diff --git a/windows/client-management/mdm/configuration-service-provider-reference.md b/windows/client-management/mdm/configuration-service-provider-reference.md
index 4790193f0a..9c2df5b682 100644
--- a/windows/client-management/mdm/configuration-service-provider-reference.md
+++ b/windows/client-management/mdm/configuration-service-provider-reference.md
@@ -821,18 +821,6 @@ Additional lists:
-
-[Registry CSP](registry-csp.md)
-
-
-
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|No|No|No|No|No|Yes|
-
-
-
-
[RemoteFind CSP](remotefind-csp.md)
@@ -845,18 +833,6 @@ Additional lists:
-
-[RemoteLock](remotelock-csp.md)
-
-
-
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|No|No|No|No|No|Yes|
-
-
-
-
[RemoteRing CSP](remotering-csp.md)
@@ -1062,7 +1038,7 @@ Additional lists:
-[W4 APPLICATION CSP](w4-application-csp.md)
+[W4 Application CSP](w4-application-csp.md)
@@ -1146,18 +1122,6 @@ Additional lists:
-
-[WindowsSecurityAuditing CSP](windowssecurityauditing-csp.md)
-
-
-
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|No|No|No|No|No|Yes|
-
-
-
-
[WiredNetwork CSP](wirednetwork-csp.md)
@@ -1171,7 +1135,7 @@ Additional lists:
-[w7 APPLICATION CSP](w7-application-csp.md)
+[w7 Application CSP](w7-application-csp.md)
diff --git a/windows/client-management/mdm/policy-csp-deliveryoptimization.md b/windows/client-management/mdm/policy-csp-deliveryoptimization.md
index 283a1ba6a1..43ad826d3d 100644
--- a/windows/client-management/mdm/policy-csp-deliveryoptimization.md
+++ b/windows/client-management/mdm/policy-csp-deliveryoptimization.md
@@ -152,7 +152,7 @@ manager: dansimp
> [!NOTE]
-> This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
+> This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions.
Specifies the maximum size in GB of Delivery Optimization cache. This policy overrides the DOMaxCacheSize policy. The value 0 (zero) means "unlimited" cache. Delivery Optimization will clear the cache when the device is running low on disk space.
@@ -201,7 +201,7 @@ ADMX Info:
> [!NOTE]
-> This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
+> This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions.
Specifies whether the device is allowed to participate in Peer Caching while connected via VPN to the domain network. This means the device can download from or upload to other domain network devices, either on VPN or on the corporate domain network.
@@ -585,7 +585,7 @@ The following list shows the supported values as number of seconds:
> [!NOTE]
-> This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
+> This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions.
Specifies the download method that Delivery Optimization can use in downloads of Windows Updates, Apps and App updates.
@@ -607,8 +607,8 @@ The following list shows the supported values:
- 1 (default) – HTTP blended with peering behind the same NAT.
- 2 – HTTP blended with peering across a private group. Peering occurs on devices in the same Active Directory Site (if it exists) or the same domain by default. When this option is selected, peering will cross NATs. To create a custom group use Group ID in combination with Mode 2.
- 3 – HTTP blended with Internet peering.
-- 99 - Simple download mode with no peering. Delivery Optimization downloads using HTTP only and does not attempt to contact the Delivery Optimization cloud services. Added in Windows 10, version 1607.
-- 100 - Bypass mode. Do not use Delivery Optimization and use BITS instead. Added in Windows 10, version 1607. Note that this value is deprecated and will be removed in a future release.
+- 99 - Simple download mode with no peering. Delivery Optimization downloads using HTTP only and does not attempt to contact the Delivery Optimization cloud services. Added in Windows 10, version 1607.
+- 100 - Bypass mode. Do not use Delivery Optimization and use BITS instead. Added in Windows 10, version 1607. Note that this value is deprecated and will be removed in a future release.
@@ -642,13 +642,13 @@ The following list shows the supported values:
> [!NOTE]
-> This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
+> This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions.
This Policy specifies an arbitrary group ID that the device belongs to. Use this if you need to create a single group for Local Network Peering for branches that are on different domains or are not on the same LAN. Note that this is a best effort optimization and should not be relied on for an authentication of identity.
> [!NOTE]
-> You must use a GUID as the group ID.
+> You must use a GUID as the group ID.
@@ -799,10 +799,10 @@ ADMX Info:
> [!NOTE]
-> This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
+> This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions.
-Specifies the maximum time in seconds that each file is held in the Delivery Optimization cache after downloading successfully. The value 0 (zero) means "unlimited"; Delivery Optimization will hold the files in the cache longer and make the files available for uploads to other devices, as long as the cache size has not exceeded. The value 0 is new in Windows 10, version 1607.
+Specifies the maximum time in seconds that each file is held in the Delivery Optimization cache after downloading successfully. The value 0 (zero) means "unlimited"; Delivery Optimization will hold the files in the cache longer and make the files available for uploads to other devices, as long as the cache size has not exceeded. The value 0 is new in Windows 10, version 1607.
The default value is 259200 seconds (3 days).
@@ -848,7 +848,7 @@ ADMX Info:
> [!NOTE]
-> This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
+> This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions.
Specifies the maximum cache size that Delivery Optimization can utilize, as a percentage of disk size (1-100).
@@ -984,7 +984,7 @@ This policy is deprecated because it only applies to uploads to Internet peers (
> [!NOTE]
-> This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
+> This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions.
Specifies the minimum download QoS (Quality of Service or speed) in KiloBytes/sec for background downloads. This policy affects the blending of peer and HTTP sources. Delivery Optimization complements the download from the HTTP source to achieve the minimum QoS value set.
@@ -1033,7 +1033,7 @@ ADMX Info:
> [!NOTE]
-> This policy is only enforced in Windows 10 Pro, Business, Enterprise, and Education editions and not supported in Windows 10 Mobile.
+> This policy is only enforced in Windows 10 Pro, Business, Enterprise, and Education editions.
Specifies any value between 1 and 100 (in percentage) to allow the device to upload data to LAN and Group peers while on battery power. Uploads will automatically pause when the battery level drops below the set minimum battery level. The recommended value to set is 40 (for 40%) if you allow uploads on battery.
@@ -1081,7 +1081,7 @@ ADMX Info:
> [!NOTE]
-> This policy is only enforced in Windows 10 Pro, Business, Enterprise, and Education editions and not supported in Windows 10 Mobile.
+> This policy is only enforced in Windows 10 Pro, Business, Enterprise, and Education editions.
Specifies the required minimum disk size (capacity in GB) for the device to use Peer Caching. Recommended values: 64 GB to 256 GB.
@@ -1133,7 +1133,7 @@ ADMX Info:
> [!NOTE]
-> This policy is only enforced in Windows 10 Pro, Business, Enterprise, and Education editions and not supported in Windows 10 Mobile.
+> This policy is only enforced in Windows 10 Pro, Business, Enterprise, and Education editions.
Specifies the minimum content file size in MB enabled to use Peer Caching. Recommended values: 1 MB to 100,000 MB.
@@ -1182,7 +1182,7 @@ ADMX Info:
> [!NOTE]
-> This policy is only enforced in Windows 10 Pro, Business, Enterprise, and Education editions and not supported in Windows 10 Mobile.
+> This policy is only enforced in Windows 10 Pro, Business, Enterprise, and Education editions.
Specifies the minimum RAM size in GB required to use Peer Caching. For example, if the minimum set is 1 GB, then devices with 1 GB or higher available RAM will be allowed to use Peer caching. Recommended values: 1 GB to 4 GB.
@@ -1231,7 +1231,7 @@ ADMX Info:
> [!NOTE]
-> This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
+> This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions.
Specifies the drive that Delivery Optimization should use for its cache. The drive location can be specified using environment variables, drive letter or using a full path.
@@ -1280,7 +1280,7 @@ ADMX Info:
> [!NOTE]
-> This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
+> This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions.
