Add configuration to assigned access profiles

2025-06-16 10:53:43 +00:00 · 2024-02-28 13:43:37 -05:00
parent 8d8912847e
commit 472e1f45dc
6 changed files with 25 additions and 55 deletions
--- a/windows/configuration/assigned-access/assigned-access-configuration-file.md
+++ b/windows/configuration/assigned-access/assigned-access-configuration-file.md
@ -20,15 +20,6 @@ Let's start by looking at the basic structure of the XML file. An Assigned Acces
 > [!NOTE]
 > A profile has no effect if it's not associated to a user account.

-```text
-Assigned Access
-|___ Profiles
-|   |___ Profile
-|       |___ KioskApp
-|       |___ TaskBar
-|___ Configs
-```
-
 Here's a basic example of an Assigned Access configuration file, with one profile and one config:

 ```xml
@ -36,12 +27,12 @@ Here's a basic example of an Assigned Access configuration file, with one profil
 <AssignedAccessConfiguration xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config">
    <Profiles>
        <Profile Id="GUID">
-            ...
+            <!-- Add configuration here as needed -->
        </Profile>
    </Profiles>
    <Configs>
        <Config>
-            ...
+            <!-- Add configuration here as needed -->
        </Config>
    </Configs>
 </AssignedAccessConfiguration>
@ -54,7 +45,7 @@ A configuration file can contain one or more profiles. Each profile is identifie
 ```xml
 <Profiles>
    <Profile Id="{EDB3036B-780D-487D-A375-69369D8A8F78}">
-        ...
+        <!-- Add configuration here as needed -->
    </Profile>
 </Profiles>
 ```
@ -106,13 +97,13 @@ Restricted user experience example:
    <Profile Id="{EDB3036B-780D-487D-A375-69369D8A8F78}" Name="Microsoft Learn example">
        <AllAppsList>
            <AllowedApps>
-                [...]
+                <!-- Add configuration here as needed -->
            </AllowedApps>
        </AllAppsList>
        <StartPins>
        </StartPins>
        <TaskbarLayout>
-            [...]
+            <!-- Add configuration here as needed -->
        </TaskbarLayout>
    </Profile>
 </Profiles>
@ -129,11 +120,11 @@ Restricted user experience example:
    <Profile Id="{EDB3036B-780D-487D-A375-69369D8A8F78}" Name="Microsoft Learn example">
        <AllAppsList>
            <AllowedApps>
-                [...]
+                <!-- Add configuration here as needed -->
            </AllowedApps>
        </AllAppsList>
        <rs5:FileExplorerNamespaceRestrictions>
-            [...]
+            <!-- Add configuration here as needed -->
        </rs5:FileExplorerNamespaceRestrictions>
        <StartLayout>
        </StartLayout>
@ -450,59 +441,38 @@ Microsoft Entra accounts must be specified with the format: `AzureAD\{UPN}`. `Az

 Group accounts are specified using `<UserGroup>`. Nested groups aren't supported. For example, if *User A* is member of *Group A*, *Group A* is member of *Group B*, and *Group B* is used in `<Config/>`, *User A* doesn't have the kiosk experience.

-:::row:::
-:::column span="2":::
-#### Scenario
-:::column-end:::
-:::column span="2":::
-#### XML snippet
-:::column-end:::
-:::row-end:::
-:::row:::
-:::column span="2":::
-**Local group**
+##### Local group

 Specify the group type as `LocalGroup` and add the group name in the `Name` attribute.
-:::column-end:::
-:::column span="2":::
+
 ```xml
 <Config>
  <UserGroup Type="LocalGroup" Name="groupname" />
  <DefaultProfile Id="{GUID}"/>
 </Config>
 ```
-:::column-end:::
-:::row-end:::
-:::row:::
-:::column span="2":::
-**Active Directory group**
+
+#### Active Directory group

 Both security and distribution groups are supported. Specify the group type as <strong>ActiveDirectoryGroup</strong>. Use the domain name as the prefix in the name attribute.
