deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-19 08:47:22 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'refs/remotes/origin/master' into atp-avscan

Browse Source
This commit is contained in:
Joey Caparas 2017-06-07 14:22:47 -07:00
commit 5681dd221c
294 changed files with 11222 additions and 10681 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
devices/surface-hub/use-room-control-system-with-surface-hub.md
View File

@ -44,7 +44,7 @@ This diagram shows the correct pinout used for an RJ-11 (6P6C) to DB9 cable.
Room control systems use common meeting-room scenarios for commands. Commands originate from the room control system, and are communicated over a serial connection to a Surface Hub. Commands are ASCII based, and the Surface Hub will acknowledge when state changes occur.
The following command modifiers are available. Commands terminate with a new line character (/n). Responses can come at any time in response to state changes not triggered directly by a management port command.
The following command modifiers are available. Commands terminate with a new line character (\n). Responses can come at any time in response to state changes not triggered directly by a management port command.
| Modifier | Result |
| --- | --- |

2
education/windows/index.md
View File

@ -44,7 +44,7 @@ author: CelesteDG
<p><b>[Deploy Windows 10 in a school district](deploy-windows-10-in-a-school-district.md)</b><br />Get step-by-step guidance on how to deploy Windows 10 to PCs and devices across a school district.</p>
<p><b><a href="https://technet.microsoft.com/en-us/windows/mt574244" target="_blank">Try it out: Windows 10 deployment (for education)</a></b><br />Learn how to upgrade devices running the Windows 7 operating system to Windows 10 Anniversary Update, and how to manage devices, apps, and users in Windows 10 Anniversary Update.<br /><br />For the best experience, use this guide in tandem with the <a href="https://vlabs.holsystems.com/vlabs/technet?eng=VLabs&auth=none&src=vlabs&altadd=true&labid=20949&lod=true" target="_blank">TechNet Virtual Lab: IT Pro Try-It-Out</a>.</p>
### ![Switch to Windows 10 for Education](images/windows.png) Switch
## ![Switch to Windows 10 for Education](images/windows.png) Switch
<p><b>[Switch to Windows 10 Pro Education from Windows 10 Pro or Windows 10 S](switch-to-pro-education.md)</b><br />If you have an education tenant and use Windows 10 Pro or Windows 10 S in your schools, find out how you can opt-in to a free switch to Windows 10 Pro Education.</p>

2
education/windows/set-up-school-pcs-technical.md
View File

@ -70,7 +70,7 @@ To make this as seamless as possible, in your Azure AD tenant:
![Set maximum number of devices per user to unlimited](images/azuread_usersandgroups_devicesettings_maxnumberofdevicesperuser.png)
- Clear your Azure AD tokens from time to time. Your tenant can only have 50 automated Azure AD tokens active at any one time.
- Clear your Azure AD tokens from time to time. Your tenant can only have 500 automated Azure AD tokens active at any one time.
In the Azure portal, select **Azure Active Directory**. Go to **Users and groups > All users** and look at the list of user names. User names that start with **package_** followed by a string of letters and numbers. These are the user accounts that are created automatically for the tokens and you can safely delete these.

4
education/windows/switch-to-pro-education.md
View File

@ -159,7 +159,7 @@ Once you enable the setting to switch to Windows 10 Pro Education, the switch wi
**To turn on the automatic switch to Windows 10 Pro Education**
1. Sign in to [Microsoft Store for Education](https://businessstore.microsoft.com/) with your work or school account.
1. Sign in to [Microsoft Store for Education](https://educationstore.microsoft.com/) with your work or school account.
If this is the first time you're signing into the Microsoft Store for Education, you'll be prompted to accept the Microsoft Store for Education Terms of Use.
@ -341,7 +341,7 @@ Once the automatic switch to Windows 10 Pro Education is turned off, the change
**To roll back Windows 10 Pro Education to Windows 10 Pro**
1. Log in to [Microsoft Store for Business](https://businessstore.microsoft.com/en-us/Store/Apps) with your school or work account, or follow the link from the notification email to turn off the automatic switch.
1. Log in to [Microsoft Store for Education](https://educationstore.microsoft.com/) with your school or work account, or follow the link from the notification email to turn off the automatic switch.
2. Select **Manage > Benefits** and locate the section **Windows 10 Pro Education** and follow the link.
3. In the **Revert to Windows 10 Pro** page, click **Revert to Windows 10 Pro**.

8
store-for-business/update-windows-store-for-business-account-settings.md
View File

@ -61,13 +61,13 @@ Taxes for Microsoft Store for Business purchases are determined by your business
- Switzerland
- United Kingdom
These countries can provide their VAT number or local equivalent in **Payments & billing**. However, they can only acquire free apps.
These countries can provide their VAT number or local equivalent in **Payments & billing**.
|Market| Tax identifier |
|------|----------------|
| Brazil | CPNJ (required), CCMID (optional) |
| India | CST ID, VAT ID |
| Taiwan | Unified business number|
| Brazil | CNPJ (required) |
| India | CST ID, VAT ID (both are optional) |
| Taiwan | VAT ID (optional) |
### Tax-exempt status

226
store-for-business/windows-store-for-business-overview.md
View File

@ -157,6 +157,193 @@ For more information, see [Manage settings in the Store for Business](manage-set
Microsoft Store for Business and Education is currently available in these markets.
<!--- <table>
<tr>
<th align="center" colspan="4">Support for free and paid apps</th>
</tr>
<tr align="left">
<td>
<ul>
<li>Algeria</li>
<li>Angola</li>
<li>Argentina</li>
<li>Australia</li>
<li>Austria</li>
<li>Bahamas</li>
<li>Bahrain</li>
<li>Bangladesh</li>
<li>Barbados</li>
<li>Belgium</li>
<li>Belize</li>
<li>Bermuda</li>
<li>Bhutan</li>
<li>Bolivia</li>
<li>Botswana</li>
<li>Brunei Darussalam</li>
<li>Bulgaria</li>
<li>Cambodia</li>
<li>Cameroon</li>
<li>Canada</li>
<li>Republic of Cabo Verde</li>
<li>Cayman Islands</li>
<li>Chile</li>
<li>Colombia</li>
<li>Costa Rica</li>
<li>C&ocirc;te D'ivoire</li>
<li>Croatia</li>
<li>Cur&ccedil;ao</li>
<li>Cyprus</li>
</ul>
</td>
<td>
<ul>
<li>Czech Republic</li>
<li>Denmark</li>
<li>Dominican Republic</li>
<li>Ecuador</li>
<li>Egypt</li>
<li>El Salvador</li>
<li>Estonia</li>
<li>Faroe Islands</li>
<li>Fiji</li>
<li>Finland</li>
<li>France</li>
<li>Germany</li>
<li>Ghana</li>
<li>Greece</li>
<li>Guadeloupe</li>
<li>Guatemala</li>
<li>Honduras</li>
<li>Hong Kong SAR</li>
<li>Hungary</li>
<li>Iceland</li>
<li>Indonesia</li>
<li>Iraq</li>
<li>Ireland</li>
<li>Israel</li>
<li>Italy</li>
<li>Jamaica</li>
<li>Japan</li>
<li>Jordan</li>
<li>Kenya</li>
</ul>
</td>
<td>
<ul>
<li>Kuwait</li>
<li>Latvia</li>
<li>Lebanon</li>
<li>Libya</li>
<li>Liechtenstein</li>
<li>Lithuania</li>
<li>Luxembourg</li>
<li>Malaysia</li>
<li>Malta</li>
<li>Mauritius</li>
<li>Mexico</li>
<li>Mongolia</li>
<li>Montenegro</li>
<li>Morocco</li>
<li>Mozambique</li>
<li>Namibia</li>
<li>Netherlands</li>
<li>New Zealand</li>
<li>Nicaragua</li>
<li>Nigeria</li>
<li>Norway</li>
<li>Oman</li>
<li>Pakistan</li>
<li>Palestinian Authority</li>
<li>Panama</li>
<li>Paraguay</li>
<li>Peru</li>
<li>Philippines</li>
<li>Poland</li>
</ul>
</td>
<td>
<ul>
<li>Portugal</li>
<li>Puerto Rico</li>
<li>Qatar</li>
<li>Romania</li>
<li>Rwanda</li>
<li>Saint Kitts and Nevis</li>
<li>Saudi Arabia</li>
<li>Senegal</li>
<li>Serbia</li>
<li>Singapore</li>
<li>Slovakia</li>
<li>Slovenia</li>
<li>South Africa</li>
<li>Spain</li>
<li>Sweden</li>
<li>Switzerland</li>
<li>Tanzania</li>
<li>Thailand</li>
<li>Trinidad and Tobago</li>
<li>Tunisia</li>
<li>Turkey</li>
<li>Uganda</li>
<li>United Arab Emirates</li>
<li>United Kingdom</li>
<li>United States</li>
</ul>
</td>
<td>
<ul>
<li>Uruguay</li>
<li>Viet Nam</li>
<li>Virgin Islands, U.S.</li>
<li>Zambia</li>
<li>Zimbabwe<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</li>
</ul>
</td>
</tr>
</table>
<table>
<tr>
<th align="center">Support for free apps only</th>
</tr>
<tr align="left">
<td>
<ul>
<li>Russia</li>
</ul>
</td>
</tr>
</table>
<table>
<tr>
<th align="center">Support for free apps and Minecraft: Education Edition</th>
</tr>
<tr align="left">
<td>
<ul>
<li>Albania</li>
<li>Armenia</li>
<li>Azerbaijan</li>
<li>Belarus</li>
<li>Bosnia</li>
<li>Brazil</li>
<li>Georgia</li>
<li>India</li>
<li>Kazakhstan</li>
<li>Korea</li>
<li>Kyrgyzstan</li>
<li>Moldova</li>
<li>Taiwan</li>
<li>Tajikistan</li>
<li>Turkmenistan</li>
<li>Ukraine</li>
<li>Uzbekistan</li>
</ul>
</td>
</tr>
</table> -->
### Support for free and paid apps
<table>
<tr>
<th align="center" colspan="4">Support for free and paid apps</th>
@ -294,22 +481,29 @@ Microsoft Store for Business and Education is currently available in these marke
</tr>
</table>
<table>
<tr>
<th align="center">Support for free apps only</th>
</tr>
<tr align="left">
<td>
<ul>
<li>Brazil</li>
<li>India</li>
<li>Russia</li>
<li>Taiwan</li>
<li>Ukraine</li>
</ul>
</td>
</tr>
</table>
### Support for free apps
Customers in these markets can use Microsoft Store for Business and Education to acquire free apps:
- India
- Russia
### Support for free apps and Minecraft: Education Edition
Customers in these markets can use Microsoft Store for Business and Education to acquire free apps and Minecraft: Education Edition:
- Brazil
- Taiwan
- Ukraine
This table summarize what customers can purchase, depending on which Microsoft Store they are using.
| Store | Free apps | Minecraft: Education Edition |
| ----- | --------- | ---------------------------- |
| Microsoft Store for Business | supported | not supported |
| Microsoft Store for Education | supported | supported; invoice payment required |
> [!NOTE]
> **Microsoft Store for Education customers with support for free apps and Minecraft: Education Edition**
- Admins can acquire free apps from **Microsoft Store for Education**.
- Admins need to use an invoice to purchase **Minecraft: Education Edition**. For more information, see [Invoice payment option](https://docs.microsoft.com/education/windows/school-get-minecraft#invoices).
- Teachers, or people with the Basic Purachaser role, can acquire free apps, but not **Minecraft: Education Edition**.
## Privacy notice