Specifies the maximum total bytes in GB that Delivery Optimization is allowed to upload to Internet peers in each calendar month.
diff --git a/windows/client-management/mdm/policy-csp-devicelock.md b/windows/client-management/mdm/policy-csp-devicelock.md
index ad23d85b9c..64a8ef9104 100644
--- a/windows/client-management/mdm/policy-csp-devicelock.md
+++ b/windows/client-management/mdm/policy-csp-devicelock.md
@@ -146,7 +146,7 @@ The following list shows the supported values:
Specifies whether PINs or passwords such as "1111" or "1234" are allowed. For the desktop, it also controls the use of picture passwords.
> [!NOTE]
-> This policy must be wrapped in an Atomic command.
+> This policy must be wrapped in an Atomic command.
@@ -194,14 +194,14 @@ The following list shows the supported values:
Determines the type of PIN required. This policy only applies if the **DeviceLock/DevicePasswordEnabled** policy is set to 0 (required).
> [!NOTE]
-> This policy must be wrapped in an Atomic command.
+> This policy must be wrapped in an Atomic command.
>
> Always use the Replace command instead of Add for this policy in Windows for desktop editions (Home, Pro, Enterprise, and Education).
> [!NOTE]
-> If **AlphanumericDevicePasswordRequired** is set to 1 or 2, then MinDevicePasswordLength = 0 and MinDevicePasswordComplexCharacters = 1.
+> If **AlphanumericDevicePasswordRequired** is set to 1 or 2, then MinDevicePasswordLength = 0 and MinDevicePasswordComplexCharacters = 1.
>
> If **AlphanumericDevicePasswordRequired** is set to 0, then MinDevicePasswordLength = 4 and MinDevicePasswordComplexCharacters = 2.
@@ -248,7 +248,7 @@ The following list shows the supported values:
Specifies whether device lock is enabled.
> [!NOTE]
-> This policy must be wrapped in an Atomic command.
+> This policy must be wrapped in an Atomic command.
>
> Always use the Replace command instead of Add for this policy in Windows for desktop editions.
@@ -277,12 +277,12 @@ Specifies whether device lock is enabled.
> - MinDevicePasswordComplexCharacters
> [!Important]
-> **DevicePasswordEnabled** should not be set to Enabled (0) when WMI is used to set the EAS DeviceLock policies given that it is Enabled by default in Policy CSP for back compat with Windows 8.x. If **DevicePasswordEnabled** is set to Enabled(0) then Policy CSP will return an error stating that **DevicePasswordEnabled** already exists. Windows 8.x did not support DevicePassword policy. When disabling **DevicePasswordEnabled** (1) then this should be the only policy set from the DeviceLock group of policies listed below:
+> **DevicePasswordEnabled** should not be set to Enabled (0) when WMI is used to set the EAS DeviceLock policies given that it is Enabled by default in Policy CSP for back compat with Windows 8.x. If **DevicePasswordEnabled** is set to Enabled(0) then Policy CSP will return an error stating that **DevicePasswordEnabled** already exists. Windows 8.x did not support DevicePassword policy. When disabling **DevicePasswordEnabled** (1) then this should be the only policy set from the DeviceLock group of policies listed below:
> - **DevicePasswordEnabled** is the parent policy of the following:
> - AllowSimpleDevicePassword
> - MinDevicePasswordLength
> - AlphanumericDevicePasswordRequired
-> - MinDevicePasswordComplexCharacters
+> - MinDevicePasswordComplexCharacters
> - DevicePasswordExpiration
> - DevicePasswordHistory
> - MaxDevicePasswordFailedAttempts
@@ -330,7 +330,7 @@ The following list shows the supported values:
Specifies when the password expires (in days).
> [!NOTE]
-> This policy must be wrapped in an Atomic command.
+> This policy must be wrapped in an Atomic command.
@@ -380,7 +380,7 @@ The following list shows the supported values:
Specifies how many passwords can be stored in the history that can’t be used.
> [!NOTE]
-> This policy must be wrapped in an Atomic command.
+> This policy must be wrapped in an Atomic command.
The value includes the user's current password. This means that with a setting of 1 the user cannot reuse their current password when choosing a new password, while a setting of 5 means that a user cannot set their new password to their current password or any of their previous four passwords.
@@ -430,7 +430,7 @@ The following list shows the supported values:
Specifies the default lock screen and logon image shown when no user is signed in. It also sets the specified image for all users, which replaces the default image. The same image is used for both the lock and logon screens. Users will not be able to change this image.
> [!NOTE]
-> This policy is only enforced in Windows 10 Enterprise and Education editions and not supported in Windows 10 Home and Pro.
+> This policy is only enforced in Windows 10 Enterprise and Education editions and not supported in Windows 10 Home and Pro.
Value type is a string, which is the full image filepath and filename.
@@ -470,15 +470,12 @@ Value type is a string, which is the full image filepath and filename.
The number of authentication failures allowed before the device will be wiped. A value of 0 disables device wipe functionality.
> [!NOTE]
-> This policy must be wrapped in an Atomic command.
+> This policy must be wrapped in an Atomic command.
-This policy has different behaviors on the mobile device and desktop.
+On a client device, when the user reaches the value set by this policy, it is not wiped. Instead, the desktop is put on BitLocker recovery mode, which makes the data inaccessible but recoverable. If BitLocker is not enabled, then the policy cannot be enforced.
-- On a mobile device, when the user reaches the value set by this policy, then the device is wiped.
-- On a desktop, when the user reaches the value set by this policy, it is not wiped. Instead, the desktop is put on BitLocker recovery mode, which makes the data inaccessible but recoverable. If BitLocker is not enabled, then the policy cannot be enforced.
-
- Prior to reaching the failed attempts limit, the user is sent to the lock screen and warned that more failed attempts will lock their computer. When the user reaches the limit, the device automatically reboots and shows the BitLocker recovery page. This page prompts the user for the BitLocker recovery key.
+ Prior to reaching the failed attempts limit, the user is sent to the lock screen and warned that more failed attempts will lock their computer. When the user reaches the limit, the device automatically reboots and shows the BitLocker recovery page. This page prompts the user for the BitLocker recovery key.
Most secure value is 0 if all policy values = 0; otherwise, Min policy value is the most secure value.
@@ -489,7 +486,7 @@ For additional information about this policy, see [Exchange ActiveSync Policy En
The following list shows the supported values:
-- An integer X where 4 <= X <= 16 for desktop and 0 <= X <= 999 for mobile devices.
+- An integer X where 4 <= X <= 16 for client devices.
- 0 (default) - The device is never wiped after an incorrect PIN or password is entered.
@@ -526,11 +523,10 @@ The following list shows the supported values:
Specifies the maximum amount of time (in minutes) allowed after the device is idle that will cause the device to become PIN or password locked. Users can select any existing timeout value less than the specified maximum time in the Settings app.
-* On Mobile, the Lumia 950 and 950XL have a maximum timeout value of 5 minutes, regardless of the value set by this policy.
-* On HoloLens, this timeout is controlled by the device's system sleep timeout, regardless of the value set by this policy.
+On HoloLens, this timeout is controlled by the device's system sleep timeout, regardless of the value set by this policy.
> [!NOTE]
-> This policy must be wrapped in an Atomic command.
+> This policy must be wrapped in an Atomic command.
@@ -578,11 +574,11 @@ The following list shows the supported values:
The number of complex element types (uppercase and lowercase letters, numbers, and punctuation) required for a strong PIN or password.
> [!NOTE]
-> This policy must be wrapped in an Atomic command.
+> This policy must be wrapped in an Atomic command.
>
> Always use the Replace command instead of Add for this policy in Windows for desktop editions.
