diff --git a/windows/client-management/mdm/laps-csp.md b/windows/client-management/mdm/laps-csp.md
index 0bcdee4870..1d92425031 100644
--- a/windows/client-management/mdm/laps-csp.md
+++ b/windows/client-management/mdm/laps-csp.md
@@ -1,7 +1,7 @@
---
title: LAPS CSP
description: Learn more about the LAPS CSP.
-ms.date: 01/18/2024
+ms.date: 01/31/2024
---
@@ -34,7 +34,13 @@ The following list shows the LAPS configuration service provider nodes:
- [AdministratorAccountName](#policiesadministratoraccountname)
- [ADPasswordEncryptionEnabled](#policiesadpasswordencryptionenabled)
- [ADPasswordEncryptionPrincipal](#policiesadpasswordencryptionprincipal)
+ - [AutomaticAccountManagementEnableAccount](#policiesautomaticaccountmanagementenableaccount)
+ - [AutomaticAccountManagementEnabled](#policiesautomaticaccountmanagementenabled)
+ - [AutomaticAccountManagementNameOrPrefix](#policiesautomaticaccountmanagementnameorprefix)
+ - [AutomaticAccountManagementRandomizeName](#policiesautomaticaccountmanagementrandomizename)
+ - [AutomaticAccountManagementTarget](#policiesautomaticaccountmanagementtarget)
- [BackupDirectory](#policiesbackupdirectory)
+ - [PassphraseLength](#policiespassphraselength)
- [PasswordAgeDays](#policiespasswordagedays)
- [PasswordComplexity](#policiespasswordcomplexity)
- [PasswordExpirationProtectionEnabled](#policiespasswordexpirationprotectionenabled)
@@ -420,6 +426,275 @@ If the specified user or group account is invalid the device will fallback to us
+
+### Policies/AutomaticAccountManagementEnableAccount
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview [99.9.9999] |
+
+
+
+```Device
+./Device/Vendor/MSFT/LAPS/Policies/AutomaticAccountManagementEnableAccount
+```
+
+
+
+
+Use this setting to configure whether the automatically managed account is enabled or disabled.
+
+- If this setting is enabled, the target account will be enabled.
+
+- If this setting is disabled, the target account will be disabled.
+
+If not specified, this setting defaults to False.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `bool` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | False |
+| Dependency [AutomaticAccountManagementEnabled] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/LAPS/Policies/AutomaticAccountManagementEnabled`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
|
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| False (Default) | The target account will be disabled. |
+| True | The target account will be enabled. |
+
+
+
+
+
+
+
+
+
+### Policies/AutomaticAccountManagementEnabled
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview [99.9.9999] |
+
+
+
+```Device
+./Device/Vendor/MSFT/LAPS/Policies/AutomaticAccountManagementEnabled
+```
+
+
+
+
+Use this setting to specify whether automatic account management is enabled.
+
+- If this setting is enabled, the target account will be automatically managed.
+
+- If this setting is disabled, the target account won't be automatically managed.
+
+If not specified, this setting defaults to False.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `bool` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | False |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| false (Default) | The target account won't be automatically managed. |
+| true | The target account will be automatically managed. |
+
+
+
+
+
+
+
+
+
+### Policies/AutomaticAccountManagementNameOrPrefix
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview [99.9.9999] |
+
+
+
+```Device
+./Device/Vendor/MSFT/LAPS/Policies/AutomaticAccountManagementNameOrPrefix
+```
+
+
+
+
+Use this setting to configure the name or prefix of the managed local administrator account.
+
+If specified, the value will be used as the name or name prefix of the managed account.
+
+If not specified, this setting will default to "WLapsAdmin".
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `chr` (string) |
+| Access Type | Add, Delete, Get, Replace |
+| Dependency [AutomaticAccountManagementEnabled] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/LAPS/Policies/AutomaticAccountManagementEnabled`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
|
+
+
+
+
+
+
+
+
+
+### Policies/AutomaticAccountManagementRandomizeName
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview [99.9.9999] |
+
+
+
+```Device
+./Device/Vendor/MSFT/LAPS/Policies/AutomaticAccountManagementRandomizeName
+```
+
+
+
+
+Use this setting to configure whether the name of the automatically managed account uses a random numeric suffix each time the password is rotated.