155
windows/access-protection/enterprise-certificate-pinning.md
View File

@ -71,141 +71,41 @@ Each PinRule element contains a sequence of one or more Site elements and a sequ
The PinRules element can have the following attributes.
For help with formatting Pin Rules, see [Representing a Date in XML](#representing-a-date-in-xml) or [Representing a Duration in XML](#representing-a-duration-in-xml).
- **Duration** or **NextUpdate**
Specifies when the Pin Rules will expire.
Either is required.
**NextUpdate** takes precedence if both are specified.
**Duration**, represented as an XML TimeSpan data type, does not allow years and months.
You represent the **NextUpdate** attribute as a XML DateTime data type in UTC.
**Required?** Yes. At least one is required.
- **LogDuration** or **LogEndDate**
Configures auditing only to extend beyond the expiration of enforcing the Pin Rules.
**LogEndDate**, represented as an XML DateTime data type in UTC, takes precedence if both are specified.
You represent **LogDuration** as an XML TimeSpan data type, which does not allow years and months.
If neither attribute is specified, auditing expiration uses **Duration** or **NextUpdate** attributes.
**Required?** No.
- **ListIdentifier**
Provides a friendly name for the list of pin rules.
Windows does not use this attribute for certificate pinning enforcement, however it is included when the pin rules are converted to a certificate trust list (CTL).
**Required?** No.
| Attribute | Description | Required |
|-----------|-------------|----------|
| **Duration** or **NextUpdate** | Specifies when the Pin Rules will expire. Either is required. **NextUpdate** takes precedence if both are specified. <br> **Duration**, represented as an XML TimeSpan data type, does not allow years and months. You represent the **NextUpdate** attribute as a XML DateTime data type in UTC. | **Required?** Yes. At least one is required. |
| **LogDuration** or **LogEndDate** | Configures auditing only to extend beyond the expiration of enforcing the Pin Rules. <br> **LogEndDate**, represented as an XML DateTime data type in UTC, takes precedence if both are specified. <br> You represent **LogDuration** as an XML TimeSpan data type, which does not allow years and months. <br> If neither attribute is specified, auditing expiration uses **Duration** or **NextUpdate** attributes. | No. |
| **ListIdentifier** | Provides a friendly name for the list of pin rules. Windows does not use this attribute for certificate pinning enforcement, however it is included when the pin rules are converted to a certificate trust list (CTL). | No. |
#### PinRule Element
The **PinRule** element can have the following attributes:
The **PinRule** element can have the following attributes.
- **Name**
Uniquely identifies the **PinRule**.
Windows uses this attribute to identify the element for a parsing error or for verbose output.
The attribute is not included in the generated certificate trust list (CTL).
**Required?** Yes.
- **Error**
Describes the action Windows performs when it encounters a PIN mismatch.
You can choose from the following string values:
- **Revoked** - Windows reports the certificate protecting the site as if it was revoked. This typically prevents the user from accessing the site.
- **InvalidName** - Windows reports the certificate protecting the site as if the name on the certificate does not match the name of the site. This typically results in prompting the user before accessing the site.
- **None** - The default value. No error is returned. You can use this setting to audit the pin rules without introducing any user friction.
**Required?** No.
- **Log**
A Boolean value represent as string that equals **true** or **false**.
By default, logging is enabled (**true**).
**Required?** No.
| Attribute | Description | Required |
|-----------|-------------|----------|
| **Name** | Uniquely identifies the **PinRule**. Windows uses this attribute to identify the element for a parsing error or for verbose output. The attribute is not included in the generated certificate trust list (CTL). | Yes.|
| **Error** | Describes the action Windows performs when it encounters a PIN mismatch. You can choose from the following string values: <br>- **Revoked** - Windows reports the certificate protecting the site as if it was revoked. This typically prevents the user from accessing the site. <br>- **InvalidName** - Windows reports the certificate protecting the site as if the name on the certificate does not match the name of the site. This typically results in prompting the user before accessing the site. <br>- **None** - The default value. No error is returned. You can use this setting to audit the pin rules without introducing any user friction. | No. |
| **Log** | A Boolean value represent as string that equals **true** or **false**. By default, logging is enabled (**true**). | No. |
#### Certificate element
The **Certificate** element can have the following attributes:
The **Certificate** element can have the following attributes.
- **File**
Path to a file containing one or more certificates.
Where the certificate(s) can be encoded as:
- single certificate
- p7b
- sst.
These files can also be Base64 formatted.
All **Site** elements included in the same **PinRule** element can match any of these certificates.
**Required?** Yes (File, Directory or Base64 must be present).
- **Directory**
Path to a directory containing one or more of the above certificate files.
Skips any files not containing any certificates.
**Required?** Yes (File, Directory or Base64 must be present).
- **Base64**
Base64 encoded certificate(s).
Where the certificate(s) can be encoded as:
- single certificate
- p7b
- sst.
This allows the certificates to be included in the XML file without a file directory dependency.
> [!Note]
> You can use **certutil -encode** to a .cer file into base64. You can then use Notepad to copy and paste the base64 encoded certificate into the pin rule.
**Required?** Yes (File, Directory or Base64 must be present).
- **EndDate**
Enables you to configure an expiration date for when the certificate is no longer valid in the pin rule.
If you are in the process of switching to a new root or CA, you can set the **EndDate** to allow matching of this elements certificates.
If the current time is past the **EndDate**, then, when creating the certificate trust list (CTL), the parser outputs a warning message and exclude the certificate(s) from the Pin Rule in the generated CTL.
For help with formatting Pin Rules, see [Representing a Date in XML](#representing-a-date-in-xml).
**Required?** No.
| Attribute | Description | Required |
|-----------|-------------|----------|
| **File** | Path to a file containing one or more certificates. Where the certificate(s) can be encoded as: <br>- single certificate <br>- p7b <br>- sst <br> These files can also be Base64 formatted. All **Site** elements included in the same **PinRule** element can match any of these certificates. | Yes (File, Directory or Base64 must be present). |
| **Directory** | Path to a directory containing one or more of the above certificate files. Skips any files not containing any certificates. | Yes (File, Directory or Base64 must be present). |
| **Base64** | Base64 encoded certificate(s). Where the certificate(s) can be encoded as: <br>- single certificate <br>- p7b <br> - sst <br> This allows the certificates to be included in the XML file without a file directory dependency. <br> Note: <br> You can use **certutil -encode** to convert a .cer file into base64. You can then use Notepad to copy and paste the base64 encoded certificate into the pin rule. | Yes (File, Directory or Base64 must be present). |
| **EndDate** | Enables you to configure an expiration date for when the certificate is no longer valid in the pin rule. <br>If you are in the process of switching to a new root or CA, you can set the **EndDate** to allow matching of this elements certificates.<br> If the current time is past the **EndDate**, then, when creating the certificate trust list (CTL), the parser outputs a warning message and exclude the certificate(s) from the Pin Rule in the generated CTL.<br> For help with formatting Pin Rules, see [Representing a Date in XML](#representing-a-date-in-xml).| No.|
#### Site element
The **Site** element can have the following attributes:
The **Site** element can have the following attributes.
- **Domain**
Contains the DNS name to be matched for this pin rule.
When creating the certificate trust list, the parser normalizes the input name string value as follows:
- If the DNS name has a leading "*" it is removed.
- Non-ASCII DNS name are converted to ASCII Puny Code.
- Upper case ASCII characters are converted to lower case.
If the normalized name has a leading ".", then, wildcard left hand label matching is enabled.
For example, ".xyz.com" would match "abc.xyz.com".
**Required?** Yes.
- **AllSubdomains**
By default, wildcard left hand label matching is restricted to a single left hand label.
This attribute can be set to "true" to enable wildcard matching of all of the left hand labels.
For example, setting this attribute would also match "123.abc.xyz.com" for the ".xyz.com" domain value.
**Required?** No.
| Attribute | Description | Required |
|-----------|-------------|----------|
| **Domain** | Contains the DNS name to be matched for this pin rule. When creating the certificate trust list, the parser normalizes the input name string value as follows: <br>- If the DNS name has a leading "*" it is removed. <br>- Non-ASCII DNS name are converted to ASCII Puny Code. <br>- Upper case ASCII characters are converted to lower case. <br>If the normalized name has a leading ".", then, wildcard left hand label matching is enabled. For example, ".xyz.com" would match "abc.xyz.com". | Yes.|
| **AllSubdomains** | By default, wildcard left hand label matching is restricted to a single left hand label. This attribute can be set to "true" to enable wildcard matching of all of the left-hand labels.<br>For example, setting this attribute would also match "123.abc.xyz.com" for the ".xyz.com" domain value.| No.|
### Create a Pin Rules Certificate Trust List
@ -289,9 +189,12 @@ Sign-in to the reference computer using domain administrator equivalent credenti
8. Right-click the **Registry** node and click **New**.
9. In the **New Registry Properties** dialog box, select **Update** from the **Action** list. Select **HKEY_LOCAL_MACHINE** from the **Hive** list.
10. For the **Key Path**, click **…** to launch the **Registry Item Browser**. Navigate to the following registry key and select the **PinRules** registry value name:
HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType0\CertDllCreateCertificateChainEngine\Config
Click **Select** to close the **Registry Item Browser**.
11. The **Key Path** should contain the selected registry key. The **Value name** configuration should contain the registry value name **_PinRules_**. **Value type** should read **_REGBINARY_** and **Value data** should contain a long series of numbers from 0-9 and letters ranging from A-F (hexadecimal). Click **OK** to save your settings and close the dialog box.
11. The **Key Path** should contain the selected registry key. The **Value name** configuration should contain the registry value name **_PinRules_**. **Value type** should read **_REG\_BINARY_** and **Value data** should contain a long series of numbers from 0-9 and letters ranging from A-F (hexadecimal). Click **OK** to save your settings and close the dialog box.
![PinRules Properties](images/enterprise-certificate-pinning-pinrules-properties.png)
@ -302,10 +205,6 @@ Sign-in to the reference computer using domain administrator equivalent credenti
To assist in constructing certificate pinning rules, you can configure the **PinRulesLogDir** setting under the certificate chain configuration registry key to include a parent directory to log pin rules.
```code
HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType0\CertDllCreateCertificateChainEngine\Config
```
| Name | Value |
|------|-------|
| Key | HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType0\CertDllCreateCertificateChainEngine\Config |

2
windows/client-management/TOC.md
View File

@ -9,5 +9,5 @@
## [Reset a Windows 10 Mobile device](reset-a-windows-10-mobile-device.md)
## [Windows 10 Mobile deployment and management guide](windows-10-mobile-and-mdm.md)
## [Windows libraries](windows-libraries.md)
## [Mobile Device Management](mdm/index.md)
## [Mobile device management protocol](mdm/index.md)
## [Change history for Client management](change-history-for-client-management.md)

2
windows/client-management/join-windows-10-mobile-to-azure-active-directory.md
View File

@ -191,7 +191,7 @@ To see the Notebooks that your Azure AD account has access to, tap **More Notebo
## Use Windows Store for Business
[Windows Store for Business](/microsoft-store/index) allows you to specify applications to be available to your users in the Windows Store application. These applications show up on a tab titled for your company. Applications approved in the Windows Store for Business portal can be installed by users.
[Microsoft Store for Business](/microsoft-store/index) allows you to specify applications to be available to your users in the Windows Store application. These applications show up on a tab titled for your company. Applications approved in the Microsoft Store for Business portal can be installed by users.
![company tab on store](images/aadjwsfb.jpg)