-PIN enforces the following behavior for desktop and mobile devices:
+PIN enforces the following behavior for client devices:
- 1 - Digits only
- 2 - Digits and lowercase letters are required
@@ -593,10 +589,9 @@ The default value is 1. The following list shows the supported values and actual
|Account Type|Supported Values|Actual Enforced Values|
|--- |--- |--- |
-|Mobile|1,2,3,4|Same as the value set|
-|Desktop Local Accounts|1,2,3|3|
-|Desktop Microsoft Accounts|1,2|<p2|
-|Desktop Domain Accounts|Not supported|Not supported|
+|Local Accounts|1,2,3|3|
+|Microsoft Accounts|1,2|<p2|
+|Domain Accounts|Not supported|Not supported|
Enforced values for Local and Microsoft Accounts:
@@ -652,7 +647,7 @@ For additional information about this policy, see [Exchange ActiveSync Policy En
Specifies the minimum number or characters required in the PIN or password.
> [!NOTE]
-> This policy must be wrapped in an Atomic command.
+> This policy must be wrapped in an Atomic command.
>
> Always use the Replace command instead of Add for this policy in Windows for desktop editions.
@@ -666,9 +661,9 @@ For additional information about this policy, see [Exchange ActiveSync Policy En
The following list shows the supported values:
-- An integer X where 4 <= X <= 16 for mobile devices and desktop. However, local accounts will always enforce a minimum password length of 6.
+- An integer X where 4 <= X <= 16 for client devices. However, local accounts will always enforce a minimum password length of 6.
- Not enforced.
-- The default value is 4 for mobile devices and desktop devices.
+- The default value is 4 for client devices.
diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md
index 1c7c1d5a4a..e4e0453c5f 100644
--- a/windows/client-management/mdm/policy-csp-experience.md
+++ b/windows/client-management/mdm/policy-csp-experience.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - Experience
-description: Learn how to use the Policy CSP - Experience setting to allow history of clipboard items to be stored in memory.
+description: Learn how to use the Policy CSP - Experience setting to allow history of clipboard items to be stored in memory.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -332,7 +332,7 @@ The following list shows the supported values:
Specifies whether to allow the user to delete the workplace account using the workplace control panel. If the device is Azure Active Directory joined and MDM enrolled (e.g., auto-enrolled), then disabling the MDM unenrollment has no effect.
> [!NOTE]
-> The MDM server can always remotely delete the account.
+> The MDM server can always remotely delete the account.
Most restricted value is 0.
@@ -439,8 +439,6 @@ The following list shows the supported values:
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
This policy allows you to prevent Windows from using diagnostic data to provide customized experiences to the user. If you enable this policy setting, Windows will not use diagnostic data from this device to customize content shown on the lock screen, Windows tips, Microsoft consumer features, or other related features. If these features are enabled, users will still see recommendations, tips and offers, but they may be less relevant. If you disable or do not configure this policy setting, Microsoft will use diagnostic data to provide personalized recommendations, tips, and offers to tailor Windows for the user's needs and make it work better for them.
@@ -498,7 +496,7 @@ The following list shows the supported values:
> [!NOTE]
-> This policy is only available for Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education.
+> This policy is only available for Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education.
Specifies whether to allow app and content suggestions from third-party software publishers in Windows spotlight features like lock screen spotlight, suggested apps in the Start menu, and Windows tips. Users may still see suggestions for Microsoft features, apps, and services.
@@ -550,8 +548,7 @@ The following list shows the supported values:
> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
-> Prior to Windows 10, version 1803, this policy had User scope.
+> Prior to Windows 10, version 1803, this policy had User scope.
This policy allows IT admins to turn on experiences that are typically for consumers only, such as Start suggestions, Membership notifications, Post-OOBE app install and redirect tiles.
@@ -605,7 +602,7 @@ The following list shows the supported values:
> [!NOTE]
-> This policy is only available for Windows 10 Enterprise and Windows 10 Education.
+> This policy is only available for Windows 10 Enterprise and Windows 10 Education.
Specifies whether to turn off all Windows spotlight features at once. If you enable this policy setting, Windows spotlight on lock screen, Windows Tips, Microsoft consumer features and other related features will be turned off. You should enable this policy setting if your goal is to minimize network traffic from target devices. If you disable or do not configure this policy setting, Windows spotlight features are allowed and may be controlled individually using their corresponding policy settings.
@@ -658,8 +655,6 @@ The following list shows the supported values:
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
This policy allows administrators to prevent Windows spotlight notifications from being displayed in the Action Center. If you enable this policy, Windows spotlight notifications will no longer be displayed in the Action Center. If you disable or do not configure this policy, Microsoft may display notifications in the Action Center that will suggest apps or features to help users be more productive on Windows.
@@ -763,8 +758,6 @@ The following list shows the supported values:
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
This policy setting lets you turn off the Windows spotlight Windows welcome experience feature.
The Windows welcome experience feature introduces onboard users to Windows; for example, launching Microsoft Edge with a webpage that highlights new features. If you enable this policy, the Windows welcome experience will no longer be displayed when there are updates and changes to Windows and its apps. If you disable or do not configure this policy, the Windows welcome experience will be launched to inform onboard users about what's new, changed, and suggested.
@@ -909,7 +902,7 @@ The values for this policy are 0, 1, 2, and 3. This policy defaults to 0 if not
> [!NOTE]
-> This policy is only available for Windows 10 Enterprise and Windows 10 Education.
+> This policy is only available for Windows 10 Enterprise and Windows 10 Education.
Allows IT admins to specify whether spotlight should be used on the user's lock screen. If your organization does not have an Enterprise spotlight content service, then this policy will behave the same as a setting of 1.
diff --git a/windows/client-management/mdm/policy-csp-security.md b/windows/client-management/mdm/policy-csp-security.md
index b632610c9f..136a6f1772 100644
--- a/windows/client-management/mdm/policy-csp-security.md
+++ b/windows/client-management/mdm/policy-csp-security.md
@@ -102,8 +102,7 @@ The following list shows the supported values:
> [!NOTE]
>
-> - This policy is deprecated in Windows 10, version 1607.
-> - This policy is only enforced in Windows 10 for desktop.
+> - This policy is deprecated in Windows 10, version 1607.
Specifies whether to allow automatic [device encryption](/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10#bitlocker-device-encryption) during OOBE when the device is Azure AD joined.
@@ -185,8 +184,6 @@ The following list shows the supported values:
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
Admin access is required. The prompt will appear on first admin logon after a reboot when the TPM is in a non-ready state that can be remediated with a TPM Clear. The prompt will have a description of what clearing the TPM does and that it requires a reboot. The user can dismiss it, but it will appear on next admin logon after restart.
@@ -280,11 +277,8 @@ The following list shows the supported values:
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
-
-Added in Windows 10, version 1607 to replace the deprecated policy **Security/AllowAutomaticDeviceEncryptionForAzureADJoinedDevices**.
+Added in Windows 10, version 1607 to replace the deprecated policy **Security/AllowAutomaticDeviceEncryptionForAzureADJoinedDevices**.
Specifies whether to allow automatic [device encryption](/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10#bitlocker-device-encryption) during OOBE when the device is Azure AD joined.
@@ -492,8 +486,8 @@ Setting this policy to 1 (Required):
- Improves the performance of the device by enabling the device to fetch and cache data to reduce the latency during Device Health Verification.
> [!NOTE]
-> We recommend that this policy is set to Required after MDM enrollment.
-
+> We recommend that this policy is set to Required after MDM enrollment.
+
Most restricted value is 1.
diff --git a/windows/client-management/mdm/policy-csp-settings.md b/windows/client-management/mdm/policy-csp-settings.md
index 3648f9e658..5e8ad7fd1d 100644
--- a/windows/client-management/mdm/policy-csp-settings.md
+++ b/windows/client-management/mdm/policy-csp-settings.md
@@ -90,14 +90,11 @@ manager: dansimp
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
-
Allows the user to change Auto Play settings.
> [!NOTE]
-> Setting this policy to 0 (Not allowed) does not affect the autoplay dialog box that appears when a device is connected.
+> Setting this policy to 0 (Not allowed) does not affect the autoplay dialog box that appears when a device is connected.
