deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge pull request #4491 from nimishasatapathy/nimishasatapathy-4749599-ASCIIimageconversion

Browse Source 
updated-CSPimagesetting-4749599
This commit is contained in:
Gary Moore 2021-03-12 14:49:40 -08:00 committed by GitHub
commit 438dfc1e6f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
20 changed files with 552 additions and 81 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
windows/client-management/mdm/accounts-csp.md
View File

@ -11,15 +11,24 @@ ms.reviewer:
manager: dansimp manager: dansimp
--- ---
# Accounts CSP # Accounts Configuration Service Provider
The Accounts configuration service provider (CSP) is used by the enterprise (1) to rename a device, (2) to create a new local Windows account and join it to a local user group. This CSP was added in Windows 10, version 1803. The Accounts configuration service provider (CSP) is used by the enterprise (1) to rename a device, (2) to create a new local Windows account and join it to a local user group. This CSP was added in Windows 10, version 1803.
The following diagram shows the Accounts configuration service provider in tree format. The following shows the Accounts configuration service provider in tree format.
![Accounts CSP diagram](images/provisioning-csp-accounts.png) ```
./Device/Vendor/MSFT
Accounts
----Domain
--------ComputerName
----Users
--------UserName
------------Password
------------LocalUserGroup
```
<a href="" id="accounts"></a>**./Device/Vendor/MSFT/Accounts** <a href="" id="accounts"></a>**./Device/Vendor/MSFT/Accounts**
Root node. Root node.

34
windows/client-management/mdm/activesync-csp.md
View File

@ -28,9 +28,39 @@ The ./Vendor/MSFT/ActiveSync path is deprecated, but will continue to work in th
The following diagram shows the ActiveSync configuration service provider management objects in tree format as used by Open Mobile Alliance Device Management (OMA DM), OMA Client Provisioning, and Enterprise DM. The following shows the ActiveSync configuration service provider management objects in tree format as used by Open Mobile Alliance Device Management (OMA DM), OMA Client Provisioning, and Enterprise DM.
![activesync csp (cp)](images/provisioning-csp-activesync-cp.png) ```
./Vendor/MSFT
ActiveSync
----Accounts
--------Account GUID
------------EmailAddress
------------Domain
------------AccountIcon
------------AccountType
------------AccountName
------------Password
------------ServerName
------------UserName
------------Options
----------------CalendarAgeFilter
----------------Logging
----------------MailBodyType
----------------MailHTMLTruncation
----------------MailPlainTextTruncation
----------------Schedule
----------------UseSSL
----------------MailAgeFilter
----------------ContentTypes
--------------------Content Type GUID
------------------------Enabled
------------------------Name
------------Policies
----------------MailBodyType
----------------MaxMailAgeFilter
```
<a href="" id="--user-vendor-msft-activesync"></a>**./User/Vendor/MSFT/ActiveSync** <a href="" id="--user-vendor-msft-activesync"></a>**./User/Vendor/MSFT/ActiveSync**
The root node for the ActiveSync configuration service provider. The root node for the ActiveSync configuration service provider.