2
windows/client-management/mdm/TOC.md
View File

@ -141,6 +141,8 @@
#### [EnterpriseModernAppManagement DDF](enterprisemodernappmanagement-ddf.md)
#### [EnterpriseModernAppManagement XSD](enterprisemodernappmanagement-xsd.md)
### [FileSystem CSP](filesystem-csp.md)
### [Firewall CSP](firewall-csp.md)
#### [Firewall DDF file](firewall-ddf-file.md)
### [HealthAttestation CSP](healthattestation-csp.md)
#### [HealthAttestation DDF](healthattestation-ddf.md)
### [HotSpot CSP](hotspot-csp.md)

1
windows/client-management/mdm/activesync-csp.md
View File

@ -3,7 +3,6 @@ title: ActiveSync CSP
description: ActiveSync CSP
ms.assetid: c65093ef-bd36-4f32-9dab-edb7bcfb3188
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/activesync-ddf-file.md
View File

@ -3,7 +3,6 @@ title: ActiveSync DDF file
description: ActiveSync DDF file
ms.assetid: c4cd4816-ad8f-45b2-9b81-8abb18254096
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/add-an-azure-ad-tenant-and-azure-ad-subscription.md
View File

@ -3,7 +3,6 @@ title: Add an Azure AD tenant and Azure AD subscription
description: Here's a step-by-step guide to adding an Azure Active Directory tenant, adding an Azure AD subscription, and registering your subscription.
ms.assetid: 36D94BEC-A6D8-47D2-A547-EBD7B7D163FA
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/alljoynmanagement-csp.md
View File

@ -3,7 +3,6 @@ title: AllJoynManagement CSP
description: The AllJoynManagement configuration service provider (CSP) allows an IT administrator to enumerate the AllJoyn devices that are connected to the AllJoyn bus.
ms.assetid: 468E0EE5-EED3-48FF-91C0-89F9D159AA8C
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/alljoynmanagement-ddf.md
View File

@ -3,7 +3,6 @@ title: AllJoynManagement DDF
description: AllJoynManagement DDF
ms.assetid: 540C2E60-A041-4749-A027-BBAF0BB046E4
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/application-csp.md
View File

@ -3,7 +3,6 @@ title: APPLICATION configuration service provider
description: APPLICATION configuration service provider
ms.assetid: 0705b5e9-a1e7-4d70-a73d-7f758ffd8099
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/applicationrestrictions-xsd.md
View File

@ -3,7 +3,6 @@ title: ApplicationRestrictions XSD
description: Here's the XSD for the ApplicationManagement/ApplicationRestrictions policy.
ms.assetid: A5AA2B59-3736-473E-8F70-A90FD61EE426
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/applocker-csp.md
View File

@ -3,7 +3,6 @@ title: AppLocker CSP
description: AppLocker CSP
ms.assetid: 32FEA2C9-3CAD-40C9-8E4F-E3C69637580F
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/applocker-ddf-file.md
View File

@ -3,7 +3,6 @@ title: AppLocker DDF file
description: AppLocker DDF file
ms.assetid: 79E199E0-5454-413A-A57A-B536BDA22496
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/applocker-xsd.md
View File

@ -3,7 +3,6 @@ title: AppLocker XSD
description: Here's the XSD for the AppLocker CSP.
ms.assetid: 70CF48DD-AD7D-4BCF-854F-A41BFD95F876
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/appv-deploy-and-config.md
View File

@ -2,7 +2,6 @@
title: Deploy and configure App-V apps using MDM
description: Deploy and configure App-V apps using MDM
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/assign-seats.md
View File

@ -3,7 +3,6 @@ title: Assign seat
description: The Assign seat operation assigns seat for a specified user in the Windows Store for Business.
ms.assetid: B42BF490-35C9-405C-B5D6-0D9F0E377552
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/assignedaccess-csp.md
View File

@ -3,7 +3,6 @@ title: AssignedAccess CSP
description: The AssignedAccess configuration service provider (CSP) is used set the device to run in kiosk mode.
ms.assetid: 421CC07D-6000-48D9-B6A3-C638AAF83984
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/assignedaccess-ddf.md
View File

@ -3,7 +3,6 @@ title: AssignedAccess DDF
description: AssignedAccess DDF
ms.assetid: 224FADDB-0EFD-4E5A-AE20-1BD4ABE24306
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/azure-active-directory-integration-with-mdm.md
View File

@ -3,7 +3,6 @@ title: Azure Active Directory integration with MDM
description: Azure Active Directory is the world largest enterprise cloud identity management service.
ms.assetid: D03B0765-5B5F-4C7B-9E2B-18E747D504EE
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

3
windows/client-management/mdm/bitlocker-csp.md
View File

@ -2,7 +2,6 @@
title: BitLocker CSP
description: BitLocker CSP
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows
@ -672,7 +671,7 @@ The following example is provided to show proper format and should not be taken
<CmdID>110</CmdID>
<Item>
<Target>
<LocURI>./Device/Vendor/MSFT/BitLocker/DisableWarningForOtherDiskEncryption</LocURI>
<LocURI>./Device/Vendor/MSFT/BitLocker/AllowWarningForOtherDiskEncryption</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">int</Format>

1
windows/client-management/mdm/bitlocker-ddf-file.md
View File

@ -2,7 +2,6 @@
title: BitLocker DDF file
description: BitLocker DDF file
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/bootstrap-csp.md
View File

@ -3,7 +3,6 @@ title: BOOTSTRAP CSP
description: BOOTSTRAP CSP
ms.assetid: b8acbddc-347f-4543-a45b-ad2ffae3ffd0
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/browserfavorite-csp.md
View File

@ -3,7 +3,6 @@ title: BrowserFavorite CSP
description: BrowserFavorite CSP
ms.assetid: 5d2351ff-2d6a-4273-9b09-224623723cbf
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/bulk-assign-and-reclaim-seats-from-user.md
View File

@ -3,7 +3,6 @@ title: Bulk assign and reclaim seats from users
description: The Bulk assign and reclaim seats from users operation returns reclaimed or assigned seats in the Windows Store for Business.
ms.assetid: 99E2F37D-1FF3-4511-8969-19571656780A
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md
View File

@ -6,7 +6,6 @@ MS-HAID:
- 'p\_phDeviceMgmt.bulk\_enrollment\_using\_Windows\_provisioning\_tool'
ms.assetid: DEB98FF3-CC5C-47A1-9277-9EF939716C87
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/cellularsettings-csp.md
View File

@ -3,7 +3,6 @@ title: CellularSettings CSP
description: CellularSettings CSP
ms.assetid: ce8b6f16-37ca-4aaf-98b0-306d12e326df
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/certificate-authentication-device-enrollment.md
View File

@ -3,7 +3,6 @@ title: Certificate authentication device enrollment
description: This section provides an example of the mobile device enrollment protocol using certificate authentication policy.
ms.assetid: 57DB3C9E-E4C9-4275-AAB5-01315F9D3910
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/certificate-renewal-windows-mdm.md
View File

@ -6,7 +6,6 @@ MS-HAID:
- 'p\_phDeviceMgmt.certificate\_renewal\_windows\_mdm'
ms.assetid: F910C50C-FF67-40B0-AAB0-CA7CE02A9619
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/certificatestore-csp.md
View File

@ -3,7 +3,6 @@ title: CertificateStore CSP
description: CertificateStore CSP
ms.assetid: 0fe28629-3cc3-42a0-91b3-3624c8462fd3
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/certificatestore-ddf-file.md
View File

@ -3,7 +3,6 @@ title: CertificateStore DDF file
description: This topic shows the OMA DM device description framework (DDF) for the CertificateStore configuration service provider. DDF files are used only with OMA DM provisioning XML.
ms.assetid: D9A12D4E-3122-45C3-AD12-CC4FFAEC08B8
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/cleanpc-csp.md
View File

@ -2,7 +2,6 @@
title: CleanPC CSP
description: The CleanPC configuration service provider (CSP) allows removal of user-installed and pre-installed applications, with the option to persist user data. This CSP was added in Windows 10, version 1703.
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/cleanpc-ddf.md
View File

@ -3,7 +3,6 @@ title: CleanPC DDF
description: This topic shows the OMA DM device description framework (DDF) for the CleanPC configuration service provider. DDF files are used only with OMA DM provisioning XML.
ms.assetid: A2182898-1577-4675-BAE5-2A3A9C2AAC9B
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/clientcertificateinstall-csp.md
View File

@ -3,7 +3,6 @@ title: ClientCertificateInstall CSP
description: ClientCertificateInstall CSP
ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/clientcertificateinstall-ddf-file.md
View File

@ -3,7 +3,6 @@ title: ClientCertificateInstall DDF file
description: ClientCertificateInstall DDF file
ms.assetid: 7F65D045-A750-4CDE-A1CE-7D152AA060CA
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/cm-cellularentries-csp.md
View File

@ -3,7 +3,6 @@ title: CM\_CellularEntries CSP
description: CM\_CellularEntries CSP
ms.assetid: f8dac9ef-b709-4b76-b6f5-34c2e6a3c847
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/cm-proxyentries-csp.md
View File

@ -3,7 +3,6 @@ title: CM\_ProxyEntries CSP
description: CM\_ProxyEntries CSP
ms.assetid: f4c3dc71-c85a-4c68-9ce9-19f408ff7a0a
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/cmpolicy-csp.md
View File

@ -3,7 +3,6 @@ title: CMPolicy CSP
description: CMPolicy CSP
ms.assetid: 62623915-9747-4eb1-8027-449827b85e6b
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/cmpolicyenterprise-csp.md
View File

@ -3,7 +3,6 @@ title: CMPolicyEnterprise CSP
description: CMPolicyEnterprise CSP
ms.assetid: A0BE3458-ABED-4F80-B467-F842157B94BF
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/cmpolicyenterprise-ddf-file.md
View File

@ -3,7 +3,6 @@ title: CMPolicyEnterprise DDF file
description: CMPolicyEnterprise DDF file
ms.assetid: 065EF07A-0CF3-4EE5-B620-3464A75B7EED
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

90
windows/client-management/mdm/configuration-service-provider-reference.md
View File

