algorithm for the metadata signature.
+- **SLSPrograms** A test program a machine may be opted in. Examples include "Canary" and "Insider Fast".
+- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
+- **TimestampTokenId** Created time encoded in the timestamp blob. This will be zeroed if the token is malformed and decoding failed.
+- **UpdateId** Identifier associated with the specific piece of content.
+
+
+### Microsoft.Windows.Update.WUClientExt.UpdateMetadataIntegrityTimestamp
+
+This event helps to identify whether update content has been tampered with and protects against man-in-the-middle attack. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
+- **EndpointUrl** URL of the endpoint where client obtains update metadata. Used to identify test vs staging vs production environments.
+- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough.
+- **MetadataIntegrityMode** Mode of update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce
+- **RawMode** Raw unparsed mode string from the SLS response. Null if not applicable.
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
+- **SHA256OfTimestampToken** Base64 string of hash of the timestamp token blob.
+- **SLSPrograms** A test program a machine may be opted in. Examples include "Canary" and "Insider Fast".
+- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
+- **TimestampTokenId** Created time encoded in the timestamp blob. This will be zeroed if the token is itself malformed and decoding failed.
+- **ValidityWindowInDays** Validity window in effect when verifying the timestamp.
+
+
+### Microsoft.Windows.Update.WUClientExt.UUSLoadModuleFailed
+
+This is the UUSLoadModule failed event and is used to track the failure of loading an undocked component. The data collected with this event is used to help keep Windows up to date and secure.
+
+The following fields are available:
+
+- **LoadProps** A bitmask for flags associated with loading the undocked module.
+- **ModulePath** Path of the undocked module.
+- **ModuleVersion** Version of the undocked module.
+- **PinkyFlags** PinkyFlags used to create the UUS session.
+- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
+- **StatusCode** Result of the undocked module loading operation.
+- **UusSessionID** Unique ID used to create the UUS session.
+- **UusVersion** Active UUS version.
+
+
+### Microsoft.Windows.WindowsUpdate.RUXIM.ICSEvaluateInteractionCampaign
+
+This event is generated when the RUXIM Interaction Campaign Scheduler (RUXIMICS.EXE) finishes processing an interaction campaign. The data collected with this event is used to help keep Windows up to date and performing properly.
+
+The following fields are available:
+
+- **ControlId** String identifying the control (if any) that was selected by the user during presentation.
+- **hrInteractionHandler** The error (if any) reported by the RUXIM Interaction Handler while processing the interaction campaign.
+- **hrScheduler** The error (if any) encountered by RUXIM Interaction Campaign Scheduler itself while processing the interaction campaign.
+- **InteractionCampaignID** The ID of the interaction campaign that was processed.
+- **ResultId** The result of the evaluation/presentation.
+- **WasCompleted** True if the interaction campaign is complete.
+- **WasPresented** True if the Interaction Handler displayed the interaction campaign to the user.
+
+
+### Microsoft.Windows.WindowsUpdate.RUXIM.ICSExit
+
+This event is generated when the RUXIM Interaction Campaign Scheduler (RUXIMICS) exits. The data collected with this event is used to help keep Windows up to date and performing properly.
+
+
+
+### Microsoft.Windows.WindowsUpdate.RUXIM.ICSLaunch
+
+This event is generated when the RUXIM Interaction Campaign Scheduler (RUXIMICS.EXE) is launched. The data collected with this event is used to help keep Windows up to date and performing properly.
+
+The following fields are available:
+
+- **CommandLine** The command line used to launch RUXIMICS.
+
+
+### Microsoft.Windows.WindowsUpdate.RUXIM.IHEvaluateAndPresent
+
+This event is generated when the RUXIM Interaction Handler finishes evaluating, and possibly presenting an interaction campaign. The data collected with this event is used to help keep Windows up to date and performing properly.
+
+The following fields are available:
+
+- **hrLocal** The error (if any) encountered by RUXIM Interaction Handler during evaluation and presentation.
+- **hrPresentation** The error (if any) reported by RUXIM Presentation Handler during presentation.
+- **InteractionCampaignID** GUID; the user interaction campaign processed by RUXIM Interaction Handler.
+- **ResultId** The result generated by the evaluation and presentation.
+- **WasCompleted** True if the user interaction campaign is complete.
+- **WasPresented** True if the user interaction campaign is displayed to the user.
+
+
+### Microsoft.Windows.WindowsUpdate.RUXIM.IHExit
+
+This event is generated when the RUXIM Interaction Handler (RUXIMIH.EXE) exits. The data collected with this event is used to help keep Windows up to date and performing properly.
+
+The following fields are available:
+
+- **InteractionCampaignID** GUID identifying the interaction campaign that RUXIMIH processed.
+
+
+### Microsoft.Windows.WindowsUpdate.RUXIM.IHLaunch
+
+This event is generated when the RUXIM Interaction Handler (RUXIMIH.EXE) is launched. The data collected with this event is used to help keep Windows up to date and performing properly.
+
+The following fields are available:
+
+- **CommandLine** The command line used to launch RUXIMIH.
+- **InteractionCampaignID** GUID identifying the user interaction campaign that the Interaction Handler will process.
+
+### wilActivity
+
+This event provides a Windows Internal Library context used for Product and Service diagnostics. The data collected with this event is used to help keep Windows up to date.
+
+The following fields are available:
+
+- **callContext** The function where the failure occurred.
+- **currentContextId** The ID of the current call context where the failure occurred.
+- **currentContextMessage** The message of the current call context where the failure occurred.
+- **currentContextName** The name of the current call context where the failure occurred.
+- **failureCount** The number of failures for this failure ID.
+- **failureId** The ID of the failure that occurred.
+- **failureType** The type of the failure that occurred.
+- **fileName** The file name where the failure occurred.
+- **function** The function where the failure occurred.
+- **hresult** The HResult of the overall activity.
+- **lineNumber** The line number where the failure occurred.
+- **message** The message of the failure that occurred.
+- **module** The module where the failure occurred.
+- **originatingContextId** The ID of the originating call context that resulted in the failure.
+- **originatingContextMessage** The message of the originating call context that resulted in the failure.
+- **originatingContextName** The name of the originating call context that resulted in the failure.
+- **threadId** The ID of the thread on which the activity is executing.
+
+## Windows Update mitigation events
+
+### Microsoft.Windows.Mitigations.AllowInPlaceUpgrade.ActivityError
+
+This event provides information for error encountered when enabling In-Place Upgrade. The data collected with this event is used to help keep Windows secure.
+
+The following fields are available:
+
+- **wilActivity** Result of the attempt to enable In-Place Upgrade. See [wilActivity](#wilactivity).
+
+
+### Microsoft.Windows.Mitigations.AllowInPlaceUpgrade.ApplyTroubleshooting
+
+This event provides information for the operation of enabling In-Place Upgrade. The data collected with this event is used to help keep Windows secure.
+
+The following fields are available:
+
+- **wilActivity** Result of the attempt to enable In-Place Upgrade. See [wilActivity](#wilactivity).
+
+
+### Microsoft.Windows.Mitigations.AllowInPlaceUpgrade.ApplyTroubleshootingComplete
+
+This event provides summary information after attempting to enable In-Place Upgrade. The data collected with this event is used to help keep Windows up to date and performing properly.
+
+The following fields are available:
+
+- **applicable** The operations that were needed to be attempted.
+- **failed** Result of the individual operations that were attempted.
+- **hr** Result of the overall operation to evaluate and enable In-Place Upgrade.
+
+
+### Mitigation360Telemetry.MitigationCustom.CleanupSafeOsImages
+
+This event sends data specific to the CleanupSafeOsImages mitigation used for OS Updates. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **ClientId** The client ID used by Windows Update.
+- **FlightId** The ID of each Windows Insider build the device received.
+- **InstanceId** A unique device ID that identifies each update instance.
+- **MitigationScenario** The update scenario in which the mitigation was executed.
+- **MountedImageCount** The number of mounted images.
+- **MountedImageMatches** The number of mounted image matches.
+- **MountedImagesFailed** The number of mounted images that could not be removed.
+- **MountedImagesRemoved** The number of mounted images that were successfully removed.
+- **MountedImagesSkipped** The number of mounted images that were not found.
+- **RelatedCV** The correlation vector value generated from the latest USO scan.
+- **Result** HResult of this operation.
+- **ScenarioId** ID indicating the mitigation scenario.
+- **ScenarioSupported** Indicates whether the scenario was supported.
+- **SessionId** Unique value for each update attempt.
+- **UpdateId** Unique ID for each Windows Update.
+- **WuId** Unique ID for the Windows Update client.
+
+
+### Mitigation360Telemetry.MitigationCustom.FixAppXReparsePoints
+
+This event sends data specific to the FixAppXReparsePoints mitigation used for OS updates. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **ClientId** In the WU scenario, this will be the WU client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
+- **FlightId** Unique identifier for each flight.
+- **InstanceId** Unique GUID that identifies each instances of setuphost.exe.
+- **MitigationScenario** The update scenario in which the mitigation was executed.
+- **RelatedCV** Correlation vector value generated from the latest USO scan.
+- **ReparsePointsFailed** Number of reparse points that are corrupted but we failed to fix them.
+- **ReparsePointsFixed** Number of reparse points that were corrupted and were fixed by this mitigation.
+- **ReparsePointsSkipped** Number of reparse points that are not corrupted and no action is required.
+- **Result** HResult of this operation.
+- **ScenarioId** ID indicating the mitigation scenario.
+- **ScenarioSupported** Indicates whether the scenario was supported.
+- **SessionId** Unique value for each update attempt.
+- **UpdateId** Unique ID for each Update.
+- **WuId** Unique ID for the Windows Update client.
+
+
+### Mitigation360Telemetry.MitigationCustom.FixupWimmountSysPath
+
+This event sends data specific to the FixupWimmountSysPath mitigation used for OS Updates. The data collected with this event is used to help keep Windows up to date.
+
+The following fields are available:
+
+- **ClientId** In the WU scenario, this will be the WU client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
+- **FlightId** Unique identifier for each flight.
+- **ImagePathDefault** Default path to wimmount.sys driver defined in the system registry.
+- **ImagePathFixedup** Boolean indicating whether the wimmount.sys driver path was fixed by this mitigation.
+- **InstanceId** Unique GUID that identifies each instances of setuphost.exe.
+- **MitigationScenario** The update scenario in which the mitigations were attempted.
+- **RelatedCV** Correlation vector value.
+- **Result** HResult of this operation.
+- **ScenarioId** Setup360 flow type.
+- **ScenarioSupported** Whether the updated scenario that was passed in was supported.
+- **SessionId** The UpdateAgent “SessionId” value.
+- **UpdateId** Unique identifier for the Update.
+- **WuId** Unique identifier for the Windows Update client.
+
+
+## Windows Update Reserve Manager events
+
+### Microsoft.Windows.UpdateReserveManager.BeginScenario
+
+This event is sent when the Update Reserve Manager is called to begin a scenario. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **Flags** The flags that are passed to the begin scenario function.
+- **HardReserveSize** The size of the hard reserve.
+- **HardReserveUsedSpace** The used space in the hard reserve.
+- **OwningScenarioId** The scenario ID the client that called the begin scenario function.
+- **ReturnCode** The return code for the begin scenario operation.
+- **ScenarioId** The scenario ID that is internal to the reserve manager.
+- **SoftReserveSize** The size of the soft reserve.
+- **SoftReserveUsedSpace** The amount of soft reserve space that was used.
+
+
+### Microsoft.Windows.UpdateReserveManager.ClearReserve
+
+This event is sent when the Update Reserve Manager clears one of the reserves. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **FinalReserveUsedSpace** The amount of used space for the reserve after it was cleared.
+- **InitialReserveUsedSpace** The amount of used space for the reserve before it was cleared.
+- **ReserveId** The ID of the reserve that needs to be cleared.
+
+
+### Microsoft.Windows.UpdateReserveManager.CommitPendingHardReserveAdjustment
+
+This event is sent when the Update Reserve Manager commits a hard reserve adjustment that was pending. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **FinalAdjustment** Final adjustment for the hard reserve following the addition or removal of optional content.
+- **InitialAdjustment** Initial intended adjustment for the hard reserve following the addition or removal of optional content.
+
+
+### Microsoft.Windows.UpdateReserveManager.EndScenario
+
+This event is sent when the Update Reserve Manager ends an active scenario. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **ActiveScenario** The current active scenario.
+- **Flags** The flags passed to the end scenario call.
+- **HardReserveSize** The size of the hard reserve when the end scenario is called.
+- **HardReserveUsedSpace** The used space in the hard reserve when the end scenario is called.
+- **ReturnCode** The return code of this operation.
+- **ScenarioId** The ID of the internal reserve manager scenario.
+- **SoftReserveSize** The size of the soft reserve when end scenario is called.
+- **SoftReserveUsedSpace** The amount of the soft reserve used when end scenario is called.
+
+
+### Microsoft.Windows.UpdateReserveManager.FunctionReturnedError
+
+This event is sent when the Update Reserve Manager returns an error from one of its internal functions. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **FailedFile** The binary file that contained the failed function.
+- **FailedFunction** The name of the function that originated the failure.
+- **FailedLine** The line number of the failure.
+- **ReturnCode** The return code of the function.
+
+
+### Microsoft.Windows.UpdateReserveManager.InitializeReserves
+
+This event is sent when reserves are initialized on the device. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **FallbackInitUsed** Indicates whether fallback initialization is used.
+- **FinalUserFreeSpace** The amount of user free space after initialization.
+- **Flags** The flags used in the initialization of Update Reserve Manager.
+- **FreeSpaceToLeaveInUpdateScratch** The amount of space that should be left free after using the reserves.
+- **HardReserveFinalSize** The final size of the hard reserve.
+- **HardReserveFinalUsedSpace** The used space in the hard reserve.
+- **HardReserveInitialSize** The size of the hard reserve after initialization.
+- **HardReserveInitialUsedSpace** The utilization of the hard reserve after initialization.
+- **HardReserveTargetSize** The target size that was set for the hard reserve.
+- **InitialUserFreeSpace** The user free space during initialization.
+- **PostUpgradeFreeSpace** The free space value passed into the Update Reserve Manager to determine reserve sizing post upgrade.
+- **SoftReserveFinalSize** The final size of the soft reserve.
+- **SoftReserveFinalUsedSpace** The used space in the soft reserve.
+- **SoftReserveInitialSize** The soft reserve size after initialization.
+- **SoftReserveInitialUsedSpace** The utilization of the soft reserve after initialization.
+- **SoftReserveTargetSize** The target size that was set for the soft reserve.
+- **TargetUserFreeSpace** The target user free space that was passed into the reserve manager to determine reserve sizing post upgrade.
+- **UpdateScratchFinalUsedSpace** The used space in the scratch reserve.
+- **UpdateScratchInitialUsedSpace** The utilization of the scratch reserve after initialization.
+- **UpdateScratchReserveFinalSize** The utilization of the scratch reserve after initialization.
+- **UpdateScratchReserveInitialSize** The size of the scratch reserve after initialization.
+
+
+### Microsoft.Windows.UpdateReserveManager.InitializeUpdateReserveManager
+
+This event returns data about the Update Reserve Manager, including whether it’s been initialized. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **ClientId** The ID of the caller application.
+- **Flags** The enumerated flags used to initialize the manager.
+- **Offline** Indicates whether or the reserve manager is called during offline operations.
+- **PolicyPassed** Indicates whether the machine is able to use reserves.
+- **ReturnCode** Return code of the operation.
+- **Version** The version of the Update Reserve Manager.
+
+
+### Microsoft.Windows.UpdateReserveManager.PrepareTIForReserveInitialization
+
+This event is sent when the Update Reserve Manager prepares the Trusted Installer to initialize reserves on the next boot. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **FallbackLogicUsed** Indicates whether fallback logic was used for initialization.
+- **Flags** The flags that are passed to the function to prepare the Trusted Installer for reserve initialization.
+
+
+### Microsoft.Windows.UpdateReserveManager.ReevaluatePolicy
+
+This event is sent when the Update Reserve Manager reevaluates policy to determine reserve usage. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **PolicyChanged** Indicates whether the policy has changed.
+- **PolicyFailedEnum** The reason why the policy failed.
+- **PolicyPassed** Indicates whether the policy passed.
+
+
+### Microsoft.Windows.UpdateReserveManager.RemovePendingHardReserveAdjustment
+
+This event is sent when the Update Reserve Manager removes a pending hard reserve adjustment. The data collected with this event is used to help keep Windows secure and up to date.
+
+
+
+### Microsoft.Windows.UpdateReserveManager.TurnOffReserves
+
+This event is sent when the Update Reserve Manager turns off reserve functionality for certain operations. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **Flags** Flags used in the turn off reserves function.
+- **HardReserveSize** The size of the hard reserve when Turn Off is called.
+- **HardReserveUsedSpace** The amount of space used by the hard reserve when Turn Off is called
+- **ScratchReserveSize** The size of the scratch reserve when Turn Off is called.
+- **ScratchReserveUsedSpace** The amount of space used by the scratch reserve when Turn Off is called.
+- **SoftReserveSize** The size of the soft reserve when Turn Off is called.
+- **SoftReserveUsedSpace** The amount of the soft reserve used when Turn Off is called.
+
+
+### Microsoft.Windows.UpdateReserveManager.UpdatePendingHardReserveAdjustment
+
+This event is sent when the Update Reserve Manager needs to adjust the size of the hard reserve after the option content is installed. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **ChangeSize** The change in the hard reserve size based on the addition or removal of optional content.
+- **Disposition** The parameter for the hard reserve adjustment function.
+- **Flags** The flags passed to the hard reserve adjustment function.
+- **PendingHardReserveAdjustment** The final change to the hard reserve size.
+- **UpdateType** Indicates whether the change is an increase or decrease in the size of the hard reserve.
\ No newline at end of file
diff --git a/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md b/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md
index fdaf967827..545eadd50c 100644
--- a/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md
+++ b/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md
@@ -1,5 +1,5 @@
---
-description: Learn what required Windows diagnostic data is gathered.
+description: Use this article to learn more about what required Windows diagnostic data is gathered.
title: Windows 10, version 21H1, Windows 10, version 20H2 and Windows 10, version 2004 required diagnostic events and fields (Windows 10)
keywords: privacy, telemetry
ms.prod: w10
@@ -13,11 +13,11 @@ manager: dansimp
ms.collection: M365-security-compliance
ms.topic: article
audience: ITPro
-ms.date: 04/28/2021
+ms.date: 09/08/2021
---
-# Windows 10, version 21H1, Windows 10, version 20H2 and Windows 10, version 2004 required Windows diagnostic events and fields
+# Windows 10, version 20H2 and Windows 10, version 2004 required Windows diagnostic events and fields
> [!IMPORTANT]
@@ -30,7 +30,6 @@ ms.date: 04/28/2021
- Windows 10, version 20H2
- Windows 10, version 2004
-
Required diagnostic data gathers a limited set of information that is critical for understanding the device and its configuration including: basic device information, quality-related information, app compatibility, and Microsoft Store.
Required diagnostic data helps to identify problems that can occur on a particular device hardware or software configuration. For example, it can help determine if crashes are more frequent on devices with a specific amount of memory or that are running a particular driver version. This helps Microsoft fix operating system or app problems.
@@ -39,6 +38,7 @@ Use this article to learn about diagnostic events, grouped by event area, and th
You can learn more about Windows functional and diagnostic data through these articles:
+- [Required Windows 11 diagnostic events and fields](required-windows-11-diagnostic-events-and-fields.md)
- [Windows 10, version 1903 and Windows 10, version 1909 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1903.md)
- [Windows 10, version 1809 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md)
- [Windows 10, version 1803 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1803.md)
@@ -49,7 +49,6 @@ You can learn more about Windows functional and diagnostic data through these ar
-
## Appraiser events
### Microsoft.Windows.Appraiser.General.ChecksumTotalPictureCount
@@ -250,6 +249,18 @@ The following fields are available:
- **DecisionMediaCenter_RS5** The total number of objects of this type present on this device.
- **DecisionMediaCenter_TH1** The total number of objects of this type present on this device.
- **DecisionMediaCenter_TH2** The total number of objects of this type present on this device.
+- **DecisionSModeState_19H1** The total number of objects of this type present on this device.
+- **DecisionSModeState_20H1** The total number of objects of this type present on this device.
+- **DecisionSModeState_20H1Setup** The total number of objects of this type present on this device.
+- **DecisionSModeState_21H1** The total number of objects of this type present on this device.
+- **DecisionSModeState_21H1Setup** The total number of objects of this type present on this device.
+- **DecisionSModeState_RS1** The total number of objects of this type present on this device.
+- **DecisionSModeState_RS2** The total number of objects of this type present on this device.
+- **DecisionSModeState_RS3** The total number of objects of this type present on this device.
+- **DecisionSModeState_RS4** The total number of objects of this type present on this device.
+- **DecisionSModeState_RS5** The total number of objects of this type present on this device.
+- **DecisionSModeState_TH1** The total number of objects of this type present on this device.
+- **DecisionSModeState_TH2** The total number of objects of this type present on this device.
- **DecisionSystemBios_19H1** The total number of objects of this type present on this device.
- **DecisionSystemBios_19H1Setup** The total number of objects of this type present on this device.
- **DecisionSystemBios_20H1** The total number of objects of this type present on this device.
@@ -265,6 +276,66 @@ The following fields are available:
- **DecisionSystemBios_RS5Setup** The total number of objects of this type present on this device.
- **DecisionSystemBios_TH1** The total number of objects of this type present on this device.
- **DecisionSystemBios_TH2** The total number of objects of this type present on this device.
+- **DecisionSystemDiskSize_19H1** The total number of objects of this type present on this device.
+- **DecisionSystemDiskSize_20H1** The total number of objects of this type present on this device.
+- **DecisionSystemDiskSize_20H1Setup** The total number of objects of this type present on this device.
+- **DecisionSystemDiskSize_21H1** The total number of objects of this type present on this device.
+- **DecisionSystemDiskSize_21H1Setup** The total number of objects of this type present on this device.
+- **DecisionSystemDiskSize_RS1** The total number of objects of this type present on this device.
+- **DecisionSystemDiskSize_RS2** The total number of objects of this type present on this device.
+- **DecisionSystemDiskSize_RS3** The total number of objects of this type present on this device.
+- **DecisionSystemDiskSize_RS4** The total number of objects of this type present on this device.
+- **DecisionSystemDiskSize_RS5** The total number of objects of this type present on this device.
+- **DecisionSystemDiskSize_TH1** The total number of objects of this type present on this device.
+- **DecisionSystemDiskSize_TH2** The total number of objects of this type present on this device.
+- **DecisionSystemMemory_19H1** The total number of objects of this type present on this device.
+- **DecisionSystemMemory_20H1** The total number of objects of this type present on this device.
+- **DecisionSystemMemory_20H1Setup** The total number of objects of this type present on this device.
+- **DecisionSystemMemory_21H1** The total number of objects of this type present on this device.
+- **DecisionSystemMemory_21H1Setup** The total number of objects of this type present on this device.
+- **DecisionSystemMemory_RS1** The total number of objects of this type present on this device.
+- **DecisionSystemMemory_RS2** The total number of objects of this type present on this device.
+- **DecisionSystemMemory_RS3** The total number of objects of this type present on this device.
+- **DecisionSystemMemory_RS4** The total number of objects of this type present on this device.
+- **DecisionSystemMemory_RS5** The total number of objects of this type present on this device.
+- **DecisionSystemMemory_TH1** The total number of objects of this type present on this device.
+- **DecisionSystemMemory_TH2** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuCores_19H1** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuCores_20H1** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuCores_20H1Setup** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuCores_21H1** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuCores_21H1Setup** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuCores_RS1** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuCores_RS2** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuCores_RS3** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuCores_RS4** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuCores_RS5** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuCores_TH1** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuCores_TH2** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuModel_19H1** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuModel_20H1** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuModel_20H1Setup** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuModel_21H1** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuModel_21H1Setup** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuModel_RS1** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuModel_RS2** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuModel_RS3** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuModel_RS4** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuModel_RS5** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuModel_TH1** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuModel_TH2** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuSpeed_19H1** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuSpeed_20H1** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuSpeed_20H1Setup** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuSpeed_21H1** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuSpeed_21H1Setup** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuSpeed_RS1** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuSpeed_RS2** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuSpeed_RS3** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuSpeed_RS4** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuSpeed_RS5** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuSpeed_TH1** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuSpeed_TH2** The total number of objects of this type present on this device.
- **DecisionTest_19H1** The total number of objects of this type present on this device.
- **DecisionTest_20H1** The total number of objects of this type present on this device.
- **DecisionTest_20H1Setup** The total number of objects of this type present on this device.
@@ -277,6 +348,30 @@ The following fields are available:
- **DecisionTest_RS5** The total number of objects of this type present on this device.
- **DecisionTest_TH1** The total number of objects of this type present on this device.
- **DecisionTest_TH2** The total number of objects of this type present on this device.
+- **DecisionTpmVersion_19H1** The total number of objects of this type present on this device.
+- **DecisionTpmVersion_20H1** The total number of objects of this type present on this device.
+- **DecisionTpmVersion_20H1Setup** The total number of objects of this type present on this device.
+- **DecisionTpmVersion_21H1** The total number of objects of this type present on this device.
+- **DecisionTpmVersion_21H1Setup** The total number of objects of this type present on this device.
+- **DecisionTpmVersion_RS1** The total number of objects of this type present on this device.
+- **DecisionTpmVersion_RS2** The total number of objects of this type present on this device.
+- **DecisionTpmVersion_RS3** The total number of objects of this type present on this device.
+- **DecisionTpmVersion_RS4** The total number of objects of this type present on this device.
+- **DecisionTpmVersion_RS5** The total number of objects of this type present on this device.
+- **DecisionTpmVersion_TH1** The total number of objects of this type present on this device.
+- **DecisionTpmVersion_TH2** The total number of objects of this type present on this device.
+- **DecisionUefiSecureBoot_19H1** The total number of objects of this type present on this device.
+- **DecisionUefiSecureBoot_20H1** The total number of objects of this type present on this device.
+- **DecisionUefiSecureBoot_20H1Setup** The total number of objects of this type present on this device.
+- **DecisionUefiSecureBoot_21H1** The total number of objects of this type present on this device.
+- **DecisionUefiSecureBoot_21H1Setup** The total number of objects of this type present on this device.
+- **DecisionUefiSecureBoot_RS1** The total number of objects of this type present on this device.
+- **DecisionUefiSecureBoot_RS2** The total number of objects of this type present on this device.
+- **DecisionUefiSecureBoot_RS3** The total number of objects of this type present on this device.
+- **DecisionUefiSecureBoot_RS4** The total number of objects of this type present on this device.
+- **DecisionUefiSecureBoot_RS5** The total number of objects of this type present on this device.
+- **DecisionUefiSecureBoot_TH1** The total number of objects of this type present on this device.
+- **DecisionUefiSecureBoot_TH2** The total number of objects of this type present on this device.
- **InventoryApplicationFile** The total number of objects of this type present on this device.
- **InventoryLanguagePack** The total number of objects of this type present on this device.
- **InventoryMediaCenter** The total number of objects of this type present on this device.
@@ -962,6 +1057,8 @@ The following fields are available:
- **CpuModel** Cpu model.
- **CpuStepping** Cpu stepping.
- **CpuVendor** Cpu vendor.
+- **PlatformId** CPU platform identifier.
+- **SysReqOverride** Appraiser decision about system requirements override.
### Microsoft.Windows.Appraiser.General.DecisionSystemProcessorCpuModelStartSync
@@ -1009,6 +1106,7 @@ The following fields are available:
- **AppraiserVersion** The version of the appraiser file generating the events.
- **Blocking** Appraiser upgradeability decision based on the device's TPM support.
+- **SysReqOverride** Appraiser decision about system requirements override.
- **TpmVersionInfo** The version of Trusted Platform Module (TPM) technology in the device.
@@ -1830,6 +1928,7 @@ This event sends data about the mobile and cellular network used by the device (
The following fields are available:
+- **CellularModemHWInstanceId0** HardwareInstanceId of the embedded Mobile broadband modem, as reported and used by PnP system to identify the WWAN modem device in Windows system. Empty string (null string) indicates that this property is unknown for telemetry.
- **IMEI0** Represents the International Mobile Station Equipment Identity. This number is usually unique and used by the mobile operator to distinguish different phone hardware. Microsoft does not have access to mobile operator billing data so collecting this data does not expose or identify the user. The two fields represent phone with dual sim coverage.