32
windows/client-management/mdm/alljoynmanagement-csp.md
View File

@ -26,9 +26,37 @@ This CSP was added in Windows 10, version 1511.
For the firewall settings, note that PublicProfile and PrivateProfile are mutually exclusive. The Private Profile must be set on the directly on the device itself, and the only supported operation is Get. For PublicProfile, both Add and Get are supported. This CSP is intended to be used in conjunction with the AllJoyn Device System Bridge, and an understanding of the bridge will help when determining when and how to use this CSP. For more information, see [Device System Bridge (DSB) Project](https://go.microsoft.com/fwlink/p/?LinkId=615876) and [AllJoyn Device System Bridge](https://go.microsoft.com/fwlink/p/?LinkId=615877). For the firewall settings, note that PublicProfile and PrivateProfile are mutually exclusive. The Private Profile must be set on the directly on the device itself, and the only supported operation is Get. For PublicProfile, both Add and Get are supported. This CSP is intended to be used in conjunction with the AllJoyn Device System Bridge, and an understanding of the bridge will help when determining when and how to use this CSP. For more information, see [Device System Bridge (DSB) Project](https://go.microsoft.com/fwlink/p/?LinkId=615876) and [AllJoyn Device System Bridge](https://go.microsoft.com/fwlink/p/?LinkId=615877).
The following diagram shows the AllJoynManagement configuration service provider in tree format The following shows the AllJoynManagement configuration service provider in tree format
![alljoynmanagement csp diagram](images/provisioning-csp-alljoynmanagement.png) ```
./Vendor/MSFT
AllJoynManagement
----Configurations
--------ServiceID
------------Port
----------------PortNum
--------------------ConfigurableObjects
------------------------CfgObjectPath
----Credentials
--------ServiceID
------------Key
----Firewall
--------PublicProfile
--------PrivateProfile
----Services
--------ServiceID
------------AppId
------------DeviceId
------------AppName
------------Manufacturer
------------ModelNumber
------------Description
------------SoftwareVersion
------------AJSoftwareVersion
------------HardwareVersion
----Options
--------QueryIdleTime
```
The following list describes the characteristics and parameters. The following list describes the characteristics and parameters.

35
windows/client-management/mdm/applicationcontrol-csp.md
View File

@ -1,6 +1,6 @@
--- ---
title: ApplicationControl CSP title: ApplicationControl CSP
description: The ApplicationControl CSP allows you to manage multiple Windows Defender Application Control (WDAC) policies from a MDM server. description: The ApplicationControl CSP allows you to manage multiple Windows Defender Application Control (WDAC) policies from an MDM server.
keywords: security, malware keywords: security, malware
ms.author: dansimp ms.author: dansimp
ms.topic: article ms.topic: article
@ -16,10 +16,33 @@ ms.date: 09/10/2020
Windows Defender Application Control (WDAC) policies can be managed from an MDM server or locally using PowerShell via the WMI Bridge through the ApplicationControl configuration service provider (CSP). The ApplicationControl CSP was added in Windows 10, version 1903. This CSP provides expanded diagnostic capabilities and support for [multiple policies](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies) (introduced in Windows 10, version 1903). It also provides support for rebootless policy deployment (introduced in Windows 10, version 1709). Unlike the [AppLocker CSP](applocker-csp.md), the ApplicationControl CSP correctly detects the presence of no-reboot option and consequently does not schedule a reboot. Windows Defender Application Control (WDAC) policies can be managed from an MDM server or locally using PowerShell via the WMI Bridge through the ApplicationControl configuration service provider (CSP). The ApplicationControl CSP was added in Windows 10, version 1903. This CSP provides expanded diagnostic capabilities and support for [multiple policies](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies) (introduced in Windows 10, version 1903). It also provides support for rebootless policy deployment (introduced in Windows 10, version 1709). Unlike the [AppLocker CSP](applocker-csp.md), the ApplicationControl CSP correctly detects the presence of no-reboot option and consequently does not schedule a reboot.
Existing WDAC policies deployed using the AppLocker CSP's CodeIntegrity node can now be deployed using the ApplicationControl CSP URI. Although WDAC policy deployment via the AppLocker CSP will continue to be supported, all new feature work will be done in the ApplicationControl CSP only. Existing WDAC policies deployed using the AppLocker CSP's CodeIntegrity node can now be deployed using the ApplicationControl CSP URI. Although WDAC policy deployment via the AppLocker CSP will continue to be supported, all new feature work will be done in the ApplicationControl CSP only.
The following diagram shows the ApplicationControl CSP in tree format. The following shows the ApplicationControl CSP in tree format.
![tree diagram for applicationcontrol csp](images/provisioning-csp-applicationcontrol.png)
```
./Vendor/MSFT
ApplicationControl
----Policies
--------Policy GUID
------------Policy
------------PolicyInfo
----------------Version
----------------IsEffective
----------------IsDeployed
----------------IsAuthorized
----------------Status
----------------FriendlyName
------------Token
----------------TokenID
----Tokens
--------ID
------------Token
------------TokenInfo
----------------Status
------------PolicyIDs
----------------Policy GUID
----TenantID
----DeviceID
```
<a href="" id="vendor-msft-applicationcontrol"></a>**./Vendor/MSFT/ApplicationControl** <a href="" id="vendor-msft-applicationcontrol"></a>**./Vendor/MSFT/ApplicationControl**
Defines the root node for the ApplicationControl CSP. Defines the root node for the ApplicationControl CSP.
@ -125,7 +148,7 @@ In order to leverage the ApplicationControl CSP without using Intune, you must:
1. Know a generated policy's GUID, which can be found in the policy xml as `<PolicyID>` or `<PolicyTypeID>` for pre-1903 systems. 1. Know a generated policy's GUID, which can be found in the policy xml as `<PolicyID>` or `<PolicyTypeID>` for pre-1903 systems.
2. Convert the policies to binary format using the ConvertFrom-CIPolicy cmdlet in order to be deployed. The binary policy may be signed or unsigned. 2. Convert the policies to binary format using the ConvertFrom-CIPolicy cmdlet in order to be deployed. The binary policy may be signed or unsigned.
3. Create a policy node (a Base64-encoded blob of the binary policy representation) using the certutil -encode command line tool. 3. Create a policy node (a Base64-encoded blob of the binary policy representation) using the certutil -encode command-line tool.
Below is a sample certutil invocation: Below is a sample certutil invocation:
@ -141,7 +164,7 @@ An alternative to using certutil would be to use the following PowerShell invoca