@ -3,7 +3,6 @@ title: Configuration service provider reference
description: A configuration service provider (CSP) is an interface to read, set, modify, or delete configuration settings on the device.
ms.assetid: 71823658-951f-4163-9c40-c4d4adceaaec
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows
@ -14,7 +13,13 @@ author: nickbrower
A configuration service provider (CSP) is an interface to read, set, modify, or delete configuration settings on the device. These settings map to registry keys or files. Some configuration service providers support the WAP format, some support SyncML, and some support both. SyncML is only used overtheair for Open Mobile Alliance Device Management (OMA DM), whereas WAP can be used overtheair for OMA Client Provisioning, or it can be included in the phone image as a .provxml file that is installed during boot.
For information about the bridge WMI provider classes that map to these CSPs, see [MDM Bridge WMI Provider](https://msdn.microsoft.com/library/windows/hardware/dn905224). See the [list of CSPs supported in Windows Holographic](#hololens) and the [list of CSPs supported in Microsoft Surface Hub ](#surfacehubcspsupport) for additional information.
For information about the bridge WMI provider classes that map to these CSPs, see [MDM Bridge WMI Provider](https://msdn.microsoft.com/library/windows/hardware/dn905224).
Additional lists:
- [List of CSPs supported in Windows Holographic](#hololens)
- [List of CSPs supported in Microsoft Surface Hub ](#surfacehubcspsupport)
- [List of CSPs supported in Windows 10 IoT Core](#iotcoresupport)
- [List of CSPs supported in Windows 10 S](#windows10s)
The following tables show the configuration service providers support in Windows 10.
@ -1143,6 +1148,34 @@ The following tables show the configuration service providers support in Windows
<!--EndSKU-->
<!--EndCSP-->
<!--StartCSP-->
[Firewall CSP](firewall-csp.md)
<!--StartSKU-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
<th>Mobile Enterprise</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--EndSKU-->
<!--EndCSP-->
<!--StartCSP-->
[HealthAttestation CSP](healthattestation-csp.md)
@ -2427,4 +2460,55 @@ Footnotes:
- [RootCATrustedCertificates CSP](rootcacertificates-csp.md)
- [Update CSP](update-csp.md)
- [VPNv2 CSP](vpnv2-csp.md)
- [WiFi CSP](wifi-csp.md)
- [WiFi CSP](wifi-csp.md)
## <a href="" id="windows10s"></a>CSPs supported in Windows 10 S
The CSPs supported in Windows 10 S is the same as in Windows 10 Pro except that Office CSP and EnterpriseDesktop CSP are not available in Windows 10 S. Here is the list:
- [ActiveSync CSP](activesync-csp.md)
- [APPLICATION CSP](application-csp.md)
- [AppLocker CSP](applocker-csp.md)
- [BOOTSTRAP CSP](bootstrap-csp.md)
- [CellularSettings CSP](cellularsettings-csp.md)
- [CertificateStore CSP](certificatestore-csp.md)
- [ClientCertificateInstall CSP](clientcertificateinstall-csp.md)
- [CM_CellularEntries CSP](cm-cellularentries-csp.md)
- [Defender CSP](defender-csp.md)
- [DevDetail CSP](devdetail-csp.md)
- [DeviceManageability CSP](devicemanageability-csp.md)
- [DeviceStatus CSP](devicestatus-csp.md)
- [DevInfo CSP](devinfo-csp.md)
- [DiagnosticLog CSP](diagnosticlog-csp.md)
- [DMAcc CSP](dmacc-csp.md)
- [DMClient CSP](dmclient-csp.md)
- [EMAIL2 CSP](email2-csp.md)
- [EnterpriseAPN CSP](enterpriseapn-csp.md)
- [EnterpriseDataProtection CSP](enterprisedataprotection-csp.md)
- [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md)
- [HealthAttestation CSP](healthattestation-csp.md)
- [NAP CSP](nap-csp.md)
- [NAPDEF CSP](napdef-csp.md)
- [NetworkProxy CSP](networkproxy-csp.md)
- [NodeCache CSP](nodecache-csp.md)
- [PassportForWork CSP](passportforwork-csp.md)
- [Policy CSP](policy-configuration-service-provider.md)
- [Provisioning CSP](provisioning-csp.md)
- [PROXY CSP](proxy-csp.md)
- [PXLOGICAL CSP](pxlogical-csp.md)
- [Reboot CSP](reboot-csp.md)
- [RemoteFind CSP](remotefind-csp.md)
- [RemoteWipe CSP](remotewipe-csp.md)
- [Reporting CSP](reporting-csp.md)
- [RootCATrustedCertificates CSP](rootcacertificates-csp.md)
- [SecureAssessment CSP](secureassessment-csp.md)
- [SecurityPolicy CSP](securitypolicy-csp.md)
- [SharedPC CSP](sharedpc-csp.md)
- [Storage CSP](storage-csp.md)
- [SUPL CSP](supl-csp.md)
- [Update CSP](update-csp.md)
- [VPNv2 CSP](vpnv2-csp.md)
- [WiFi CSP](wifi-csp.md)
- [Win32AppInventory CSP](win32appinventory-csp.md)
- [WindowsAdvancedThreatProtection CSP](windowsadvancedthreatprotection-csp.md)
- [WindowsLicensing CSP](windowslicensing-csp.md)

1
windows/client-management/mdm/create-a-custom-configuration-service-provider.md
View File

@ -3,7 +3,6 @@ title: Create a custom configuration service provider
description: Create a custom configuration service provider
ms.assetid: 0cb37f03-5bf2-4451-8276-23f4a1dee33f
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/customdeviceui-csp.md
View File

@ -3,7 +3,6 @@ title: CustomDeviceUI CSP
description: CustomDeviceUI CSP
ms.assetid: 20ED1867-7B9E-4455-B397-53B8B15C95A3
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/customdeviceui-ddf.md
View File

@ -3,7 +3,6 @@ title: CustomDeviceUI DDF
description: CustomDeviceUI DDF
ms.assetid: E6D6B902-C57C-48A6-9654-CCBA3898455E
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/data-structures-windows-store-for-business.md
View File

@ -6,7 +6,6 @@ MS-HAID:
ms.assetid: ABE44EC8-CBE5-4775-BA8A-4564CB73531B
description:
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/defender-csp.md
View File

@ -3,7 +3,6 @@ title: Defender CSP
description: Defender CSP
ms.assetid: 481AA74F-08B2-4A32-B95D-5A3FD05B335C
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/defender-ddf.md
View File

@ -3,7 +3,6 @@ title: Defender DDF file
description: Defender DDF file
ms.assetid: 39B9E6CF-4857-4199-B3C3-EC740A439F65
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/design-a-custom-windows-csp.md
View File

@ -6,7 +6,6 @@ MS-HAID:
- 'p\_phDeviceMgmt.design\_a\_custom\_windows\_csp'
ms.assetid: 0fff9516-a71a-4036-a57b-503ef1a81a37
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/devdetail-csp.md
View File

@ -3,7 +3,6 @@ title: DevDetail CSP
description: DevDetail CSP
ms.assetid: 719bbd2d-508d-439b-b175-0874c7e6c360
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/devdetail-ddf-file.md
View File

@ -3,7 +3,6 @@ title: DevDetail DDF file
description: DevDetail DDF file
ms.assetid: 645fc2b5-2d2c-43b1-9058-26bedbe9f00d
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/developersetup-csp.md
View File

@ -3,7 +3,6 @@ title: DeveloperSetup CSP
description: The DeveloperSetup configuration service provider (CSP) is used to configure developer mode on the device. This CSP was added in the next major update of Windows 10.
ms.assetid:
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/developersetup-ddf.md
View File

@ -3,7 +3,6 @@ title: DeveloperSetup DDF file
description: This topic shows the OMA DM device description framework (DDF) for the DeveloperSetup configuration service provider. This CSP was added in Windows 10, version 1703.
ms.assetid:
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/device-update-management.md
View File

@ -3,7 +3,6 @@ title: Device update management
description: In the current device landscape of PC, tablets, phones, and IoT devices, the Mobile Device Management (MDM) solutions are becoming prevalent as a lightweight device management technology.
ms.assetid: C27BAEE7-2890-4FB7-9549-A6EACC790777
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/deviceinstanceservice-csp.md
View File

@ -3,7 +3,6 @@ title: DeviceInstanceService CSP
description: DeviceInstanceService CSP
ms.assetid: f113b6bb-6ce1-45ad-b725-1b6610721e2d
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/devicelock-csp.md
View File

@ -3,7 +3,6 @@ title: DeviceLock CSP
description: DeviceLock CSP
ms.assetid: 9a547efb-738e-4677-95d3-5506d350d8ab
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/devicelock-ddf-file.md
View File

@ -3,7 +3,6 @@ title: DeviceLock DDF file
description: DeviceLock DDF file
ms.assetid: 46a691b9-6350-4987-bfc7-f8b1eece3ad9
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/devicemanageability-csp.md
View File

@ -3,7 +3,6 @@ title: DeviceManageability CSP
description: The DeviceManageability configuration service provider (CSP) is used retrieve the general information about MDM configuration capabilities on the device. This CSP was added in Windows 10, version 1607.
ms.assetid: FE563221-D5B5-4EFD-9B60-44FE4066B0D2
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/devicemanageability-ddf.md
View File

@ -3,7 +3,6 @@ title: DeviceManageability DDF
description: This topic shows the OMA DM device description framework (DDF) for the DeviceManageability configuration service provider. This CSP was added in Windows 10, version 1607.
ms.assetid: D7FA8D51-95ED-40D2-AA84-DCC4BBC393AB
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/devicestatus-csp.md
View File

@ -3,7 +3,6 @@ title: DeviceStatus CSP
description: The DeviceStatus configuration service provider is used by the enterprise to keep track of device inventory and query the state of compliance of these devices with their enterprise policies.
ms.assetid: 039B2010-9290-4A6E-B77B-B2469B482360
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/devicestatus-ddf.md
View File

@ -3,7 +3,6 @@ title: DeviceStatus DDF
description: This topic shows the OMA DM device description framework (DDF) for the DeviceStatus configuration service provider. DDF files are used only with OMA DM provisioning XML.
ms.assetid: 780DC6B4-48A5-4F74-9F2E-6E0D88902A45
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/devinfo-csp.md
View File

@ -3,7 +3,6 @@ title: DevInfo CSP
description: DevInfo CSP
ms.assetid: d3eb70db-1ce9-4c72-a13d-651137c1713c
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/devinfo-ddf-file.md
View File

@ -3,7 +3,6 @@ title: DevInfo DDF file
description: DevInfo DDF file
ms.assetid: beb07cc6-4133-4c0f-aa05-64db2b4a004f
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md
View File

@ -3,7 +3,6 @@ title: Diagnose MDM failures in Windows 10
description: To help diagnose enrollment or device management issues in Windows 10 devices managed by an MDM server, you can examine the MDM logs collected from the desktop or mobile device. The following sections describe the procedures for collecting MDM logs.
ms.assetid: 12D8263B-D839-4B19-9346-31E0CDD0CBF9
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/diagnosticlog-csp.md
View File

@ -3,7 +3,6 @@ title: DiagnosticLog CSP
description: DiagnosticLog CSP
ms.assetid: F76E0056-3ACD-48B2-BEA1-1048C96571C3
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/diagnosticlog-ddf.md
View File

@ -3,7 +3,6 @@ title: DiagnosticLog DDF
description: DiagnosticLog DDF
ms.assetid: 9DD75EDA-5913-45B4-9BED-20E30CDEBE16
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md
View File

@ -6,7 +6,6 @@ MS-HAID:
- 'p\_phDeviceMgmt.disconnecting\_from\_mdm\_unenrollment'
ms.assetid: 33B2B248-631B-451F-B534-5DA095C4C8E8
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/dmacc-csp.md
View File

@ -3,7 +3,6 @@ title: DMAcc CSP
description: DMAcc CSP
ms.assetid: 43e73d8a-6617-44e7-8459-5c96f4422e63
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/dmacc-ddf-file.md
View File

@ -3,7 +3,6 @@ title: DMAcc DDF file
description: DMAcc DDF file
ms.assetid: 44dc99aa-2a85-498b-8f52-a81863765606
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/dmclient-csp.md
View File

@ -3,7 +3,6 @@ title: DMClient CSP
description: The DMClient configuration service provider is used to specify additional enterprise-specific mobile device management configuration settings for identifying the device in the enterprise domain, security mitigation for certificate renewal, and server-triggered enterprise unenrollment.
ms.assetid: a5cf35d9-ced0-4087-a247-225f102f2544
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/dmclient-ddf-file.md
View File

@ -3,7 +3,6 @@ title: DMClient DDF file
description: DMClient DDF file
ms.assetid: A21B33AF-DB76-4059-8170-FADF2CB898A0
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/dmprocessconfigxmlfiltered.md
View File

@ -13,7 +13,6 @@ api_location:
api_type:
- DllExport
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/dmsessionactions-csp.md
View File

@ -2,7 +2,6 @@
title: DMSessionActions CSP
description: DMSessionActions CSP
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/dmsessionactions-ddf.md
View File

@ -2,7 +2,6 @@
title: DMSessionActions DDF file
description: DMSessionActions DDF file
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/dynamicmanagement-csp.md
View File

@ -2,7 +2,6 @@
title: DynamicManagement CSP
description: DynamicManagement CSP
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/dynamicmanagement-ddf.md
View File