+
+If this setting is enabled, the name of the target account will use a random numeric suffix.
+
+If this setting is disbled, the name of the target account won't use a random numeric suffix.
+
+If not specified, this setting defaults to False.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `bool` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | False |
+| Dependency [AutomaticAccountManagementEnabled] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/LAPS/Policies/AutomaticAccountManagementEnabled`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
|
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| False (Default) | The name of the target account won't use a random numeric suffix. |
+| True | The name of the target account will use a random numeric suffix. |
+
+
+
+
+
+
+
+
+
+### Policies/AutomaticAccountManagementTarget
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview [99.9.9999] |
+
+
+
+```Device
+./Device/Vendor/MSFT/LAPS/Policies/AutomaticAccountManagementTarget
+```
+
+
+
+
+Use this setting to configure which account is automatically managed.
+
+The allowable settings are:
+
+0=The builtin administrator account will be managed.
+
+1=A new account created by Windows LAPS will be managed.
+
+If not specified, this setting will default to 1.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | 1 |
+| Dependency [AutomaticAccountManagementEnabled] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/LAPS/Policies/AutomaticAccountManagementEnabled`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
|
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 | Manage the built-in administrator account. |
+| 1 (Default) | Manage a new custom administrator account. |
+
+
+
+
+
+
+
+
### Policies/BackupDirectory
@@ -478,6 +753,54 @@ If not specified, this setting will default to 0.
+
+### Policies/PassphraseLength
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview [99.9.9999] |
+
+
+
+```Device
+./Device/Vendor/MSFT/LAPS/Policies/PassphraseLength
+```
+
+
+
+
+Use this setting to configure the number of passphrase words.
+
+If not specified, this setting will default to 6 words.
+
+This setting has a minimum allowed value of 3 words.
+
+This setting has a maximum allowed value of 10 words.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | Range: `[3-10]` |
+| Default Value | 6 |
+| Dependency [PasswordComplexity] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/LAPS/Policies/PasswordComplexity`
Dependency Allowed Value: `[6-8]`
Dependency Allowed Value Type: `Range`
|
+
+
+
+
+
+
+
+
### Policies/PasswordAgeDays
@@ -550,9 +873,15 @@ The allowable settings are:
1=Large letters
2=Large letters + small letters
3=Large letters + small letters + numbers
-4=Large letters + small letters + numbers + special characters.
+4=Large letters + small letters + numbers + special characters
+5=Large letters + small letters + numbers + special characters (improved readability)
+6=Passphrase (long words)
+7=Passphrase (short words)
+8=Passphrase (short words with unique prefixes)
If not specified, this setting will default to 4.
+
+Passphrase list taken from "Deep Dive: EFF's New Wordlists for Random Passphrases" by Electronic Frontier Foundation, and is used under a CC-BY-3.0 Attribution license. See for more information.
@@ -580,6 +909,10 @@ If not specified, this setting will default to 4.
| 2 | Large letters + small letters. |
| 3 | Large letters + small letters + numbers. |
| 4 (Default) | Large letters + small letters + numbers + special characters. |
+| 5 | Large letters + small letters + numbers + special characters (improved readability). |
+| 6 | Passphrase (long words). |
+| 7 | Passphrase (short words). |
+| 8 | Passphrase (short words with unique prefixes). |
@@ -683,6 +1016,7 @@ This setting has a maximum allowed value of 64 characters.
| Access Type | Add, Delete, Get, Replace |
| Allowed Values | Range: `[8-64]` |
| Default Value | 14 |
+| Dependency [PasswordComplexity] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/LAPS/Policies/PasswordComplexity`
Dependency Allowed Value: `[1-5]`
Dependency Allowed Value Type: `Range`
|
@@ -740,6 +1074,7 @@ If not specified, this setting will default to 3 (Reset the password and logoff
| 1 | Reset password: upon expiry of the grace period, the managed account password will be reset. |
| 3 (Default) | Reset the password and logoff the managed account: upon expiry of the grace period, the managed account password will be reset and any interactive logon sessions using the managed account will be terminated. |
| 5 | Reset the password and reboot: upon expiry of the grace period, the managed account password will be reset and the managed device will be immediately rebooted. |
+| 11 | Reset the password, logoff the managed account, and terminate any remaining processes: upon expiration of the grace period, the managed account password is reset, any interactive logon sessions using the managed account are logged off, and any remaining processes are terminated. |
diff --git a/windows/client-management/mdm/laps-ddf-file.md b/windows/client-management/mdm/laps-ddf-file.md
index 9b5d989db8..d347e57374 100644
--- a/windows/client-management/mdm/laps-ddf-file.md
+++ b/windows/client-management/mdm/laps-ddf-file.md
@@ -1,7 +1,7 @@
---
title: LAPS DDF file
description: View the XML file containing the device description framework (DDF) for the LAPS configuration service provider.