### Deploy Policies ### Deploy Policies
To deploy a new base policy using the CSP, perform an ADD on **./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy** using the Base64-encoded policy node as {Data}. Refer to the the Format section in the Example 1 below. To deploy a new base policy using the CSP, perform an ADD on **./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy** using the Base64-encoded policy node as {Data}. Refer to the Format section in the Example 1 below.
To deploy base policy and supplemental policies: To deploy base policy and supplemental policies:

52
windows/client-management/mdm/applocker-csp.md
View File

@ -17,10 +17,54 @@ ms.date: 11/19/2019
The AppLocker configuration service provider is used to specify which applications are allowed or disallowed. There is no user interface shown for apps that are blocked. The AppLocker configuration service provider is used to specify which applications are allowed or disallowed. There is no user interface shown for apps that are blocked.
The following diagram shows the AppLocker configuration service provider in tree format. The following shows the AppLocker configuration service provider in tree format.
```
![applocker csp](images/provisioning-csp-applocker.png) ./Vendor/MSFT
AppLocker
----ApplicationLaunchRestrictions
--------Grouping
------------EXE
----------------Policy
----------------EnforcementMode
----------------NonInteractiveProcessEnforcement
------------MSI
----------------Policy
----------------EnforcementMode
------------Script
----------------Policy
----------------EnforcementMode
------------StoreApps
----------------Policy
----------------EnforcementMode
------------DLL
----------------Policy
----------------EnforcementMode
----------------NonInteractiveProcessEnforcement
------------CodeIntegrity
----------------Policy
----EnterpriseDataProtection
--------Grouping
------------EXE
----------------Policy
------------StoreApps
----------------Policy
----LaunchControl
--------Grouping
------------EXE
----------------Policy
----------------EnforcementMode
------------StoreApps
----------------Policy
----------------EnforcementMode
----FamilySafety
--------Grouping
------------EXE
----------------Policy
----------------EnforcementMode
------------StoreApps
----------------Policy
----------------EnforcementMode
```
<a href="" id="--vendor-msft-applocker"></a>**./Vendor/MSFT/AppLocker** <a href="" id="--vendor-msft-applocker"></a>**./Vendor/MSFT/AppLocker**
Defines the root node for the AppLocker configuration service provider. Defines the root node for the AppLocker configuration service provider.

13
windows/client-management/mdm/assignedaccess-csp.md
View File

@ -29,10 +29,17 @@ For a step-by-step guide for setting up devices to run in kiosk mode, see [Set u
> [!Note] > [!Note]
> The AssignedAccess CSP is supported in Windows 10 Enterprise and Windows 10 Education. Starting from Windows 10, version 1709 it is also supported in Windows 10 Pro and Windows 10 S. Starting in Windows 10, version 1803, it is also supported in Windows Holographic for Business edition. > The AssignedAccess CSP is supported in Windows 10 Enterprise and Windows 10 Education. Starting from Windows 10, version 1709 it is also supported in Windows 10 Pro and Windows 10 S. Starting in Windows 10, version 1803, it is also supported in Windows Holographic for Business edition.
The following diagram shows the AssignedAccess configuration service provider in tree format The following shows the AssignedAccess configuration service provider in tree format
![assignedaccess csp diagram](images/provisioning-csp-assignedaccess.png)
```
./Vendor/MSFT
AssignedAccess
----KioskModeApp
----Configuration (Added in Windows 10, version 1709)
----Status (Added in Windows 10, version 1803)
----ShellLauncher (Added in Windows 10, version 1803)
----StatusConfiguration (Added in Windows 10, version 1803)
```
<a href="" id="--vendor-msft-assignedaccess"></a>**./Device/Vendor/MSFT/AssignedAccess** <a href="" id="--vendor-msft-assignedaccess"></a>**./Device/Vendor/MSFT/AssignedAccess**
Root node for the CSP. Root node for the CSP.

28
windows/client-management/mdm/bitlocker-csp.md
View File

@ -24,11 +24,29 @@ the setting configured by the admin.
For RequireDeviceEncryption and RequireStorageCardEncryption, the Get operation returns the actual status of enforcement to the admin, such as if Trusted Platform Module (TPM) protection is required and if encryption is required. And if the device has BitLocker enabled but with password protector, the status reported is 0. A Get operation on RequireDeviceEncryption does not verify that the a minimum PIN length is enforced (SystemDrivesMinimumPINLength). For RequireDeviceEncryption and RequireStorageCardEncryption, the Get operation returns the actual status of enforcement to the admin, such as if Trusted Platform Module (TPM) protection is required and if encryption is required. And if the device has BitLocker enabled but with password protector, the status reported is 0. A Get operation on RequireDeviceEncryption does not verify that the a minimum PIN length is enforced (SystemDrivesMinimumPINLength).
The following diagram shows the BitLocker configuration service provider in tree format. The following shows the BitLocker configuration service provider in tree format.
```
![BitLocker csp](images/provisioning-csp-bitlocker.png) ./Device/Vendor/MSFT
BitLocker
----RequireStorageCardEncryption
----RequireDeviceEncryption
----EncryptionMethodByDriveType
----SystemDrivesRequireStartupAuthentication
----SystemDrivesMinimumPINLength
----SystemDrivesRecoveryMessage
----SystemDrivesRecoveryOptions
----FixedDrivesRecoveryOptions
----FixedDrivesRequireEncryption
----RemovableDrivesRequireEncryption
----AllowWarningForOtherDiskEncryption
----AllowStandardUserEncryption
----ConfigureRecoveryPasswordRotation
----RotateRecoveryPasswords
----Status
--------DeviceEncryptionStatus
--------RotateRecoveryPasswordsStatus
--------RotateRecoveryPasswordsRequestID
```
<a href="" id="--device-vendor-msft-bitlocker"></a>**./Device/Vendor/MSFT/BitLocker** <a href="" id="--device-vendor-msft-bitlocker"></a>**./Device/Vendor/MSFT/BitLocker**
Defines the root node for the BitLocker configuration service provider. Defines the root node for the BitLocker configuration service provider.
<!--Policy--> <!--Policy-->

83
windows/client-management/mdm/certificatestore-csp.md
View File

@ -25,10 +25,87 @@ The CertificateStore configuration service provider is used to add secure socket
For the CertificateStore CSP, you cannot use the Replace command unless the node already exists. For the CertificateStore CSP, you cannot use the Replace command unless the node already exists.
The following diagram shows the CertificateStore configuration service provider management object in tree format as used by both Open Mobile Alliance Device Management (OMA DM) and OMA Client Provisioning. The following shows the CertificateStore configuration service provider management object in tree format as used by both Open Mobile Alliance Device Management (OMA DM) and OMA Client Provisioning.