@ -3,7 +3,6 @@ title: DynamicManagement DDF file
description: DynamicManagement DDF file
ms.assetid: 7e266db0-2fd9-4412-b428-4550f41a1738
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/eap-configuration.md
View File

@ -3,7 +3,6 @@ title: EAP configuration
description: The topic provides a step-by-step guide for creating an Extensible Authentication Protocol (EAP) configuration XML for the VPN profile and information about EAP certificate filtering in Windows 10.
ms.assetid: DD3F2292-4B4C-4430-A57F-922FED2A8FAE
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/email2-csp.md
View File

@ -3,7 +3,6 @@ title: EMAIL2 CSP
description: EMAIL2 CSP
ms.assetid: bcfc9d98-bc2e-42c6-9b81-0b5bf65ce2b8
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/email2-ddf-file.md
View File

@ -3,7 +3,6 @@ title: EMAIL2 DDF file
description: EMAIL2 DDF file
ms.assetid: 7e266db0-2fd9-4412-b428-4550f41a1738
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md
View File

@ -3,7 +3,6 @@ title: Enable offline upgrades to Windows 10 for Windows Embedded 8.1 Handheld d
description: Like any Windows devices, Windows 10 Mobile devices use Microsoft Update by default to download updates over the Internet.
ms.assetid: ED3DAF80-847C-462B-BDB1-486577906772
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/enterprise-app-management.md
View File

@ -3,7 +3,6 @@ title: Enterprise app management
description: This topic covers one of the key mobile device management (MDM) features in Windows 10 for managing the lifecycle of apps across all of Windows.
ms.assetid: 225DEE61-C3E3-4F75-BC79-5068759DFE99
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/enterpriseapn-csp.md
View File

@ -3,7 +3,6 @@ title: EnterpriseAPN CSP
description: The EnterpriseAPN configuration service provider is used by the enterprise to provision an APN for the Internet.
ms.assetid: E125F6A5-EE44-41B1-A8CC-DF295082E6B2
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/enterpriseapn-ddf.md
View File

@ -3,7 +3,6 @@ title: EnterpriseAPN DDF
description: EnterpriseAPN DDF
ms.assetid: A953ADEF-4523-425F-926C-48DA62EB9E21
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/enterpriseappmanagement-csp.md
View File

@ -3,7 +3,6 @@ title: EnterpriseAppManagement CSP
description: EnterpriseAppManagement CSP
ms.assetid: 698b8bf4-652e-474b-97e4-381031357623
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/enterpriseappvmanagement-csp.md
View File

@ -2,7 +2,6 @@
title: EnterpriseAppVManagement CSP
description: EnterpriseAppVManagement CSP
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/enterpriseappvmanagement-ddf.md
View File

@ -2,7 +2,6 @@
title: EnterpriseAppVManagement DDF file
description: EnterpriseAppVManagement DDF file
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

756
windows/client-management/mdm/enterpriseassignedaccess-csp.md
View File

@ -3,7 +3,6 @@ title: EnterpriseAssignedAccess CSP
description: EnterpriseAssignedAccess CSP
ms.assetid: 5F88E567-77AA-4822-A0BC-3B31100639AA
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows
@ -17,9 +16,8 @@ The EnterpriseAssignedAccess configuration service provider allows IT administra
> **Note**   The EnterpriseAssignedAccess CSP is only supported in Windows 10 Mobile.
 
For more information about how to interact with the lockdown XML at runtime, see [**DeviceLockdownProfile class**](https://msdn.microsoft.com/library/windows/hardware/mt186983).
To use an app to create a lockdown XML see [Use the Lockdown Designer app to create a Lockdown XML file](https://docs.microsoft.com/en-us/windows/configuration/mobile-devices/mobile-lockdown-designer). For more information about how to interact with the lockdown XML at runtime, see [**DeviceLockdownProfile class**](https://msdn.microsoft.com/library/windows/hardware/mt186983).
The following diagram shows the EnterpriseAssignedAccess configuration service provider in tree format as used by both the Open Mobile Alliance (OMA) Device Management (DM) and OMA Client Provisioning.
@ -45,137 +43,103 @@ When using the AssignedAccessXml in the EnterpriseAssignedAccess CSP through an
When using the AssignedAccessXml in a provisioning package using the Windows Imaging and Configuration Designer (ICD) tool, do not use escaped characters.
 
