From e095c4bda363c1a8fc5622366d00cd220f7904b8 Mon Sep 17 00:00:00 2001 From: Nick Brower Date: Thu, 8 Jun 2017 10:39:45 -0700 Subject: [PATCH 01/25] added documentation for Start/AllowPinnedFoder* policies addes in RS2. --- .../policy-configuration-service-provider.md | 370 ++++++++++++++++++ 1 file changed, 370 insertions(+) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 5b81c0026b..bca99263de 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -15951,6 +15951,376 @@ ADMX Info: - 0 – Not allowed. - 1 (default) – Allowed. + + + +**Start/AllowPinnedFolderDocuments** + + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobileEnterprise
cross markcross markcheck markcheck markcross markcross mark
+ + + +

This policy controls the visibility of the Documents shortcut on the Start menu. + +

The following list shows the supported values: + +- 0 – The shortcut should be hidden and grays out the corresponding toggle in the Settings app. +- 1 – The shortcut should be visible and grays out the corresponding toggle in the Settings app. +- 65535 (default) - There is no enforced configuration and the setting can be changed by the user. + + + + +**Start/AllowPinnedFolderDownloads** + + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobileEnterprise
cross markcross markcheck markcheck markcross markcross mark
+ + + +

This policy controls the visibility of the Downloads shortcut on the Start menu. + +

The following list shows the supported values: + +- 0 – The shortcut should be hidden and grays out the corresponding toggle in the Settings app. +- 1 – The shortcut should be visible and grays out the corresponding toggle in the Settings app. +- 65535 (default) - There is no enforced configuration and the setting can be changed by the user. + + + + +**Start/AllowPinnedFolderFileExplorer** + + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobileEnterprise
cross markcross markcheck markcheck markcross markcross mark
+ + + +

This policy controls the visibility of the File Explorer shortcut on the Start menu. + +

The following list shows the supported values: + +- 0 – The shortcut should be hidden and grays out the corresponding toggle in the Settings app. +- 1 – The shortcut should be visible and grays out the corresponding toggle in the Settings app. +- 65535 (default) - There is no enforced configuration and the setting can be changed by the user. + + + + +**Start/AllowPinnedFolderHomeGroup** + + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobileEnterprise
cross markcross markcheck markcheck markcross markcross mark
+ + + +

This policy controls the visibility of the HomeGroup shortcut on the Start menu. + +

The following list shows the supported values: + +- 0 – The shortcut should be hidden and grays out the corresponding toggle in the Settings app. +- 1 – The shortcut should be visible and grays out the corresponding toggle in the Settings app. +- 65535 (default) - There is no enforced configuration and the setting can be changed by the user. + + + + +**Start/AllowPinnedFolderMusic** + + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobileEnterprise
cross markcross markcheck markcheck markcross markcross mark
+ + + +

This policy controls the visibility of the Music shortcut on the Start menu. + +

The following list shows the supported values: + +- 0 – The shortcut should be hidden and grays out the corresponding toggle in the Settings app. +- 1 – The shortcut should be visible and grays out the corresponding toggle in the Settings app. +- 65535 (default) - There is no enforced configuration and the setting can be changed by the user. + + + + +**Start/AllowPinnedFolderNetwork** + + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobileEnterprise
cross markcross markcheck markcheck markcross markcross mark
+ + + +

This policy controls the visibility of the Network shortcut on the Start menu. + +

The following list shows the supported values: + +- 0 – The shortcut should be hidden and grays out the corresponding toggle in the Settings app. +- 1 – The shortcut should be visible and grays out the corresponding toggle in the Settings app. +- 65535 (default) - There is no enforced configuration and the setting can be changed by the user. + + + + +**Start/AllowPinnedFolderPersonalFolder** + + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobileEnterprise
cross markcross markcheck markcheck markcross markcross mark
+ + + +

This policy controls the visibility of the PersonalFolder shortcut on the Start menu. + +

The following list shows the supported values: + +- 0 – The shortcut should be hidden and grays out the corresponding toggle in the Settings app. +- 1 – The shortcut should be visible and grays out the corresponding toggle in the Settings app. +- 65535 (default) - There is no enforced configuration and the setting can be changed by the user. + + + + +**Start/AllowPinnedFolderPictures** + + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobileEnterprise
cross markcross markcheck markcheck markcross markcross mark
+ + + +

This policy controls the visibility of the Pictures shortcut on the Start menu. + +

The following list shows the supported values: + +- 0 – The shortcut should be hidden and grays out the corresponding toggle in the Settings app. +- 1 – The shortcut should be visible and grays out the corresponding toggle in the Settings app. +- 65535 (default) - There is no enforced configuration and the setting can be changed by the user. + + + + +**Start/AllowPinnedFolderSettings** + + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobileEnterprise
cross markcross markcheck markcheck markcross markcross mark
+ + + +

This policy controls the visibility of the Settings shortcut on the Start menu. + +

The following list shows the supported values: + +- 0 – The shortcut should be hidden and grays out the corresponding toggle in the Settings app. +- 1 – The shortcut should be visible and grays out the corresponding toggle in the Settings app. +- 65535 (default) - There is no enforced configuration and the setting can be changed by the user. + + + + +**Start/AllowPinnedFolderVideos** + + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobileEnterprise
cross markcross markcheck markcheck markcross markcross mark
+ + + +

This policy controls the visibility of the Videos shortcut on the Start menu. + +

The following list shows the supported values: + +- 0 – The shortcut should be hidden and grays out the corresponding toggle in the Settings app. +- 1 – The shortcut should be visible and grays out the corresponding toggle in the Settings app. +- 65535 (default) - There is no enforced configuration and the setting can be changed by the user. + From fac18ca1200bbb8c5974b62df837cf468da549a5 Mon Sep 17 00:00:00 2001 From: Nick Brower Date: Thu, 8 Jun 2017 10:44:11 -0700 Subject: [PATCH 02/25] added windows version info to each of the Start/AllowPinnedFolder* policy descriptions --- .../policy-configuration-service-provider.md | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index bca99263de..7e5e30110a 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -15980,7 +15980,7 @@ ADMX Info: -

This policy controls the visibility of the Documents shortcut on the Start menu. +

Added in Windows 10, version 1703. This policy controls the visibility of the Documents shortcut on the Start menu.

The following list shows the supported values: @@ -16017,7 +16017,7 @@ ADMX Info: -

This policy controls the visibility of the Downloads shortcut on the Start menu. +

Added in Windows 10, version 1703. This policy controls the visibility of the Downloads shortcut on the Start menu.

The following list shows the supported values: @@ -16054,7 +16054,7 @@ ADMX Info: -

This policy controls the visibility of the File Explorer shortcut on the Start menu. +

Added in Windows 10, version 1703. This policy controls the visibility of the File Explorer shortcut on the Start menu.

The following list shows the supported values: @@ -16091,7 +16091,7 @@ ADMX Info: -

This policy controls the visibility of the HomeGroup shortcut on the Start menu. +

Added in Windows 10, version 1703. This policy controls the visibility of the HomeGroup shortcut on the Start menu.

The following list shows the supported values: @@ -16128,7 +16128,7 @@ ADMX Info: -

This policy controls the visibility of the Music shortcut on the Start menu. +

Added in Windows 10, version 1703. This policy controls the visibility of the Music shortcut on the Start menu.

The following list shows the supported values: @@ -16165,7 +16165,7 @@ ADMX Info: -

This policy controls the visibility of the Network shortcut on the Start menu. +

Added in Windows 10, version 1703. This policy controls the visibility of the Network shortcut on the Start menu.

The following list shows the supported values: @@ -16202,7 +16202,7 @@ ADMX Info: -

This policy controls the visibility of the PersonalFolder shortcut on the Start menu. +

Added in Windows 10, version 1703. This policy controls the visibility of the PersonalFolder shortcut on the Start menu.

The following list shows the supported values: @@ -16239,7 +16239,7 @@ ADMX Info: -

This policy controls the visibility of the Pictures shortcut on the Start menu. +

Added in Windows 10, version 1703. This policy controls the visibility of the Pictures shortcut on the Start menu.

The following list shows the supported values: @@ -16276,7 +16276,7 @@ ADMX Info: -

This policy controls the visibility of the Settings shortcut on the Start menu. +

Added in Windows 10, version 1703. This policy controls the visibility of the Settings shortcut on the Start menu.

The following list shows the supported values: @@ -16313,7 +16313,7 @@ ADMX Info: -

This policy controls the visibility of the Videos shortcut on the Start menu. +

Added in Windows 10, version 1703. This policy controls the visibility of the Videos shortcut on the Start menu.