![provisioning\-csp\-certificatestore](images/provisioning-csp-certificatestore.png)
```
./Vendor/MSFT
CertificateStore
----ROOT
--------*
------------EncodedCertificate
------------IssuedBy
------------IssuedTo
------------ValidFrom
------------ValidTo
------------TemplateName
--------System
------------*
----------------EncodedCertificate
----------------IssuedBy
----------------IssuedTo
----------------ValidFrom
----------------ValidTo
----------------TemplateName
----MY
--------User
------------*
----------------EncodedCertificate
----------------IssuedBy
----------------IssuedTo
----------------ValidFrom
----------------ValidTo
----------------TemplateName
--------SCEP
------------*
----------------Install
--------------------ServerURL
--------------------Challenge
--------------------EKUMapping
--------------------KeyUsage
--------------------SubjectName
--------------------KeyProtection
--------------------RetryDelay
--------------------RetryCount
--------------------TemplateName
--------------------KeyLength
--------------------HashAlgrithm
--------------------CAThumbPrint
--------------------SubjectAlternativeNames
--------------------ValidPeriod
--------------------ValidPeriodUnit
--------------------Enroll
----------------CertThumbPrint
----------------Status
----------------ErrorCode
--------WSTEP
------------CertThumprint
------------Renew
----------------RenewPeriod
----------------ServerURL
----------------RetryInterval
----------------ROBOSupport
----------------Status
----------------ErrorCode
----------------LastRenewalAttemptTime (Added in Windows 10, version 1607)
----------------RenewNow (Added in Windows 10, version 1607)
----------------RetryAfterExpiryInterval (Added in Windows 10, version 1703)
----CA
--------*
------------EncodedCertificate
------------IssuedBy
------------IssuedTo
------------ValidFrom
------------ValidTo
------------TemplateName
--------System
------------*
----------------EncodedCertificate
----------------IssuedBy
----------------IssuedTo
----------------ValidFrom
----------------ValidTo
----------------TemplateName
```
<a href="" id="root-system"></a>**Root/System** <a href="" id="root-system"></a>**Root/System**
Defines the certificate store that contains root, or self-signed, certificates. Defines the certificate store that contains root, or self-signed, certificates.

11
windows/client-management/mdm/cleanpc-csp.md
View File

@ -15,10 +15,13 @@ manager: dansimp
The CleanPC configuration service provider (CSP) allows removal of user-installed and pre-installed applications, with the option to persist user data. This CSP was added in Windows 10, version 1703. The CleanPC configuration service provider (CSP) allows removal of user-installed and pre-installed applications, with the option to persist user data. This CSP was added in Windows 10, version 1703.
The following diagram shows the CleanPC configuration service provider in tree format. The following shows the CleanPC configuration service provider in tree format.
```
![CleanPC csp diagram](images/provisioning-csp-cleanpc.png) ./Device/Vendor/MSFT
CleanPC
----CleanPCWithoutRetainingUserData
----CleanPCRetainingUserData
```
<a href="" id="--device-vendor-msft-cleanpc"></a>**./Device/Vendor/MSFT/CleanPC** <a href="" id="--device-vendor-msft-cleanpc"></a>**./Device/Vendor/MSFT/CleanPC**
<p style="margin-left: 20px">The root node for the CleanPC configuration service provider.</p> <p style="margin-left: 20px">The root node for the CleanPC configuration service provider.</p>

46
windows/client-management/mdm/clientcertificateinstall-csp.md
View File

@ -23,10 +23,48 @@ For PFX certificate installation and SCEP installation, the SyncML commands must
You can only set PFXKeyExportable to true if KeyLocation=3. For any other KeyLocation value, the CSP will fail. You can only set PFXKeyExportable to true if KeyLocation=3. For any other KeyLocation value, the CSP will fail.
The following image shows the ClientCertificateInstall configuration service provider in tree format. The following shows the ClientCertificateInstall configuration service provider in tree format.
```
![clientcertificateinstall csp](images/provisioning-csp-clientcertificateinstall.png) ./Vendor/MSFT
ClientCertificateInstall
----PFXCertInstall
--------UniqueID
------------KeyLocation
------------ContainerName
------------PFXCertBlob
------------PFXCertPassword
------------PFXCertPasswordEncryptionType
------------PFXKeyExportable
------------Thumbprint
------------Status
------------PFXCertPasswordEncryptionStore (Added in Windows 10, version 1511)
----SCEP
--------UniqueID
------------Install
----------------ServerURL
----------------Challenge
----------------EKUMapping
----------------KeyUsage
----------------SubjectName
----------------KeyProtection
----------------RetryDelay
----------------RetryCount
----------------TemplateName
----------------KeyLength
----------------HashAlgorithm
----------------CAThumbprint
----------------SubjectAlternativeNames
----------------ValidPeriod
----------------ValidPeriodUnits
----------------ContainerName
----------------CustomTextToShowInPrompt
----------------Enroll
----------------AADKeyIdentifierList (Added in Windows 10, version 1703)
------------CertThumbprint
------------Status
------------ErrorCode
------------RespondentServerUrl
```
<a href="" id="device-or-user"></a>**Device or User** <a href="" id="device-or-user"></a>**Device or User**
For device certificates, use <strong>./Device/Vendor/MSFT</strong> path and for user certificates use <strong>./User/Vendor/MSFT</strong> path. For device certificates, use <strong>./Device/Vendor/MSFT</strong> path and for user certificates use <strong>./User/Vendor/MSFT</strong> path.

35
windows/client-management/mdm/cm-proxyentries-csp.md
View File

@ -25,10 +25,41 @@ The CM\_ProxyEntries configuration service provider is used to configure proxy c
The following diagram shows the CM\_ProxyEntries configuration service provider management object in tree format as used by Open Mobile Alliance Client Provisioning (OMA CP) and OMA Device Management(OMA DM). Support for OMA DM was added in Windows 10, version 1607. The following shows the CM\_ProxyEntries configuration service provider management object in tree format as used by Open Mobile Alliance Client Provisioning (OMA CP) and OMA Device Management(OMA DM). Support for OMA DM was added in Windows 10, version 1607.
![cm\-proxyentries csp (cp)](images/provisioning-csp-cm-proxyentries-cp.png) ```
./Vendor/MSFT
CM_ProxyEntries
----Entry
--------ConnectionName
--------BypassLocal
--------Enable
--------Exception
--------Password
--------Port
--------Server
--------Type
--------Username
./Device/Vendor/MSFT
Root
./Vendor/MSFT
./Device/Vendor/MSFT
CM_ProxyEntries
----Entry
--------ConnectionName
--------BypassLocal
--------Enable
--------Exception
--------Password
--------Port
--------Server
--------Type
--------Username
```
<a href="" id="entryname"></a>**entryname** <a href="" id="entryname"></a>**entryname**
Defines the name of the connection proxy. Defines the name of the connection proxy.