-:::column-end:::
-:::column span="2":::
+
 ```xml
 <Config>
  <UserGroup Type="ActiveDirectoryGroup" Name="contoso\groupname" />
  <DefaultProfile Id="{GUID}"/>
 </Config>
 ```
-:::column-end:::
-:::row-end:::
-:::row:::
-:::column span="2":::
-**Microsoft Entra group**
+
+#### Microsoft Entra group

 Use the object ID of the Microsoft Entra group. You can find the object ID on the overview page for the group in **Users and groups** > **All groups**. Specify the group type as `AzureActiveDirectoryGroup`. The kiosk device must have internet connectivity when users that belong to the group sign-in.
-:::column-end:::
-:::column span="2":::
+
 ```xml
 <Config>
  <UserGroup Type="AzureActiveDirectoryGroup" Name="Group_GUID" />
  <DefaultProfile Id="{GUID}"/>
 </Config>
 ```
-:::column-end:::
-:::row-end:::

 ### Global profile

--- a/windows/configuration/assigned-access/includes/assigned-access-example-file-explorer-restrictions.md
+++ b/windows/configuration/assigned-access/includes/assigned-access-example-file-explorer-restrictions.md
@ -14,12 +14,12 @@ ms.topic: include
    xmlns:v3="http://schemas.microsoft.com/AssignedAccess/2020/config">
    <Profiles>
        <Profile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}">
-            ...
+            <!-- Add configuration here -->
            <rs5:FileExplorerNamespaceRestrictions>
                <rs5:AllowedNamespace Name="Downloads"/>
                <v3:AllowRemovableDrives/>
            </rs5:FileExplorerNamespaceRestrictions>
-            ...
+            <!-- Add configuration here -->
        </Profile>
    </Profiles>
    <Configs>
--- a/windows/configuration/assigned-access/includes/assigned-access-example-global-profile.md
+++ b/windows/configuration/assigned-access/includes/assigned-access-example-global-profile.md
@ -14,7 +14,7 @@ ms.topic: include
    xmlns:v5="http://schemas.microsoft.com/AssignedAccess/2022/config">
    <Profiles>
        <Profile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}">
-          ...
+          <!-- Add configuration here -->
        </Profile>
    </Profiles>
    <Configs>
--- a/windows/configuration/assigned-access/includes/assigned-access-example-two-profiles.md
+++ b/windows/configuration/assigned-access/includes/assigned-access-example-two-profiles.md
@ -18,10 +18,10 @@ ms.topic: include
    <Profile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}">
      <AllAppsList>
        <AllowedApps>
-          ...
+          <!-- Add configuration here as needed -->
        </AllowedApps>
      </AllAppsList>
-      ...
+      <!-- Add configuration here as needed -->
    </Profile>
  </Profiles>
  <Configs>
--- a/windows/configuration/assigned-access/includes/assigned-access-example-usergroup.md
+++ b/windows/configuration/assigned-access/includes/assigned-access-example-usergroup.md
@ -13,7 +13,7 @@ ms.topic: include
    xmlns:rs5="http://schemas.microsoft.com/AssignedAccess/201810/config">

    <Profiles>
-        ...
+        <!-- Add configuration here as needed -->
    </Profiles>

    <Configs>
--- a/windows/configuration/assigned-access/shell-launcher-configuration-file.md
+++ b/windows/configuration/assigned-access/shell-launcher-configuration-file.md
@ -28,10 +28,10 @@ You can start your file by pasting the following XML code into a text editor, an
    xmlns="http://schemas.microsoft.com/ShellLauncher/2018/Configuration"
    xmlns:V2="http://schemas.microsoft.com/ShellLauncher/2019/Configuration">
    <Profiles>
-        ...
+        <!-- Add configuration here as needed -->
    </Profiles>
    <Configs>
-        ...
+        <!-- Add configuration here as needed -->
    </Configs>
 </ShellLauncherConfiguration>
 ```
@ -43,7 +43,7 @@ If you want to define a default profile, you can use the `DefaultProfile` elemen
 ```xml
 <Profiles>
    <DefaultProfile>
-        ...
+        <!-- Add configuration here as needed -->
    </DefaultProfile>
 </Profiles>
 ```
@ -53,7 +53,7 @@ Each profile is identified by a unique identifier `Profile Id`, for example:
 ```xml
 <Profiles>
    <Profile Id="{EDB3036B-780D-487D-A375-69369D8A8F78}">
-        ...
+        <!-- Add configuration here as needed -->
    </Profile>
 </Profiles>
 ```