The following list shows the supported values: From 0d7cd460c73c0179432529862f5521588e753734 Mon Sep 17 00:00:00 2001 From: Maricia Alforque Date: Thu, 8 Jun 2017 11:01:11 -0700 Subject: [PATCH 03/25] Firewall CSP, incorporated feedback from Mihai --- windows/client-management/mdm/firewall-csp.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/client-management/mdm/firewall-csp.md b/windows/client-management/mdm/firewall-csp.md index 34913158a8..e621f09ad8 100644 --- a/windows/client-management/mdm/firewall-csp.md +++ b/windows/client-management/mdm/firewall-csp.md @@ -13,10 +13,12 @@ author: nickbrower > [!WARNING] > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. -The Firewall configuration service provider (CSP) allows the mobile device management (MDM) server to configure the Windows Defender Firewall global settings, per profile settings, as well as the desired set of custom rules to be enforced on the device. Using the Firewall CSP the IT admin can now manage both domain joined and non-domain devices, and reduce the risk of network security threats across all systems connecting to the corporate network. This CSP is new in the next major update to Windows 10. +The Firewall configuration service provider (CSP) allows the mobile device management (MDM) server to configure the Windows Defender Firewall global settings, per profile settings, as well as the desired set of custom rules to be enforced on the device. Using the Firewall CSP the IT admin can now manage non-domain devices, and reduce the risk of network security threats across all systems connecting to the corporate network. This CSP is new in the next major update to Windows 10. Firewall configuration commands must be wrapped in an Atomic block in SyncML. +For detailed information on some of the fields below see [[MS-FASP]: Firewall and Advanced Security Protocol documentation](https://msdn.microsoft.com/en-us/library/mt620101.aspx). + The following diagram shows the Firewall configuration service provider in tree format. ![firewall csp](images/provisioning-csp-firewall.png) From 9dffe4cd546ddb520e84f80cc124ab08b791c44d Mon Sep 17 00:00:00 2001 From: Nick Brower Date: Thu, 8 Jun 2017 11:12:31 -0700 Subject: [PATCH 04/25] updated SKU info for various Start/ policies --- .../policy-configuration-service-provider.md | 428 ++++++++++++++++-- 1 file changed, 398 insertions(+), 30 deletions(-) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 7e5e30110a..3cc1f3814a 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -15969,10 +15969,10 @@ ADMX Info: cross mark - cross mark + check mark2 - check mark - check mark + check mark2 + check mark2 cross mark cross mark @@ -16006,10 +16006,10 @@ ADMX Info: cross mark - cross mark + check mark2 - check mark - check mark + check mark2 + check mark2 cross mark cross mark @@ -16043,10 +16043,10 @@ ADMX Info: cross mark - cross mark + check mark2 - check mark - check mark + check mark2 + check mark2 cross mark cross mark @@ -16080,10 +16080,10 @@ ADMX Info: cross mark - cross mark + check mark2 - check mark - check mark + check mark2 + check mark2 cross mark cross mark @@ -16117,10 +16117,10 @@ ADMX Info: cross mark - cross mark + check mark2 - check mark - check mark + check mark2 + check mark2 cross mark cross mark @@ -16154,10 +16154,10 @@ ADMX Info: cross mark - cross mark + check mark2 - check mark - check mark + check mark2 + check mark2 cross mark cross mark @@ -16191,10 +16191,10 @@ ADMX Info: cross mark - cross mark + check mark2 - check mark - check mark + check mark2 + check mark2 cross mark cross mark @@ -16228,10 +16228,10 @@ ADMX Info: cross mark - cross mark + check mark2 - check mark - check mark + check mark2 + check mark2 cross mark cross mark @@ -16265,10 +16265,10 @@ ADMX Info: cross mark - cross mark + check mark2 - check mark - check mark + check mark2 + check mark2 cross mark cross mark @@ -16302,10 +16302,10 @@ ADMX Info: cross mark - cross mark + check mark2 - check mark - check mark + check mark2 + check mark2 cross mark cross mark @@ -16369,6 +16369,29 @@ ADMX Info: **Start/HideAppList** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobileEnterprise
cross markcheck mark2check mark2check mark2cross markcross mark
+ + > [!NOTE] > This policy requires reboot to take effect. @@ -16394,6 +16417,29 @@ ADMX Info: **Start/HideChangeAccountSettings** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobileEnterprise
cross markcheck mark2check mark2check mark2cross markcross mark
+ +

Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Change account settings" from appearing in the user tile. @@ -16412,6 +16458,29 @@ ADMX Info: **Start/HideFrequentlyUsedApps** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobileEnterprise
cross markcheck mark2check mark2check mark2cross markcross mark
+ + > [!NOTE] > This policy requires reboot to take effect. @@ -16437,6 +16506,29 @@ ADMX Info: **Start/HideHibernate** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobileEnterprise
cross markcheck mark2check mark2check mark2cross markcross mark
+ +

Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Hibernate" from appearing in the Power button. @@ -16458,6 +16550,29 @@ ADMX Info: **Start/HideLock** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobileEnterprise
cross markcheck mark2check mark2check mark2cross markcross mark
+ +

Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Lock" from appearing in the user tile. @@ -16476,6 +16591,29 @@ ADMX Info: **Start/HidePowerButton** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobileEnterprise
cross markcheck mark2check mark2check mark2cross markcross mark
+ + > [!NOTE] > This policy requires reboot to take effect. @@ -16497,6 +16635,29 @@ ADMX Info: **Start/HideRecentJumplists** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobileEnterprise
cross markcheck mark2check mark2check mark2cross markcross mark
+ + > [!NOTE] > This policy requires reboot to take effect. @@ -16525,6 +16686,29 @@ ADMX Info: **Start/HideRecentlyAddedApps** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobileEnterprise
cross markcheck mark2check mark2check mark2cross markcross mark
+ + > [!NOTE] > This policy requires reboot to take effect. @@ -16550,6 +16734,29 @@ ADMX Info: **Start/HideRestart** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobileEnterprise
cross markcheck mark2check mark2check mark2cross markcross mark
+ +

Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Restart" and "Update and restart" from appearing in the Power button. @@ -16568,6 +16775,29 @@ ADMX Info: **Start/HideShutDown** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobileEnterprise
cross markcheck mark2check mark2check mark2cross markcross mark
+ +

Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Shut down" and "Update and shut down" from appearing in the Power button. @@ -16586,6 +16816,29 @@ ADMX Info: **Start/HideSignOut** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobileEnterprise
cross markcheck mark2check mark2check mark2cross markcross mark
+ +

Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Sign out" from appearing in the user tile. @@ -16604,6 +16857,29 @@ ADMX Info: **Start/HideSleep** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobileEnterprise
cross markcheck mark2check mark2check mark2cross markcross mark
+ +

Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Sleep" from appearing in the Power button. @@ -16622,6 +16898,29 @@ ADMX Info: **Start/HideSwitchAccount** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobileEnterprise
cross markcheck mark2check mark2check mark2cross markcross mark
+ +

Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Switch account" from appearing in the user tile. @@ -16640,6 +16939,29 @@ ADMX Info: **Start/HideUserTile** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobileEnterprise
cross markcheck mark2check mark2check mark2cross markcross mark
+ + > [!NOTE] > This policy requires reboot to take effect. @@ -16662,6 +16984,29 @@ ADMX Info: **Start/ImportEdgeAssets** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobileEnterprise
cross markcheck mark2check mark2check mark2check mark2cross markcross mark
+ + > [!NOTE] > This policy requires reboot to take effect. @@ -16685,6 +17030,29 @@ ADMX Info: **Start/NoPinningToTaskbar** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobileEnterprise
cross markcheck mark2check mark2check mark2cross markcross mark
+ +