23
windows/client-management/mdm/cmpolicy-csp.md
View File

@ -28,10 +28,21 @@ Each policy entry identifies one or more applications in combination with a host
**Default Policies**: Policies are applied in order of their scope with the most specific policies considered before the more general policies. The phones default behavior applies to all applications and all domains and is only used when no other, more specific policy is available. The default policy is to use any available Wi-Fi network first and then any available APN. **Default Policies**: Policies are applied in order of their scope with the most specific policies considered before the more general policies. The phones default behavior applies to all applications and all domains and is only used when no other, more specific policy is available. The default policy is to use any available Wi-Fi network first and then any available APN.
The following diagram shows the CMPolicy configuration service provider management object in tree format as used by both Open Mobile Alliance (OMA) Client Provisioning and OMA Device Management. The following shows the CMPolicy configuration service provider management object in tree format as used by both Open Mobile Alliance (OMA) Client Provisioning and OMA Device Management.
![cmpolicy csp (dm,cp)](images/provisioning-csp-cmpolicy.png)
```
./Vendor/MSFT
CMPolicy
----PolicyName
--------SID
--------ClientType
--------Host
--------OrderedConnections
--------Connections
------------ConnXXX
----------------ConnectionID
----------------Type
```
<a href="" id="policyname"></a>***policyName*** <a href="" id="policyname"></a>***policyName***
Defines the name of the policy. Defines the name of the policy.
@ -64,7 +75,7 @@ Specifies whether the list of connections is in preference order.
A value of "0" specifies that the connections are not listed in order of preference. A value of "1" indicates that the listed connections are in order of preference. A value of "0" specifies that the connections are not listed in order of preference. A value of "1" indicates that the listed connections are in order of preference.
<a href="" id="connxxx"></a>**Conn**<strong>*XXX*</strong> <a href="" id="connxxx"></a>**Conn**<strong>*XXX*</strong>
Enumerates the connections associated with the policy. Element names begin with "Conn" followed by three digits which increment starting from "000". For example, a policy which applied to five connections would have element entries named "Conn000", "Conn001", "Conn002", "Conn003", and "Conn004". Enumerates the connections associated with the policy. Element names begin with "Conn" followed by three digits, which increment starting from "000". For example, a policy, which applied to five connections would have element entries named "Conn000", "Conn001", "Conn002", "Conn003", and "Conn004".
<a href="" id="connectionid"></a>**ConnectionID** <a href="" id="connectionid"></a>**ConnectionID**
Specifies a unique identifier for a connection within a group of connections. The exact value is based on the Type parameter. Specifies a unique identifier for a connection within a group of connections. The exact value is based on the Type parameter.
@ -486,14 +497,14 @@ Adding a host-based mapping policy:
<td><p>Yes</p></td> <td><p>Yes</p></td>
</tr> </tr>
<tr class="even"> <tr class="even">
<td><p>nocharacteristic</p></td> <td><p>uncharacteristic</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
</tr> </tr>
<tr class="odd"> <tr class="odd">
<td><p>characteristic-query</p></td> <td><p>characteristic-query</p></td>
<td><p>Yes</p> <td><p>Yes</p>
<p>Recursive query: Yes</p> <p>Recursive query: Yes</p>
<p>Top level query: Yes</p></td> <p>Top-level query: Yes</p></td>
</tr> </tr>
</tbody> </tbody>
</table> </table>