- **IMEI1** Represents the International Mobile Station Equipment Identity. This number is usually unique and used by the mobile operator to distinguish different phone hardware. Microsoft does not have access to mobile operator billing data so collecting this data does not expose or identify the user. The two fields represent phone with dual sim coverage.
- **MCC0** Represents the Mobile Country Code (MCC). It used with the Mobile Network Code (MNC) to uniquely identify a mobile network operator. The two fields represent phone with dual sim coverage.
@@ -1841,9 +1940,12 @@ The following fields are available:
- **MobileOperatorCommercialized** Represents which reseller and geography the phone is commercialized for. This is the set of values on the phone for who and where it was intended to be used. For example, the commercialized mobile operator code AT&T in the US would be ATT-US.
- **MobileOperatorNetwork0** Represents the operator of the current mobile network that the device is used on. (AT&T, T-Mobile, Vodafone). The two fields represent phone with dual sim coverage.
- **MobileOperatorNetwork1** Represents the operator of the current mobile network that the device is used on. (AT&T, T-Mobile, Vodafone). The two fields represent phone with dual sim coverage.
+- **ModemOptionalCapabilityBitMap0** A bit map of optional capabilities in modem, such as eSIM support.
- **NetworkAdapterGUID** The GUID of the primary network adapter.
- **SPN0** Retrieves the Service Provider Name (SPN). For example, these might be AT&T, Sprint, T-Mobile, or Verizon. The two fields represent phone with dual sim coverage.
- **SPN1** Retrieves the Service Provider Name (SPN). For example, these might be AT&T, Sprint, T-Mobile, or Verizon. The two fields represent phone with dual sim coverage.
+- **SupportedDataClassBitMap0** A bit map of the supported data classes (i.g, 5g 4g...) that the modem is capable of.
+- **SupportedDataSubClassBitMap0** A bit map of data subclasses that the modem is capable of.
### Census.OS
@@ -1949,6 +2051,7 @@ The following fields are available:
- **ProcessorManufacturer** Name of the processor manufacturer.
- **ProcessorModel** Name of the processor model.
- **ProcessorPhysicalCores** Number of physical cores in the processor.
+- **ProcessorPlatformSpecificField1** Registry value HKLM\HARDWARE\DESCRIPTION\System\CentralProcessor\0, @Platform Specific Field 1. Platform Specific Field 1 of the Processor. Each vendor (e.g. Intel) defines the meaning differently. On Intel this is used to differentiate processors of the same generation, (e.g. Kaby Lake, KBL-G, KBL-H, KBL-R).
- **ProcessorUpdateRevision** The microcode revision.
- **ProcessorUpdateStatus** Enum value that represents the processor microcode load status
- **SocketCount** Count of CPU sockets.
@@ -1968,6 +2071,7 @@ The following fields are available:
- **IsSawGuest** Indicates whether the device is running as a Secure Admin Workstation Guest.
- **IsSawHost** Indicates whether the device is running as a Secure Admin Workstation Host.
- **IsWdagFeatureEnabled** Indicates whether Windows Defender Application Guard is enabled.
+- **NGCSecurityProperties** String representation of NGC security information.
- **RequiredSecurityProperties** Describes the required security properties to enable virtualization-based security.
- **SecureBootCapable** Systems that support Secure Boot can have the feature turned off via BIOS. This field tells if the system is capable of running Secure Boot, regardless of the BIOS setting.
- **ShadowStack** The bit fields of SYSTEM_SHADOW_STACK_INFORMATION representing the state of the Intel CET (Control Enforcement Technology) hardware security feature.
@@ -2342,7 +2446,6 @@ The following fields are available:
- **objectType** Indicates the object type that the event applies to.
- **syncId** A string used to group StartSync, EndSync, Add, and Remove operations that belong together. This field is unique by Sync period and is used to disambiguate in situations where multiple agents perform overlapping inventories for the same object.
-
## Component-based servicing events
### CbsServicingProvider.CbsCapabilityEnumeration
@@ -3346,6 +3449,7 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic
The following fields are available:
+- **AndroidPackageId** A unique identifier for an Android app.
- **HiddenArp** Indicates whether a program hides itself from showing up in ARP.
- **InstallDate** The date the application was installed (a best guess based on folder creation date heuristics).
- **InstallDateArpLastModified** The date of the registry ARP key for a given application. Hints at install date but not always accurate. Passed as an array. Example: 4/11/2015 00:00:00
@@ -3592,7 +3696,7 @@ The following fields are available:
- **HWID** The version of the driver loaded for the device.
- **Inf** The bus that enumerated the device.
- **InstallDate** The date of the most recent installation of the device on the machine.
-- **InstallState** The device installation state. For a list of values, see: [Device Install State](https://msdn.microsoft.com/library/windows/hardware/ff543130.aspx)
+- **InstallState** The device installation state. For a list of values, see: [Device Install State](https://msdn.microsoft.com/library/windows/hardware/ff543130.aspx).
- **InventoryVersion** List of hardware ids for the device.
- **LowerClassFilters** Lower filter class drivers IDs installed for the device
- **LowerFilters** Lower filter drivers IDs installed for the device
@@ -3846,6 +3950,7 @@ The following fields are available:
- **ProductVersion** The version associated with the Office add-in.
- **ProgramId** The unique program identifier of the Microsoft Office add-in.
- **Provider** Name of the provider for this add-in.
+- **Usage** Data about usage for the add-in.
### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeAddInRemove
@@ -3870,6 +3975,14 @@ The following fields are available:
- **InventoryVersion** The version of the inventory binary generating the events.
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousUexIndicatorStartSync
+
+Diagnostic event to indicate a new sync is being generated for this object type. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+
+
### Microsoft.Windows.Inventory.General.InventoryMiscellaneousUUPInfoAdd
This event provides data on Unified Update Platform (UUP) products and what version they are at. The data collected with this event is used to keep Windows performing properly.
@@ -4037,9 +4150,10 @@ The following fields are available:
- **container_client_id** The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode.
- **container_localId** If the device is using Windows Defender Application Guard, this is the Software Quality Metrics (SQM) ID of the container.
- **container_session_id** The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode.
+- **device_sample_rate** A number representing how often the device sends telemetry, expressed as a percentage. Low values indicate that device sends more events and high values indicate that device sends fewer events. The value is rounded to 5 significant figures for privacy reasons and if an error is hit in getting the device sample number value from the registry then this will be -1; and if client is not on a UTC-enabled platform, then this value will not be set.
- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied.
- **EventInfo.Level** The minimum Windows diagnostic data level required for the event, where 1 is basic, 2 is enhanced, and 3 is full.
-- **experimentation_mode** A number representing the value set for the ExperimentationAndConfigurationServiceControl group policy. See [experimentationandconfigurationservicecontrol](/DeployEdge/microsoft-edge-policies#experimentationandconfigurationservicecontrol) for more details on this policy.
+- **experimentation_mode** A number representing the value set for the ExperimentationAndConfigurationServiceControl group policy. See [Microsoft Edge - Policies](/DeployEdge/microsoft-edge-policies#experimentationandconfigurationservicecontrol) for more details on this policy.
- **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour.
- **installSource** An enumeration representing the source of this installation: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13).
- **installSourceName** A string representation of the installation source.
@@ -4062,6 +4176,7 @@ The following fields are available:
- **app_sample_rate** A number representing how often the client sends telemetry, expressed as a percentage. Low values indicate that said client sends more events and high values indicate that said client sends fewer events.
- **app_version** The internal Edge build version string, taken from the UMA metrics field system_profile.app_version.
- **appConsentState** Bit flags describing consent for data collection on the machine or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000).
+- **AppSessionGuid** An identifier of a particular application session starting at process creation time and persisting until process end.
- **brandCode** Contains the 4 character brand code or distribution tag that has been assigned to a partner. Not every Windows install will have a brand code.
- **Channel** An integer indicating the channel of the installation (Canary or Dev).
- **client_id** A unique identifier with which all other diagnostic client data is associated, taken from the UMA metrics provider. This ID is effectively unique per device, per OS user profile, per release channel (e.g. Canary/Dev/Beta/Stable). client_id is not durable, based on user preferences. client_id is initialized on the first application launch under each OS user profile. client_id is linkable, but not unique across devices or OS user profiles. client_id is reset whenever UMA data collection is disabled, or when the application is uninstalled.
@@ -4069,9 +4184,10 @@ The following fields are available:
- **container_client_id** The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode.
- **container_localId** If the device is using Windows Defender Application Guard, this is the Software Quality Metrics (SQM) ID of the container.
- **container_session_id** The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode.
+- **device_sample_rate** A number representing how often the device sends telemetry, expressed as a percentage. Low values indicate that device sends more events and high values indicate that device sends fewer events. The value is rounded to 5 significant figures for privacy reasons and if an error is hit in getting the device sample number value from the registry then this will be -1; and if client is not on a UTC-enabled platform, then this value will not be set.
- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied.
- **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full.
-- **experimentation_mode** A number representing the value set for the ExperimentationAndConfigurationServiceControl group policy. See [experimentationandconfigurationservicecontrol](/DeployEdge/microsoft-edge-policies#experimentationandconfigurationservicecontrol) for more details on this policy.
+- **experimentation_mode** A number representing the value set for the ExperimentationAndConfigurationServiceControl group policy. See [Microsoft Edge - Policies](/DeployEdge/microsoft-edge-policies#experimentationandconfigurationservicecontrol) for more details on this policy.
- **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour.
- **installSource** An enumeration representing the source of this installation: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13).
- **installSourceName** A string representation of the installation source.
@@ -4102,9 +4218,10 @@ The following fields are available:
- **container_client_id** The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode.
- **container_localId** If the device is using Windows Defender Application Guard, this is the Software Quality Metrics (SQM) ID of the container.
- **container_session_id** The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode.
+- **device_sample_rate** A number representing how often the device sends telemetry, expressed as a percentage. Low values indicate that device sends more events and high values indicate that device sends fewer events. The value is rounded to 5 significant figures for privacy reasons and if an error is hit in getting the device sample number value from the registry then this will be -1; and if client is not on a UTC-enabled platform, then this value will not be set.
- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied.
- **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full.
-- **experimentation_mode** A number representing the value set for the ExperimentationAndConfigurationServiceControl group policy. See (experimentationandconfigurationservicecontrol)[/DeployEdge/microsoft-edge-policies#experimentationandconfigurationservicecontrol] for more details on this policy.
+- **experimentation_mode** A number representing the value set for the ExperimentationAndConfigurationServiceControl group policy. See [Microsoft Edge - Policies](/DeployEdge/microsoft-edge-policies#experimentationandconfigurationservicecontrol) for more details on this policy.
- **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour.
- **installSource** An enumeration representing the source of this installation: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13).
- **installSourceName** A string representation of the installation source.
@@ -4135,9 +4252,10 @@ The following fields are available:
- **container_client_id** The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode.
- **container_localId** If the device is using Windows Defender Application Guard, this is the Software Quality Metrics (SQM) ID of the container.
- **container_session_id** The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode.
+- **device_sample_rate** A number representing how often the device sends telemetry, expressed as a percentage. Low values indicate that device sends more events and high values indicate that device sends fewer events. The value is rounded to 5 significant figures for privacy reasons and if an error is hit in getting the device sample number value from the registry then this will be -1; and if client is not on a UTC-enabled platform, then this value will not be set.
- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied.
- **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full.
-- **experimentation_mode** A number representing the value set for the ExperimentationAndConfigurationServiceControl group policy. See [#experimentationandconfigurationservicecontrol](/DeployEdge/microsoft-edge-policies#experimentationandconfigurationservicecontrol) for more details on this policy.
+- **experimentation_mode** A number representing the value set for the ExperimentationAndConfigurationServiceControl group policy. See [Microsoft Edge - Policies](/DeployEdge/microsoft-edge-policies#experimentationandconfigurationservicecontrol) for more details on this policy.
- **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour.
- **installSource** An enumeration representing the source of this installation: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13).
- **installSourceName** A string representation of the installation source.
@@ -4167,10 +4285,13 @@ The following fields are available:
- **appConsentState** Bit flags describing the diagnostic data disclosure and response flow where 1 indicates the affirmative and 0 indicates the negative or unspecified data. Bit 1 indicates consent was given, bit 2 indicates data originated from the download page, bit 18 indicates choice for sending data about how the browser is used, and bit 19 indicates choice for sending data about websites visited.
- **appDayOfInstall** The date-based counting equivalent of appInstallTimeDiffSec (the numeric calendar day that the app was installed on). This value is provided by the server in the response to the first request in the installation flow. The client MAY fuzz this value to the week granularity (e.g. send '0' for 0 through 6, '7' for 7 through 13, etc.). The first communication to the server should use a special value of '-1'. A value of '-2' indicates that this value is not known. Please see the wiki for additional information. Default: '-2'.
- **appExperiments** A key/value list of experiment identifiers. Experiment labels are used to track membership in different experimental groups, and may be set at install or update time. The experiments string is formatted as a semicolon-delimited concatenation of experiment label strings. An experiment label string is an experiment Name, followed by the '=' character, followed by an experimental label value. For example: 'crdiff=got_bsdiff;optimized=O3'. The client should not transmit the expiration date of any experiments it has, even if the server previously specified a specific expiration date. Default: ''.
+- **appInstallTime** The product install time in seconds. '0' if unknown. Default: '-1'.
- **appInstallTimeDiffSec** The difference between the current time and the install date in seconds. '0' if unknown. Default: '-1'.
- **appLang** The language of the product install, in IETF BCP 47 representation. Default: ''.
+- **appLastLaunchTime** The time when browser was last launched.
- **appNextVersion** The version of the app that the update flow to which this event belongs attempted to reach, regardless of the success or failure of the update operation. Please see the wiki for additional information. Default: '0.0.0.0'.
- **appPingEventAppSize** The total number of bytes of all downloaded packages. Default: '0'.
+- **appPingEventDoneBeforeOOBEComplete** Indicates whether the install or update was completed before Windows Out of the Box Experience ends. 1 means event completed before OOBE finishes; 0 means event was not completed before OOBE finishes; -1 means the field does not apply.
- **appPingEventDownloadMetricsCdnCCC** ISO 2 character country code that matches to the country updated binaries are delivered from. E.g.: US.
- **appPingEventDownloadMetricsCdnCID** Numeric value used to internally track the origins of the updated binaries. For example, 2.
- **appPingEventDownloadMetricsDownloadedBytes** For events representing a download, the number of bytes expected to be downloaded. For events representing an entire update flow, the sum of all such expected bytes over the course of the update flow. Default: '0'.
@@ -4187,9 +4308,11 @@ The following fields are available:
- **appPingEventExtraCode1** Additional numeric information about the operation's result, encoded as a signed, base-10 integer. Default: '0'.
- **appPingEventInstallTimeMs** For events representing an install, the time elapsed between the start of the install and the end of the install, in milliseconds. For events representing an entire update flow, the sum of all such durations. Sent in events that have an event type of '2' and '3' only. Default: '0'.
- **appPingEventNumBytesDownloaded** The number of bytes downloaded for the specified application. Default: '0'.
+- **appPingEventPackageCacheResult** Whether there is an existing package cached in the system to update or install. 1 means that there's a cache hit under the expected key, 2 means there's a cache hit under a different key, 0 means that there's a cache miss. -1 means the field does not apply.
- **appPingEventSequenceId** An id that uniquely identifies particular events within one requestId. Since a request can contain multiple ping events, this field is necessary to uniquely identify each possible event.
- **appPingEventSourceUrlIndex** For events representing a download, the position of the download URL in the list of URLs supplied by the server in a "urls" tag.
- **appPingEventUpdateCheckTimeMs** For events representing an entire update flow, the time elapsed between the start of the update check and the end of the update check, in milliseconds. Sent in events that have an event type of '2' and '3' only. Default: '0'.
+- **appReferralHash** The hash of the referral code used to install the product. '0' if unknown. Default: '0'.
- **appUpdateCheckIsUpdateDisabled** The state of whether app updates are restricted by group policy. True if updates have been restricted by group policy or false if they have not.
- **appUpdateCheckTargetVersionPrefix** A component-wise prefix of a version number, or a complete version number suffixed with the $ character. The server should not return an update instruction to a version number that does not match the prefix or complete version number. The prefix is interpreted a dotted-tuple that specifies the exactly-matching elements; it is not a lexical prefix (for example, '1.2.3' must match '1.2.3.4' but must not match '1.2.34'). Default: ''.
- **appUpdateCheckTtToken** An opaque access token that can be used to identify the requesting client as a member of a trusted-tester group. If non-empty, the request should be sent over SSL or another secure protocol. Default: ''.
@@ -4249,9 +4372,10 @@ The following fields are available:
- **ConnectionType** The first reported type of network connection currently connected. This can be one of Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth.
- **container_client_id** The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode.
- **container_session_id** The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode.
+- **device_sample_rate** A number representing how often the device sends telemetry, expressed as a percentage. Low values indicate that device sends more events and high values indicate that device sends fewer events. The value is rounded to 5 significant figures for privacy reasons and if an error is hit in getting the device sample number value from the registry then this will be -1; and if client is not on a UTC-enabled platform, then this value will not be set.
- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied.
- **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full.
-- **experimentation_mode** A number representing the value set for the ExperimentationAndConfigurationServiceControl group policy. See [experimentationandconfigurationservicecontrol](/DeployEdge/microsoft-edge-policies#experimentationandconfigurationservicecontrol) for more details on this policy.
+- **experimentation_mode** A number representing the value set for the ExperimentationAndConfigurationServiceControl group policy. See [Microsoft Edge - Policies](/DeployEdge/microsoft-edge-policies#experimentationandconfigurationservicecontrol) for more details on this policy.
- **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour.
- **installSource** An enumeration representing the source of this installation: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13).
- **installSourceName** A string representation of the installation source.
@@ -4495,6 +4619,196 @@ The following fields are available:
- **totalRuns** Total number of running/evaluation from last time.
+## Other events
+
+### Microsoft.Surface.Battery.Prod.BatteryInfoEvent
+
+This event includes the hardware level data about battery performance. The data collected with this event is used to help keep Windows products and services performing properly.
+
+The following fields are available:
+
+- **batteryData** Battery Performance data.
+- **batteryData.data()** Battery performance data.
+- **BatteryDataSize:** Size of the battery performance data.
+- **batteryInfo.data()** Battery performance data.
+- **BatteryInfoSize:** Size of the battery performance data.
+- **pszBatteryDataXml** Battery performance data.
+- **szBatteryInfo** Battery performance data.
+
+
+### Microsoft.Surface.Battery.Prod.BatteryInfoEventV2_BPM
+
+This event includes the hardware level data about battery performance. The data The data collected with this event is used to keep Windows performing properly.
+
+The following fields are available:
+
+- **BPMCurrentlyEngaged** Instantaneous snapshot if BPM is engaged on device.
+- **BPMExitCriteria** What is the BPM exit criteria - 20%SOC or 50%SOC?
+- **BPMHvtCountA** Current HVT count for BPM counter A.
+- **BPMHvtCountB** Current HVT count for BPM counter B.
+- **bpmOptOutLifetimeCount** BPM OptOut Lifetime Count.
+- **BPMRsocBucketsHighTemp_Values** Time in temperature range 46°C -60°C and in the following true RSOC ranges: 0%-49%; 50%-79%; 80%-89%; 90%-94%; 95%-100%.
+- **BPMRsocBucketsLowTemp_Values** Time in temperature range 0°C -20°C and in the following true RSOC ranges: 0%-49%; 50%-79%; 80%-89%; 90%-94%; 95%-100%.
+- **BPMRsocBucketsMediumHighTemp_Values** Time in temperature range 36°C -45°C and in the following true RSOC ranges: 0%-49%; 50%-79%; 80%-89%; 90%-94%; 95%-100%.
+- **BPMRsocBucketsMediumLowTemp_Values** Time in temperature range 21°C-35°C and in the following true RSOC ranges: 0%-49%; 50%-79%; 80%-89%; 90%-94%; 95%-100%.
+- **BPMTotalEngagedMinutes** Total time that BPM was engaged.
+- **BPMTotalEntryEvents** Total number of times entering BPM.
+- **ComponentId** Component ID.
+- **FwVersion** FW version that created this log.
+- **LogClass** Log Class.
+- **LogInstance** Log instance within class (1..n).
+- **LogVersion** Log MGR version.
+- **MCUInstance** Instance id used to identify multiple MCU's in a product.
+- **ProductId** Product ID.
+- **SeqNum** Sequence Number.
+- **TimeStamp** UTC seconds when log was created.
+- **Ver** Schema version.
+
+
+### Microsoft.Surface.Battery.Prod.BatteryInfoEventV2_GG
+
+This event includes the hardware level data about battery performance. The data The data collected with this event is used to keep Windows performing properly.
+
+The following fields are available:
+
+- **cbTimeCell_Values** cb time for different cells.
+- **ComponentId** Component ID.
+- **cycleCount** Cycle Count.
+- **deltaVoltage** Delta voltage.
+- **eocChargeVoltage_Values** EOC Charge voltage values.
+- **fullChargeCapacity** Full Charge Capacity.
+- **FwVersion** FW version that created this log.
+- **lastCovEvent** Last Cov event.
+- **lastCuvEvent** Last Cuv event.
+- **LogClass** LOG_CLASS.
+- **LogInstance** Log instance within class (1..n).
+- **LogVersion** LOG_MGR_VERSION.
+- **manufacturerName** Manufacturer name.
+- **maxChargeCurrent** Max charge current.
+- **maxDeltaCellVoltage** Max delta cell voltage.
+- **maxDischargeCurrent** Max discharge current.
+- **maxTempCell** Max temp cell.
+- **maxVoltage_Values** Max voltage values.
+- **MCUInstance** Instance id used to identify multiple MCU's in a product.
+- **minTempCell** Min temp cell.
+- **minVoltage_Values** Min voltage values.
+- **numberOfCovEvents** Number of Cov events.
+- **numberOfCuvEvents** Number of Cuv events.
+- **numberOfOCD1Events** Number of OCD1 events.
+- **numberOfOCD2Events** Number of OCD2 events.
+- **numberOfQmaxUpdates** Number of Qmax updates.
+- **numberOfRaUpdates** Number of Ra updates.
+- **numberOfShutdowns** Number of shutdowns.
+- **pfStatus_Values** pf status values.
+- **ProductId** Product ID.
+- **qmax_Values** Qmax values for different cells.
+- **SeqNum** Sequence Number.
+- **TimeStamp** UTC seconds when log was created.
+- **Ver** Schema version.
+
+
+### Microsoft.Surface.Battery.Prod.BatteryInfoEventV2_GGExt
+
+This event includes the hardware level data about battery performance. The data The data collected with this event is used to keep Windows performing properly.
+
+The following fields are available:
+
+- **avgCurrLastRun** Average current last run.
+- **avgPowLastRun** Average power last run.
+- **batteryMSPN** BatteryMSPN
+- **batteryMSSN** BatteryMSSN.
+- **cell0Ra3** Cell0Ra3.
+- **cell1Ra3** Cell1Ra3.
+- **cell2Ra3** Cell2Ra3.
+- **cell3Ra3** Cell3Ra3.
+- **ComponentId** Component ID.
+- **currentAtEoc** Current at Eoc.
+- **firstPFstatusA** First PF status-A.
+- **firstPFstatusB** First PF status-B.
+- **firstPFstatusC** First PF status-C.
+- **firstPFstatusD** First PF status-D.
+- **FwVersion** FW version that created this log.
+- **lastQmaxUpdate** Last Qmax update.
+- **lastRaDisable** Last Ra disable.
+- **lastRaUpdate** Last Ra update.
+- **lastValidChargeTerm** Last valid charge term.
+- **LogClass** LOG CLASS.
+- **LogInstance** Log instance within class (1..n).
+- **LogVersion** LOG MGR VERSION.
+- **maxAvgCurrLastRun** Max average current last run.
+- **maxAvgPowLastRun** Max average power last run.
+- **MCUInstance** Instance id used to identify multiple MCU's in a product.
+- **mfgInfoBlockB01** MFG info Block B01.
+- **mfgInfoBlockB02** MFG info Block B02.
+- **mfgInfoBlockB03** MFG info Block B03.
+- **mfgInfoBlockB04** MFG info Block B04.
+- **numOfRaDisable** Number of Ra disable.
+- **numOfValidChargeTerm** Number of valid charge term.
+- **ProductId** Product ID.
+- **qmaxCycleCount** Qmax cycle count.
+- **SeqNum** Sequence Number.
+- **stateOfHealthEnergy** State of health energy.
+- **stateOfHealthFcc** State of health Fcc.
+- **stateOfHealthPercent** State of health percent.
+- **TimeStamp** UTC seconds when log was created.
+- **totalFwRuntime** Total FW runtime.
+- **updateStatus** Update status.
+- **Ver** Schema version.
+
+
+### Microsoft.Surface.SystemReset.Prod.ResetCauseEventV2
+
+This event sends reason for SAM, PCH and SoC reset. The data collected with this event is used to keep Windows performing properly.
+
+The following fields are available:
+
+- **HostResetCause** Host reset cause.
+- **PchResetCause** PCH reset cause.
+- **SamResetCause** SAM reset cause.
+
+
+### Microsoft.Windows.UpdateAssistantApp.UpdateAssistantDeviceInformation
+
+This event provides basic information about the device where update assistant was run. The data collected with this event is used to help keep Windows up to date.
+
+The following fields are available:
+
+- **CV** The correlation vector.
+- **GlobalEventCounter** The global event counter for all telemetry on the device.
+- **UpdateAssistantAppFilePath** Path to Update Assistant app.
+- **UpdateAssistantDeviceId** Device Id of the Update Assistant Candidate Device.
+- **UpdateAssistantExeName** Exe name running as Update Assistant.
+- **UpdateAssistantExternalId** External Id of the Update Assistant Candidate Device.
+- **UpdateAssistantIsDeviceCloverTrail** True/False is the device clovertrail.
+- **UpdateAssistantIsPushing** True if the update is pushing to the device.
+- **UpdateAssistantMachineId** Machine Id of the Update Assistant Candidate Device.
+- **UpdateAssistantOsVersion** Update Assistant OS Version.
+- **UpdateAssistantPartnerId** Partner Id for Assistant application.
+- **UpdateAssistantReportPath** Path to report for Update Assistant.
+- **UpdateAssistantStartTime** Start time for UpdateAssistant.
+- **UpdateAssistantUiType** The type of UI whether default or OOBE.
+- **UpdateAssistantVersion** Current package version of UpdateAssistant.
+- **UpdateAssistantVersionInfo** Information about Update Assistant application.
+
+
+### Microsoft.Windows.UpdateAssistantApp.UpdateAssistantStartState
+
+This event marks the start of an Update Assistant State. The data collected with this event is used to help keep Windows up to date.
+
+The following fields are available:
+
+- **CV** The correlation vector.
+- **GlobalEventCounter** The global event counter for all telemetry on the device.
+- **UpdateAssistantStateAcceptEULA** True at the start of AcceptEULA.
+- **UpdateAssistantStateCheckingCompat** True at the start of Checking Compat
+- **UpdateAssistantStateCheckingUpgrade** True at the start of CheckingUpgrade.
+- **UpdateAssistantStateDownloading** True at the start Downloading.
+- **UpdateAssistantStateInitializingApplication** True at the start of the state InitializingApplication.
+- **UpdateAssistantStateInitializingStates** True at the start of InitializingStates.
+- **UpdateAssistantStateInstalling** True at the start of Installing.
+- **UpdateAssistantVersion** Current package version of UpdateAssistant.
+
+
## Privacy consent logging events
### Microsoft.Windows.Shell.PrivacyConsentLogging.PrivacyConsentCompleted
@@ -4549,6 +4863,29 @@ The following fields are available:
- **Status** It indicates details about the status for getting the disk device object during boot.
+### Microsoft.Windows.Setup.WinSetupBoot.Success
+
+This event sends data indicating that the device has invoked the WinSetupBoot successfully. The data collected with this event is used to help keep Windows up to date.
+
+The following fields are available:
+
+- **Action** It indicates phase/stage of operation. As success event fires on exiting the operation, this value must be 'Exiting'.
+- **Duration(ms)** Duration of filter setup instance operation in milliseconds.
+- **Rollback** It is blank as this event triggers in success scenario only.
+
+
+### Microsoft.Windows.Setup.WinSetupBoot.Warning
+
+This event is used to indicate whether there were any warnings when we were trying to skip a reboot during feature upgrade. The data collected with this event helps keep Windows product and service up to date.
+
+The following fields are available:
+
+- **Action** Action indicates what operation was being performed by the filter driver (Ex: Waiting, Exiting).
