From e0c4798c977b18f7a1947cb14aaf21844052ad02 Mon Sep 17 00:00:00 2001
From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com>
Date: Tue, 31 Jan 2023 15:26:27 -0500
Subject: [PATCH 1/6] Add new policy
---
.../mdm/policy-csp-update.md | 72 ++++++++++++++++++-
1 file changed, 71 insertions(+), 1 deletion(-)
diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md
index 040028b422..7a183cb82b 100644
--- a/windows/client-management/mdm/policy-csp-update.md
+++ b/windows/client-management/mdm/policy-csp-update.md
@@ -4,7 +4,7 @@ description: Learn more about the Update Area in Policy CSP.
author: vinaypamnani-msft
manager: aaroncz
ms.author: vinpa
-ms.date: 01/18/2023
+ms.date: 01/31/2023
ms.localizationpriority: medium
ms.prod: windows-client
ms.technology: itpro-manage
@@ -23,6 +23,7 @@ ms.topic: reference
Update CSP policies are listed below based on the group policy area:
- [Windows Insider Preview](#windows-insider-preview)
+ - [AllowTemporaryEnterpriseFeatureControl](#allowtemporaryenterprisefeaturecontrol)
- [ConfigureDeadlineNoAutoRebootForFeatureUpdates](#configuredeadlinenoautorebootforfeatureupdates)
- [ConfigureDeadlineNoAutoRebootForQualityUpdates](#configuredeadlinenoautorebootforqualityupdates)
- [Manage updates offered from Windows Update](#manage-updates-offered-from-windows-update)
@@ -103,6 +104,75 @@ Update CSP policies are listed below based on the group policy area:
## Windows Insider Preview
+
+### AllowTemporaryEnterpriseFeatureControl
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/Update/AllowTemporaryEnterpriseFeatureControl
+```
+
+
+
+
+Features introduced via servicing (outside of the annual feature update) are off by default for devices that have their Windows updates managed*.
+
+- If this policy is configured to "Enabled", then all features available in the latest monthly quality update installed will be on.
+
+- If this policy is set to "Not Configured" or "Disabled" then features that are shipped via a monthly quality update (servicing) will remain off until the feature update that includes these features is installed.
+
+*Windows update managed devices are those that have their Windows updates managed via policy; whether via the cloud using Windows Update for Business or on-premises with Windows Server Update Services (WSUS).
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | 0 |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Not allowed. |
+| 1 | Allowed. |
+
+
+
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | AllowTemporaryEnterpriseFeatureControl |
+| Friendly Name | Enable features introduced via servicing that are off by default |
+| Location | Computer Configuration |
+| Path | Windows Components > Windows Update > Manage end user experience |
+| Registry Key Name | Software\Policies\Microsoft\Windows\WindowsUpdate |
+| Registry Value Name | AllowTemporaryEnterpriseFeatureControl |
+| ADMX File Name | WindowsUpdate.admx |
+
+
+
+
+
+
+
+
### ConfigureDeadlineNoAutoRebootForFeatureUpdates
From d85300ca59615b806e5a9aa48fd6b0a642cc51a8 Mon Sep 17 00:00:00 2001
From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com>
Date: Fri, 3 Feb 2023 12:33:18 -0500
Subject: [PATCH 2/6] Update Update CSP
---
.../mdm/policies-in-policy-csp-supported-by-group-policy.md | 3 ++-
windows/client-management/mdm/policy-csp-update.md | 5 ++++-
2 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md
index e6748d67f8..2b636d3e4f 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md
@@ -4,7 +4,7 @@ description: Learn about the policies in Policy CSP supported by Group Policy.
author: vinaypamnani-msft
manager: aaroncz
ms.author: vinpa
-ms.date: 01/30/2023
+ms.date: 02/03/2023
ms.localizationpriority: medium
ms.prod: windows-client
ms.technology: itpro-manage
@@ -814,6 +814,7 @@ This article lists the policies in Policy CSP that have a group policy mapping.