18
windows/client-management/mdm/cmpolicyenterprise-csp.md
View File

@ -28,10 +28,20 @@ Each policy entry identifies one or more applications in combination with a host
**Default Policies**: Policies are applied in order of their scope with the most specific policies considered before the more general policies. The phones default behavior applies to all applications and all domains and is only used when no other, more specific policy is available. The default policy is to use any available Wi-Fi network first and then any available APN. **Default Policies**: Policies are applied in order of their scope with the most specific policies considered before the more general policies. The phones default behavior applies to all applications and all domains and is only used when no other, more specific policy is available. The default policy is to use any available Wi-Fi network first and then any available APN.
The following diagram shows the CMPolicyEnterprise configuration service provider management object in tree format as used by both Open Mobile Alliance (OMA) Client Provisioning and OMA Device Management. The following shows the CMPolicyEnterprise configuration service provider management object in tree format as used by both Open Mobile Alliance (OMA) Client Provisioning and OMA Device Management.
```
![cmpolicy csp (dm,cp)](images/provisioning-csp-cmpolicyenterprise.png) ./Vendor/MSFT
CMPolicy
----PolicyName
--------SID
--------ClientType
--------Host
--------OrderedConnections
--------Connections
------------ConnXXX
----------------ConnectionID
----------------Type
```
<a href="" id="policyname"></a>***policyName*** <a href="" id="policyname"></a>***policyName***
Defines the name of the policy. Defines the name of the policy.

12
windows/client-management/mdm/customdeviceui-csp.md
View File

@ -15,12 +15,16 @@ ms.date: 06/26/2017
# CustomDeviceUI CSP # CustomDeviceUI CSP
The CustomDeviceUI configuration service provider allows OEMs to implement their custom foreground application, as well as the background tasks to run on an IoT device running IoT Core. Only one foreground application is supported per device. Multiple background tasks are supported. The CustomDeviceUI configuration service provider allows OEMs to implement their custom foreground application, as well as the background tasks to run on an IoT device running IoT Core. Only one foreground application is supported per device. Multiple background tasks are supported.
The following diagram shows the CustomDeviceUI configuration service provider in tree format as used by both the Open Mobile Alliance (OMA) Device Management (DM) and OMA Client Provisioning. The following shows the CustomDeviceUI configuration service provider in tree format as used by both the Open Mobile Alliance (OMA) Device Management (DM) and OMA Client Provisioning.
> **Note**  This configuration service provider only applies to Windows 10 IoT Core (IoT Core). > **Note**  This configuration service provider only applies to Windows 10 IoT Core (IoT Core).
```
![customdeviceui csp](images/provisioning-csp-customdeviceui.png) ./Vendor/MSFT
CustomDeviceUI
----StartupAppID
----BackgroundTasksToLaunch
--------BackgroundTaskPackageName
```
<a href="" id="./Vendor/MSFT/CustomDeviceUI"></a>**./Vendor/MSFT/CustomDeviceUI** <a href="" id="./Vendor/MSFT/CustomDeviceUI"></a>**./Vendor/MSFT/CustomDeviceUI**
The root node for the CustomDeviceUI configuration service provider. The supported operation is Get. The root node for the CustomDeviceUI configuration service provider. The supported operation is Get.