+- **Detail** Add detail to the operation listed above (Ex: Blocked thread timed out).
+- **Rollback** Indicates whether a rollback was triggered (0 or 1).
+- **Status** Indicates the status code for the operation (Ex: 0, 258 etc.).
+
+
### SetupPlatformTel.SetupPlatformTelActivityEvent
This event sends basic metadata about the SetupPlatform update installation process, to help keep Windows up to date.
@@ -4617,12 +4954,14 @@ The following fields are available:
- **CurrentMobileOperator** The mobile operator the device is currently connected to.
- **DeferralPolicySources** Sources for any update deferral policies defined (GPO = 0x10, MDM = 0x100, Flight = 0x1000, UX = 0x10000).
- **DeferredUpdates** Update IDs which are currently being deferred until a later time
-- **DeviceModel** The device model.
+- **DeviceModel** What is the device model.
- **DriverError** The error code hit during a driver scan. This is 0 if no error was encountered.
- **DriverExclusionPolicy** Indicates if the policy for not including drivers with Windows Update is enabled.
- **DriverSyncPassPerformed** Were drivers scanned this time?
- **EventInstanceID** A globally unique identifier for event instance.
- **EventScenario** Indicates the purpose of sending this event - whether because the software distribution just started checking for content, or whether it was cancelled, succeeded, or failed.
+- **ExcludedUpdateClasses** Update classifications being excluded via policy.
+- **ExcludedUpdates** UpdateIds which are currently being excluded via policy.
- **ExtendedMetadataCabUrl** Hostname that is used to download an update.
- **ExtendedStatusCode** Secondary error code for certain scenarios where StatusCode wasn't specific enough.
- **FailedUpdateGuids** The GUIDs for the updates that failed to be evaluated during the scan.
@@ -4671,6 +5010,7 @@ The following fields are available:
- **SystemBIOSMajorRelease** Major version of the BIOS.
- **SystemBIOSMinorRelease** Minor version of the BIOS.
- **TargetMetadataVersion** For self-initiated healing, this is the target version of the SIH engine to download (if needed). If not, the value is null.
+- **TargetProductVersion** Indicates the Product version selected to move to or stay on.
- **TargetReleaseVersion** The value selected for the target release version policy.
- **TotalNumMetadataSignatures** The total number of metadata signatures checks done for new metadata that was synced down.
- **WebServiceRetryMethods** Web service method requests that needed to be retried to complete operation.
@@ -4709,37 +5049,57 @@ The following fields are available:
- **ActiveDownloadTime** Number of seconds the update was actively being downloaded.
- **AppXBlockHashFailures** Indicates the number of blocks that failed hash validation during download.
+- **AppXBlockHashValidationFailureCount** A count of the number of blocks that have failed validation after being downloaded.
+- **AppXDownloadScope** Indicates the scope of the download for application content.
- **AppXScope** Indicates the scope of the app download.
+- **BiosFamily** The family of the BIOS (Basic Input Output System).
+- **BiosName** The name of the device BIOS.
+- **BiosReleaseDate** The release date of the device BIOS.
+- **BiosSKUNumber** The sku number of the device BIOS.
+- **BIOSVendor** The vendor of the BIOS.
+- **BiosVersion** The version of the BIOS.
- **BundleBytesDownloaded** Number of bytes downloaded for the specific content bundle.
- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found.
- **BundleRepeatFailCount** Indicates whether this particular update bundle previously failed.
+- **BundleRepeatFailFlag** Indicates whether this particular update bundle previously failed to download.
- **BundleRevisionNumber** Identifies the revision number of the content bundle.
- **BytesDownloaded** Number of bytes that were downloaded for an individual piece of content (not the entire bundle).
- **CallerApplicationName** The name provided by the caller who initiated API calls into the software distribution client.
+- **CbsDownloadMethod** Indicates whether the download was a full- or a partial-file download.
- **CbsMethod** The method used for downloading the update content related to the Component Based Servicing (CBS) technology.
- **CDNCountryCode** Two letter country abbreviation for the Content Distribution Network (CDN) location.
- **CDNId** ID which defines which CDN the software distribution client downloaded the content from.
- **ClientVersion** The version number of the software distribution client.
- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior.
- **ConnectTime** Indicates the cumulative amount of time (in seconds) it took to establish the connection for all updates in an update bundle.
+- **CurrentMobileOperator** The mobile operator the device is currently connected to.
+- **DeviceModel** The model of the device.
- **DownloadPriority** Indicates whether a download happened at background, normal, or foreground priority.
- **DownloadProps** Information about the download operation properties in the form of a bitmask.
+- **DownloadScenarioId** A unique ID for a given download, used to tie together Windows Update and Delivery Optimizer events.
- **EventInstanceID** A globally unique identifier for event instance.
- **EventScenario** Indicates the purpose of sending this event - whether because the software distribution just started downloading content, or whether it was cancelled, succeeded, or failed.
- **EventType** Possible values are Child, Bundle, or Driver.
- **ExtendedStatusCode** Secondary error code for certain scenarios where StatusCode wasn't specific enough.
- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device.
+- **FlightBranch** The branch that a device is on if participating in flighting (pre-release builds).
- **FlightBuildNumber** If this download was for a flight (pre-release build), this indicates the build number of that flight.
- **FlightId** The specific ID of the flight (pre-release build) the device is getting.
+- **FlightRing** The ring (speed of getting builds) that a device is on if participating in flighting (pre-release builds).
+- **HandlerType** Indicates what kind of content is being downloaded (app, driver, windows patch, etc.).
- **HardwareId** If this download was for a driver targeted to a particular device model, this ID indicates the model of the device.
+- **HomeMobileOperator** The mobile operator that the device was originally intended to work with.
- **HostName** The hostname URL the content is downloading from.
- **IPVersion** Indicates whether the download took place over IPv4 or IPv6.
+- **IsDependentSet** Indicates whether a driver is a part of a larger System Hardware/Firmware Update
- **IsWUfBDualScanEnabled** Indicates if Windows Update for Business dual scan is enabled on the device.
- **IsWUfBEnabled** Indicates if Windows Update for Business is enabled on the device.
- **IsWUfBTargetVersionEnabled** Flag that indicates if the WU-for-Business target version policy is enabled on the device.
- **NetworkCost** A flag indicating the cost of the network (congested, fixed, variable, over data limit, roaming, etc.) used for downloading the update content.
+- **NetworkCostBitMask** Indicates what kind of network the device is connected to (roaming, metered, over data cap, etc.)
- **NetworkRestrictionStatus** More general version of NetworkCostBitMask, specifying whether Windows considered the current network to be "metered."
- **PackageFullName** The package name of the content.
+- **PhonePreviewEnabled** Indicates whether a phone was opted-in to getting preview builds, prior to flighting (pre-release builds) being introduced.
- **PostDnldTime** Time taken (in seconds) to signal download completion after the last job has completed downloading payload.
- **ProcessName** The process name of the caller who initiated API calls, in the event where CallerApplicationName was not provided.
- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device.
@@ -4747,14 +5107,24 @@ The following fields are available:
- **RegulationResult** The result code (HResult) of the last attempt to contact the regulation web service for download regulation of update content.
- **RelatedCV** The previous Correlation Vector that was used before swapping with a new one.
- **RepeatFailCount** Indicates whether this specific content has previously failed.
+- **RepeatFailFlag** Indicates whether this specific content previously failed to download.
- **RevisionNumber** The revision number of the specified piece of content.
- **ServiceGuid** A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc).
+- **Setup360Phase** Identifies the active phase of the upgrade download if the current download is for an Operating System upgrade.
+- **ShippingMobileOperator** The mobile operator linked to the device when the device shipped.
- **SizeCalcTime** Time taken (in seconds) to calculate the total download size of the payload.
- **StatusCode** Indicates the result of a Download event (success, cancellation, failure code HResult).
+- **SystemBIOSMajorRelease** Major version of the BIOS.
+- **SystemBIOSMinorRelease** Minor version of the BIOS.
+- **TargetGroupId** For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver.
+- **TargetingVersion** For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device.
+- **ThrottlingServiceHResult** Result code (success/failure) while contacting a web service to determine whether this device should download content yet.
+- **TimeToEstablishConnection** Time (in milliseconds) it took to establish the connection prior to beginning downloaded.
- **TotalExpectedBytes** The total count of bytes that the download is expected to be.
- **UpdateId** An identifier associated with the specific piece of content.
- **UpdateImportance** Indicates whether a piece of content was marked as Important, Recommended, or Optional.
- **UsedDO** Whether the download used the delivery optimization service.
+- **UsedSystemVolume** Indicates whether the content was downloaded to the device's main system storage drive, or an alternate storage drive.
- **WUDeviceID** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue.
@@ -5022,6 +5392,7 @@ The following fields are available:
- **SignatureAlgorithm** The hash algorithm for the metadata signature.
- **SLSPrograms** A test program to which a device may have opted in. Example: Insider Fast
- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
+- **TimestampTokenCertThumbprint** The thumbprint of the encoded timestamp token.
- **TimestampTokenId** The time this was created. It is encoded in a timestamp blob and will be zero if the token is malformed.
- **UpdateId** The update ID for a specific piece of content.
- **ValidityWindowInDays** The validity window that's in effect when verifying the timestamp.
@@ -5029,21 +5400,6 @@ The following fields are available:
## Surface events
-### Microsoft.Surface.Battery.Prod.BatteryInfoEvent
-
-This event includes the hardware level data about battery performance. The data collected with this event is used to help keep Windows products and services performing properly.
-
-The following fields are available:
-
-- **batteryData** Battery Performance data.
-- **batteryData.data()** Battery performance data.
-- **BatteryDataSize:** Size of the battery performance data.
-- **batteryInfo.data()** Battery performance data.
-- **BatteryInfoSize:** Size of the battery performance data.
-- **pszBatteryDataXml** Battery performance data.
-- **szBatteryInfo** Battery performance data.
-
-
### Microsoft.Surface.Health.Binary.Prod.McuHealthLog
This event collects information to keep track of health indicator of the built-in micro controller. For example, the number of abnormal shutdowns due to power issues during boot sequence, type of display panel attached to base, thermal indicator, throttling data in hardware etc. The data collected with this event is used to help keep Windows secure and performing properly.
@@ -5086,6 +5442,7 @@ The following fields are available:
- **CV** Correlation vector.
- **dayspendingrebootafterfu** Number of days that have elapsed since the device reached ready to reboot for a Feature Update that is still actively pending reboot.
+- **ExecutionRequestId** Identifier of the Execution Request that launched the QualityUpdateAssistant process.
- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this device.
- **KBNumber** KBNumber of the update being installed.
- **PackageVersion** Current package version of quality update assistant.
@@ -5101,6 +5458,7 @@ The following fields are available:
- **activeProcesses** Number of active processes.
- **atleastOneMitigationSucceeded** Bool flag indicating if at least one mitigation succeeded.
+- **callerId** Identifier (GUID) of the caller requesting a system initiated troubleshooter.
- **contactTSServiceAttempts** Number of attempts made by TroubleshootingSvc in a single Scanner session to get Troubleshooter metadata from the Troubleshooting cloud service.
- **countDownloadedPayload** Count instances of payload downloaded.
- **description** Description of failure.
@@ -5142,6 +5500,7 @@ This event is raised when a targeted mitigation is rejected by the device based
The following fields are available:
+- **callerId** It is a GUID to identify the component that is calling into Mitigation Client APIs. It can be: Task Scheduler, Settings App, or GetHelp App.
- **description** String describing why a mitigation was rejected.
- **mitigationId** GUID identifier for a mitigation.
- **mitigationVersion** Version of the mitigation.
@@ -5156,11 +5515,14 @@ This event is raised after an executable delivered by Mitigation Service has suc
The following fields are available:
- **activeProcesses** Number of active processes.
+- **callerId** Identifier (GUID) of the caller requesting a system initiated troubleshooter.
- **contactTSServiceAttempts** Number of attempts made by TroubleshootingSvc in a single Scanner session to get Troubleshooter metadata from the Troubleshooting cloud service.
- **devicePreference** Recommended troubleshooting setting on the device.
- **downloadBinaryAttempts** Number of attempts made by TroubleshootingSvc in a single Scanner session to download Troubleshooter Exe.
- **downloadCabAttempts** Number of attempts made by TroubleshootingSvc in a single Scanner session to download PrivilegedActions Cab.
- **executionPreference** Current Execution level Preference. This may not be same as devicePreference, for example, when executing Critical troubleshooters, the executionPreference is set to the Silent option.
+- **exitCode** Exit code of the execution of the mitigation.
+- **exitCodeDefinition** String describing the meaning of the exit code returned by the mitigation (i.e. ProblemNotFound).
- **experimentFeatureId** Experiment feature ID.
- **experimentFeatureState** Feature state for the experiment.
- **mitigationId** ID value of the mitigation.
@@ -5189,6 +5551,21 @@ The following fields are available:
- **PackageVersion** The package version label.
+### Microsoft.Windows.UpdateHealthTools.ExpediteDownloadStarted
+
+This event indicates that the download phase of USO has started. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **CV** A correlation vector.
+- **ExpeditePolicyId** The policy Id of the expedite request.
+- **ExpediteUpdaterOfferedUpdateId** Update Id of the LCU expected to be expedited.
+- **ExpediteUpdatesInProgress** A list of update IDs in progress.
+- **ExpediteUsoLastError** The last error returned by USO.
+- **GlobalEventCounter** Counts the number of events for this provider.
+- **PackageVersion** The package version label.
+
+
### Microsoft.Windows.UpdateHealthTools.ExpediteInstallStarted
This event indicates that the install phase of USO has started. The data collected with this event is used to help keep Windows secure and up to date.
@@ -5487,6 +5864,7 @@ The following fields are available:
- **CV** Correlation vector.
- **GlobalEventCounter** The global event counter for counting total events for the provider.
- **PackageVersion** The version for the current package.
+- **UpdateHealthToolsServiceBlockedByNoDSSJoinHr** The result code returned when checking for WUFB cloud membership.
### Microsoft.Windows.UpdateHealthTools.UpdateHealthToolsServiceIsDSSJoin
@@ -5510,29 +5888,6 @@ The following fields are available:
- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user.
- **PackageVersion** Current package version of remediation.
-### wilActivity
-
-This event provides a Windows Internal Library context used for Product and Service diagnostics. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **callContext** The function where the failure occurred.
-- **currentContextId** The ID of the current call context where the failure occurred.
-- **currentContextMessage** The message of the current call context where the failure occurred.
-- **currentContextName** The name of the current call context where the failure occurred.
-- **failureCount** The number of failures for this failure ID.
-- **failureId** The ID of the failure that occurred.
-- **failureType** The type of the failure that occurred.
-- **fileName** The file name where the failure occurred.
-- **function** The function where the failure occurred.
-- **hresult** The HResult of the overall activity.
-- **lineNumber** The line number where the failure occurred.
-- **message** The message of the failure that occurred.
-- **module** The module where the failure occurred.
-- **originatingContextId** The ID of the originating call context that resulted in the failure.
-- **originatingContextMessage** The message of the originating call context that resulted in the failure.
-- **originatingContextName** The name of the originating call context that resulted in the failure.
-- **threadId** The ID of the thread on which the activity is executing.
## Update events
@@ -6264,7 +6619,7 @@ The following fields are available:
### Microsoft.Windows.WERVertical.OSCrash
-This event sends binary data from the collected dump file whenever a bug check occurs, to help keep Windows up to date. This is the OneCore version of this event.
+This event sends binary data from the collected dump file wheneveer a bug check occurs, to help keep Windows up to date. The is the OneCore version of this event.
The following fields are available:
@@ -6995,80 +7350,6 @@ The following fields are available:
## Windows Update events
-### Microsoft.Windows.WindowsUpdate.RUXIM.ICSEvaluateInteractionCampaign
-
-This event is generated when the RUXIM Interaction Campaign Scheduler (RUXIMICS.EXE) finishes processing an interaction campaign. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-The following fields are available:
-
-- **ControlId** String identifying the control (if any) that was selected by the user during presentation.
-- **hrInteractionHandler** The error (if any) reported by the RUXIM Interaction Handler while processing the interaction campaign.
-- **hrScheduler** The error (if any) encountered by RUXIM Interaction Campaign Scheduler itself while processing the interaction campaign.
-- **InteractionCampaignID** The ID of the interaction campaign that was processed.
-- **ResultId** The result of the evaluation/presentation.
-- **WasCompleted** True if the interaction campaign is complete.
-- **WasPresented** True if the Interaction Handler displayed the interaction campaign to the user.
-
-
-### Microsoft.Windows.WindowsUpdate.RUXIM.ICSExit
-
-This event is generated when the RUXIM Interaction Campaign Scheduler (RUXIMICS) exits. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-
-
-### Microsoft.Windows.WindowsUpdate.RUXIM.ICSLaunch
-
-This event is generated when the RUXIM Interaction Campaign Scheduler (RUXIMICS.EXE) is launched. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-The following fields are available:
-
-- **CommandLine** The command line used to launch RUXIMICS.
-
-
-### Microsoft.Windows.WindowsUpdate.RUXIM.IHEvaluateAndPresent
-
-This event is generated when the RUXIM Interaction Handler finishes evaluating, and possibly presenting an interaction campaign. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-The following fields are available:
-
-- **hrLocal** The error (if any) encountered by RUXIM Interaction Handler during evaluation and presentation.
-- **hrPresentation** The error (if any) reported by RUXIM Presentation Handler during presentation.
-- **InteractionCampaignID** GUID; the user interaction campaign processed by RUXIM Interaction Handler.
-- **ResultId** The result generated by the evaluation and presentation.
-- **WasCompleted** True if the user interaction campaign is complete.
-- **WasPresented** True if the user interaction campaign is displayed to the user.
-
-
-### Microsoft.Windows.WindowsUpdate.RUXIM.IHExit
-
-This event is generated when the RUXIM Interaction Handler (RUXIMIH.EXE) exits. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-The following fields are available:
-
-- **InteractionCampaignID** GUID identifying the interaction campaign that RUXIMIH processed.
-
-
-### Microsoft.Windows.WindowsUpdate.RUXIM.IHLaunch
-
-This event is generated when the RUXIM Interaction Handler (RUXIMIH.EXE) is launched. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-The following fields are available:
-
-- **CommandLine** The command line used to launch RUXIMIH.
-- **InteractionCampaignID** GUID identifying the user interaction campaign that the Interaction Handler will process.
-
-
-### Microsoft.Windows.WindowsUpdate.RUXIM.SystemEvaluator.Evaluation
-
-This event is generated whenever the RUXIM Evaluator DLL performs an evaluation. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-The following fields are available:
-
-- **HRESULT** Error, if any, that occurred during evaluation. (Note that if errors encountered during individual checks do not affect the overall result of the evaluation, those errors will be reported in NodeEvaluationData, but this HRESULT will still be zero.)
-- **Id** GUID passed in by the caller to identify the evaluation.
-- **NodeEvaluationData** Structure showing the results of individual checks that occurred during the overall evaluation.
-- **Result** Overall result generated by the evaluation.
-
### Microsoft.Windows.Update.DataMigrationFramework.DmfMigrationStarted
This event sends data collected at the beginning of the Data Migration Framework (DMF) and parameters involved in its invocation, to help keep Windows up to date.
@@ -7625,6 +7906,21 @@ The following fields are available:
- **wuDeviceid** Unique device ID used by Windows Update.
+### Microsoft.Windows.Update.Orchestrator.UpdateRebootRequired
+
+This event sends data about whether an update required a reboot to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **flightID** The specific ID of the Windows Insider build the device is getting.
+- **interactive** Indicates whether the reboot initiation stage of the update process was entered as a result of user action.
+- **revisionNumber** Update revision number.
+- **updateId** Update ID.
+- **updateScenarioType** The update session type.
+- **uxRebootstate** Indicates the exact state of the user experience at the time the required reboot was initiated to ensure the correct update process and experience is provided to keep Windows up to date.
+- **wuDeviceid** Unique device ID used by Windows Update.
+
+
### Microsoft.Windows.Update.Orchestrator.UpdaterMalformedData
This event is sent when a registered updater has missing or corrupted information, to help keep Windows up to date.
@@ -7727,6 +8023,105 @@ The following fields are available:
- **wuDeviceid** Represents device ID.
+### Microsoft.Windows.WindowsUpdate.RUXIM.ICSEvaluateInteractionCampaign
+
+This event is generated when the RUXIM Interaction Campaign Scheduler (RUXIMICS.EXE) finishes processing an interaction campaign. The data collected with this event is used to help keep Windows up to date and performing properly.
+
+The following fields are available:
+
+- **ControlId** String identifying the control (if any) that was selected by the user during presentation.
+- **hrInteractionHandler** The error (if any) reported by the RUXIM Interaction Handler while processing the interaction campaign.
+- **hrScheduler** The error (if any) encountered by RUXIM Interaction Campaign Scheduler itself while processing the interaction campaign.
+- **InteractionCampaignID** The ID of the interaction campaign that was processed.
+- **ResultId** The result of the evaluation/presentation.
+- **WasCompleted** True if the interaction campaign is complete.
+- **WasPresented** True if the Interaction Handler displayed the interaction campaign to the user.
+
+
+### Microsoft.Windows.WindowsUpdate.RUXIM.ICSExit
+
+This event is generated when the RUXIM Interaction Campaign Scheduler (RUXIMICS) exits. The data collected with this event is used to help keep Windows up to date and performing properly.
+
+
+
+### Microsoft.Windows.WindowsUpdate.RUXIM.ICSLaunch
+
+This event is generated when the RUXIM Interaction Campaign Scheduler (RUXIMICS.EXE) is launched. The data collected with this event is used to help keep Windows up to date and performing properly.
+
+The following fields are available:
+
+- **CommandLine** The command line used to launch RUXIMICS.
+
+
+### Microsoft.Windows.WindowsUpdate.RUXIM.IHEvaluateAndPresent
+
+This event is generated when the RUXIM Interaction Handler finishes evaluating, and possibly presenting an interaction campaign. The data collected with this event is used to help keep Windows up to date and performing properly.
+
+The following fields are available:
+
+- **hrLocal** The error (if any) encountered by RUXIM Interaction Handler during evaluation and presentation.
+- **hrPresentation** The error (if any) reported by RUXIM Presentation Handler during presentation.
+- **InteractionCampaignID** GUID; the user interaction campaign processed by RUXIM Interaction Handler.
+- **ResultId** The result generated by the evaluation and presentation.
+- **WasCompleted** True if the user interaction campaign is complete.
+- **WasPresented** True if the user interaction campaign is displayed to the user.
+
+
+### Microsoft.Windows.WindowsUpdate.RUXIM.IHExit
+
+This event is generated when the RUXIM Interaction Handler (RUXIMIH.EXE) exits. The data collected with this event is used to help keep Windows up to date and performing properly.
+
+The following fields are available:
+
+- **InteractionCampaignID** GUID identifying the interaction campaign that RUXIMIH processed.
+
+
+### Microsoft.Windows.WindowsUpdate.RUXIM.IHLaunch
+
+This event is generated when the RUXIM Interaction Handler (RUXIMIH.EXE) is launched. The data collected with this event is used to help keep Windows up to date and performing properly.
+
+The following fields are available:
+
+- **CommandLine** The command line used to launch RUXIMIH.
+- **InteractionCampaignID** GUID identifying the user interaction campaign that the Interaction Handler will process.
+
+
+### Microsoft.Windows.WindowsUpdate.RUXIM.SystemEvaluator.Evaluation
+
+This event is generated whenever the RUXIM Evaluator DLL performs an evaluation. The data collected with this event is used to help keep Windows up to date and performing properly.
+
+The following fields are available:
+
+- **HRESULT** Error, if any, that occurred during evaluation. (Note that if errors encountered during individual checks do not affect the overall result of the evaluation, those errors will be reported in NodeEvaluationData, but this HRESULT will still be zero.)
+- **Id** GUID passed in by the caller to identify the evaluation.
+- **NodeEvaluationData** Structure showing the results of individual checks that occurred during the overall evaluation.
+- **Result** Overall result generated by the evaluation.
+
+### wilActivity
+
+This event provides a Windows Internal Library context used for Product and Service diagnostics. The data collected with this event is used to help keep Windows up to date.
+
+The following fields are available:
+
+- **callContext** The function where the failure occurred.
+- **currentContextId** The ID of the current call context where the failure occurred.
+- **currentContextMessage** The message of the current call context where the failure occurred.
+- **currentContextName** The name of the current call context where the failure occurred.
+- **failureCount** The number of failures for this failure ID.
+- **failureId** The ID of the failure that occurred.
+- **failureType** The type of the failure that occurred.
+- **fileName** The file name where the failure occurred.
+- **function** The function where the failure occurred.
+- **hresult** The HResult of the overall activity.
+- **lineNumber** The line number where the failure occurred.
+- **message** The message of the failure that occurred.
+- **module** The module where the failure occurred.
+- **originatingContextId** The ID of the originating call context that resulted in the failure.
+- **originatingContextMessage** The message of the originating call context that resulted in the failure.
+- **originatingContextName** The name of the originating call context that resulted in the failure.
+- **threadId** The ID of the thread on which the activity is executing.
+
+
## Windows Update mitigation events
### Microsoft.Windows.Mitigations.AllowInPlaceUpgrade.ApplyTroubleshootingComplete
@@ -7832,6 +8227,7 @@ This event is sent when the Update Reserve Manager clears one of the reserves. T
The following fields are available:
- **FinalReserveUsedSpace** The amount of used space for the reserve after it was cleared.
+- **Flags** The context of clearing the reserves.
- **InitialReserveUsedSpace** The amount of used space for the reserve before it was cleared.
- **ReserveId** The ID of the reserve that needs to be cleared.
diff --git a/windows/privacy/toc.yml b/windows/privacy/toc.yml
index b631e434ef..96516c4786 100644
--- a/windows/privacy/toc.yml
+++ b/windows/privacy/toc.yml
@@ -1,7 +1,7 @@
- name: Privacy
href: index.yml
items:
- - name: "Windows 10 & Privacy Compliance: A Guide for IT and Compliance Professionals"
+ - name: "Windows Privacy Compliance: A Guide for IT and Compliance Professionals"
href: windows-10-and-privacy-compliance.md
- name: Configure Windows diagnostic data in your organization
href: configure-windows-diagnostic-data-in-your-organization.md
@@ -15,6 +15,8 @@
href: Microsoft-DiagnosticDataViewer.md
- name: Required Windows diagnostic data events and fields
items:
+ - name: Required Windows 11 diagnostic data events and fields
+ href: required-windows-11-diagnostic-events-and-fields.md
- name: Windows 10, version 21H1, Windows 10, version 20H2 and Windows 10, version 2004 required Windows diagnostic data events and fields
href: required-windows-diagnostic-data-events-and-fields-2004.md
- name: Windows 10, version 1909 and Windows 10, version 1903 required level Windows diagnostic events and fields
@@ -29,18 +31,22 @@
href: basic-level-windows-diagnostic-events-and-fields-1703.md
- name: Optional Windows diagnostic data events and fields
items:
- - name: Windows 10, version 1709 and newer optional diagnostic data
+ - name: Windows 10, version 1709 and later and Windows 11 optional diagnostic data
href: windows-diagnostic-data.md
- name: Windows 10, version 1703 optional diagnostic data
href: windows-diagnostic-data-1703.md
- name: Windows 10 diagnostic data events and fields collected through the limit enhanced diagnostic data policy
href: enhanced-diagnostic-data-windows-analytics-events-and-fields.md
- - name: Manage Windows 10 connection endpoints
+ - name: Manage Windows connection endpoints
items:
- name: Manage connections from Windows operating system components to Microsoft services
href: manage-connections-from-windows-operating-system-components-to-microsoft-services.md
- name: Manage connections from Windows operating system components to Microsoft services using MDM
href: manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md
+ - name: Connection endpoints for Windows 11
+ href: manage-windows-11-endpoints.md
+ - name: Connection endpoints for Windows 10, version 21H1
+ href: manage-windows-21H1-endpoints.md
- name: Connection endpoints for Windows 10, version 20H2
href: manage-windows-20H2-endpoints.md
- name: Connection endpoints for Windows 10, version 2004
@@ -55,6 +61,10 @@
href: manage-windows-1803-endpoints.md
- name: Connection endpoints for Windows 10, version 1709
href: manage-windows-1709-endpoints.md
+ - name: Connection endpoints for non-Enterprise editions of Windows 11
+ href: windows-11-endpoints-non-enterprise-editions.md
+ - name: Connection endpoints for non-Enterprise editions of Windows 10, version 21H1
+ href: windows-endpoints-21H1-non-enterprise-editions.md
- name: Connection endpoints for non-Enterprise editions of Windows 10, version 20H2
href: windows-endpoints-20H2-non-enterprise-editions.md
- name: Connection endpoints for non-Enterprise editions of Windows 10, version 2004
diff --git a/windows/privacy/windows-10-and-privacy-compliance.md b/windows/privacy/windows-10-and-privacy-compliance.md
index cfe581ed04..bf24ccb668 100644
--- a/windows/privacy/windows-10-and-privacy-compliance.md
+++ b/windows/privacy/windows-10-and-privacy-compliance.md
@@ -1,6 +1,6 @@
---
-title: Windows 10 & Privacy Compliance Guide
-description: This article provides information to help IT and compliance professionals understand the personal data policies as related to Windows 10.