- [SetPolicyDrivenUpdateSourceForOtherUpdates](policy-csp-update.md)
- [SetEDURestart](policy-csp-update.md)
- [AllowAutoWindowsUpdateDownloadOverMeteredNetwork](policy-csp-update.md)
+- [AllowTemporaryEnterpriseFeatureControl](policy-csp-update.md)
- [SetDisableUXWUAccess](policy-csp-update.md)
- [SetDisablePauseUXAccess](policy-csp-update.md)
- [UpdateNotificationLevel](policy-csp-update.md)
diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md
index 7a183cb82b..434acb5dde 100644
--- a/windows/client-management/mdm/policy-csp-update.md
+++ b/windows/client-management/mdm/policy-csp-update.md
@@ -4,7 +4,7 @@ description: Learn more about the Update Area in Policy CSP.
author: vinaypamnani-msft
manager: aaroncz
ms.author: vinpa
-ms.date: 01/31/2023
+ms.date: 02/03/2023
ms.localizationpriority: medium
ms.prod: windows-client
ms.technology: itpro-manage
@@ -16,6 +16,9 @@ ms.topic: reference
# Policy CSP - Update
+> [!IMPORTANT]
+> This CSP contains preview policies that are under development and only applicable for [Windows Insider Preview builds](/windows-insider/). These policies are subject to change and may have dependencies on other features or services in preview.
+
From 929412537593106e322a22679bda52e23c372a5c Mon Sep 17 00:00:00 2001
From: Tarun Maganur <104856032+Tarun-Edu@users.noreply.github.com>
Date: Mon, 6 Feb 2023 13:51:19 -0800
Subject: [PATCH 3/6] Update windows-11-se-overview.md
---
education/windows/windows-11-se-overview.md | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/education/windows/windows-11-se-overview.md b/education/windows/windows-11-se-overview.md
index 8a63a27c99..bf2de408fe 100644
--- a/education/windows/windows-11-se-overview.md
+++ b/education/windows/windows-11-se-overview.md
@@ -93,6 +93,7 @@ The following applications can also run on Windows 11 SE, and can be deployed us
| `Class Policy` | 114.0.0 | Win32 | `Class Policy` |
| `Classroom.cloud` | 1.40.0004 | Win32 | `NetSupport` |
| `CoGat Secure Browser` | 11.0.0.19 | Win32 | `Riverside Insights` |
+| `ContentKeeper Cloud` | 9.01.45 | Win32 | `ContentKeeper Technologies` |
| `Dragon Professional Individual` | 15.00.100 | Win32 | `Nuance Communications` |
| `DRC INSIGHT Online Assessments` | 12.0.0.0 | `Store` | `Data recognition Corporation` |
| `Duo from Cisco` | 3.0.0 | Win32 | `Cisco` |
@@ -104,7 +105,7 @@ The following applications can also run on Windows 11 SE, and can be deployed us
| `Free NaturalReader` | 16.1.2 | Win32 | `Natural Soft` |
| `Ghotit Real Writer & Reader` | 10.14.2.3 | Win32 | `Ghotit Ltd` |
| `GoGuardian` | 1.4.4 | Win32 | `GoGuardian` |
-| `Google Chrome` | 102.0.5005.115 | Win32 | `Google` |
+| `Google Chrome` | 109.0.5414.75 | Win32 | `Google` |
| `Illuminate Lockdown Browser` | 2.0.5 | Win32 | `Illuminate Education` |
| `Immunet` | 7.5.8.21178 | Win32 | `Immunet` |
| `Impero Backdrop Client` | 4.4.86 | Win32 | `Impero Software` |
@@ -137,10 +138,10 @@ The following applications can also run on Windows 11 SE, and can be deployed us
| `Respondus Lockdown Browser` | 2.0.9.03 | Win32 | `Respondus` |
| `Safe Exam Browser` | 3.4.1.505 | Win32 | `Safe Exam Browser` |
| `Senso.Cloud` | 2021.11.15.0 | Win32 | `Senso.Cloud` |
-| `Smoothwall Monitor` | 2.8.0 | Win32 | `Smoothwall Ltd` |
+| `Smoothwall Monitor` | 2.9.2 | Win32 | `Smoothwall Ltd` |
| `SuperNova Magnifier & Screen Reader` | 21.02 | Win32 | `Dolphin Computer Access` |
| `SuperNova Magnifier & Speech` | 21.02 | Win32 | `Dolphin Computer Access` |
-|`TX Secure Browser` | 15.0.0 | Win32 | `Cambium Development`
+|`TX Secure Browser` | 15.0.0 | Win32 | `Cambium Development` |
| `VitalSourceBookShelf` | 10.2.26.0 | Win32 | `VitalSource Technologies Inc` |
| `Winbird` | 19 | Win32 | `Winbird Co., Ltd.` |
| `WordQ` | 5.4.23 | Win32 | `Mathetmots` |
From 2f809b5ce63b9100fbcc15e9d63bf5954945696f Mon Sep 17 00:00:00 2001
From: Jared Agee
Date: Wed, 8 Feb 2023 11:36:01 -0600
Subject: [PATCH 4/6] Update remote-credential-guard.md
Removed redundant portion of a sentence, "to turn on Windows Defender Remote Credential Guard".