@@ -140,7 +137,7 @@ The following list shows the supported values:
Allows the user to change Data Sense settings.
> [!NOTE]
-> The **AllowDataSense** policy is not supported on Windows 10, version 2004 and later.
+> The **AllowDataSense** policy is not supported on Windows 10, version 2004 and later.
@@ -220,9 +217,6 @@ The following list shows the supported values:
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
-
Allows the user to change the language settings.
@@ -308,9 +302,6 @@ ADMX Info:
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
-
Allows the user to change power and sleep settings.
@@ -352,9 +343,6 @@ The following list shows the supported values:
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
-
Allows the user to change the region settings.
@@ -396,9 +384,6 @@ The following list shows the supported values:
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
-
Allows the user to change sign-in options.
@@ -480,9 +465,6 @@ The following list shows the supported values:
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
-
Allows user to change workplace settings.
@@ -564,7 +546,7 @@ The following list shows the supported values:
-Allows IT Admins to configure the default setting for showing additional calendars (besides the default calendar for the locale) in the taskbar clock and calendar flyout. In this version of Windows 10, supported additional calendars are: Simplified or Traditional Chinese lunar calendar. Turning on one of these calendars will display Chinese lunar dates below the default calendar for the locale. Select "Don't show additional calendars" to prevent showing other calendars besides the default calendar for the locale.
+Allows IT Admins to configure the default setting for showing additional calendars (besides the default calendar for the locale) in the taskbar clock and calendar flyout. In this version of Windows, supported additional calendars are: Simplified or Traditional Chinese lunar calendar. Turning on one of these calendars will display Chinese lunar dates below the default calendar for the locale. Select "Don't show additional calendars" to prevent showing other calendars besides the default calendar for the locale.
@@ -615,7 +597,7 @@ The following list shows the supported values:
-Allows IT Admins to either prevent specific pages in the System Settings app from being visible or accessible, or to do so for all pages except those specified. The mode will be specified by the policy string beginning with either the string "showonly:" or "hide:". Pages are identified by a shortened version of their already published URIs, which is the URI minus the "ms-settings:" prefix. For example, if the URI for a settings page is "ms-settings:bluetooth", the page identifier used in the policy will be just "bluetooth". Multiple page identifiers are separated by semicolons. For additional information on the URI reference scheme used for the various pages of the System Settings app, see [ms-settings: URI scheme reference](/windows/uwp/launch-resume/launch-settings-app#ms-settings-uri-scheme-reference).
+Allows IT Admins to either prevent specific pages in the System Settings app from being visible or accessible, or to do so for all pages except those specified. The mode will be specified by the policy string beginning with either the string "showonly:" or "hide:". Pages are identified by a shortened version of their already published URIs, which is the URI minus the "ms-settings:" prefix. For example, if the URI for a settings page is "ms-settings:bluetooth", the page identifier used in the policy will be just "bluetooth". Multiple page identifiers are separated by semicolons. For additional information on the URI reference scheme used for the various pages of the System Settings app, see [ms-settings: URI scheme reference](/windows/uwp/launch-resume/launch-settings-app#ms-settings-uri-scheme-reference).
The following example illustrates a policy that would allow access only to the about and bluetooth pages, which have URI "ms-settings:about" and "ms-settings:bluetooth" respectively:
diff --git a/windows/client-management/mdm/policy-csp-start.md b/windows/client-management/mdm/policy-csp-start.md
index f09d4aa243..5ab723b796 100644
--- a/windows/client-management/mdm/policy-csp-start.md
+++ b/windows/client-management/mdm/policy-csp-start.md
@@ -608,9 +608,6 @@ The following list shows the supported values:
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
-
Forces the start screen size.
@@ -658,7 +655,7 @@ The following list shows the supported values:
> [!NOTE]
-> This policy requires reboot to take effect.
+> This policy requires reboot to take effect.
Allows IT Admins to configure Start by collapsing or removing the all apps list.
@@ -762,7 +759,7 @@ To validate on Desktop, do the following:
> [!NOTE]
-> This policy requires reboot to take effect.
+> This policy requires reboot to take effect.
Allows IT Admins to configure Start by hiding most used apps.
@@ -819,7 +816,7 @@ Allows IT Admins to configure Start by hiding "Hibernate" from appearing in the
> [!NOTE]
-> This policy can only be verified on laptops as "Hibernate" does not appear on regular PC's.
+> This policy can only be verified on laptops as "Hibernate" does not appear on regular PC's.
@@ -964,7 +961,7 @@ The following list shows the supported values:
> [!NOTE]
-> This policy requires reboot to take effect.
+> This policy requires reboot to take effect.
Allows IT Admins to configure Start by hiding the Power button from appearing.
@@ -1014,7 +1011,7 @@ To validate on Desktop, do the following:
> [!NOTE]
-> This policy requires reboot to take effect.
+> This policy requires reboot to take effect.
Allows IT Admins to configure Start by hiding recently opened items in the jump lists from appearing.
@@ -1072,7 +1069,7 @@ To validate on Desktop, do the following:
> [!NOTE]
-> This policy requires reboot to take effect.
+> This policy requires reboot to take effect.
Allows IT Admins to configure Start by hiding recently added apps.
@@ -1369,7 +1366,7 @@ To validate on Desktop, do the following:
> [!NOTE]
-> This policy requires reboot to take effect.
+> This policy requires reboot to take effect.
Allows IT Admins to configure Start by hiding the user tile.
@@ -1420,7 +1417,7 @@ To validate on Desktop, do the following:
> [!NOTE]
-> This policy requires reboot to take effect.
+> This policy requires reboot to take effect.
Here is additional SKU support information:
@@ -1433,7 +1430,7 @@ Here is additional SKU support information:
This policy imports Edge assets (e.g. .png/.jpg files) for secondary tiles into its local app data path which allows the StartLayout policy to pin Edge secondary tiles as weblink that tie to the image asset files.
> [!IMPORTANT]
-> Please note that the import happens only when StartLayout policy is changed. So it is better to always change ImportEdgeAssets policy at the same time as StartLayout policy whenever there are Edge secondary tiles to be pinned from StartLayout policy.
+> Please note that the import happens only when StartLayout policy is changed. So it is better to always change ImportEdgeAssets policy at the same time as StartLayout policy whenever there are Edge secondary tiles to be pinned from StartLayout policy.
The value set for this policy is an XML string containing Edge assets. For an example XML string, see [Add image for secondary Microsoft Edge tiles](/windows/configuration/start-secondary-tiles).
diff --git a/windows/client-management/mdm/policymanager-csp.md b/windows/client-management/mdm/policymanager-csp.md
index 903e9b2279..ecef629054 100644
--- a/windows/client-management/mdm/policymanager-csp.md
+++ b/windows/client-management/mdm/policymanager-csp.md
@@ -14,14 +14,16 @@ ms.date: 06/28/2017
# PolicyManager CSP
-
PolicyManager CSP is deprecated. Use [Policy CSP](policy-configuration-service-provider.md) instead.
+
+## Related articles
+[Policy CSP](policy-configuration-service-provider.md)
-
-
-
+[Configuration service provider reference](configuration-service-provider-reference.md)
diff --git a/windows/client-management/mdm/registry-csp.md b/windows/client-management/mdm/registry-csp.md
deleted file mode 100644
index bcf194d65a..0000000000
--- a/windows/client-management/mdm/registry-csp.md
+++ /dev/null
@@ -1,77 +0,0 @@
----
-title: Registry CSP
-description: In this article, learn how to use the Registry configuration service provider (CSP) to update registry settings.
-ms.assetid: 2307e3fd-7b61-4f00-94e1-a639571f2c9d
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: dansimp
-ms.date: 06/26/2017
----
-
-# Registry CSP
-
-
-The Registry configuration service provider is used to update registry settings. However, if there is configuration service provider that is specific to the settings that need to be updated, use the specific configuration service provider.