+title: Windows Privacy Compliance Guide
+description: This article provides information to help IT and compliance professionals understand the personal data policies as related to Windows.
keywords: privacy, GDPR, compliance
ms.prod: w10
ms.mktglfcycl: manage
@@ -16,64 +16,62 @@ ms.topic: article
ms.date: 07/21/2020
---
-# Windows 10 & Privacy Compliance: A Guide for IT and Compliance Professionals
+# Windows Privacy Compliance: A Guide for IT and Compliance Professionals
Applies to:
-- Windows 10 Enterprise
-- Windows 10 Education
-- Windows 10 Professional
-- Windows Server 2016 and newer
+- Windows 10 and 11 Enterprise
+- Windows 10 and 11 Education
+- Windows 10 and 11 Professional
+- Windows Server 2016 and later
## Overview
-At Microsoft, we are committed to data privacy across all our products and services. With this guide, we provide administrators and compliance professionals with data privacy considerations for Windows 10.
+At Microsoft, we are committed to data privacy across all our products and services. With this guide, we provide administrators and compliance professionals with data privacy considerations for Windows.
-Microsoft collects data through multiple interactions with users of Windows 10 devices. This information can contain personal data that may be used to provide, secure, and improve Windows 10 services. To help users and organizations control the collection of personal data, Windows 10 provides comprehensive transparency features, settings choices, controls, and support for data subject requests, all of which are detailed in this article.
+Microsoft collects data through multiple interactions with users of Windows devices. This information can contain personal data that may be used to provide, secure, and improve Windows services. To help users and organizations control the collection of personal data, Windows provides comprehensive transparency features, settings choices, controls, and support for data subject requests, all of which are detailed in this article.
-This information allows administrators and compliance professionals to work together to better manage personal data privacy considerations and related regulations, such as the General Data Protection Regulation (GDPR)
+This information allows administrators and compliance professionals to work together to better manage personal data privacy considerations and related regulations, such as the General Data Protection Regulation (GDPR).
-## 1. Windows 10 data collection transparency
+## 1. Windows data collection transparency
-Transparency is an important part of the data collection process in Windows 10. Comprehensive information about the features and processes used to collect data is available to users and administrators directly within Windows, both during and after device set up.
+Transparency is an important part of the data collection process in Windows. Comprehensive information about the features and processes used to collect data is available to users and administrators directly within Windows, both during and after device set up.
### 1.1 Device set up experience and support for layered transparency
When setting up a device, a user can configure their privacy settings. Those privacy settings are key in determining the amount of personal data collected. For each privacy setting, the user is provided information about the setting along with the links to supporting information. This information explains what data is collected, how the data is used, and how to manage the setting after the device setup is complete. When connected to the network during this portion of setup, the user can also review the privacy statement. A brief overview of the set up experience for privacy settings is described in [Windows Insiders get first look at new privacy screen settings layout coming to Windows 10](https://blogs.windows.com/windowsexperience/2018/03/06/windows-insiders-get-first-look-new-privacy-screen-settings-layout-coming-windows-10/#uCC2bKYP8M5BqrDP.97), a blog entry on Windows Blogs.
-The following table provides an overview of the Windows 10 privacy settings presented during the device setup experience that involve processing personal data and where to find additional information.
+The following table provides an overview of the Windows 10 and Windows 11 privacy settings presented during the device setup experience that involve processing personal data and where to find additional information.
> [!NOTE]
-> This table is limited to the privacy settings that are available as part of setting up a Windows 10 device (Windows 10, version 1809 and newer). For the full list of settings that involve data collection, see [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md).
+> This table is limited to the privacy settings that are most commonly avaialable when setting up a current version of Windows 10 or newer. For the full list of settings that involve data collection, see [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md).
| Feature/Setting | Description | Supporting Content | Privacy Statement |
| --- | --- | --- | --- |
-| Diagnostic Data |
Microsoft uses diagnostic data to keep Windows secure, up to date, troubleshoot problems, and make product improvements. Regardless of what choices you make for diagnostic data collection, the device will be just as secure and will operate normally. This data is collected by Microsoft and stored with one or more unique identifiers that can help us recognize an individual user on an individual device and understand the device's service issues and use patterns.
Diagnostic data is categorized into the following:
**Required diagnostic data** Required diagnostic data includes information about your device, its settings, capabilities, and whether it is performing properly, whether a device is ready for an update, and whether there are factors that may impede the ability to receive updates, such as low battery, limited disk space, or connectivity through a paid network. You can find out what is collected with required diagnostic data [here](./required-windows-diagnostic-data-events-and-fields-2004.md).
**Optional diagnostic data** Optional diagnostic data includes more detailed information about your device and its settings, capabilities, and device health. When you choose to send optional diagnostic data, required diagnostic data will always be included. You can find out the types of optional diagnostic data collected [here](./windows-diagnostic-data.md).
[Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md) | [Privacy Statement](https://privacy.microsoft.com/privacystatement#maindiagnosticsmodule) |
-| Inking and typing diagnostics | Microsoft collects optional inking and typing diagnostic data to improve the language recognition and suggestion capabilities of apps and services running on Windows. | [Learn more](https://support.microsoft.com/help/4468236/diagnostics-feedback-and-privacy-in-windows-10-microsoft-privacy) | [Privacy Statement](https://privacy.microsoft.com/privacystatement#maindiagnosticsmodule) |
-| Speech | Use your voice for dictation and to talk to Cortana and other apps that use Windows cloud-based speech recognition. Microsoft collects voice data to help improve speech services. | [Learn more](https://support.microsoft.com/help/4468250/windows-10-speech-voice-activation-inking-typing-privacy) | [Privacy Statement](https://privacy.microsoft.com/privacystatement#mainspeechinkingtypingmodule) |
+| Diagnostic Data |
Microsoft uses diagnostic data to keep Windows secure, up to date, troubleshoot problems, and make product improvements. Regardless of what choices you make for diagnostic data collection, the device will be just as secure and will operate normally. This data is collected by Microsoft to quickly identify and address issues affecting its customers.
Diagnostic data is categorized into the following:
**Required diagnostic data** Required diagnostic data includes information about your device, its settings, capabilities, and whether it is performing properly, whether a device is ready for an update, and whether there are factors that may impede the ability to receive updates, such as low battery, limited disk space, or connectivity through a paid network. You can find out what is collected with required diagnostic data [here](./required-windows-diagnostic-data-events-and-fields-2004.md).
**Optional diagnostic data** Optional diagnostic data includes more detailed information about your device and its settings, capabilities, and device health. When you choose to send optional diagnostic data, required diagnostic data will always be included. You can find out the types of optional diagnostic data collected [here](./windows-diagnostic-data.md).
[Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md) | [Privacy Statement](https://privacy.microsoft.com/privacystatement#maindiagnosticsmodule) |
+| Inking & typing | Microsoft collects optional inking and typing diagnostic data to improve the language recognition and suggestion capabilities of apps and services running on Windows. | [Learn more](https://support.microsoft.com/help/4468236/diagnostics-feedback-and-privacy-in-windows-10-microsoft-privacy) | [Privacy Statement](https://privacy.microsoft.com/privacystatement#maindiagnosticsmodule) |
| Location | Get location-based experiences like directions and weather. Let Windows and apps request your location and allow Microsoft to use your location data to improve location services. | [Learn more](https://support.microsoft.com/help/4468240/windows-10-location-service-and-privacy) |[Privacy Statement](https://privacy.microsoft.com/privacystatement#mainlocationservicesmotionsensingmodule) |
| Find my device | Use your device’s location data to help you find your device if you lose it. | [Learn more](https://support.microsoft.com/help/11579/microsoft-account-find-and-lock-lost-windows-device) | [Privacy Statement](https://privacy.microsoft.com/privacystatement#mainlocationservicesmotionsensingmodule) |
| Tailored Experiences | Let Microsoft offer you tailored experiences based on the diagnostic data you choose to send. Tailored experiences include personalized tips, ads, and recommendations to enhance Microsoft products and services for your needs. | [Learn more](https://support.microsoft.com/help/4468236/diagnostics-feedback-and-privacy-in-windows-10-microsoft-privacy) | [Privacy Statement](https://privacy.microsoft.com/privacystatement#maindiagnosticsmodule) |
| Advertising Id | Apps can use advertising ID to provide more personalized advertising in accordance with the privacy policy of the app provider. | [Learn more](https://support.microsoft.com/help/4459081/windows-10-general-privacy-settings) | [Privacy statement](https://support.microsoft.com/help/4459081/windows-10-general-privacy-settings) |
-| Activity History/Timeline – Cloud Sync | If you want Windows Timeline and other Windows features to help you continue what you were doing, even when you switch devices, send Microsoft your activity history, which includes info about websites you browse and how you use apps and services. | [Learn more](https://support.microsoft.com/help/4468227/windows-10-activity-history-and-your-privacy-microsoft-privacy) | [Privacy statement](https://privacy.microsoft.com/privacystatement#mainactivityhistorymodule) |
-| Cortana |
Cortana is Microsoft’s personal digital assistant, which helps busy people get things done, even while they’re at work. Cortana on Windows is available in [certain regions and languages](https://support.microsoft.com/help/4026948/cortanas-regions-and-languages). Cortana learns from certain data about the user, such as location, searches, calendar, contacts, voice input, speech patterns, email, content, and communication history from text messages. In Microsoft Edge, Cortana uses browsing history. The user is in control of how much data is shared.
Cortana has powerful configuration options, specifically optimized for a business. By signing in with an Azure Active Directory (Azure AD) account, enterprise users can give Cortana access to their enterprise/work identity, while getting all the functionality Cortana provides to them outside of work.
[Cortana integration in your business or enterprise](/windows/configuration/cortana-at-work/cortana-at-work-overview) | [Privacy statement](https://privacy.microsoft.com/privacystatement#maincortanamodule) |
+
### 1.2 Data collection monitoring
-[Diagnostic Data Viewer (DDV)](diagnostic-data-viewer-overview.md) is a Microsoft Store app (available in Windows 10, version 1803 and newer) that lets a user review the Windows diagnostic data that is being collected on their Windows 10 device and sent to Microsoft in real-time. DDV groups the information into simple categories that describe the data that’s being collected.
+[Diagnostic Data Viewer (DDV)](diagnostic-data-viewer-overview.md) is a Microsoft Store app (available in Windows 10, version 1803 and later and Windows 11) that lets a user review the Windows diagnostic data that is being collected on their Windows device and sent to Microsoft in real-time. DDV groups the information into simple categories that describe the data that’s being collected.
An administrator can also use the Diagnostic Data Viewer for PowerShell module to view the diagnostic data collected from the device instead of using the Diagnostic Data Viewer UI. The [Diagnostic Data Viewer for PowerShell Overview](microsoft-diagnosticdataviewer.md) provides further information.
> [!Note]
> If the Windows diagnostic data processor configuration is enabled, IT administrators should use the admin portal to fulfill data subject requests to access or export Windows diagnostic data associated with a particular user’s device usage. See [The process for exercising data subject rights](#3-the-process-for-exercising-data-subject-rights).
-## 2. Windows 10 data collection management
+## 2. Windows data collection management
-Windows 10 provides the ability to manage privacy settings through several different methods. Users can change their privacy settings using the Windows 10 settings (**Start > Settings > Privacy**). The organization can also manage the privacy settings using Group Policy or Mobile Device Management (MDM). The following sections provide an overview on how to manage the privacy settings previously discussed in this article.
+Windows provides the ability to manage privacy settings through several different methods. Users can change their privacy settings by opening the Settings app in Windows, or the organization can also manage the privacy settings using Group Policy or Mobile Device Management (MDM). The following sections provide an overview on how to manage the privacy settings previously discussed in this article.
### 2.1 Privacy setting options for users
-Once a Windows 10 device is set up, a user can manage data collection settings by navigating to **Start > Settings > Privacy**. Administrators can control privacy settings via setting policy on the device (see Section 2.2 below). If this is the case, the user will see an alert that says **Some settings are hidden or managed by your organization** when they navigate to **Start > Settings > Privacy**. In this case, the user can only change settings in accordance with the policies that the administrator has applied to the device.
+Once a Windows device is set up, a user can manage data collection settings by opening the Settings app in Windows. Administrators can control privacy settings via setting policy on the device (see Section 2.2 below). If this is the case, the user will see an alert that says **Some settings are hidden or managed by your organization** when they navigate to the Settings page. In this case, the user can only change settings in accordance with the policies that the administrator has applied to the device.
### 2.2 Privacy setting controls for administrators
@@ -82,15 +80,15 @@ Administrators can configure and control privacy settings across their organizat
The following table provides an overview of the privacy settings discussed earlier in this document with details on how to configure these policies. The table also provides information on what the default value would be for each of these privacy settings if you do not manage the setting by using policy and suppress the Out-of-box Experience (OOBE) during device setup. If you’re interested in minimizing data collection, we also provide the recommended value to set.
> [!NOTE]
-> This is not a complete list of settings that involve connecting to Microsoft services. For a more detailed list, see [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md).
+> This is not a complete list of settings that involve managing data collection or connecting to Microsoft services. For a more detailed list, see [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md).
| Feature/Setting | GP/MDM Documentation | Default State if the Setup experience is suppressed | State to stop/minimize data collection |
|---|---|---|---|
| [Speech](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-speech) | Group Policy: **Computer Configuration** > **Control Panel** > **Regional and Language Options** > **Allow users to enable online speech recognition services**
MDM: [Privacy/AllowInputPersonalization](/windows/client-management/mdm/policy-csp-privacy#privacy-allowinputpersonalization) | Off | Off |
-| [Location](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-location) | Group Policy: **Computer Configuration** > **Windows Components** > **App Privacy** > **Let Windows apps access location**
MDM: [Privacy/LetAppsAccessLocation](/windows/client-management/mdm/policy-csp-privacy#privacy-allowinputpersonalization) | Off (Windows 10, version 1903 and later) | Off |
+| [Location](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-location) | Group Policy: **Computer Configuration** > **Windows Components** > **App Privacy** > **Let Windows apps access location**
MDM: [Privacy/LetAppsAccessLocation](/windows/client-management/mdm/policy-csp-privacy#privacy-allowinputpersonalization) | Off (Windows 10, version 1903 and later and Windows 11) | Off |
| [Find my device](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#find-my-device) | Group Policy: **Computer Configuration** > **Windows Components** > **Find My Device** > **Turn On/Off Find My Device**
MDM: [Experience/AllFindMyDevice](/windows/client-management/mdm/policy-csp-experience#experience-allowfindmydevice) | Off | Off |
-| [Diagnostic Data](configure-windows-diagnostic-data-in-your-organization.md#manage-enterprise-diagnostic-data) | Group Policy: **Computer Configuration** > **Windows Components** > **Data Collection and Preview Builds** > **Allow Telemetry**
**Note**: If you are planning to configure devices, using the Windows diagnostic data processor configuration option, the state to minimize data collection is not recommended. See [Enabling the Windows diagnostic data processor configuration](#238-diagnostic-data-enabling-the-windows-diagnostic-data-processor-configuration) below for more information. | Required diagnostic data (Windows 10, version 1903 and later)
Server editions: Enhanced diagnostic data | Security (Off) and block endpoints |
-| [Inking and typing diagnostics](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-ink) | Group Policy: **Computer Configuration** > **Windows Components** > **Text Input** > **Improve inking and typing recognition**
MDM: [TextInput/AllowLinguisticDataCollection](/windows/client-management/mdm/policy-csp-textinput#textinput-allowlinguisticdatacollection) | Off (Windows 10, version 1809 and later) | Off |
+| [Diagnostic Data](configure-windows-diagnostic-data-in-your-organization.md) | Group Policy: **Computer Configuration** > **Windows Components** > **Data Collection and Preview Builds** > **Allow Telemetry** (or **Allow diagnostic data** in Windows 11 or Windows Server 2022)
**Note**: If you are planning to configure devices, using the Windows diagnostic data processor configuration option, the state to minimize data collection is not recommended. See [Enabling the Windows diagnostic data processor configuration](#238-diagnostic-data-enabling-the-windows-diagnostic-data-processor-configuration) below for more information. | Required diagnostic data (Windows 10, version 1903 and later and Windows 11)
Server editions: Enhanced diagnostic data | Security (Off) and block endpoints |
+| [Inking and typing diagnostics](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-ink) | Group Policy: **Computer Configuration** > **Windows Components** > **Text Input** > **Improve inking and typing recognition**
MDM: [TextInput/AllowLinguisticDataCollection](/windows/client-management/mdm/policy-csp-textinput#textinput-allowlinguisticdatacollection) | Off (Windows 10, version 1809 and later and Windows 11) | Off |
| Tailored Experiences | Group Policy: **User Configuration** > **Windows Components** > **Cloud Content** > **Do not use diagnostic data for tailored experiences**
MDM: [Experience/AllowTailoredExperiencesWithDiagnosticData](/windows/client-management/mdm/policy-csp-experience#experience-allowtailoredexperienceswithdiagnosticdata) | Off | Off |
| Advertising ID | Group Policy: **Computer Configuration** > **System** > **User Profile** > **Turn off the advertising Id**
MDM: [Privacy/DisableAdvertisingId](/windows/client-management/mdm/policy-csp-privacy#privacy-disableadvertisingid) | Off | Off |
| Activity History/Timeline – Cloud Sync | Group Policy: **Computer Configuration** > **System** > **OS Policies** > **Allow upload of User Activities**
MDM: [Privacy/EnableActivityFeed](/windows/client-management/mdm/policy-csp-privacy#privacy-enableactivityfeed) | Off | Off |
@@ -108,7 +106,7 @@ If you want the ability to fully control and apply restrictions on data being se
Alternatively, your administrators can also choose to use Windows Autopilot. Autopilot lessens the overall burden of deployment while allowing administrators to fully customize the out-of-box experience. However, since Windows Autopilot is a cloud-based solution, administrators should be aware that a minimal set of device identifiers are sent back to Microsoft during initial device boot up. This device-specific information is used to identify the device so that it can receive the administrator-configured Autopilot profile and policies.
-You can use the following articles to learn more about Autopilot and how to use Autopilot to deploy Windows 10:
+You can use the following articles to learn more about Autopilot and how to use Autopilot to deploy Windows:
- [Overview of Windows Autopilot](/windows/deployment/windows-Autopilot/windows-Autopilot)
- [Windows Autopilot deployment process](/windows/deployment/windows-Autopilot/deployment-process)
@@ -119,11 +117,11 @@ Administrators can manage the data sent from their organization to Microsoft by
For more details, see [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md). This topic includes the different methods available on how to configure each setting, the impact to functionality, and which versions of Windows that are applicable.
-#### _2.3.3 Managing Windows 10 connections_
+#### _2.3.3 Managing Windows connections_
Some Windows components, apps, and related services transfer data to Microsoft network endpoints. An administrator may want to block these endpoints for their organization to meet their specific compliance objectives.
-[Manage connection endpoints for Windows 10, version 1903](manage-windows-1903-endpoints.md) provides a list of endpoints for the latest Windows 10 release, along with descriptions of any functionality that would be impacted by restricting data collection. Details for additional Windows versions can be found on the Windows Privacy site under the **Manage Windows 10 connection endpoints** section of the left-hand navigation menu.
+The **Manage Windows connection endpoints** section on the left-hand navigation menu provides a list of endpoints for the latest Windows releases, along with descriptions of any functionality that would be impacted by restricting data collection.
#### _2.3.4 Limited functionality baseline_
@@ -131,19 +129,19 @@ An organization may want to minimize the amount of data sent back to Microsoft o
>[!IMPORTANT]
> - We recommend that you fully test any modifications to these settings before deploying them in your organization.
-> - We also recommend that if you plan to enable the Windows diagnostic data processor configuration, adjust the limited configuration baseline before deploying to ensure the Windows diagnostic setting is not turned off.
+> - We also recommend that if you plan to enable the Windows diagnostic data processor configuration, adjust the limited configuration baseline before deploying it to ensure the Windows diagnostic setting is not turned off.
#### _2.3.5 Diagnostic data: Managing notifications for change of level at logon_
-Starting with Windows 10, version 1803, if an administrator modifies the diagnostic data collection setting, users are notified of this change during the initial device sign in. For example, if you configure the device to send optional diagnostic data, users will be notified the next time they sign into the device. You can disable these notifications by using the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Data Collection and Preview Builds** > **Configure telemetry opt-in change notifications** or the MDM policy `ConfigureTelemetryOptInChangeNotification`.
+Starting with Windows 10, version 1803 and Windows 11, if an administrator modifies the diagnostic data collection setting, users are notified of this change during the initial device sign in. For example, if you configure the device to send optional diagnostic data, users will be notified the next time they sign into the device. You can disable these notifications by using the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Data Collection and Preview Builds** > **Configure telemetry opt-in change notifications** or the MDM policy `ConfigureTelemetryOptInChangeNotification`.
#### _2.3.6 Diagnostic data: Managing end user choice for changing the setting_
-Windows 10, version 1803 and newer allows users to change their diagnostic data level to a lower setting than what their administrator has set. For example, if you have configured the device to send optional diagnostic data, a user can change the setting so that only required diagnostic data is sent by going into **Settings** > **Privacy** > **Diagnostics & feedback**. Administrators can restrict a user’s ability to change the setting using **Setting** > **Privacy** by setting the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Data Collection and Preview Builds** > **Configure telemetry opt-in setting user interface** or the MDM policy `ConfigureTelemetryOptInSettingsUx`.
+Windows 10, version 1803 and later and Windows 11 allows users to change their diagnostic data level to a lower setting than what their administrator has set. For example, if you have configured the device to send optional diagnostic data, a user can change the setting so that only required diagnostic data is sent by opening the Settings app in Windows. Administrators can restrict a user’s ability to change the setting by enabling the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Data Collection and Preview Builds** > **Configure telemetry opt-in setting user interface** or the MDM policy `ConfigureTelemetryOptInSettingsUx`.
#### _2.3.7 Diagnostic data: Managing device-based data delete_
-Windows 10, version 1809 and newer allows a user to delete diagnostic data collected from their device by using **Settings** > **Privacy** > **Diagnostic & feedback** and clicking the **Delete** button under the **Delete diagnostic data** heading. An administrator can also delete diagnostic data for a device using the [Clear-WindowsDiagnosticData](/powershell/module/windowsdiagnosticdata/Clear-WindowsDiagnosticData) PowerShell cmdlet.
+Windows 10, version 1809 and later and Windows 11 allow a user to delete diagnostic data collected from their device by opening the Settings app in Windows and navigating to **Diagnostic & feedback** and clicking the **Delete** button under the **Delete diagnostic data** heading. An administrator can also delete diagnostic data for a device using the [Clear-WindowsDiagnosticData](/powershell/module/windowsdiagnosticdata/Clear-WindowsDiagnosticData) PowerShell cmdlet.
An administrator can disable a user’s ability to delete their device’s diagnostic data by setting the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Data Collection and Preview Builds** > **Disable deleting diagnostic data** or the MDM policy `DisableDeviceDelete`.
@@ -154,9 +152,10 @@ An administrator can disable a user’s ability to delete their device’s diagn
**Applies to:**
-- Windows 10 Enterprise, Pro, Education editions, version 1809 with July 2021 update and newer
+- Windows 11 Enterprise, Professional, and Education editions
+- Windows 10 Enterprise, Professional, and Education, version 1809 with July 2021 update and newer
-The Windows diagnostic data processor configuration enables IT administrators to be the controller, as defined by the European Union General Data Protection Regulation (GDPR), for the Windows diagnostic data collected from Windows 10 devices that are Azure Active Directory (AAD) joined and meet the configuration requirements. For more information, see [Enable Windows diagnostic data processor configuration](configure-windows-diagnostic-data-in-your-organization.md#enable-windows-diagnostic-data-processor-configuration) in [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md). Windows diagnostic data does not include data processed by Microsoft in connection with providing service-based capabilities.
+The Windows diagnostic data processor configuration enables IT administrators to be the controller, as defined by the European Union General Data Protection Regulation (GDPR), for the Windows diagnostic data collected from Windows devices that are Azure Active Directory (AAD) joined and meet the configuration requirements. For more information, see [Enable Windows diagnostic data processor configuration](configure-windows-diagnostic-data-in-your-organization.md#enable-windows-diagnostic-data-processor-configuration) in [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md). Windows diagnostic data does not include data processed by Microsoft in connection with providing service-based capabilities.
The Windows diagnostic data collected from devices enabled with the Windows diagnostic data processor configuration may be associated with a specific AAD User ID or device ID. The Windows diagnostic data processor configuration provides you with controls that help respond to data subject requests (DSRs) to delete diagnostic data, at user account closure, for a specific AAD User ID. Additionally, you’re able to execute an export DSR for diagnostic data related to a specific AAD User ID. For more information, see [The process for exercising data subject rights](#3-the-process-for-exercising-data-subject-rights). Microsoft also will accommodate a tenant account closure, either because you decide to close your Azure or Azure AD tenant account, or because you decide you no longer wish to be the data controller for Windows diagnostic data, but still wish to remain an Azure customer.
@@ -174,20 +173,20 @@ For more information on how Microsoft can help you honor rights and fulfill obli
## 3. The process for exercising data subject rights
-This section discusses the different methods Microsoft provides for users and administrators to exercise data subject rights for data collected from a Windows 10 device.
+This section discusses the different methods Microsoft provides for users and administrators to exercise data subject rights for data collected from a Windows device.
For IT administrators who have devices using the Windows diagnostic data processor configuration, refer to the [Data Subject Requests for the GDPR and CCPA](/compliance/regulatory/gdpr-dsr-windows). Otherwise proceed to the sections below.
### 3.1 Delete
-Users can delete their device-based data by going to **Settings** > **Privacy** > **Diagnostic & feedback** and clicking the **Delete** button under the **Delete diagnostic data** heading. Administrators can also use the [Clear-WindowsDiagnosticData](/powershell/module/windowsdiagnosticdata/Clear-WindowsDiagnosticData) PowerShell cmdlet.
+Users can delete their device-based data by opening the Windows settings app and navigating to **Diagnostic & feedback** and clicking the **Delete** button under the **Delete diagnostic data** heading. Administrators can also use the [Clear-WindowsDiagnosticData](/powershell/module/windowsdiagnosticdata/Clear-WindowsDiagnosticData) PowerShell cmdlet.
>[!Note]
>If the Windows diagnostic data processor configuration is being used, the Delete diagnostic data functionality will be disabled. IT administrators can delete diagnostic data associated with a user from the admin portal.
### 3.2 View
-The [Diagnostic Data Viewer (DDV)](diagnostic-data-viewer-overview.md) provides a view into the diagnostic data being collected from a Windows 10 device. Administrators can also use the [Get-DiagnosticData](microsoft-diagnosticdataviewer.md#install-and-use-the-diagnostic-data-viewer-for-powershell) PowerShell cmdlet.
+The [Diagnostic Data Viewer (DDV)](diagnostic-data-viewer-overview.md) provides a view into the diagnostic data being collected from a Windows device. Administrators can also use the [Get-DiagnosticData](microsoft-diagnosticdataviewer.md#install-and-use-the-diagnostic-data-viewer-for-powershell) PowerShell cmdlet.
>[!Note]
>If the Windows diagnostic data processor configuration is enabled, IT administrators can view the diagnostic data that is associated with a user from the admin portal.
@@ -216,7 +215,7 @@ The following sections provide details about how privacy data is collected and m
### 5.1 Windows Server 2016 and newer
-Windows Server follows the same mechanisms as Windows 10 for handling of personal data.
+Windows Server follows the same mechanisms as Windows 10 (and newer versions) for handling of personal data.
>[!Note]
>The Windows diagnostic data processor configuration is not available for Windows Server.