47
windows/client-management/mdm/defender-csp.md
View File

@ -20,10 +20,49 @@ ms.date: 08/11/2020
The Windows Defender configuration service provider is used to configure various Windows Defender actions across the enterprise. The Windows Defender configuration service provider is used to configure various Windows Defender actions across the enterprise.
The following image shows the Windows Defender configuration service provider in tree format. The following shows the Windows Defender configuration service provider in tree format.
```
![defender csp diagram](images/provisioning-csp-defender.png) ./Vendor/MSFT
Defender
----Detections
--------ThreatId
------------Name
------------URL
------------Severity
------------Category
------------CurrentStatus
------------ExecutionStatus
------------InitialDetectionTime
------------LastThreatStatusChangeTime
------------NumberOfDetections
----Health
--------ProductStatus (Added in Windows 10 version 1809)
--------ComputerState
--------DefenderEnabled
--------RtpEnabled
--------NisEnabled
--------QuickScanOverdue
--------FullScanOverdue
--------SignatureOutOfDate
--------RebootRequired
--------FullScanRequired
--------EngineVersion
--------SignatureVersion
--------DefenderVersion
--------QuickScanTime
--------FullScanTime
--------QuickScanSigVersion
--------FullScanSigVersion
--------TamperProtectionEnabled (Added in Windows 10, version 1903)
--------IsVirtualMachine (Added in Windows 10, version 1903)
----Configuration (Added in Windows 10, version 1903)
--------TamperProetection (Added in Windows 10, version 1903)
--------EnableFileHashcomputation (Added in Windows 10, version 1903)
--------SupportLogLocation (Added in the next major release of Windows 10)
----Scan
----UpdateSignature
----OfflineScan (Added in Windows 10 version 1803)
```
<a href="" id="detections"></a>**Detections** <a href="" id="detections"></a>**Detections**
An interior node to group all threats detected by Windows Defender. An interior node to group all threats detected by Windows Defender.

41
windows/client-management/mdm/devdetail-csp.md
View File

@ -21,10 +21,43 @@ The DevDetail configuration service provider handles the management object which
For the DevDetail CSP, you cannot use the Replace command unless the node already exists. For the DevDetail CSP, you cannot use the Replace command unless the node already exists.
The following diagram shows the DevDetail configuration service provider management object in tree format as used by OMA Device Management. The OMA Client Provisioning protocol is not supported for this configuration service provider. The following shows the DevDetail configuration service provider management object in tree format as used by OMA Device Management. The OMA Client Provisioning protocol is not supported for this configuration service provider.
```
![devdetail csp (dm)](images/provisioning-csp-devdetail-dm.png) .
DevDetail
----URI
--------MaxDepth
--------MaxTotLen
--------MaxSegLen
----DevTyp
----OEM
----FwV
----SwV
----HwV
----LrgObj
----Ext
--------Microsoft
------------MobileID
------------RadioSwV
------------Resolution
------------CommercializationOperator
------------ProcessorArchitecture
------------ProcessorType
------------OSPlatform
------------LocalTime
------------DeviceName
------------DNSComputerName (Added in Windows 10, version 2004)
------------TotalStorage
------------TotalRAM
------------SMBIOSSerialNumber (Added in Windows 10, version 1809)
--------WLANMACAddress
--------VoLTEServiceSetting
--------WlanIPv4Address
--------WlanIPv6Address
--------WlanDnsSuffix
--------WlanSubnetMask
--------DeviceHardwareData (Added in Windows 10, version 1703)
```
<a href="" id="devtyp"></a>**DevTyp** <a href="" id="devtyp"></a>**DevTyp**
Required. Returns the device model name /SystemProductName as a string. Required. Returns the device model name /SystemProductName as a string.

19
windows/client-management/mdm/developersetup-csp.md
View File

@ -19,10 +19,21 @@ The DeveloperSetup configuration service provider (CSP) is used to configure Dev
> [!NOTE] > [!NOTE]
> The DeveloperSetup configuration service provider (CSP) is only supported in Windows 10 Holographic Enterprise edition and with runtime provisioning via provisioning packages. It is not supported in MDM. > The DeveloperSetup configuration service provider (CSP) is only supported in Windows 10 Holographic Enterprise edition and with runtime provisioning via provisioning packages. It is not supported in MDM.
The following diagram shows the DeveloperSetup configuration service provider in tree format. The following shows the DeveloperSetup configuration service provider in tree format.
```
![developersetup csp diagram](images/provisioning-csp-developersetup.png) ./Device/Vendor/MSFT
DeveloperSetup
----EnableDeveloperMode
----DevicePortal
--------Authentication
------------Mode
------------BasicAuth
----------------Username
----------------Password
--------Connection
------------HttpPort
------------HttpsPort
```
<a href="" id="developersetup"></a>**DeveloperSetup** <a href="" id="developersetup"></a>**DeveloperSetup**
<p style="margin-left: 20px">The root node for the DeveloperSetup configuration service provider. <p style="margin-left: 20px">The root node for the DeveloperSetup configuration service provider.