Entry | Description
----------- | ------------
ActionCenter | You can enable or disable the Action Center (formerly known as Notification Center) on the device. Set to true to enable the Action Center, or set to false to disable the Action Center.
ActionCenter | Example: `<ActionCenter enabled="true"></ActionCenter>`
ActionCenter | In Windows 10, when the Action Center is disabled, Above Lock notifications and toasts are also disabled. When the Action Center is enabled, the following policies are also enabled; **AboveLock/AllowActionCenterNotifications** and **AboveLock/AllowToasts**. For more information about these policies, see [Policy CSP](policy-configuration-service-provider.md)
ActionCenter | You can also add the following optional attributes to the ActionCenter element to override the default behavior: **aboveLockToastEnabled** and **actionCenterNotificationEnabled**. Valid values are 0 (policy disabled), 1 (policy enabled), and -1 (not set, policy enabled). In this example, the Action Center is enabled and both policies are disabled.: `<ActionCenter enabled="true" aboveLockToastEnabled="0" actionCenterNotificationEnabled="0"/>`
ActionCenter | These optional attributes are independent of each other. In this example, Action Center is enabled, the notifications policy is disabled, and the toast policy is enabled by default because it is not set. `<ActionCenter enabled="true" actionCenterNotificationEnabled="0"/>`
StartScreenSize | Specify the size of the Start screen. In addition to 4/6 columns, you can also use 4/6/8 depending on screen resolutions. Valid values: **Small** - sets the width to 4 columns on device with short axis &lt;400epx or 6 columns on devices with short axis &gt;=400epx. **Large** - sets the width to 6 columns on devices with short axis &lt;400epx or 8 columns on devices with short axis &gt;=400epx.
StartScreenSize | If you have existing lockdown XML, you must update it if your device has &gt;=400epx on its short axis so that tiles on Start can fill all 8 columns if you want to use all 8 columns instead of 6, or use 6 columns instead of 4. Example: `<StartScreenSize>Large</StartScreenSize>`
Application | Provide the product ID for each app that will be available on the device. You can find the product ID for a locally developed app in the AppManifest.xml file of the app. For the list of product ID and AUMID see [ProductIDs in Windows 10 Mobile](#productid).
Application | To turn on the notification for a Windows app, you must include the application's AUMID in the lockdown XML. However, the user can change the setting at any time from user interface. Example: `<Application productId="{A558FEBA-85D7-4665-B5D8-A2FF9C19799B}" aumid="microsoft.windowscommunicationsapps_8wekyb3d8bbwe!microsoft.windowslive.mail"/>`
Application | <img src="images/enterpriseassignedaccess-csp.png" alt="modern app notification" />
Application | Include PinToStart to display an app on the Start screen. For apps pinned to the Start screen, identify a tile size (small, medium, or large), and a location. The size of a small tile is 1 column x 1 row, a medium tile is 2 x 2, and a large tile is 4 x 2. For the tile location, the first value indicates the column and the second value indicates the row. A value of 0 (zero) indicates the first column, a value of 1 indicates the second column, and so on. Include autoRun as an attribute to configure the application to run automatically.
Application example:
``` syntax
<Application productId="{2A4E62D8-8809-4787-89F8-69D0F01654FB}" autoRun="true">
<PinToStart>
<Size>Large</Size>
<Location>
<LocationX>0</LocationX>
<LocationY>2</LocationY>
</Location>
</PinToStart>
</Application>
```
Entry | Description
----------- | ------------
Application | Multiple App Packages enable multiple apps to exist inside the same package. Since ProductIds identify packages and not applications, specifying a ProductId is not enough to distinguish between individual apps inside a multiple app package. Trying to include application from a multiple app package with just a ProductId can result in unexpected behavior. To support pinning applications in multiple app packages, use an AUMID parameter in lockdown XML. For the list of product ID and AUMID, see [ProductIDs in Windows 10 Mobile](#productid). The following example shows how to pin both Outlook mail and Outlook calendar.
Application example:
``` syntax
<Apps>
<!-- Outlook Calendar -->
<Application productId="{A558FEBA-85D7-4665-B5D8-A2FF9C19799B}"
aumid="microsoft.windowscommunicationsapps_8wekyb3d8bbwe!microsoft.windowslive.calendar">
<PinToStart>
<Size>Large</Size>
<Location>
<LocationX>1</LocationX>
<LocationY>4</LocationY>
</Location>
</PinToStart>
</Application>
<!-- Outlook Mail-->
<Application productId="{A558FEBA-85D7-4665-B5D8-A2FF9C19799B}"
aumid="microsoft.windowscommunicationsapps_8wekyb3d8bbwe!microsoft.windowslive.mail">
<PinToStart>
<Size>Large</Size>
<Location>
<LocationX>1</LocationX>
<LocationY>6</LocationY>
</Location>
</PinToStart>
</Application>
</Apps>
```
Entry | Description
----------- | ------------
Folder | A folder should be contained in &lt;Applications/&gt; node among with other &lt;Application/&gt; nodes, it shares most grammar with the Application Node, **folderId** is mandatory, **folderName** is optional, which is the folder name displayed on Start. **folderId** is a unique unsigned integer for each folder.
Folder example:
``` syntax
<Application folderId="4" folderName="foldername">
<PinToStart>
<Size>Large</Size>
<Location>
<LocationX>0</LocationX>
<LocationY>2</LocationY>
</Location>
</PinToStart>
</Application>
```
An application that belongs in the folder would add an optional attribute **ParentFolderId**, which maps to **folderId** of the folder. In this case, the location of this application will be located inside the folder.
``` syntax
<Application productId="{2A4E62D8-8809-4787-89F8-69D0F01654FB}">
<PinToStart>
<Size>Medium</Size>
<Location>
<LocationX>0</LocationX>
<LocationY>0</LocationY>
</Location>
<ParentFolderId>2</ParentFolderId>
</PinToStart>
</Application>
```
Entry | Description
----------- | ------------
Settings | Starting in Windows 10, version 1511, you can specify the following settings pages in the lockdown XML file.
> [!Important]
> Do not specify a group entry without a page entry because it will cause an undefined behavior.
<table>
<colgroup>
<col width="50%" />
<col width="50%" />
</colgroup>
<thead>
<tr class="header">
<th>Entry</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td style="vertical-align:top"><p>ActionCenter</p></td>
<td><p>You can enable or disable the Action Center (formerly known as Notification Center) on the device. Set to true to enable the Action Center, or set to false to disable the Action Center.</p>
<p>Example:</p>
<pre class="syntax" space="preserve"><code>&lt;ActionCenter enabled=&quot;true&quot;&gt;&lt;/ActionCenter&gt;</code></pre>
<p>In Windows 10, when the Action Center is disabled, Above Lock notifications and toasts are also disabled. When the Action Center is enabled, the following policies are also enabled:</p>
<ul>
<li>AboveLock/AllowActionCenterNotifications</li>
<li>AboveLock/AllowToasts</li>
</ul>
<p>For more information about these policies, see [Policy CSP](policy-configuration-service-provider.md)</p>
<p>You can also add the following optional attributes to the ActionCenter element to override the default behavior:</p>
<ul>
<li>aboveLockToastEnabled</li>
<li>actionCenterNotificationEnabled</li>
</ul>
<p>Valid values are 0 (policy disabled), 1 (policy enabled), and -1 (not set, policy enabled).</p>
<p>In this example, the Action Center is enabled and both policies are disabled.</p>
<pre class="syntax" space="preserve"><code>&lt;ActionCenter enabled=&quot;true&quot; aboveLockToastEnabled=&quot;0&quot; actionCenterNotificationEnabled=&quot;0&quot;/&gt;</code></pre>
<p>These optional attributes are independent of each other.</p>
<p>In this example, Action Center is enabled, the notifications policy is disabled, and the toast policy is enabled by default because it is not set.</p>
<pre class="syntax" space="preserve"><code>&lt;ActionCenter enabled=&quot;true&quot; actionCenterNotificationEnabled=&quot;0&quot;/&gt;</code></pre></td>
</tr>
<tr class="even">
<td style="vertical-align:top"><p>StartScreenSize</p></td>
<td><p>Specify the size of the Start screen. In addition to 4/6 columns, you can also use 4/6/8 depending on screen resolutions.</p>
<p>Valid values:</p>
<ul>
<li><strong>Small</strong> sets the width to 4 columns on device with short axis &lt;400epx or 6 columns on devices with short axis &gt;=400epx.</li>
<li><strong>Large</strong> sets the width to 6 columns on devices with short axis &lt;400epx or 8 columns on devices with short axis &gt;=400epx.</li>
</ul>
<p>If you have existing lockdown XML, you must update it if your device has &gt;=400epx on its short axis so that tiles on Start can fill all 8 columns if you want to use all 8 columns instead of 6, or use 6 columns instead of 4.</p>
<p>Example:</p>
<pre class="syntax" space="preserve"><code>&lt;StartScreenSize&gt;Large&lt;/StartScreenSize&gt;</code></pre></td>
</tr>
<tr class="odd">
<td style="vertical-align:top"><p>Application</p></td>
<td><p>Provide the product ID for each app that will be available on the device.</p>
<p>You can find the product ID for a locally developed app in the AppManifest.xml file of the app. For the list of product ID and AUMID see [ProductIDs in Windows 10 Mobile](#productid).</p>
<p>To turn on the notification for a Windows app, you must include the application's AUMID in the lockdown XML. However, the user can change the setting at any time from user interface.</p>
<pre class="syntax" space="preserve"><code>&lt;Application productId=&quot;{A558FEBA-85D7-4665-B5D8-A2FF9C19799B}&quot; aumid=&quot;microsoft.windowscommunicationsapps_8wekyb3d8bbwe!microsoft.windowslive.mail&quot;/&gt;</code></pre>
<img src="images/enterpriseassignedaccess-csp.png" alt="modern app notification" />
<p>Include PinToStart to display an app on the Start screen. For apps pinned to the Start screen, identify a tile size (small, medium, or large), and a location. The size of a small tile is 1 column x 1 row, a medium tile is 2 x 2, and a large tile is 4 x 2.</p>
<p>For the tile location, the first value indicates the column and the second value indicates the row. A value of <strong>0</strong> indicates the first column, a value of <strong>1</strong> indicates the second column, and so on.</p>
<p>Include autoRun as an attribute to configure the application to run automatically.</p>
<p>Example:</p>
<pre class="syntax" space="preserve"><code>&lt;Application productId=&quot;{2A4E62D8-8809-4787-89F8-69D0F01654FB}&quot; autoRun=&quot;true&quot;&gt;
&lt;PinToStart&gt;
&lt;Size&gt;Large&lt;/Size&gt;
&lt;Location&gt;
&lt;LocationX&gt;0&lt;/LocationX&gt;
&lt;LocationY&gt;2&lt;/LocationY&gt;
&lt;/Location&gt;
&lt;/PinToStart&gt;
&lt;/Application&gt;</code></pre>
<p>Multiple App Packages enable multiple apps to exist inside the same package. Since ProductIds identify packages and not applications, specifying a ProductId is not enough to distinguish between individual apps inside a multiple app package. Trying to include application from a multiple app package with just a ProductId can result in unexpected behavior.</p>
<p>To support pinning applications in multiple app packages, use an AUMID parameter in lockdown XML. For the list of product ID and AUMID, see [ProductIDs in Windows 10 Mobile](#productid). The following example shows how to pin both Outlook mail and Outlook calendar.</p>
<pre class="syntax" space="preserve"><code>&lt;Apps&gt;
&lt;!-- Outlook Calendar --&gt;
&lt;Application productId=&quot;{A558FEBA-85D7-4665-B5D8-A2FF9C19799B}&quot;
aumid=&quot;microsoft.windowscommunicationsapps_8wekyb3d8bbwe!microsoft.windowslive.calendar&quot;&gt;
&lt;PinToStart&gt;
&lt;Size&gt;Large&lt;/Size&gt;
&lt;Location&gt;
&lt;LocationX&gt;1&lt;/LocationX&gt;
&lt;LocationY&gt;4&lt;/LocationY&gt;
&lt;/Location&gt;
&lt;/PinToStart&gt;
&lt;/Application&gt;
&lt;!-- Outlook Mail--&gt;
&lt;Application productId=&quot;{A558FEBA-85D7-4665-B5D8-A2FF9C19799B}&quot;
aumid=&quot;microsoft.windowscommunicationsapps_8wekyb3d8bbwe!microsoft.windowslive.mail&quot;&gt;
&lt;PinToStart&gt;
&lt;Size&gt;Large&lt;/Size&gt;
&lt;Location&gt;
&lt;LocationX&gt;1&lt;/LocationX&gt;
&lt;LocationY&gt;6&lt;/LocationY&gt;
&lt;/Location&gt;
&lt;/PinToStart&gt;
&lt;/Application&gt;
&lt;/Apps&gt;</code></pre></td>
</tr>
<tr class="even">
<td style="vertical-align:top"><p>Folder</p></td>
<td><p>A folder should be contained in &lt;Applications/&gt; node among with other &lt;Application/&gt; nodes, it shares most grammar with the Application Node, <strong>folderId</strong> is mandatory, <strong>folderName</strong> is optional, which is the folder name displayed on Start. <strong>folderId</strong> is a unique unsigned integer for each folder.</p>
<p>For example:</p>
<pre class="syntax" space="preserve"><code>&lt;Application folderId=&quot;4&quot; folderName=&quot;foldername&quot;&gt;
&lt;PinToStart&gt;
&lt;Size&gt;Large&lt;/Size&gt;
&lt;Location&gt;
&lt;LocationX&gt;0&lt;/LocationX&gt;
&lt;LocationY&gt;2&lt;/LocationY&gt;
&lt;/Location&gt;
&lt;/PinToStart&gt;
&lt;/Application&gt;</code></pre>
<p>An application that belongs in the folder would add an optional attribute <strong>ParentFolderId</strong>, which maps to <strong>folderId</strong> of the folder. In this case, the location of this application will be located inside the folder.</p>
<pre class="syntax" space="preserve"><code>&lt;Application productId=&quot;{2A4E62D8-8809-4787-89F8-69D0F01654FB}&quot;&gt;
&lt;PinToStart&gt;
&lt;Size&gt;Medium&lt;/Size&gt;
&lt;Location&gt;
&lt;LocationX&gt;0&lt;/LocationX&gt;
&lt;LocationY&gt;0&lt;/LocationY&gt;
&lt;/Location&gt;
&lt;ParentFolderId&gt;2&lt;/ParentFolderId&gt;
&lt;/PinToStart&gt;
&lt;/Application&gt;</code></pre></td>
</tr>
<tr class="odd">
<td style="vertical-align:top"><p>Settings</p></td>
<td><p><strong>Settings pages</strong></p>
<p>Starting in Windows 10, version 1511, you can specify the following settings pages in the lockdown XML file.</p>
<div class="alert">
<strong>Important</strong>  Do not specify a group entry without a page entry because it will cause an undefined behavior.
</div>
<div>
 
</div>
<ul>
<li>System (main menu) - SettingsPageGroupPCSystem
<ul>
@ -279,9 +243,14 @@ aumid=&quot;microsoft.windowscommunicationsapps_8wekyb3d8bbwe!microsoft.windowsl
<li>Extensibility - SettingsPageExtensibility</li>
</ul></li>
</ul>
<p><strong>Quick action settings</strong></p>
<p>Starting in Windows 10, version 1511, you can specify the following quick action settings in the lockdown XML file. The following list shows the quick action settings and settings page dependencies (group and page). </p>
<p>Note: Only Windows 10, versions 1511 and 1607, the dependent settings group and pages are automatically added when the quick action item is specified in the lockdown XML. This statement does not apply to Windows 10, version 1703.</p>
**Quick action settings**
Starting in Windows 10, version 1511, you can specify the following quick action settings in the lockdown XML file. The following list shows the quick action settings and settings page dependencies (group and page).
> [!Note]
> Only Windows 10, versions 1511 and 1607, the dependent settings group and pages are automatically added when the quick action item is specified in the lockdown XML. This statement does not apply to Windows 10, version 1703.
<ul>
<li><p>SystemSettings_System_Display_QuickAction_Brightness</p>
<p>Dependencies - SettingsPageSystemDisplay, SettingsPageDisplay</p></li>
@ -316,277 +285,265 @@ aumid=&quot;microsoft.windowscommunicationsapps_8wekyb3d8bbwe!microsoft.windowsl
<li><p>SystemSettings_QuickAction_Camera</p>
<p>Dependencies - none</p></li>
</ul>
<p>In this example, all settings pages and quick action settings are allowed. An empty &lt;Settings&gt; node indicates that none of the settings are blocked.</p>
<pre class="syntax" space="preserve"><code>&lt;Settings&gt;
&lt;/Settings&gt;</code></pre>
<p>In this example, all System setting pages are enabled. Note that the System page group is added as well as all of the System subpage names.</p>
<pre class="syntax" space="preserve"><code>&lt;Settings&gt;
&lt;System name=&quot;SettingsPageGroupPCSystem&quot; /&gt;
&lt;System name=&quot;SettingsPageDisplay&quot; /&gt;
&lt;System name=&quot;SettingsPageAppsNotifications&quot; /&gt;
&lt;System name=&quot;SettingsPageCalls&quot; /&gt;
&lt;System name=&quot;SettingsPageMessaging&quot; /&gt;
&lt;System name=&quot;SettingsPageBatterySaver&quot; /&gt;
&lt;System name=&quot;SettingsPageStorageSenseStorageOverview&quot; /&gt;
&lt;System name=&quot;SettingsPageGroupPCSystemDeviceEncryption&quot; /&gt;
&lt;System name=&quot;SettingsPageDrivingMode&quot; /&gt;
&lt;System name=&quot;SettingsPagePCSystemInfo&quot; /&gt;
&lt;/Settings&gt;</code></pre>
<p>To remove access to all of the settings in the system, the settings application would simply not be listed in the app list for a particular role.</p></td>
</tr>
<tr class="even">
<td style="vertical-align:top"><p>Buttons</p></td>
<td><p>The following list identifies the hardware buttons on the device that you can lock down in <strong>ButtonLockdownList</strong>. When a user taps a button that is in the lockdown list, nothing will happen.</p>
In this example, all settings pages and quick action settings are allowed. An empty \<Settings> node indicates that none of the settings are blocked.
``` syntax
<Settings>
</Settings>
```
In this example, all System setting pages are enabled. Note that the System page group is added as well as all of the System subpage names.
``` syntax
<Settings>
<System name="SettingsPageGroupPCSystem" />
<System name="SettingsPageDisplay" />
<System name="SettingsPageAppsNotifications" />
<System name="SettingsPageCalls" />
<System name="SettingsPageMessaging" />
<System name="SettingsPageBatterySaver" />
<System name="SettingsPageStorageSenseStorageOverview" />
<System name="SettingsPageGroupPCSystemDeviceEncryption" />
<System name="SettingsPageDrivingMode" />
<System name="SettingsPagePCSystemInfo" />
</Settings>
```
Entry | Description
----------- | ------------
Buttons | The following list identifies the hardware buttons on the device that you can lock down in <strong>ButtonLockdownList</strong>. When a user taps a button that is in the lockdown list, nothing will happen.
<ul>
<li><p>Start</p>
<div class="alert">
<strong>Note</strong>  
<p>Lock down of the Start button only prevents the press and hold event.</p>
</div>
<div>
 