@@ -235,15 +234,15 @@ An administrator can configure privacy-related settings, such as choosing to onl
### 5.3 Desktop Analytics
-[Desktop Analytics](/mem/configmgr/desktop-analytics/overview) is a set of solutions for Azure portal that provide you with extensive data about the state of devices in your deployment. Desktop Analytics is a separate offering from Windows 10 and is dependent on enabling a minimum set of data collection on the device to function.
+[Desktop Analytics](/mem/configmgr/desktop-analytics/overview) is a set of solutions for Azure portal that provide you with extensive data about the state of devices in your deployment. Desktop Analytics is a separate offering from Windows and is dependent on enabling a minimum set of data collection on the device to function.
### 5.4 Microsoft Managed Desktop
-[Microsoft Managed Desktop (MMD)](/microsoft-365/managed-desktop/service-description/) is a service that provides your users with a secure modern experience and always keeps devices up to date with the latest versions of Windows 10 Enterprise edition, Office 365 ProPlus, and Microsoft security services.
+[Microsoft Managed Desktop (MMD)](/microsoft-365/managed-desktop/service-description/) is a service that provides your users with a secure modern experience and always keeps devices up to date with the latest versions of Windows Enterprise edition, Office 365 ProPlus, and Microsoft security services.
### 5.5 Update Compliance
-[Update Compliance](/windows/deployment/update/update-compliance-monitor) is a service that enables organizations to monitor security, quality and feature updates for Windows 10 Professional, Education, and Enterprise editions, and view a report of device and update issues related to compliance that need attention. Update Compliance uses Windows 10 diagnostic data for all its reporting.
+[Update Compliance](/windows/deployment/update/update-compliance-monitor) is a service that enables organizations to monitor security, quality and feature updates for Windows Professional, Education, and Enterprise editions, and view a report of device and update issues related to compliance that need attention. Update Compliance uses Windows diagnostic data for all its reporting.
## Additional Resources
diff --git a/windows/privacy/windows-11-endpoints-non-enterprise-editions.md b/windows/privacy/windows-11-endpoints-non-enterprise-editions.md
new file mode 100644
index 0000000000..335ff921c6
--- /dev/null
+++ b/windows/privacy/windows-11-endpoints-non-enterprise-editions.md
@@ -0,0 +1,246 @@
+---
+title: Windows 11 connection endpoints for non-Enterprise editions
+description: Explains what Windows 11 endpoints are used in non-Enterprise editions. Specific to Windows 11.
+keywords: privacy, manage connections to Microsoft, Windows 10, Windows Server 2016
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.localizationpriority: high
+audience: ITPro
+author: gental-giant
+ms.author: v-hakima
+manager: robsize
+ms.collection: M365-security-compliance
+ms.topic: article
+ms.date: 12/17/2020
+---
+# Windows 11 connection endpoints for non-Enterprise editions
+
+ **Applies to**
+
+- Windows 11
+
+In addition to the endpoints listed for [Windows 11 Enterprise](manage-windows-11-endpoints.md), the following endpoints are available on other non-Enterprise editions of Windows 11.
+
+The following methodology was used to derive the network endpoints:
+
+1. Set up the latest version of Windows 11 on a test virtual machine using the default settings.
+2. Leave the device(s) running idle for a week ("idle" means a user is not interacting with the system/device).
+3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic.
+4. Compile reports on traffic going to public IP addresses.
+5. The test virtual machine(s) was logged into using a local account, and was not joined to a domain or Azure Active Directory.
+6. All traffic was captured in our lab using a IPV4 network. Therefore, no IPV6 traffic is reported here.
+7. These tests were conducted in an approved Microsoft lab. It's possible your results may be different.
+8. These tests were conducted for one week. If you capture traffic for longer, you may have different results.
+
+> [!NOTE]
+> Microsoft uses global load balancers that can appear in network trace-routes. For example, an endpoint for *.akadns.net might be used to load balance requests to an Azure datacenter, which can change over time.
+
+## Windows 11 Family
+
+| **Area** | **Description** | **Protocol** | **Destination** |
+|-----------|--------------- |------------- |-----------------|
+| Activity Feed Service |The following endpoints are used by Activity Feed Service, which enables multiple cross-device data roaming scenarios on Windows|TLSv1.2/HTTPS/HTTP|activity.windows.com|
+|Apps|The following endpoints are used for the Weather app.|TLSv1.2/HTTPS/HTTP|tile-service.weather.microsoft.com|
+||The following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office in a browser.|TLSv1.2/HTTPS/HTTP|evoke-windowsservices-tas.msedge.net|
+||The following endpoint is used for OneNote Live Tile.|HTTPS/HTTP|cdn.onenote.net|
+||Used for Spotify Live Tile|HTTPS/HTTP|spclient.wg.spotify.com|
+|Certificates|The following endpoint is used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available.|TLSv1.2/HTTPS/HTTP|ctldl.windowsupdate.com/*|
+|Cortana and Live Tiles|The following endpoints are related to Cortana and Live Tiles|TLSv1.2/HTTPS/HTTP|www.bing.com*|
+|||HTTPS/HTTP|fp.msedge.net|
+|||HTTPS/HTTP|k-ring.msedge.net|
+|||TLSv1.2|b-ring.msedge.net|
+|Device authentication|The following endpoint is used to authenticate a device.|HTTPS|login.live.com*|
+|Device Directory Service|Used by Device Directory Service to keep track of user-device associations and storing metadata about the devices.|HTTPS/HTTP|cs.dds.microsoft.com|
+|Device metadata|The following endpoint is used to retrieve device metadata.|TLSv1.2/HTTP|dmd.metaservices.microsoft.com|
+|Diagnostic data|The following endpoints are used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service. If you turn off traffic for this endpoint, diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, will not be sent back to Microsoft.|TLSv1.2/HTTP|v10.events.data.microsoft.com|
+||The following endpoints are used by Windows Error Reporting.|TLSv1.2/HTTPS/HTTP|watson.telemetry.microsoft.com|
+|Font Streaming|The following endpoints are used to download fonts on demand.|TLSv1.2/HTTPS|fs.microsoft.com*|
+|Licensing|The following endpoint is used for online activation and some app licensing.|HTTPS/HTTP|*licensing.mp.microsoft.com|
+|||HTTPS|licensing.mp.microsoft.com/v7.0/licenses/content|
+|Location|The following endpoints are used for location data.|TLSV1.2|inference.location.live.net|
+|Maps|The following endpoints are used to check for updates to maps that have been downloaded for offline use.|HTTPS/HTTP|maps.windows.com|
+|||HTTPS/HTTP|*.ssl.ak.dynamic.tiles.virtualearth.net|
+|||HTTPS/HTTP|*.ssl.ak.tiles.virtualearth.net|
+|||HTTPS/HTTP|dev.virtualearth.net|
+|||HTTPS/HTTP|ecn.dev.virtualearth.net|
+|||HTTPS/HTTP|ssl.bing.com|
+|Microsoft Account|The following endpoints are used for Microsoft accounts to sign in|TLSv1.2/HTTPS/HTTP|*login.live.com|
+|Microsoft Edge| This network traffic is related to the Microsoft Edge browser. The Microsoft Edge browser requires these endpoint to contact external websites.|HTTPS/HTTP|edge.activity.windows.com edge.microsoft.com|
+|Microsoft Edge|The following endpoint is used by Microsoft Edge Update service to check for new updates. If you disable this endpoint, Microsoft Edge won’t be able to check for and apply new edge updates.|HTTPS/HTTP|msedge.api.cdp.microsoft.com|
+|Microsoft Store|The following endpoint is used to download image files that are called when applications run (Microsoft Store or Inbox MSN Apps)|TLSv1.2/HTTPS/HTTP|img-prod-cms-rt-microsoft-com.akamaized.net|
+||The following endpoint is used for the Windows Push Notification Services (WNS). WNS enables third-party developers to send toast, tile, badge, and raw updates from their own cloud service. This provides a mechanism to deliver new updates to your users in a power-efficient and dependable way.|TLSv1.2/HTTPS|*.wns.windows.com|
+||The following endpoint is used to revoke licenses for malicious apps in the Microsoft Store.|TLSv1.2/HTTPS/HTTP|storecatalogrevocation.storequality.microsoft.com|
+||The following endpoints are used to communicate with Microsoft Store.|TLSv1.2/HTTPS/HTTP|*displaycatalog.mp.microsoft.com|
+|||HTTPS|pti.store.microsoft.com|
+|||HTTPS|storesdk.dsx.mp.microsoft.com|
+||The following endpoint is used to get Microsoft Store analytics.|TLSv1.2/HTTPS/HTTP|manage.devcenter.microsoft.com|
+||The following endpoints are used get images that are used for Microsoft Store suggestions|TLSv1.2|store-images.s-microsoft.com|
+|Network Connection Status Indicator (NCSI)|Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to this endpoint to determine if the device can communicate with the Internet.|TLSv1.2/HTTP|www.msftconnecttest.com*|
+|Office|The following endpoints are used to connect to the Office 365 portal's shared infrastructure, including Office in a browser.|TLSv1.2/HTTPS/HTTP|outlook.office365.com|
+|||TLSv1.2/HTTPS|office.com|
+|||TLSv1.2/HTTPS|blobs.officehome.msocdn.com|
+|||HTTPS/HTTP|officehomeblobs.blob.core.windows.net|
+|||HTTP/HTTPS|*.blob.core.windows.net|
+|||TLSv1.2|self.events.data.microsoft.com|
+|||HTTPS/HTTP|outlookmobile-office365-tas.msedge.net|
+|||HTTP|roaming.officeapps.live.com|
+|||HTTPS/HTTP|substrate.office.com|
+|OneDrive|The following endpoints are related to OneDrive.|HTTPS|g.live.com|
+|||TLSv1.2/HTTPS|oneclient.sfx.ms|
+|||HTTPS/TLSv1.2|logincdn.msauth.net|
+|||HTTPS/HTTP|windows.policies.live.net|
+|||HTTPS/HTTP|api.onedrive.com|
+|||HTTPS/HTTP|skydrivesync.policies.live.net|
+|||HTTPS/HTTP|*storage.live.com|
+|||HTTPS/HTTP|*settings.live.net|
+|Settings|The following endpoint is used as a way for apps to dynamically update their configuration. Apps such as System Initiated User Feedback and the Xbox app use it.|TLSv1.2/HTTPS/HTTP|settings.data.microsoft.com*|
+|||TLSv1.2/HTTPS/HTTP|settings-win.data.microsoft.com*|
+|Skype|The following endpoint is used to retrieve Skype configuration values.|TLSv1.2/HTTPS/HTTP|*.pipe.aria.microsoft.com|
+|||TLSv1.2/HTTPS/HTTP|config.edge.skype.com|
+|Teams|The following endpoint is used for Microsoft Teams application.|TLSv1.2/HTTPS/HTTP|config.teams.microsoft.com|
+|Microsoft Defender Antivirus|The following endpoints are used for Windows Defender when Cloud-based Protection is enabled|TLSv1.2/HTTPS|wdcp.microsoft.com wdcpalt.microsoft.com|
+|||HTTPS/HTTP|*.smartscreen-prod.microsoft.com|
+|||TLSv1.2|definitionupdates.microsoft.com|
+||The following endpoints are used for Windows Defender SmartScreen reporting and notifications.|TLSv1.2|*.smartscreen.microsoft.com|
+|||TLSv1.2/HTTP|checkappexec.microsoft.com|
+|Windows Spotlight|The following endpoints are used to retrieve Windows Spotlight metadata that describes content, such as references to image locations, as well as suggested apps, Microsoft account notifications, and Windows tips.|TLSv1.2/HTTPS/HTTP|arc.msn.com*ris.api.iris.microsoft.com|
+|||HTTPS|mucp.api.account.microsoft.com|
+|Windows Update|The following endpoint is used for Windows Update downloads of apps and OS updates, including HTTP downloads or HTTP downloads blended with peers.|TLSv1.2/HTTPS/HTTP|*.prod.do.dsp.mp.microsoft.com|
+|||TLSv1.2/HTTP|emdl.ws.microsoft.com|
+|||TLSv1.2/HTTPS/HTTP|*.dl.delivery.mp.microsoft.com|
+||The following endpoints are used to download operating system patches, updates, and apps from Microsoft Store.|TLSv1.2/HTTP|*.windowsupdate.com|
+|||TLSv1.2/HTTPS/HTTP|*.delivery.mp.microsoft.com|
+||The following endpoints enable connections to Windows Update, Microsoft Update, and the online services of the Store to help keep the device secure.|TLSv1.2/HTTPS/HTTP|*.update.microsoft.com|
+||The following endpoint is used for compatibility database updates for Windows.|HTTP/HTTPS|adl.windows.com|
+||The following endpoint is used for content regulation.|TLSv1.2/HTTPS/HTTP|tsfe.trafficshaping.dsp.mp.microsoft.com|
+|Xbox Live|The following endpoints are used for Xbox Live.|TLSv1.2/HTTPS/HTTP|dlassets-ssl.xboxlive.com|
+|||TLSv1.2/HTTPS|da.xboxservices.com|
+|||HTTPS|www.xboxab.com|
+
+
+## Windows 11 Pro
+
+| **Area** | **Description** | **Protocol** | **Destination** |
+| --- | --- | --- | ---|
+| Activity Feed Service |The following endpoints are used by Activity Feed Service, which enables multiple cross-device data roaming scenarios on Windows|TLSv1.2/HTTPS/HTTP|activity.windows.com|
+|Apps|The following endpoints are used for the Weather app.|TLSv1.2/HTTPS/HTTP|tile-service.weather.microsoft.com|
+||The following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office in a browser.|TLSv1.2/HTTPS/HTTP|evoke-windowsservices-tas.msedge.net|
+||The following endpoint is used for OneNote Live Tile.|HTTPS/HTTP|cdn.onenote.net|
+||Used for Spotify Live Tile|HTTPS/HTTP|spclient.wg.spotify.com|
+|Certificates|The following endpoint is used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available.|TLSv1.2/HTTPS/HTTP|ctldl.windowsupdate.com/*|
+|Cortana and Live Tiles|The following endpoints are related to Cortana and Live Tiles|TLSv1.2/HTTPS/HTTP|www.bing.com*|
+|Device authentication|The following endpoint is used to authenticate a device.|HTTPS|login.live.com*|
+|Device metadata|The following endpoint is used to retrieve device metadata.|TLSv1.2/HTTP|dmd.metaservices.microsoft.com|
+|Diagnostic data|The following endpoints are used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service. If you turn off traffic for this endpoint, diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, will not be sent back to Microsoft. |TLSv1.2/HTTP|v10.events.data.microsoft.com|
+||The following endpoints are used by Windows Error Reporting.|TLSv1.2/HTTPS/HTTP|watson.telemetry.microsoft.com|
+|Font Streaming|The following endpoints are used to download fonts on demand.|TLSv1.2/HTTPS|fs.microsoft.com*|
+|Licensing|The following endpoint is used for online activation and some app licensing.|HTTPS/HTTP|*licensing.mp.microsoft.com|
+|Maps|The following endpoints are used to check for updates to maps that have been downloaded for offline use.|HTTPS/HTTP|maps.windows.com|
+|Microsoft Account|The following endpoints are used for Microsoft accounts to sign in. |TLSv1.2/HTTPS/HTTP|*login.live.com|
+|Microsoft Edge|The following endpoint is used by Microsoft Edge Update service to check for new updates. If you disable this endpoint, Microsoft Edge won’t be able to check for and apply new edge updates. |HTTPS/HTTP|msedge.api.cdp.microsoft.com|
+|Microsoft Store|The following endpoint is used to download image files that are called when applications run (Microsoft Store or Inbox MSN Apps)|TLSv1.2/HTTPS/HTTP|img-prod-cms-rt-microsoft-com.akamaized.net|
+||The following endpoint is used for the Windows Push Notification Services (WNS). WNS enables third-party developers to send toast, tile, badge, and raw updates from their own cloud service. This provides a mechanism to deliver new updates to your users in a power-efficient and dependable way.|TLSv1.2/HTTPS|*.wns.windows.com|
+||The following endpoint is used to revoke licenses for malicious apps in the Microsoft Store.|TLSv1.2/HTTPS/HTTP|storecatalogrevocation.storequality.microsoft.com|
+||The following endpoints are used to communicate with Microsoft Store.|TLSv1.2/HTTPS/HTTP|*displaycatalog.mp.microsoft.com|
+|||HTTPS|pti.store.microsoft.com|
+|||HTTPS|storesdk.dsx.mp.microsoft.com|
+||The following endpoint is used to get Microsoft Store analytics.|TLSv1.2/HTTPS/HTTP|manage.devcenter.microsoft.com|
+|Network Connection Status Indicator (NCSI)|Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to this endpoint to determine if the device can communicate with the Internet.|TLSv1.2/HTTP|www.msftconnecttest.com*|
+|Office|The following endpoints are used to connect to the Office 365 portal's shared infrastructure, including Office in a browser.|TLSv1.2/HTTPS/HTTP|outlook.office365.com|
+|||TLSv1.2/HTTPS|office.com|
+|||TLSv1.2/HTTPS|blobs.officehome.msocdn.com|
+|||HTTPS/HTTP|officehomeblobs.blob.core.windows.net|
+|||HTTP/HTTPS|*.blob.core.windows.net|
+|||TLSv1.2|self.events.data.microsoft.com|
+|||HTTPS/HTTP|outlookmobile-office365-tas.msedge.net|
+|||TLSv1.2/HTTPS/HTTP|officeclient.microsoft.com|
+|||HTTPS/HTTP|substrate.office.com|
+|OneDrive|The following endpoints are related to OneDrive.|HTTPS|g.live.com|
+|||TLSv1.2/HTTPS|oneclient.sfx.ms|
+|||HTTPS/TLSv1.2|logincdn.msauth.net|
+|||HTTPS/HTTP|windows.policies.live.net|
+|||HTTPS/HTTP|*storage.live.com|
+|||HTTPS/HTTP|*settings.live.net|
+|Settings|The following endpoint is used as a way for apps to dynamically update their configuration. Apps such as System Initiated User Feedback and the Xbox app use it.|TLSv1.2/HTTPS/HTTP|settings.data.microsoft.com*|
+|||TLSv1.2/HTTPS/HTTP|settings-win.data.microsoft.com*|
+|Skype|The following endpoint is used to retrieve Skype configuration values.|TLSv1.2/HTTPS/HTTP|*.pipe.aria.microsoft.com|
+|||TLSv1.2/HTTPS/HTTP|config.edge.skype.com|
+|Teams|The following endpoint is used for Microsoft Teams application.|TLSv1.2/HTTPS/HTTP|config.teams.microsoft.com|
+|Microsoft Defender Antivirus|The following endpoints are used for Windows Defender when Cloud-based Protection is enabled|TLSv1.2/HTTPS|wdcp.microsoft.comwdcpalt.microsoft.com|
+|||HTTPS/HTTP|*.smartscreen-prod.microsoft.com|
+||The following endpoints are used for Windows Defender SmartScreen reporting and notifications.|TLSv1.2|*.smartscreen.microsoft.com|
+|||TLSv1.2/HTTP|checkappexec.microsoft.com|
+|Windows Spotlight|The following endpoints are used to retrieve Windows Spotlight metadata that describes content, such as references to image locations, as well as suggested apps, Microsoft account notifications, and Windows tips.|TLSv1.2/HTTPS/HTTP|arc.msn.com*ris.api.iris.microsoft.com|
+|Windows Update|The following endpoint is used for Windows Update downloads of apps and OS updates, including HTTP downloads or HTTP downloads blended with peers.|TLSv1.2/HTTPS/HTTP|*.prod.do.dsp.mp.microsoft.com|
+|||TLSv1.2/HTTP|emdl.ws.microsoft.com|
+|||TLSv1.2/HTTPS/HTTP|*.dl.delivery.mp.microsoft.com|
+||The following endpoints are used to download operating system patches, updates, and apps from Microsoft Store.|TLSv1.2/HTTP|*.windowsupdate.com|
+|||TLSv1.2/HTTPS/HTTP|*.delivery.mp.microsoft.com|
+||The following endpoints enable connections to Windows Update, Microsoft Update, and the online services of the Store to help keep the device secure.|TLSv1.2/HTTPS/HTTP|*.update.microsoft.com|
+||The following endpoint is used for compatibility database updates for Windows.|HTTP/HTTPS|adl.windows.com|
+||The following endpoint is used for content regulation.|TLSv1.2/HTTPS/HTTP|tsfe.trafficshaping.dsp.mp.microsoft.com|
+|Xbox Live|The following endpoints are used for Xbox Live.|TLSv1.2/HTTPS/HTTP|dlassets-ssl.xboxlive.com|
+|||TLSv1.2/HTTPS|da.xboxservices.com|
+
+
+
+
+## Windows 11 Education
+
+| **Area** | **Description** | **Protocol** | **Destination** |
+| --- | --- | --- | ---|
+| Activity Feed Service |The following endpoints are used by Activity Feed Service, which enables multiple cross-device data roaming scenarios on Windows|TLSv1.2/HTTPS/HTTP|activity.windows.com|
+|Apps|The following endpoints are used for the Weather app.|TLSv1.2/HTTPS/HTTP|tile-service.weather.microsoft.com|
+||The following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office in a browser.|TLSv1.2/HTTPS/HTTP|evoke-windowsservices-tas.msedge.net|
+||The following endpoint is used for OneNote Live Tile.|HTTPS/HTTP|cdn.onenote.net|
+|Bing Search|The following endpoint is used by Microsoft Search in Bing enabling users to search across files, SharePoint sites, OneDrive content, Teams and Yammer conversations, and other shared data sources in an organization, as well as the web.|HTTPS|business.bing.com|
+|Certificates|The following endpoint is used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available.|TLSv1.2/HTTPS/HTTP|ctldl.windowsupdate.com/*|
+|Cortana and Live Tiles|The following endpoints are related to Cortana and Live Tiles|TLSv1.2/HTTPS/HTTP|www.bing.com*|
+|||HTTPS/HTTP|fp.msedge.net|
+|||TLSv1.2|odinvzc.azureedge.net|
+|||TLSv1.2|b-ring.msedge.net|
+|Device metadata|The following endpoint is used to retrieve device metadata.|TLSv1.2/HTTP|dmd.metaservices.microsoft.com|
+|Diagnostic data|The following endpoints are used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service. If you turn off traffic for this endpoint, diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, will not be sent back to Microsoft.|TLSv1.2/HTTP|v10.events.data.microsoft.com|
+||The following endpoints are used by Windows Error Reporting.|TLSv1.2/HTTPS/HTTP|watson.telemetry.microsoft.com|
+|Font Streaming|The following endpoints are used to download fonts on demand.|TLSv1.2/HTTPS|fs.microsoft.com*|
+|Licensing|The following endpoint is used for online activation and some app licensing.|HTTPS/HTTP|*licensing.mp.microsoft.com|
+|Location|The following endpoints are used for location data.|TLSV1.2|inference.location.live.net|
+|Maps|The following endpoints are used to check for updates to maps that have been downloaded for offline use.|HTTPS/HTTP|maps.windows.com|
+|Microsoft Account|The following endpoints are used for Microsoft accounts to sign in|TLSv1.2/HTTPS/HTTP|*login.live.com|
+|Microsoft Edge|The following endpoint is used by Microsoft Edge Update service to check for new updates. If you disable this endpoint, Microsoft Edge won’t be able to check for and apply new edge updates.|HTTPS/HTTP|msedge.api.cdp.microsoft.com|
+|Microsoft Store|The following endpoint is used to download image files that are called when applications run (Microsoft Store or Inbox MSN Apps)|TLSv1.2/HTTPS/HTTP|img-prod-cms-rt-microsoft-com.akamaized.net|
+||The following endpoint is used for the Windows Push Notification Services (WNS). WNS enables third-party developers to send toast, tile, badge, and raw updates from their own cloud service. This provides a mechanism to deliver new updates to your users in a power-efficient and dependable way.|TLSv1.2/HTTPS|*.wns.windows.com|
+||The following endpoint is used to revoke licenses for malicious apps in the Microsoft Store.|TLSv1.2/HTTPS/HTTP|storecatalogrevocation.storequality.microsoft.com|
+|||TLSv1.2/HTTPS/HTTP|1storecatalogrevocation.storequality.microsoft.com|
+||The following endpoints are used to communicate with Microsoft Store.|TLSv1.2/HTTPS/HTTP|*displaycatalog.mp.microsoft.com|
+|||HTTPS|pti.store.microsoft.com|
+|||HTTPS|storesdk.dsx.mp.microsoft.com|
+||The following endpoint is used to get Microsoft Store analytics.|TLSv1.2/HTTPS/HTTP|manage.devcenter.microsoft.com|
+|Network Connection Status Indicator (NCSI)|Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to this endpoint to determine if the device can communicate with the Internet.|TLSv1.2/HTTP|www.msftconnecttest.com*|
+|Office|The following endpoints are used to connect to the Office 365 portal's shared infrastructure, including Office in a browser.|TLSv1.2/HTTPS|office.com|
+|||HTTPS/HTTP|officehomeblobs.blob.core.windows.net|
+|||TLSv1.2|self.events.data.microsoft.com|
+|OneDrive|The following endpoints are related to OneDrive.|HTTPS|g.live.com|
+|||TLSv1.2/HTTPS|oneclient.sfx.ms|
+|||HTTPS/TLSv1.2|logincdn.msauth.net|
+|Settings|The following endpoint is used as a way for apps to dynamically update their configuration. Apps such as System Initiated User Feedback and the Xbox app use it.|TLSv1.2/HTTPS/HTTP|settings.data.microsoft.com*|
+|||TLSv1.2/HTTPS/HTTP|settings-win.data.microsoft.com*|
+|Skype|The following endpoint is used to retrieve Skype configuration values.|TLSv1.2/HTTPS/HTTP|*.pipe.aria.microsoft.com|
+|||TLSv1.2/HTTPS/HTTP|config.edge.skype.com|
+|Teams|The following endpoint is used for Microsoft Teams application.|TLSv1.2/HTTPS/HTTP|config.teams.microsoft.com|
+|Microsoft Defender Antivirus|The following endpoints are used for Windows Defender when Cloud-based Protection is enabled|TLSv1.2/HTTPS|wdcp.microsoft.comwdcpalt.microsoft.com|
+|||HTTPS/HTTP|*.smartscreen-prod.microsoft.com|
+||The following endpoints are used for Windows Defender SmartScreen reporting and notifications.|TLSv1.2|*.smartscreen.microsoft.com|
+|||TLSv1.2/HTTP|checkappexec.microsoft.com|
+|Windows Spotlight|The following endpoints are used to retrieve Windows Spotlight metadata that describes content, such as references to image locations, as well as suggested apps, Microsoft account notifications, and Windows tips.|TLSv1.2/HTTPS/HTTP|arc.msn.com*ris.api.iris.microsoft.com|
+|Windows Update|The following endpoint is used for Windows Update downloads of apps and OS updates, including HTTP downloads or HTTP downloads blended with peers.|TLSv1.2/HTTPS/HTTP|*.prod.do.dsp.mp.microsoft.com|
+|||TLSv1.2/HTTP|emdl.ws.microsoft.com|
+|||TLSv1.2/HTTPS/HTTP|*.dl.delivery.mp.microsoft.com|
+||The following endpoints are used to download operating system patches, updates, and apps from Microsoft Store.|TLSv1.2/HTTP|*.windowsupdate.com|
+|||TLSv1.2/HTTPS/HTTP|*.delivery.mp.microsoft.com|
+||The following endpoints enable connections to Windows Update, Microsoft Update, and the online services of the Store to help keep the device secure.|TLSv1.2/HTTPS/HTTP|*.update.microsoft.com|
+||The following endpoint is used for compatibility database updates for Windows.|HTTP/HTTPS|adl.windows.com|
+||The following endpoint is used for content regulation.|TLSv1.2/HTTPS/HTTP|tsfe.trafficshaping.dsp.mp.microsoft.com|
+|Xbox Live|The following endpoints are used for Xbox Live.|TLSv1.2/HTTPS/HTTP|dlassets-ssl.xboxlive.com|
+|||TLSv1.2/HTTPS|da.xboxservices.com|
diff --git a/windows/privacy/windows-diagnostic-data.md b/windows/privacy/windows-diagnostic-data.md
index f80e09a6a4..11c346e2e5 100644
--- a/windows/privacy/windows-diagnostic-data.md
+++ b/windows/privacy/windows-diagnostic-data.md
@@ -1,5 +1,5 @@
---
-title: Windows 10, version 1709 and newer optional diagnostic data (Windows 10)
+title: Windows 10, version 1709 and Windows 11 and later optional diagnostic data (Windows 10)
description: Use this article to learn about the types of optional diagnostic data that is collected.
keywords: privacy,Windows 10
ms.prod: w10
@@ -15,9 +15,10 @@ ms.topic: article
ms.reviewer:
---
-# Windows 10, version 1709 and newer optional diagnostic data
+# Windows 10, version 1709 and later and Windows 11 optional diagnostic data
Applies to:
+- Windows 11
- Windows 10, version 20H2
- Windows 10, version 2004
- Windows 10, version 1909
@@ -26,7 +27,7 @@ Applies to:
- Windows 10, version 1803
- Windows 10, version 1709
-Microsoft uses Windows diagnostic data to keep Windows secure and up-to-date, troubleshoot problems, and make product improvements. For users who have turned on "Tailored experiences", it can also be used to offer you personalized tips, ads, and recommendations to enhance Microsoft products and services for your needs. This article describes all types of diagnostic data collected by Windows at the Full level (inclusive of data collected at Basic), with comprehensive examples of data we collect per each type. For additional, detailed technical descriptions of Basic data items, see [Windows 10, version 20H2 required diagnostic events and fields](/windows/configuration/basic-level-windows-diagnostic-events-and-fields).