Added in Windows 10, version 1703. Allows IT Admins to configure the taskbar by disabling pinning and unpinning apps on the taskbar. From 6c326e3a1bcc2b80f9234dffe2a777ffb226ccac Mon Sep 17 00:00:00 2001 From: Nick Brower Date: Thu, 8 Jun 2017 11:28:37 -0700 Subject: [PATCH 05/25] restored hololens and surface hub support references; added anchor link stubs for IoT Core and EAS support --- .../policy-configuration-service-provider.md | 126 +++++++++++++++++- 1 file changed, 124 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 3cc1f3814a..fd9db32524 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -20148,7 +20148,7 @@ Footnote: -## IoT Core Support +## Policies Supported by IoT Core [ApplicationManagement/AllowDeveloperUnlock](#applicationmanagement-allowdeveloperunlock) [Authentication/AllowFastReconnect](#authentication-allowfastreconnect) @@ -20197,7 +20197,7 @@ Footnote: -## Can be set using Exchange Active Sync (EAS) +## Policies that can be set using Exchange Active Sync (EAS) [Browser/AllowBrowser](#browser-allowbrowser) [Camera/AllowCamera](#camera-allowcamera) @@ -20221,7 +20221,129 @@ Footnote: [Wifi/AllowWiFi](#wifi-allowwifi) + +## Policies supported by Windows Holographic for Business +- [Accounts/AllowMicrosoftAccountConnection](#accounts-allowmicrosoftaccountconnection) +- [ApplicationManagement/AllowAllTrustedApps](#applicationmanagement-allowalltrustedapps) +- [ApplicationManagement/AllowAppStoreAutoUpdate](#applicationmanagement-allowappstoreautoupdate) +- [ApplicationManagement/AllowDeveloperUnlock](#applicationmanagement-allowdeveloperunlock) +- [Authentication/AllowFastReconnect](#authentication-allowfastreconnect) +- [Bluetooth/AllowAdvertising](#bluetooth-allowadvertising) +- [Bluetooth/AllowDiscoverableMode](#bluetooth-allowdiscoverablemode) +- [Bluetooth/LocalDeviceName](#bluetooth-localdevicename) +- [Browser/AllowCookies](#browser-allowcookies) +- [Browser/AllowDoNotTrack](#browser-allowdonottrack) +- [Browser/AllowPasswordManager](#browser-allowpasswordmanager) +- [Browser/AllowPopups](#browser-allowpopups) +- [Browser/AllowSearchSuggestionsinAddressBar](#browser-allowsearchsuggestionsinaddressbar) +- [Browser/AllowSmartScreen](#browser-allowsmartscreen) +- [Connectivity/AllowBluetooth](#connectivity-allowbluetooth) +- [DeviceLock/AllowIdleReturnWithoutPassword](#devicelock-allowidlereturnwithoutpassword) +- [DeviceLock/DevicePasswordEnabled](#devicelock-devicepasswordenabled) +- [Experience/AllowCortana](#experience-allowcortana) +- [Experience/AllowManualMDMUnenrollment](#experience-allowmanualmdmunenrollment) +- [Privacy/AllowInputPersonalization](#privacy-allowinputpersonalization) +- [Search/AllowSearchToUseLocation](#search-allowsearchtouselocation) +- [Security/RequireDeviceEncryption](#security-requiredeviceencryption) +- [Settings/AllowDateTime](#settings-allowdatetime) +- [Settings/AllowVPN](#settings-allowvpn) +- [System/AllowLocation](#system-allowlocation) +- [System/AllowTelemetry](#system-allowtelemetry) +- [Update/AllowAutoUpdate](#update-allowautoupdate) +- [Update/AllowUpdateService](#update-allowupdateservice) +- [Update/RequireDeferUpgrade](#update-requiredeferupgrade) +- [Update/RequireUpdateApproval](#update-requireupdateapproval) +- [Update/UpdateServiceUrl](#update-updateserviceurl) + + + +## Policies supported by Microsoft Surface Hub + +- [Bluetooth/AllowAdvertising](#bluetooth-allowadvertising) +- [Bluetooth/AllowDiscoverableMode](#bluetooth-allowdiscoverablemode) +- [Bluetooth/AllowPrepairing](#bluetooth-allowprepairing) +- [Bluetooth/LocalDeviceName](#bluetooth-localdevicename) +- [Bluetooth/ServicesAllowedList](#bluetooth-servicesallowedlist) +- [Browser/HomePages](#browser-homepages) +- [Browser/AllowCookies](#browser-allowcookies) +- [Browser/AllowDeveloperTools](#browser-allowdevelopertools) +- [Browser/AllowDoNotTrack](#browser-allowdonottrack) +- [Browser/AllowPopups](#browser-allowpopups) +- [Browser/AllowSearchSuggestionsinAddressBar](#browser-allowsearchsuggestionsinaddressbar) +- [Browser/AllowSmartScreen](#browser-allowsmartscreen) +- [Browser/PreventSmartScreenPromptOverride](#browser-preventsmartscreenpromptoverride) +- [Browser/PreventSmartScreenPromptOverrideForFiles](#browser-preventsmartscreenpromptoverrideforfiles) +- [Camera/AllowCamera](#camera-allowcamera) +- [Connectivity/AllowBluetooth](#connectivity-allowbluetooth) +- [Cryptography/AllowFipsAlgorithmPolicy](#cryptography-allowfipsalgorithmpolicy) +- [Cryptography/TLSCipherSuites](#cryptography-tlsciphersuites) +- [Defender/AllowArchiveScanning](#defender-allowarchivescanning) +- [Defender/AllowBehaviorMonitoring](#defender-allowbehaviormonitoring) +- [Defender/AllowCloudProtection](#defender-allowcloudprotection) +- [Defender/AllowEmailScanning](#defender-allowemailscanning) +- [Defender/AllowFullScanOnMappedNetworkDrives](#defender-allowfullscanonmappednetworkdrives) +- [Defender/AllowFullScanRemovableDriveScanning](#defender-allowfullscanremovabledrivescanning) +- [Defender/AllowIntrusionPreventionSystem](#defender-allowintrusionpreventionsystem) +- [Defender/AllowIOAVProtection](#defender-allowioavprotection) +- [Defender/AllowOnAccessProtection](#defender-allowonaccessprotection) +- [Defender/AllowRealtimeMonitoring](#defender-allowrealtimemonitoring) +- [Defender/AllowScanningNetworkFiles](#defender-allowscanningnetworkfiles) +- [Defender/AllowScriptScanning](#defender-allowscriptscanning) +- [Defender/AllowUserUIAccess](#defender-allowuseruiaccess) +- [Defender/AvgCPULoadFactor](#defender-avgcpuloadfactor) +- [Defender/DaysToRetainCleanedMalware](#defender-daystoretaincleanedmalware) +- [Defender/ExcludedExtensions](#defender-excludedextensions) +- [Defender/ExcludedPaths](#defender-excludedpaths) +- [Defender/ExcludedProcesses](#defender-excludedprocesses) +- [Defender/PUAProtection](#defender-puaprotection) +- [Defender/RealTimeScanDirection](#defender-realtimescandirection) +- [Defender/ScanParameter](#defender-scanparameter) +- [Defender/ScheduleQuickScanTime](#defender-schedulequickscantime) +- [Defender/ScheduleScanDay](#defender-schedulescanday) +- [Defender/ScheduleScanTime](#defender-schedulescantime) +- [Defender/SignatureUpdateInterval](#defender-signatureupdateinterval) +- [Defender/SubmitSamplesConsent](#defender-submitsamplesconsent) +- [Defender/ThreatSeverityDefaultAction](#defender-threatseveritydefaultaction) +- [DeliveryOptimization/DOAbsoluteMaxCacheSize](#deliveryoptimization-doabsolutemaxcachesize) +- [DeliveryOptimization/DOAllowVPNPeerCaching](#deliveryoptimization-doallowvpnpeercaching) +- [DeliveryOptimization/DODownloadMode](#deliveryoptimization-dodownloadmode) +- [DeliveryOptimization/DOGroupId](#deliveryoptimization-dogroupid) +- [DeliveryOptimization/DOMaxCacheAge](#deliveryoptimization-domaxcacheage) +- [DeliveryOptimization/DOMaxCacheSize](#deliveryoptimization-domaxcachesize) +- [DeliveryOptimization/DOMaxDownloadBandwidth](#deliveryoptimization-domaxdownloadbandwidth) +- [DeliveryOptimization/DOMaxUploadBandwidth](#deliveryoptimization-domaxuploadbandwidth) +- [DeliveryOptimization/DOMinBackgroundQos](#deliveryoptimization-dominbackgroundqos) +- [DeliveryOptimization/DOMinDiskSizeAllowedToPeer](#deliveryoptimization-domindisksizeallowedtopeer) +- [DeliveryOptimization/DOMinFileSizeToCache](#deliveryoptimization-dominfilesizetocache) +- [DeliveryOptimization/DOMinRAMAllowedToPeer](#deliveryoptimization-dominramallowedtopeer) +- [DeliveryOptimization/DOModifyCacheDrive](#deliveryoptimization-domodifycachedrive) +- [DeliveryOptimization/DOMonthlyUploadDataCap](#deliveryoptimization-domonthlyuploaddatacap) +- [DeliveryOptimization/DOPercentageMaxDownloadBandwidth](#deliveryoptimization-dopercentagemaxdownloadbandwidth) +- [Security/RequireProvisioningPackageSignature](#security-requireprovisioningpackagesignature) +- [Security/RequireRetrieveHealthCertificateOnBoot](#security-requireretrievehealthcertificateonboot) +- [System/AllowLocation](#system-allowlocation) +- [System/AllowTelemetry](#system-allowtelemetry) +- [TextInput/AllowIMELogging](#textinput-allowimelogging) +- [TextInput/AllowIMENetworkAccess](#textinput-allowimenetworkaccess) +- [TextInput/AllowInputPanel](#textinput-allowinputpanel) +- [TextInput/AllowJapaneseIMESurrogatePairCharacters](#textinput-allowjapaneseimesurrogatepaircharacters) +- [TextInput/AllowJapaneseIVSCharacters](#textinput-allowjapaneseivscharacters) +- [TextInput/AllowJapaneseNonPublishingStandardGlyph](#textinput-allowjapanesenonpublishingstandardglyph) +- [TextInput/AllowJapaneseUserDictionary](#textinput-allowjapaneseuserdictionary) +- [TextInput/AllowLanguageFeaturesUninstall](#textinput-allowlanguagefeaturesuninstall) +- [TextInput/ExcludeJapaneseIMEExceptJIS0208](#textinput-excludejapaneseimeexceptjis0208) +- [TextInput/ExcludeJapaneseIMEExceptJIS0208andEUDC](#textinput-excludejapaneseimeexceptjis0208andeudc) +- [TextInput/ExcludeJapaneseIMEExceptShiftJIS](#textinput-excludejapaneseimeexceptshiftjis) +- [Update/AllowAutoUpdate](#update-allowautoupdate) +- [Update/AllowUpdateService](#update-allowupdateservice) +- [Update/BranchReadinessLevel](#update-branchreadinesslevel) +- [Update/DeferFeatureUpdatesPeriodInDays](#update-deferfeatureupdatesperiodindays) +- [Update/DeferQualityUpdatesPeriodInDays](#update-deferqualityupdatesperiodindays) +- [Update/PauseFeatureUpdates](#update-pausefeatureupdates) +- [Update/PauseQualityUpdates](#update-pausequalityupdates) +- [Update/UpdateServiceUrl](#update-updateserviceurl) + ## Examples From 070f2835284723ae1fe3e54118dcbfdb8bf09cd4 Mon Sep 17 00:00:00 2001 From: Nick Brower Date: Thu, 8 Jun 2017 13:30:32 -0700 Subject: [PATCH 06/25] put EAS at the end of support lists --- .../policy-configuration-service-provider.md | 50 +++++++++---------- 1 file changed, 25 insertions(+), 25 deletions(-) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index fd9db32524..221b5b47f9 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -20196,31 +20196,6 @@ Footnote: [Wifi/WLANScanMode](#wifi-wlanscanmode) - -## Policies that can be set using Exchange Active Sync (EAS) - -[Browser/AllowBrowser](#browser-allowbrowser) -[Camera/AllowCamera](#camera-allowcamera) -[Connectivity/AllowBluetooth](#connectivity-allowbluetooth) -[Connectivity/AllowCellularDataRoaming](#connectivity-allowcellulardataroaming) -[Connectivity/AllowUSBConnection](#connectivity-allowusbconnection) -[DeviceLock/AllowSimpleDevicePassword](#devicelock-allowsimpledevicepassword) -[DeviceLock/AlphanumericDevicePasswordRequired](#devicelock-alphanumericdevicepasswordrequired) -[DeviceLock/DevicePasswordEnabled](#devicelock-devicepasswordenabled) -[DeviceLock/DevicePasswordExpiration](#devicelock-devicepasswordexpiration) -[DeviceLock/DevicePasswordHistory](#devicelock-devicepasswordhistory) -[DeviceLock/MaxDevicePasswordFailedAttempts](#devicelock-maxdevicepasswordfailedattempts) -[DeviceLock/MaxInactivityTimeDeviceLock](#devicelock-maxinactivitytimedevicelock) -[DeviceLock/MinDevicePasswordComplexCharacters](#devicelock-mindevicepasswordcomplexcharacters) -[DeviceLock/MinDevicePasswordLength](#devicelock-mindevicepasswordlength) -[Search/AllowSearchToUseLocation](#search-allowsearchtouselocation) -[Security/RequireDeviceEncryption](#security-requiredeviceencryption) -[System/AllowStorageCard](#system-allowstoragecard) -[System/TelemetryProxy](#system-telemetryproxy) -[Wifi/AllowInternetSharing](#wifi-allowinternetsharing) -[Wifi/AllowWiFi](#wifi-allowwifi) - - ## Policies supported by Windows Holographic for Business @@ -20345,6 +20320,31 @@ Footnote: - [Update/UpdateServiceUrl](#update-updateserviceurl) + +## Policies that can be set using Exchange Active Sync (EAS) + +[Browser/AllowBrowser](#browser-allowbrowser) +[Camera/AllowCamera](#camera-allowcamera) +[Connectivity/AllowBluetooth](#connectivity-allowbluetooth) +[Connectivity/AllowCellularDataRoaming](#connectivity-allowcellulardataroaming) +[Connectivity/AllowUSBConnection](#connectivity-allowusbconnection) +[DeviceLock/AllowSimpleDevicePassword](#devicelock-allowsimpledevicepassword) +[DeviceLock/AlphanumericDevicePasswordRequired](#devicelock-alphanumericdevicepasswordrequired) +[DeviceLock/DevicePasswordEnabled](#devicelock-devicepasswordenabled) +[DeviceLock/DevicePasswordExpiration](#devicelock-devicepasswordexpiration) +[DeviceLock/DevicePasswordHistory](#devicelock-devicepasswordhistory) +[DeviceLock/MaxDevicePasswordFailedAttempts](#devicelock-maxdevicepasswordfailedattempts) +[DeviceLock/MaxInactivityTimeDeviceLock](#devicelock-maxinactivitytimedevicelock) +[DeviceLock/MinDevicePasswordComplexCharacters](#devicelock-mindevicepasswordcomplexcharacters) +[DeviceLock/MinDevicePasswordLength](#devicelock-mindevicepasswordlength) +[Search/AllowSearchToUseLocation](#search-allowsearchtouselocation) +[Security/RequireDeviceEncryption](#security-requiredeviceencryption) +[System/AllowStorageCard](#system-allowstoragecard) +[System/TelemetryProxy](#system-telemetryproxy) +[Wifi/AllowInternetSharing](#wifi-allowinternetsharing) +[Wifi/AllowWiFi](#wifi-allowwifi) + + ## Examples Set the minimum password length to 4 characters. From 01b4bc5a4ba94da144e3090a2bc9864b9e0d4757 Mon Sep 17 00:00:00 2001 From: Nick Brower Date: Thu, 8 Jun 2017 14:45:45 -0700 Subject: [PATCH 07/25] updated iot core, surfacehub, and hololens support lists with respect to RS2 --- .../policy-configuration-service-provider.md | 180 +++++++++++------- 1 file changed, 114 insertions(+), 66 deletions(-) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 221b5b47f9..2b736b3054 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -20150,50 +20150,59 @@ Footnote: ## Policies Supported by IoT Core -[ApplicationManagement/AllowDeveloperUnlock](#applicationmanagement-allowdeveloperunlock) -[Authentication/AllowFastReconnect](#authentication-allowfastreconnect) -[Bluetooth/AllowAdvertising](#bluetooth-allowadvertising) -[Bluetooth/AllowDiscoverableMode](#bluetooth-allowdiscoverablemode) -[Bluetooth/LocalDeviceName](#bluetooth-localdevicename) -[Bluetooth/ServicesAllowedList](#bluetooth-servicesallowedlist) -[Browser/AllowAutofill](#browser-allowautofill) -[Browser/AllowBrowser](#browser-allowbrowser) -[Browser/AllowCookies](#browser-allowcookies) -[Browser/AllowDoNotTrack](#browser-allowdonottrack) -[Browser/AllowInPrivate](#browser-allowinprivate) -[Browser/AllowPasswordManager](#browser-allowpasswordmanager) -[Browser/AllowPopups](#browser-allowpopups) -[Browser/AllowSearchSuggestionsinAddressBar](#browser-allowsearchsuggestionsinaddressbar) -[Browser/EnterpriseModeSiteList](#browser-enterprisemodesitelist) -[Browser/EnterpriseSiteListServiceUrl](#browser-enterprisesitelistserviceurl) -[Browser/SendIntranetTraffictoInternetExplorer](#browser-sendintranettraffictointernetexplorer) -[Camera/AllowCamera](#camera-allowcamera) -[Connectivity/AllowBluetooth](#connectivity-allowbluetooth) -[Connectivity/AllowCellularDataRoaming](#connectivity-allowcellulardataroaming) -[Connectivity/AllowNFC](#connectivity-allownfc) -[Connectivity/AllowUSBConnection](#connectivity-allowusbconnection) -[Connectivity/AllowVPNOverCellular](#connectivity-allowvpnovercellular) -[Connectivity/AllowVPNRoamingOverCellular](#connectivity-allowvpnroamingovercellular) -[DataProtection/AllowDirectMemoryAccess](#dataprotection-allowdirectmemoryaccess) -[Security/AllowAddProvisioningPackage](#security-allowaddprovisioningpackage) -[Security/AllowRemoveProvisioningPackage](#security-allowremoveprovisioningpackage) -[Security/RequireDeviceEncryption](#security-requiredeviceencryption) -[Security/RequireProvisioningPackageSignature](#security-requireprovisioningpackagesignature) -[System/AllowEmbeddedMode](#system-allowembeddedmode) -[System/AllowStorageCard](#system-allowstoragecard) -[System/TelemetryProxy](#system-telemetryproxy) -[Update/AllowNonMicrosoftSignedUpdate](#update-allownonmicrosoftsignedupdate) -[Update/AllowUpdateService](#update-allowupdateservice) -[Update/PauseDeferrals](#update-pausedeferrals) -[Update/RequireDeferUpgrade](#update-requiredeferupgrade) -[Update/RequireUpdateApproval](#update-requireupdateapproval) -[Update/ScheduledInstallDay](#update-scheduledinstallday) -[Update/ScheduledInstallTime](#update-scheduledinstalltime) -[Update/UpdateServiceUrl](#update-updateserviceurl) -[Wifi/AllowAutoConnectToWiFiSenseHotspots](#wifi-allowautoconnecttowifisensehotspots) -[Wifi/AllowInternetSharing](#wifi-allowinternetsharing) -[Wifi/AllowWiFi](#wifi-allowwifi) -[Wifi/WLANScanMode](#wifi-wlanscanmode) +- [ApplicationManagement/AllowDeveloperUnlock](#applicationmanagement-allowdeveloperunlock) +- [Authentication/AllowFastReconnect](#authentication-allowfastreconnect) +- [Bluetooth/AllowAdvertising](#bluetooth-allowadvertising) +- [Bluetooth/AllowDiscoverableMode](#bluetooth-allowdiscoverablemode) +- [Bluetooth/LocalDeviceName](#bluetooth-localdevicename) +- [Bluetooth/ServicesAllowedList](#bluetooth-servicesallowedlist) +- [Browser/AllowAutofill](#browser-allowautofill) +- [Browser/AllowBrowser](#browser-allowbrowser) +- [Browser/AllowCookies](#browser-allowcookies) +- [Browser/AllowDoNotTrack](#browser-allowdonottrack) +- [Browser/AllowInPrivate](#browser-allowinprivate) +- [Browser/AllowPasswordManager](#browser-allowpasswordmanager) +- [Browser/AllowPopups](#browser-allowpopups) +- [Browser/AllowSearchSuggestionsinAddressBar](#browser-allowsearchsuggestionsinaddressbar) +- [Browser/EnterpriseModeSiteList](#browser-enterprisemodesitelist) +- [Browser/EnterpriseSiteListServiceUrl](#browser-enterprisesitelistserviceurl) +- [Browser/SendIntranetTraffictoInternetExplorer](#browser-sendintranettraffictointernetexplorer) +- [Camera/AllowCamera](#camera-allowcamera) +- [Connectivity/AllowBluetooth](#connectivity-allowbluetooth) +- [Connectivity/AllowCellularDataRoaming](#connectivity-allowcellulardataroaming) +- [Connectivity/AllowNFC](#connectivity-allownfc) +- [Connectivity/AllowUSBConnection](#connectivity-allowusbconnection) +- [Connectivity/AllowVPNOverCellular](#connectivity-allowvpnovercellular) +- [Connectivity/AllowVPNRoamingOverCellular](#connectivity-allowvpnroamingovercellular) +- [DataProtection/AllowDirectMemoryAccess](#dataprotection-allowdirectmemoryaccess) +- [Privacy/LetAppsGetDiagnosticInfo](#privacy-letappsgetdiagnosticinfo) +- [Privacy/LetAppsGetDiagnosticInfo_ForceAllowTheseApps](#privacy-letappsgetdiagnosticinfo-forceallowtheseapps) +- [Privacy/LetAppsGetDiagnosticInfo_ForceDenyTheseApps](#privacy-letappsgetdiagnosticinfo-forcedenytheseapps) +- [Privacy/LetAppsGetDiagnosticInfo_UserInControlOfTheseApps](#privacy-letappsgetdiagnosticinfo-userincontroloftheseapps) +- [Privacy/LetAppsRunInBackground](#privacy-letappsruninbackground) +- [Privacy/LetAppsRunInBackground_ForceAllowTheseApps](#privacy-letappsruninbackground-forceallowtheseapps) +- [Privacy/LetAppsRunInBackground_ForceDenyTheseApps](#privacy-letappsruninbackground-forcedenytheseapps) +- [Privacy/LetAppsRunInBackground_UserInControlOfTheseApps](#privacy-letappsruninbackground-userincontroloftheseapps) +- [Security/AllowAddProvisioningPackage](#security-allowaddprovisioningpackage) +- [Security/AllowRemoveProvisioningPackage](#security-allowremoveprovisioningpackage) +- [Security/RequireDeviceEncryption](#security-requiredeviceencryption) +- [Security/RequireProvisioningPackageSignature](#security-requireprovisioningpackagesignature) +- [System/AllowEmbeddedMode](#system-allowembeddedmode) +- [System/AllowFontProviders](#system-allowfontproviders) +- [System/AllowStorageCard](#system-allowstoragecard) +- [System/TelemetryProxy](#system-telemetryproxy) +- [Update/AllowNonMicrosoftSignedUpdate](#update-allownonmicrosoftsignedupdate) +- [Update/AllowUpdateService](#update-allowupdateservice) +- [Update/PauseDeferrals](#update-pausedeferrals) +- [Update/RequireDeferUpgrade](#update-requiredeferupgrade) +- [Update/RequireUpdateApproval](#update-requireupdateapproval) +- [Update/ScheduledInstallDay](#update-scheduledinstallday) +- [Update/ScheduledInstallTime](#update-scheduledinstalltime) +- [Update/UpdateServiceUrl](#update-updateserviceurl) +- [Wifi/AllowAutoConnectToWiFiSenseHotspots](#wifi-allowautoconnecttowifisensehotspots) +- [Wifi/AllowInternetSharing](#wifi-allowinternetsharing) +- [Wifi/AllowWiFi](#wifi-allowwifi) +- [Wifi/WLANScanMode](#wifi-wlanscanmode) @@ -20218,7 +20227,16 @@ Footnote: - [DeviceLock/DevicePasswordEnabled](#devicelock-devicepasswordenabled) - [Experience/AllowCortana](#experience-allowcortana) - [Experience/AllowManualMDMUnenrollment](#experience-allowmanualmdmunenrollment) -- [Privacy/AllowInputPersonalization](#privacy-allowinputpersonalization) +- [Privacy/AllowInputPersonalization](#privacy-allowinputpersonalization) +- [Privacy/LetAppsGetDiagnosticInfo](#privacy-letappsgetdiagnosticinfo) +- [Privacy/LetAppsGetDiagnosticInfo_ForceAllowTheseApps](#privacy-letappsgetdiagnosticinfo-forceallowtheseapps) +- [Privacy/LetAppsGetDiagnosticInfo_ForceDenyTheseApps](#privacy-letappsgetdiagnosticinfo-forcedenytheseapps) +- [Privacy/LetAppsGetDiagnosticInfo_UserInControlOfTheseApps](#privacy-letappsgetdiagnosticinfo-userincontroloftheseapps) +- [Privacy/LetAppsRunInBackground](#privacy-letappsruninbackground) +- [Privacy/LetAppsRunInBackground_ForceAllowTheseApps](#privacy-letappsruninbackground-forceallowtheseapps) +- [Privacy/LetAppsRunInBackground_ForceDenyTheseApps](#privacy-letappsruninbackground-forcedenytheseapps) +- [Privacy/LetAppsRunInBackground_UserInControlOfTheseApps](#privacy-letappsruninbackground-userincontroloftheseapps) +- [System/AllowFontProviders](#system-allowfontproviders) - [Search/AllowSearchToUseLocation](#search-allowsearchtouselocation) - [Security/RequireDeviceEncryption](#security-requiredeviceencryption) - [Settings/AllowDateTime](#settings-allowdatetime) @@ -20235,22 +20253,32 @@ Footnote: ## Policies supported by Microsoft Surface Hub +- [ApplicationDefaults/DefaultAssociationsConfiguration](#applicationdefaults-defaultassociationsconfiguration) - [Bluetooth/AllowAdvertising](#bluetooth-allowadvertising) - [Bluetooth/AllowDiscoverableMode](#bluetooth-allowdiscoverablemode) - [Bluetooth/AllowPrepairing](#bluetooth-allowprepairing) - [Bluetooth/LocalDeviceName](#bluetooth-localdevicename) - [Bluetooth/ServicesAllowedList](#bluetooth-servicesallowedlist) -- [Browser/HomePages](#browser-homepages) +- [Browser/AllowAddressBarDropdown](#browser-allowaddressbardropdown) - [Browser/AllowCookies](#browser-allowcookies) - [Browser/AllowDeveloperTools](#browser-allowdevelopertools) - [Browser/AllowDoNotTrack](#browser-allowdonottrack) +- [Browser/AllowMicrosoftCompatibilityList](#browser-allowmicrosoftcompatibilitylist) - [Browser/AllowPopups](#browser-allowpopups) - [Browser/AllowSearchSuggestionsinAddressBar](#browser-allowsearchsuggestionsinaddressbar) - [Browser/AllowSmartScreen](#browser-allowsmartscreen) +- [Browser/ClearBrowsingDataOnExit](#browser-clearbrowsingdataonexit) +- [Browser/ConfigureAdditionalSearchEngines](#browser-configureadditionalsearchengines) +- [Browser/DisableLockdownOfStartPages](#browser-disablelockdownofstartpages) +- [Browser/HomePages](#browser-homepages) +- [Browser/PreventLiveTileDataCollection](#browser-preventlivetiledatacollection) - [Browser/PreventSmartScreenPromptOverride](#browser-preventsmartscreenpromptoverride) - [Browser/PreventSmartScreenPromptOverrideForFiles](#browser-preventsmartscreenpromptoverrideforfiles) +- [Browser/SetDefaultSearchEngine](#browser-setdefaultsearchengine) - [Camera/AllowCamera](#camera-allowcamera) +- [ConfigOperations/ADMXInstall](#configoperations-admxinstall) - [Connectivity/AllowBluetooth](#connectivity-allowbluetooth) +- [Connectivity/AllowConnectedDevices](#connectivity-allowconnecteddevices) - [Cryptography/AllowFipsAlgorithmPolicy](#cryptography-allowfipsalgorithmpolicy) - [Cryptography/TLSCipherSuites](#cryptography-tlsciphersuites) - [Defender/AllowArchiveScanning](#defender-allowarchivescanning) @@ -20295,8 +20323,18 @@ Footnote: - [DeliveryOptimization/DOModifyCacheDrive](#deliveryoptimization-domodifycachedrive) - [DeliveryOptimization/DOMonthlyUploadDataCap](#deliveryoptimization-domonthlyuploaddatacap) - [DeliveryOptimization/DOPercentageMaxDownloadBandwidth](#deliveryoptimization-dopercentagemaxdownloadbandwidth) +- [DeviceGuard/AllowKernelControlFlowGuard](#deviceguard-allowkernelcontrolflowguard) +- [Privacy/LetAppsGetDiagnosticInfo](#privacy-letappsgetdiagnosticinfo) +- [Privacy/LetAppsGetDiagnosticInfo_ForceAllowTheseApps](#privacy-letappsgetdiagnosticinfo-forceallowtheseapps) +- [Privacy/LetAppsGetDiagnosticInfo_ForceDenyTheseApps](#privacy-letappsgetdiagnosticinfo-forcedenytheseapps) +- [Privacy/LetAppsGetDiagnosticInfo_UserInControlOfTheseApps](#privacy-letappsgetdiagnosticinfo-userincontroloftheseapps) +- [Privacy/LetAppsRunInBackground](#privacy-letappsruninbackground) +- [Privacy/LetAppsRunInBackground_ForceAllowTheseApps](#privacy-letappsruninbackground-forceallowtheseapps) +- [Privacy/LetAppsRunInBackground_ForceDenyTheseApps](#privacy-letappsruninbackground-forcedenytheseapps) +- [Privacy/LetAppsRunInBackground_UserInControlOfTheseApps](#privacy-letappsruninbackground-userincontroloftheseapps) - [Security/RequireProvisioningPackageSignature](#security-requireprovisioningpackagesignature) - [Security/RequireRetrieveHealthCertificateOnBoot](#security-requireretrievehealthcertificateonboot) +- [System/AllowFontProviders](#system-allowfontproviders) - [System/AllowLocation](#system-allowlocation) - [System/AllowTelemetry](#system-allowtelemetry) - [TextInput/AllowIMELogging](#textinput-allowimelogging) @@ -20310,39 +20348,49 @@ Footnote: - [TextInput/ExcludeJapaneseIMEExceptJIS0208](#textinput-excludejapaneseimeexceptjis0208) - [TextInput/ExcludeJapaneseIMEExceptJIS0208andEUDC](#textinput-excludejapaneseimeexceptjis0208andeudc) - [TextInput/ExcludeJapaneseIMEExceptShiftJIS](#textinput-excludejapaneseimeexceptshiftjis) +- [TimeLanguageSettings/Set24HourClock](#timelanguagesettings-set24hourclock) +- [TimeLanguageSettings/SetCountry](#timelanguagesettings-setcountry) +- [TimeLanguageSettings/SetLanguage](#timelanguagesettings-setlanguage) - [Update/AllowAutoUpdate](#update-allowautoupdate) - [Update/AllowUpdateService](#update-allowupdateservice) +- [Update/AutoRestartNotificationSchedule](#update-autorestartnotificationschedule) +- [Update/AutoRestartRequiredNotificationDismissal](#update-autorestartrequirednotificationdismissal) - [Update/BranchReadinessLevel](#update-branchreadinesslevel) - [Update/DeferFeatureUpdatesPeriodInDays](#update-deferfeatureupdatesperiodindays) - [Update/DeferQualityUpdatesPeriodInDays](#update-deferqualityupdatesperiodindays) +- [Update/DetectionFrequency](#update-detectionfrequency) - [Update/PauseFeatureUpdates](#update-pausefeatureupdates) - [Update/PauseQualityUpdates](#update-pausequalityupdates) +- [Update/ScheduleImminentRestartWarning](#update-scheduleimminentrestartwarning) +- [Update/ScheduleRestartWarning](#update-schedulerestartwarning) +- [Update/SetAutoRestartNotificationDisable](#update-setautorestartnotificationdisable) - [Update/UpdateServiceUrl](#update-updateserviceurl) +- [Update/UpdateServiceUrlAlternate](#update-updateserviceurlalternate) ## Policies that can be set using Exchange Active Sync (EAS) -[Browser/AllowBrowser](#browser-allowbrowser) -[Camera/AllowCamera](#camera-allowcamera) -[Connectivity/AllowBluetooth](#connectivity-allowbluetooth) -[Connectivity/AllowCellularDataRoaming](#connectivity-allowcellulardataroaming) -[Connectivity/AllowUSBConnection](#connectivity-allowusbconnection) -[DeviceLock/AllowSimpleDevicePassword](#devicelock-allowsimpledevicepassword) -[DeviceLock/AlphanumericDevicePasswordRequired](#devicelock-alphanumericdevicepasswordrequired) -[DeviceLock/DevicePasswordEnabled](#devicelock-devicepasswordenabled) -[DeviceLock/DevicePasswordExpiration](#devicelock-devicepasswordexpiration) -[DeviceLock/DevicePasswordHistory](#devicelock-devicepasswordhistory) -[DeviceLock/MaxDevicePasswordFailedAttempts](#devicelock-maxdevicepasswordfailedattempts) -[DeviceLock/MaxInactivityTimeDeviceLock](#devicelock-maxinactivitytimedevicelock) -[DeviceLock/MinDevicePasswordComplexCharacters](#devicelock-mindevicepasswordcomplexcharacters) -[DeviceLock/MinDevicePasswordLength](#devicelock-mindevicepasswordlength) -[Search/AllowSearchToUseLocation](#search-allowsearchtouselocation) -[Security/RequireDeviceEncryption](#security-requiredeviceencryption) -[System/AllowStorageCard](#system-allowstoragecard) -[System/TelemetryProxy](#system-telemetryproxy) -[Wifi/AllowInternetSharing](#wifi-allowinternetsharing) -[Wifi/AllowWiFi](#wifi-allowwifi) +- [Browser/AllowBrowser](#browser-allowbrowser) +- [Camera/AllowCamera](#camera-allowcamera) +- [Connectivity/AllowBluetooth](#connectivity-allowbluetooth) +- [Connectivity/AllowCellularDataRoaming](#connectivity-allowcellulardataroaming) +- [Connectivity/AllowUSBConnection](#connectivity-allowusbconnection) +- [DeviceLock/AllowSimpleDevicePassword](#devicelock-allowsimpledevicepassword) +- [DeviceLock/AlphanumericDevicePasswordRequired](#devicelock-alphanumericdevicepasswordrequired) +- [DeviceLock/DevicePasswordEnabled](#devicelock-devicepasswordenabled) +- [DeviceLock/DevicePasswordExpiration](#devicelock-devicepasswordexpiration) +- [DeviceLock/DevicePasswordHistory](#devicelock-devicepasswordhistory) +- [DeviceLock/MaxDevicePasswordFailedAttempts](#devicelock-maxdevicepasswordfailedattempts) +- [DeviceLock/MaxInactivityTimeDeviceLock](#devicelock-maxinactivitytimedevicelock) +- [DeviceLock/MinDevicePasswordComplexCharacters](#devicelock-mindevicepasswordcomplexcharacters) +- [DeviceLock/MinDevicePasswordLength](#devicelock-mindevicepasswordlength) +- [Search/AllowSearchToUseLocation](#search-allowsearchtouselocation) +- [Security/RequireDeviceEncryption](#security-requiredeviceencryption) +- [System/AllowStorageCard](#system-allowstoragecard) +- [System/TelemetryProxy](#system-telemetryproxy) +- [Wifi/AllowInternetSharing](#wifi-allowinternetsharing) +- [Wifi/AllowWiFi](#wifi-allowwifi) ## Examples From 64df49c615727b25263d7ab0d34ca4922bfef09f Mon Sep 17 00:00:00 2001 From: Nick Brower Date: Thu, 8 Jun 2017 15:15:10 -0700 Subject: [PATCH 08/25] added important message about user only policy: Notifications/DisallowNotificationMirroring --- .../mdm/policy-configuration-service-provider.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 2b736b3054..83d5f832cc 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -11587,6 +11587,13 @@ fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff

Added in Windows 10, version 1607. Boolean value that turns off notification mirroring. +> [!IMPORTANT] +> This node must be accessed using the following paths: +> +> - **./User/Vendor/MSFT/Policy/Config/Notifications/DisallowNotificationMirroring** to set the policy. +> - **./User/Vendor/MSFT/Policy/Result/Notifications/DisallowNotificationMirroring** to get the result. + +

For each user logged into the device, if you enable this policy (set value to 1) the app and system notifications received by this user on this device will not get mirrored to other devices of the same logged in user. If you disable or do not configure this policy (set value to 0) the notifications received by this user on this device will be mirrored to other devices of the same logged in user. This feature can be turned off by apps that do not want to participate in Notification Mirroring. This feature can also be turned off by the user in the Cortana setting page.

No reboot or service restart is required for this policy to take effect. From 5871f5074ec7b99464fd6b9bc497f5c1927a30a0 Mon Sep 17 00:00:00 2001 From: Nick Brower Date: Thu, 8 Jun 2017 15:29:54 -0700 Subject: [PATCH 09/25] updated Start/AllowPinnedFolder* policies with response from tech review --- .../policy-configuration-service-provider.md | 40 +++++++++---------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 83d5f832cc..1fb89dc1e2 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -15991,8 +15991,8 @@ ADMX Info:

The following list shows the supported values: -- 0 – The shortcut should be hidden and grays out the corresponding toggle in the Settings app. -- 1 – The shortcut should be visible and grays out the corresponding toggle in the Settings app. +- 0 – The shortcut is hidden and disables the setting in the Settings app. +- 1 – The shortcut is visible and disables the setting in the Settings app. - 65535 (default) - There is no enforced configuration and the setting can be changed by the user. @@ -16028,8 +16028,8 @@ ADMX Info:

The following list shows the supported values: -- 0 – The shortcut should be hidden and grays out the corresponding toggle in the Settings app. -- 1 – The shortcut should be visible and grays out the corresponding toggle in the Settings app. +- 0 – The shortcut is hidden and disables the setting in the Settings app. +- 1 – The shortcut is visible and disables the setting in the Settings app. - 65535 (default) - There is no enforced configuration and the setting can be changed by the user. @@ -16065,8 +16065,8 @@ ADMX Info:

The following list shows the supported values: -- 0 – The shortcut should be hidden and grays out the corresponding toggle in the Settings app. -- 1 – The shortcut should be visible and grays out the corresponding toggle in the Settings app. +- 0 – The shortcut is hidden and disables the setting in the Settings app. +- 1 – The shortcut is visible and disables the setting in the Settings app. - 65535 (default) - There is no enforced configuration and the setting can be changed by the user. @@ -16102,8 +16102,8 @@ ADMX Info:

The following list shows the supported values: -- 0 – The shortcut should be hidden and grays out the corresponding toggle in the Settings app. -- 1 – The shortcut should be visible and grays out the corresponding toggle in the Settings app. +- 0 – The shortcut is hidden and disables the setting in the Settings app. +- 1 – The shortcut is visible and disables the setting in the Settings app. - 65535 (default) - There is no enforced configuration and the setting can be changed by the user. @@ -16139,8 +16139,8 @@ ADMX Info:

The following list shows the supported values: -- 0 – The shortcut should be hidden and grays out the corresponding toggle in the Settings app. -- 1 – The shortcut should be visible and grays out the corresponding toggle in the Settings app. +- 0 – The shortcut is hidden and disables the setting in the Settings app. +- 1 – The shortcut is visible and disables the setting in the Settings app. - 65535 (default) - There is no enforced configuration and the setting can be changed by the user. @@ -16176,8 +16176,8 @@ ADMX Info:

The following list shows the supported values: -- 0 – The shortcut should be hidden and grays out the corresponding toggle in the Settings app. -- 1 – The shortcut should be visible and grays out the corresponding toggle in the Settings app. +- 0 – The shortcut is hidden and disables the setting in the Settings app. +- 1 – The shortcut is visible and disables the setting in the Settings app. - 65535 (default) - There is no enforced configuration and the setting can be changed by the user. @@ -16213,8 +16213,8 @@ ADMX Info:

The following list shows the supported values: -- 0 – The shortcut should be hidden and grays out the corresponding toggle in the Settings app. -- 1 – The shortcut should be visible and grays out the corresponding toggle in the Settings app. +- 0 – The shortcut is hidden and disables the setting in the Settings app. +- 1 – The shortcut is visible and disables the setting in the Settings app. - 65535 (default) - There is no enforced configuration and the setting can be changed by the user. @@ -16250,8 +16250,8 @@ ADMX Info:

The following list shows the supported values: -- 0 – The shortcut should be hidden and grays out the corresponding toggle in the Settings app. -- 1 – The shortcut should be visible and grays out the corresponding toggle in the Settings app. +- 0 – The shortcut is hidden and disables the setting in the Settings app. +- 1 – The shortcut is visible and disables the setting in the Settings app. - 65535 (default) - There is no enforced configuration and the setting can be changed by the user. @@ -16287,8 +16287,8 @@ ADMX Info:

The following list shows the supported values: -- 0 – The shortcut should be hidden and grays out the corresponding toggle in the Settings app. -- 1 – The shortcut should be visible and grays out the corresponding toggle in the Settings app. +- 0 – The shortcut is hidden and disables the setting in the Settings app. +- 1 – The shortcut is visible and disables the setting in the Settings app. - 65535 (default) - There is no enforced configuration and the setting can be changed by the user. @@ -16324,8 +16324,8 @@ ADMX Info:

The following list shows the supported values: -- 0 – The shortcut should be hidden and grays out the corresponding toggle in the Settings app. -- 1 – The shortcut should be visible and grays out the corresponding toggle in the Settings app. +- 0 – The shortcut is hidden and disables the setting in the Settings app. +- 1 – The shortcut is visible and disables the setting in the Settings app. - 65535 (default) - There is no enforced configuration and the setting can be changed by the user. From 4fc05c60643abcce4a71e1a552e6d15c53a498b7 Mon Sep 17 00:00:00 2001 From: Celeste de Guzman Date: Thu, 8 Jun 2017 15:50:06 -0700 Subject: [PATCH 10/25] emergency update to correct DL for ad free search email alias, per PM, and to include SUSPC in the MS Edu hub --- education/index.md | 38 +++++++++++++++++++ .../configure-windows-for-education.md | 2 +- 2 files changed, 39 insertions(+), 1 deletion(-) diff --git a/education/index.md b/education/index.md index 0bb10155b3..95fdcd0939 100644 --- a/education/index.md +++ b/education/index.md @@ -207,6 +207,25 @@ author: CelesteDG +

  • + +
    +
    +
    +
    +
    + Set up School PCs +
    +
    +
    +

    Set up School PCs

    +

    Use the app to create a provisioning package that you can use to quickly set up one or more Windows 10 devices.

    +
    +
    +
    +
    +     +
    • @@ -331,6 +350,25 @@ author: CelesteDG +
  • + +
    +
    +
    +
    +
    + Set up School PCs +
    +
    +
    +

    Set up School PCs

    +

    Use the app to create a provisioning package that you can use to quickly set up one or more Windows 10 devices.