-
-> [!NOTE]
-> The Registry CSP is only supported in Windows 10 Mobile for OEM configuration. Do not use this CSP for enterprise remote management.
-For Windows 10 Mobile only, this configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_CSP\_OEM capabilities to be accessed from a network configuration application.
-
-
-
-For the Registry CSP, you cannot use the Replace command unless the node already exists.
-
-The Registry configuration service provider can be managed over both the OMA Client Provisioning and the OMA DM protocol. When using OMA DM to add a registry key, a child registry value must also be added in the XML code.
-
-For OMA Client Provisioning, the follows notes apply:
-
-- Querying the registry at the top level is not allowed. All parameters must be queried individually. The underlying data store of the Registry is typed. Be sure to use the **datatype** attribute of the *<parm>* tag.
-
-- This documentation describes the default characteristics. Additional characteristics may be added.
-
-- Because the **Registry** configuration service provider uses the backslash (\\) character as a separator between key names, backslashes, which occur in the name of a registry key must be escaped. Backslashes can be escaped by using two sequential backslashes (\\\\).
-
-The default security role maps to each subnode unless specific permission is granted to the subnode. The security role for subnodes is implementation specific, and can be changed by OEMs and mobile operators.
-
-## Microsoft Custom Elements
-
-The following table shows the Microsoft custom elements that this configuration service provider supports for OMA Client Provisioning.
-
-|Elements|Available|
-|--- |--- |
-|Parm-query|Yes|
-|Noparm|Yes|
-|Uncharacteristic|Yes|
-|Characteristic-query|Yes
Recursive query: Yes
Top-level query: No|
-
-
-Use these elements to build standard OMA Client Provisioning configuration XML. For information about specific elements, see MSPROV DTD elements.
-
-
-## Supported Data Types
-
-The following table shows the data types this configuration service provider supports.
-
-|XML Data Type|Native Registry Type|XML Format|
-|--- |--- |--- |
-|Integer|REG_DWORD|Integer. A query of this parameter returns an integer type.|
-|Boolean|REG_DWORD|Integer value of 1 or 0. A query of this parameter returns an integer type.|
-|Float|REG_SZ|Float. A query of this parameter returns a string type.|
-|String|REG_SZ|String. A query of this parameter returns a string type.|
-|multiple string|REG_MULTI_SZ|Multiple strings are separated by **** and ended with two **** - A query of this parameter returns a multi-string type.|
-|Binary|REG_BINARY|Base64 encoded. A query of this parameter returns a binary type.|
-|Time|FILETIME in REG_BINARY|The time format conforms to the ISO8601 standard, with the date portion optional. If the date portion is omitted, also omit the "T" delimiter. A query of this parameter returns a binary type.|
-|Date|FILETIME in REG_BINARY|The date format conforms to the ISO8601 standard, with the time portion optional. If the time portion is omitted, also omit the "T" delimiter. A query of this parameter returns a binary type.|
-
-
-
-It is not possible to access registry keys nested under the current path by using the Registry configuration service provider. Instead, the values of the subkey must be accessed separately by using a new characteristic.
-
-## Related topics
-
-
-[Configuration service provider reference](configuration-service-provider-reference.md)
diff --git a/windows/client-management/mdm/registry-ddf-file.md b/windows/client-management/mdm/registry-ddf-file.md
deleted file mode 100644
index 61b54cc6cb..0000000000
--- a/windows/client-management/mdm/registry-ddf-file.md
+++ /dev/null
@@ -1,130 +0,0 @@
----
-title: Registry DDF file
-description: Learn about the OMA DM device description framework (DDF) for the Registry configuration service provider (CSP).
-ms.assetid: 29b5cc07-f349-4567-8a77-387d816a9d15
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: dansimp
-ms.date: 06/26/2017
----
-
-# Registry DDF file
-
-
-This topic shows the OMA DM device description framework (DDF) for the **Registry** configuration service provider. DDF files are used only with OMA DM provisioning XML.
-
-```xml
-
- 1.2
-
- Registry
- ./Vendor/MSFT
-
-
-
-
-
-
-
-
-
-
-
-
-
- The root node of registry
-
-
- HKCR
-
-
-
-
-
-
-
-
-
-
-
-
-
- HK_CLASSES_ROOT portion of device registry.
-
-
-
- HKCU
-
-
-
-
-
-
-
-
-
-
-
-
-
- HK_CURRENT_USER portion of device registry.
-
-
-
- HKLM
-
-
-
-
-
-
-
-
-
-
-
-
-
- HK_LOCAL_MACHINE portion of device registry.
-
-
-
- HKU
-
-
-
-
-
-
-
-
-
-
-
-
-
- HK_USERS portion of device registry.
-
-
-
-
-```
-
-## Related topics
-
-
-[Registry configuration service provider](registry-csp.md)
-
-
-
-
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/remotelock-csp.md b/windows/client-management/mdm/remotelock-csp.md
deleted file mode 100644
index 6550982c70..0000000000
--- a/windows/client-management/mdm/remotelock-csp.md
+++ /dev/null
@@ -1,108 +0,0 @@
----
-title: RemoteLock CSP
-description: Learn how RemoteLock CSP supports the ability to lock a device that has a PIN set on the device or reset the PIN on a device that may or may not have a PIN set.
-ms.assetid: c7889331-5aa3-4efe-9a7e-20d3f433659b
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: dansimp
-ms.date: 06/26/2017
----
-
-# RemoteLock CSP
-
-
-The RemoteLock CSP supports the ability to lock a device that has a PIN set on the device or reset the PIN on a device that may or may not have a PIN set.
-
-> [!Note]
-> The RemoteLock CSP is only supported in Windows 10 Mobile.
-
-**./Vendor/MSFT/RemoteLock**
-Defines the root node for the RemoteLock configuration service provider.
-
-**Lock**
-Required. The setting accepts requests to lock the device screen. The device screen will lock immediately if a PIN has been set. If no PIN is set, the lock request is ignored and the OMA DM (405) Forbidden error is returned over the management channel. All OMA DM errors are listed [here](https://go.microsoft.com/fwlink/p/?LinkId=522607) in the protocol specification. The supported operations are Get and Exec.
-
-|Status|Description|Meaning [Standard]|
-|--- |--- |--- |
-|(200) OK|The device was successfully locked.|The command and the associated Alert action are completed successfully.|
-|(405)|The device could not be locked because there is no PIN currently set on the device.|The requested command is not allowed on the target.|
-|(500) Command failed|The device was not locked for some unknown reason.|Non-specific errors were created by the recipient while attempting to complete the command.|
-
-**LockAndResetPIN**
-This setting can be used to lock and reset the PIN on the device. It is used in conjunction with the NewPINValue node. After the **Exec** operation is called successfully on this node, the previous PIN will no longer work and cannot be recovered. The supported operation is Exec.
-
-This node will return the following status. All OMA DM errors are listed [here](https://go.microsoft.com/fwlink/p/?LinkId=522607) in the protocol specification.
-
-|Status|Description|Meaning|
-|--- |--- |--- |
-|(200) OK|The device has been locked with a new password which has been reset.|The command and the associated Alert action are completed successfully.|
-|(500) Command failed|N/A|Non-specific errors were created by the recipient while attempting to complete the command.|
-
-**LockAndRecoverPIN**
-Added in Windows 10, version 1703. This setting performs a similar function to the LockAndResetPIN node. With LockAndResetPIN any Windows Hello keys associated with the PIN gets deleted, but with LockAndRecoverPIN those keys are saved. After the Exec operation is called successfully on this setting, the new PIN can be retrieved from the NewPINValue setting. The previous PIN will no longer work.
-
-Executing this node requires a ticket from the Microsoft credential reset service. Additionally, the execution of this setting is only supported when the [EnablePinRecovery](./passportforwork-csp.md#tenantid-policies-enablepinrecovery) policy is set on the client.
