From 386b947fb9a405594a65bea781f44119715ae9ec Mon Sep 17 00:00:00 2001
From: Andrew Cannon <105466496+ancannon@users.noreply.github.com>
Date: Thu, 19 May 2022 18:18:23 -0700
Subject: [PATCH 1/2] Add RestrictToEnterpriseDeviceAuthenticationOnly policy
documentation
Add documentation for new MDM policy RestrictToEnterpriseDeviceAuthenticationOnly to "Policy CSP - Accounts" page.
---
.../mdm/policy-csp-accounts.md | 45 +++++++++++++++++++
1 file changed, 45 insertions(+)
diff --git a/windows/client-management/mdm/policy-csp-accounts.md b/windows/client-management/mdm/policy-csp-accounts.md
index 6f8a2bbec0..0bcf356196 100644
--- a/windows/client-management/mdm/policy-csp-accounts.md
+++ b/windows/client-management/mdm/policy-csp-accounts.md
@@ -34,6 +34,9 @@ manager: dansimp
Accounts/DomainNamesForEmailSync
+
+ Accounts/RestrictToEnterpriseDeviceAuthenticationOnly
+
@@ -207,6 +210,48 @@ The following list shows the supported values:
+
+
+**Accounts/RestrictToEnterpriseDeviceAuthenticationOnly**
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|Yes|
+|Business|No|Yes|
+|Enterprise|No|Yes|
+|Education|No|Yes|
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 11, version 22H2. This setting determines whether to only allow enterprise device authentication for the Microsoft Account Sign-in Assistant service (wlidsvc). By default, this setting is disabled and allows both user and device authentication. When the value is set to 1, we only allow device authentication and block user authentication.
+
+Most restricted value is 1.
+
+
+
+The following list shows the supported values:
+
+- 0 (default) - Allow both device and user authentication.
+- 1 - Only allow device authentication. Block user authentication.
+
+
+
+
+
From 68c71cc4ad8e5d0ca14de52dc972c552154a3799 Mon Sep 17 00:00:00 2001
From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com>
Date: Mon, 23 May 2022 08:37:29 +0530
Subject: [PATCH 2/2] Revert "OOB 5/20/22, Friday - Updated MDM -Search
CSP-DisableSearch"
---
.../policy-configuration-service-provider.md | 3 -
.../mdm/policy-csp-search.md | 57 +------------------
2 files changed, 2 insertions(+), 58 deletions(-)
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 3d9ccc2215..2c89a44f21 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -8361,9 +8361,6 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC
Search/DisableRemovableDriveIndexing
-
- Search/DisableSearch
-
Search/DoNotUseWebResults
diff --git a/windows/client-management/mdm/policy-csp-search.md b/windows/client-management/mdm/policy-csp-search.md
index 68fdb085a9..b56f078278 100644
--- a/windows/client-management/mdm/policy-csp-search.md
+++ b/windows/client-management/mdm/policy-csp-search.md
@@ -14,6 +14,7 @@ manager: dansimp
# Policy CSP - Search
+
@@ -56,9 +57,6 @@ manager: dansimp
Search/DisableRemovableDriveIndexing
-
- Search/DisableSearch
-
Search/DoNotUseWebResults
@@ -631,57 +629,6 @@ The following list shows the supported values:
-
-**Search/DisableSearch**
-
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|No|Yes|
-|Business|No|Yes|
-|Enterprise|No|Yes|
-|Education|No|Yes|
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-This policy setting completely disables Search UI and all its entry points such as keyboard shortcuts and touch-pad gestures.
-
-It removes the Search button from the Taskbar and the corresponding option in the Settings. It also disables type-to-search in the Start menu and removes the Start menu's search box.
-
-
-
-ADMX Info:
-
-- GP Friendly name: *Fully disable Search UI*
-- GP name: *DisableSearch*
-- GP path: *Windows Components/Search*
-- GP ADMX file name: *Search.admx*
-
-
-
-The following list shows the supported values:
-
-- 0 (default) – Do not disable search.
-- 1 – Disable search.
-
-
-
-
-
-
**Search/DoNotUseWebResults**
@@ -814,7 +761,7 @@ The following list shows the supported values:
-If enabled, clients will be unable to query this computer's index remotely. Thus, when they are browsing network shares that are stored on this computer, they will not search them using the index. If disabled, client search requests will use this computer's index.
+If enabled, clients will be unable to query this computer's index remotely. Thus, when they're browsing network shares that are stored on this computer, they won't search them using the index. If disabled, client search requests will use this computer's index..