+Microsoft uses Windows diagnostic data to keep Windows secure and up-to-date, troubleshoot problems, and make product improvements. For users who have turned on "Tailored experiences", it can also be used to offer you personalized tips, ads, and recommendations to enhance Microsoft products and services for your needs. This article describes all types of optional diagnostic data collected by Windows, with comprehensive examples of data we collect per each type. For additional, detailed technical descriptions of Basic data items, see [Windows 11 required diagnostic events and fields](/windows/privacy/required-windows-11-diagnostic-events-and-fields).
In addition, this article provides references to equivalent definitions for the data types and examples from [ISO/IEC 19944-1:2020 Information technology - Cloud computing - Cloud services and devices: Data flow, data categories, and data use](https://www.iso.org/standard/79573.html). Each data type also has a Data Use statement, for diagnostics and for Tailored experiences on the device, using the terms as defined by the standard. These Data Use statements define the purposes for which Microsoft processes each type of Windows diagnostic data, using a uniform set of definitions referenced at the end of this document and based on the ISO standard. Reference to the ISO standard provides additional clarity about the information collected, and allows easy comparison with other services or guidance that also references the standard.
@@ -44,7 +45,7 @@ The data covered in this article is grouped into the following types:
Most diagnostic events contain a header of common data. In each example, the info in parentheses provides the equivalent definition for ISO/IEC 19944-1:2020.
**Data Use for Common data extensions**
-Header data supports the use of data associated with all diagnostic events. Therefore, Common data is used to [provide](#provide) Windows 10, and may be used to [improve](#improve), [personalize](#personalize), [recommend](#recommend), [offer](#offer), or [promote](#promote) Microsoft and third-party products and services, depending on the uses described in the **Data Use** statements for each data category.
+Header data supports the use of data associated with all diagnostic events. Therefore, Common data is used to [provide](#provide) Windows 10 and Windows 11, and may be used to [improve](#improve), [personalize](#personalize), [recommend](#recommend), [offer](#offer), or [promote](#promote) Microsoft and third-party products and services, depending on the uses described in the **Data Use** statements for each data category.
### Data Description for Common data extensions type
@@ -52,7 +53,7 @@ Header data supports the use of data associated with all diagnostic events. Ther
Information that is added to most diagnostic events, if relevant and available:
-- Diagnostic level - Basic or Full, Sample level - for sampled data, what sample level is this device opted into (8.2.3.2.4 Observed Usage of the Service Capability)
+- Diagnostic level - Required or Optional, Sample level - for sampled data, what sample level is this device opted into (8.2.3.2.4 Observed Usage of the Service Capability)
- Operating system name, version, build, and locale (8.2.3.2.2 Telemetry data)
- Event collection time (8.2.3.2.2 Telemetry data)
- User ID - a unique identifier associated with the user's Microsoft Account (if one is used) or local account. The user's Microsoft Account identifier is not collected from devices configured to send Basic - diagnostic data (8.2.5 Account data)
@@ -71,7 +72,7 @@ This type of data includes details about the device, its configuration and conne
### Data Use for Device, Connectivity, and Configuration data
**For Diagnostics:**
-[Pseudonymized](#pseudo) Device, Connectivity, and Configuration data from Windows 10 is used by Microsoft to [provide](#provide) and [improve](#improve) Windows 10 and related Microsoft products and services. For example:
+[Pseudonymized](#pseudo) Device, Connectivity, and Configuration data from Windows 10 and Windows 11 is used by Microsoft to [provide](#provide) and [improve](#improve) Windows 10 and Windows 11 and related Microsoft products and services. For example:
- Device, Connectivity, and Configuration data is used to understand the unique device characteristics that can contribute to an error experienced on the device, to identify patterns, and to more quickly resolve problems that impact devices with unique hardware, capabilities, or settings. For example:
@@ -81,10 +82,10 @@ This type of data includes details about the device, its configuration and conne
- Data about device properties, such as the operating system version and available memory, is used to determine whether the device is due to, and able to, receive a Windows update.
- Data about device peripherals is used to determine whether a device has installed drivers that might be negatively impacted by a Windows update.
-- Data about which devices, peripherals, and settings are most-used by customers, is used to prioritize Windows 10 improvements to determine the greatest positive impact to the most Windows 10 users.
+- Data about which devices, peripherals, and settings are most-used by customers, is used to prioritize Windows 10 and Windows 11 improvements to determine the greatest positive impact to the most Windows 10 and Windows 11 users.
**With (optional) Tailored experiences:**
-If a user has enabled Tailored experiences on the device, [Pseudonymized](#pseudo) Device, Connectivity, and Configuration data from Windows 10 is used by Microsoft to [personalize](#personalize), [recommend](#recommend), and [offer](#offer) Microsoft products and services to Windows 10 users. Also, if a user has enabled Tailored experiences on the device, [Pseudonymized](#pseudo) Device, Connectivity, and Configuration data from Windows 10 is used by Microsoft to [promote](#promote) third-party Windows apps, services, hardware, and peripherals to Windows 10 users. For example:
+If a user has enabled Tailored experiences on the device, [Pseudonymized](#pseudo) Device, Connectivity, and Configuration data from Windows 10 and Windows 11 is used by Microsoft to [personalize](#personalize), [recommend](#recommend), and [offer](#offer) Microsoft products and services to Windows 10 and Windows 11 users. Also, if a user has enabled Tailored experiences on the device, [Pseudonymized](#pseudo) Device, Connectivity, and Configuration data from Windows 10 and Windows 11 is used by Microsoft to [promote](#promote) third-party Windows apps, services, hardware, and peripherals to Windows 10 and Windows 11users. For example:
- Data about device properties and capabilities is used to provide tips about how to use or configure the device to get the best performance and user experience.
@@ -183,17 +184,17 @@ This type of data includes details about the usage of the device, operating syst
### Data Use for Product and Service Usage data
**For Diagnostics:**
-[Pseudonymized](#pseudo) Product and Service Usage data from Windows 10 is used by Microsoft to [provide](#provide) and [improve](#improve) Windows 10 and related Microsoft product and services. For example:
+[Pseudonymized](#pseudo) Product and Service Usage data from Windows 10 and Windows 11 is used by Microsoft to [provide](#provide) and [improve](#improve) Windows 10 and Windows 11 and related Microsoft product and services. For example:
-- Data about the specific apps that are in-use when an error occurs is used to troubleshoot and repair issues with Windows features and Microsoft apps.
-- Data about the specific apps that are most-used by customers, is used to prioritize Windows 10 improvements to determine the greatest positive impact to the most Windows 10 users.
+- Data about the specific apps that are in-use when an error occurs is used to troubleshoot and repair issues with Windows features and Microsoft apps.
+- Data about the specific apps that are most-used by customers, is used to prioritize Windows 10 and Windows 11 improvements to determine the greatest positive impact to the most Windows 10 and Windows 11 users.
- Data about whether devices have Suggestions turned off from the **Settings Phone** screen is to improve the Suggestions feature.
- Data about whether a user canceled the authentication process in their browser is used to help troubleshoot issues with and improve the authentication process.
- Data about when and what feature invoked Cortana is used to prioritize efforts for improvement and innovation in Cortana.
- Data about when a context menu in the photo app is closed is used to troubleshoot and improve the photo app.
**With (optional) Tailored experiences:**
-If a user has enabled Tailored experiences on the device, [pseudonymized](#pseudo) Product and Service Usage data from Windows 10 is used by Microsoft to [personalize](#personalize), [recommend](#recommend), and [offer](#offer) Microsoft products and services to Windows 10 users. Also, if a user has enabled Tailored experiences on the device, [pseudonymized](#pseudo) Product and Service Usage data from Windows 10 is used by Microsoft to [promote](#promote) third-party Windows apps, services, hardware, and peripherals to Windows 10 users. For example:
+If a user has enabled Tailored experiences on the device, [pseudonymized](#pseudo) Product and Service Usage data from Windows 10 and Windows 11 is used by Microsoft to [personalize](#personalize), [recommend](#recommend), and [offer](#offer) Microsoft products and services to Windows 10 and Windows 11 users. Also, if a user has enabled Tailored experiences on the device, [pseudonymized](#pseudo) Product and Service Usage data from Windows 10 and Windows 11 is used by Microsoft to [promote](#promote) third-party Windows apps, services, hardware, and peripherals to Windows 10 and Windows 11 users. For example:
- If data shows that a user has not used a particular feature of Windows, we might recommend that the user try that feature.
- Data about which apps are most-used on a device is used to provide recommendations for similar or complementary (Microsoft or third-party) apps. These apps might be free or paid.
@@ -247,7 +248,7 @@ This type of data includes details about the health of the device, operating sys
### Data Use for Product and Service Performance data
**For Diagnostics:**
-[Pseudonymized](#pseudo) Product and Service Performance data from Windows 10 is used by Microsoft to [provide](#provide) and [improve](#improve) Windows 10 and related Microsoft product and services. For example:
+[Pseudonymized](#pseudo) Product and Service Performance data from Windows 10 and Windows 11 is used by Microsoft to [provide](#provide) and [improve](#improve) Windows 10 and Windows 11 and related Microsoft product and services. For example:
- Data about the reliability of content that appears in the [Windows Spotlight](/windows/configuration/windows-spotlight) (rotating lock screen images) is used for Windows Spotlight reliability investigations.
- Timing data about how quickly Cortana responds to voice commands is used to improve Cortana listening performance.
@@ -255,7 +256,7 @@ This type of data includes details about the health of the device, operating sys
- Data about when an Application Window fails to appear is used to investigate issues with Application Window reliability and performance.
**With (optional) Tailored experiences:**
-If a user has enabled Tailored experiences on the device, [pseudonymized](#pseudo) Product and Service Performance data from Windows 10 is used by Microsoft to [personalize](#personalize), [recommend](#recommend), and [offer](#offer) Microsoft products and services to Windows 10 users. Also, if a user has enabled Tailored experiences on the device, [pseudonymized](#pseudo) Product and Service Performance data from Windows 10 is used by Microsoft to [promote](#promote) third-party Windows apps, services, hardware, and peripherals to Windows 10 users.
+If a user has enabled Tailored experiences on the device, [pseudonymized](#pseudo) Product and Service Performance data from Windows 10 and Windows 11 is used by Microsoft to [personalize](#personalize), [recommend](#recommend), and [offer](#offer) Microsoft products and services to Windows 10 and Windows 11 users. Also, if a user has enabled Tailored experiences on the device, [pseudonymized](#pseudo) Product and Service Performance data from Windows 10 and Windows 11 is used by Microsoft to [promote](#promote) third-party Windows apps, services, hardware, and peripherals to Windows 10 and Windows 11 users.
- Data about battery performance on a device may be used to recommend settings changes that can improve battery performance.
- If data shows a device is running low on file storage, we may recommend Windows-compatible cloud storage solutions to free up space.
@@ -360,7 +361,7 @@ This type of data includes software installation and update information on the d
### Data Use for Software Setup and Inventory data
**For Diagnostics:**
-[Pseudonymized](#pseudo) Software Setup and Inventory data from Windows 10 is used by Microsoft to [provide](#provide) and [improve](#improve) Windows 10 and related Microsoft product and services. For example:
+[Pseudonymized](#pseudo) Software Setup and Inventory data from Windows 10 and Windows 11 is used by Microsoft to [provide](#provide) and [improve](#improve) Windows 10 and Windows 11 and related Microsoft product and services. For example:
- Data about the specific drivers that are installed on a device is used to understand whether there are any hardware or driver compatibility issues that should block or delay a Windows update.
- Data about when a download starts and finishes on a device is used to understand and address download problems.
@@ -368,7 +369,7 @@ This type of data includes software installation and update information on the d
- Data about the antimalware installed on a device is used to understand malware transmissions vectors.
**With (optional) Tailored experiences:**
-If a user has enabled Tailored experiences on the device, [pseudonymized](#pseudo) Software Setup and Inventory data from Windows 10 is used by Microsoft to [personalize](#personalize), [recommend](#recommend), and [offer](#offer) Microsoft products and services to Windows 10 users. Also, if a user has enabled Tailored experiences on the device, [pseudonymized](#pseudo) Software Setup and Inventory data from Windows 10 is used by Microsoft to [promote](#promote) third-party Windows apps, services, hardware, and peripherals to Windows 10 users. For example:
+If a user has enabled Tailored experiences on the device, [pseudonymized](#pseudo) Software Setup and Inventory data from Windows 10 and Windows 11 is used by Microsoft to [personalize](#personalize), [recommend](#recommend), and [offer](#offer) Microsoft products and services to Windows 10 and Windows 11 users. Also, if a user has enabled Tailored experiences on the device, [pseudonymized](#pseudo) Software Setup and Inventory data from Windows 10 and Windows 11 is used by Microsoft to [promote](#promote) third-party Windows apps, services, hardware, and peripherals to Windows 10 and Windows 11 users. For example:
- Data about the specific apps that are installed on a device is used to provide recommendations for similar or complementary apps in the Microsoft Store.
@@ -402,7 +403,7 @@ This type of data includes details about web browsing in the Microsoft browsers.
### Data Use for Browsing History data
**For Diagnostics:**
-[Pseudonymized](#pseudo) Browsing History data from Windows 10 is used by Microsoft to [provide](#provide) and [improve](#improve) Windows 10 and related Microsoft product and services. For example:
+[Pseudonymized](#pseudo) Browsing History data from Windows 10 and Windows 11 is used by Microsoft to [provide](#provide) and [improve](#improve) Windows 10 and Windows 11 and related Microsoft product and services. For example:
- Data about when the **Block Content** dialog box has been shown is used for investigations of blocked content.
- Data about potentially abusive or malicious domains is used to make updates to Microsoft Edge and Windows Defender SmartScreen to warn users about the domain.
@@ -411,7 +412,7 @@ This type of data includes details about web browsing in the Microsoft browsers.
- Data about when a default **Home** page is changed by a user is used to measure which default **Home** pages are the most popular and how often users change the default **Home** page.
**With (optional) Tailored experiences:**
-If a user has enabled Tailored experiences on the device, [pseudonymized](#pseudo) Browsing History data from Windows 10 is used by Microsoft to [personalize](#personalize), [recommend](#recommend), and [offer](#offer) Microsoft products and services to Windows 10 users. Also, if a user has enabled Tailored experiences on the device, [pseudonymized](#pseudo) Browsing History data from Windows 10 is used by Microsoft to [promote](#promote) third-party Windows apps, services, hardware, and peripherals to Windows 10 users. For example:
+If a user has enabled Tailored experiences on the device, [pseudonymized](#pseudo) Browsing History data from Windows 10 and Windows 11 is used by Microsoft to [personalize](#personalize), [recommend](#recommend), and [offer](#offer) Microsoft products and services to Windows 10 and Windows 11 users. Also, if a user has enabled Tailored experiences on the device, [pseudonymized](#pseudo) Browsing History data from Windows 10 and Windows 11 is used by Microsoft to [promote](#promote) third-party Windows apps, services, hardware, and peripherals to Windows 10 and Windows 11 users. For example:
- We might recommend that a user download a compatible app from the Microsoft Store if they have browsed to the related website. For example, if a user uses the Facebook website, we may recommend the Facebook app.
@@ -434,13 +435,13 @@ This type of data gathers details about the voice, inking, and typing input feat
### Data Use for Inking, Typing, and Speech Utterance data
**For Diagnostics:**
-[Anonymized](#anon) Inking, Typing, and Speech Utterance data from Windows 10 is used by Microsoft to [improve](#improve) natural language capabilities in Microsoft products and services. For example:
+[Anonymized](#anon) Inking, Typing, and Speech Utterance data from Windows 10 and Windows 11 is used by Microsoft to [improve](#improve) natural language capabilities in Microsoft products and services. For example:
- Data about words marked as spelling mistakes and replaced with another word from the context menu is used to improve the spelling feature.
- Data about alternate words shown and selected by the user after right-clicking is used to improve the word recommendation feature.
- Data about autocorrected words that were restored back to the original word by the user is used to improve the autocorrect feature.
- Data about whether Narrator detected and recognized a touch gesture is used to improve touch gesture recognition.
-- Data about handwriting samples sent from the Handwriting Panel is used to help Microsoft improve handwriting recognition.
+- Data about handwriting samples sent from the Handwriting Panel is used to help Microsoft improve handwriting recognition.
**With (optional) Tailored experiences:**
@@ -455,7 +456,6 @@ This type of data gathers details about the voice, inking, and typing input feat
- Palm Touch x,y coordinates
- Input latency, missed pen signals, number of frames, strokes, first frame commit time, and sample rate
- Ink strokes written, text before and after the ink insertion point, recognized text entered, input language - processed to remove identifiers, sequencing information, and other data (such as email addresses and - numeric values), which could be used to reconstruct the original content or associate the input to the user
-- Text input from Windows 10 Mobile on-screen keyboards, except from password fields and private sessions - processed to remove identifiers, sequencing information, and other data (such as email addresses and numeric values), which could be used to reconstruct the original content or associate the input to the user
- Text of speech recognition results - result codes and recognized text
- Language and model of the recognizer and the System Speech language
- App ID using speech features
diff --git a/windows/privacy/windows-endpoints-21H1-non-enterprise-editions.md b/windows/privacy/windows-endpoints-21H1-non-enterprise-editions.md
new file mode 100644
index 0000000000..887239462e
--- /dev/null
+++ b/windows/privacy/windows-endpoints-21H1-non-enterprise-editions.md
@@ -0,0 +1,260 @@
+---
+title: Windows 10, version 21H1, connection endpoints for non-Enterprise editions
+description: Explains what Windows 10 endpoints are used in non-Enterprise editions. Specific to Windows 10, version 21H1.
+keywords: privacy, manage connections to Microsoft, Windows 10, Windows Server 2016
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.localizationpriority: high
+audience: ITPro
+author: gental-giant
+ms.author: v-hakima
+manager: robsize
+ms.collection: M365-security-compliance
+ms.topic: article
+ms.date: 12/17/2020
+---
+# Windows 10, version 21H1, connection endpoints for non-Enterprise editions
+
+ **Applies to**
+
+- Windows 10 Home, version 21H1
+- Windows 10 Professional, version 21H1
+- Windows 10 Education, version 21H1
+
+In addition to the endpoints listed for [Windows 10 Enterprise](manage-windows-21H1-endpoints.md), the following endpoints are available on other non-Enterprise editions of Windows 10, version 21H1.
+
+The following methodology was used to derive the network endpoints:
+
+1. Set up the latest version of Windows 10 on a test virtual machine using the default settings.
+2. Leave the device(s) running idle for a week ("idle" means a user is not interacting with the system/device).
+3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic.
+4. Compile reports on traffic going to public IP addresses.
+5. The test virtual machine(s) was logged into using a local account, and was not joined to a domain or Azure Active Directory.
+6. All traffic was captured in our lab using a IPV4 network. Therefore, no IPV6 traffic is reported here.
+7. These tests were conducted in an approved Microsoft lab. It's possible your results may be different.
+8. These tests were conducted for one week. If you capture traffic for longer, you may have different results.
+
+> [!NOTE]
+> Microsoft uses global load balancers that can appear in network trace-routes. For example, an endpoint for *.akadns.net might be used to load balance requests to an Azure datacenter, which can change over time.