-
-
-**NewPINValue**
-This setting contains the PIN after Exec has been called on /RemoteLock/LockAndResetPIN or /RemoteLock/LockAndRecoverPin. If LockAndResetPIN or LockAndResetPIN has never been called, the value will be null. If Get is called on this node after a successful Exec call on /RemoteLock/LockAndResetPIN or /RemoteLock/LockAndRecoverPin, then the new PIN will be provided. If another Get command is called on this node, the value will be null. If you need to reset the PIN again, then another LockAndResetPIN Exec can be communicated to the device to generate a new PIN. The PIN value will conform to the minimum PIN complexity requirements of the merged policies that are set on the device. If no PIN policy has been set on the device, the generated PIN will conform to the default policy of the device.
-
-The data type returned is a string.
-
-The supported operation is Get.
-
-A Get operation on this node must follow an Exec operation on the /RemoteLock/LockAndResetPIN or /RemoteLock/LockAndRecoverPin node in the proper order and in the same SyncML message. The Sequence tag can be used to guarantee the order in which commands are processed.
-
-## Examples
-
-
-Initiate a remote lock of the device.
-
-```xml
-
- 1
- -
-
- ./Vendor/MSFT/RemoteLock/Lock
-
-
-
-```
-
-Initiate a remote lock and PIN reset of the device. To successfully retrieve the new device-generated PIN, the commands must be executed together and in the proper sequence as shown below.
-
-```xml
-
- 1
-
- 2
- -
-
- ./Vendor/MSFT/RemoteLock/LockAndResetPIN
-
-
-
-
- 3
- -
-
- ./Vendor/MSFT/RemoteLock/NewPINValue
-
-
-
-
-```
-
-
-## Related topics
-
-
-[Configuration service provider reference](configuration-service-provider-reference.md)
-
-
-
-
diff --git a/windows/client-management/mdm/remotelock-ddf-file.md b/windows/client-management/mdm/remotelock-ddf-file.md
deleted file mode 100644
index ade9d84d3e..0000000000
--- a/windows/client-management/mdm/remotelock-ddf-file.md
+++ /dev/null
@@ -1,153 +0,0 @@
----
-title: RemoteLock DDF file
-description: Learn about the OMA DM device description framework (DDF) for the RemoteLock configuration service provider (CSP).
-ms.assetid: A301AE26-1BF1-4328-99AB-1ABBA4960797
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: dansimp
-ms.date: 12/05/2017
----
-
-# RemoteLock DDF file
-
-
-This topic shows the OMA DM device description framework (DDF) for the **RemoteLock** configuration service provider. DDF files are used only with OMA DM provisioning XML.
-
-Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
-
-The XML below is the current version for this CSP.
-
-```xml
-
-
-]>
-
- 1.2
-
- RemoteLock
- ./Vendor/MSFT
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Lock
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- LockAndResetPIN
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- LockAndRecoverPIN
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- NewPINValue
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
-
-```
-
-## Related topics
-
-
-[RemoteLock configuration service provider](remotelock-csp.md)
-
-
-
-
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/reporting-csp.md b/windows/client-management/mdm/reporting-csp.md
index bd1d4ec925..196633a0c4 100644
--- a/windows/client-management/mdm/reporting-csp.md
+++ b/windows/client-management/mdm/reporting-csp.md
@@ -15,10 +15,11 @@ ms.date: 06/26/2017
# Reporting CSP
-The Reporting configuration service provider is used to retrieve Windows Information Protection (formerly known as Enterprise Data Protection) and security auditing logs. This CSP was added in Windows 10, version 1511.
+The Reporting configuration service provider is used to retrieve Windows Information Protection (formerly known as Enterprise Data Protection) and security auditing logs. This CSP was added in Windows 10, version 1511.
The following DDF format shows the Reporting configuration service provider in tree format.
-```
+
+```console
./Vendor/MSFT
Reporting
----EnterpriseDataProtection
@@ -33,14 +34,18 @@ Reporting
------------StartTime
------------Type
```
+
**Reporting**
Root node.
**Reporting/EnterpriseDataProtection**
Interior node for retrieving the Windows Information Protection (formerly known as Enterprise Data Protection) logs.
+
**RetrieveByTimeRange**
Returns the logs that exist within the StartTime and StopTime. The StartTime and StopTime are expressed in ISO 8601 format. If the StartTime and StopTime are not specified, then the values are interpreted as either first existing or last existing time.
@@ -89,7 +94,7 @@ Value type is int.
Supported operations are Get and Replace.
-## Examples
+## Example
Retrieve all available Windows Information Protection (formerly known as Enterprise Data Protection) logs starting from the specified StartTime.
@@ -114,6 +119,8 @@ Retrieve all available Windows Information Protection (formerly known as Enterpr
```
+
\ No newline at end of file
diff --git a/windows/client-management/mdm/storage-csp.md b/windows/client-management/mdm/storage-csp.md
index 2bb326151e..65bbfb02c9 100644
--- a/windows/client-management/mdm/storage-csp.md
+++ b/windows/client-management/mdm/storage-csp.md
@@ -14,6 +14,9 @@ ms.date: 06/26/2017
# Storage CSP
+Storage CSP is deprecated. Use System/AllowStorageCard in [Policy CSP](policy-configuration-service-provider.md) instead.
+
+
## Related topics
+System/AllowStorageCard in [Policy CSP](policy-configuration-service-provider.md)
[Configuration service provider reference](configuration-service-provider-reference.md)
-
-
-
-
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/storage-ddf-file.md b/windows/client-management/mdm/storage-ddf-file.md
index 16d67a7431..83acf0f5a6 100644
--- a/windows/client-management/mdm/storage-ddf-file.md
+++ b/windows/client-management/mdm/storage-ddf-file.md
@@ -14,6 +14,9 @@ ms.date: 12/05/2017
# Storage DDF file
+Storage CSP is deprecated. Use System/AllowStorageCard in [Policy CSP](policy-configuration-service-provider.md) instead.
+
+
+## Related topics
+System/AllowStorageCard in [Policy CSP](policy-configuration-service-provider.md)
+[Storage CSP (deprecated)](storage-csp.md)
+[Configuration service provider reference](configuration-service-provider-reference.md)
diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml
index 10ee337fe8..58a05c921f 100644
--- a/windows/client-management/mdm/toc.yml
+++ b/windows/client-management/mdm/toc.yml
@@ -866,21 +866,11 @@ items:
items:
- name: Reboot DDF file
href: reboot-ddf-file.md
- - name: Registry CSP
- href: registry-csp.md
- items:
- - name: Registry DDF file
- href: registry-ddf-file.md
- name: RemoteFind CSP
href: remotefind-csp.md
items:
- name: RemoteFind DDF file
href: remotefind-ddf-file.md
- - name: RemoteLock CSP
- href: remotelock-csp.md
- items:
- - name: RemoteLock DDF file
- href: remotelock-ddf-file.md
- name: RemoteRing CSP
href: remotering-csp.md
items:
@@ -1001,11 +991,6 @@ items:
items:
- name: WindowsLicensing DDF file
href: windowslicensing-ddf-file.md
- - name: WindowsSecurityAuditing CSP
- href: windowssecurityauditing-csp.md
- items:
- - name: WindowsSecurityAuditing DDF file
- href: windowssecurityauditing-ddf-file.md
- name: WiredNetwork CSP
href: wirednetwork-csp.md
items:
diff --git a/windows/client-management/mdm/vpn-csp.md b/windows/client-management/mdm/vpn-csp.md
index 0190c77520..4e2ae5fec4 100644
--- a/windows/client-management/mdm/vpn-csp.md
+++ b/windows/client-management/mdm/vpn-csp.md
@@ -14,6 +14,9 @@ ms.date: 04/02/2017
# VPN CSP
+The VPN CSP is deprecated. Use [VPNv2 CSP](vpnv2-csp.md) instead.