21
windows/client-management/mdm/devicemanageability-csp.md
View File

@ -1,6 +1,6 @@
--- ---
title: DeviceManageability CSP title: DeviceManageability CSP
description: The DeviceManageability configuration service provider (CSP) is used retrieve general information about MDM configuration capabilities on the device. description: The DeviceManageability configuration service provider (CSP) is used to retrieve general information about MDM configuration capabilities on the device.
ms.assetid: FE563221-D5B5-4EFD-9B60-44FE4066B0D2 ms.assetid: FE563221-D5B5-4EFD-9B60-44FE4066B0D2
ms.reviewer: ms.reviewer:
manager: dansimp manager: dansimp
@ -15,14 +15,21 @@ ms.date: 11/01/2017
# DeviceManageability CSP # DeviceManageability CSP
The DeviceManageability configuration service provider (CSP) is used retrieve the general information about MDM configuration capabilities on the device. This CSP was added in Windows 10, version 1607. The DeviceManageability configuration service provider (CSP) is used to retrieve the general information about MDM configuration capabilities on the device. This CSP was added in Windows 10, version 1607.
For performance reasons DeviceManageability CSP directly reads the CSP version from the registry. Specifically, the value csp\_version is used to determine each of the CSP versions. The csp\_version is a value under each of the CSP registration keys. To have consistency on the CSP version, the CSP GetProperty implementation for CFGMGR\_PROPERTY\_SEMANTICTYPE has to be updated to read from the registry as well, so that the both paths return the same information. For performance reasons, DeviceManageability CSP directly reads the CSP version from the registry. Specifically, the value csp\_version is used to determine each of the CSP versions. The csp\_version is a value under each of the CSP registration keys. To have consistency on the CSP version, the CSP GetProperty implementation for CFGMGR\_PROPERTY\_SEMANTICTYPE has to be updated to read from the registry as well, so that the both paths return the same information.
The following diagram shows the DeviceManageability configuration service provider in a tree format.
![devicemanageability csp diagram](images/provisioning-csp-devicemanageability.png)
The following shows the DeviceManageability configuration service provider in a tree format.
```
./Device/Vendor/MSFT
DeviceManageability
----Capabilities
--------CSPVersions
----Provider (Added in Windows 10, version 1709)
--------ProviderID (Added in Windows 10, version 1709)
------------ConfigInfo (Added in Windows 10, version 1709)
------------EnrollmentInfo (Added in Windows 10, version 1709)
```
<a href="" id="--device-vendor-msft-devicemanageability"></a>**./Device/Vendor/MSFT/DeviceManageability** <a href="" id="--device-vendor-msft-devicemanageability"></a>**./Device/Vendor/MSFT/DeviceManageability**
Root node to group information about runtime MDM configuration capability on the target device. Root node to group information about runtime MDM configuration capability on the target device.

50
windows/client-management/mdm/devicestatus-csp.md
View File

@ -17,10 +17,52 @@ ms.date: 04/30/2019
The DeviceStatus configuration service provider is used by the enterprise to keep track of device inventory and query the state of compliance of these devices with their enterprise policies. The DeviceStatus configuration service provider is used by the enterprise to keep track of device inventory and query the state of compliance of these devices with their enterprise policies.
The following image shows the DeviceStatus configuration service provider in tree format. The following shows the DeviceStatus configuration service provider in tree format.
```
![devicestatus csp](images/provisioning-csp-devicestatus.png) ./Vendor/MSFT
DeviceStatus
----SecureBootState
----CellularIdentities
--------IMEI
------------IMSI
------------ICCID
------------PhoneNumber
------------CommercializationOperator
------------RoamingStatus
------------RoamingCompliance
----NetworkIdentifiers
--------MacAddress
------------IPAddressV4
------------IPAddressV6
------------IsConnected
------------Type
----Compliance
--------EncryptionCompliance
----TPM
--------SpecificationVersion
----OS
--------Edition
--------Mode
----Antivirus
--------SignatureStatus
--------Status
----Antispyware
--------SignatureStatus
--------Status
----Firewall
--------Status
----UAC
--------Status
----Battery
--------Status
--------EstimatedChargeRemaining
--------EstimatedRuntime
----DomainName
----DeviceGuard
--------VirtualizationBasedSecurityHwReq
--------VirtualizationBasedSecurityStatus
--------LsaCfgCredGuardStatus
```
<a href="" id="devicestatus"></a>**DeviceStatus** <a href="" id="devicestatus"></a>**DeviceStatus**
The root node for the DeviceStatus configuration service provider. The root node for the DeviceStatus configuration service provider.

14
windows/client-management/mdm/devinfo-csp.md
View File

@ -23,10 +23,16 @@ The DevInfo configuration service provider handles the managed object which prov
For the DevInfo CSP, you cannot use the Replace command unless the node already exists. For the DevInfo CSP, you cannot use the Replace command unless the node already exists.
The following diagram shows the DevInfo configuration service provider management object in tree format as used by OMA Device Management. The OMA Client provisioning protocol is not supported by this configuration service provider. The following shows the DevInfo configuration service provider management object in tree format as used by OMA Device Management. The OMA Client provisioning protocol is not supported by this configuration service provider.
```
![devinfo csp (dm)](images/provisioning-csp-devinfo-dm.png) .
DevInfo
----DevId
----Man
----Mod
----DmV
----Lang
```
<a href="" id="devid"></a>**DevId** <a href="" id="devid"></a>**DevId**
Required. Returns an application-specific global unique device identifier by default. Required. Returns an application-specific global unique device identifier by default.