+
+## Windows 10 Family
+
+| **Area** | **Description** | **Protocol** | **Destination** |
+|-----------|--------------- |------------- |-----------------|
+| Activity Feed Service |The following endpoints are used by Activity Feed Service, which enables multiple cross-device data roaming scenarios on Windows|TLSv1.2/HTTPS/HTTP|activity.windows.com|
+|Apps|The following endpoints are used for the Weather app.|TLSv1.2/HTTPS/HTTP|tile-service.weather.microsoft.com|
+||The following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office in a browser.|TLSv1.2/HTTPS/HTTP|evoke-windowsservices-tas.msedge.net|
+||The following endpoint is used for OneNote Live Tile.|HTTPS/HTTP|cdn.onenote.net|
+||Used for Spotify Live Tile|HTTPS/HTTP|spclient.wg.spotify.com|
+|Certificates|The following endpoint is used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available.|TLSv1.2/HTTPS/HTTP|ctldl.windowsupdate.com/*|
+|Cortana and Live Tiles|The following endpoints are related to Cortana and Live Tiles|TLSv1.2/HTTPS/HTTP|www.bing.com*|
+|||HTTPS/HTTP|fp.msedge.net|
+|||HTTPS/HTTP|k-ring.msedge.net|
+|||TLSv1.2|b-ring.msedge.net|
+|Device authentication|The following endpoint is used to authenticate a device.|HTTPS|login.live.com*|
+|Device Directory Service|Used by Device Directory Service to keep track of user-device associations and storing metadata about the devices.|HTTPS/HTTP|cs.dds.microsoft.com|
+|Device metadata|The following endpoint is used to retrieve device metadata.|TLSv1.2/HTTP|dmd.metaservices.microsoft.com|
+|Diagnostic data|The following endpoints are used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service. If you turn off traffic for this endpoint, diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, will not be sent back to Microsoft.|TLSv1.2/HTTP|v10.events.data.microsoft.com|
+||The following endpoints are used by Windows Error Reporting.|TLSv1.2/HTTPS/HTTP|watson.telemetry.microsoft.com|
+|Font Streaming|The following endpoints are used to download fonts on demand.|TLSv1.2/HTTPS|fs.microsoft.com*|
+|Licensing|The following endpoint is used for online activation and some app licensing.|HTTPS/HTTP|*licensing.mp.microsoft.com|
+|||HTTPS|licensing.mp.microsoft.com/v7.0/licenses/content|
+|Location|The following endpoints are used for location data.|TLSV1.2|inference.location.live.net|
+|Maps|The following endpoints are used to check for updates to maps that have been downloaded for offline use.|HTTPS/HTTP|maps.windows.com|
+|||HTTPS/HTTP|*.ssl.ak.dynamic.tiles.virtualearth.net|
+|||HTTPS/HTTP|*.ssl.ak.tiles.virtualearth.net|
+|||HTTPS/HTTP|dev.virtualearth.net|
+|||HTTPS/HTTP|ecn.dev.virtualearth.net|
+|||HTTPS/HTTP|ssl.bing.com|
+|Microsoft Account|The following endpoints are used for Microsoft accounts to sign in|TLSv1.2/HTTPS/HTTP|*login.live.com|
+|Microsoft Edge|The following endpoints are used for Microsoft Edge Browser Services.|HTTPS/HTTP|edge.activity.windows.com|
+|||HTTPS/HTTP|edge.microsoft.com|
+||The following endpoint is used by Microsoft Edge Update service to check for new updates.|HTTPS/HTTP|msedge.api.cdp.microsoft.com|
+|Microsoft forward link redirection|The following endpoint is used by the Microsoft forward link redirection service (FWLink) to redirect permanent web links to their actual, sometimes transitory, URL. FWlinks are similar to URL shorteners, just longer|HTTP|go.microsoft.com/fwlink/|
+|||TLSv1.2/HTTPS/HTTP|go.microsoft.com|
+|Microsoft Store|The following endpoint is used to download image files that are called when applications run (Microsoft Store or Inbox MSN Apps)|TLSv1.2/HTTPS/HTTP|img-prod-cms-rt-microsoft-com.akamaized.net|
+||The following endpoint is used for the Windows Push Notification Services (WNS). WNS enables third-party developers to send toast, tile, badge, and raw updates from their own cloud service. This provides a mechanism to deliver new updates to your users in a power-efficient and dependable way.|TLSv1.2/HTTPS|*.wns.windows.com|
+||The following endpoint is used to revoke licenses for malicious apps in the Microsoft Store.|TLSv1.2/HTTPS/HTTP|storecatalogrevocation.storequality.microsoft.com|
+||The following endpoints are used to communicate with Microsoft Store.|TLSv1.2/HTTPS/HTTP|*displaycatalog.mp.microsoft.com|
+|||HTTPS|pti.store.microsoft.com|
+|||HTTPS|storesdk.dsx.mp.microsoft.com|
+||The following endpoint is used to get Microsoft Store analytics.|TLSv1.2/HTTPS/HTTP|manage.devcenter.microsoft.com|
+||The following endpoints are used get images that are used for Microsoft Store suggestions|TLSv1.2|store-images.s-microsoft.com|
+|Network Connection Status Indicator (NCSI)|Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to this endpoint to determine if the device can communicate with the Internet.|TLSv1.2/HTTP|www.msftconnecttest.com*|
+|Office|The following endpoints are used to connect to the Office 365 portal's shared infrastructure, including Office in a browser.|TLSv1.2/HTTPS/HTTP|outlook.office365.com|
+|||TLSv1.2/HTTPS|office.com|
+|||TLSv1.2/HTTPS|blobs.officehome.msocdn.com|
+|||HTTPS/HTTP|officehomeblobs.blob.core.windows.net|
+|||HTTP/HTTPS|*.blob.core.windows.net|
+|||TLSv1.2|self.events.data.microsoft.com|
+|||HTTPS/HTTP|outlookmobile-office365-tas.msedge.net|
+|||HTTP|roaming.officeapps.live.com|
+|||HTTPS/HTTP|substrate.office.com|
+|OneDrive|The following endpoints are related to OneDrive.|HTTPS|g.live.com|
+|||TLSv1.2/HTTPS|oneclient.sfx.ms|
+|||HTTPS/TLSv1.2|logincdn.msauth.net|
+|||HTTPS/HTTP|windows.policies.live.net|
+|||HTTPS/HTTP|api.onedrive.com|
+|||HTTPS/HTTP|skydrivesync.policies.live.net|
+|||HTTPS/HTTP|*storage.live.com|
+|||HTTPS/HTTP|*settings.live.net|
+|Settings|The following endpoint is used as a way for apps to dynamically update their configuration. Apps such as System Initiated User Feedback and the Xbox app use it.|TLSv1.2/HTTPS/HTTP|settings.data.microsoft.com*|
+|||TLSv1.2/HTTPS/HTTP|settings-win.data.microsoft.com*|
+|Skype|The following endpoint is used to retrieve Skype configuration values.|TLSv1.2/HTTPS/HTTP|*.pipe.aria.microsoft.com|
+|||TLSv1.2/HTTPS/HTTP|config.edge.skype.com|
+|Teams|The following endpoint is used for Microsoft Teams application.|TLSv1.2/HTTPS/HTTP|config.teams.microsoft.com|
+|Windows Defender|The following endpoint is used for Windows Defender when Cloud-based Protection is enabled|TLSv1.2/HTTPS|wdcp.microsoft.com|
+||||wdcpalt.microsoft.com|
+|||HTTPS/HTTP|*.smartscreen-prod.microsoft.com|
+|||TLSv1.2|definitionupdates.microsoft.com|
+||The following endpoints are used for Windows Defender SmartScreen reporting and notifications.|TLSv1.2|*.smartscreen.microsoft.com|
+|||TLSv1.2/HTTP|checkappexec.microsoft.com|
+|Windows Spotlight|The following endpoints are used to retrieve Windows Spotlight metadata that describes content, such as references to image locations, as well as suggested apps, Microsoft account notifications, and Windows tips.|TLSv1.2/HTTPS/HTTP|arc.msn.com*|
+|||TLSv1.2/HTTPS/HTTP|ris.api.iris.microsoft.com|
+|||HTTPS|mucp.api.account.microsoft.com|
+|Windows Update|The following endpoint is used for Windows Update downloads of apps and OS updates, including HTTP downloads or HTTP downloads blended with peers.|TLSv1.2/HTTPS/HTTP|*.prod.do.dsp.mp.microsoft.com|
+|||TLSv1.2/HTTP|emdl.ws.microsoft.com|
+|||TLSv1.2/HTTPS/HTTP|*.dl.delivery.mp.microsoft.com|
+||The following endpoints are used to download operating system patches, updates, and apps from Microsoft Store.|TLSv1.2/HTTP|*.windowsupdate.com|
+|||TLSv1.2/HTTPS/HTTP|*.delivery.mp.microsoft.com|
+||The following endpoints enable connections to Windows Update, Microsoft Update, and the online services of the Store to help keep the device secure.|TLSv1.2/HTTPS/HTTP|*.update.microsoft.com|
+||The following endpoint is used for compatibility database updates for Windows.|HTTP/HTTPS|adl.windows.com|
+||The following endpoint is used for content regulation.|TLSv1.2/HTTPS/HTTP|tsfe.trafficshaping.dsp.mp.microsoft.com|
+|Xbox Live|The following endpoints are used for Xbox Live.|
+|||TLSv1.2/HTTPS/HTTP|dlassets-ssl.xboxlive.com|
+|||TLSv1.2/HTTPS|da.xboxservices.com|
+|||HTTPS|www.xboxab.com|
+|
+
+## Windows 10 Pro
+
+| **Area** | **Description** | **Protocol** | **Destination** |
+| --- | --- | --- | ---|
+| Activity Feed Service |The following endpoints are used by Activity Feed Service, which enables multiple cross-device data roaming scenarios on Windows|TLSv1.2/HTTPS/HTTP|activity.windows.com|
+|Apps|The following endpoints are used for the Weather app.|TLSv1.2/HTTPS/HTTP|tile-service.weather.microsoft.com|
+||The following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office in a browser.|TLSv1.2/HTTPS/HTTP|evoke-windowsservices-tas.msedge.net|
+||The following endpoint is used for OneNote Live Tile.|HTTPS/HTTP|cdn.onenote.net|
+||Used for Spotify Live Tile|HTTPS/HTTP|spclient.wg.spotify.com|
+|Certificates|The following endpoint is used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available.|TLSv1.2/HTTPS/HTTP|ctldl.windowsupdate.com/*|
+|Cortana and Live Tiles|The following endpoints are related to Cortana and Live Tiles|TLSv1.2/HTTPS/HTTP|www.bing.com*|
+|Device authentication|The following endpoint is used to authenticate a device.|HTTPS|login.live.com*|
+|Device metadata|The following endpoint is used to retrieve device metadata.|TLSv1.2/HTTP|dmd.metaservices.microsoft.com|
+|Diagnostic data|The following endpoints are used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service. If you turn off traffic for this endpoint, diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, will not be sent back to Microsoft.|TLSv1.2/HTTP|v10.events.data.microsoft.com|
+||The following endpoints are used by Windows Error Reporting.|TLSv1.2/HTTPS/HTTP|watson.telemetry.microsoft.com|
+|Font Streaming|The following endpoints are used to download fonts on demand.|TLSv1.2/HTTPS|fs.microsoft.com*|
+|Licensing|The following endpoint is used for online activation and some app licensing.|HTTPS/HTTP|*licensing.mp.microsoft.com|
+|Maps|The following endpoints are used to check for updates to maps that have been downloaded for offline use.|HTTPS/HTTP|maps.windows.com|
+|Microsoft Account|The following endpoints are used for Microsoft accounts to sign in|TLSv1.2/HTTPS/HTTP|*login.live.com|
+|Microsoft Edge|The following endpoint is used by Microsoft Edge Update service to check for new updates.|HTTPS/HTTP|msedge.api.cdp.microsoft.com|
+|Microsoft forward link redirection|The following endpoint is used by the Microsoft forward link redirection service (FWLink) to redirect permanent web links to their actual, sometimes transitory, URL. FWlinks are similar to URL shorteners, just longer|TLSv1.2/HTTPS/HTTP|go.microsoft.com|
+|Microsoft Store|The following endpoint is used to download image files that are called when applications run (Microsoft Store or Inbox MSN Apps)|TLSv1.2/HTTPS/HTTP|img-prod-cms-rt-microsoft-com.akamaized.net|
+||The following endpoint is used for the Windows Push Notification Services (WNS). WNS enables third-party developers to send toast, tile, badge, and raw updates from their own cloud service. This provides a mechanism to deliver new updates to your users in a power-efficient and dependable way.|TLSv1.2/HTTPS|*.wns.windows.com|
+||The following endpoint is used to revoke licenses for malicious apps in the Microsoft Store.|TLSv1.2/HTTPS/HTTP|storecatalogrevocation.storequality.microsoft.com|
+||The following endpoints are used to communicate with Microsoft Store.|TLSv1.2/HTTPS/HTTP|*displaycatalog.mp.microsoft.com|
+|||HTTPS|pti.store.microsoft.com|
+|||HTTPS|storesdk.dsx.mp.microsoft.com|
+||The following endpoint is used to get Microsoft Store analytics.|TLSv1.2/HTTPS/HTTP|manage.devcenter.microsoft.com|
+|Network Connection Status Indicator (NCSI)|Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to this endpoint to determine if the device can communicate with the Internet.|TLSv1.2/HTTP|www.msftconnecttest.com*|
+|Office|The following endpoints are used to connect to the Office 365 portal's shared infrastructure, including Office in a browser.|TLSv1.2/HTTPS/HTTP|outlook.office365.com|
+|||TLSv1.2/HTTPS|office.com|
+|||TLSv1.2/HTTPS|blobs.officehome.msocdn.com|
+|||HTTPS/HTTP|officehomeblobs.blob.core.windows.net|
+|||HTTP/HTTPS|*.blob.core.windows.net|
+|||TLSv1.2|self.events.data.microsoft.com|
+|||HTTPS/HTTP|outlookmobile-office365-tas.msedge.net|
+|||TLSv1.2/HTTPS/HTTP|officeclient.microsoft.com|
+|||HTTPS/HTTP|substrate.office.com|
+|OneDrive|The following endpoints are related to OneDrive.|HTTPS|g.live.com|
+|||TLSv1.2/HTTPS|oneclient.sfx.ms|
+|||HTTPS/TLSv1.2|logincdn.msauth.net|
+|||HTTPS/HTTP|windows.policies.live.net|
+|||HTTPS/HTTP|*storage.live.com|
+|||HTTPS/HTTP|*settings.live.net|
+|Settings|The following endpoint is used as a way for apps to dynamically update their configuration. Apps such as System Initiated User Feedback and the Xbox app use it.|TLSv1.2/HTTPS/HTTP|settings.data.microsoft.com*|
+|||TLSv1.2/HTTPS/HTTP|settings-win.data.microsoft.com*|
+|Skype|The following endpoint is used to retrieve Skype configuration values.|TLSv1.2/HTTPS/HTTP|*.pipe.aria.microsoft.com|
+|||TLSv1.2/HTTPS/HTTP|config.edge.skype.com|
+|Teams|The following endpoint is used for Microsoft Teams application.|TLSv1.2/HTTPS/HTTP|config.teams.microsoft.com|
+|Windows Defender|The following endpoint is used for Windows Defender when Cloud-based Protection is enabled|TLSv1.2/HTTPS|wdcp.microsoft.com|
+||||wdcpalt.microsoft.com|
+|||HTTPS/HTTP|*.smartscreen-prod.microsoft.com|
+||The following endpoints are used for Windows Defender SmartScreen reporting and notifications.|TLSv1.2|*.smartscreen.microsoft.com|
+|||TLSv1.2/HTTP|checkappexec.microsoft.com|
+|Windows Spotlight|The following endpoints are used to retrieve Windows Spotlight metadata that describes content, such as references to image locations, as well as suggested apps, Microsoft account notifications, and Windows tips.|TLSv1.2/HTTPS/HTTP|arc.msn.com*|
+|||TLSv1.2/HTTPS/HTTP|ris.api.iris.microsoft.com|
+|Windows Update|The following endpoint is used for Windows Update downloads of apps and OS updates, including HTTP downloads or HTTP downloads blended with peers.|TLSv1.2/HTTPS/HTTP|*.prod.do.dsp.mp.microsoft.com|
+|||TLSv1.2/HTTP|emdl.ws.microsoft.com|
+|||TLSv1.2/HTTPS/HTTP|*.dl.delivery.mp.microsoft.com|
+||The following endpoints are used to download operating system patches, updates, and apps from Microsoft Store.|TLSv1.2/HTTP|*.windowsupdate.com|
+|||TLSv1.2/HTTPS/HTTP|*.delivery.mp.microsoft.com|
+||The following endpoints enable connections to Windows Update, Microsoft Update, and the online services of the Store to help keep the device secure.|TLSv1.2/HTTPS/HTTP|*.update.microsoft.com|
+||The following endpoint is used for compatibility database updates for Windows.|HTTP/HTTPS|adl.windows.com|
+||The following endpoint is used for content regulation.|TLSv1.2/HTTPS/HTTP|tsfe.trafficshaping.dsp.mp.microsoft.com|
+|Xbox Live|The following endpoints are used for Xbox Live.|
+|||TLSv1.2/HTTPS/HTTP|dlassets-ssl.xboxlive.com|
+|||TLSv1.2/HTTPS|da.xboxservices.com|
+|
+
+## Windows 10 Education
+
+| **Area** | **Description** | **Protocol** | **Destination** |
+| --- | --- | --- | ---|
+| Activity Feed Service |The following endpoints are used by Activity Feed Service, which enables multiple cross-device data roaming scenarios on Windows|TLSv1.2/HTTPS/HTTP|activity.windows.com|
+|Apps|The following endpoints are used for the Weather app.|TLSv1.2/HTTPS/HTTP|tile-service.weather.microsoft.com|
+||The following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office in a browser.|TLSv1.2/HTTPS/HTTP|evoke-windowsservices-tas.msedge.net|
+||The following endpoint is used for OneNote Live Tile.|HTTPS/HTTP|cdn.onenote.net|
+|Bing Search|The following endpoint is used by Microsoft Search in Bing enabling users to search across files, SharePoint sites, OneDrive content, Teams and Yammer conversations, and other shared data sources in an organization, as well as the web.|HTTPS|business.bing.com|
+|Certificates|The following endpoint is used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available.|TLSv1.2/HTTPS/HTTP|ctldl.windowsupdate.com/*|
+|Cortana and Live Tiles|The following endpoints are related to Cortana and Live Tiles|TLSv1.2/HTTPS/HTTP|www.bing.com*|
+|||HTTPS/HTTP|fp.msedge.net|
+|||TLSv1.2|odinvzc.azureedge.net|
+|||TLSv1.2|b-ring.msedge.net|
+|Device metadata|The following endpoint is used to retrieve device metadata.|TLSv1.2/HTTP|dmd.metaservices.microsoft.com|
+|Diagnostic data|The following endpoints are used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service. If you turn off traffic for this endpoint, diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, will not be sent back to Microsoft.|TLSv1.2/HTTP|v10.events.data.microsoft.com|
+||The following endpoints are used by Windows Error Reporting.|TLSv1.2/HTTPS/HTTP|watson.telemetry.microsoft.com|
+|Font Streaming|The following endpoints are used to download fonts on demand.|TLSv1.2/HTTPS|fs.microsoft.com*|
+|Licensing|The following endpoint is used for online activation and some app licensing.|HTTPS/HTTP|*licensing.mp.microsoft.com|
+|Location|The following endpoints are used for location data.|TLSV1.2|inference.location.live.net|
+|Maps|The following endpoints are used to check for updates to maps that have been downloaded for offline use.|HTTPS/HTTP|maps.windows.com|
+|Microsoft Account|The following endpoints are used for Microsoft accounts to sign in|TLSv1.2/HTTPS/HTTP|*login.live.com|
+|Microsoft Edge|The following endpoint is used by Microsoft Edge Update service to check for new updates.|HTTPS/HTTP|msedge.api.cdp.microsoft.com|
+|Microsoft forward link redirection|The following endpoint is used by the Microsoft forward link redirection service (FWLink) to redirect permanent web links to their actual, sometimes transitory, URL. FWlinks are similar to URL shorteners, just longer|TLSv1.2/HTTPS/HTTP|go.microsoft.com|
+|Microsoft Store|The following endpoint is used to download image files that are called when applications run (Microsoft Store or Inbox MSN Apps)|TLSv1.2/HTTPS/HTTP|img-prod-cms-rt-microsoft-com.akamaized.net|
+||The following endpoint is used for the Windows Push Notification Services (WNS). WNS enables third-party developers to send toast, tile, badge, and raw updates from their own cloud service. This provides a mechanism to deliver new updates to your users in a power-efficient and dependable way.|TLSv1.2/HTTPS|*.wns.windows.com|
+||The following endpoint is used to revoke licenses for malicious apps in the Microsoft Store.|TLSv1.2/HTTPS/HTTP|storecatalogrevocation.storequality.microsoft.com|
+|||TLSv1.2/HTTPS/HTTP|1storecatalogrevocation.storequality.microsoft.com|
+||The following endpoints are used to communicate with Microsoft Store.|TLSv1.2/HTTPS/HTTP|*displaycatalog.mp.microsoft.com|
+|||HTTPS|pti.store.microsoft.com|
+|||HTTPS|storesdk.dsx.mp.microsoft.com|
+||The following endpoint is used to get Microsoft Store analytics.|TLSv1.2/HTTPS/HTTP|manage.devcenter.microsoft.com|
+|Network Connection Status Indicator (NCSI)|Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to this endpoint to determine if the device can communicate with the Internet.|TLSv1.2/HTTP|www.msftconnecttest.com*|
+|Office|The following endpoints are used to connect to the Office 365 portal's shared infrastructure, including Office in a browser.|TLSv1.2/HTTPS|office.com|
+|||HTTPS/HTTP|officehomeblobs.blob.core.windows.net|
+|||TLSv1.2|self.events.data.microsoft.com|
+|OneDrive|The following endpoints are related to OneDrive.|HTTPS|g.live.com|
+|||TLSv1.2/HTTPS|oneclient.sfx.ms|
+|||HTTPS/TLSv1.2|logincdn.msauth.net|
+|Settings|The following endpoint is used as a way for apps to dynamically update their configuration. Apps such as System Initiated User Feedback and the Xbox app use it.|TLSv1.2/HTTPS/HTTP|settings.data.microsoft.com*|
+|||TLSv1.2/HTTPS/HTTP|settings-win.data.microsoft.com*|
+|Skype|The following endpoint is used to retrieve Skype configuration values.|TLSv1.2/HTTPS/HTTP|*.pipe.aria.microsoft.com|
+|||TLSv1.2/HTTPS/HTTP|config.edge.skype.com|
+|Teams|The following endpoint is used for Microsoft Teams application.|TLSv1.2/HTTPS/HTTP|config.teams.microsoft.com|
+|Windows Defender|The following endpoint is used for Windows Defender when Cloud-based Protection is enabled|TLSv1.2/HTTPS|wdcp.microsoft.com|
+||||wdcpalt.microsoft.com|
+|||HTTPS/HTTP|*.smartscreen-prod.microsoft.com|
+||The following endpoints are used for Windows Defender SmartScreen reporting and notifications.|TLSv1.2|*.smartscreen.microsoft.com|
+|||TLSv1.2/HTTP|checkappexec.microsoft.com|
+|Windows Spotlight|The following endpoints are used to retrieve Windows Spotlight metadata that describes content, such as references to image locations, as well as suggested apps, Microsoft account notifications, and Windows tips.|TLSv1.2/HTTPS/HTTP|arc.msn.com*|
+|||TLSv1.2/HTTPS/HTTP|ris.api.iris.microsoft.com|
+|Windows Update|The following endpoint is used for Windows Update downloads of apps and OS updates, including HTTP downloads or HTTP downloads blended with peers.|TLSv1.2/HTTPS/HTTP|*.prod.do.dsp.mp.microsoft.com|
+|||TLSv1.2/HTTP|emdl.ws.microsoft.com|
+|||TLSv1.2/HTTPS/HTTP|*.dl.delivery.mp.microsoft.com|
+||The following endpoints are used to download operating system patches, updates, and apps from Microsoft Store.|TLSv1.2/HTTP|*.windowsupdate.com|
+|||TLSv1.2/HTTPS/HTTP|*.delivery.mp.microsoft.com|
+||The following endpoints enable connections to Windows Update, Microsoft Update, and the online services of the Store to help keep the device secure.|TLSv1.2/HTTPS/HTTP|*.update.microsoft.com|
+||The following endpoint is used for compatibility database updates for Windows.|HTTP/HTTPS|adl.windows.com|
+||The following endpoint is used for content regulation.|TLSv1.2/HTTPS/HTTP|tsfe.trafficshaping.dsp.mp.microsoft.com|
+|Xbox Live|The following endpoints are used for Xbox Live.|
+|||TLSv1.2/HTTPS/HTTP|dlassets-ssl.xboxlive.com|
+|||TLSv1.2/HTTPS|da.xboxservices.com|
diff --git a/windows/security/identity-protection/access-control/active-directory-security-groups.md b/windows/security/identity-protection/access-control/active-directory-security-groups.md
index f191ffdf77..5ac3dcc651 100644
--- a/windows/security/identity-protection/access-control/active-directory-security-groups.md
+++ b/windows/security/identity-protection/access-control/active-directory-security-groups.md
@@ -2435,6 +2435,9 @@ Members of the Performance Log Users group can manage performance counters, logs
> [!WARNING]
> If you are a member of the Performance Log Users group, you must configure Data Collector Sets that you create to run under your credentials.
+ > [!NOTE]
+ > In Windows Server 2016 or later, Data Collector Sets cannot be created by a member of the Performance Log Users group.
+ > If a member of the Performance Log Users group tries to create Data Collector Sets, they cannot complete creation because access will be denied.
- Cannot use the Windows Kernel Trace event provider in Data Collector Sets.
diff --git a/windows/security/index.yml b/windows/security/index.yml
index 7a5576692b..debbf67a5a 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -1,7 +1,7 @@
### YamlMime:Landing
title: Windows security # < 60 chars
-summary: Windows is a Zero Trust-ready operating system that provides security from chip to cloud. # < 160 chars
+summary: Built with Zero Trust principles at the core to safeguard data and access anywhere, keeping you protected and productive. # < 160 chars
metadata:
title: Windows security # Required; page title displayed in search results. Include the brand. < 60 chars.
diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index 66115fef04..310538cbee 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -17,7 +17,9 @@ ms.date: 09/21/2021
# Windows operating system security
-Security and privacy depend on an operating system that guards your system and information from the moment it starts up, providing fundamental chip-to-cloud protection. Windows 11 is the most secure Windows yet with extensive security measures designed to help keep you safe. These measures include built-in advanced encryption and data protection, robust network and system security, and intelligent safeguards against ever-evolving threats.
+Security and privacy depend on an operating system that guards your system and information from the moment it starts up, providing fundamental chip-to-cloud protection. Windows 11 is the most secure Windows yet with extensive security measures designed to help keep you safe. These measures include built-in advanced encryption and data protection, robust network and system security, and intelligent safeguards against ever-evolving threats.
+
+Watch the latest [Microsoft Mechanics Windows 11 security](https://youtu.be/tg9QUrnVFho) video that shows off some of the latest Windows 11 security technology.
Use the links in the following table to learn more about the operating system security features and capabilities in Windows 11.
diff --git a/windows/security/threat-protection/intelligence/criteria.md b/windows/security/threat-protection/intelligence/criteria.md
index 381dc66ce4..17980ae531 100644
--- a/windows/security/threat-protection/intelligence/criteria.md
+++ b/windows/security/threat-protection/intelligence/criteria.md
@@ -13,6 +13,7 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
+ms.date: 10/04/2021
search.appverid: met150
ms.technology: mde
---
@@ -174,7 +175,7 @@ Microsoft uses specific categories and the category definitions to classify soft
* **Torrent software (Enterprise only):** Software that is used to create or download torrents or other files specifically used with peer-to-peer file-sharing technologies.
-* **Cryptomining software:** Software that uses your device resources to mine cryptocurrencies.
+* **Cryptomining software (Enterprise only):** Software that uses your device resources to mine cryptocurrencies.
* **Bundling software:** Software that offers to install other software that is not developed by the same entity or not required for the software to run. Also, software that offers to install other software that qualifies as PUA based on the criteria outlined in this document.
diff --git a/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md b/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
index e2da88bed6..224fa1dac5 100644
--- a/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
@@ -46,6 +46,9 @@ To sign a WDAC policy with SignTool.exe, you need the following components:
- An internal CA code signing certificate or a purchased code signing certificate
+> [!NOTE]
+> All policies (base and supplemental and single-policy format) must be pkcs7 signed. [PKCS 7 Standard](https://datatracker.ietf.org/doc/html/rfc5652)
+
If you do not have a code signing certificate, see [Optional: Create a code signing certificate for Windows Defender Application Control](create-code-signing-cert-for-windows-defender-application-control.md) for instructions on how to create one. If you use an alternate certificate or WDAC policy, be sure to update the following steps with the appropriate variables and certificate so that the commands will function properly. To sign the existing WDAC policy, copy each of the following commands into an elevated Windows PowerShell session:
1. Initialize the variables that will be used:
diff --git a/windows/security/threat-protection/windows-security-baselines.md b/windows/security/threat-protection/windows-security-baselines.md
deleted file mode 100644
index 8e719f1364..0000000000
--- a/windows/security/threat-protection/windows-security-baselines.md
+++ /dev/null
@@ -1,83 +0,0 @@
----
-title: Windows security baselines
-description: Learn how to use Windows security baselines in your organization. Specific to Windows 10, Windows Server, and Microsoft 365 Apps for enterprise.
-keywords: virtualization, security, malware
-ms.prod: m365-security
-ms.mktglfcycl: deploy
-ms.localizationpriority: medium
-ms.author: dansimp
-author: dulcemontemayor
-manager: dansimp
-audience: ITPro
-ms.collection: M365-security-compliance
-ms.topic: conceptual
-ms.date: 06/25/2018
-ms.reviewer:
-ms.technology: mde
----
-
-# Windows security baselines
-
-**Applies to**
-
-- Windows 10
-- Windows Server
-- Microsoft 365 Apps for enterprise
-- Microsoft Edge
-
-## Using security baselines in your organization
-
-Microsoft is dedicated to providing its customers with secure operating systems, such as Windows 10 and Windows Server, and secure apps, such as Microsoft Edge. In addition to the security assurance of its products, Microsoft also enables you to have fine control over your environments by providing various configuration capabilities.
-
-Even though Windows and Windows Server are designed to be secure out-of-the-box, many organizations still want more granular control over their security configurations. To navigate the large number of controls, organizations need guidance on configuring various security features. Microsoft provides this guidance in the form of security baselines.
-
-We recommend that you implement an industry-standard configuration that is broadly known and well-tested, such as Microsoft security baselines, as opposed to creating a baseline yourself. This helps increase flexibility and reduce costs.
-
-Here is a good blog about [Sticking with Well-Known and Proven Solutions](/archive/blogs/fdcc/sticking-with-well-known-and-proven-solutions).
-
-## What are security baselines?
-
-Every organization faces security threats. However, the types of security threats that are of most concern to one organization can be completely different from another organization. For example, an e-commerce company may focus on protecting its Internet-facing web apps, while a hospital may focus on protecting confidential patient information. The one thing that all organizations have in common is a need to keep their apps and devices secure. These devices must be compliant with the security standards (or security baselines) defined by the organization.
-
-A security baseline is a group of Microsoft-recommended configuration settings that explains their security impact. These settings are based on feedback from Microsoft security engineering teams, product groups, partners, and customers.
-
-## Why are security baselines needed?
-
-Security baselines are an essential benefit to customers because they bring together expert knowledge from Microsoft, partners, and customers.
-
-For example, there are over 3,000 Group Policy settings for Windows 10, which does not include over 1,800 Internet Explorer 11 settings. Of these 4,800 settings, only some are security-related. Although Microsoft provides extensive guidance on different security features, exploring each one can take a long time. You would have to determine the security impact of each setting on your own. Then, you would still need to determine the appropriate value for each setting.
-
-In modern organizations, the security threat landscape is constantly evolving, and IT pros and policy-makers must keep up with security threats and make required changes to Windows security settings to help mitigate these threats. To enable faster deployments and make managing Windows easier, Microsoft provides customers with security baselines that are available in consumable formats, such as Group Policy Objects Backups.
-
-## How can you use security baselines?
-
-You can use security baselines to:
-- Ensure that user and device configuration settings are compliant with the baseline.
-- Set configuration settings. For example, you can use Group Policy, Microsoft Endpoint Configuration Manager, or Microsoft Intune to configure a device with the setting values specified in the baseline.
-
-## Where can I get the security baselines?
-
-You can download the security baselines from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=55319). This download page is for the Security Compliance Toolkit (SCT), which comprises tools that can assist admins in managing baselines in addition to the security baselines.
-
-The security baselines are included in the [Security Compliance Toolkit (SCT)](security-compliance-toolkit-10.md), which can be downloaded from the Microsoft Download Center. The SCT also includes tools to help admins manage the security baselines.
-
-[](security-compliance-toolkit-10.md)
-[](get-support-for-security-baselines.md)
-
-## Community
-
-[](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/bd-p/Security-Baselines)
-
-## Related Videos
-
-You may also be interested in this msdn channel 9 video:
-- [Defrag Tools](https://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-174-Security-Baseline-Policy-Analyzer-and-LGPO)
-
-## See Also
-
-- [Microsoft Endpoint Configuration Manager](https://www.microsoft.com/cloud-platform/system-center-configuration-manager)
-- [Operations Management Suite](https://www.microsoft.com/cloud-platform/operations-management-suite)
-- [Configuration Management for Nano Server](/archive/blogs/grouppolicy/configuration-management-on-servers/)
-- [Microsoft Security Guidance Blog](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/bg-p/Microsoft-Security-Baselines)
-- [Microsoft Security Compliance Toolkit Download](https://www.microsoft.com/download/details.aspx?id=55319)
-- [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=55319)
\ No newline at end of file
diff --git a/windows/whats-new/TOC.yml b/windows/whats-new/TOC.yml
index a9ae9e12ba..b7b6b4220a 100644
--- a/windows/whats-new/TOC.yml
+++ b/windows/whats-new/TOC.yml
@@ -3,8 +3,8 @@
- name: Windows 11
expanded: true
items:
- - name: Windows 11 overview
- href: windows-11.md
+ - name: What's new in Windows 11
+ href: windows-11-whats-new.md
- name: Windows 11 requirements
href: windows-11-requirements.md
- name: Plan for Windows 11
diff --git a/windows/whats-new/images/windows-11-whats-new/windows-11-snap-layouts.png b/windows/whats-new/images/windows-11-whats-new/windows-11-snap-layouts.png
new file mode 100644
index 0000000000..5ad38f511f
Binary files /dev/null and b/windows/whats-new/images/windows-11-whats-new/windows-11-snap-layouts.png differ
diff --git a/windows/whats-new/images/windows-11-whats-new/windows-11-taskbar-microsoft-teams.png b/windows/whats-new/images/windows-11-whats-new/windows-11-taskbar-microsoft-teams.png
new file mode 100644
index 0000000000..3d018c0bda
Binary files /dev/null and b/windows/whats-new/images/windows-11-whats-new/windows-11-taskbar-microsoft-teams.png differ
diff --git a/windows/whats-new/images/windows-11-whats-new/windows-11-taskbar-virtual-desktops.png b/windows/whats-new/images/windows-11-whats-new/windows-11-taskbar-virtual-desktops.png
new file mode 100644
index 0000000000..3014eebecf
Binary files /dev/null and b/windows/whats-new/images/windows-11-whats-new/windows-11-taskbar-virtual-desktops.png differ
diff --git a/windows/whats-new/images/windows-11-whats-new/windows-11-taskbar-widgets.png b/windows/whats-new/images/windows-11-whats-new/windows-11-taskbar-widgets.png
new file mode 100644
index 0000000000..37f68c5e31
Binary files /dev/null and b/windows/whats-new/images/windows-11-whats-new/windows-11-taskbar-widgets.png differ
diff --git a/windows/whats-new/images/windows-11-whats-new/windows-11-taskbar.png b/windows/whats-new/images/windows-11-whats-new/windows-11-taskbar.png
new file mode 100644
index 0000000000..1f997e62f9
Binary files /dev/null and b/windows/whats-new/images/windows-11-whats-new/windows-11-taskbar.png differ
diff --git a/windows/whats-new/images/windows-11-whats-new/windows-terminal-app.png b/windows/whats-new/images/windows-11-whats-new/windows-terminal-app.png
new file mode 100644
index 0000000000..6e11e7df54
Binary files /dev/null and b/windows/whats-new/images/windows-11-whats-new/windows-terminal-app.png differ
diff --git a/windows/whats-new/index.yml b/windows/whats-new/index.yml
index 375f946870..403244cfa4 100644
--- a/windows/whats-new/index.yml
+++ b/windows/whats-new/index.yml
@@ -27,8 +27,8 @@ landingContent:
linkLists:
- linkListType: overview
links:
- - text: Windows 11 overview
- url: windows-11.md
+ - text: What's new
+ url: windows-11-whats-new.md
- text: Windows 11 requirements
url: windows-11-requirements.md
- text: Plan for Windows 11
diff --git a/windows/whats-new/windows-11-prepare.md b/windows/whats-new/windows-11-prepare.md
index e74e8d2e46..401e92c65f 100644
--- a/windows/whats-new/windows-11-prepare.md
+++ b/windows/whats-new/windows-11-prepare.md
@@ -54,7 +54,7 @@ The tools that you use for core workloads during Windows 10 deployments can stil
- If you use Microsoft Intune and have a Microsoft 365 E3 license, you will be able to use [feature update deployments](/mem/intune/protect/windows-10-feature-updates) to easily update devices from one release of Windows 10 to another, or to upgrade Windows 10 devices to Windows 11. You can also continue using the same update experience controls to manage Windows 10 and Windows 11. If you aren’t ready to move to Windows 11, keep the feature update version set at the version you are currently on. When you are ready to start upgrading devices, change the feature update deployment setting to specify Windows 11.