    +
    +
    +
    +
    +     +
    • diff --git a/education/windows/configure-windows-for-education.md b/education/windows/configure-windows-for-education.md index 897f7df8c4..a6b8111e90 100644 --- a/education/windows/configure-windows-for-education.md +++ b/education/windows/configure-windows-for-education.md @@ -145,7 +145,7 @@ Provide an ad-free experience that is a safer, more private search option for K ### Configurations #### IP registration for entire school network using Microsoft Edge -Ad-free searching with Bing in Microsoft Edge can be configured at the network level. To configure this, email bicteam@microsoft.com with the subject "New Windows 10, version 1703 (Creators Update) Registration: [School District Name]" and the include the following information in the body of the email. +Ad-free searching with Bing in Microsoft Edge can be configured at the network level. To configure this, email bingintheclassroom@microsoft.com with the subject "New Windows 10, version 1703 (Creators Update) Registration: [School District Name]" and the include the following information in the body of the email. **District information** - **District or School Name:** From ee8cc461ff302e443eee2626acf66dd74d377d47 Mon Sep 17 00:00:00 2001 From: Celeste de Guzman Date: Thu, 8 Jun 2017 17:18:59 -0700 Subject: [PATCH 11/25] changed coming soon to link to I4E topic that shows the settings --- education/windows/configure-windows-for-education.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/education/windows/configure-windows-for-education.md b/education/windows/configure-windows-for-education.md index a6b8111e90..715ba27c8a 100644 --- a/education/windows/configure-windows-for-education.md +++ b/education/windows/configure-windows-for-education.md @@ -64,7 +64,7 @@ You can configure Windows through provisioning or management tools including ind You can set all the education compliance areas through both provisioning and management tools. Additionally, these Microsoft education tools will ensure PCs that you set up are education ready: - [Set up School PCs](use-set-up-school-pcs-app.md) -- Intune for Education (coming soon) +- [Intune for Education](https://docs.microsoft.com/en-us/intune-education/available-settings) ## AllowCortana **AllowCortana** is a policy that enables or disables Cortana. It is a policy node in the Policy configuration service provider, [AllowCortana](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#experience-allowcortana). From 4d8cbfe729dd39e27df605ae5fec97f2cc2e48de Mon Sep 17 00:00:00 2001 From: Celeste de Guzman Date: Thu, 8 Jun 2017 23:47:17 -0700 Subject: [PATCH 12/25] updated the URL for the SUSPC card, was incorrect previously --- education/index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/education/index.md b/education/index.md index 95fdcd0939..3f8576dfca 100644 --- a/education/index.md +++ b/education/index.md @@ -208,7 +208,7 @@ author: CelesteDG
  • - +
    @@ -351,7 +351,7 @@ author: CelesteDG
  • - +
    From e3f7491dab9167042ceffbce992e6c66cabcc8c6 Mon Sep 17 00:00:00 2001 From: jdeckerMS Date: Fri, 9 Jun 2017 06:47:18 -0700 Subject: [PATCH 13/25] new video --- devices/surface-hub/surfacehub-whats-new-1703.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/devices/surface-hub/surfacehub-whats-new-1703.md b/devices/surface-hub/surfacehub-whats-new-1703.md index b658a09d5d..23a1e13265 100644 --- a/devices/surface-hub/surfacehub-whats-new-1703.md +++ b/devices/surface-hub/surfacehub-whats-new-1703.md @@ -11,6 +11,10 @@ localizationpriority: medium # What's new in Windows 10, version 1703 for Microsoft Surface Hub? + + Windows 10, version 1703 (also called the Creators Update), introduces the following changes for Microsoft Surface Hub: ## New settings From 62c1d5fdf8c29c63bdb0790be86170889f5afdaf Mon Sep 17 00:00:00 2001 From: jdeckerMS Date: Fri, 9 Jun 2017 07:02:44 -0700 Subject: [PATCH 14/25] add intro --- devices/surface-hub/surfacehub-whats-new-1703.md | 1 + 1 file changed, 1 insertion(+) diff --git a/devices/surface-hub/surfacehub-whats-new-1703.md b/devices/surface-hub/surfacehub-whats-new-1703.md index 23a1e13265..0d2314dc5d 100644 --- a/devices/surface-hub/surfacehub-whats-new-1703.md +++ b/devices/surface-hub/surfacehub-whats-new-1703.md @@ -11,6 +11,7 @@ localizationpriority: medium # What's new in Windows 10, version 1703 for Microsoft Surface Hub? +Watch Surface Hub engineer Jordan Marchese present updates to Microsoft Surface Hub with Windows 10 Creators update. IMAGE ALT TEXT HERE From d324bf30541896986cc56b9e86b85c48a11630ca Mon Sep 17 00:00:00 2001 From: jdeckerMS Date: Fri, 9 Jun 2017 07:17:50 -0700 Subject: [PATCH 15/25] format --- devices/surface-hub/surfacehub-whats-new-1703.md | 1 + 1 file changed, 1 insertion(+) diff --git a/devices/surface-hub/surfacehub-whats-new-1703.md b/devices/surface-hub/surfacehub-whats-new-1703.md index 0d2314dc5d..eb65a3e21b 100644 --- a/devices/surface-hub/surfacehub-whats-new-1703.md +++ b/devices/surface-hub/surfacehub-whats-new-1703.md @@ -12,6 +12,7 @@ localizationpriority: medium # What's new in Windows 10, version 1703 for Microsoft Surface Hub? Watch Surface Hub engineer Jordan Marchese present updates to Microsoft Surface Hub with Windows 10 Creators update. + IMAGE ALT TEXT HERE From ac90f7d8f3dab2012529e06dadaaeced2eb15645 Mon Sep 17 00:00:00 2001 From: jdeckerMS Date: Fri, 9 Jun 2017 09:03:22 -0700 Subject: [PATCH 16/25] add alt text --- devices/surface-hub/surfacehub-whats-new-1703.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/devices/surface-hub/surfacehub-whats-new-1703.md b/devices/surface-hub/surfacehub-whats-new-1703.md index eb65a3e21b..a24d9b1905 100644 --- a/devices/surface-hub/surfacehub-whats-new-1703.md +++ b/devices/surface-hub/surfacehub-whats-new-1703.md @@ -11,11 +11,11 @@ localizationpriority: medium # What's new in Windows 10, version 1703 for Microsoft Surface Hub? -Watch Surface Hub engineer Jordan Marchese present updates to Microsoft Surface Hub with Windows 10 Creators update. +Watch Surface Hub engineer Jordan Marchese present updates to Microsoft Surface Hub with Windows 10, version 1703 (Creators Update). +alt="Watch a video about Creators Update on Surface Hub" width="240" height="180" border="10" /> Windows 10, version 1703 (also called the Creators Update), introduces the following changes for Microsoft Surface Hub: From 1b11ab27bb6b6b8e5f54357741e8829e0936284e Mon Sep 17 00:00:00 2001 From: Nick Brower Date: Fri, 9 Jun 2017 09:44:30 -0700 Subject: [PATCH 17/25] added policy: Update/AutoRestartDeadlinePeriodInDays; restored SKU support for Update/ActiveHoursMaxRange; --- .../policy-configuration-service-provider.md | 58 +++++++++++++++++++ 1 file changed, 58 insertions(+) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 5b81c0026b..d27e3b21f3 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -17475,6 +17475,29 @@ ADMX Info: **Update/ActiveHoursMaxRange** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2check mark2cross markcheck mark2
    + + > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise @@ -17528,6 +17551,41 @@ ADMX Info:

    The default value is 8 (8 AM). + + + +**Update/AutoRestartDeadlinePeriodInDays** + + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2cross markcheck mark2
    + + + +

    Added in Windows 10, version 1703. This policy defines the deadline in days after which a reboot for updates will become mandatory. + +

    Supported values are 2-30 days. + +

    The default value is 7 days. + From 789162afe8deb0e394708b76601ed3fa94ef1e90 Mon Sep 17 00:00:00 2001 From: Nick Brower Date: Fri, 9 Jun 2017 11:20:37 -0700 Subject: [PATCH 18/25] restored SKU support for Browser/ policies --- .../policy-configuration-service-provider.md | 207 ++++++++++++++++++ 1 file changed, 207 insertions(+) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index d27e3b21f3..d5d894f1dc 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -1973,6 +1973,29 @@ ADMX Info: **Browser/AllowAddressBarDropdown** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2check mark2cross markcross mark
    + +

    Added in Windows 10, version 1703. Specifies whether to allow the address bar drop-down functionality in Microsoft Edge. If you want to minimize network connections from Microsoft Edge to Microsoft services, we recommend disabling this functionality.  @@ -2358,6 +2381,29 @@ ADMX Info: **Browser/AllowMicrosoftCompatibilityList** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2check mark2check mark2check mark2
    + +

    Added in Windows 10, version 1703. Specifies whether to use the Microsoft compatibility list in Microsoft Edge. The Microsoft compatibility list is a Microsoft-provided list that enables sites with known compatibility issues to display properly. By default, the Microsoft compatibility list is enabled and can be viewed by visiting "about:compat". @@ -2466,6 +2512,29 @@ By default, the Microsoft compatibility list is enabled and can be viewed by vis **Browser/AllowSearchEngineCustomization** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2check mark2check mark2check mark2
    + +

    Added in Windows 10, version 1703. Allows search engine customization for MDM-enrolled devices. Users can change their default search engine.     @@ -2566,6 +2635,29 @@ By default, the Microsoft compatibility list is enabled and can be viewed by vis **Browser/ClearBrowsingDataOnExit** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2check mark2check mark2check mark2
    + +

    Added in Windows 10, version 1703. Specifies whether to clear browsing data on exiting Microsoft Edge. @@ -2587,6 +2679,29 @@ By default, the Microsoft compatibility list is enabled and can be viewed by vis **Browser/ConfigureAdditionalSearchEngines** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2check mark2check mark2check mark2
    + +

    Added in Windows 10, version 1703. Allows you to add up to 5 additional search engines for MDM-enrolled devices.    @@ -2610,6 +2725,29 @@ Employees cannot remove these search engines, but they can set any one as the de **Browser/DisableLockdownOfStartPages** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2check mark2cross markcross mark
    + +

    Added in Windows 10, version 1703. Boolean value that specifies whether the lockdown on the Start pages is disabled. This policy works with the Browser/HomePages policy, which locks down the Start pages that the users cannot modify. You can use the DisableLockdownOfStartPages policy to allow users to modify the Start pages when the Browser/HomePages policy is in effect.     @@ -2819,6 +2957,29 @@ Employees cannot remove these search engines, but they can set any one as the de **Browser/PreventFirstRunPage** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2check mark2check mark2check mark2
    + +

    Added in Windows 10, version 1703. Specifies whether to enable or disable the First Run webpage. On the first explicit user-launch of Microsoft Edge, a First Run webpage hosted on Microsoft.com opens automatically via a FWLINK. This policy allows enterprises (such as those enrolled in a zero-emissions configuration) to prevent this page from opening. @@ -2834,6 +2995,29 @@ Employees cannot remove these search engines, but they can set any one as the de **Browser/PreventLiveTileDataCollection** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2check mark2check mark2check mark2
    + +

    Added in Windows 10, version 1703. Specifies whether Microsoft can collect information to create a Live Tile when pinning a site to Start from Microsoft Edge. @@ -3005,6 +3189,29 @@ Employees cannot remove these search engines, but they can set any one as the de **Browser/SetDefaultSearchEngine** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2check mark2check mark2check mark2
    + +