</div></li>
<li><p>Back</p></li>
<li><p>Search</p></li>
<li><p>Camera</p></li>
<li><p>Custom1</p></li>
<li><p>Custom2</p></li>
<li><p>Custom3</p>
<div class="alert">
<strong>Note</strong>  
<p>Custom buttons are hardware buttons that can be added to devices by OEMs.</p>
</div>
<div>
 
</div></li>
<li><p>Custom3</p></li>
</ul>
<p>Example:</p>
<pre class="syntax" space="preserve"><code>&lt;Buttons&gt;
&lt;ButtonLockdownList&gt;
&lt;!-- Lockdown all buttons --&gt;
&lt;Button name=&quot;Search&quot;&gt;
&lt;/Button&gt;
&lt;Button name=&quot;Camera&quot;&gt;
&lt;/Button&gt;
&lt;Button name=&quot;Custom1&quot;&gt;
&lt;/Button&gt;
&lt;Button name=&quot;Custom2&quot;&gt;
&lt;/Button&gt;
&lt;Button name=&quot;Custom3&quot;&gt;
&lt;/Button&gt;
&lt;/ButtonLockdownList&gt;</code></pre>
<p>The Search and custom buttons can be <em>remapped</em> or configured to open a specific application. Button remapping takes effect for the device and applies to all users.</p>
<div class="alert">
<strong>Note</strong>  
<p>The lockdown settings for a button, per user role, will apply regardless of the button mapping.</p>
</div>
<div>
 
</div>
<div class="alert">
<strong>Warning</strong>  
<p>Button remapping can enable a user to open an application that is not in the Allow list. Use button lock down to prevent application access for a user role.</p>
</div>
<div>
 
</div>
<p>To remap a button in lockdown XML, you supply the button name, the button event (typically &quot;press&quot;), and the product ID for the application the button will open.</p>
<p>Example:</p>
<pre class="syntax" space="preserve"><code>&lt;ButtonRemapList&gt;
&lt;Button name=&quot;Search&quot;&gt;
&lt;ButtonEvent name=&quot;Press&quot;&gt;
&lt;!-- Alarms --&gt;
&lt;Application productId=&quot;{08179793-ED2E-45EA-BA12-BDE3EE9C3CE3}&quot; parameters=&quot;&quot; /&gt;
&lt;/ButtonEvent&gt;
&lt;/Button&gt;
&lt;/ButtonRemapList&gt;</code></pre>
<p><strong>Disabling navigation buttons</strong></p>
<p>To disable navigation buttons (such as Home or Back) in lockdown XML, you supply the name (for example, Start) and button event (typically &quot;press&quot;).</p>
<p>The following section contains a sample lockdown XML file that shows how to disable navigation buttons.</p>
<p>Example:</p>
<pre class="syntax" space="preserve"><code>&lt;?xml version=&quot;1.0&quot; encoding=&quot;utf-8&quot;?&gt;
&lt;HandheldLockdown version=&quot;1.0&quot; &gt;
&lt;Default&gt;
&lt;ActionCenter enabled=&quot;false&quot; /&gt;
&lt;Apps&gt;
&lt;!-- Settings --&gt;
&lt;Application productId=&quot;{2A4E62D8-8809-4787-89F8-69D0F01654FB}&quot;&gt;
&lt;PinToStart&gt;
&lt;Size&gt;Large&lt;/Size&gt;
&lt;Location&gt;
&lt;LocationX&gt;0&lt;/LocationX&gt;
&lt;LocationY&gt;0&lt;/LocationY&gt;
&lt;/Location&gt;
&lt;/PinToStart&gt;
&lt;/Application&gt;
&lt;!-- Phone Apps --&gt;
&lt;Application productId=&quot;{F41B5D0E-EE94-4F47-9CFE-3D3934C5A2C7}&quot;&gt;
&lt;PinToStart&gt;
&lt;Size&gt;Small&lt;/Size&gt;
&lt;Location&gt;
&lt;LocationX&gt;2&lt;/LocationX&gt;
&lt;LocationY&gt;2&lt;/LocationY&gt;
&lt;/Location&gt;
&lt;/PinToStart&gt;
&lt;/Application&gt;
&lt;/Apps&gt;
&lt;Buttons&gt;
&lt;ButtonLockdownList&gt;
&lt;Button name=&quot;Start&quot;&gt;
&lt;ButtonEvent name=&quot;Press&quot; /&gt;
&lt;/Button&gt;
&lt;Button name=&quot;Back&quot;&gt;
&lt;ButtonEvent name=&quot;Press&quot; /&gt;
&lt;ButtonEvent name=&quot;PressAndHold&quot; /&gt;
&lt;/Button&gt;
&lt;Button name=&quot;Search&quot;&gt;
&lt;ButtonEvent name=&quot;All&quot; /&gt;
&lt;/Button&gt;
&lt;Button name=&quot;Camera&quot;&gt;
&lt;ButtonEvent name=&quot;Press&quot; /&gt;
&lt;ButtonEvent name=&quot;PressAndHold&quot; /&gt;
&lt;/Button&gt;
&lt;Button name=&quot;Custom1&quot;&gt;
&lt;ButtonEvent name=&quot;Press&quot; /&gt;
&lt;ButtonEvent name=&quot;PressAndHold&quot; /&gt;
&lt;/Button&gt;
&lt;Button name=&quot;Custom2&quot;&gt;
&lt;ButtonEvent name=&quot;Press&quot; /&gt;
&lt;ButtonEvent name=&quot;PressAndHold&quot; /&gt;
&lt;/Button&gt;
&lt;Button name=&quot;Custom3&quot;&gt;
&lt;ButtonEvent name=&quot;Press&quot; /&gt;
&lt;ButtonEvent name=&quot;PressAndHold&quot; /&gt;
&lt;/Button&gt;
&lt;/ButtonLockdownList&gt;
&lt;ButtonRemapList /&gt;
&lt;/Buttons&gt;
&lt;MenuItems&gt;
&lt;DisableMenuItems/&gt;
&lt;/MenuItems&gt;
&lt;Settings&gt;
&lt;/Settings&gt;
&lt;Tiles&gt;
&lt;EnableTileManipulation/&gt;
&lt;/Tiles&gt;
&lt;StartScreenSize&gt;Small&lt;/StartScreenSize&gt;
&lt;/Default&gt;
&lt;/HandheldLockdown&gt;</code></pre></td>
</tr>
<tr class="odd">
<td style="vertical-align:top"><p>MenuItems</p></td>
<td><p>Use <strong>DisableMenuItems</strong> to prevent use of the context menu, which is displayed when a user presses and holds an application in the All Programs list. You can include this entry in the default profile and in any additional user role profiles that you create.</p>
<p>Example:</p>
<pre class="syntax" space="preserve"><code>&lt;MenuItems&gt;
&lt;DisableMenuItems/&gt;
&lt;/MenuItems&gt;</code></pre>
<div class="alert">
<strong>Important</strong>  
<p>If <strong>DisableMenuItems</strong> is not included in a profile, users of that profile can uninstall apps.</p>
</div>
<div>
 
</div></td>
</tr>
<tr class="even">
<td style="vertical-align:top"><p>Tiles</p></td>
<td><p><strong>Turning-on tile manipulation</strong></p>
<p>By default, under Assigned Access, tile manipulation is turned off (blocked) and only available if enabled in the users profile.</p>
<p>If tile manipulation is enabled in the users profile, they can pin/unpin, move, and resize tiles based on their preferences. When multiple people use one device and you want to enable tile manipulation for multiple users, you must enable it for each user in their user profile.</p>
<div class="alert">
<strong>Important</strong>  
<p>If a device is turned off then back on, the tiles reset to their predefined layout. If a device has only one profile, the only way to reset the tiles is to turn off then turn on the device. If a device has multiple profiles, the device resets the tiles to the predefined layout based on the logged-in users profile.</p>
</div>
<div>
 
</div>
<p>The following sample file contains configuration for enabling tile manipulation.</p>
<div class="alert">
<strong>Note</strong>  
<p>Tile manipulation is disabled when you dont have a <code>&lt;Tiles&gt;</code> node in lockdown XML, or if you have a <code>&lt;Tiles&gt;</code> node but dont have the <code>&lt;EnableTileManipulation/&gt;</code> node.</p>
</div>
<div>
 