> [!NOTE]
- > Endpoints managed by Windows Update for Business will not automatically upgrade to Windows 11 unless an administrator explicllty configures a **Target Version** using the [TargetReleaseVersion](/windows/client-management/mdm/policy-csp-update#update-targetreleaseversion) setting using a Windows CSP, a [feature update profile](/mem/intune/protect/windows-10-feature-updates) in Intune, or the [Select target Feature Update version setting](/windows/deployment/update/waas-wufb-group-policy#i-want-to-stay-on-a-specific-version) in a group policy.
+ > Endpoints managed by Windows Update for Business will not automatically upgrade to Windows 11 unless an administrator explicitly configures a **Target Version** using the [TargetReleaseVersion](/windows/client-management/mdm/policy-csp-update#update-targetreleaseversion) setting using a Windows CSP, a [feature update profile](/mem/intune/protect/windows-10-feature-updates) in Intune, or the [Select target Feature Update version setting](/windows/deployment/update/waas-wufb-group-policy#i-want-to-stay-on-a-specific-version) in a group policy.
## Cloud-based management
diff --git a/windows/whats-new/windows-11-requirements.md b/windows/whats-new/windows-11-requirements.md
index d9aa505720..05c8ffdb7d 100644
--- a/windows/whats-new/windows-11-requirements.md
+++ b/windows/whats-new/windows-11-requirements.md
@@ -2,7 +2,7 @@
title: Windows 11 requirements
description: Hardware requirements to deploy Windows 11
ms.reviewer:
-manager: laurawi
+manager: dougeby
ms.audience: itpro
author: greg-lindsay
ms.author: greglin
@@ -21,7 +21,7 @@ ms.custom: seo-marvel-apr2020
- Windows 11
-This article lists the system requirements for Windows 11. Windows 11 is also supported on a virtual machine (VM).
+This article lists the system requirements for Windows 11. Windows 11 is also [supported on a virtual machine (VM)](#virtual-machine-support).
## Hardware requirements
@@ -80,6 +80,22 @@ Some features in Windows 11 have requirements beyond those listed above. See the
- **Windows Projection**: requires a display adapter that supports Windows Display Driver Model (WDDM) 2.0 and a Wi-Fi adapter that supports Wi-Fi Direct.
- **Xbox app**: requires an Xbox Live account, which is not available in all regions. Please go to the Xbox Live Countries and Regions page for the most up-to-date information on availability. Some features in the Xbox app will require an active [Xbox Game Pass](https://www.xbox.com/xbox-game-pass) subscription.
+## Virtual machine support
+
+The following configuration requirements apply to VMs running Windows 11.
+
+- Generation: 2 \*
+- Storage: 64 GB or greater
+- Security: Secure Boot capable, virtual TPM enabled
+- Memory: 4 GB or greater
+- Processor: 2 or more virtual processors
+
+The VM host CPU must also meet Windows 11 [processor requirements](/windows-hardware/design/minimum/windows-processor-requirements).
+
+\* In-place upgrade of existing generation 1 VMs to Windows 11 is not possible.
+
+> [!NOTE]
+> Procedures to configure required VM settings depend on the VM host type. For VM hosts running Hyper-V, virtualization (VT-x, VT-d) must be enabled in BIOS. Virtual TPM 2.0 is emulated in the guest VM independent of the Hyper-V host TPM presence or version.
## Next steps
@@ -89,5 +105,5 @@ Some features in Windows 11 have requirements beyond those listed above. See the
## See also
[Windows minimum hardware requirements](/windows-hardware/design/minimum/minimum-hardware-requirements-overview)
-[Windows 11 overview](windows-11.md)
+[What's new in Windows 11 overview](windows-11-whats-new.md)
diff --git a/windows/whats-new/windows-11-whats-new.md b/windows/whats-new/windows-11-whats-new.md
new file mode 100644
index 0000000000..e48159d8fd
--- /dev/null
+++ b/windows/whats-new/windows-11-whats-new.md
@@ -0,0 +1,210 @@
+---
+title: Windows 11, what's new and overview for administrators
+description: Learn more about what's new in Windows 11. Read about see the features IT professionals and administrators should know about Windows 11, including security, using apps, the new desktop, and deploying and servicing PCs.
+ms.reviewer:
+manager: dougeby
+ms.audience: itpro
+author: MandiOhlinger
+ms.author: mandia
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.localizationpriority: medium
+audience: itpro
+ms.topic: article
+ms.custom:
+---
+
+# What's new in Windows 11
+
+**Applies to**:
+
+- Windows 11
+
+Windows 11 is the next client operating system, and includes features that organizations should know. Windows 11 is built on the same foundation as Windows 10. If you use Windows 10, then Windows 11 is a natural transition and update to what you know, and what you're familiar with.
+
+It offers innovations focused on enhancing end-user productivity, and is designed to support today's hybrid work environment.
+
+Your investments in update and device management are carried forward. For example, many of the same apps and tools can be used in Windows 11. Many of the same security settings and policies can be applied to Windows 11 devices, including PCs. You can use Windows Autopilot with a zero touch deployment to enroll your Windows devices in Microsoft Endpoint Manager. You can also use newer features, such as Azure Virtual Desktop and Windows 365 on your Windows 11 devices.
+
+This article lists what's new, and some of the features & improvements. For more information on what's new for OEMs, see [What's new in manufacturing, customization, and design](/windows-hardware/get-started/what-s-new-in-windows).
+
+## Security and scanning
+
+The security and privacy features in Windows 11 are similar to Windows 10. Security for your devices starts with the hardware, and includes OS security, application security, and user & identity security. There are features available in the Windows OS to help in these areas. This section describes some of these features. For a more comprehensive view, including zero trust, see [Windows security](/windows/security/).
+
+- The **Windows Security** app is built into the OS. This app is an easy-to-use interface, and combines commonly used security features. For example, your get access to virus & threat protection, firewall & network protection, account protection, and more.
+
+ For more information, see [the Windows Security app](/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center).
+
+- **Security baselines** includes security settings that already configured, and ready to be deployed to your devices. If you don't know where to start, or it's too time consuming to go through all the settings, then you should look at Security Baselines.
+
+ For more information, see [Windows security baselines](/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines).
+
+- **Microsoft Defender Antivirus** is built into Windows, and helps protect devices using next-generation security. When used with Microsoft Defender for Endpoint, your organization gets strong endpoint protection, and advanced endpoint protection & response. If your devices are managed with Endpoint Manager, you can create policies based on threat levels found in Microsoft Defender for Endpoint.
+
+ For more information, see:
+
+ - [Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)
+ - [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint)
+ - [Enforce compliance for Microsoft Defender for Endpoint](/mem/intune/protect/advanced-threat-protection)
+
+- The Application Security features help prevent unwanted or malicious code from running, isolate untrusted websites & untrusted Office files, protect against phishing or malware websites, and more.
+
+ For more information, see [Windows application security](/windows/security/apps).
+
+- **Windows Hello for Business** helps protect users and identities. It replaces passwords, and uses a PIN or biometric that stays locally on the device. Device manufacturers are including more secure hardware features, such as IR cameras and TPM chips. These features are used with Windows Hello for Business to help protect user identities on your organization devices.
+
+ As an admin, going passwordless help secures user identities. The Windows OS, Azure AD, and Endpoint Manager work together to remove passwords, create more secure policies, and help enforce compliance.
+
+ For more information, see:
+
+ - [Windows Hello for Business Overview](/windows/security/identity-protection/hello-for-business/hello-overview)
+ - [Trusted Platform Module Technology Overview](/windows/security/information-protection/tpm/trusted-platform-module-overview)
+ - [Integrate Windows Hello for Business with Endpoint Manager](/mem/intune/protect/windows-hello)
+
+For more information on the security features you can configure, manage, and enforce using Endpoint Manager, see [Protect data and devices with Microsoft Endpoint Manager](/mem/intune/protect/device-protect).
+
+## Easier access to new services, and services you already use
+
+- **Windows 365** is a desktop operating system that's also a cloud service. From another internet-connected device, including Android and macOS devices, you can run Windows 365, just like a virtual machine.
+
+ For more information, see [What is Windows 365 Enterprise?](/windows-365/overview).
+
+- **Microsoft Teams** is included with the OS, and is automatically available on the taskbar. Users select the chat icon, sign in with their personal Microsoft account, and start a call:
+
+ :::image type="content" source="./images/windows-11-whats-new/windows-11-taskbar-microsoft-teams.png" alt-text="On the Windows 11 taskbar, select the camera chat icon to start a Microsoft Teams call.":::
+
+ This version of Microsoft Teams is for personal accounts. For organization accounts, such as `user@contoso.com`, you can deploy the Microsoft Teams app using MDM policy, such as Endpoint Manager. For more information, see:
+
+ - [Get started with Microsoft Endpoint Manager](/mem/endpoint-manager-getting-started)
+ - [Add Microsoft 365 apps to Windows 10 devices with Microsoft Intune](/mem/intune/apps/apps-add-office365)
+ - [Install Microsoft Teams using Microsoft Endpoint Configuration Manager](/microsoftteams/msi-deployment)
+
+ Users can manage preinstalled apps using the **Settings** app > **Apps** > **Apps & Features**. Admins can [create a policy that pins apps, or removes the default pinned apps from the Taskbar](/windows/configuration/customize-taskbar-windows-11).
+
+- **Power Automate for desktop** is included with the OS. Your users can create flows with this low-code app to help them with everyday tasks. For example, users can create flows that save a message to OneNote, notify a team when there's a new Forms response, get notified when a file is added to SharePoint, and more.
+
+ For more information, see [Getting started with Power Automate in Windows 11](/power-automate/desktop-flows/getting-started-windows-11).
+
+ Users can manage preinstalled apps using the **Settings** app > **Apps** > **Apps & Features**.
+
+## Customize the desktop experience
+
+- **Snap Layouts, Snap Groups**: When you open an app, hover your mouse over the minimize/maximize option. When you do, you can select a different layout for the app:
+
+ :::image type="content" source="./images/windows-11-whats-new/windows-11-snap-layouts.png" alt-text="In Windows 11, use the minimize or maximize button on an app to see the available snap layouts.":::
+
+ This feature allows users to customize the sizes of apps on their desktop. And, when you add other apps to the layout, the snapped layout stays in place.
+
+ When you add your apps in a Snap Layout, that layout is saved in a Snap Group. In the taskbar, when you hover over an app in an existing snap layout, it shows all the apps in that layout. This feature is the Snap Group. You can select the group, and the apps are opened in the same layout. As you add more Snap Groups, you can switch between them just by selecting the Snap Group.
+
+ Users can manage some snap features using the **Settings** app > **System** > **Multitasking**. For more information on the end-user experience, see [Snap your windows](https://support.microsoft.com/windows/snap-your-windows-885a9b1e-a983-a3b1-16cd-c531795e6241).
+
+ You can also add Snap Layouts to apps your organization creates. For more information, see [Support snap layouts for desktop apps on Windows 11](/windows/apps/desktop/modernize/apply-snap-layout-menu).
+
+- **Start menu**: The Start menu includes some apps that are pinned by default. You can customize the Start menu layout by pinning (and unpinning) the apps you want. For example, you can pin commonly used apps in your organization, such as Outlook, Microsoft Teams, apps your organization creates, and more.
+
+ Using policy, you can deploy your customized Start menu layout to devices in your organization. For more information, see [Customize the Start menu layout on Windows 11](/windows/configuration/customize-start-menu-layout-windows-11).
+
+ Users can manage some Start menu features using the **Settings** app > **Personalization**. For more information on the end-user experience, see [See what's on the Start menu](https://support.microsoft.com/windows/see-what-s-on-the-start-menu-a8ccb400-ad49-962b-d2b1-93f453785a13).
+
+- **Taskbar**: You can also pin (and unpin) apps on the Taskbar. For example, you can pin commonly used apps in your organization, such as Outlook, Microsoft Teams, apps your organization creates, and more.
+
+ Using policy, you can deploy your customized Taskbar to devices in your organization. For more information, see [Customize the Taskbar on Windows 11](/windows/configuration/customize-taskbar-windows-11).
+
+ Users can manage some Taskbar features using the **Settings** app > **Personalization**. For more information on the end-user experience, see:
+
+ - [Customize the taskbar notification area](https://support.microsoft.com/windows/customize-the-taskbar-notification-area-e159e8d2-9ac5-b2bd-61c5-bb63c1d437c3)
+ - [Pin apps and folders to the desktop or taskbar](https://support.microsoft.com/windows/pin-apps-and-folders-to-the-desktop-or-taskbar-f3c749fb-e298-4cf1-adda-7fd635df6bb0)
+
+- **Widgets**: Widgets are available on the Taskbar. It includes a personalized feed that could be weather, calendar, stock prices, news, and more:
+
+ :::image type="content" source="./images/windows-11-whats-new/windows-11-taskbar-widgets.png" alt-text="On the Windows 11 taskbar, select the widgets icon to open and see the available widgets.":::
+
+ You can enable/disable this feature using the `Computer Configuration\Administrative Templates\Windows Components\widgets` Group Policy. You can also deploy a customized Taskbar to devices in your organization. For more information, see [Customize the Taskbar on Windows 11](/windows/configuration/customize-taskbar-windows-11).
+
+ For information on the end-user experience, see [Stay up to date with widgets](https://support.microsoft.com/windows/stay-up-to-date-with-widgets-7ba79aaa-dac6-4687-b460-ad16a06be6e4).
+
+- **Virtual desktops**: On the Taskbar, you can select the Desktops icon to create a new desktop:
+
+ :::image type="content" source="./images/windows-11-whats-new/windows-11-taskbar-virtual-desktops.png" alt-text="On the Windows 11 taskbar, select the desktop icon to create many virtual desktops.":::
+
+ Use the desktop to open different apps depending on what you're doing. For example, you can create a Travel desktop that includes web sites and apps that are focused on travel.
+
+ Using policy, you can deploy a customized Taskbar to devices in your organization. For more information, see [Customize the Taskbar on Windows 11](/windows/configuration/customize-taskbar-windows-11).
+
+ Users can manage some desktop features using **Settings** app > **System** > **Multitasking**. For more information on the end-user experience, see [Multiple desktops in Windows](https://support.microsoft.com/windows/multiple-desktops-in-windows-11-36f52e38-5b4a-557b-2ff9-e1a60c976434).
+
+## Use your same apps, improved
+
+- Your Windows 10 apps will also work on Windows 11. **[App Assure](https://www.microsoft.com/fasttrack/microsoft-365/app-assure)** is also available if there are some issues.
+
+ You can continue to use **MSIX packages** for your UWP, Win32, WPF, and WinForm desktop application files. Continue to use **Windows Package Manager** to install Windows apps. Use **Azure Virtual desktop with MSIX app attach** to virtualize desktops and apps. For more information on these features, see [Overview of apps on Windows client devices](/windows/application-management/apps-in-windows-10).
+
+ In the **Settings** app > **Apps**, users can manage some of the app settings. For example, they can get apps anywhere, but let the user know if there's a comparable app in the Microsoft Store. They can also choose which apps start when they sign in.
+
+ Using an MDM provider, like Endpoint Manager, you can create policies that also manage some app settings. For a list of settings, see [App Store in Endpoint Manager](/mem/intune/configuration/device-restrictions-windows-10#app-store).
+
+- If you manage devices using Endpoint Manager, then you might be familiar with the **Company Portal app**. Starting with Windows 11, the Company Portal is your private app repository for your organization apps. For more information, see [Private app repository in Windows 11](/windows/application-management/private-app-repository-mdm-company-portal-windows-11).
+
+ For public and retail apps, continue using the Microsoft Store.
+
+- **Windows Terminal app**: This app is included with the OS. On previous Windows versions, it's a separate download in the Microsoft Store. For more information, see [What is Windows Terminal?](/windows/terminal/).
+
+ This app combines Windows PowerShell, a command prompt, and Azure Cloud Shell all within the same terminal window. You don't need to open separate apps to use these command-line applications. It has tabs. And when you open a new tab, you can choose your command-line application:
+
+ :::image type="content" source="./images/windows-11-whats-new/windows-terminal-app.png" alt-text="On Windows 11, open the Windows Terminal app to use Windows PowerShell, the command prompt, or Azure Cloud Shell to run commands.":::
+
+ If users or groups in your organization do a lot with Windows PowerShell or the command prompt, then use policy to add the Windows Terminal app to the [Start menu layout](/windows/configuration/customize-start-menu-layout-windows-11) or the [Taskbar](/windows/configuration/customize-taskbar-windows-11).
+
+ Users can also search for the Terminal app, right-select the app, and pin the app to the Start menu and taskbar.
+
+- The **Microsoft Store** has a new look, and includes more public and retail apps. For more information on the end-user experience, see:
+
+ - [Get updates for apps and games in Microsoft Store](https://support.microsoft.com/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f)
+ - [How to open Microsoft Store on Windows](https://support.microsoft.com/account-billing/how-to-open-microsoft-store-on-windows-10-e080b85a-7c9e-46a7-8d8b-3e9a42e32de6)
+
+- The **Microsoft Edge** browser is included with the OS, and is the default browser. Internet Explorer (IE) isn't available in Windows 11. In Microsoft Edge, you can use IE Mode if a website needs Internet Explorer. Open Microsoft Edge, and enter `edge://settings/defaultBrowser` in the URL.
+
+ To save system resources, Microsoft Edge uses sleeping tabs. Users can configure these settings, and more, in `edge://settings/system`.
+
+ Using Group Policy or an MDM provider, such as Endpoint Manager, you can configure some Microsoft Edge settings. For more information, see [Microsoft Edge - Policies](/deployedge/microsoft-edge-policies) and [Configure Microsoft Edge policy settings](/mem/intune/configuration/administrative-templates-configure-edge).
+
+## Deployment and servicing
+
+- **Install Windows 11**: The same methods you use to install Windows 10 can also be used to install Windows 11. For example, you can deploy Windows to your devices using Windows Autopilot, Microsoft Deployment Toolkit (MDT), Configuration Manager, and more. Windows 11 will be delivered as an upgrade to eligible devices running Windows 10.
+
+ For more information on getting started, see [Windows client deployment resources and documentation](/windows/deployment/) and [Plan for Windows 11](windows-11-plan.md).
+
+ For more information on the end-user experience, see [Ways to install Windows 11](https://support.microsoft.com/windows/e0edbbfb-cfc5-4011-868b-2ce77ac7c70e).
+
+- **Windows Autopilot**: If you're purchasing new devices, you can use Windows Autopilot to set up and pre-configure the devices. When users get the device, they sign in with their organization account (`user@contoso.com`). In the background, Autopilot gets them ready for use, and deploys any apps or policies you set. You can also use Windows Autopilot to reset, repurpose, and recover devices. Autopilot offers zero touch deployment for admins.
+
+ If you have a global or remote workforce, then Autopilot might be the right option to install the OS, and get it ready for use. For more information, see [Overview of Windows Autopilot](/mem/autopilot/windows-autopilot).
+
+- **Microsoft Endpoint Manager** is a mobile application management (MAM) and mobile device management (MDM) provider. It helps manage devices, and manage apps on devices in your organization. You configure policies, and then deploy these policies to users and groups. You can create and deploy policies that install apps, configure device features, enforce PIN requirements, block compromised devices, and more.
+
+ If you currently use Group Policy to manage your Windows 10 devices, you can also use Group Policy to manage Windows 11 devices. In Endpoint Manager, there are [administrative templates](/mem/intune/configuration/administrative-templates-windows) and the [settings catalog](/mem/intune/configuration/settings-catalog) that include many of the same policies. [Group Policy analytics](/mem/intune/configuration/group-policy-analytics) analyze your on-premises group policy objects.
+
+- **Windows Updates and Delivery optimization** helps manage updates, and manage features on your devices. Starting with Windows 11, the OS feature updates are installed annually. For more information on servicing channels, and what they are, see [Servicing channels](/windows/deployment/update/waas-overview#servicing-channels).
+
+ Like Windows 10, Windows 11 will receive monthly quality updates.
+
+ You have options to install updates on your Windows devices, including Endpoint Manager, Group Policy, Windows Server Update Services (WSUS), and more. For more information, see [Assign devices to servicing channels](/windows/deployment/update/waas-servicing-channels-windows-10-updates).
+
+ Some updates are large, and use bandwidth. Delivery optimization helps reduce bandwidth consumption. It shares the work of downloading the update packages with multiple devices in your deployment. Windows 11 updates are smaller, as they only pull down source files that are different. You can create policies that configure delivery optimization settings. For example, set the maximum upload and download bandwidth, set caching sizes, and more.
+
+ For more information, see [Delivery Optimization for Windows updates](/windows/deployment/update/waas-delivery-optimization).
+
+ For more information on the end-user experience, see:
+
+ - [Installation & updates](https://support.microsoft.com/office/installation-updates-2f9c1819-310d-48a7-ac12-25191269903c#PickTab=Windows_11)
+ - [Manage updates in Windows](https://support.microsoft.com/windows/manage-updates-in-windows-643e9ea7-3cf6-7da6-a25c-95d4f7f099fe)
+
+## Next steps
+
+- [Windows 11 requirements](windows-11-requirements.md)
+- [Plan for Windows 11](windows-11-plan.md)
+- [Prepare for Windows 11](windows-11-prepare.md)
+- [Windows release health](https://aka.ms/windowsreleasehealth)
diff --git a/windows/whats-new/windows-11.md b/windows/whats-new/windows-11.md
deleted file mode 100644
index 68a435cda7..0000000000
--- a/windows/whats-new/windows-11.md
+++ /dev/null
@@ -1,92 +0,0 @@
----
-title: Windows 11 overview
-description: Overview of Windows 11
-ms.reviewer:
-manager: laurawi
-ms.audience: itpro
-author: greg-lindsay
-ms.author: greglin
-ms.prod: w11
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.localizationpriority: medium
-audience: itpro
-ms.topic: article
-ms.custom: seo-marvel-apr2020
----
-
-# Windows 11 overview
-
-**Applies to**
-
-- Windows 11
-
-This article provides an introduction to Windows 11, and answers some frequently asked questions.
-
-Also see the following articles to learn more about Windows 11:
-
-- [Windows 11 requirements](windows-11-requirements.md): Requirements to deploy Windows 11.
-- [Plan for Windows 11](windows-11-plan.md): Information to help you plan for Windows 11 in your organization.
-- [Prepare for Windows 11](windows-11-prepare.md): Procedures to ensure readiness to deploy Windows 11.
-
-## Introduction
-
-Windows 11 is the next evolution of Windows; it is the most significant update to the Windows operating system since Windows 10. It offers many innovations focused on enhancing end-user productivity in a fresh experience that is flexible and fluid. Windows 11 is designed to support today's hybrid work environment, and intended to be the most reliable, secure, connected, and performant Windows operating system ever.
-
-Windows 11 is built on the same foundation as Windows 10, so the investments you have made in tools for update and device management are carried forward. Windows 11 also sustains the application compatibility promise made with Windows 10, supplemented by programs like App Assure. For Microsoft 365 customers seeking further assistance, FastTrack will continue to be available to support your efforts to adopt Windows 11.
-
-## How to get Windows 11
-
-Windows 11 will be delivered as an upgrade to eligible devices running Windows 10, beginning on October 5, 2021. Windows 11 will also be available on eligible new devices.
-
-For administrators managing devices on behalf of their organization, Windows 11 will be available through the same, familiar channels that you use today for Windows 10 feature updates. You will be able to use existing deployment and management tools, such as Windows Update for Business, Microsoft Endpoint Manager, and Windows Autopilot. For more information, see [Plan for Windows 11](windows-11-plan.md).
-
-For devices that are not managed by an organization, the Windows 11 upgrade will be offered to eligible Windows 10 devices through Windows Update using Microsoft's intelligent rollout process to ensure a smooth upgrade experience.
-
-For more information about device eligibility, see [Windows 11 requirements](windows-11-requirements.md).
-
-If you are interested in testing Windows 11 before general availability, you can join the [Windows Insider Program](https://insider.windows.com) or [Windows Insider Program for Business](https://insider.windows.com/for-business). You can also preview Windows 11 by enabling pre-release Windows 10 feature updates in [Microsoft Endpoint Configuration Manager](/mem/configmgr/core/servers/manage/pre-release-features) or [Windows Server Update Services](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/publishing-pre-release-windows-10-feature-updates-to-wsus/ba-p/845054) (WSUS).
-
-If you are an administrator, you can manage installations of Windows 11 Insider Preview Builds across multiple devices in your organization using Group Policy, MDM solutions such as Intune, Configuration Manager, or [Windows Server Update Services](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/publishing-pre-release-windows-10-feature-updates-to-wsus/ba-p/845054) (WSUS). For more information, see [Manage Insider Preview builds across your organization](/windows-insider/business/manage-builds).
-
-## Before you begin
-
-The following sections provide a quick summary of licensing, compatibility, management, and servicing considerations to help you get started with Windows 11.
-
-#### Licensing
-
-There are no unique licensing requirements for Windows 11 beyond what is required for Windows 10 devices.
-
-Microsoft 365 licenses that include Windows 10 licenses will permit you to run Windows 11 on supported devices. If you have a volume license, it will equally cover Windows 11 and Windows 10 devices before and after upgrade.
-
-#### Compatibility
-
-Most accessories and associated drivers that work with Windows 10 are expected to work with Windows 11. Check with your accessory manufacturer for specific details.
-
-Windows 11 preserves the application compatibility promise made with Windows 10, and does not require changes to existing support processes or tooling to sustain the currency of applications and devices. Microsoft 365 customers can continue to use programs such as App Assure and FastTrack to support IT efforts to adopt and maintain Windows 11. For more information, see [Application compatibility](windows-11-plan.md#application-compatibility).
-
-#### Familiar processes
-
-Windows 11 is built on the same foundation as Windows 10. Typically, you can use the same tools and solutions you use today to deploy, manage, and secure Windows 11. Your current management tools and processes will also work to manage monthly quality updates for both Windows 10 and Windows 11.
-
-> [!IMPORTANT]
-> Check with the providers of any non-Microsoft security and management solutions that you use to ensure compatibility with Windows 11, particularly those providing security or data loss prevention capabilities.
-
-For more information, see [Prepare for Windows 11](windows-11-prepare.md).
-
-#### Servicing Windows 11
-
-Like Windows 10, Windows 11 will receive monthly quality updates. However, it will have a new feature update cadence. Windows 11 feature updates will be released once per year.
-
-When Windows 11 reaches general availability, important servicing-related announcements and information about known issues and safeguard holds can be found on the [Windows release health](https://aka.ms/windowsreleasehealth) hub. Monthly release notes will also be available from a consolidated Windows 11 update history page at that time. For more information, see [Servicing and support](windows-11-plan.md#servicing-and-support).
-
-## Next steps
-
-[Windows 11 requirements](windows-11-requirements.md)
-[Plan for Windows 11](windows-11-plan.md)
-[Prepare for Windows 11](windows-11-prepare.md)
-
-## Also see
-
-[What's new in Windows 11](/windows-hardware/get-started/what-s-new-in-windows)
-[Windows 11: The Optimization and Performance Improvements](https://www.youtube.com/watch?v=oIYHRRTCVy4)