---
.../security/identity-protection/remote-credential-guard.md | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/windows/security/identity-protection/remote-credential-guard.md b/windows/security/identity-protection/remote-credential-guard.md
index e094da893b..eb1922b3a8 100644
--- a/windows/security/identity-protection/remote-credential-guard.md
+++ b/windows/security/identity-protection/remote-credential-guard.md
@@ -128,7 +128,7 @@ You must enable Restricted Admin or Windows Defender Remote Credential Guard on
- Add a new DWORD value named **DisableRestrictedAdmin**.
- - To turn on Restricted Admin and Windows Defender Remote Credential Guard, set the value of this registry setting to 0 to turn on Windows Defender Remote Credential Guard.
+ - To turn on Restricted Admin and Windows Defender Remote Credential Guard, set the value of this registry setting to 0.
3. Close Registry Editor.
@@ -189,4 +189,4 @@ mstsc.exe /remoteGuard
- No credentials are sent to the target device, but the target device still acquires Kerberos Service Tickets on its own.
-- The server and client must authenticate using Kerberos.
\ No newline at end of file
+- The server and client must authenticate using Kerberos.
From bc4215046196969c65c42f6a46a68f68137dc75a Mon Sep 17 00:00:00 2001
From: tiaraquan
Date: Wed, 8 Feb 2023 14:01:26 -0800
Subject: [PATCH 5/6] Tweak.
---
.../windows-autopatch-windows-quality-update-overview.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-overview.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-overview.md
index 0ff47c507d..c2ad146ec6 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-overview.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-overview.md
@@ -89,7 +89,7 @@ By default, the service expedites quality updates as needed. For those organizat
**To turn off service-driven expedited quality updates:**
1. Go to **[Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431)** > **Devices**.
-2. Under **Windows Autopatch** > **Release management**, go to the **Release settings** tab and turn off the **Expedited Quality Updates** setting.
+2. Under **Windows Autopatch** > **Release management**, go to the **Release settings** tab and turn off the **Expedited quality updates** setting.
> [!NOTE]
> Windows Autopatch doesn't allow customers to request expedited releases.
From 1a8346994b82d7db547a5ae0729f7ea3fafad082 Mon Sep 17 00:00:00 2001
From: Angela Fleischmann
Date: Wed, 8 Feb 2023 16:18:18 -0700
Subject: [PATCH 6/6] Update policy-csp-update.md
https://microsoft-ce-csi.acrolinx.cloud/api/v1/checking/scorecards/e399e338-279c-47c8-b5ad-b239d24218f0#CORRECTNESS
Line 2665 and 3061: is a integer. > is an integer.
Line 2736: on the every week. > every week.
Line 3120: allows to remove > allows removing
---
windows/client-management/mdm/policy-csp-update.md | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md
index 434acb5dde..e9921d6795 100644
--- a/windows/client-management/mdm/policy-csp-update.md
+++ b/windows/client-management/mdm/policy-csp-update.md
@@ -2662,7 +2662,7 @@ If you select "Apply only during active hours" in conjunction with Option 1 or 2
-Enables the IT admin to schedule the day of the update installation. The data type is a integer.
+Enables the IT admin to schedule the day of the update installation. The data type is an integer.
@@ -2733,7 +2733,7 @@ Enables the IT admin to schedule the day of the update installation. The data ty
-Enables the IT admin to schedule the update installation on the every week. Value type is integer.
+Enables the IT admin to schedule the update installation every week. Value type is integer.
@@ -3058,7 +3058,7 @@ Enables the IT admin to schedule the update installation on the third week of th
- the IT admin to schedule the time of the update installation. The data type is a integer. Supported values are 0-23, where 0 = 12 AM and 23 = 11 PM. The default value is 3.
+ the IT admin to schedule the time of the update installation. The data type is an integer. Supported values are 0-23, where 0 = 12 AM and 23 = 11 PM. The default value is 3.
@@ -3117,7 +3117,7 @@ Enables the IT admin to schedule the update installation on the third week of th
-This setting allows to remove access to "Pause updates" feature.
+This setting allows removing access to "Pause updates" feature.
Once enabled user access to pause updates is removed.