+
+
+
## Related topics
+[VPNv2 CSP](vpnv2-csp.md)
[Configuration service provider reference](configuration-service-provider-reference.md)
-
-
-
-
diff --git a/windows/client-management/mdm/vpn-ddf-file.md b/windows/client-management/mdm/vpn-ddf-file.md
index a3c1b08789..ba5b9526f2 100644
--- a/windows/client-management/mdm/vpn-ddf-file.md
+++ b/windows/client-management/mdm/vpn-ddf-file.md
@@ -14,6 +14,9 @@ ms.date: 06/26/2017
# VPN DDF file
+The VPN CSP is deprecated. Use [VPNv2 CSP](vpnv2-csp.md) instead.
+
+
+
## Related topics
+[VPNv2 CSP](vpnv2-csp.md)
-[VPN configuration service provider](vpn-csp.md)
-
-
-
-
-
-
-
-
-
+[VPN configuration service provider (deprecated)](vpn-csp.md)
+[Configuration service provider reference](configuration-service-provider-reference.md)
diff --git a/windows/client-management/mdm/wifi-csp.md b/windows/client-management/mdm/wifi-csp.md
index e3e4ad6b7e..fecd686326 100644
--- a/windows/client-management/mdm/wifi-csp.md
+++ b/windows/client-management/mdm/wifi-csp.md
@@ -22,12 +22,11 @@ The WiFi configuration service provider provides the functionality to add or del
Programming considerations:
- If the authentication method needs a certificate, for example, EAP-TLS requires client certificates, you must configure it through the CertificateStore configuration service provider. The WiFi configuration service provider does not provide that functionality; instead, the Wi-Fi profile can specify characteristics of the certificate to be used for choosing the right certificate for that network. The server must successfully enroll the certificate first before deploying the Wi-Fi network configuration. For example, for an EAP-TLS profile, the server must successfully configure and enroll the required client certificate before deploying the Wi-Fi profile. Self-signed certificate works for EAP-TLS/PEAP-MSCHAPv2, but it is not supported in EAP-TLS.
-- Because the Windows 10 Mobile emulator does not support Wi-Fi, you cannot test the Wi-Fi configuration with an emulator. You can still provision a Wi-Fi network using the WiFi CSP, then check it in the Wi-Fi settings page, but you cannot test the network connectivity in the emulator.
- For WEP, WPA, and WPA2-based networks, include the passkey in the network configuration in plaintext. The passkey is encrypted automatically when it is stored on the device.
- The SSID of the Wi-Fi network part of the LocURI node must be a valid URI based on RFC 2396. This requires that all non-ASCII characters must be escaped using a %-character. Unicode characters without the necessary escaping are not supported.
- The \*name\_goes\_here*\\ must match \\ *name\_goes\_here*\\.
- For the WiFi CSP, you cannot use the Replace command unless the node already exists.
-- Using Proxyis only supported in Windows 10 Mobile. Using this configuration in Windows 10 for desktop editions (Home, Pro, Enterprise, and Education) will result in failure.
+- Using Proxyis in Windows 10 client editions (Home, Pro, Enterprise, and Education) will result in failure.
The following shows the WiFi configuration service provider in tree format.
@@ -39,9 +38,6 @@ WiFi
---Profile
------SSID
---------WlanXML
----------Proxy
----------ProxyPacUrl
----------ProxyWPAD
---------WiFiCost
```
@@ -74,11 +70,16 @@ The profile XML must be escaped, as shown in the examples below.
If it exists in the blob, the **keyType** and **protected** elements must come before **keyMaterial**, as shown in the example in [WPA2-Personal Profile Sample](/windows/win32/nativewifi/wpa2-personal-profile-sample).
-> **Note** If you need to specify other advanced conditions, such as specifying criteria for certificates that can be used by the Wi-Fi profile, you can do so by specifying this through the EapHostConfig portion of the WlanXML. For more information, see [EAP configuration](./eap-configuration.md).
+> [!NOTE]
+> If you need to specify other advanced conditions, such as specifying criteria for certificates that can be used by the Wi-Fi profile, you can do so by specifying this through the EapHostConfig portion of the WlanXML. For more information, see [EAP configuration](./eap-configuration.md).
The supported operations are Add, Get, Delete, and Replace.
**Proxy**
+Don't use. Using this configuration in Windows 10 client editions will result in failure.
+
+
**DisableInternetConnectivityChecks**
> [!Note]
> This node has been deprecated since Windows 10, version 1607.
-Added in Windows 10, version 1511. Optional. Disable the internet connectivity check for the profile.
+Added in Windows 10, version 1511. Optional. Disable the internet connectivity check for the profile.
Value type is chr.
@@ -105,14 +107,24 @@ Value type is chr.
Supported operations are Get, Add, Delete, and Replace.
**ProxyPacUrl**
+Don't use. Using this configuration in Windows 10 client editions will result in failure.
+
+
**ProxyWPAD**
-Added in Windows 10, version 1607. Optional. When set to true it enables Web Proxy Auto-Discovery Protocol (WPAD) for proxy lookup.This proxy configuration is only supported in Windows 10 Mobile.
+Don't use. Using this configuration in Windows 10 client editions will result in failure.
+
+
**WiFiCost**
Added in Windows 10, version 1809. Optional. This policy sets the cost of WLAN connection for the Wi-Fi profile. Default behavior: Unrestricted.
@@ -132,7 +144,7 @@ These XML examples show how to perform various tasks using OMA DM.
### Add a network
-The following example shows how to add PEAP-MSCHAPv2 network with SSID 'MyNetwork,' a proxy URL 'testproxy,' and port 80.
+The following example shows how to add PEAP-MSCHAPv2 network with SSID 'MyNetwork,'.
```xml
@@ -151,18 +163,6 @@ The following example shows how to add PEAP-MSCHAPv2 network with SSID 'MyNetwor
MyNetwork412D4D534654574C414EMyNetworkfalseESSmanualWPA2AEStrueuser2500025truetruefalse26falsefalsefalsefalsefalse
-
- $CmdID$
- -
-
- ./Vendor/MSFT/WiFi/Profile/MyNetwork/Proxy
-
-
- chr
-
- testproxy:80
-
-
diff --git a/windows/client-management/mdm/wifi-ddf-file.md b/windows/client-management/mdm/wifi-ddf-file.md
index 2b315c6b15..c64fc0e3c2 100644
--- a/windows/client-management/mdm/wifi-ddf-file.md
+++ b/windows/client-management/mdm/wifi-ddf-file.md
@@ -120,84 +120,6 @@ The XML below is for Windows 10, version 1809.
-
- Proxy
-
-
-
-
-
-
-
- Optional node. The format is url:port. Configuration of the network proxy (if any).
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- ProxyPacUrl
-
-
-
-
-
-
-
- Optional node. URL to the PAC file location.
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- ProxyWPAD
-
-
-
-
-
-
-
- Optional node: The presence of the field enables WPAD for proxy lookup.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
@@ -206,15 +128,4 @@ The XML below is for Windows 10, version 1809.
## Related topics
-
[WiFi configuration service provider](wifi-csp.md)
-
-
-
-
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/windowslicensing-csp.md b/windows/client-management/mdm/windowslicensing-csp.md
index a44bc79b01..20530b3267 100644
--- a/windows/client-management/mdm/windowslicensing-csp.md
+++ b/windows/client-management/mdm/windowslicensing-csp.md
@@ -17,17 +17,17 @@ ms.date: 08/15/2018
> [!WARNING]
> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-The WindowsLicensing configuration service provider is designed for licensing related management scenarios. Currently the scope is limited to edition upgrades of Windows 10 desktop and mobile devices, such as Windows 10 Pro to Windows 10 Enterprise. In addition, this CSP provides the capability to activate or change the product key of Windows 10 desktop devices.
+The WindowsLicensing configuration service provider is designed for licensing related management scenarios. Currently the scope is limited to edition upgrades of Windows 10 client devices, such as Windows 10 Pro to Windows 10 Enterprise. In addition, this CSP provides the capability to activate or change the product key of Windows 10 client devices.