    Added in Windows 10, version 1703. Allows you configure the default search engine for your employees. By default, your employees can change the default search engine at any time. If you want to prevent your employees from changing the default search engine that you set, you can do so by configuring the AllowSearchEngineCustomization policy. From 547aadb14b15ea00a02a1094430ec22371ce1f3b Mon Sep 17 00:00:00 2001 From: Nick Brower Date: Fri, 9 Jun 2017 11:27:48 -0700 Subject: [PATCH 19/25] restored SKU support for Experience/ policies --- .../policy-configuration-service-provider.md | 69 +++++++++++++++++++ 1 file changed, 69 insertions(+) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index d5d894f1dc..bee9969b4a 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -7320,6 +7320,29 @@ ADMX Info: **Experience/AllowTailoredExperiencesWithDiagnosticData** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2check mark2cross markcross mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. @@ -7555,6 +7578,29 @@ ADMX Info: **Experience/AllowWindowsSpotlightOnActionCenter** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcross markcheck mark2check mark2check mark2cross markcross mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. @@ -7573,6 +7619,29 @@ ADMX Info: **Experience/AllowWindowsSpotlightWindowsWelcomeExperience** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcross markcheck mark2check mark2check mark2cross markcross mark
    + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. From d4f21c8802e4873ab4eb14f60f201718d08e4291 Mon Sep 17 00:00:00 2001 From: Nick Brower Date: Fri, 9 Jun 2017 11:31:12 -0700 Subject: [PATCH 20/25] restored SKU support for Messaging/ policies --- .../policy-configuration-service-provider.md | 46 +++++++++++++++++++ 1 file changed, 46 insertions(+) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index bee9969b4a..4e459d714c 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -11502,6 +11502,29 @@ ADMX Info: **Messaging/AllowMMS** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcross markcross markcross markcross markcheck mark2check mark2
    + + > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. @@ -11554,6 +11577,29 @@ ADMX Info: **Messaging/AllowRCS** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcross markcross markcross markcross markcheck mark2check mark2
    + + > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. From df2d1d9f320062909062f8e1c37d01b5e070321c Mon Sep 17 00:00:00 2001 From: Nick Brower Date: Fri, 9 Jun 2017 11:43:36 -0700 Subject: [PATCH 21/25] restored SKU support for TimeLang policy --- .../policy-configuration-service-provider.md | 23 +++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 07c3129d51..124d77c37e 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -18487,6 +18487,29 @@ ADMX Info: **TimeLanguageSettings/AllowSet24HourClock** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcross markcross markcross markcross markcheck mark2check mark2
    + +

    Allows for the configuration of the default clock setting to be the 24 hour format. Selecting 'Set 24 hour Clock' enables this setting. Selecting 'Locale default setting' uses the default clock as prescribed by the current locale setting. From 9bb3aeabf33153a6c5a5b772e29146f044bb69a5 Mon Sep 17 00:00:00 2001 From: Nick Brower Date: Fri, 9 Jun 2017 11:49:19 -0700 Subject: [PATCH 22/25] restored SKU support for Update/ policies --- .../policy-configuration-service-provider.md | 184 ++++++++++++++++++ 1 file changed, 184 insertions(+) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 124d77c37e..ff951b9536 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -18864,6 +18864,29 @@ ADMX Info: **Update/AutoRestartNotificationSchedule** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2check mark2cross markcheck mark2
    + + > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise @@ -18880,6 +18903,29 @@ ADMX Info: **Update/AutoRestartRequiredNotificationDismissal** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2check mark2cross markcheck mark2
    + + > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise @@ -19189,6 +19235,29 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego **Update/EngagedRestartDeadline** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2check mark2cross markcheck mark2
    + + > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise @@ -19205,6 +19274,29 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego **Update/EngagedRestartSnoozeSchedule** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2check mark2cross markcheck mark2
    + + > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise @@ -19221,6 +19313,29 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego **Update/EngagedRestartTransitionSchedule** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2check mark2cross markcheck mark2
    + + > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise @@ -19693,6 +19808,29 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego **Update/ScheduleImminentRestartWarning** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2check mark2cross markcheck mark2
    + + > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise @@ -19709,6 +19847,29 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego **Update/ScheduleRestartWarning** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2check mark2cross markcheck mark2
    + + > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise @@ -19818,6 +19979,29 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego **Update/SetAutoRestartNotificationDisable** + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobileEnterprise
    cross markcheck mark2check mark2check mark2cross markcheck mark2
    + + > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise From 243339f40b5499c08276657b5715c2ad5dcc6036 Mon Sep 17 00:00:00 2001 From: Nick Brower Date: Fri, 9 Jun 2017 12:28:52 -0700 Subject: [PATCH 23/25] updated June's change history table to include 11 new RS2 policies --- ...new-in-windows-mdm-enrollment-management.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md index 96d9601963..862d300bf8 100644 --- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md +++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md @@ -1201,6 +1201,24 @@ Also Added [Firewall DDF file](firewall-ddf-file.md). [TPMPolicy CSP](tpmpolicy-csp.md) New CSP added in Windows 10, version 1703. + +[Policy CSP](policy-configuration-service-provider.md) + +

    Added the following new policies for Windows 10, version 1703:

    +
      +
    • Start/AllowPinnedFolderDocuments
      • +
    • Start/AllowPinnedFolderDownloads
      • +
    • Start/AllowPinnedFolderFileExplorer
      • +
    • Start/AllowPinnedFolderHomeGroup
      • +
    • Start/AllowPinnedFolderMusic
      • +
    • Start/AllowPinnedFolderNetwork
      • +
    • Start/AllowPinnedFolderPersonalFolder
      • +
    • Start/AllowPinnedFolderPictures
      • +
    • Start/AllowPinnedFolderSettings
      • +
    • Start/AllowPinnedFolderVideos
      • +
    • Update/AutoRestartDeadlinePeriodInDays
      • +
    + From 65d4f8713b3db49a769493bf292a5c43abf866ca Mon Sep 17 00:00:00 2001 From: Nick Brower Date: Fri, 9 Jun 2017 12:30:49 -0700 Subject: [PATCH 24/25] updated 1703 table to include 11 new RS2 policies --- .../mdm/new-in-windows-mdm-enrollment-management.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md index 862d300bf8..bd6600df91 100644 --- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md +++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md @@ -82,7 +82,18 @@ For details about Microsoft mobile device management protocols for Windows 10 s
  • DataProtection/RevokeOnUnenroll
  • DeviceLock/DevicePasswordExpiration
  • DeviceLock/DevicePasswordHistory
    • +
  • Start/AllowPinnedFolderDocuments
    • +
  • Start/AllowPinnedFolderDownloads
    • +
  • Start/AllowPinnedFolderFileExplorer
    • +
  • Start/AllowPinnedFolderHomeGroup
    • +
  • Start/AllowPinnedFolderMusic
    • +
  • Start/AllowPinnedFolderNetwork
    • +
  • Start/AllowPinnedFolderPersonalFolder
    • +
  • Start/AllowPinnedFolderPictures
    • +
  • Start/AllowPinnedFolderSettings
    • +
  • Start/AllowPinnedFolderVideos
  • TextInput/AllowInputPanel
    • +
  • Update/AutoRestartDeadlinePeriodInDays
  • Update/PauseDeferrals
  • Update/RequireDeferUpdate
  • Update/RequireUpdateApproval
    • From 08e44781acfa5f55f21c5f7ac1f69231637e79ec Mon Sep 17 00:00:00 2001 From: Nick Brower Date: Fri, 9 Jun 2017 15:39:16 -0700 Subject: [PATCH 25/25] moved new policies to correct change history table (1703) --- ...ew-in-windows-mdm-enrollment-management.md | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md index bd6600df91..6c95a92a67 100644 --- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md +++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md @@ -82,18 +82,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s
  • DataProtection/RevokeOnUnenroll
  • DeviceLock/DevicePasswordExpiration
  • DeviceLock/DevicePasswordHistory
    • -
  • Start/AllowPinnedFolderDocuments
    • -
  • Start/AllowPinnedFolderDownloads
    • -
  • Start/AllowPinnedFolderFileExplorer
    • -
  • Start/AllowPinnedFolderHomeGroup
    • -
  • Start/AllowPinnedFolderMusic
    • -
  • Start/AllowPinnedFolderNetwork
    • -
  • Start/AllowPinnedFolderPersonalFolder
    • -
  • Start/AllowPinnedFolderPictures
    • -
  • Start/AllowPinnedFolderSettings
    • -
  • Start/AllowPinnedFolderVideos
  • TextInput/AllowInputPanel
    • -
  • Update/AutoRestartDeadlinePeriodInDays
  • Update/PauseDeferrals
  • Update/RequireDeferUpdate
  • Update/RequireUpdateApproval
    • @@ -653,6 +642,16 @@ For details about Microsoft mobile device management protocols for Windows 10 s
  • SmartScreen/EnableAppInstallControl
  • SmartScreen/EnableSmartScreenInShell
  • SmartScreen/PreventOverrideForFilesInShell
    • +
  • Start/AllowPinnedFolderDocuments
    • +
  • Start/AllowPinnedFolderDownloads
    • +
  • Start/AllowPinnedFolderFileExplorer
    • +
  • Start/AllowPinnedFolderHomeGroup
    • +
  • Start/AllowPinnedFolderMusic
    • +
  • Start/AllowPinnedFolderNetwork
    • +
  • Start/AllowPinnedFolderPersonalFolder
    • +
  • Start/AllowPinnedFolderPictures
    • +
  • Start/AllowPinnedFolderSettings
    • +
  • Start/AllowPinnedFolderVideos
  • Start/HideAppList
  • Start/HideChangeAccountSettings
  • Start/HideFrequentlyUsedApps
    • @@ -674,6 +673,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s
  • TextInput/AllowKeyboardTextSuggestions
  • TimeLanguageSettings/AllowSet24HourClock
  • Update/ActiveHoursMaxRange
    • +
  • Update/AutoRestartDeadlinePeriodInDays
  • Update/AutoRestartNotificationSchedule
  • Update/AutoRestartNotificationStyle
  • Update/AutoRestartRequiredNotificationDismissal