-ms.date: 01/18/2024
+ms.date: 01/31/2024
---
@@ -194,8 +194,14 @@ The allowable settings are:
2=Large letters + small letters
3=Large letters + small letters + numbers
4=Large letters + small letters + numbers + special characters
+5=Large letters + small letters + numbers + special characters (improved readability)
+6=Passphrase (long words)
+7=Passphrase (short words)
+8=Passphrase (short words with unique prefixes)
-If not specified, this setting will default to 4.
+If not specified, this setting will default to 4.
+
+Passphrase list taken from "Deep Dive: EFF's New Wordlists for Random Passphrases" by Electronic Frontier Foundation, and is used under a CC-BY-3.0 Attribution license. See https://go.microsoft.com/fwlink/?linkid=2255471 for more information.
@@ -225,6 +231,22 @@ If not specified, this setting will default to 4.
4
Large letters + small letters + numbers + special characters
+
+ 5
+ Large letters + small letters + numbers + special characters (improved readability)
+
+
+ 6
+ Passphrase (long words)
+
+
+ 7
+ Passphrase (short words)
+
+
+ 8
+ Passphrase (short words with unique prefixes)
+
@@ -260,6 +282,70 @@ This setting has a maximum allowed value of 64 characters.
[8-64]
+
+
+
+ Vendor/MSFT/LAPS/Policies/PasswordComplexity
+
+
+ [1-5]
+ PasswordComplexity configured to generate a password
+
+
+
+
+
+
+
+
+ PassphraseLength
+
+
+
+
+
+
+
+ 6
+ Use this setting to configure the number of passphrase words.
+
+If not specified, this setting will default to 6 words
+
+This setting has a minimum allowed value of 3 words.
+
+This setting has a maximum allowed value of 10 words.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 99.9.9999
+ 1.1
+
+
+ [3-10]
+
+
+
+
+ Vendor/MSFT/LAPS/Policies/PasswordComplexity
+
+
+ [6-8]
+ PasswordComplexity configured to generate a passphrase
+
+
+
+
+
@@ -567,9 +653,278 @@ If not specified, this setting will default to 3 (Reset the password and logoff
5
Reset the password and reboot: upon expiry of the grace period, the managed account password will be reset and the managed device will be immediately rebooted.
+
+ 11
+ Reset the password, logoff the managed account, and terminate any remaining processes: upon expiration of the grace period, the managed account password is reset, any interactive logon sessions using the managed account are logged off, and any remaining processes are terminated.
+
+
+ AutomaticAccountManagementEnabled
+
+
+
+
+
+
+
+ False
+ Use this setting to specify whether automatic account management is enabled.
+
+If this setting is enabled, the target account will be automatically managed.
+
+If this setting is disabled, the target account will not be automatically managed.
+
+If not specified, this setting defaults to False.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 99.9.9999
+ 1.1
+
+
+
+ false
+ The target account will not be automatically managed
+
+
+ true
+ The target account will be automatically managed
+
+
+
+
+
+ AutomaticAccountManagementTarget
+
+
+
+
+
+
+
+ 1
+ Use this setting to configure which account is automatically managed.
+
+The allowable settings are:
+
+0=The builtin administrator account will be managed.
+1=A new account created by Windows LAPS will be managed.