The following shows the WindowsLicensing configuration service provider in tree format.
-```
+
+```console
./Vendor/MSFT
WindowsLicensing
----UpgradeEditionWithProductKey
----ChangeProductKey
----Edition
----Status
-----UpgradeEditionWithLicense
----LicenseKeyType
----CheckApplicability
----ChangeProductKey (Added in Windows 10, version 1703)
@@ -92,14 +92,14 @@ Activation or changing a product key can be carried out on the following edition
- Windows 10 Pro
**Edition**
-Returns a value that maps to the Windows 10 edition running on desktop or mobile devices. Take the value, convert it into its hexadecimal equivalent and search the GetProductInfo function page on MSDN for edition information.
+Returns a value that maps to the Windows 10 edition. Take the value, convert it into its hexadecimal equivalent and search the GetProductInfo function page on MSDN for edition information.
The data type is an Int.
The supported operation is Get.
**Status**
-Returns the status of an edition upgrade on Windows 10 desktop or mobile devices. The status corresponds to one of the following values:
+Returns the status of an edition upgrade on Windows devices. The status corresponds to one of the following values:
- 0 = Failed
- 1 = Pending
@@ -111,13 +111,13 @@ The data type is an Int.
The supported operation is Get.
+
+
**LicenseKeyType**
Returns the parameter type used by Windows 10 devices for an edition upgrade, activation, or product key change.
-- Windows 10 for desktop devices require a product key.
-- Windows 10 Mobile devices require a XML license file for an edition upgrade.
+- Windows 10 client devices require a product key.
The data type is a chr.
@@ -317,7 +316,7 @@ Values:
> [!NOTE]
> `XXXXX-XXXXX-XXXXX-XXXXX-XXXXX` in the **Data** tag should be replaced with your product key.
-
+
+ YOUR XML ENCODED LICENSE GOES HERE
```
+-->
**Get S mode status**
-```
+```xml
@@ -363,7 +363,7 @@ Values:
**Execute SwitchFromSMode**
-```
+```xml
@@ -388,7 +388,7 @@ Values:
**Add S mode SwitchingPolicy**
-```
+```xml
@@ -413,7 +413,7 @@ Values:
**Get S mode SwitchingPolicy**
-```
+```xml
@@ -433,7 +433,7 @@ Values:
**Replace S mode SwitchingPolicy**
-```
+```xml
@@ -458,7 +458,7 @@ Values:
**Delete S mode SwitchingPolicy**
-```
+```xml
@@ -475,17 +475,7 @@ Values:
```
+
## Related topics
-
[Configuration service provider reference](configuration-service-provider-reference.md)
-
-
-
-
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/windowslicensing-ddf-file.md b/windows/client-management/mdm/windowslicensing-ddf-file.md
index d31c057de5..5286cedaa2 100644
--- a/windows/client-management/mdm/windowslicensing-ddf-file.md
+++ b/windows/client-management/mdm/windowslicensing-ddf-file.md
@@ -104,7 +104,7 @@ The XML below is for Windows 10, version 1809.
- Returns a value that maps to the Windows 10 edition running on desktop or mobile devices. Take the value, convert it into its hexadecimal equivalent and search the GetProductInfo function page on MSDN for edition information.
+ Returns a value that maps to the Windows 10 edition running on devices. Take the value, convert it into its hexadecimal equivalent and search the GetProductInfo function page on MSDN for edition information.
@@ -128,7 +128,7 @@ The XML below is for Windows 10, version 1809.
- Returns the status of an edition upgrade on Windows 10 desktop and mobile devices. Status: 0 = Failed, 1 = Pending, 2 = In progress, 3 = Completed, 4 = Unknown
+ Returns the status of an edition upgrade on Windows 10 client devices. Status: 0 = Failed, 1 = Pending, 2 = In progress, 3 = Completed, 4 = Unknown
diff --git a/windows/client-management/mdm/windowssecurityauditing-csp.md b/windows/client-management/mdm/windowssecurityauditing-csp.md
deleted file mode 100644
index f34aa9ceac..0000000000
--- a/windows/client-management/mdm/windowssecurityauditing-csp.md
+++ /dev/null
@@ -1,72 +0,0 @@
----
-title: WindowsSecurityAuditing CSP
-description: The WindowsSecurityAuditing configuration service provider (CSP) is used to enable logging of security audit events. This CSP was added in Windows 10, version 1511.
-ms.assetid: 611DF7FF-21CE-476C-AAB5-3D09C1CDF08A
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: dansimp
-ms.date: 06/26/2017
----
-
-# WindowsSecurityAuditing CSP
-
-
-The WindowsSecurityAuditing configuration service provider (CSP) is used to enable logging of security audit events. This CSP was added in Windows 10, version 1511 for Mobile and Mobile Enterprise. Make sure to consult the [Configuration service provider reference](./configuration-service-provider-reference.md) to see if this CSP and others are supported on your Windows installation.
-
-The following shows the WindowsSecurityAuditing configuration service provider in tree format.
-```
-./Vendor/MSFT
-WindowsSecurityAuditing
-----ConfigurationSettings
---------EnableSecurityAuditing
-```
-**WindowsSecurityAuditing**
-Root node.
-
-**ConfigurationSettings**
-Interior node for handling all the audit configuration settings. Do not use the Get operation in this node. It is only used of grouping configuration settings.
-
-**ConfigurationSettings/EnableSecurityAuditing**
-Specifies whether to enable or disable auditing for the device.
-
-Value type is boolean. If true, a default set of audit events will be captured to a log file for upload; if false, auditing is disabled and events are not logged. Default value is false.
-
-Supported operations are Get and Replace.
-
-## Examples
-
-
-Enable logging of audit events.
-
-```xml
-
-
-
- 1
- -
-
-
- ./Vendor/MSFT/WindowsSecurityAuditing/ConfigurationSettings/EnableSecurityAuditing
-
-
-
- bool
- text/plain
-
- true
-
-
-
-
-
-```
-
-For more information about Windows security auditing, see [What's new in security auditing](/windows/whats-new/whats-new-windows-10-version-1507-and-1511).
-
-
-
-
\ No newline at end of file
diff --git a/windows/client-management/mdm/windowssecurityauditing-ddf-file.md b/windows/client-management/mdm/windowssecurityauditing-ddf-file.md
deleted file mode 100644
index 0777a525d9..0000000000
--- a/windows/client-management/mdm/windowssecurityauditing-ddf-file.md
+++ /dev/null
@@ -1,109 +0,0 @@
----
-title: WindowsSecurityAuditing DDF file
-description: View the OMA DM device description framework (DDF) for the WindowsSecurityAuditing configuration service provider.
-ms.assetid: B1F9A5FA-185B-48C6-A7F4-0F0F23B971F0
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: dansimp
-ms.date: 12/05/2017
----
-
-# WindowsSecurityAuditing DDF file
-
-
-This topic shows the OMA DM device description framework (DDF) for the WindowsSecurityAuditing configuration service provider. This CSP was added in Windows 10, version 1511.
-
-Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
-
-The XML below is the current version for this CSP.
-
-```xml
-
-]>
-
- 1.2
-
- WindowsSecurityAuditing
- ./Vendor/MSFT
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- com.microsoft/1.0/MDM/WindowsSecurityAuditing
-
-
-
- ConfigurationSettings
-
-
-
-
- This branch handles all the audit configuration settings for the device. This node should not be used for a get/set but is simply a grouping interior node for all configuration functionality.
-
-
-
-
-
-
-
-
-
- Configuration Settings
-
-
-
-
-
- EnableSecurityAuditing
-
-
-
-
-
- false
- Specifies whether to enable or disable auditing for the device. If the value is true, a default set of audit events will be captured to a log file for upload. If the value is false, auditing will be disabled and events will no longer be logged.
-
-
-
-
-
-
-
-
-
- Enable Security Auditing
-
- text/plain
-
-
-
-
-
-
-```
-
-
-
-
-
-
-
-
-
-