</div>
<p>Example:</p>
<pre class="syntax" space="preserve"><code>&lt;?xml version=&quot;1.0&quot; encoding=&quot;utf-8&quot;?&gt;
&lt;HandheldLockdown version=&quot;1.0&quot; &gt;
&lt;Default&gt;
&lt;ActionCenter enabled=&quot;false&quot; /&gt;
&lt;Apps&gt;
&lt;!-- Settings --&gt;
&lt;Application productId=&quot;{2A4E62D8-8809-4787-89F8-69D0F01654FB}&quot;&gt;
&lt;PinToStart&gt;
&lt;Size&gt;Large&lt;/Size&gt;
&lt;Location&gt;
&lt;LocationX&gt;0&lt;/LocationX&gt;
&lt;LocationY&gt;0&lt;/LocationY&gt;
&lt;/Location&gt;
&lt;/PinToStart&gt;
&lt;/Application&gt;
> [!Note]
> Lock down of the Start button only prevents the press and hold event.
>
> Custom buttons are hardware buttons that can be added to devices by OEMs.
&lt;!-- Phone Apps --&gt;
&lt;Application productId=&quot;{F41B5D0E-EE94-4F47-9CFE-3D3934C5A2C7}&quot;&gt;
&lt;PinToStart&gt;
&lt;Size&gt;Small&lt;/Size&gt;
&lt;Location&gt;
&lt;LocationX&gt;2&lt;/LocationX&gt;
&lt;LocationY&gt;2&lt;/LocationY&gt;
&lt;/Location&gt;
&lt;/PinToStart&gt;
&lt;/Application&gt;
&lt;/Apps&gt;
&lt;Buttons&gt;
&lt;ButtonLockdownList&gt;
&lt;Button name=&quot;Start&quot;&gt;
&lt;ButtonEvent name=&quot;Press&quot; /&gt;
&lt;/Button&gt;
&lt;Button name=&quot;Back&quot;&gt;
&lt;ButtonEvent name=&quot;Press&quot; /&gt;
&lt;ButtonEvent name=&quot;PressAndHold&quot; /&gt;
&lt;/Button&gt;
&lt;Button name=&quot;Search&quot;&gt;
&lt;ButtonEvent name=&quot;All&quot; /&gt;
&lt;/Button&gt;
&lt;Button name=&quot;Camera&quot;&gt;
&lt;ButtonEvent name=&quot;Press&quot; /&gt;
&lt;ButtonEvent name=&quot;PressAndHold&quot; /&gt;
&lt;/Button&gt;
&lt;Button name=&quot;Custom1&quot;&gt;
&lt;ButtonEvent name=&quot;Press&quot; /&gt;
&lt;ButtonEvent name=&quot;PressAndHold&quot; /&gt;
&lt;/Button&gt;
&lt;Button name=&quot;Custom2&quot;&gt;
&lt;ButtonEvent name=&quot;Press&quot; /&gt;
&lt;ButtonEvent name=&quot;PressAndHold&quot; /&gt;
&lt;/Button&gt;
&lt;Button name=&quot;Custom3&quot;&gt;
&lt;ButtonEvent name=&quot;Press&quot; /&gt;
&lt;ButtonEvent name=&quot;PressAndHold&quot; /&gt;
&lt;/Button&gt;
&lt;/ButtonLockdownList&gt;
&lt;ButtonRemapList /&gt;
&lt;/Buttons&gt;
&lt;MenuItems&gt;
&lt;DisableMenuItems/&gt;
&lt;/MenuItems&gt;
&lt;Settings&gt;
&lt;/Settings&gt;
&lt;Tiles&gt;
&lt;EnableTileManipulation/&gt;
&lt;/Tiles&gt;
&lt;StartScreenSize&gt;Small&lt;/StartScreenSize&gt;
&lt;/Default&gt;
&lt;/HandheldLockdown&gt;</code></pre></td>
</tr>
<tr class="odd">
<td style="vertical-align:top"><p>CSP Runner</p></td>
<td><p>Allows CSPs to be executed on the device per user role. You can use this to implement role specific policies, such as changing the color scheme when an admin logs on the device, or to set configurations per role.</p></td>
</tr>
</tbody>
</table>
Buttons example:
``` syntax
<Buttons>
<ButtonLockdownList>
<!-- Lockdown all buttons -->
<Button name="Search">
</Button>
<Button name="Camera">
</Button>
<Button name="Custom1">
</Button>
<Button name="Custom2">
</Button>
<Button name="Custom3">
</Button>
</ButtonLockdownList>
```
The Search and custom buttons can be <em>remapped</em> or configured to open a specific application. Button remapping takes effect for the device and applies to all users.
> [!Note]
> The lockdown settings for a button, per user role, will apply regardless of the button mapping.
>
> Button remapping can enable a user to open an application that is not in the Allow list. Use button lock down to prevent application access for a user role.
To remap a button in lockdown XML, you supply the button name, the button event (typically &quot;press&quot;), and the product ID for the application the button will open.
``` syntax
<ButtonRemapList>
<Button name="Search">
<ButtonEvent name="Press">
<!-- Alarms -->
<Application productId="{08179793-ED2E-45EA-BA12-BDE3EE9C3CE3}" parameters="" />
</ButtonEvent>
</Button>
</ButtonRemapList>
```
**Disabling navigation buttons**
To disable navigation buttons (such as Home or Back) in lockdown XML, you supply the name (for example, Start) and button event (typically "press").
The following section contains a sample lockdown XML file that shows how to disable navigation buttons.
``` syntax
<?xml version="1.0" encoding="utf-8"?>
<HandheldLockdown version="1.0" >
<Default>
<ActionCenter enabled="false" />
<Apps>
<!-- Settings -->
<Application productId="{2A4E62D8-8809-4787-89F8-69D0F01654FB}">
<PinToStart>
<Size>Large</Size>
<Location>
<LocationX>0</LocationX>
<LocationY>0</LocationY>
</Location>
</PinToStart>
</Application>
<!-- Phone Apps -->
<Application productId="{F41B5D0E-EE94-4F47-9CFE-3D3934C5A2C7}">
<PinToStart>
<Size>Small</Size>
<Location>
<LocationX>2</LocationX>
<LocationY>2</LocationY>
</Location>
</PinToStart>
</Application>
</Apps>
<Buttons>
<ButtonLockdownList>
<Button name="Start">
<ButtonEvent name="Press" />
</Button>
<Button name="Back">
<ButtonEvent name="Press" />
<ButtonEvent name="PressAndHold" />
</Button>
<Button name="Search">
<ButtonEvent name="All" />
</Button>
<Button name="Camera">
<ButtonEvent name="Press" />
<ButtonEvent name="PressAndHold" />
</Button>
<Button name="Custom1">
<ButtonEvent name="Press" />
<ButtonEvent name="PressAndHold" />
</Button>
<Button name="Custom2">
<ButtonEvent name="Press" />
<ButtonEvent name="PressAndHold" />
</Button>
<Button name="Custom3">
<ButtonEvent name="Press" />
<ButtonEvent name="PressAndHold" />
</Button>
</ButtonLockdownList>
<ButtonRemapList />
</Buttons>
<MenuItems>
<DisableMenuItems/>
</MenuItems>
<Settings>
</Settings>
<Tiles>
<EnableTileManipulation/>
</Tiles>
<StartScreenSize>Small</StartScreenSize>
</Default>
</HandheldLockdown>
```
Entry | Description
----------- | ------------
MenuItems | Use **DisableMenuItems** to prevent use of the context menu, which is displayed when a user presses and holds an application in the All Programs list. You can include this entry in the default profile and in any additional user role profiles that you create.
> [!Important]
> If **DisableMenuItems** is not included in a profile, users of that profile can uninstall apps.
MenuItems example:
``` syntax
<MenuItems>
<DisableMenuItems/>
</MenuItems>
```
Entry | Description
----------- | ------------
Tiles | **Turning-on tile manipulation** - By default, under Assigned Access, tile manipulation is turned off (blocked) and only available if enabled in the users profile. If tile manipulation is enabled in the users profile, they can pin/unpin, move, and resize tiles based on their preferences. When multiple people use one device and you want to enable tile manipulation for multiple users, you must enable it for each user in their user profile.
> [!Important]
> If a device is turned off then back on, the tiles reset to their predefined layout. If a device has only one profile, the only way to reset the tiles is to turn off then turn on the device. If a device has multiple profiles, the device resets the tiles to the predefined layout based on the logged-in users profile.
The following sample file contains configuration for enabling tile manipulation.
> [!Note]
> Tile manipulation is disabled when you dont have a `<Tiles>` node in lockdown XML, or if you have a `<Tiles>` node but dont have the `<EnableTileManipulation>` node.
``` syntax
<?xml version="1.0" encoding="utf-8"?>
<HandheldLockdown version="1.0" >
<Default>
<ActionCenter enabled="false" />
<Apps>
<!-- Settings -->
<Application productId="{2A4E62D8-8809-4787-89F8-69D0F01654FB}">
<PinToStart>
<Size>Large</Size>
<Location>
<LocationX>0</LocationX>
<LocationY>0</LocationY>
</Location>
</PinToStart>
</Application>
<!-- Phone Apps -->
<Application productId="{F41B5D0E-EE94-4F47-9CFE-3D3934C5A2C7}">
<PinToStart>
<Size>Small</Size>
<Location>
<LocationX>2</LocationX>
<LocationY>2</LocationY>
</Location>
</PinToStart>
</Application>
</Apps>
<Buttons>
<ButtonLockdownList>
<Button name="Start">
<ButtonEvent name="Press" />
</Button>
<Button name="Back">
<ButtonEvent name="Press" />
<ButtonEvent name="PressAndHold" />
</Button>
<Button name="Search">
<ButtonEvent name="All" />
</Button>
<Button name="Camera">
<ButtonEvent name="Press" />
<ButtonEvent name="PressAndHold" />
</Button>
<Button name="Custom1">
<ButtonEvent name="Press" />
<ButtonEvent name="PressAndHold" />
</Button>
<Button name="Custom2">
<ButtonEvent name="Press" />
<ButtonEvent name="PressAndHold" />
</Button>
<Button name="Custom3">
<ButtonEvent name="Press" />
<ButtonEvent name="PressAndHold" />
</Button>
</ButtonLockdownList>
<ButtonRemapList />
</Buttons>
<MenuItems>
<DisableMenuItems/>
</MenuItems>
<Settings>
</Settings>
<Tiles>
<EnableTileManipulation/>
</Tiles>
<StartScreenSize>Small</StartScreenSize>
</Default>
</HandheldLockdown>
```
Entry | Description
----------- | ------------
CSP Runner | Allows CSPs to be executed on the device per user role. You can use this to implement role specific policies, such as changing the color scheme when an admin logs on the device, or to set configurations per role.
 
<a href="" id="lockscreenwallpaper-"></a>**LockscreenWallpaper/**
@ -735,6 +692,8 @@ Not supported in Windows 10. Use doWipePersistProvisionedData in [RemoteWipe CS
<a href="" id="clock-timezone-"></a>**Clock/TimeZone/**
An integer that specifies the time zone of the device. The following table shows the possible values.
Supported operations are Get and Replace.
<table>
<colgroup>
<col width="20%" />
@ -1162,9 +1121,6 @@ An integer that specifies the time zone of the device. The following table shows
</tbody>
</table>
 
Supported operations are Get and Replace.
<a href="" id="locale-language-"></a>**Locale/Language/**
The culture code that identifies the language to display on a device, and specifies the formatting of numbers, currencies, time, and dates. For language values, see [Locale IDs Assigned by Microsoft](http://go.microsoft.com/fwlink/p/?LinkID=189567).
@ -1173,8 +1129,6 @@ The language setting is configured in the Default User profile only.
> **Note**  Apply the Locale ID only after the corresponding language packs are built into and supported for the OS image running on the device. The specified language will be applied as the phone language and a restart may be required.
 
Supported operations are Get and Replace.
## OMA client provisioning examples

1
windows/client-management/mdm/enterpriseassignedaccess-ddf.md
View File

@ -3,7 +3,6 @@ title: EnterpriseAssignedAccess DDF
description: EnterpriseAssignedAccess DDF
ms.assetid: 8BD6FB05-E643-4695-99A2-633995884B37
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/enterpriseassignedaccess-xsd.md
View File

@ -3,7 +3,6 @@ title: EnterpriseAssignedAccess XSD
description: EnterpriseAssignedAccess XSD
ms.assetid: BB3B633E-E361-4B95-9D4A-CE6E08D67ADA
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/enterprisedataprotection-csp.md
View File

@ -3,7 +3,6 @@ title: EnterpriseDataProtection CSP
description: The EnterpriseDataProtection configuration service provider (CSP) is used to configure Windows Information Protection (WIP) (formerly known as Enterprise Data Protection) specific settings.
ms.assetid: E2D4467F-A154-4C00-9208-7798EF3E25B3
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/enterprisedataprotection-ddf-file.md
View File

@ -3,7 +3,6 @@ title: EnterpriseDataProtection DDF file
description: The following topic shows the OMA DM device description framework (DDF) for the EnterpriseDataProtection configuration service provider.
ms.assetid: C6427C52-76F9-4EE0-98F9-DE278529D459
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/enterprisedesktopappmanagement-csp.md
View File

@ -3,7 +3,6 @@ title: EnterpriseDesktopAppManagement CSP
description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications.
ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md
View File

@ -3,7 +3,6 @@ title: EnterpriseDesktopAppManagement DDF
description: This topic shows the OMA DM device description framework (DDF) for the EnterpriseDesktopAppManagement configuration service provider.
ms.assetid: EF448602-65AC-4D59-A0E8-779876542FE3
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/enterprisedesktopappmanagement2-xsd.md
View File

@ -3,7 +3,6 @@ title: EnterpriseDesktopAppManagement XSD
description: This topic contains the XSD schema file for the EnterpriseDesktopAppManagement configuration service providers DownloadInstall parameter.
ms.assetid: 60980257-4F48-4A68-8E8E-1EF0A3F090E2
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/enterpriseext-csp.md
View File

@ -3,7 +3,6 @@ title: EnterpriseExt CSP
description: EnterpriseExt CSP
ms.assetid: ACA5CD79-BBD5-4DD1-86DA-0285B93982BD
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

1
windows/client-management/mdm/enterpriseext-ddf.md
View File

@ -3,7 +3,6 @@ title: EnterpriseExt DDF
description: EnterpriseExt DDF
ms.assetid: 71BF81D4-FBEC-4B03-BF99-F7A5EDD4F91B
ms.author: maricia
ms.date: 05/02/2017
ms.topic: article
ms.prod: w10
ms.technology: windows

Some files were not shown because too many files have changed in this diff Show More