+
+If not specified, this setting will default to 1.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 99.9.9999
+ 1.1
+
+
+
+ 0
+ Manage the built-in administrator account
+
+
+ 1
+ Manage a new custom administrator account
+
+
+
+
+
+ Vendor/MSFT/LAPS/Policies/AutomaticAccountManagementEnabled
+
+
+ true
+ AutomaticAccountManagementEnabled enabled
+
+
+
+
+
+
+
+
+ AutomaticAccountManagementNameOrPrefix
+
+
+
+
+
+
+
+ Use this setting to configure the name or prefix of the managed local administrator account.
+
+If specified, the value will be used as the name or name prefix of the managed account.
+
+If not specified, this setting will default to "WLapsAdmin".
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 99.9.9999
+ 1.1
+
+
+
+
+ Vendor/MSFT/LAPS/Policies/AutomaticAccountManagementEnabled
+
+
+ true
+ AutomaticAccountManagementEnabled enabled
+
+
+
+
+
+
+
+
+ AutomaticAccountManagementEnableAccount
+
+
+
+
+
+
+
+ False
+ Use this setting to configure whether the automatically managed account is enabled or disabled.
+
+If this setting is enabled, the target account will be enabled.
+
+If this setting is disabled, the target account will be disabled.
+
+If not specified, this setting defaults to False.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 99.9.9999
+ 1.1
+
+
+
+ False
+ The target account will be disabled
+
+
+ True
+ The target account will be enabled
+
+
+
+
+
+ Vendor/MSFT/LAPS/Policies/AutomaticAccountManagementEnabled
+
+
+ true
+ AutomaticAccountManagementEnabled enabled
+
+
+
+
+
+
+
+
+ AutomaticAccountManagementRandomizeName
+
+
+
+
+
+
+
+ False
+ Use this setting to configure whether the name of the automatically managed account uses a random numeric suffix each time the password is rotated.
+
+If this setting is enabled, the name of the target account will use a random numeric suffix.
+
+If this setting is disbled, the name of the target account will not use a random numeric suffix..
+
+If not specified, this setting defaults to False.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 99.9.9999
+ 1.1
+
+
+
+ False
+ The name of the target account will not use a random numeric suffix.
+
+
+ True
+ The name of the target account will use a random numeric suffix.
+
+
+
+
+
+ Vendor/MSFT/LAPS/Policies/AutomaticAccountManagementEnabled
+
+
+ true
+ AutomaticAccountManagementEnabled enabled
+
+
+
+
+
+
+
Actions
diff --git a/windows/client-management/mdm/policy-csp-mixedreality.md b/windows/client-management/mdm/policy-csp-mixedreality.md
index e8a936acdc..b8ae2bcd32 100644
--- a/windows/client-management/mdm/policy-csp-mixedreality.md
+++ b/windows/client-management/mdm/policy-csp-mixedreality.md
@@ -1,7 +1,7 @@
---
title: MixedReality Policy CSP
description: Learn more about the MixedReality Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 01/31/2024
---
@@ -321,6 +321,97 @@ This policy setting controls if pressing the brightness button changes the brigh
+
+## ConfigureDeviceStandbyAction
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/MixedReality/ConfigureDeviceStandbyAction
+```
+
+
+
+
+This policy setting controls device maintenance action during standby.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | 0 |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Not configured. |
+| 1 | Logoff users. |
+| 2 | Reboot device. |
+
+
+
+
+
+
+
+
+
+## ConfigureDeviceStandbyActionTimeout
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/MixedReality/ConfigureDeviceStandbyActionTimeout
+```
+
+
+
+
+This policy setting controls when to start maintenance action after device enters standby. The timeout value is in hours.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | Range: `[1-168]` |
+| Default Value | 8 |
+
+
+
+
+
+
+
+
## ConfigureMovingPlatform
@@ -643,7 +734,7 @@ Windows Network Connectivity Status Indicator may get a false positive internet-
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
@@ -692,7 +783,7 @@ This policy setting controls if pinching your thumb and index finger, while look
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
@@ -741,7 +832,7 @@ This policy setting controls if using voice commands to open the Start menu is e
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
@@ -1104,7 +1195,7 @@ The following example XML string shows the value to enable this policy:
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
@@ -1153,7 +1244,7 @@ This policy configures whether the Sign-In App should prefer showing Other User
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
@@ -1202,7 +1293,7 @@ This policy setting controls if it's require that the Start icon to be pressed f
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |