diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
new file mode 100644
index 0000000000..deb2888417
--- /dev/null
+++ b/.github/pull_request_template.md
@@ -0,0 +1,39 @@
+
+
+
+## Why
+
+
+
+- Closes #[Issue Number]
+
+## Changes
+
+
+
+
\ No newline at end of file
diff --git a/.openpublishing.publish.config.json b/.openpublishing.publish.config.json
index 08c19e447c..aad198c643 100644
--- a/.openpublishing.publish.config.json
+++ b/.openpublishing.publish.config.json
@@ -17,22 +17,6 @@
"build_entry_point": "docs",
"template_folder": "_themes"
},
- {
- "docset_name": "hololens",
- "build_source_folder": "devices/hololens",
- "build_output_subfolder": "hololens",
- "locale": "en-us",
- "monikers": [],
- "moniker_ranges": [],
- "open_to_public_contributors": true,
- "type_mapping": {
- "Conceptual": "Content",
- "ManagedReference": "Content",
- "RestApi": "Content"
- },
- "build_entry_point": "docs",
- "template_folder": "_themes"
- },
{
"docset_name": "internet-explorer",
"build_source_folder": "browsers/internet-explorer",
@@ -49,22 +33,6 @@
"build_entry_point": "docs",
"template_folder": "_themes"
},
- {
- "docset_name": "keep-secure",
- "build_source_folder": "windows/keep-secure",
- "build_output_subfolder": "keep-secure",
- "locale": "en-us",
- "monikers": [],
- "moniker_ranges": [],
- "open_to_public_contributors": false,
- "type_mapping": {
- "Conceptual": "Content",
- "ManagedReference": "Content",
- "RestApi": "Content"
- },
- "build_entry_point": "docs",
- "template_folder": "_themes"
- },
{
"docset_name": "microsoft-edge",
"build_source_folder": "browsers/edge",
@@ -81,22 +49,6 @@
"build_entry_point": "docs",
"template_folder": "_themes"
},
- {
- "docset_name": "release-information",
- "build_source_folder": "windows/release-information",
- "build_output_subfolder": "release-information",
- "locale": "en-us",
- "monikers": [],
- "moniker_ranges": [],
- "open_to_public_contributors": false,
- "type_mapping": {
- "Conceptual": "Content",
- "ManagedReference": "Content",
- "RestApi": "Content"
- },
- "build_entry_point": "docs",
- "template_folder": "_themes"
- },
{
"docset_name": "smb",
"build_source_folder": "smb",
@@ -129,22 +81,6 @@
"build_entry_point": "docs",
"template_folder": "_themes"
},
- {
- "docset_name": "win-access-protection",
- "build_source_folder": "windows/access-protection",
- "build_output_subfolder": "win-access-protection",
- "locale": "en-us",
- "monikers": [],
- "moniker_ranges": [],
- "open_to_public_contributors": true,
- "type_mapping": {
- "Conceptual": "Content",
- "ManagedReference": "Content",
- "RestApi": "Content"
- },
- "build_entry_point": "docs",
- "template_folder": "_themes"
- },
{
"docset_name": "win-app-management",
"build_source_folder": "windows/application-management",
@@ -209,54 +145,6 @@
"build_entry_point": "docs",
"template_folder": "_themes"
},
- {
- "docset_name": "win-device-security",
- "build_source_folder": "windows/device-security",
- "build_output_subfolder": "win-device-security",
- "locale": "en-us",
- "monikers": [],
- "moniker_ranges": [],
- "open_to_public_contributors": true,
- "type_mapping": {
- "Conceptual": "Content",
- "ManagedReference": "Content",
- "RestApi": "Content"
- },
- "build_entry_point": "docs",
- "template_folder": "_themes"
- },
- {
- "docset_name": "windows-configure",
- "build_source_folder": "windows/configure",
- "build_output_subfolder": "windows-configure",
- "locale": "en-us",
- "monikers": [],
- "moniker_ranges": [],
- "open_to_public_contributors": false,
- "type_mapping": {
- "Conceptual": "Content",
- "ManagedReference": "Content",
- "RestApi": "Content"
- },
- "build_entry_point": "docs",
- "template_folder": "_themes"
- },
- {
- "docset_name": "windows-deploy",
- "build_source_folder": "windows/deploy",
- "build_output_subfolder": "windows-deploy",
- "locale": "en-us",
- "monikers": [],
- "moniker_ranges": [],
- "open_to_public_contributors": true,
- "type_mapping": {
- "Conceptual": "Content",
- "ManagedReference": "Content",
- "RestApi": "Content"
- },
- "build_entry_point": "docs",
- "template_folder": "_themes"
- },
{
"docset_name": "windows-hub",
"build_source_folder": "windows/hub",
@@ -273,22 +161,6 @@
"build_entry_point": "docs",
"template_folder": "_themes"
},
- {
- "docset_name": "windows-plan",
- "build_source_folder": "windows/plan",
- "build_output_subfolder": "windows-plan",
- "locale": "en-us",
- "monikers": [],
- "moniker_ranges": [],
- "open_to_public_contributors": true,
- "type_mapping": {
- "Conceptual": "Content",
- "ManagedReference": "Content",
- "RestApi": "Content"
- },
- "build_entry_point": "docs",
- "template_folder": "_themes"
- },
{
"docset_name": "windows-privacy",
"build_source_folder": "windows/privacy",
@@ -321,38 +193,6 @@
"build_entry_point": "docs",
"template_folder": "_themes"
},
- {
- "docset_name": "windows-update",
- "build_source_folder": "windows/update",
- "build_output_subfolder": "windows-update",
- "locale": "en-us",
- "monikers": [],
- "moniker_ranges": [],
- "open_to_public_contributors": true,
- "type_mapping": {
- "Conceptual": "Content",
- "ManagedReference": "Content",
- "RestApi": "Content"
- },
- "build_entry_point": "docs",
- "template_folder": "_themes"
- },
- {
- "docset_name": "win-threat-protection",
- "build_source_folder": "windows/threat-protection",
- "build_output_subfolder": "win-threat-protection",
- "locale": "en-us",
- "monikers": [],
- "moniker_ranges": [],
- "open_to_public_contributors": true,
- "type_mapping": {
- "Conceptual": "Content",
- "ManagedReference": "Content",
- "RestApi": "Content"
- },
- "build_entry_point": "docs",
- "template_folder": "_themes"
- },
{
"docset_name": "win-whats-new",
"build_source_folder": "windows/whats-new",
@@ -370,9 +210,7 @@
"template_folder": "_themes"
}
],
- "notification_subscribers": [
- "elizapo@microsoft.com"
- ],
+ "notification_subscribers": [],
"sync_notification_subscribers": [
"dstrome@microsoft.com"
],
@@ -408,13 +246,13 @@
"Pdf"
]
},
- "need_generate_pdf_url_template": true,
"targets": {
"Pdf": {
"template_folder": "_themes.pdf"
}
},
"docs_build_engine": {},
+ "need_generate_pdf_url_template": true,
"contribution_branch_mappings": {},
"need_generate_pdf": false,
"need_generate_intellisense": false
diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
index d324d9f9d1..2c59b009f8 100644
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@@ -1,5 +1,15 @@
{
"redirections": [
+ {
+ "source_path": "windows/security/identity-protection/hello-for-business/WebAuthnAPIs.md",
+ "redirect_url": "/windows/security/windows/security/identity-protection/hello-for-business/webauthn-apis",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/application-management/manage-windows-mixed-reality.md",
+ "redirect_url": "/windows/mixed-reality/enthusiast-guide/manage-windows-mixed-reality",
+ "redirect_document_id": false
+ },
{
"source_path": "windows/client-management/mdm/browserfavorite-csp.md",
"redirect_url": "https://support.microsoft.com/windows/windows-phone-8-1-end-of-support-faq-7f1ef0aa-0aaf-0747-3724-5c44456778a3",
@@ -2577,12 +2587,12 @@
},
{
"source_path": "windows/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md",
- "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection",
+ "redirect_url": "/microsoft-365/security/defender-endpoint/manage-indicators",
"redirect_document_id": false
},
{
"source_path": "windows/security/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md",
- "redirect_url": "/microsoft-365/security/defender-endpoint/use-custom-ti",
+ "redirect_url": "/microsoft-365/security/defender-endpoint/manage-indicators",
"redirect_document_id": false
},
{
@@ -6507,8 +6517,8 @@
},
{
"source_path": "windows/access-protection/access-control/dynamic-access-control.md",
- "redirect_url": "/windows/security/identity-protection/access-control/dynamic-access-control",
- "redirect_document_id": false
+ "redirect_url": "/windows-server/identity/solution-guides/dynamic-access-control-overview",
+ "redirect_document_id": true
},
{
"source_path": "windows/access-protection/access-control/local-accounts.md",
@@ -13342,7 +13352,7 @@
},
{
"source_path": "windows/keep-secure/use-custom-ti-windows-defender-advanced-threat-protection.md",
- "redirect_url": "/windows/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection",
+ "redirect_url": "/microsoft-365/security/defender-endpoint/manage-indicators",
"redirect_document_id": false
},
{
@@ -19549,6 +19559,91 @@
"source_path": "windows/client-management/mdm/proxy-csp.md",
"redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
"redirect_document_id": false
- }
+ },
+ {
+ "source_path": "windows/client-management/img-boot-sequence.md",
+ "redirect_url": "/windows/client-management/advanced-troubleshooting-boot-problems#boot-sequence",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/deployment/deploy-windows-mdt/deploy-a-windows-11-image-using-mdt.md",
+ "redirect_url": "/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "education/windows/get-minecraft-device-promotion.md",
+ "redirect_url": "/education/windows/get-minecraft-for-education",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-group-policy.md",
+ "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-group-policy",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md",
+ "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-intune",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "smb/cloud-mode-business-setup.md",
+ "redirect_url": "https://techcommunity.microsoft.com/t5/small-and-medium-business-blog/bg-p/Microsoft365BusinessBlog",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "smb/index.md",
+ "redirect_url": "https://techcommunity.microsoft.com/t5/small-and-medium-business-blog/bg-p/Microsoft365BusinessBlog",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/whats-new/contribute-to-a-topic.md",
+ "redirect_url": "https://github.com/MicrosoftDocs/windows-itpro-docs/blob/public/CONTRIBUTING.md#editing-windows-it-professional-documentation",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/deployment/update/waas-delivery-optimization-faq.md",
+ "redirect_url": "/windows/deployment/do/waas-delivery-optimization-faq",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/security/identity-protection/access-control/security-identifiers.md",
+ "redirect_url": "/windows-server/identity/ad-ds/manage/understand-security-identifiers",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/security/identity-protection/access-control/security-principals.md",
+ "redirect_url": "/windows-server/identity/ad-ds/manage/understand-security-principals",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/security/identity-protection/access-control/active-directory-accounts.md",
+ "redirect_url": "/windows-server/identity/ad-ds/manage/understand-default-user-accounts",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/security/identity-protection/access-control/microsoft-accounts.md",
+ "redirect_url": "/windows-server/identity/ad-ds/manage/understand-microsoft-accounts",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/security/identity-protection/access-control/service-accounts.md",
+ "redirect_url": "/windows-server/identity/ad-ds/manage/understand-service-accounts",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/security/identity-protection/access-control/active-directory-security-groups.md",
+ "redirect_url": "/windows-server/identity/ad-ds/manage/understand-security-groups",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/security/identity-protection/access-control/special-identities.md",
+ "redirect_url": "/windows-server/identity/ad-ds/manage/understand-special-identities-groups",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/security/identity-protection/access-control/dynamic-access-control.md",
+ "redirect_url": "/windows-server/identity/solution-guides/dynamic-access-control-overview",
+ "redirect_document_id": false
+ }
]
}
diff --git a/CODEOWNERS b/CODEOWNERS
index 7fc05fbd5b..46c2195cd6 100644
--- a/CODEOWNERS
+++ b/CODEOWNERS
@@ -3,3 +3,5 @@ docfx.json @microsoftdocs/officedocs-admin
.openpublishing.publish.config.json @microsoftdocs/officedocs-admin
CODEOWNERS @microsoftdocs/officedocs-admin
.acrolinx-config.edn @microsoftdocs/officedocs-admin
+
+/windows/privacy/ @DHB-MSFT
\ No newline at end of file
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index ef3a69ff52..e09fdb10e8 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -2,104 +2,84 @@
Thank you for your interest in the Windows IT professional documentation! We appreciate your feedback, edits, and additions to our docs.
This page covers the basic steps for editing our technical documentation.
+For a more up-to-date and complete contribution guide, see the main [contributor guide overview](https://docs.microsoft.com/contribute/).
## Sign a CLA
-All contributors who are ***not*** a Microsoft employee must [sign a Microsoft Contribution Licensing Agreement (CLA)](https://cla.microsoft.com/) before editing any Microsoft repositories.
-If you've already edited within Microsoft repositories in the past, congratulations!
+All contributors who are ***not*** a Microsoft employee or vendor must [sign a Microsoft Contributor License Agreement (CLA)](https://cla.microsoft.com/) before editing any Microsoft repositories.
+If you've already edited within Microsoft repositories in the past, congratulations!
You've already completed this step.
## Editing topics
We've tried to make editing an existing, public file as simple as possible.
->**Note**
->At this time, only the English (en-us) content is available for editing.
+> **Note**
+> At this time, only the English (en-us) content is available for editing. If you have suggestions for edits to localized content, file feedback on the article.
-**To edit a topic**
+### To edit a topic
-1. Go to the page on docs.microsoft.com that you want to update, and then click **Edit**.
+1. Browse to the [Microsoft Docs](https://docs.microsoft.com/) article that you want to update.
- 
+ > **Note**
+ > If you're a Microsoft employee or vendor, before you edit the article, append `review.` to the beginning of the URL. This action lets you use the private repository, **windows-docs-pr**. For more information, see the [internal contributor guide](https://review.docs.microsoft.com/help/get-started/edit-article-in-github?branch=main).
-2. Log into (or sign up for) a GitHub account.
-
- You must have a GitHub account to get to the page that lets you edit a topic.
+1. Then select the **Pencil** icon.
-3. Click the **Pencil** icon (in the red box) to edit the content.
+ 
- 
+ If the pencil icon isn't present, the content might not be open to public contributions. Some pages are generated (for example, from inline documentation in code) and must be edited in the project they belong to. This isn't always the case and you might be able to find the documentation by searching the [MicrosoftDocs organization on GitHub](https://github.com/MicrosoftDocs).
-4. Using Markdown language, make your changes to the topic. For info about how to edit content using Markdown, see:
- - **If you're linked to the Microsoft organization in GitHub:** [Windows authoring guide](https://aka.ms/WindowsAuthoring)
-
- - **If you're external to Microsoft:** [Mastering Markdown](https://guides.github.com/features/mastering-markdown/)
+ > **TIP**
+ > View the page source in your browser, and look for the following metadata: `original_content_git_url`. This path always points to the source markdown file for the article.
-5. Make your suggested change, and then click **Preview Changes** to make sure it looks correct.
+1. In GitHub, select the **Pencil** icon to edit the article. If the pencil icon is grayed out, you need to either sign in to your GitHub account or create a new account.
- 
+ 
-6. When you’re done editing the topic, scroll to the bottom of the page, and then click **Propose file change** to create a fork in your personal GitHub account.
+1. Using Markdown language, make your changes to the file. For info about how to edit content using Markdown, see the [Docs Markdown reference](https://docs.microsoft.com/contribute/markdown-reference) and GitHub's [Mastering Markdown](https://guides.github.com/features/mastering-markdown/) documentation.
- 
+1. Make your suggested change, and then select **Preview changes** to make sure it looks correct.
- The **Comparing changes** screen appears to see what the changes are between your fork and the original content.
+ 
-7. On the **Comparing changes** screen, you’ll see if there are any problems with the file you’re checking in.
+1. When you're finished editing, scroll to the bottom of the page. In the **Propose changes** area, enter a title and optionally a description for your changes. The title will be the first line of the commit message. Briefly state _what_ you changed. Select **Propose changes** to commit your changes:
+
+ 
+
+1. The **Comparing changes** screen appears to show what the changes are between your fork and the original content. On the **Comparing changes** screen, you'll see if there are any problems with the file you're checking. If there are no problems, you'll see the message **Able to merge**.
- If there are no problems, you’ll see the message, **Able to merge**.
-
-8. Click **Create pull request**.
+ Select **Create pull request**. Next, enter a title and description to give the approver the appropriate context about _why_ you're suggesting this change. Make sure that only your changed files are in this pull request; otherwise, you could overwrite changes from other people.
-9. Enter a title and description to give the approver the appropriate context about what’s in the request.
+1. Select **Create pull request** again to actually submit the pull request.
-10. Scroll to the bottom of the page, making sure that only your changed files are in this pull request. Otherwise, you could overwrite changes from other people.
+ The pull request is sent to the writer of the topic and your edits are reviewed. If your request is accepted, updates are published to their respective article. This repository contains articles on some of the following topics:
-11. Click **Create pull request** again to actually submit the pull request.
-
- The pull request is sent to the writer of the topic and your edits are reviewed. If your request is accepted, updates are published to one of the following places:
-
- - [Windows 10](https://docs.microsoft.com/windows/windows-10)
-
- - [Microsoft Edge](https://docs.microsoft.com/microsoft-edge/deploy)
-
- - [Surface](https://docs.microsoft.com/surface)
-
- - [Surface Hub](https://docs.microsoft.com/surface-hub)
-
- - [HoloLens](https://docs.microsoft.com/hololens)
-
+ - [Windows client documentation for IT Pros](https://docs.microsoft.com/windows/resources/)
- [Microsoft Store](https://docs.microsoft.com/microsoft-store)
-
- [Windows 10 for Education](https://docs.microsoft.com/education/windows)
-
- [Windows 10 for SMB](https://docs.microsoft.com/windows/smb)
-
- - [Internet Explorer 11](https://docs.microsoft.com/internet-explorer)
-
- - [Microsoft Desktop Optimization Pack](https://docs.microsoft.com/microsoft-desktop-optimization-pack)
-
+ - [Internet Explorer 11](https://docs.microsoft.com/internet-explorer/)
## Making more substantial changes
-To make substantial changes to an existing article, add or change images, or contribute a new article, you will need to create a local clone of the content.
-For info about creating a fork or clone, see the GitHub help topic, [Fork a Repo](https://help.github.com/articles/fork-a-repo/).
+To make substantial changes to an existing article, add or change images, or contribute a new article, you'll need to create a local clone of the content.
+For info about creating a fork or clone, see [Set up a local Git repository](https://docs.microsoft.com/contribute/get-started-setup-local). The GitHub docs topic, [Fork a Repo](https://docs.github.com/articles/fork-a-repo), is also insightful.
-Fork the official repo into your personal GitHub account, and then clone the fork down to your local device. Work locally, then push your changes back into your fork. Then open a pull request back to the master branch of the official repo.
+Fork the official repo into your personal GitHub account, and then clone the fork down to your local device. Work locally, then push your changes back into your fork. Finally, open a pull request back to the main branch of the official repo.
## Using issues to provide feedback on documentation
If you just want to provide feedback rather than directly modifying actual documentation pages, you can create an issue in the repository.
-At the top of a topic page you'll see an **Issues** tab. Click the tab and then click the **New issue** button.
+At the top of an article, you'll see a feedback icon. Select the icon to go to the **Feedback** section at the bottom of the article. Then select **This page** to file feedback for the current article.
-Be sure to include the topic title and the URL for the page you're submitting the issue for, if that page is different from the page you launched the **New issue** dialog from.
+In the new issue form, enter a brief title. In the body of the form, describe the concern, but don't modify the **Document Details** section. You can use markdown in this form. When you're ready, select **Submit new issue**.
## Resources
-You can use your favorite text editor to edit Markdown. We recommend [Visual Studio Code](https://code.visualstudio.com/), a free lightweight open source editor from Microsoft.
-
-You can learn the basics of Markdown in just a few minutes. To get started, check out [Mastering Markdown](https://guides.github.com/features/mastering-markdown/).
-
+- You can use your favorite text editor to edit Markdown files. We recommend [Visual Studio Code](https://code.visualstudio.com/), a free lightweight open source editor from Microsoft.
+- You can learn the basics of Markdown in just a few minutes. To get started, check out [Mastering Markdown](https://guides.github.com/features/mastering-markdown/).
+- Microsoft technical documentation uses several custom Markdown extensions. To learn more, see the [Docs Markdown reference](https://docs.microsoft.com/contribute/markdown-reference).
diff --git a/ContentOwners.txt b/ContentOwners.txt
new file mode 100644
index 0000000000..23bca2c5c7
--- /dev/null
+++ b/ContentOwners.txt
@@ -0,0 +1,2 @@
+/windows/ @aczechowski
+/windows/privacy/ @DHB-MSFT
diff --git a/bcs/TOC.yml b/bcs/TOC.yml
deleted file mode 100644
index 981fe6d622..0000000000
--- a/bcs/TOC.yml
+++ /dev/null
@@ -1,2 +0,0 @@
-- name: Index
- href: index.md
diff --git a/bcs/breadcrumb/toc.yml b/bcs/breadcrumb/toc.yml
deleted file mode 100644
index 61d8fca61e..0000000000
--- a/bcs/breadcrumb/toc.yml
+++ /dev/null
@@ -1,3 +0,0 @@
-- name: Docs
- tocHref: /
- topicHref: /
\ No newline at end of file
diff --git a/browsers/enterprise-mode/collect-data-using-enterprise-site-discovery.md b/browsers/enterprise-mode/collect-data-using-enterprise-site-discovery.md
index 10d59733dd..91c262c502 100644
--- a/browsers/enterprise-mode/collect-data-using-enterprise-site-discovery.md
+++ b/browsers/enterprise-mode/collect-data-using-enterprise-site-discovery.md
@@ -138,7 +138,7 @@ Before you can start to collect your data, you must run the provided PowerShell
-OR-
- Collect your hardware inventory using the MOF Editor with a .MOF import file.
-OR-
-- Collect your hardware inventory using the SMS\DEF.MOF file (System Center Configuration Manager 2007 only)
+- Collect your hardware inventory using the SMS\DEF.MOF file (Configuration Manager 2007 only)
### WMI only: Running the PowerShell script to compile the .MOF file and to update security privileges
You need to set up your computers for data collection by running the provided PowerShell script (IETelemetrySetUp.ps1) to compile the .mof file and to update security privileges for the new WMI classes.
@@ -235,7 +235,7 @@ After you’ve collected your data, you’ll need to get the local files off of
-OR-
- Collect your hardware inventory using the MOF Editor with a .MOF import file.
-OR-
-- Collect your hardware inventory using the SMS\DEF.MOF file (System Center Configuration Manager 2007 only)
+- Collect your hardware inventory using the SMS\DEF.MOF file (Configuration Manager 2007 only)
### Collect your hardware inventory using the MOF Editor while connected to a client device
You can collect your hardware inventory using the MOF Editor, while you’re connected to your client devices.
@@ -277,8 +277,8 @@ You can collect your hardware inventory using the MOF Editor and a .MOF import f
4. Click **OK** to close the default windows.
Your environment is now ready to collect your hardware inventory and review the sample reports.
-### Collect your hardware inventory using the SMS\DEF.MOF file (System Center Configuration Manager 2007 only)
-You can collect your hardware inventory using the using the Systems Management Server (SMS\DEF.MOF) file. Editing this file lets you collect your data for System Center Configuration Manager 2007. If you aren’t using this version of Configuration Manager, you won’t want to use this option.
+### Collect your hardware inventory using the SMS\DEF.MOF file (Configuration Manager 2007 only)
+You can collect your hardware inventory using the using the Systems Management Server (SMS\DEF.MOF) file. Editing this file lets you collect your data for Configuration Manager 2007. If you aren’t using this version of Configuration Manager, you won’t want to use this option.
**To collect your inventory**
@@ -352,14 +352,14 @@ You can collect your hardware inventory using the using the Systems Management S
Your environment is now ready to collect your hardware inventory and review the sample reports.
## View the sample reports with your collected data
-The sample reports, **SCCM Report Sample – ActiveX.rdl** and **SCCM Report Sample – Site Discovery.rdl**, work with System Center 2012, so you can review your collected data.
+The sample reports, **Configuration Manager Report Sample – ActiveX.rdl** and **Configuration Manager Report Sample – Site Discovery.rdl**, work with System Center 2012, so you can review your collected data.
-### SCCM Report Sample – ActiveX.rdl
+### Configuration Manager Report Sample – ActiveX.rdl
Gives you a list of all of the ActiveX-related sites visited by the client computer.
-### SCCM Report Sample – Site Discovery.rdl
+### Configuration Manager Report Sample – Site Discovery.rdl
Gives you a list of all of the sites visited by the client computer.
diff --git a/browsers/enterprise-mode/enterprise-mode-and-enterprise-site-list-include.md b/browsers/enterprise-mode/enterprise-mode-and-enterprise-site-list-include.md
index 25f58fb19f..a8f90c3697 100644
--- a/browsers/enterprise-mode/enterprise-mode-and-enterprise-site-list-include.md
+++ b/browsers/enterprise-mode/enterprise-mode-and-enterprise-site-list-include.md
@@ -5,7 +5,7 @@ Starting with Windows 10, version 1511 (also known as the Anniversary Update), y
### Site list xml file
-This is a view of the [raw EMIE v2 schema.xml file](https://gist.github.com/kypflug/9e9961de771d2fcbd86b#file-emie-v2-schema-xml). There are equivalent Enterprise Mode Site List policies for both [Microsoft Edge](https://docs.microsoft.com/microsoft-edge/deploy/emie-to-improve-compatibility) and [Internet Explorer 11](https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list). The Microsoft Edge list is used to determine which sites should open in IE11; while the IE11 list is used to determine the compat mode for a site, and which sites should open in Microsoft Edge. We recommend using one list for both browsers, where each policy points to the same XML file location.
+This is a view of the [raw EMIE v2 schema.xml file](https://gist.github.com/kypflug/9e9961de771d2fcbd86b#file-emie-v2-schema-xml). There are equivalent Enterprise Mode Site List policies for both [Microsoft Edge](/microsoft-edge/deploy/emie-to-improve-compatibility) and [Internet Explorer 11](/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list). The Microsoft Edge list is used to determine which sites should open in IE11; while the IE11 list is used to determine the compat mode for a site, and which sites should open in Microsoft Edge. We recommend using one list for both browsers, where each policy points to the same XML file location.
```xml
@@ -47,4 +47,4 @@ This is a view of the [raw EMIE v2 schema.xml file](https://gist.github.com/kypf
-```
\ No newline at end of file
+```
diff --git a/browsers/includes/helpful-topics-include.md b/browsers/includes/helpful-topics-include.md
index 0a0f72e971..21e15f6d8d 100644
--- a/browsers/includes/helpful-topics-include.md
+++ b/browsers/includes/helpful-topics-include.md
@@ -35,4 +35,4 @@ ms.topic: include
- [Web Application Compatibility Lab Kit for Internet Explorer 11](https://technet.microsoft.com/browser/mt612809.aspx)
- [Download Internet Explorer 11](https://go.microsoft.com/fwlink/p/?linkid=290956)
- [Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide](https://go.microsoft.com/fwlink/p/?LinkId=760646)
-- [Fix web compatibility issues using document modes and the Enterprise Mode site list](https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list)
+- [Fix web compatibility issues using document modes and the Enterprise Mode site list](/internet-explorer/ie11-deploy-guide/fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-install-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-install-ie11.md
index 187e1eade3..0175cb7bbe 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-install-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-install-ie11.md
@@ -29,7 +29,7 @@ Before you install Internet Explorer 11, you should:
- **Choose how you'll deploy your installation package.** Your deployment method should be based on whether you're installing to computers already running Windows, or if you're deploying IE11 as part of a Windows installation.
- - **Existing computers running Windows.** Use System Center R2 2012 System Center 2012 R2 Configuration Manager, System Center Essentials 2010, Windows Server Updates Services (WSUS), or Microsoft Intune to deploy IE11. For more information about how to use these systems, see [System Center 2012 R2 Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg682129(v=technet.10)), [System Center Essentials 2010](https://go.microsoft.com/fwlink/p/?LinkId=395200), [Windows Server Update Services](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh852345(v=ws.11)), and [Microsoft Intune Overview](https://www.microsoft.com/cloud-platform/microsoft-intune).
+ - **Existing computers running Windows.** Use Configuration Manager, System Center Essentials 2010, Windows Server Updates Services (WSUS), or Microsoft Intune to deploy IE11. For more information about how to use these systems, see [Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg682129(v=technet.10)), [System Center Essentials 2010](https://go.microsoft.com/fwlink/p/?LinkId=395200), [Windows Server Update Services](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh852345(v=ws.11)), and [Microsoft Intune Overview](https://www.microsoft.com/cloud-platform/microsoft-intune).
- **As part of a Windows deployment.** Update your Windows images to include IE11, and then add the update to your MDT deployment share or to your Windows image. For instructions about how to create and use Windows images, see [Create and Manage a Windows Image Using DISM](/previous-versions/windows/it-pro/windows-8.1-and-8/hh825251(v=win.10)). For general information about deploying IE, see [Microsoft Deployment Toolkit (MDT)](/mem/configmgr/mdt/), [Windows ADK Overview](/previous-versions/windows/it-pro/windows-8.1-and-8/hh825486(v=win.10)).
diff --git a/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md b/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md
index 8cef068687..24265e0261 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md
@@ -142,7 +142,7 @@ Before you can start to collect your data, you must run the provided PowerShell
-OR-
- Collect your hardware inventory using the MOF Editor with a .MOF import file.
-OR-
-- Collect your hardware inventory using the SMS\DEF.MOF file (System Center Configuration Manager 2007 only)
+- Collect your hardware inventory using the SMS\DEF.MOF file (Configuration Manager 2007 only)
### WMI only: Running the PowerShell script to compile the .MOF file and to update security privileges
You need to set up your computers for data collection by running the provided PowerShell script (IETelemetrySetUp.ps1) to compile the .mof file and to update security privileges for the new WMI classes.
@@ -239,7 +239,7 @@ After you’ve collected your data, you’ll need to get the local files off of
-OR-
- Collect your hardware inventory using the MOF Editor with a .MOF import file.
-OR-
-- Collect your hardware inventory using the SMS\DEF.MOF file (System Center Configuration Manager 2007 only)
+- Collect your hardware inventory using the SMS\DEF.MOF file (Configuration Manager 2007 only)
### Collect your hardware inventory using the MOF Editor while connected to a client device
You can collect your hardware inventory using the MOF Editor, while you’re connected to your client devices.
@@ -281,8 +281,8 @@ You can collect your hardware inventory using the MOF Editor and a .MOF import f
4. Click **OK** to close the default windows.
Your environment is now ready to collect your hardware inventory and review the sample reports.
-### Collect your hardware inventory using the SMS\DEF.MOF file (System Center Configuration Manager 2007 only)
-You can collect your hardware inventory using the using the Systems Management Server (SMS\DEF.MOF) file. Editing this file lets you collect your data for System Center Configuration Manager 2007. If you aren’t using this version of Configuration Manager, you won’t want to use this option.
+### Collect your hardware inventory using the SMS\DEF.MOF file (Configuration Manager 2007 only)
+You can collect your hardware inventory using the using the Systems Management Server (SMS\DEF.MOF) file. Editing this file lets you collect your data for Configuration Manager 2007. If you aren’t using this version of Configuration Manager, you won’t want to use this option.
**To collect your inventory**
@@ -356,14 +356,14 @@ You can collect your hardware inventory using the using the Systems Management S
Your environment is now ready to collect your hardware inventory and review the sample reports.
## View the sample reports with your collected data
-The sample reports, **SCCM Report Sample – ActiveX.rdl** and **SCCM Report Sample – Site Discovery.rdl**, work with System Center 2012, so you can review your collected data.
+The sample reports, **Configuration Manager Report Sample – ActiveX.rdl** and **Configuration Manager Report Sample – Site Discovery.rdl**, work with System Center 2012, so you can review your collected data.
-### SCCM Report Sample – ActiveX.rdl
+### Configuration Manager Report Sample – ActiveX.rdl
Gives you a list of all of the ActiveX-related sites visited by the client computer.
-### SCCM Report Sample – Site Discovery.rdl
+### Configuration Manager Report Sample – Site Discovery.rdl
Gives you a list of all of the sites visited by the client computer.
diff --git a/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-software-distribution-tools.md b/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-software-distribution-tools.md
index 9e65453694..7eaac18e22 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-software-distribution-tools.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-software-distribution-tools.md
@@ -21,7 +21,7 @@ ms.date: 07/27/2017
If you already manage software distribution and updates on your network through software distribution tools, you can also use these tools for ongoing deployments of Internet Explorer. Software distribution tools include:
-- **System Center R2 2012 System Center 2012 R2 Configuration Manager.** Deploy and install Internet Explorer 11 on your user's computers through a software distribution package. For more information about using this tool, see [System Center R2 2012 Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg682129(v=technet.10)).
+- **Configuration Manager** Deploy and install Internet Explorer 11 on your user's computers through a software distribution package. For more information about using this tool, see [Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg682129(v=technet.10)).
- **Windows Server Update Services (WSUS).** Download a single copy of the IE11 updates, caching them to local servers so your users' computers can receive the updates directly from the WSUS servers, instead of through Windows Update. For more information about using this tool, see [Windows Server Update Services](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh852345(v=ws.11)).
diff --git a/browsers/internet-explorer/ie11-deploy-guide/img-ie11-docmode-lg.md b/browsers/internet-explorer/ie11-deploy-guide/img-ie11-docmode-lg.md
index ca1542a952..83c7c6b9b8 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/img-ie11-docmode-lg.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/img-ie11-docmode-lg.md
@@ -7,6 +7,7 @@ ms.reviewer:
audience: itpro
manager: dansimp
ms.author: dansimp
+ms.prod: ie11
---
# Full-sized flowchart detailing how document modes are chosen in IE11
diff --git a/browsers/internet-explorer/ie11-deploy-guide/what-is-the-internet-explorer-11-blocker-toolkit.md b/browsers/internet-explorer/ie11-deploy-guide/what-is-the-internet-explorer-11-blocker-toolkit.md
index 3ec3c7c763..13e84a6792 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/what-is-the-internet-explorer-11-blocker-toolkit.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/what-is-the-internet-explorer-11-blocker-toolkit.md
@@ -75,7 +75,7 @@ If you use Automatic Updates in your company, but want to stop your users from a
> [!NOTE]
>The toolkit won't stop users with local administrator accounts from manually installing Internet Explorer 11. Using this toolkit also prevents your users from receiving automatic upgrades from Internet Explorer 8, Internet Explorer 9, or Internet Explorer 10 to Internet Explorer 11. For more information, see the [Internet Explorer 11 Blocker Toolkit frequently asked questions](../ie11-faq/faq-for-it-pros-ie11.yml).
-- **Use an update management solution to control update deployment.** If you already use an update management solution, like [Windows Server Update Services (WSUS)](/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus) or the more advanced [System Center 2012 Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg682129(v=technet.10)), you should use that instead of the Internet Explorer Blocker Toolkit.
+- **Use an update management solution to control update deployment.** If you already use an update management solution, like [Windows Server Update Services (WSUS)](/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus) or the more advanced [Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg682129(v=technet.10)), you should use that instead of the Internet Explorer Blocker Toolkit.
> [!NOTE]
> If you use WSUS to manage updates, and Update Rollups are configured for automatic installation, Internet Explorer will automatically install throughout your company.
diff --git a/browsers/internet-explorer/ie11-faq/faq-ie11-blocker-toolkit.yml b/browsers/internet-explorer/ie11-faq/faq-ie11-blocker-toolkit.yml
index 178595abf4..618ec339b5 100644
--- a/browsers/internet-explorer/ie11-faq/faq-ie11-blocker-toolkit.yml
+++ b/browsers/internet-explorer/ie11-faq/faq-ie11-blocker-toolkit.yml
@@ -22,7 +22,7 @@ summary: |
Get answers to commonly asked questions about the Internet Explorer 11 Blocker Toolkit.
> [!Important]
- > If you administer your company’s environment using an update management solution, such as Windows Server Update Services (WSUS) or System Center 2012 Configuration Manager, you don’t need to use the Internet Explorer 11 Blocker Toolkit. Update management solutions let you completely manage your Windows Updates and Microsoft Updates, including your Internet Explorer 11 deployment.
+ > If you administer your company’s environment using an update management solution, such as Windows Server Update Services (WSUS) or Configuration Manager, you don’t need to use the Internet Explorer 11 Blocker Toolkit. Update management solutions let you completely manage your Windows Updates and Microsoft Updates, including your Internet Explorer 11 deployment.
- [Automatic updates delivery process](/internet-explorer/ie11-faq/faq-ie11-blocker-toolkit#automatic-updates-delivery-process)
@@ -47,7 +47,7 @@ sections:
- question: |
Whtools cI use to manage Windows Updates and Microsoft Updates in my company?
answer: |
- We encourage anyone who wants full control over their company’s deployment of Windows Updates and Microsoft Updates, to use [Windows Server Update Services (WSUS)](/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus), a free tool for users of Windows Server. You calso use the more advanced configuration management tool, [System Center 2012 Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg682041(v=technet.10)).
+ We encourage anyone who wants full control over their company’s deployment of Windows Updates and Microsoft Updates, to use [Windows Server Update Services (WSUS)](/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus), a free tool for users of Windows Server. You calso use the more advanced configuration management tool, [Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg682041(v=technet.10)).
- question: |
How long does the blocker mechanism work?
diff --git a/browsers/internet-explorer/includes/microsoft-365-ie-end-of-support.md b/browsers/internet-explorer/includes/microsoft-365-ie-end-of-support.md
index c92fd17fd3..bb2983bca4 100644
--- a/browsers/internet-explorer/includes/microsoft-365-ie-end-of-support.md
+++ b/browsers/internet-explorer/includes/microsoft-365-ie-end-of-support.md
@@ -1,13 +1,17 @@
---
-author: pamgreen-msft
-ms.author: pamgreen
-ms.date: 10/02/2018
+author: dansimp
+ms.author: dansimp
+ms.date:
ms.reviewer:
audience: itpro
-manager: pamgreen
+manager: dansimp
ms.prod: ie11
ms.topic: include
---
> [!IMPORTANT]
-> The Internet Explorer 11 desktop application will be retired and go out of support on June 15, 2022. For a list of what’s in scope, see [the FAQ](https://aka.ms/IEModeFAQ). The same IE11 apps and sites you use today can open in Microsoft Edge with Internet Explorer mode. [Learn more here](https://blogs.windows.com/msedgedev/).
\ No newline at end of file
+> The Internet Explorer 11 desktop application is [retired and out of support](https://aka.ms/IEJune15Blog) as of June 15, 2022 for certain versions of Windows 10.
+>
+> You can still access older, legacy sites that require Internet Explorer with Internet Explorer mode in Microsoft Edge. [Learn how](https://aka.ms/IEmodewebsite).
+>
+> The Internet Explorer 11 desktop application will progressively redirect to the faster, more secure Microsoft Edge browser, and will ultimately be disabled via Windows Update. [Disable IE today](/deployedge/edge-ie-disable-ie11).
diff --git a/browsers/internet-explorer/internet-explorer.yml b/browsers/internet-explorer/internet-explorer.yml
index 17fad3f1dd..17eee2393b 100644
--- a/browsers/internet-explorer/internet-explorer.yml
+++ b/browsers/internet-explorer/internet-explorer.yml
@@ -6,9 +6,10 @@ metadata:
title: Internet Explorer 11 documentation
description: Consistent, reliable web browsing on Windows 7, Windows 8.1, and Windows 10, with the security, performance, backward compatibility, and modern standards support that large organizations need.
ms.topic: landing-page
- author: lizap
- ms.author: elizapo
- ms.date: 07/06/2020
+ author: aczechowski
+ ms.author: aaroncz
+ ms.date: 07/29/2022
+ ms.prod: ie11
# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | sample | tutorial | video | whats-new
@@ -38,14 +39,6 @@ landingContent:
url: https://www.microsoft.com/download/details.aspx?id=49974
- text: Cumulative security updates for Internet Explorer 11
url: https://www.catalog.update.microsoft.com/Search.aspx?q=cumulative%20security%20update%20for%20internet%20explorer%2011
- - linkListType: learn
- links:
- - text: Getting started with Windows 10 for IT professionals
- url: https://mva.microsoft.com/training-courses/getting-started-with-windows-10-for-it-professionals-10629?l=fCowqpy8_5905094681
- - text: 'Windows 10: Top Features for IT Pros'
- url: https://mva.microsoft.com/training-courses/windows-10-top-features-for-it-pros-16319?l=xBnT2ihhC_7306218965
- - text: 'Virtual Lab: Enterprise Mode'
- url: https://www.microsoft.com/handsonlabs/SelfPacedLabs/?storyGuid=e4155067-2c7e-4b46-8496-eca38bedca02
# Card
- title: Plan
@@ -62,8 +55,6 @@ landingContent:
url: ./ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md
- text: Manage Windows upgrades with Upgrade Readiness
url: /windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness
- - text: 'Demo: Plan and manage Windows 10 upgrades and feature updates with'
- url: https://techcommunity.microsoft.com/t5/Microsoft-Ignite-Content-2017/Windows-Analytics-Plan-and-manage-Windows-10-upgrades-and/td-p/98639
- linkListType: how-to-guide
links:
- text: Turn on Enterprise Mode and use a site list
@@ -125,11 +116,7 @@ landingContent:
- text: Out-of-date ActiveX control blocking
url: ./ie11-deploy-guide/out-of-date-activex-control-blocking.md
- text: Update to block out-of-date ActiveX controls in Internet Explorer
- url: https://support.microsoft.com/help/2991000/update-to-block-out-of-date-activex-controls-in-internet-explorer
- - text: Script to join user to AD with automatic Local user Profile Migration
- url: https://gallery.technet.microsoft.com/scriptcenter/script-to-join-active-7b16d9d3
- - text: Scripts for IT professionals
- url: https://gallery.technet.microsoft.com/scriptcenter/site/search?query=Microsoft%20Edge%20or%20Internet
+ url: https://support.microsoft.com/topic/update-to-block-out-of-date-activex-controls-in-internet-explorer-39ced8f8-5d98-3c7b-4792-b62fad4e2277
# Card
- title: Support
@@ -137,25 +124,19 @@ landingContent:
- linkListType: get-started
links:
- text: Change or reset Internet Explorer settings
- url: https://support.microsoft.com/help/17441/windows-internet-explorer-change-reset-settings
+ url: https://support.microsoft.com/windows/change-or-reset-internet-explorer-settings-2d4bac50-5762-91c5-a057-a922533f77d5
- text: Troubleshoot problems with setup, installation, auto configuration, and more
url: ./ie11-deploy-guide/troubleshoot-ie11.md
- text: Disable VBScript execution in Internet Explorer for Internet Zone and Restricted Sites Zone
- url: https://support.microsoft.com/help/4012494/option-to-disable-vbscript-execution-in-internet-explorer-for-internet
+ url: https://support.microsoft.com/topic/option-to-disable-vbscript-execution-in-internet-explorer-for-internet-zone-and-restricted-sites-zone-3a2104c0-5af0-9aae-6c57-8207d3cb3e65
- text: Frequently asked questions about IEAK 11
url: ./ie11-faq/faq-ieak11.yml
- text: Internet Explorer 8, 9, 10, 11 forum
url: https://social.technet.microsoft.com/forums/ie/home?forum=ieitprocurrentver
- text: Contact a Microsoft support professional
url: https://support.microsoft.com/contactus
- - text: Support options for Microsoft Partners
- url: https://mspartner.microsoft.com/Pages/Support/get-support.aspx
- - text: Microsoft Services Premier Support
- url: https://www.microsoft.com/en-us/microsoftservices/support.aspx
- - text: Microsoft Small Business Support Center
- url: https://smallbusiness.support.microsoft.com/product/internet-explorer
- text: General support
- url: https://support.microsoft.com/products/internet-explorer
+ url: https://support.microsoft.com/windows/internet-explorer-help-23360e49-9cd3-4dda-ba52-705336cc0de2
# Card
- title: Stay informed
@@ -167,4 +148,4 @@ landingContent:
- text: Microsoft Edge Dev blog
url: https://blogs.windows.com/msedgedev
- text: Microsoft Edge Dev on Twitter
- url: https://twitter.com/MSEdgeDev
\ No newline at end of file
+ url: https://twitter.com/MSEdgeDev
diff --git a/browsers/internet-explorer/kb-support/ie-edge-faqs.yml b/browsers/internet-explorer/kb-support/ie-edge-faqs.yml
index ea499a1774..0e1a848592 100644
--- a/browsers/internet-explorer/kb-support/ie-edge-faqs.yml
+++ b/browsers/internet-explorer/kb-support/ie-edge-faqs.yml
@@ -93,7 +93,7 @@ sections:
- question: |
Is an example Proxy Auto Configuration (PAC) file available?
answer: |
- Here is a simple PAC file:
+ Here's a simple PAC file:
```vb
function FindProxyForURL(url, host)
@@ -103,7 +103,7 @@ sections:
```
> [!NOTE]
- > The previous PAC always returns the **proxyserver:portnumber** proxy.
+ > The previous PAC always returns the `proxyserver:portnumber` proxy.
For more information about how to write a PAC file and about the different functions in a PAC file, see [the FindProxyForURL website](https://findproxyforurl.com/).
@@ -113,8 +113,7 @@ sections:
- question: |
How to improve performance by using PAC scripts
answer: |
- - [Browser is slow to respond when you use an automatic configuration script](https://support.microsoft.com/en-us/topic/effa1aa0-8e95-543d-6606-03ac68e3f490)
- - [Optimizing performance with automatic Proxyconfiguration scripts (PAC)](/troubleshoot/browsers/optimize-pac-performance)
+ For more information, see [Optimizing performance with automatic Proxy configuration scripts (PAC)](/troubleshoot/developer/browsers/connectivity-navigation/optimize-pac-performance).
- name: Other questions
questions:
@@ -123,7 +122,7 @@ sections:
answer: |
For more information, see the following blog article:
- [How do I set the home page in Microsoft Edge?](https://support.microsoft.com/en-us/microsoft-edge/change-your-browser-home-page-a531e1b8-ed54-d057-0262-cc5983a065c6)
+ [How do I set the home page in Microsoft Edge?](https://support.microsoft.com/microsoft-edge/change-your-browser-home-page-a531e1b8-ed54-d057-0262-cc5983a065c6)
- question: |
How to add sites to the Enterprise Mode (EMIE) site list
@@ -133,7 +132,7 @@ sections:
- question: |
What is Content Security Policy (CSP)?
answer: |
- By using [Content Security Policy](/microsoft-edge/dev-guide/security/content-security-policy), you create an allow list of sources of trusted content in the HTTP headers. You also pre-approve certain servers for content that is loaded into a webpage, and instruct the browser to execute or render only resources from those sources. You can use this technique to prevent malicious content from being injected into sites.
+ By using [Content Security Policy](/microsoft-edge/dev-guide/security/content-security-policy), you create an allowlist of sources of trusted content in the HTTP headers. You also pre-approve certain servers for content that is loaded into a webpage, and instruct the browser to execute or render only resources from those sources. You can use this technique to prevent malicious content from being injected into sites.
Content Security Policy is supported in all versions of Microsoft Edge. It lets web developers lock down the resources that can be used by their web application. This helps prevent [cross-site scripting](https://en.wikipedia.org/wiki/Cross-site_scripting) attacks that remain a common vulnerability on the web. However, the first version of Content Security Policy was difficult to implement on websites that used inline script elements that either pointed to script sources or contained script directly.
@@ -180,7 +179,7 @@ sections:
- question: |
What is Enterprise Mode Feature?
answer: |
- For more information about this topic, see [Enterprise Mode and the Enterprise Mode Site List](../ie11-deploy-guide/what-is-enterprise-mode.md).
+ For more information, see [Enterprise Mode and the Enterprise Mode Site List](../ie11-deploy-guide/what-is-enterprise-mode.md).
- question: |
Where can I obtain a list of HTTP Status codes?
@@ -190,9 +189,9 @@ sections:
- question: |
What is end of support for Internet Explorer 11?
answer: |
- Internet Explorer 11 is the last major version of Internet Explorer. Internet Explorer 11 will continue receiving security updates and technical support for the lifecycle of the version of Windows on which it is installed.
+ Internet Explorer 11 is the last major version of Internet Explorer. Internet Explorer 11 will continue receiving security updates and technical support for the lifecycle of the version of Windows on which it's installed.
- For more information, see [Lifecycle FAQ — Internet Explorer and Edge](/lifecycle/faq/internet-explorer-microsoft-edge).
+ For more information, see [Lifecycle FAQ - Internet Explorer and Microsoft Edge](/lifecycle/faq/internet-explorer-microsoft-edge).
- question: |
How to configure TLS (SSL) for Internet Explorer
@@ -229,7 +228,7 @@ sections:
- User Configuration > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page
**References**
- [How to configure Internet Explorer security zone sites using group polices](/archive/blogs/askie/how-to-configure-internet-explorer-security-zone-sites-using-group-polices)
+ [How to configure Internet Explorer security zone sites using group policies](/archive/blogs/askie/how-to-configure-internet-explorer-security-zone-sites-using-group-polices)
- question: |
What are the limits for MaxConnectionsPerServer, MaxConnectionsPer1_0Server for the current versions of Internet Explorer?
diff --git a/devices/hololens/docfx.json b/devices/hololens/docfx.json
index 2908606c60..017aa6750e 100644
--- a/devices/hololens/docfx.json
+++ b/devices/hololens/docfx.json
@@ -39,7 +39,7 @@
"ms.date": "04/05/2017",
"feedback_system": "GitHub",
"feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
- "feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
+ "feedback_product_url": "https://support.microsoft.com/windows/send-feedback-to-microsoft-with-the-feedback-hub-app-f59187f8-8739-22d6-ba93-f66612949332",
"_op_documentIdPathDepotMapping": {
"./": {
"depot_name": "Win.itpro-hololens",
diff --git a/devices/surface-hub/docfx.json b/devices/surface-hub/docfx.json
index 1e0f65ecc7..a9772d7b8c 100644
--- a/devices/surface-hub/docfx.json
+++ b/devices/surface-hub/docfx.json
@@ -36,7 +36,7 @@
"ms.date": "05/23/2017",
"feedback_system": "GitHub",
"feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
- "feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
+ "feedback_product_url": "https://support.microsoft.com/windows/send-feedback-to-microsoft-with-the-feedback-hub-app-f59187f8-8739-22d6-ba93-f66612949332",
"_op_documentIdPathDepotMapping": {
"./": {
"depot_name": "Win.surface-hub",
diff --git a/devices/surface/docfx.json b/devices/surface/docfx.json
index da410e3263..f11706aa9d 100644
--- a/devices/surface/docfx.json
+++ b/devices/surface/docfx.json
@@ -32,7 +32,7 @@
"ms.date": "05/09/2017",
"feedback_system": "GitHub",
"feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
- "feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
+ "feedback_product_url": "https://support.microsoft.com/windows/send-feedback-to-microsoft-with-the-feedback-hub-app-f59187f8-8739-22d6-ba93-f66612949332",
"_op_documentIdPathDepotMapping": {
"./": {
"depot_name": "Win.surface",
diff --git a/education/breadcrumb/toc.yml b/education/breadcrumb/toc.yml
index 93f929e957..41fb052a33 100644
--- a/education/breadcrumb/toc.yml
+++ b/education/breadcrumb/toc.yml
@@ -1,3 +1,4 @@
+items:
- name: Docs
tocHref: /
topicHref: /
@@ -12,4 +13,7 @@
- name: Windows
tocHref: /education/windows
topicHref: /education/windows/index
-
\ No newline at end of file
+ - name: Windows
+ tocHref: /windows/security/
+ topicHref: /education/windows/index
+
diff --git a/education/docfx.json b/education/docfx.json
index 04a27cb629..7aabd80dfc 100644
--- a/education/docfx.json
+++ b/education/docfx.json
@@ -17,7 +17,8 @@
"files": [
"**/*.png",
"**/*.jpg",
- "**/*.svg"
+ "**/*.svg",
+ "**/*.gif"
],
"exclude": [
"**/obj/**",
@@ -27,16 +28,13 @@
],
"globalMetadata": {
"recommendations": true,
- "ROBOTS": "INDEX, FOLLOW",
- "audience": "windows-education",
"ms.topic": "article",
"ms.technology": "windows",
- "manager": "dansimp",
- "audience": "ITPro",
+ "manager": "aaroncz",
"breadcrumb_path": "/education/breadcrumb/toc.json",
- "ms.date": "05/09/2017",
- "feedback_system": "None",
- "hideEdit": true,
+ "feedback_system": "GitHub",
+ "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
+ "feedback_product_url": "https://support.microsoft.com/windows/send-feedback-to-microsoft-with-the-feedback-hub-app-f59187f8-8739-22d6-ba93-f66612949332",
"_op_documentIdPathDepotMapping": {
"./": {
"depot_name": "Win.education",
@@ -51,6 +49,9 @@
"Kellylorenebaker",
"jborsecnik",
"tiburd",
+ "AngelaMotherofDragons",
+ "dstrome",
+ "v-dihans",
"garycentric"
]
},
diff --git a/education/includes/education-content-updates.md b/education/includes/education-content-updates.md
index 73b3828e76..47c8557394 100644
--- a/education/includes/education-content-updates.md
+++ b/education/includes/education-content-updates.md
@@ -2,39 +2,80 @@
-## Week of May 02, 2022
+## Week of September 05, 2022
| Published On |Topic title | Change |
|------|------------|--------|
-| 5/3/2022 | [Reset devices with Autopilot Reset](/education/windows/autopilot-reset) | modified |
-| 5/3/2022 | [Change history for Windows 10 for Education (Windows 10)](/education/windows/change-history-edu) | modified |
-| 5/3/2022 | [Change to Windows 10 Education from Windows 10 Pro](/education/windows/change-to-pro-education) | modified |
-| 5/3/2022 | [Chromebook migration guide (Windows 10)](/education/windows/chromebook-migration-guide) | modified |
-| 5/3/2022 | [Windows 10 configuration recommendations for education customers](/education/windows/configure-windows-for-education) | modified |
-| 5/3/2022 | [Deploy Windows 10 in a school district (Windows 10)](/education/windows/deploy-windows-10-in-a-school-district) | modified |
-| 5/3/2022 | [Deploy Windows 10 in a school (Windows 10)](/education/windows/deploy-windows-10-in-a-school) | modified |
-| 5/3/2022 | [Deployment recommendations for school IT administrators](/education/windows/edu-deployment-recommendations) | modified |
-| 5/3/2022 | [For IT administrators get Minecraft Education Edition](/education/windows/school-get-minecraft) | modified |
-| 5/3/2022 | [What's in Set up School PCs provisioning package](/education/windows/set-up-school-pcs-provisioning-package) | modified |
-| 5/3/2022 | [Take a Test app technical reference](/education/windows/take-a-test-app-technical) | modified |
-| 5/3/2022 | [Set up Take a Test on multiple PCs](/education/windows/take-a-test-multiple-pcs) | modified |
-| 5/3/2022 | [For teachers get Minecraft Education Edition](/education/windows/teacher-get-minecraft) | modified |
-| 5/3/2022 | [Test Windows 10 in S mode on existing Windows 10 education devices](/education/windows/test-windows10s-for-edu) | modified |
+| 9/8/2022 | [Education scenarios Microsoft Store for Education](/education/windows/education-scenarios-store-for-business) | modified |
+| 9/8/2022 | [Get Minecraft Education Edition](/education/windows/get-minecraft-for-education) | modified |
+| 9/8/2022 | [For teachers get Minecraft Education Edition](/education/windows/teacher-get-minecraft) | modified |
+| 9/9/2022 | [Take tests in Windows](/education/windows/take-tests-in-windows-10) | modified |
-## Week of April 25, 2022
+## Week of August 29, 2022
| Published On |Topic title | Change |
|------|------------|--------|
-| 4/25/2022 | [Deploy Windows 10 in a school district (Windows 10)](/education/windows/deploy-windows-10-in-a-school-district) | modified |
-| 4/25/2022 | [Deploy Windows 10 in a school district (Windows 10)](/education/windows/deploy-windows-10-in-a-school-district) | modified |
+| 8/31/2022 | [Configure applications with Microsoft Intune](/education/windows/tutorial-school-deployment/configure-device-apps) | added |
+| 8/31/2022 | [Configure and secure devices with Microsoft Intune](/education/windows/tutorial-school-deployment/configure-device-settings) | added |
+| 8/31/2022 | [Configure devices with Microsoft Intune](/education/windows/tutorial-school-deployment/configure-devices-overview) | added |
+| 8/31/2022 | [Enrollment in Intune with standard out-of-box experience (OOBE)](/education/windows/tutorial-school-deployment/enroll-aadj) | added |
+| 8/31/2022 | [Enrollment in Intune with Windows Autopilot](/education/windows/tutorial-school-deployment/enroll-autopilot) | added |
+| 8/31/2022 | [Device enrollment overview](/education/windows/tutorial-school-deployment/enroll-overview) | added |
+| 8/31/2022 | [Enrollment of Windows devices with provisioning packages](/education/windows/tutorial-school-deployment/enroll-package) | added |
+| 8/31/2022 | [Introduction](/education/windows/tutorial-school-deployment/index) | added |
+| 8/31/2022 | [Manage devices with Microsoft Intune](/education/windows/tutorial-school-deployment/manage-overview) | added |
+| 8/31/2022 | [Management functionalities for Surface devices](/education/windows/tutorial-school-deployment/manage-surface-devices) | added |
+| 8/31/2022 | [Reset and wipe Windows devices](/education/windows/tutorial-school-deployment/reset-wipe) | added |
+| 8/31/2022 | [Set up Azure Active Directory](/education/windows/tutorial-school-deployment/set-up-azure-ad) | added |
+| 8/31/2022 | [Set up device management](/education/windows/tutorial-school-deployment/set-up-microsoft-intune) | added |
+| 8/31/2022 | [Troubleshoot Windows devices](/education/windows/tutorial-school-deployment/troubleshoot-overview) | added |
-## Week of April 18, 2022
+## Week of August 15, 2022
| Published On |Topic title | Change |
|------|------------|--------|
-| 4/21/2022 | [For IT administrators get Minecraft Education Edition](/education/windows/school-get-minecraft) | modified |
+| 8/17/2022 | [For IT administrators get Minecraft Education Edition](/education/windows/school-get-minecraft) | modified |
+
+
+## Week of August 08, 2022
+
+
+| Published On |Topic title | Change |
+|------|------------|--------|
+| 8/10/2022 | [Reset devices with Autopilot Reset](/education/windows/autopilot-reset) | modified |
+| 8/10/2022 | [Change history for Windows 10 for Education (Windows 10)](/education/windows/change-history-edu) | modified |
+| 8/10/2022 | [Change to Windows 10 Education from Windows 10 Pro](/education/windows/change-to-pro-education) | modified |
+| 8/10/2022 | [Chromebook migration guide (Windows 10)](/education/windows/chromebook-migration-guide) | modified |
+| 8/10/2022 | [Windows 10 configuration recommendations for education customers](/education/windows/configure-windows-for-education) | modified |
+| 8/10/2022 | [Deploy Windows 10 in a school district (Windows 10)](/education/windows/deploy-windows-10-in-a-school-district) | modified |
+| 8/10/2022 | [Deploy Windows 10 in a school (Windows 10)](/education/windows/deploy-windows-10-in-a-school) | modified |
+| 8/10/2022 | [Deployment recommendations for school IT administrators](/education/windows/edu-deployment-recommendations) | modified |
+| 8/10/2022 | [Education scenarios Microsoft Store for Education](/education/windows/education-scenarios-store-for-business) | modified |
+| 8/10/2022 | [Enable S mode on Surface Go devices for Education](/education/windows/enable-s-mode-on-surface-go-devices) | modified |
+| 8/10/2022 | [Get Minecraft Education Edition](/education/windows/get-minecraft-for-education) | modified |
+| 8/10/2022 | [Windows 10 for Education (Windows 10)](/education/windows/index) | modified |
+| 8/10/2022 | [Switch to Windows 10 Pro Education in S mode from Windows 10 Pro in S mode](/education/windows/s-mode-switch-to-edu) | modified |
+| 8/10/2022 | [For IT administrators get Minecraft Education Edition](/education/windows/school-get-minecraft) | modified |
+| 8/10/2022 | [Azure AD Join with Set up School PCs app](/education/windows/set-up-school-pcs-azure-ad-join) | modified |
+| 8/10/2022 | [What's in Set up School PCs provisioning package](/education/windows/set-up-school-pcs-provisioning-package) | modified |
+| 8/10/2022 | [Shared PC mode for school devices](/education/windows/set-up-school-pcs-shared-pc-mode) | modified |
+| 8/10/2022 | [Set up School PCs app technical reference overview](/education/windows/set-up-school-pcs-technical) | modified |
+| 8/10/2022 | [What's new in the Windows Set up School PCs app](/education/windows/set-up-school-pcs-whats-new) | modified |
+| 8/10/2022 | [Set up student PCs to join domain](/education/windows/set-up-students-pcs-to-join-domain) | modified |
+| 8/10/2022 | [Provision student PCs with apps](/education/windows/set-up-students-pcs-with-apps) | modified |
+| 8/10/2022 | [Set up Windows devices for education](/education/windows/set-up-windows-10) | modified |
+| 8/10/2022 | [Take a Test app technical reference](/education/windows/take-a-test-app-technical) | modified |
+| 8/10/2022 | [Set up Take a Test on multiple PCs](/education/windows/take-a-test-multiple-pcs) | modified |
+| 8/10/2022 | [Set up Take a Test on a single PC](/education/windows/take-a-test-single-pc) | modified |
+| 8/10/2022 | [Take tests in Windows 10](/education/windows/take-tests-in-windows-10) | modified |
+| 8/10/2022 | [For teachers get Minecraft Education Edition](/education/windows/teacher-get-minecraft) | modified |
+| 8/10/2022 | [Test Windows 10 in S mode on existing Windows 10 education devices](/education/windows/test-windows10s-for-edu) | modified |
+| 8/10/2022 | [Use Set up School PCs app](/education/windows/use-set-up-school-pcs-app) | modified |
+| 8/10/2022 | [What is Windows 11 SE](/education/windows/windows-11-se-overview) | modified |
+| 8/10/2022 | [Windows 11 SE settings list](/education/windows/windows-11-se-settings-list) | modified |
+| 8/10/2022 | [Windows 10 editions for education customers](/education/windows/windows-editions-for-education-customers) | modified |
diff --git a/education/index.yml b/education/index.yml
index 26aa73e3a7..b67a140734 100644
--- a/education/index.yml
+++ b/education/index.yml
@@ -10,9 +10,11 @@ metadata:
description: Learn about product documentation and resources available for school IT administrators, teachers, students, and education app developers.
ms.service: help
ms.topic: hub-page
- author: LaurenMoynihan
- ms.author: v-lamoyn
- ms.date: 10/24/2019
+ ms.collection: education
+ author: paolomatarazzo
+ ms.author: paoloma
+ ms.date: 08/10/2022
+ manager: aaroncz
productDirectory:
title: For IT admins
@@ -44,24 +46,24 @@ productDirectory:
imageSrc: ./images/EDU-Lockbox.svg
links:
- url: /azure/active-directory/fundamentals/active-directory-deployment-checklist-p2
- text: AAD feature deployment guide
- - url: https://techcommunity.microsoft.com/t5/Azure-Information-Protection/Azure-Information-Protection-Deployment-Acceleration-Guide/ba-p/334423
+ text: Azure Active Directory feature deployment guide
+ - url: https://techcommunity.microsoft.com/t5/security-compliance-and-identity/azure-information-protection-deployment-acceleration-guide/ba-p/334423
text: Azure information protection deployment acceleration guide
- - url: /cloud-app-security/getting-started-with-cloud-app-security
+ - url: /defender-cloud-apps/get-started
text: Microsoft Defender for Cloud Apps
- url: /microsoft-365/compliance/create-test-tune-dlp-policy
text: Data loss prevention
- url: /microsoft-365/compliance/
- text: Microsoft 365 Compliance
+ text: Microsoft Purview compliance
- url: https://social.technet.microsoft.com/wiki/contents/articles/35748.office-365-what-is-customer-lockbox-and-how-to-enable-it.aspx
text: Deploying Lockbox
# Card
- title: Analytics & insights
imageSrc: ./images/EDU-Education.svg
links:
- - url: /power-bi/service-admin-administering-power-bi-in-your-organization
+ - url: /power-bi/admin/service-admin-administering-power-bi-in-your-organization
text: Power BI for IT admins
- - url: /dynamics365/#pivot=get-started
+ - url: /dynamics365/
text: Dynamics 365
# Card
- title: Find deployment help and other support resources
@@ -69,11 +71,9 @@ productDirectory:
links:
- url: /microsoft-365/education/deploy/find-deployment-help
text: IT admin help
- - url: https://social.technet.microsoft.com/forums/en-us/home
- text: TechNet
- - url: https://support.office.com/en-us/education
+ - url: https://support.office.com/education
text: Education help center
- - url: https://support.office.com/en-us/article/teacher-training-packs-7a9ee74a-8fe5-43d3-bc23-a55185896921
+ - url: /learn/educator-center/
text: Teacher training packs
# Card
- title: Check out our education journey
@@ -98,9 +98,9 @@ additionalContent:
summary: Learn how web applications can use the API to provide a locked down experience for taking tests.
url: /windows/uwp/apps-for-education/take-a-test-api
# Card
- - title: Office Education Dev center
- summary: Integrate with Office 365 across devices and services to extend Microsoft enterprise-scale compliance and security to students, teachers, and staff in your education app
- url: https://developer.microsoft.com/office/edu
+ - title: Office dev center
+ summary: Integrate with Office 365 across devices and services to extend Microsoft enterprise-scale compliance and security to students, teachers, and staff in your education app.
+ url: https://developer.microsoft.com/office/
# Card
- title: Data Streamer
summary: Bring new STEM experiences into the classroom with real-time data in Excel using Data Streamer. Data Streamer can send data to Excel from a sensor or application.
@@ -111,15 +111,7 @@ additionalContent:
# Card
- title: Microsoft Partner Network
summary: Discover the latest news and resources for Microsoft Education products, solutions, licensing and readiness.
- url: https://partner.microsoft.com/solutions/education
- # Card
- - title: Authorized Education Partner (AEP) program
- summary: Become authorized to purchase and resell academic priced offers and products to Qualified Educational Users (QEUs).
- url: https://www.mepn.com/
- # Card
- - title: Authorized Education Partner Directory
- summary: Search through the list of Authorized Education Partners worldwide who can deliver on customer licensing requirements, and provide solutions and services to current and future school needs.
- url: https://www.mepn.com/MEPN/AEPSearch.aspx
+ url: https://partner.microsoft.com/explore/education
# Card
- title: Education Partner community Yammer group
summary: Sign in with your Microsoft Partner account and join the Education Partner community private group on Yammer.
diff --git a/education/windows/TOC.yml b/education/windows/TOC.yml
index 3a592b8263..f90e7d595f 100644
--- a/education/windows/TOC.yml
+++ b/education/windows/TOC.yml
@@ -1,73 +1,99 @@
-- name: Windows 11 SE for Education
+items:
+- name: Windows for Education Documentation
+ href: index.yml
+- name: Tutorials
+ expanded: true
items:
- - name: Overview
- href: windows-11-se-overview.md
- - name: Settings and CSP list
- href: windows-11-se-settings-list.md
-- name: Windows 10 for Education
- href: index.md
+ - name: Deploy and manage Windows devices in a school
+ href: tutorial-school-deployment/toc.yml
+- name: Concepts
items:
+ - name: Windows 11 SE
+ items:
+ - name: Overview
+ href: windows-11-se-overview.md
+ - name: Settings and CSP list
+ href: windows-11-se-settings-list.md
+ - name: Windows in S Mode
+ items:
+ - name: Test Windows 10 in S mode on existing Windows 10 education devices
+ href: test-windows10s-for-edu.md
+ - name: Enable Windows 10 in S mode on Surface Go devices
+ href: enable-s-mode-on-surface-go-devices.md
- name: Windows 10 editions for education customers
href: windows-editions-for-education-customers.md
+ - name: Shared PC mode for school devices
+ href: set-up-school-pcs-shared-pc-mode.md
- name: Windows 10 configuration recommendations for education customers
href: configure-windows-for-education.md
- - name: Deployment recommendations for school IT administrators
- href: edu-deployment-recommendations.md
- - name: Set up Windows devices for education
- href: set-up-windows-10.md
+- name: How-to-guides
+ items:
+ - name: Use the Set up School PCs app
+ href: use-set-up-school-pcs-app.md
+ - name: Take tests and assessments in Windows
items:
- - name: What's new in Set up School PCs
- href: set-up-school-pcs-whats-new.md
- - name: Technical reference for the Set up School PCs app
- href: set-up-school-pcs-technical.md
- items:
- - name: Azure AD Join for school PCs
- href: set-up-school-pcs-azure-ad-join.md
- - name: Shared PC mode for school devices
- href: set-up-school-pcs-shared-pc-mode.md
- - name: Provisioning package settings
- href: set-up-school-pcs-provisioning-package.md
- - name: Use the Set up School PCs app
- href: use-set-up-school-pcs-app.md
- - name: Set up student PCs to join domain
- href: set-up-students-pcs-to-join-domain.md
- - name: Provision student PCs with apps
- href: set-up-students-pcs-with-apps.md
- - name: Take tests in Windows 10
- href: take-tests-in-windows-10.md
- items:
- - name: Set up Take a Test on a single PC
+ - name: Overview
+ href: take-tests-in-windows-10.md
+ - name: Configure Take a Test on a single PC
href: take-a-test-single-pc.md
- - name: Set up Take a Test on multiple PCs
+ - name: Configure a Test on multiple PCs
href: take-a-test-multiple-pcs.md
- - name: Take a Test app technical reference
- href: take-a-test-app-technical.md
+ - name: Change Windows edition
+ items:
+ - name: Switch to Windows 10 Pro Education in S mode from Windows 10 Pro in S mode
+ href: s-mode-switch-to-edu.md
+ - name: Change to Windows 10 Pro Education from Windows 10 Pro
+ href: change-to-pro-education.md
+ - name: Upgrade Windows Home to Windows Education on student-owned devices
+ href: change-home-to-edu.md
+ - name: "Get and deploy Minecraft: Education Edition"
+ items:
+ - name: "Get Minecraft: Education Edition"
+ href: get-minecraft-for-education.md
+ - name: "For IT administrators: get Minecraft Education Edition"
+ href: school-get-minecraft.md
+ - name: "For teachers: get Minecraft Education Edition"
+ href: teacher-get-minecraft.md
+ - name: Work with Microsoft Store for Education
+ href: education-scenarios-store-for-business.md
+ - name: Migrate from Chromebook to Windows
+ items:
+ - name: Chromebook migration guide
+ href: chromebook-migration-guide.md
+ - name: Deploy Windows 10 devices in a school
+ items:
+ - name: Overview
+ href: deploy-windows-10-overview.md
+ - name: Deploy Windows 10 in a school
+ href: deploy-windows-10-in-a-school.md
+ - name: Deploy Windows 10 in a school district
+ href: deploy-windows-10-in-a-school-district.md
+ - name: Deployment recommendations for school IT administrators
+ href: edu-deployment-recommendations.md
+ - name: Set up Windows devices for education
+ items:
+ - name: Overview
+ href: set-up-windows-10.md
+ - name: Azure AD join for school PCs
+ href: set-up-school-pcs-azure-ad-join.md
+ - name: Active Directory join for school PCs
+ href: set-up-students-pcs-to-join-domain.md
+ - name: Provision student PCs with apps
+ href: set-up-students-pcs-with-apps.md
- name: Reset devices with Autopilot Reset
href: autopilot-reset.md
- - name: Working with Microsoft Store for Education
- href: education-scenarios-store-for-business.md
- - name: "Get Minecraft: Education Edition"
- href: get-minecraft-for-education.md
- items:
- - name: "For teachers: get Minecraft Education Edition"
- href: teacher-get-minecraft.md
- - name: "For IT administrators: get Minecraft Education Edition"
- href: school-get-minecraft.md
- - name: "Get Minecraft: Education Edition with Windows 10 device promotion"
- href: get-minecraft-device-promotion.md
- - name: Test Windows 10 in S mode on existing Windows 10 education devices
- href: test-windows10s-for-edu.md
- - name: Enable Windows 10 in S mode on Surface Go devices
- href: enable-s-mode-on-surface-go-devices.md
- - name: Deploy Windows 10 in a school
- href: deploy-windows-10-in-a-school.md
- - name: Deploy Windows 10 in a school district
- href: deploy-windows-10-in-a-school-district.md
- - name: Switch to Windows 10 Pro Education in S mode from Windows 10 Pro in S mode
- href: s-mode-switch-to-edu.md
- - name: Change to Windows 10 Pro Education from Windows 10 Pro
- href: change-to-pro-education.md
- - name: Chromebook migration guide
- href: chromebook-migration-guide.md
+- name: Reference
+ items:
+ - name: Set up School PCs
+ items:
+ - name: Set up School PCs app technical reference
+ href: set-up-school-pcs-technical.md
+ - name: Provisioning package settings
+ href: set-up-school-pcs-provisioning-package.md
+ - name: What's new in Set up School PCs
+ href: set-up-school-pcs-whats-new.md
+ - name: Take a Test app technical reference
+ href: take-a-test-app-technical.md
- name: Change history for Windows 10 for Education
href: change-history-edu.md
+
diff --git a/education/windows/autopilot-reset.md b/education/windows/autopilot-reset.md
index 5e41713a4b..ad98be350e 100644
--- a/education/windows/autopilot-reset.md
+++ b/education/windows/autopilot-reset.md
@@ -1,23 +1,23 @@
---
title: Reset devices with Autopilot Reset
description: Gives an overview of Autopilot Reset and how you can enable and use it in your schools.
-keywords: Autopilot Reset, Windows 10, education
-ms.prod: w10
+keywords: Autopilot Reset, Windows, education
+ms.prod: windows
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: edu
ms.localizationpriority: medium
-author: dansimp
-ms.author: dansimp
-ms.date: 06/27/2018
+ms.collection: education
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/10/2022
ms.reviewer:
-manager: dansimp
+manager: aaroncz
+appliesto:
+- ✅ Windows 10
---
# Reset devices with Autopilot Reset
-**Applies to:**
-
-- Windows 10, version 1709
IT admins or technical teachers can use Autopilot Reset to quickly remove personal files, apps, and settings, and reset Windows 10 devices from the lock screen anytime and apply original settings and management enrollment (Azure Active Directory and device management) so the devices are ready to use. With Autopilot Reset, devices are returned to a fully configured or known IT-approved state.
diff --git a/education/windows/change-history-edu.md b/education/windows/change-history-edu.md
index 9a828c6755..2b3d262830 100644
--- a/education/windows/change-history-edu.md
+++ b/education/windows/change-history-edu.md
@@ -2,20 +2,22 @@
title: Change history for Windows 10 for Education (Windows 10)
description: New and changed topics in Windows 10 for Education
keywords: Windows 10 education documentation, change history
-ms.prod: w10
+ms.prod: windows
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: edu
-author: dansimp
-ms.author: dansimp
-ms.date: 05/21/2019
+ms.collection: education
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/10/2022
ms.reviewer:
-manager: dansimp
+manager: aaroncz
+appliesto:
+- ✅ Windows 10
---
-
# Change history for Windows 10 for Education
-This topic lists new and updated topics in the [Windows 10 for Education](index.md) documentation.
+This topic lists new and updated topics in the [Windows 10 for Education](index.yml) documentation.
## May 2019
@@ -135,7 +137,7 @@ The topics in this library have been updated for Windows 10, version 1607 (also
| New or changed topic | Description|
| --- | --- |
| [Windows 10 editions for education customers](windows-editions-for-education-customers.md) | New. Learn about the two editions in Windows 10, version 1607 that's designed for the needs of K-12 institutions. |
-|[Deploy Windows 10 in a school district](deploy-windows-10-in-a-school-district.md)|New. Learn how to deploy Windows 10 in a school district. Integrate the school environment with Office 365, AD DS, and Microsoft Azure AD, use SCCM, Intune, and Group Policy to manage devices. |
+|[Deploy Windows 10 in a school district](deploy-windows-10-in-a-school-district.md)|New. Learn how to deploy Windows 10 in a school district. Integrate the school environment with Office 365, AD DS, and Microsoft Azure AD, use Configuration Manager, Intune, and Group Policy to manage devices. |
## June 2016
diff --git a/education/windows/change-home-to-edu.md b/education/windows/change-home-to-edu.md
new file mode 100644
index 0000000000..bb3a601ed0
--- /dev/null
+++ b/education/windows/change-home-to-edu.md
@@ -0,0 +1,232 @@
+---
+title: Upgrade Windows Home to Windows Education on student-owned devices
+description: Learn how IT Pros can upgrade student-owned devices from Windows Home to Windows Education using Mobile Device Management or Kivuto OnTheHub with qualifying subscriptions.
+ms.date: 08/10/2022
+ms.prod: windows
+ms.technology: windows
+ms.topic: how-to
+ms.localizationpriority: medium
+author: scottbreenmsft
+ms.author: scbree
+ms.reviewer: paoloma
+manager: jeffbu
+ms.collection: education
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+---
+
+# Upgrade Windows Home to Windows Education on student-owned devices
+
+## Overview
+
+Customers with qualifying subscriptions can upgrade student-owned and institution-owned devices from *Windows Home* to *Windows Education*, which is designed for both the classroom and remote learning.
+
+> [!NOTE]
+> To be qualified for this process, customers must have a Windows Education subscription that includes the student use benefit and must have access to the Volume Licensing Service Center (VLSC) or the Microsoft 365 Admin Center.
+
+IT admins can upgrade student devices using a multiple activation key (MAK) manually or through Mobile Device Management (MDM). Alternatively, IT admins can set up a portal through [Kivuto OnTheHub](http://onthehub.com) where students can request a *Windows Pro Education* product key. The table below provides the recommended method depending on the scenario.
+
+| Method | Product key source | Device ownership | Best for |
+|-|-|-|-|
+| MDM | VLSC | Personal (student-owned) | IT admin initiated via MDM |
+| Kivuto | Kivuto | Personal (student-owned) | Initiated on device by student, parent or guardian |
+| Provisioning package | VLSC | Personal (student-owned) or Corporate (institution-owned) | IT admin initiated at first boot |
+
+These methods apply to devices with *Windows Home* installed; institution-owned devices can be upgraded from *Windows Professional* or *Windows Pro Edu* to *Windows Education* or *Windows Enterprise* using [Windows 10/11 Subscription Activation](/windows/deployment/windows-10-subscription-activation).
+
+## User Notifications
+
+Users aren't notified their device has been or will be upgraded to Windows Education when using MDM. It's the responsibility of the institution to notify their users. Institutions should notify their users that MDM will initiate an upgrade to Windows Education and this upgrade will give the institution extra capabilities, such as installing applications.
+
+Device users can disconnect from MDM in the Settings app, to prevent further actions from being taken on their personal device. For instructions on disconnecting from MDM, see [Remove your Windows device from management](/mem/intune/user-help/unenroll-your-device-from-intune-windows).
+
+## Why upgrade student-owned devices from Windows Home to Windows Education?
+
+Some school institutions want to streamline student onboarding for student-owned devices using MDM. Typical MDM requirements include installing certificates, configuring WiFi profiles and installing applications. On Windows, MDM uses Configuration Service Providers (CSPs) to configure settings. Some CSPs aren't available on Windows Home, which can limit the capabilities. Some of the CSPs not available in Windows Home that can affect typical student onboarding are:
+
+- [EnterpriseDesktopAppManagement](/windows/client-management/mdm/enterprisemodernappmanagement-csp) - which enables deployment of Windows installer or Win32 applications.
+- [DeliveryOptimization](/windows/client-management/mdm/policy-csp-deliveryoptimization) - which enables configuration of Delivery Optimization.
+
+A full list of CSPs are available at [Configuration service provider reference](/windows/client-management/mdm/configuration-service-provider-reference). For more information about enrolling devices into Microsoft Intune, see [Deployment guide: Enroll Windows devices in Microsoft Intune](/mem/intune/fundamentals/deployment-guide-enrollment-windows).
+
+## Requirements for using a MAK to upgrade from Windows Home to Windows Education
+
+- Access to Volume Licensing Service Center (VLSC) or the Microsoft 365 Admin Center.
+- A qualifying Windows subscription such as:
+ - Windows A3, or;
+ - Windows A5.
+- A pre-installed and activated instance of Windows 10 Home or Windows 11 Home.
+
+You can find more information in the [Microsoft Product Terms](https://www.microsoft.com/licensing/terms/productoffering).
+
+## How the upgrade process works
+
+IT admins with access to the VLSC or the Microsoft 365 Admin Center, can find their MAK for Windows Education and trigger an upgrade using Mobile Device Management or manually on devices.
+
+> [!WARNING]
+> The MAK is highly sensitive and should always be protected. Only authorized staff should be given access to the key and it should never be distributed to students or broadly to your organization in documentation or emails.
+
+### Recommended methods for using a MAK
+
+It's critical that MAKs are protected whenever they're used. The following processes provide the best protection for a MAK being applied to a device:
+
+- Provisioning package by institution approved staff;
+- Manual entry by institution approved staff (don't distribute the key via email);
+- Mobile Device Management (like Microsoft Intune) via [WindowsLicensing CSP](/windows/client-management/mdm/windowslicensing-csp);
+ > [!IMPORTANT]
+ > If you are using a Mobile Device Management product other than Microsoft Intune, ensure the key isn't accessible by students.
+- Operating System Deployment processes with tools such as Microsoft Deployment Toolkit or Microsoft Endpoint Configuration Manager.
+
+For a full list of methods to perform a Windows edition upgrade and more details, see [Windows 10 edition upgrade](/windows/deployment/upgrade/windows-10-edition-upgrades).
+
+## Downgrading, resetting, reinstalling and graduation rights
+
+After upgrading from *Windows Home* to *Windows Education* there are some considerations for what happens during downgrade, reset or reinstall of the operating system.
+
+The table below highlights the differences by upgrade product key type:
+
+| Product Key Type | Downgrade (in-place) | Reset | Student reinstall |
+|-|-|-|-|
+| VLSC | No | Yes | No |
+| Kivuto OnTheHub | No | Yes | Yes |
+
+### Downgrade
+
+It isn't possible to downgrade to *Windows Home* from *Windows Education* without reinstalling Windows.
+
+### Reset
+
+If the computer is reset, Windows Education will be retained.
+
+### Reinstall
+
+The Education upgrade doesn't apply to reinstalling Windows. Use the original Windows edition when reinstalling Windows. The original product key or [firmware-embedded product key](#what-is-a-firmware-embedded-activation-key) will be used to activate Windows.
+
+If students require a *Windows Pro Education* key that can work on a new install of Windows, they should use [Kivuto OnTheHub](http://onthehub.com) to request a key prior to graduation.
+
+For details on product keys and reinstalling Windows, see [Find your Windows product key](https://support.microsoft.com/windows/find-your-windows-product-key-aaa2bf69-7b2b-9f13-f581-a806abf0a886).
+
+### Resale
+
+The license will remain installed on the device if resold and the same conditions above apply for downgrade, reset or reinstall.
+
+## Step by step process for customers to upgrade student-owned devices using Microsoft Intune
+
+These steps provide instructions on how to use Microsoft Intune to upgrade devices from Home to Education.
+
+### Step 1: Create a Windows Home edition filter
+
+These steps configure a filter that will only apply to devices running the *Windows Home edition*. This filter will ensure only devices running *Windows Home edition* are upgraded. For more information about filters, see [Create filters in Microsoft Intune](/mem/intune/fundamentals/filters).
+
+- Start in the [**Microsoft Endpoint Manager admin console**](https://endpoint.microsoft.com)
+- Select **Tenant administration** > **Filters**
+- Select **Create**
+ - Specify a name for the filter (for example *Windows Home edition*)
+ - Select the **platform** as **Windows 10 and later**
+ - Select **Next**
+- On the **Rules** screen, configure the following rules:
+ - **operatingSystemSKU** equals **Core (Windows 10/11 Home (101))**
+ - OR
+ - **operatingSystemSKU** equals **CoreN (Windows 10/11 Home N (98))**
+ - OR
+ - **operatingSystemSKU** equals **CoreSingleLanguage (Windows 10/11 Home single language (100))**
+
+ > [!NOTE]
+ > Ensure you've selected OR as the operator in the right And/Or column
+
+ :::image type="content" source="images/change-home-to-edu-windows-home-edition-intune-filter.png" alt-text="Example of configuring the Windows Home filter":::
+
+- Optionally select scope tags as required
+- Save the filter by selecting **Create**
+
+### Step 2: Create a Windows edition upgrade policy
+
+These steps create and assign a Windows edition upgrade policy. For more information, see [Windows 10/11 device settings to upgrade editions or enable S mode in Intune](/mem/intune/configuration/edition-upgrade-windows-settings).
+
+- Start in the [**Microsoft Endpoint Manager admin console**](https://endpoint.microsoft.com)
+- Select **Devices** > **Configuration profiles**
+- Select **Create profile**
+ - Select the **Platform** as **Windows 10 or later**
+ - Select the **Profile type** as **Templates**
+ - Select the **Template** as **Edition upgrade and mode switch**
+ - Select **Create**
+- Specify a name for the policy (for example *Windows Education edition upgrade*), select **Next**
+- On the **Configuration settings** screen
+ - Expand **Edition Upgrade**
+ - Change **Edition to upgrade** to **Windows 10/11 Education**
+ - In the **Product Key**, enter your *Windows 10/11 Education MAK*
+ - Select **Next**
+
+ :::image type="content" source="images/change-home-to-edu-windows-edition-upgrade-policy.png" alt-text="Example of configuring the Windows upgrade policy in Microsoft Intune":::
+
+- Optionally select scope tags as required and select **Next**
+- On the **assignments** screen;
+ - Select **Add all devices**
+ - Next to **All devices**, select **Edit filter**
+
+ > [!NOTE]
+ > You can also target other security groups that contain a smaller scope of users or devices and apply the filter rather than All devices.
+
+ - Select to **Include filtered devices in assignment**
+ - Select the *Windows Home edition* filter you created earlier
+ - Choose **Select** to save the filter selection
+ - Select **Next** to progress to the next screen
+- Don't configure any applicability rules and select **next**
+- Review your settings and select **Create**
+
+The edition upgrade policy will now apply to all existing and new Windows Home edition devices targeted.
+
+### Step 3: Report on device edition
+
+You can check the Windows versions of managed devices in the Microsoft Endpoint Manager admin console.
+
+- Start in the **Microsoft Endpoint Manager admin console**
+- Select **Devices** > **Windows**
+- Select the **Columns** button
+- Select **Sku Family**
+- Select **Export**
+- Select **Only include the selected columns in the exported file** and select **Yes**
+- Open the file in Excel and filter on the Sku Family column to identify which devices are running the Home SKU
+
+## Frequently asked questions (FAQ)
+
+### My MAK key has run out of activations, how do I request a new one?
+
+Increases to MAK Activation quantity can be requested by contacting [VLSC support](/licensing/contact-us) and may be granted by exception. A request can be made by accounts with the VLSC Administrator, Key Administrator, or Key Viewer permissions. The request should include the following information:
+
+- Agreement/Enrollment Number or License ID and Authorization.
+- Product Name (includes version and edition).
+- Last five characters of the product key.
+- The number of host activations required.
+- Business Justification or Reason for Deployment.
+
+### What is a firmware-embedded activation key?
+
+A firmware-embedded activation key is a Windows product key that is installed into the firmware of your device. The embedded key makes it easier to install and activate Windows. To determine if the computer has a firmware-embedded activation key, type the following command at an elevated Windows PowerShell prompt:
+
+```powershell
+(Get-CimInstance -query 'select * from SoftwareLicensingService').OA3xOriginalProductKey
+```
+
+If the device has a firmware-embedded activation key, it will be displayed in the output. Otherwise, the device doesn't have a firmware embedded activation key. Most OEM-provided devices designed to run Windows 8 or later will have a firmware-embedded key.
+
+A firmware embedded key is only required to upgrade using Subscription Activation, a MAK upgrade doesn't require the firmware embedded key.
+
+### What is a multiple activation key and how does it differ from using KMS, Active Directory based activation or Subscription Activation?
+
+A multiple activation key activates either individual computers or a group of computers by connecting directly to servers over the internet or by telephone. KMS, Active Directory based activation and subscription activation are bulk activation methods that work based on network proximity or joining to Active Directory or Azure Active Directory. The table below shows which methods can be used for each scenario.
+
+| Scenario | Ownership | MAK | KMS | AD based activation | Subscription Activation |
+|-|-|:-:|:-:|:-:|:-:|
+| **Workplace join (add work or school account)** | Personal (or student-owned) | X | | | |
+| **Azure AD Join** | Organization | X | X | | X |
+| **Hybrid Azure AD Join** | Organization | X | X | X | X |
+
+## Related links
+
+- [Windows 10 edition upgrade (Windows 10)](/windows/deployment/upgrade/windows-10-edition-upgrades)
+- [Windows 10/11 Subscription Activation](/windows/deployment/windows-10-subscription-activation)
+- [Equip Your Students with Windows 11 Education - Kivuto](https://kivuto.com/windows-11-student-use-benefit/)
+- [Upgrade Windows Home to Windows Pro (microsoft.com)](https://support.microsoft.com/windows/upgrade-windows-home-to-windows-pro-ef34d520-e73f-3198-c525-d1a218cc2818)
+- [Partner Center: Upgrade Education customers from Windows 10 Home to Windows 10 Education](/partner-center/upgrade-windows-to-education)
diff --git a/education/windows/change-to-pro-education.md b/education/windows/change-to-pro-education.md
index 9d165c8892..3c0e5424ee 100644
--- a/education/windows/change-to-pro-education.md
+++ b/education/windows/change-to-pro-education.md
@@ -2,16 +2,19 @@
title: Change to Windows 10 Education from Windows 10 Pro
description: Learn how IT Pros can opt into changing to Windows 10 Pro Education from Windows 10 Pro.
keywords: change, free change, Windows 10 Pro to Windows 10 Pro Education, Windows 10 Pro to Windows 10 Pro Education, education customers, Windows 10 Pro Education, Windows 10 Pro
-ms.prod: w10
+ms.prod: windows
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: edu
ms.localizationpriority: medium
-author: dansimp
-ms.author: dansimp
-ms.date: 05/21/2019
+ms.collection: education
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/10/2022
ms.reviewer:
-manager: dansimp
+manager: aaroncz
+appliesto:
+- ✅ Windows 10
---
# Change to Windows 10 Pro Education from Windows 10 Pro
@@ -28,7 +31,7 @@ To take advantage of this offering, make sure you meet the [requirements for cha
## Requirements for changing
Before you change to Windows 10 Pro Education, make sure you meet these requirements:
- Devices must be running Windows 10 Pro, version 1607 or higher.
-- Devices must be Azure Active Directory joined, or domain joined with Azure AD Connect. Customers who are federated with Azure AD are also eligible. For more information, see [Review requirements on devices](#review-requirements-on-devices).
+- Devices must be Azure Active Directory-joined, or domain joined with Azure AD Connect. Customers who are federated with Azure AD are also eligible. For more information, see [Review requirements on devices](#review-requirements-on-devices).
If you haven't domain joined your devices already, [prepare for deployment of Windows 10 Pro Education licenses](#preparing-for-deployment-of-windows-10-pro-education-licenses).
@@ -47,7 +50,7 @@ For schools that want to standardize all their Windows 10 Pro devices to Windows
In this scenario:
-- The IT admin of the tenant chooses to turn on the change for all Azure AD joined devices.
+- The IT admin of the tenant chooses to turn on the change for all Azure AD-joined devices.
- Any device that joins the Azure AD will change automatically to Windows 10 Pro Education.
- The IT admin has the option to automatically roll back to Windows 10 Pro, if desired. See [Roll back Windows 10 Pro Education to Windows 10 Pro](#roll-back-windows-10-pro-education-to-windows-10-pro).
@@ -92,7 +95,7 @@ You can use Windows Configuration Designer to create a provisioning package that
3. In the **Enter a product key** window, enter the MAK key for Windows 10 Pro Education and click **Next**.
-## Education customers with Azure AD joined devices
+## Education customers with Azure AD-joined devices
Academic institutions can easily move from Windows 10 Pro to Windows 10 Pro Education without using activation keys or reboots. When one of your users enters their Azure AD credentials associated with a Windows 10 Pro Education license, the operating system changes to Windows 10 Pro Education and all the appropriate Windows 10 Pro Education features are unlocked. Previously, only schools or organizations purchasing devices as part of the Shape the Future K-12 program or with a Microsoft Volume Licensing Agreement could deploy Windows 10 Pro Education to their users. Now, if you have an Azure AD for your organization, you can take advantage of the Windows 10 Pro Education features.
@@ -145,7 +148,7 @@ Enabling the automatic change also triggers an email message notifying all globa
So what will users experience? How will they change their devices?
-### For existing Azure AD joined devices
+### For existing Azure AD-joined devices
Existing Azure AD domain joined devices will be changed to Windows 10 Pro Education the next time the user logs in. That's it! No other steps are needed.
### For new devices that are not Azure AD joined
@@ -251,7 +254,7 @@ Devices must be running Windows 10 Pro, version 1607 or higher, or domain joined
dsregcmd /status
```
-2. Review the output under Device State. If the **AzureAdJoined** status is YES, the device is Azure Active Directory joined.
+2. Review the output under Device State. If the **AzureAdJoined** status is YES, the device is Azure Active Directory-joined.
**To determine the version of Windows 10**
diff --git a/education/windows/chromebook-migration-guide.md b/education/windows/chromebook-migration-guide.md
index 37e9cba645..b7d6452223 100644
--- a/education/windows/chromebook-migration-guide.md
+++ b/education/windows/chromebook-migration-guide.md
@@ -2,26 +2,24 @@
title: Chromebook migration guide (Windows 10)
description: In this guide, you'll learn how to migrate a Google Chromebook-based learning environment to a Windows 10-based learning environment.
ms.assetid: 7A1FA48A-C44A-4F59-B895-86D4D77F8BEA
-ms.reviewer:
-manager: dansimp
keywords: migrate, automate, device, Chromebook migration
-ms.prod: w10
+ms.prod: windows
ms.mktglfcycl: plan
ms.sitesec: library
ms.pagetype: edu, devices
ms.localizationpriority: medium
-author: dansimp
-ms.author: dansimp
-ms.date: 10/13/2017
+ms.collection: education
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/10/2022
+ms.reviewer:
+manager: aaroncz
+appliesto:
+- ✅ Windows 10
---
# Chromebook migration guide
-
-**Applies to**
-
-- Windows 10
-
In this guide, you'll learn how to migrate a Google Chromebook-based learning environment to a Windows 10-based learning environment. You'll learn how to perform the necessary planning steps, including Windows device deployment, migration of user and device settings, app migration or replacement, and cloud storage migration. You'll then learn the best method to perform the migration by using automated deployment and migration tools.
## Plan Chromebook migration
@@ -485,7 +483,7 @@ Table 9. Management systems and deployment resources
|--- |--- |
|Windows provisioning packages|
[Build and apply a provisioning package](/windows/configuration/provisioning-packages/provisioning-create-package)
[Windows Imaging and Configuration Designer](/windows/configuration/provisioning-packages/provisioning-install-icd)
[Step-By-Step: Building Windows 10 Provisioning Packages](/archive/blogs/canitpro/step-by-step-building-windows-10-provisioning-packages)|
|Group Policy|
[Core Network Companion Guide: Group Policy Deployment](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj899807(v=ws.11))
[Deploying Group Policy](/previous-versions/windows/it-pro/windows-server-2003/cc737330(v=ws.10))"|
-|Configuration Manager|
[Site Administration for System Center 2012 Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg681983(v=technet.10))
[Deploying Clients for System Center 2012 Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg699391(v=technet.10))|
+|Configuration Manager|
[Site Administration for Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg681983(v=technet.10))
[Deploying Clients for Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg699391(v=technet.10))|
|Intune|
[Set up and manage devices with Microsoft Intune](https://go.microsoft.com/fwlink/p/?LinkId=690262)
[System Center 2012 R2 Configuration Manager & Windows Intune](/learn/?l=fCzIjVKy_6404984382)|
|MDT|
[Step-By-Step: Installing Windows 8.1 From A USB Key](/archive/blogs/canitpro/step-by-step-installing-windows-8-1-from-a-usb-key)|
diff --git a/education/windows/configure-windows-for-education.md b/education/windows/configure-windows-for-education.md
index 6d0c2694a5..4b876aa023 100644
--- a/education/windows/configure-windows-for-education.md
+++ b/education/windows/configure-windows-for-education.md
@@ -4,21 +4,19 @@ description: Provides guidance on ways to configure the OS diagnostic data, cons
keywords: Windows 10 deployment, recommendations, privacy settings, school, education, configurations, accessibility, assistive technology
ms.mktglfcycl: plan
ms.sitesec: library
-ms.prod: w10
+ms.prod: windows
ms.pagetype: edu
ms.localizationpriority: medium
-author: dansimp
-ms.author: dansimp
-ms.date:
+ms.collection: education
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/10/2022
ms.reviewer:
-manager: dansimp
+manager: aaroncz
+appliesto:
+- ✅ Windows 10
---
-
# Windows 10 configuration recommendations for education customers
-**Applies to:**
-
-- Windows 10
-
Privacy is important to us, we want to provide you with ways to customize the OS diagnostic data, consumer experiences, Cortana, search, and some of the preinstalled apps, for usage with [education editions of Windows 10](windows-editions-for-education-customers.md) in education environments. These features work on all Windows 10 editions, but education editions of Windows 10 have the settings preconfigured. We recommend that all Windows 10 devices in an education setting be configured with **[SetEduPolicies](#setedupolicies)** enabled. For more information, see the following table. To learn more about Microsoft's commitment to privacy, see [Windows 10 and privacy](https://go.microsoft.com/fwlink/?LinkId=809305).
diff --git a/education/windows/deploy-windows-10-in-a-school-district.md b/education/windows/deploy-windows-10-in-a-school-district.md
index aa2e5b4d70..6f72f69d44 100644
--- a/education/windows/deploy-windows-10-in-a-school-district.md
+++ b/education/windows/deploy-windows-10-in-a-school-district.md
@@ -2,24 +2,23 @@
title: Deploy Windows 10 in a school district (Windows 10)
description: Learn how to deploy Windows 10 in a school district. Integrate the school environment with Office 365, Active Directory Domain Services (AD DS), and Microsoft Azure Active Directory (Azure AD), use Microsoft Endpoint Configuration Manager, Intune, and Group Policy to manage devices.
keywords: configure, tools, device, school district, deploy Windows 10
-ms.prod: w10
+ms.prod: windows
ms.mktglfcycl: plan
ms.pagetype: edu
ms.sitesec: library
ms.localizationpriority: medium
-author: dansimp
-ms.author: dansimp
+ms.collection: education
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/10/2022
ms.reviewer:
-manager: dansimp
+manager: aaroncz
+appliesto:
+- ✅ Windows 10
---
# Deploy Windows 10 in a school district
-**Applies to**
-
-- Windows 10
-
-
This guide shows you how to deploy the Windows 10 operating system in a school district. You learn how to deploy Windows 10 in classrooms; integrate the school environment with Microsoft Office 365, Active Directory Domain Services (AD DS), and Microsoft Azure Active Directory (Azure AD); and deploy Windows 10 and your apps to new devices or upgrade existing devices to Windows 10. This guide also describes how to use Microsoft Endpoint Configuration Manager, Microsoft Intune, and Group Policy to manage devices. Finally, the guide discusses common, ongoing maintenance tasks that you'll perform after initial deployment and the automated tools and built-in features of the operating system.
## Prepare for district deployment
@@ -1279,9 +1278,9 @@ You've now identified the tasks you need to perform monthly, at the end of an ac
* [Try it out: Windows 10 in the classroom](../index.yml)
* [Chromebook migration guide](./chromebook-migration-guide.md)
* [Deploy Windows 10 in a school](./deploy-windows-10-in-a-school.md)
-* [Automate common Windows 10 deployment and configuration tasks for a school environment (video)](./index.md)
-* [Deploy a custom Windows 10 Start menu layout for a school (video)](./index.md)
-* [Manage Windows 10 updates and upgrades in a school environment (video)](./index.md)
-* [Reprovision devices at the end of the school year (video)](./index.md)
-* [Use MDT to deploy Windows 10 in a school (video)](./index.md)
-* [Use Microsoft Store for Business in a school environment (video)](./index.md)
+* [Automate common Windows 10 deployment and configuration tasks for a school environment (video)](./index.yml)
+* [Deploy a custom Windows 10 Start menu layout for a school (video)](./index.yml)
+* [Manage Windows 10 updates and upgrades in a school environment (video)](./index.yml)
+* [Reprovision devices at the end of the school year (video)](./index.yml)
+* [Use MDT to deploy Windows 10 in a school (video)](./index.yml)
+* [Use Microsoft Store for Business in a school environment (video)](./index.yml)
diff --git a/education/windows/deploy-windows-10-in-a-school.md b/education/windows/deploy-windows-10-in-a-school.md
index b618ca7b09..ee97678d29 100644
--- a/education/windows/deploy-windows-10-in-a-school.md
+++ b/education/windows/deploy-windows-10-in-a-school.md
@@ -2,24 +2,23 @@
title: Deploy Windows 10 in a school (Windows 10)
description: Learn how to integrate your school environment with Microsoft Office 365, Active Directory Domain Services (AD DS), and Microsoft Azure Active Directory (Azure AD). Deploy Windows 10 and apps to new devices or upgrade existing devices to Windows 10. Manage faculty, students, and devices by using Microsoft Intune and Group Policy.
keywords: configure, tools, device, school, deploy Windows 10
-ms.prod: w10
+ms.prod: windows
ms.mktglfcycl: plan
ms.pagetype: edu
ms.sitesec: library
ms.localizationpriority: medium
-author: dansimp
-ms.author: dansimp
+ms.collection: education
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/10/2022
ms.reviewer:
-manager: dansimp
+manager: aaroncz
+appliesto:
+- ✅ Windows 10
---
# Deploy Windows 10 in a school
-
-**Applies to**
-
-- Windows 10
-
This guide shows you how to deploy the Windows 10 operating system in a school environment. You learn how to deploy Windows 10 in classrooms; integrate the school environment with Microsoft Office 365, Active Directory Domain Services (AD DS), and Microsoft Azure Active Directory (Azure AD); and deploy Windows 10 and your apps to new devices or upgrade existing devices to Windows 10. This guide also describes how to use Microsoft Intune and Group Policy to manage devices. Finally, the guide discusses common, ongoing maintenance tasks that you'll perform after initial deployment and the automated tools and built-in features of the operating system.
## Prepare for school deployment
diff --git a/education/windows/index.md b/education/windows/deploy-windows-10-overview.md
similarity index 97%
rename from education/windows/index.md
rename to education/windows/deploy-windows-10-overview.md
index 9db6cd7672..3977c5f664 100644
--- a/education/windows/index.md
+++ b/education/windows/deploy-windows-10-overview.md
@@ -2,14 +2,19 @@
title: Windows 10 for Education (Windows 10)
description: Learn how to use Windows 10 in schools.
keywords: Windows 10, education
-ms.prod: w10
+ms.prod: windows
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: edu
ms.localizationpriority: medium
-author: dansimp
-ms.author: dansimp
-ms.date: 10/13/2017
+ms.collection: education
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/10/2022
+ms.reviewer:
+manager: aaroncz
+appliesto:
+- ✅ Windows 10
---
# Windows 10 for Education
diff --git a/education/windows/edu-deployment-recommendations.md b/education/windows/edu-deployment-recommendations.md
index fb2c72d34b..c29d3d4a47 100644
--- a/education/windows/edu-deployment-recommendations.md
+++ b/education/windows/edu-deployment-recommendations.md
@@ -4,20 +4,19 @@ description: Provides guidance on ways to customize the OS privacy settings, and
keywords: Windows 10 deployment, recommendations, privacy settings, school
ms.mktglfcycl: plan
ms.sitesec: library
+ms.prod: windows
ms.localizationpriority: medium
-author: dansimp
-ms.author: dansimp
-ms.date: 10/13/2017
+ms.collection: education
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/10/2022
ms.reviewer:
-manager: dansimp
-ms.prod: w10
+manager: aaroncz
+appliesto:
+- ✅ Windows 10
---
# Deployment recommendations for school IT administrators
-**Applies to:**
-
-- Windows 10
-
Your privacy is important to us, so we want to provide you with ways to customize the OS privacy settings, and some of the apps, so that you can choose what information is shared with Microsoft. To learn more about Microsoft’s commitment to privacy, see [Windows 10 and privacy](https://go.microsoft.com/fwlink/?LinkId=809305). The following sections provide some best practices and specific privacy settings we’d like you to be aware of. For more information about ways to customize the OS diagnostic data, consumer experiences, Cortana, and search, see [Windows 10 configuration recommendations for education customers](configure-windows-for-education.md).
diff --git a/education/windows/education-scenarios-store-for-business.md b/education/windows/education-scenarios-store-for-business.md
index 7909586e9b..0a06370a11 100644
--- a/education/windows/education-scenarios-store-for-business.md
+++ b/education/windows/education-scenarios-store-for-business.md
@@ -2,17 +2,22 @@
title: Education scenarios Microsoft Store for Education
description: Learn how IT admins and teachers can use Microsoft Store for Education to acquire and manage apps in schools.
keywords: school, Microsoft Store for Education, Microsoft education store
-ms.prod: w10
+ms.prod: windows
ms.mktglfcycl: plan
ms.sitesec: library
ms.localizationpriority: medium
searchScope:
- Store
-author: dansimp
-ms.author: dansimp
-ms.date: 03/30/2018
+ms.collection: education
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/10/2022
ms.reviewer:
-manager: dansimp
+manager: aaroncz
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows 11 SE
---
# Working with Microsoft Store for Education
@@ -130,18 +135,10 @@ Teachers can:
## Distribute apps
-Manage and distribute apps to students and others in your organization. Different options are available for admins and teachers.
-
-Applies to: IT admins
-
**To manage and distribute apps**
- For info on how to distribute **Minecraft: Education Edition**, see [For IT admins – Minecraft: Education Edition](./school-get-minecraft.md#distribute-minecraft)
- For info on how to manage and distribute other apps, see [App inventory management - Microsoft Store for Business](/microsoft-store/app-inventory-management-windows-store-for-business)
-Applies to: Teachers
-
-For info on how to distribute **Minecraft: Education Edition**, see [For teachers – Minecraft: Education Edition](./teacher-get-minecraft.md#distribute-minecraft).
-
**To assign an app to a student**
1. Sign in to [Microsoft Store for Education](https://educationstore.microsoft.com).
@@ -174,4 +171,4 @@ You can manage your orders through Microsoft Store for Business. For info on ord
It can take up to 24 hours after a purchase, before a receipt is available on your **Order history page**.
> [!NOTE]
-> For **Minecraft: Education Edition**, you can request a refund through Microsoft Store for Business for two months from the purchase date. After two months, refunds require a support call.
\ No newline at end of file
+> For **Minecraft: Education Edition**, you can request a refund through Microsoft Store for Business for two months from the purchase date. After two months, refunds require a support call.
diff --git a/education/windows/enable-s-mode-on-surface-go-devices.md b/education/windows/enable-s-mode-on-surface-go-devices.md
index e7dce928ea..e056e38381 100644
--- a/education/windows/enable-s-mode-on-surface-go-devices.md
+++ b/education/windows/enable-s-mode-on-surface-go-devices.md
@@ -2,16 +2,19 @@
title: Enable S mode on Surface Go devices for Education
description: Steps that an education customer can perform to enable S mode on Surface Go devices
keywords: Surface Go for Education, S mode
-ms.prod: w10
+ms.prod: windows
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: edu
ms.localizationpriority: medium
-author: dansimp
-ms.author: dansimp
-ms.date: 07/30/2018
+ms.collection: education
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/10/2022
ms.reviewer:
-manager: dansimp
+manager: aaroncz
+appliesto:
+- ✅ Windows 10
---
# Surface Go for Education - Enabling S mode
diff --git a/education/windows/get-minecraft-device-promotion.md b/education/windows/get-minecraft-device-promotion.md
deleted file mode 100644
index 258525651d..0000000000
--- a/education/windows/get-minecraft-device-promotion.md
+++ /dev/null
@@ -1,90 +0,0 @@
----
-title: Get Minecraft Education Edition with your Windows 10 device promotion
-description: Windows 10 device promotion for Minecraft Education Edition licenses
-keywords: school, Minecraft, education edition
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.sitesec: library
-ms.localizationpriority: medium
-author: dansimp
-searchScope:
- - Store
-ms.author: dansimp
-ms.date: 06/05/2018
-ms.reviewer:
-manager: dansimp
----
-
-# Get Minecraft: Education Edition with Windows 10 device promotion
-
-**Applies to:**
-
-- Windows 10
-
-The **Minecraft: Education Edition** with Windows 10 device promotion ended January 31, 2018.
-
-Qualifying customers that received one-year subscriptions for Minecraft: Education Edition as part of this program and wish to continue using the game in their schools can purchase new subscriptions in Microsoft Store for Education.
-For more information on purchasing Minecraft: Education Edition, see [Add Minecraft to your Store for Education](./school-get-minecraft.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json).
-
->[!Note]
->**Minecraft: Education Edition** with Windows 10 device promotion subscriptions are valid for 1 year from the time
-of redemption. At the end of 1 year, the promotional subscriptions will expire and any people using these subscriptions will be reverted to a trial license of **Minecraft: Education Edition**.
-
-To prevent being reverted to a trial license, admins or teachers need to purchase new **Minecraft: Education Edition** subscriptions from Store for Education, and assign licenses to users who used a promotional subscription.
-
-
-
\ No newline at end of file
diff --git a/education/windows/get-minecraft-for-education.md b/education/windows/get-minecraft-for-education.md
index 2ce2c20be3..a29c2d277f 100644
--- a/education/windows/get-minecraft-for-education.md
+++ b/education/windows/get-minecraft-for-education.md
@@ -2,48 +2,42 @@
title: Get Minecraft Education Edition
description: Learn how to get and distribute Minecraft Education Edition.
keywords: school, Minecraft, education edition
-ms.prod: w10
+ms.prod: windows
ms.mktglfcycl: plan
ms.sitesec: library
ms.localizationpriority: medium
-author: dansimp
searchScope:
- Store
-ms.author: dansimp
-ms.date: 01/29/2019
+ms.collection: education
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/10/2022
ms.reviewer:
-manager: dansimp
-ms.topic: conceptual
+manager: aaroncz
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows 11 SE
---
# Get Minecraft: Education Edition
-**Applies to:**
-
-- Windows 10
-
-
[Minecraft: Education Edition](https://education.minecraft.net/) is built for learning. Watch this video to learn more about Minecraft.
-Teachers and IT administrators can now get early access to **Minecraft: Education Edition** and add it their Microsoft Store for Business for distribution.
-
-
+Teachers and IT administrators can now get access to **Minecraft: Education Edition** and add it their Microsoft Admin Center for distribution.
## Prerequisites
-- **Minecraft: Education Edition** requires Windows 10.
+- For a complete list of Operating Systems supported by **Minecraft: Education Edition**, see [here](https://educommunity.minecraft.net/hc/articles/360047556591-System-Requirements).
- Trials or subscriptions of **Minecraft: Education Edition** are offered to education tenants that are managed by Azure Active Directory (Azure AD).
- If your school doesn't have an Azure AD tenant, the [IT administrator can set one up](school-get-minecraft.md) as part of the process of getting **Minecraft: Education Edition**.
- Office 365 Education, which includes online versions of Office apps plus 1 TB online storage. [Sign up your school for Office 365 Education.](https://www.microsoft.com/education/products/office)
- If your school has an Office 365 Education subscription, it includes a free Azure AD subscription. [Register your free Azure AD subscription.](/windows/client-management/mdm/register-your-free-azure-active-directory-subscription)
-
-[Learn how teachers can get and distribute **Minecraft: Education Edition**](teacher-get-minecraft.md)
-
-[Learn how IT administrators can get and distribute **Minecraft: Education Edition**](school-get-minecraft.md), and how to manage permissions for Minecraft.
\ No newline at end of file
+[Learn how IT administrators can get and distribute **Minecraft: Education Edition**](school-get-minecraft.md), and how to manage permissions for Minecraft.
diff --git a/education/windows/images/change-home-to-edu-windows-edition-upgrade-policy.png b/education/windows/images/change-home-to-edu-windows-edition-upgrade-policy.png
new file mode 100644
index 0000000000..f9c4fc3a12
Binary files /dev/null and b/education/windows/images/change-home-to-edu-windows-edition-upgrade-policy.png differ
diff --git a/education/windows/images/change-home-to-edu-windows-home-edition-intune-filter.png b/education/windows/images/change-home-to-edu-windows-home-edition-intune-filter.png
new file mode 100644
index 0000000000..a033a481c3
Binary files /dev/null and b/education/windows/images/change-home-to-edu-windows-home-edition-intune-filter.png differ
diff --git a/education/windows/index.yml b/education/windows/index.yml
new file mode 100644
index 0000000000..510c5c520f
--- /dev/null
+++ b/education/windows/index.yml
@@ -0,0 +1,85 @@
+### YamlMime:Landing
+
+title: Windows for Education documentation
+summary: Evaluate, plan, deploy, and manage Windows devices in an education environment
+
+metadata:
+ title: Windows for Education documentation
+ description: Learn about how to plan, deploy and manage Windows devices in an education environment with Microsoft Intune
+ ms.topic: landing-page
+ ms.prod: windows
+ ms.collection: education
+ author: paolomatarazzo
+ ms.author: paoloma
+ ms.date: 08/10/2022
+ ms.reviewer:
+ manager: aaroncz
+ ms.localizationpriority: medium
+
+# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new
+# Cards and links should be based on top customer tasks or top subjects
+# Start card title with a verb
+ # Card (optional)
+
+landingContent:
+
+ - title: Get started
+ linkLists:
+ - linkListType: tutorial
+ links:
+ - text: Deploy and manage Windows devices in a school
+ url: tutorial-school-deployment/index.md
+ - text: Prepare your tenant
+ url: tutorial-school-deployment/set-up-azure-ad.md
+ - text: Configure settings and applications with Microsoft Intune
+ url: tutorial-school-deployment/configure-devices-overview.md
+ - text: Manage devices with Microsoft Intune
+ url: tutorial-school-deployment/manage-overview.md
+ - text: Management functionalities for Surface devices
+ url: tutorial-school-deployment/manage-surface-devices.md
+
+
+ - title: Learn about Windows 11 SE
+ linkLists:
+ - linkListType: concept
+ links:
+ - text: What is Windows 11 SE?
+ url: windows-11-se-overview.md
+ - text: Windows 11 SE settings
+ url: windows-11-se-settings-list.md
+ - linkListType: video
+ links:
+ - text: Deploy Windows 11 SE using Set up School PCs
+ url: https://www.youtube.com/watch?v=Ql2fbiOop7c
+
+
+ - title: Deploy devices with Set up School PCs
+ linkLists:
+ - linkListType: concept
+ links:
+ - text: What is Set up School PCs?
+ url: set-up-school-pcs-technical.md
+ - linkListType: how-to-guide
+ links:
+ - text: Use the Set up School PCs app
+ url: use-set-up-school-pcs-app.md
+ - linkListType: reference
+ links:
+ - text: Provisioning package settings
+ url: set-up-school-pcs-provisioning-package.md
+ - linkListType: video
+ links:
+ - text: Use the Set up School PCs App
+ url: https://www.youtube.com/watch?v=2ZLup_-PhkA
+
+
+ - title: Configure devices
+ linkLists:
+ - linkListType: concept
+ links:
+ - text: Take tests and assessments
+ url: take-tests-in-windows-10.md
+ - text: Change Windows editions
+ url: change-home-to-edu.md
+ - text: "Deploy Minecraft: Education Edition"
+ url: get-minecraft-for-education.md
\ No newline at end of file
diff --git a/education/windows/s-mode-switch-to-edu.md b/education/windows/s-mode-switch-to-edu.md
index cb2e995ef3..a09d48ae19 100644
--- a/education/windows/s-mode-switch-to-edu.md
+++ b/education/windows/s-mode-switch-to-edu.md
@@ -4,14 +4,17 @@ description: Switching out of Windows 10 Pro in S mode to Windows 10 Pro Educati
keywords: Windows 10 S switch, S mode Switch, switch in S mode, Switch S mode, Windows 10 Pro Education in S mode, S mode, system requirements, Overview, Windows 10 Pro in S mode, Education, EDU
ms.mktglfcycl: deploy
ms.localizationpriority: medium
-ms.prod: w10
+ms.prod: windows
ms.sitesec: library
ms.pagetype: edu
-ms.date: 12/03/2018
+ms.collection: education
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/10/2022
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
-author: dansimp
+manager: aaroncz
+appliesto:
+- ✅ Windows 10
---
# Switch to Windows 10 Pro Education in S mode from Windows 10 Pro in S mode
diff --git a/education/windows/school-get-minecraft.md b/education/windows/school-get-minecraft.md
index 6ba860cd94..8ed1fbf9e7 100644
--- a/education/windows/school-get-minecraft.md
+++ b/education/windows/school-get-minecraft.md
@@ -2,27 +2,26 @@
title: For IT administrators get Minecraft Education Edition
description: Learn how IT admins can get and distribute Minecraft in their schools.
keywords: Minecraft, Education Edition, IT admins, acquire
-ms.prod: w10
+ms.prod: windows
ms.mktglfcycl: plan
ms.sitesec: library
ms.localizationpriority: medium
-author: dansimp
searchScope:
- Store
-ms.author: dansimp
-ms.date: 01/30/2019
+ms.collection: education
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/10/2022
ms.reviewer:
-manager: dansimp
+manager: aaroncz
+appliesto:
+- ✅ Windows 10
ms.topic: conceptual
---
# For IT administrators - get Minecraft: Education Edition
-**Applies to:**
-
-- Windows 10
-
-When you sign up for a [Minecraft: Education Edition](https://education.minecraft.net) trial, or purchase a [Minecraft: Education Edition](https://education.minecraft.net) subscription. Minecraft will be added to the inventory in your Microsoft Store for Education which is associated with your Azure Active Directory (Azure AD) tenant. Your Microsoft Store for Education is only displayed to members of your organization.
+When you sign up for a [Minecraft: Education Edition](https://education.minecraft.net) trial, or purchase a [Minecraft: Education Edition](https://education.minecraft.net) subscription, Minecraft: Education Edition will be added to the inventory in your Microsoft Admin Center which is associated with your Azure Active Directory (Azure AD) tenant. Your Microsoft Admin Center is only displayed to members of your organization with administrative roles.
>[!Note]
>If you don't have an Azure AD or Office 365 tenant, you can set up a free Office 365 Education subscription when you request Minecraft: Education Edition. For more information, see [Office 365 Education plans and pricing](https://products.office.com/academic/compare-office-365-education-plans).
@@ -34,7 +33,7 @@ Schools that purchased these products have an extra option for making Minecraft:
- Microsoft 365 A3 or Microsoft 365 A5
- Minecraft: Education Edition
-If your school has these products in your tenant, admins can choose to enable Minecraft: Education Edition for students using Microsoft 365 A3 or Microsoft 365 A5. From the left-hand menu in Microsoft Admin Center, select Users. From the Users list, select the users you want to add or remove for Minecraft: Education Edition access. Add the relevant A3 or A5 license if it hasn't been assigned already.
+If your school has these products in your tenant, admins can choose to enable Minecraft: Education Edition for students using Microsoft 365 A3 or Microsoft 365 A5. From the left-hand menu in Microsoft Admin Center, select Users. From the Users list, select the users you want to add or remove for Minecraft: Education Edition access. Add the relevant A3 or A5 license if it hasn't been assigned already.
> [!Note]
> If you add a faculty license, the user will be assigned an instructor role in the application and will have elevated permissions.
@@ -43,37 +42,27 @@ After selecting the appropriate product license, ensure Minecraft: Education Edi
If you turn off this setting after students have been using Minecraft: Education Edition, they will have up to 30 more days to use Minecraft: Education Edition before they don't have access.
-## Add Minecraft to your Microsoft Store for Education
+## How to get Minecraft: Education Edition
-You can start with the Minecraft: Education Edition trial to get individual copies of the app. For more information, see [Minecraft: Education Edition - direct purchase](#individual-copies).
+Users in a Microsoft verified academic institution account will have access to the free trial limited logins for Minecraft: Education Edition. This grants faculty accounts 25 free logins and student accounts 10 free logins. To purchase direct licenses, see [Minecraft: Education Edition - direct purchase](#individual-copies).
If you’ve been approved and are part of the Enrollment for Education Solutions volume license program, you can purchase a volume license for Minecraft: Education Edition. For more information, see [Minecraft: Education Edition - volume license](#volume-license).
### Minecraft: Education Edition - direct purchase
-1. Go to [https://education.minecraft.net/](https://education.minecraft.net/) and select **GET STARTED**.
+1. Go to [https://education.minecraft.net/](https://education.minecraft.net/) and select **How to Buy** in the top navigation bar.
-
+2. Scroll down and select **Buy Now** under Direct Purchase.
-2. Enter your email address, and select Educator, Administrator, or Student. If your email address isn't associated to an Azure AD or Office 365 Education tenant, you'll be asked to create one.
+3. This will route you to the purchase page in the Microsoft Admin center. You will need to log in to your Administrator account.
-
-
-3. Select **Get the app**. This will take you to the Microsoft Store for Education to download the app. You will also receive an email with instructions and a link to the Store.
+4. If necessary, fill in any requested organization or payment information.
-
+5. Select the quantity of licenses you would like to purchase and select **Place Order**.
-4. Sign in to Microsoft Store for Education with your email address.
+6. After you’ve purchased licenses, you’ll need to [assign them to users in the Admin Center](/microsoft-365/admin/manage/assign-licenses-to-users).
-5. Read and accept the Microsoft Store for Education Service Agreement, and then select **Next**.
-
-6. **Minecraft: Education Edition** opens in the Microsoft Store for Education. Select **Get the app**. This places **Minecraft: Education Edition** in your Store inventory.
-
-
-
-Now that the app is in your Microsoft Store for Education inventory, you can choose how to distribute Minecraft. For more information on distribution options, see [Distribute Minecraft](#distribute-minecraft).
-
-If you need additional licenses for **Minecraft: Education Edition**, see [Purchase additional licenses](./education-scenarios-store-for-business.md#purchase-more-licenses).
+If you need additional licenses for **Minecraft: Education Edition**, see [Buy or remove subscription licenses](/microsoft-365/commerce/licenses/buy-licenses).
### Minecraft: Education Edition - volume licensing
@@ -89,7 +78,7 @@ You can pay for Minecraft: Education Edition with a debit or credit card, or wit
### Debit or credit cards
-During the purchase, click **Get started! Add a way to pay.** Provide the info needed for your debit or credit card.
+During the purchase, click **Add a new payment method**. Provide the info needed for your debit or credit card.
### Invoices
@@ -101,234 +90,22 @@ Invoices are now a supported payment method for Minecraft: Education Edition. Th
**To pay with an invoice**
-1. During the purchase, click **Get started! Add a way to pay.**
-
- 
+1. During the purchase, click **Add a new payment method.**
2. Select the Invoice option, and provide the info needed for an invoice. The **PO number** item allows you to add a tracking number or info that is meaningful to your organization.
-### Find your invoice
-
-After you've finished the purchase, you can find your invoice by checking **Minecraft: Education Edition** in your **Apps & software**.
-
-> [!NOTE]
-> After you complete a purchase, it can take up to twenty-four hours for the app to appear in **Apps & software**.
-
-**To view your invoice**
-
-1. In Microsoft Store for Education, click **Manage** and then click **Apps & software**.
-2. Click **Minecraft: Education Edition** in the list of apps.
-3. On **Minecraft: Education Edition**, click **View Bills**.
-
- 
-
-4. On **Invoice Bills**, click the invoice number to view and download your invoice. It downloads as a .pdf.
-
- 
-
-The **Payment Instructions** section on the first page of the invoice has information on invoice amount, due date, and how to pay with electronic funds transfer, or with a check.
+For more info on invoices and how to pay by invoice, see [How to pay for your subscription](/microsoft-365/commerce/billing-and-payments/pay-for-your-subscription?).
## Distribute Minecraft
-After Minecraft: Education Edition is added to your Microsoft Store for Education inventory, you have three options:
-- You can install the app on your PC.
-- You can assign the app to others.
-- You can download the app to distribute.
-
-Admins can also add Minecraft: Education Edition to the private store. This allows people in your organization to install the app from the private store. For more information, see [Distribute apps using your private store](/microsoft-store/distribute-apps-from-your-private-store).
-
-
-
-### Configure automatic subscription assignment
-
-For Minecraft: Education Edition, you can use auto assign subscription to control whether or not you assign a subscription when a member of your organization signs in to the app. When auto assign subscription is on, people from your organization who don’t have a subscription will automatically get one when they sign in to Minecraft: Education Edition. When auto assign subscription is off, people from your organization will get the trial version when they sign in to Minecraft: Education Edition. This allows you to control which people use the trial version, and which people are assigned a full subscription. You can always reassign subscriptions, but planning ahead will reduce time spent managing apps and subscriptions. By default, automatic subscription assignment is turned on.
-
-**How to turn off automatic subscription assignment**
-
-> [!Note]
-> The version of the Minecraft: Education Edition page in the Microsoft Store will be different depending on which Microsoft Store for Education flight you are using.
-
-1. Sign in to [Microsoft Store for Education](https://educationstore.microsoft.com)
-2. Click Manage.
-
- You'll see Minecraft: Education Edition product page.
-
- 
-
- -Or-
-
- 
-
-3. Slide the **Auto assign subscription** or select **Turn off auto assign subscription**.
-
-### Install for me
-
-You can install the app on your PC. This gives you a chance to test the app and know how you might help others in your organization use the app.
-
-1. Sign in to [Microsoft Store for Education](https://educationstore.microsoft.com).
-2. Click **Manage**, and then click **Install**.
-
-
-
-3. Click **Install**.
-
-### Assign to others
-
-Enter email addresses for your students, and each student will get an email with a link to install the app. This option is best for older, more tech-savvy students who will always use the same PC at school. You can assign the app to individuals, groups, or add it to your private store, where students and teachers in your organization can download the app.
-
-**To assign to others**
-
-1. Sign in to [Microsoft Store for Education](https://educationstore.microsoft.com).
-2. Click **Manage**.
-
- 
-3. Click **Invite people**.
-4. Type the name, or email address of the student or group you want to assign the app to, and then click **Assign**.
-
- You can only assign the app to students with work or school accounts. If you don't find the student, you might need to add a work or school account for the student.
- 
-
-**To finish Minecraft install (for students)**
-
-1. Students will receive an email with a link that will install the app on their PC.
-
- 
-
-2. Click **Get the app** to start the app install in Microsoft Store app.
-3. In Microsoft Store app, click **Install**.
-
- 
-
- After installing the app, students can find Minecraft: Education Edition in Microsoft Store app under **My Library**. Microsoft Store app is preinstalled with Windows 10.
-
- 
-
- When students click **My Library** they'll find apps assigned to them.
-
- 
-
-### Download for others
-Download for others allows teachers or IT admins to download an app that they can install on PCs. This will install Minecraft: Education Edition on the PC, and allows anyone with a Windows account to use the app on that PC. This option is best for students, and for shared computers. Choose this option when:
-- You have administrative permissions to install apps on the PC.
-- You want to install this app on each of your student's Windows 10 (at least version 1511) PCs.
-- Your students share Windows 10 computers, but sign in with their own Windows account.
-
-**Requirements**
-- Administrative permissions are required on the PC. If you don't have the correct permissions, you won't be able to install the app.
-- Windows 10 (at least version 1511) is required for PCs running Minecraft: Education Edition.
-
-**Check for updates**
-Minecraft: Education Edition will not install if there are updates pending for other apps on the PC. Before installing Minecraft, check to see if there are pending updates for Microsoft Store apps.
-
-**To check for app updates**
-
-1. Start Microsoft Store app on the PC (click **Start**, and type **Store**).
-2. Click the account button, and then click **Downloads and updates**.
-
- 
-
-3. Click **Check for updates**, and install all available updates.
-
- 
-
-4. Restart the computer before installing Minecraft: Education Edition.
-
-**To download for others**
-You'll download a .zip file, extract the files, and then use one of the files to install Minecraft: Education Edition on each PC.
-
-1. **Download Minecraft Education Edition.zip**. From the **Minecraft: Education Edition** page, click **Download for others** tab, and then click **Download**.
-
- 
-
-2. **Extract files**. Find the .zip file that you downloaded and extract the files. This is usually your **Downloads** folder, unless you chose to save the .zip file to a different location. Right-click the file and choose **Extract all**.
-3. **Save to USB drive**. After you've extracted the files, save the Minecraft: Education Edition folder to a USB drive, or to a network location that you can access from each PC.
-4. **Install app**. Use the USB drive to copy the Minecraft folder to each Windows 10 PC where you want to install Minecraft: Education Edition. Open Minecraft: Education Edition folder, right-click **InstallMinecraftEducationEdition.bat** and click **Run as administrator**.
-5. **Quick check**. The install program checks the PC to make sure it can run Minecraft: Education Edition. If your PC passes this test, the app will automatically install.
-6. **Restart**. Once installation is complete, restart each PC. Minecraft: Education Edition app is now ready for any student to use.
-
-
-
-
-
-
-
-
-
-
-
+After Minecraft: Education Edition is added to your Microsoft Admin Center inventory, you can [assign these licenses to your users](/microsoft-365/admin/manage/assign-licenses-to-users) or [download the app](https://aka.ms/downloadmee).
## Learn more
-[Working with Microsoft Store for Education – education scenarios](education-scenarios-store-for-business.md)
-Learn about overall Microsoft Store for Education management: manage settings, shop for apps, distribute apps, manage inventory, and manage order history.
-[Roles and permissions in Microsoft Store for Business and Education](/microsoft-store/roles-and-permissions-microsoft-store-for-business)
-[Troubleshoot Microsoft Store for Business and Education](/microsoft-store/troubleshoot-microsoft-store-for-business)
+
+[About Intune Admin roles in the Microsoft 365 admin center](/microsoft-365/business-premium/m365bp-intune-admin-roles-in-the-mac)
## Related topics
[Get Minecraft: Education Edition](get-minecraft-for-education.md)
-[For teachers get Minecraft: Education Edition](teacher-get-minecraft.md)
\ No newline at end of file
diff --git a/education/windows/set-up-school-pcs-azure-ad-join.md b/education/windows/set-up-school-pcs-azure-ad-join.md
index f1a4be1df2..b7a35b9784 100644
--- a/education/windows/set-up-school-pcs-azure-ad-join.md
+++ b/education/windows/set-up-school-pcs-azure-ad-join.md
@@ -2,16 +2,19 @@
title: Azure AD Join with Set up School PCs app
description: Describes how Azure AD Join is configured in the Set up School PCs app.
keywords: shared cart, shared PC, school, set up school pcs
-ms.prod: w10
+ms.prod: windows
ms.mktglfcycl: plan
ms.sitesec: library
ms.pagetype: edu
ms.localizationpriority: medium
-author: dansimp
-ms.author: dansimp
-ms.date: 01/11/2019
+ms.collection: education
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/10/2022
ms.reviewer:
-manager: dansimp
+manager: aaroncz
+appliesto:
+- ✅ Windows 10
---
# Azure AD Join for school PCs
@@ -59,7 +62,7 @@ The following table describes each setting within **Device Settings**.
| Setting | Description |
|------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Users may join devices to Azure AD | Choose the scope of people in your organization that are allowed to join devices to Azure AD. **All** allows all users and groups within your tenant to join devices. **Selected** prompts you to choose specific users or groups to allow. **None** allows no one in your tenant to join devices to Azure AD. |
-| More local administrators on Azure AD joined devices | Only applicable to Azure AD Premium tenants. Grant extra local administrator rights on devices, to selected users. Global administrators and the device owner are granted local administrator rights by default. |
+| More local administrators on Azure AD-joined devices | Only applicable to Azure AD Premium tenants. Grant extra local administrator rights on devices, to selected users. Global administrators and the device owner are granted local administrator rights by default. |
| Users may register their devices with Azure AD | Allow all or none of your users to register their devices with Azure AD (Workplace Join). If you're enrolled in Microsoft Intune or Mobile Device Management for Office 365, your devices are required to be registered. In this case, **All** is automatically selected for you. |
| Require Multi-Factor Authentication to join devices | Recommended when adding devices to Azure AD. When set to **Yes**, users that are setting up devices must enter a second method of authentication. |
| Maximum number of devices per user | Set the maximum number of devices a user is allowed to have in Azure AD. If the maximum is exceeded, the user must remove one or more existing devices before more devices are added. |
diff --git a/education/windows/set-up-school-pcs-provisioning-package.md b/education/windows/set-up-school-pcs-provisioning-package.md
index 328e6c3c68..3aeb7d738c 100644
--- a/education/windows/set-up-school-pcs-provisioning-package.md
+++ b/education/windows/set-up-school-pcs-provisioning-package.md
@@ -2,16 +2,19 @@
title: What's in Set up School PCs provisioning package
description: Lists the provisioning package settings that are configured in the Set up School PCs app.
keywords: shared cart, shared PC, school, set up school pcs
-ms.prod: w10
+ms.prod: windows
ms.mktglfcycl: plan
ms.sitesec: library
ms.pagetype: edu
ms.localizationpriority: medium
-author: dansimp
-ms.author: dansimp
-ms.date: 10/17/2018
+ms.collection: education
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/10/2022
ms.reviewer:
-manager: dansimp
+manager: aaroncz
+appliesto:
+- ✅ Windows 10
---
# What's in my provisioning package?
diff --git a/education/windows/set-up-school-pcs-shared-pc-mode.md b/education/windows/set-up-school-pcs-shared-pc-mode.md
index 25aa35b4f0..e007d4957b 100644
--- a/education/windows/set-up-school-pcs-shared-pc-mode.md
+++ b/education/windows/set-up-school-pcs-shared-pc-mode.md
@@ -2,16 +2,19 @@
title: Shared PC mode for school devices
description: Describes how shared PC mode is set for devices set up with the Set up School PCs app.
keywords: shared cart, shared PC, school, set up school pcs
-ms.prod: w10
+ms.prod: windows
ms.mktglfcycl: plan
ms.sitesec: library
ms.pagetype: edu
ms.localizationpriority: medium
-author: dansimp
-ms.author: dansimp
-ms.date: 07/13/2018
+ms.collection: education
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/10/2022
ms.reviewer:
-manager: dansimp
+manager: aaroncz
+appliesto:
+- ✅ Windows 10
---
# Shared PC mode for school devices
diff --git a/education/windows/set-up-school-pcs-technical.md b/education/windows/set-up-school-pcs-technical.md
index de0bc50602..6dbdf70186 100644
--- a/education/windows/set-up-school-pcs-technical.md
+++ b/education/windows/set-up-school-pcs-technical.md
@@ -2,25 +2,23 @@
title: Set up School PCs app technical reference overview
description: Describes the purpose of the Set up School PCs app for Windows 10 devices.
keywords: shared cart, shared PC, school, set up school pcs
-ms.prod: w10
+ms.prod: windows
ms.mktglfcycl: plan
ms.sitesec: library
ms.pagetype: edu
ms.localizationpriority: medium
-author: dansimp
-ms.author: dansimp
-ms.date: 07/11/2018
+ms.collection: education
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/10/2022
ms.reviewer:
-manager: dansimp
+manager: aaroncz
+appliesto:
+- ✅ Windows 10
---
# What is Set up School PCs?
-
-**Applies to:**
-
-- Windows 10
-
The **Set up School PCs** app helps you configure new Windows 10 PCs for school use. The
app, which is available for Windows 10 version 1703 and later, configures and saves
school-optimized settings, apps, and policies into a single provisioning package. You can then save the package to a USB drive and distribute it to your school PCs.
diff --git a/education/windows/set-up-school-pcs-whats-new.md b/education/windows/set-up-school-pcs-whats-new.md
index 72bea22625..fce328a1c0 100644
--- a/education/windows/set-up-school-pcs-whats-new.md
+++ b/education/windows/set-up-school-pcs-whats-new.md
@@ -2,21 +2,24 @@
title: What's new in the Windows Set up School PCs app
description: Find out about app updates and new features in Set up School PCs.
keywords: shared cart, shared PC, school, set up school pcs
-ms.prod: w10
+ms.prod: windows
ms.mktglfcycl: plan
ms.sitesec: library
ms.pagetype: edu
ms.localizationpriority: medium
-author: dansimp
-ms.author: dansimp
-ms.date: 08/31/2020
+ms.collection: education
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/10/2022
ms.reviewer:
-manager: dansimp
+manager: aaroncz
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
---
# What's new in Set up School PCs
-Learn what’s new with the Set up School PCs app each week. Find out about new app features and functionality, see updated screenshots, and find information about past releases.
-
+Learn what's new with the Set up School PCs app each week. Find out about new app features and functionality, see updated screenshots, and find information about past releases.
## Week of August 24, 2020
@@ -26,15 +29,14 @@ You can now give devices running Windows 10, version 2004 and later a name that'
## Week of September 23, 2019
### Easier way to deploy Office 365 to your classroom devices
- Microsoft Office now appears as an option on the **Apps** screen. Select the app to add it to your provisioning package. Devices install Microsoft 365 Apps for enterprise. This version includes the cloud-connected and most current versions of apps such as Word, PowerPoint, Excel, and Teams.
-
+ Microsoft Office now appears as an option on the **Apps** screen. Select the app to add it to your provisioning package. Devices install Microsoft 365 Apps for enterprise. This version includes the cloud-connected and most current versions of apps such as Word, PowerPoint, Excel, and Teams.
## Week of June 24, 2019
### Resumed support for Windows 10, version 1903 and later
The previously mentioned provisioning problem was resolved, so the Set up School PCs app once again supports Windows 10, version 1903 and later. The Windows 10 settings that were removed are now back in the app.
-### Device rename made optional for Azure AD joined devices
+### Device rename made optional for Azure AD-joined devices
When you set up your Azure AD join devices in the app, you no longer need to rename your devices. You can keep existing device names.
## Week of May 23, 2019
@@ -42,7 +44,7 @@ When you set up your Azure AD join devices in the app, you no longer need to ren
### Suspended support for Windows 10, version 1903 and later
Due to a provisioning problem, Set up School PCs has temporarily stopped support for Windows 10, version 1903 and later. All settings in the app that were for Windows 10, version 1903 and later have been removed. When the problem is resolved, support will resume again.
-### Mandatory device rename for Azure AD joined devices
+### Mandatory device rename for Azure AD-joined devices
If you configure Azure AD Join, you're now required to rename your devices during setup. You can't keep existing device names.
## Week of April 15, 2019
@@ -100,15 +102,10 @@ The Skype and Messaging apps are part of a selection of apps that are, by defaul
## Next steps
-Learn how to create provisioning packages and set up devices in the app.
+Learn how to create provisioning packages and set up devices in the app.
* [What's in my provisioning package?](set-up-school-pcs-provisioning-package.md)
* [Shared PC mode for schools](set-up-school-pcs-shared-pc-mode.md)
* [Set up School PCs technical reference](set-up-school-pcs-technical.md)
-* [Set up Windows 10 devices for education](set-up-windows-10.md)
-
-When you're ready to create and apply your provisioning package, see [Use Set up School PCs app](use-set-up-school-pcs-app.md).
-
-
-
-
+* [Set up Windows 10 devices for education](set-up-windows-10.md)
+When you're ready to create and apply your provisioning package, see [Use Set up School PCs app](use-set-up-school-pcs-app.md).
\ No newline at end of file
diff --git a/education/windows/set-up-students-pcs-to-join-domain.md b/education/windows/set-up-students-pcs-to-join-domain.md
index cbad40867b..32f97bf4b3 100644
--- a/education/windows/set-up-students-pcs-to-join-domain.md
+++ b/education/windows/set-up-students-pcs-to-join-domain.md
@@ -2,21 +2,21 @@
title: Set up student PCs to join domain
description: Learn how to use Configuration Designer to provision student devices to join Active Directory.
keywords: school, student PC setup, Windows Configuration Designer
-ms.prod: w10
+ms.prod: windows
ms.mktglfcycl: plan
ms.sitesec: library
ms.localizationpriority: medium
-author: dansimp
-ms.author: dansimp
-ms.date: 07/27/2017
+ms.collection: education
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/10/2022
ms.reviewer:
-manager: dansimp
+manager: aaroncz
+appliesto:
+- ✅ Windows 10
---
# Set up student PCs to join domain
-**Applies to:**
-
-- Windows 10
If your school uses Active Directory, use the Windows Configuration Designer tool to create a provisioning package that will configure a PC for student use that is joined to the Active Directory domain.
diff --git a/education/windows/set-up-students-pcs-with-apps.md b/education/windows/set-up-students-pcs-with-apps.md
index 30b657f9b6..840dd7836b 100644
--- a/education/windows/set-up-students-pcs-with-apps.md
+++ b/education/windows/set-up-students-pcs-with-apps.md
@@ -1,31 +1,27 @@
---
title: Provision student PCs with apps
description: Learn how to use Configuration Designer to easily provision student devices to join Active Directory.
-keywords: shared cart, shared PC, school, provision PCs with apps, Windows Configuration Designer
-ms.prod: w10
-ms.pagetype: edu
-ms.mktglfcycl: plan
-ms.sitesec: library
+ms.prod: windows
ms.localizationpriority: medium
-author: dansimp
-ms.author: dansimp
-ms.date: 10/13/2017
+ms.collection: education
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/10/2022
ms.reviewer:
-manager: dansimp
+manager: aaroncz
+appliesto:
+- ✅ Windows 10
---
-
# Provision student PCs with apps
-**Applies to:**
-- Windows 10
-
-
-To create and apply a provisioning package that contains apps to a device running all desktop editions of Windows 10 except Windows 10 Home, follow the steps in [Provision PCs with apps](/windows/configuration/provisioning-packages/provision-pcs-with-apps).
+To create and apply a provisioning package that contains apps to a device running all desktop editions of Windows 10 except Windows 10 Home, follow the steps in [Provision PCs with apps](/windows/configuration/provisioning-packages/provision-pcs-with-apps).
Provisioning packages can include management instructions and policies, installation of specific apps, customization of network connections and policies, and more.
-You can apply a provisioning package on a USB drive to off-the-shelf devices during setup, making it fast and easy to configure new devices.
-- If you want to [provision a school PC to join a domain](set-up-students-pcs-to-join-domain.md) and add apps in the same provisioning package, follow the steps in [Provision PCs with apps](/windows/configuration/provisioning-packages/provision-pcs-with-apps).
+You can apply a provisioning package on a USB drive to off-the-shelf devices during setup, making it fast and easy to configure new devices.
+
+- If you want to [provision a school PC to join a domain](set-up-students-pcs-to-join-domain.md) and add apps in the same provisioning package, follow the steps in [Provision PCs with apps](/windows/configuration/provisioning-packages/provision-pcs-with-apps).
+
- If you want to provision a school PC to join Azure AD, set up the PC using the steps in [Use Set up School PCs App](use-set-up-school-pcs-app.md). Set up School PCs now lets you add recommended apps from the Store so you can add these apps while you're creating your package through Set up School PCs. You can also follow the steps in [Provision PCs with apps](/windows/configuration/provisioning-packages/provision-pcs-with-apps) if you want to add apps to student PCs after initial setup with the Set up School PCs package.
-
-### Install for me
-You can install the app on your PC. This gives you a chance to work with the app before using it with your students.
-
-1. Sign in to [Microsoft Store for Education](https://educationstore.microsoft.com).
-2. Click **Manage**, and then click **Install**.
-
-
-
-3. Click **Install**.
-
-### Assign to others
-Enter email addresses for your students, and each student will get an email with a link to install the app. This option is best for older, more tech-savvy students who will always use the same PC at school.
-
-**To assign to others**
-1. Sign in to [Microsoft Store for Education](https://educationstore.microsoft.com).
-2. Click **Manage**.
-
-
-
-3. Click **Invite people**.
-
-4. Type the name, or email address of the student or group you want to assign the app to, and then click **Assign**.
-
- 
-
- You can assign the app to students with work or school accounts.
- If you don't find the student, you can still assign the app to them if self-service sign up is supported for your domain. Students will receive an email with a link to Microsoft 365 admin center where they can create an account, and then install **Minecraft: Education Edition**. Questions about self-service sign up? Check with your admin.
-
-
-**To finish Minecraft install (for students)**
-
-Students will receive an email with a link that will install the app on their PC.
-
-
-
-1. Click **Get the app** to start the app install in Microsoft Store app.
-2. In Microsoft Store app, click **Install**.
-
- 
-
- After installing the app, students can find Minecraft: Education Edition in Microsoft Store app under **My Library**.
-
- 
-
- When students click **My Library** they'll find apps assigned to them.
-
- 
-
-### Download for others
-Download for others allows teachers or IT admins to download packages that they can install on student PCs. This option will install Minecraft: Education Edition on the PC, and allows anyone with a Windows account to use the app on that PC. This option is best for students, and for shared computers. Choose this option when:
-- You have administrative permissions to install apps on the PC.
-- You want to install this app on each of your student's Windows 10 (at least version 1511) PCs.
-- Your students share Windows 10 computers, but sign in with their own Windows account.
-
-#### Requirements
-- Administrative permissions are required on the PC. If you don't have the correct permissions, you won't be able to install the app.
-- Windows 10 (at least version 1511) is required for PCs running Minecraft: Education Edition.
-
-#### Check for updates
-Minecraft: Education Edition won't install if there are updates pending for other apps on the PC. Before installing Minecraft, check to see if there are pending updates for Microsoft Store apps.
-
-**To check for app updates**
-1. Start Microsoft Store app on the PC (click **Start**, and type **Store**).
-2. Click the account button, and then click **Downloads and updates**.
-
- 
-
-3. Click **Check for updates**, and install all available updates.
-
- 
-
-4. Restart the computer before installing Minecraft: Education Edition.
-
-#### To download for others
-You'll download a .zip file, extract the files, and then use one of the files to install Minecraft: Education Edition on each PC.
-
-1. **Download Minecraft Education Edition.zip**. From the **Minecraft: Education Edition** page, click **Download for others** tab, and then click **Download**.
-
- 
-
-2. **Extract files**. Find the .zip file that you downloaded and extract the files. This downloaded location is usually your **Downloads** folder, unless you chose to save the .zip file to a different location. Right-click the file and choose **Extract all**.
-3. **Save to USB drive**. After you've extracted the files, save the Minecraft: Education Edition folder to a USB drive, or to a network location that you can access from each PC.
-4. **Install app**. Use the USB drive to copy the Minecraft folder to each Windows 10 PC where you want to install Minecraft: Education Edition. Open Minecraft: Education Edition folder, right-click **InstallMinecraftEducationEdition.bat** and click **Run as administrator**.
-5. **Quick check**. The install program checks the PC to make sure it can run Minecraft: Education Edition. If your PC passes this test, the app will automatically install.
-6. **Restart**. Once installation is complete, restart each PC. Minecraft: Education Edition app is now ready for any student to use.
#### Troubleshoot
-If you ran **InstallMinecraftEducationEdition.bat** and Minecraft: Education Edition isn't available, there are a few things that might have happened.
-
-| Problem | Possible cause | Solution |
-|---------|----------------|----------|
-| Script ran, but it doesn't look like the app installed. | There might be pending app updates. | Check for app updates (see steps earlier in this topic). Install updates. Restart PC. Run **InstallMinecraftEducationEdition.bat** again. |
-| App won't install. | AppLocker is configured and preventing app installs. | Contact IT Admin. |
-| App won't install. | Policy prevents users from installing apps on the PC. | Contact IT Admin. |
-| Script starts, but stops quickly. | Policy prevents scripts from running on the PC. | Contact IT Admin. |
-| App isn't available for other users. | No restart after install. If you don't restart the PC, and just switch users the app won't be available.| Restart PC. Run **InstallMinecraftEducationEdition.bat** again. If a restart doesn't work, contact your IT Admin. |
-
-
-If you're still having trouble installing the app, you can get more help on our [Support page](https://go.microsoft.com/fwlink/?LinkID=799757).
+If you're having trouble installing the app, you can get more help on our [Support page](https://aka.ms/minecraftedusupport).
## Related topics
-[Working with Microsoft Store for Education](education-scenarios-store-for-business.md)
-Learn about overall Microsoft Store for Business management: manage settings, shop for apps, distribute apps, manage inventory, and manage order history.
[Get Minecraft: Education Edition](get-minecraft-for-education.md)
[For IT admins: get Minecraft: Education Edition](school-get-minecraft.md)
diff --git a/education/windows/test-windows10s-for-edu.md b/education/windows/test-windows10s-for-edu.md
index 87443100ce..e76136de39 100644
--- a/education/windows/test-windows10s-for-edu.md
+++ b/education/windows/test-windows10s-for-edu.md
@@ -1,75 +1,74 @@
---
title: Test Windows 10 in S mode on existing Windows 10 education devices
description: Provides guidance on downloading and testing Windows 10 in S mode for existing Windows 10 education devices.
-keywords: Windows 10 in S mode, try, download, school, education, Windows 10 in S mode installer, existing Windows 10 education devices
-ms.mktglfcycl: deploy
-ms.prod: w10
-ms.pagetype: edu
-ms.sitesec: library
+ms.prod: windows
ms.localizationpriority: medium
-author: dansimp
-ms.author: dansimp
-ms.date: 07/30/2019
+ms.collection: education
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/10/2022
ms.reviewer:
-manager: dansimp
+manager: aaroncz
+appliesto:
+- ✅ Windows 10
---
# Test Windows 10 in S mode on existing Windows 10 education devices
-**Applies to:**
-- Devices running Windows 10, version 1709: Windows 10 Pro, Windows 10 Pro Education, Windows 10 Education, Windows 10 Enterprise
-
The Windows 10 in S mode self-installer will allow you to test Windows 10 in S mode on various individual Windows 10 devices (except Windows 10 Home) with a genuine, activated license[1](#footnote1). Test Windows 10 in S mode on various devices in your school and share your feedback with us.
Windows 10 in S mode is built to give schools the familiar, robust, and productive experiences you count on from Windows in an experience that's been streamlined for security and performance in the classroom, and built to work with Microsoft Education[2](#footnote2).
-Windows 10 in S mode is different from other editions of Windows 10 as everything that runs on the device is verified by Microsoft for security and performance. Therefore, Windows 10 in S mode works exclusively with apps from the Microsoft Store. Some accessories and apps compatible with Windows 10 may not work and performance may vary. Certain default settings, features, and apps can't be changed. When you install Windows 10 in S mode, your existing applications and settings will be deleted and you'll only be able to install apps from the Microsoft Store.
+Windows 10 in S mode is different from other editions of Windows 10 as everything that runs on the device is verified by Microsoft for security and performance. Therefore, Windows 10 in S mode works exclusively with apps from the Microsoft Store. Some accessories and apps compatible with Windows 10 may not work and performance may vary. Certain default settings, features, and apps can't be changed. When you install Windows 10 in S mode, your existing applications and settings will be deleted, and you'll only be able to install apps from the Microsoft Store.
-**Configuring Windows 10 in S mode for school use is easy:** Education customers must configure **SetEduPolicies** for use in K-12 schools. For more information on how to do these configurations, see [Use the Set up School PCs app](use-set-up-school-pcs-app.md) and [Windows 10 configuration recommendations for education customers](configure-windows-for-education.md).
+**Configuring Windows 10 in S mode for school use is easy:** Education customers must configure **SetEduPolicies** for use in K-12 schools. For more information on how to do these configurations, see [Use the Set up School PCs app](use-set-up-school-pcs-app.md) and [Windows 10 configuration recommendations for education customers](configure-windows-for-education.md).
-**Installing Office 365 for Windows 10 in S mode (Education preview)**: To install the Office applications in a school environment, you must use the free Set up School PCs app, which is available on the Microsoft Store for Education and from the Microsoft Store.
+**Installing Office 365 for Windows 10 in S mode (Education preview)**: To install the Office applications in a school environment, you must use the free Setup School PCs app, which is available on the Microsoft Store for Education and from the Microsoft Store.
-As we finalize development of Office 365 for Windows 10 in S mode (Education preview), the applications will be updated automatically. You must have an Office license to activate the applications once they're installed.To learn more about Office 365 for Education plans, see [FAQ: Office on Windows 10 in S mode](https://support.office.com/article/717193b5-ff9f-4388-84c0-277ddf07fe3f).
+As we finalize development of Office 365 for Windows 10 in S mode (Education preview), the applications will be updated automatically. You must have an Office license to activate the applications once they're installed. For more information about Office 365 for Education plans, see [Office on Windows 10 in S mode](https://support.microsoft.com/office/office-on-windows-10-in-s-mode-717193b5-ff9f-4388-84c0-277ddf07fe3f?ui=en-us&rs=en-us&ad=us).
## Before you install Windows 10 in S mode
### Important information
-Before you install Windows 10 in S mode, be aware that non-Microsoft Store apps won't work, peripherals that require custom drivers may not work, and other errors may occur. In particular, this release of Windows 10 in S mode:
-* Is intended for education customers to test compatibility with existing hardware
-* May not work with some device drivers, which may not yet be ready for Windows 10 in S mode and may cause some loss in functionality
-* May not be compatible with all peripherals that require custom drivers and, even if compatible, may cause aspects of the peripheral to not function
-* Has software and feature limitations compared to other Windows 10 editions, primarily that Windows 10 in S mode is limited to Store apps only
+Before you install Windows 10 in S mode, understand that non-Microsoft Store apps won't work, peripherals that require custom drivers may not work, and other errors may occur. In particular, this release of Windows 10 in S mode:
+
+- Is intended for education customers to test compatibility with existing hardware
+- May not work with some device drivers, which may not yet be ready for Windows 10 in S mode and may cause some loss in functionality
+- May not be compatible with all peripherals that require custom drivers and, even if compatible, may cause aspects of the peripheral to not function
+- Has software and feature limitations compared to other Windows 10 editions, primarily that Windows 10 in S mode is limited to Store apps only
> [!WARNING]
> You can install Windows 10 in S mode on devices running other editions of Windows 10. For more information, see [Supported devices](#supported-devices). However, we don't recommend installing Windows 10 in S mode on Windows 10 Home devices as you won't be able to activate it.
-* Won't run current Win32 software and might result in the loss of any data associated with that software, which might include software already purchased
+- Won't run current Win32 software and might result in the loss of any data associated with that software, which might include software already purchased
Due to these reasons, we recommend that you use the installation tool and avoid doing a clean install from an ISO media.
Before you install Windows 10 in S mode on your existing Windows 10 Pro, Windows 10 Pro Education, Windows 10 Education, or Windows 10 Enterprise device:
-* Make sure that you updated your existing device to Windows 10, version 1703 (Creators Update).
- See [Download Windows 10](https://www.microsoft.com/software-download/windows10) and follow the instructions to update your device to Windows 10, version 1703. You can verify your current version in **Settings > System > About**.
+- Make sure that you updated your existing device to Windows 10, version 1703.
-* Install the latest Windows Update.
+ To update your device to Windows 10, version 1703, see [Download Windows 10](https://www.microsoft.com/software-download/windows10). You can verify your current version in **Settings > System > About**.
+
+- Install the latest Windows Update.
To do this task, go to **Settings > Update & security > Windows Update**.
-* Create a system backup in case you would like to return to your previously installed version of Windows 10 after trying Windows 10 in S mode.
+- Create a system backup in case you would like to return to your previously installed version of Windows 10 after trying Windows 10 in S mode.
For more information on how to create the system backup, see [Create a recovery drive](#create-a-recovery-drive).
## Supported devices
The Windows 10 in S mode install will install and activate on the following editions of Windows 10 in use by schools:
-* Windows 10 Pro
-* Windows 10 Pro Education
-* Windows 10 Education
-* Windows 10 Enterprise
-Other Windows 10 editions can't be activated and aren't supported. If your device isn't running one of these supported Windows 10 editions, don't proceed with using the Windows 10 in S mode installer. Windows 10-N editions and running in virtual machines aren't supported by the Windows 10 in S mode installer.
+- Windows 10 Pro
+- Windows 10 Pro Education
+- Windows 10 Education
+- Windows 10 Enterprise
+
+Other Windows 10 editions can't be activated and aren't supported. If your device isn't running one of these supported Windows 10 editions, don't proceed with using the Windows 10 in S mode installer. Windows 10-N editions and running in virtual machines aren't supported by the Windows 10 in S mode installer.
### Preparing your device to install drivers
@@ -77,28 +76,7 @@ Make sure all drivers are installed and working properly on your device running
### Supported devices and drivers
-Check with your device manufacturer before trying Windows 10 in S mode on your device to see if the drivers are available and supported by the device manufacturer.
-
-| | | |
-| - | - | - |
-| Acer | Alldocube | American Future Tech |
-| ASBISC | Asus | Atec |
-| Axdia | Casper | Cyberpower |
-| Daewoo | Daten | Dell |
-| Epson | EXO | Fujitsu |
-| Getac | Global K | Guangzhou |
-| HP | Huawei | I Life |
-| iNET | Intel | LANIT Trading |
-| Lenovo | LG | MCJ |
-| Micro P/Exertis | Microsoft | MSI |
-| Panasonic | PC Arts | Positivo SA |
-| Positivo da Bahia | Samsung | Teclast |
-| Thirdwave | Tongfang | Toshiba |
-| Trekstor | Trigem | Vaio |
-| Wortmann | Yifang | |
-
-> [!NOTE]
-> If you don't see any device listed on the manufacturer's web site, check back again later as more devices get added in the future.
+Check with your device manufacturer before trying Windows 10 in S mode on your device to see if the drivers are available and supported by the device manufacturer.
## Kept files
@@ -110,12 +88,13 @@ Back up all your data before installing Windows 10 in S mode. Only personal file
## Domain join
Windows 10 in S mode doesn't support non-Azure Active Directory domain accounts. Before installing Windows 10 in S mode, you must have at least one of these administrator accounts:
+
- Local administrator
-- Microsoft Account (MSA) administrator
-- Azure Active Directory administrator
+- Microsoft account administrator
+- Azure Active Directory administrator
> [!WARNING]
-> If you don't have one of these administrator accounts accessible before migration, you'll not be able to log in to your device after migrating to Windows 10 in S mode.
+> If you don't have one of these administrator accounts accessible before migration, you'll not be able to sign in to your device after migrating to Windows 10 in S mode.
We recommend [creating a recovery drive](#create-a-recovery-drive) before migrating to Windows 10 in S mode in case you run into this issue.
@@ -126,35 +105,39 @@ After installing Windows 10 in S mode, use the free [Set up School PCs app](use-
## Switch to previously installed Windows 10 editions
If Windows 10 in S mode isn't right for you, you can switch to the Windows 10 edition previously installed on your device(s).
-* Education customers can switch devices to Windows 10 Pro Education using the Microsoft Store for Education. For more information, see [Switch to Windows 10 Pro Education from Windows 10 Pro or Windows 10 in S mode](change-to-pro-education.md).
-* If you try Windows 10 in S mode and decide to switch back to the previously installed edition within 10 days, you can go back to the previously installed edition using the Windows Recovery option in Settings. For more info, see [Go back to your previous edition of Windows 10](#go-back-to-your-previous-edition-of-windows-10).
+
+- Education customers can switch devices to Windows 10 Pro Education using the Microsoft Store for Education. For more information, see [Switch to Windows 10 Pro Education from Windows 10 Pro or Windows 10 in S mode](change-to-pro-education.md).
+- If you try Windows 10 in S mode and decide to switch back to the previously installed edition within 10 days, you can go back to the previously installed edition using the Windows Recovery option in Settings. For more info, see [Go back to your previous edition of Windows 10](#go-back-to-your-previous-edition-of-windows-10).
## Device recovery
Before installing Windows 10 in S mode, we recommend that you create a system backup in case you would like to return to Windows 10 Pro or Windows 10 Pro Education after trying Windows 10 in S mode.
-### Create a recovery drive
+### Create a recovery drive
+
To create a recovery drive, follow these steps.
1. From the taskbar, search for **Create a recovery drive** and then select it. You might be asked to enter an admin password or confirm your choice.
-2. In the **Recovery drive** tool, make sure **Back up system files to the recovery drive** is selected and then click **Next**.
-3. Connect a USB drive to your PC, select it, and then select **Next > Create**.
+2. In the **Recovery drive** tool, make sure **Back up system files to the recovery drive** is selected and then select **Next**.
+3. Connect a USB drive to your PC, select it, and then select **Next > Create**.
Many files need to be copied to the recovery drive; so this process might take a while.
-4. When it's done, you might see a **Delete the recovery partition from your PC** link on the final screen. If you want to free up drive space on your PC, select the link and then select **Delete**. If not, select **Finish**.
+4. When it's done, you might see a **Delete the recovery partition from your PC** link on the final screen. If you want to free up drive space on your PC, select the link, and then select **Delete**. If not, select **Finish**.
### Go back to your previous edition of Windows 10
-Alternatively, for 10 days after you install Windows 10 in S mode, you've the option to go back to your previous edition of Windows 10 from **Settings > Update & security > Recovery**. This revert operation will keep your personal files, but it will remove installed apps and any changes you made to **Settings**.
+Alternatively, for 10 days after you install Windows 10 in S mode, you can go back to your previous edition of Windows 10 from **Settings > Update & security > Recovery**. This revert operation will keep your personal files, but it will remove installed apps and any changes you made to **Settings**.
To go back, you need to:
-* Keep everything in the windows.old and $windows.~bt folders after the upgrade.
-* Remove any user accounts you added after the upgrade.
+
+- Keep everything in the `windows.old` and `$windows.~bt` folders after the upgrade.
+- Remove any user accounts you added after the upgrade.
If going back isn't available:
-* Check if you can restore your PC to factory settings. This restoration will reinstall the version of Windows that came with your PC and remove personal files, apps, and drivers you installed and any changes you made to **Settings**. Go to **Settings > Update & security > Recovery > Reset this PC > Get started** and look for **Restore factory settings**.
-* If you've a product key for your previous version of Windows, use the media creation tool to create installation media of your previous Windows 10 edition and use it to do a clean install.
+
+- Check if you can restore your PC to factory settings. This restoration will reinstall the version of Windows that came with your PC and remove personal files, apps, and drivers you installed and any changes you made to **Settings**. Go to **Settings > Update & security > Recovery > Reset this PC > Get started** and look for **Restore factory settings**.
+- If you've a product key for your previous version of Windows, use the media creation tool. It can create installation media of your previous Windows 10 edition, and do a clean install.
After going back to your previous edition of Windows 10, you may receive the following message when launching Win32 apps:
@@ -168,14 +151,14 @@ If you see this message, follow these steps to stop receiving the message:
4. After restarting, in the **Choose an option** page, select **Troubleshoot**.
5. In the **Troubleshoot** page, select **Advanced options**, and in the **Advanced options** page select **UEFI Firmware Settings**.
6. In the **UEFI Firmware Settings** page, select **Restart** to get to the device-specific UEFI/BIOS menu.
-7. Once you've accessed UEFI, look for the menu item labeled **Security** or **Security Settings** and navigate to it.
+7. Once you've accessed UEFI, look for the menu item labeled **Security** or **Security Settings**, and navigate to it.
8. Look for an option called **Secure boot configuration**, **Secure boot**, or **UEFI Boot**. If you can't find one of these options, check the **Boot** menu.
9. Disable the secure boot/UEFI boot option.
10. Save your settings and then exit UEFI. This exit action will restart your PC.
-11. After Windows is done booting up, confirm that you no longer see the message.
+11. After Windows is done booting up, confirm that you no longer see the message.
> [!NOTE]
- > We recommend following these steps again to re-enable the **Secure boot configuration**, **Secure boot**, or **UEFI Boot** option, which you disabled in step 9, and then subsequently re-enable BitLocker (if you previously had this enabled).
+ > We recommend following these steps again to re-enable the **Secure boot configuration**, **Secure boot**, or **UEFI Boot** option, which you disabled in step 9, and then subsequently re-enable BitLocker (if you previously had this enabled).
### Use installation media to reinstall Windows 10
@@ -195,7 +178,7 @@ To use an installation media to reinstall Windows 10, follow these steps.
If you're not seeing the setup screen, your PC might not be set up to boot from a drive. Check your PC manufacturer's website for information on how to change your PC's boot order, and then try again.
8. Select **Install now**.
-9. On the **Enter the product key to active Windows** page, enter a product key if you've one. If you upgraded to Windows 10 for free, or bought and activated Windows 10 from the Microsoft Store, select **Skip** and Windows will automatically activate later. For more information, see [Activation in Windows 10](https://support.microsoft.com/help/12440/windows-10-activation).
+9. On the **Enter the product key to active Windows** page, enter a product key if you've one. If you upgraded to Windows 10 for free, or bought and activated Windows 10 from the Microsoft Store, select **Skip** and Windows will automatically activate later. For more information, see [Activate Windows](https://support.microsoft.com/windows/activate-windows-c39005d4-95ee-b91e-b399-2820fda32227).
10. On the **License terms** page, select **I accept the license terms** if you agree, and then select **Next**.
11. On the **Which type of installation do you want?** page, select **Custom**.
12. On the **where do you want to install Windows?** page, select a partition, select a formatting option (if necessary), and then follow the instructions.
@@ -203,45 +186,49 @@ To use an installation media to reinstall Windows 10, follow these steps.
14. Follow the rest of the setup instructions to finish installing Windows 10.
## Download Windows 10 in S mode
-Ready to test Windows 10 in S mode on your existing Windows 10 Pro or Windows 10 Pro Education device? Make sure you read the [important pre-installation information](#important-information) and all the above information.
+
+Ready to test Windows 10 in S mode on your existing Windows 10 Pro or Windows 10 Pro Education device? Make sure you read the [important pre-installation information](#important-information) and all the above information.
When you're ready, you can download the Windows 10 in S mode installer by clicking the **Download installer** button below:
> [!div class="nextstepaction" style="center"]
> [Download installer](https://go.microsoft.com/fwlink/?linkid=853240)
-After you install Windows 10 in S mode, the OS defaults to the English version. To change the UI and show the localized UI, go to **Settings > Time & language > Region & language >** in **Languages** select **Add a language** to add a new language or select an existing language and set it as the default.
+After you install Windows 10 in S mode, the OS defaults to the English version. To change the UI and show the localized UI, go to **Settings > Time & language > Region & language >** in **Languages**, select **Add a language** to add a new language or select an existing language, and set it as the default.
## Terms and Conditions
-Because you’re installing Windows 10 in S mode on a running version of Windows 10, you've already accepted the Windows 10 Terms and Conditions. you'ren't required to accept it again and the Windows 10 installer doesn’t show a Terms and Conditions page during installation.
-## Support
-Thank you for testing Windows 10 in S mode. Your best experience will be running on a supported device as mentioned above. However, we invite you to try Windows 10 in S mode on existing devices with an eligible operating system. If you're having difficulty installing or running Windows 10 in S mode, use the Windows **Feedback Hub** to report your experience to Microsoft. This feedback is the best way to help improve Windows 10 in S mode with your feedback.
+Because you're installing Windows 10 in S mode on a running version of Windows 10, you've already accepted the Windows 10 Terms and Conditions. you'ren't required to accept it again and the Windows 10 installer doesn't show a Terms and Conditions page during installation.
+
+## Support
+
+Thank you for testing Windows 10 in S mode. Your best experience will be running on a supported device as mentioned above. However, we invite you to try Windows 10 in S mode on existing devices with an eligible operating system. If you're having difficulty installing or running Windows 10 in S mode, use the Windows **Feedback Hub** to report your experience to Microsoft. This feedback is the best way to help improve Windows 10 in S mode with your feedback.
Common support questions for the Windows 10 in S mode test program:
-* **How do I activate if I don't have a Windows 10 in S mode product key?**
+### How do I activate if I don't have a Windows 10 in S mode product key?
- As stated above, devices running Windows 10 Pro, Windows 10 Pro Education, Windows 10 Education, or Windows 10 Enterprise can install and run Windows 10 in S mode and it will automatically activate. Testing Windows 10 in S mode on a device running Windows 10 Home isn't recommended and supported at this time.
+As stated above, devices running Windows 10 Pro, Windows 10 Pro Education, Windows 10 Education, or Windows 10 Enterprise can install and run Windows 10 in S mode and it will automatically activate. Testing Windows 10 in S mode on a device running Windows 10 Home isn't recommended and supported at this time.
-* **Will my OEM help me run Windows 10 in S mode?**
+### Will my OEM help me run Windows 10 in S mode?
- OEMs typically only support their devices with the operating system that was pre-installed. See [Supported devices](#supported-devices) for OEM devices that are best suited for testing Windows 10 in S mode. When testing Windows 10 in S mode, be ready to restore your own PC back to factory settings without assistance. Steps to return to your previous installation of Windows 10 are covered above.
+OEMs typically only support their devices with the operating system that was pre-installed. See [Supported devices](#supported-devices) for OEM devices that are best suited for testing Windows 10 in S mode. When testing Windows 10 in S mode, be ready to restore your own PC back to factory settings without assistance. Steps to return to your previous installation of Windows 10 are covered above.
-* **What happens when I run Reset or Fresh Start on Windows 10 in S mode?**
+### What happens when I run Reset or Fresh Start on Windows 10 in S mode?
- **Reset** or **Fresh Start** will operate correctly and keep you on Windows 10 in S mode. They also remove the 10-day go back ability. See [Switch to previously installed Windows 10 editions](#switch-to-previously-installed-windows-10-editions) to return to your previous installation of Windows 10 if you wish to discontinue using Windows 10 in S mode.
+**Reset** or **Fresh Start** will operate correctly and keep you on Windows 10 in S mode. They also remove the 10-day go back ability. See [Switch to previously installed Windows 10 editions](#switch-to-previously-installed-windows-10-editions) to return to your previous installation of Windows 10 if you wish to discontinue using Windows 10 in S mode.
-* **What if I want to move from Windows 10 in S mode to Windows 10 Pro?**
+### What if I want to move from Windows 10 in S mode to Windows 10 Pro?
- If you want to discontinue using Windows 10 in S mode, follow the instructions to return to your previous installation of Windows 10. If you already had Windows 10 Pro or Windows 10 Pro Education on the device you're testing on, you should be able to move to Windows 10 Pro or Windows 10 Pro Education at no charge with the instructions in this document. Otherwise, there may be a cost to acquire a Windows 10 Pro license in the Store.
+If you want to discontinue using Windows 10 in S mode, follow the instructions to return to your previous installation of Windows 10. If you already had Windows 10 Pro or Windows 10 Pro Education on the device you're testing on, you should be able to move to Windows 10 Pro or Windows 10 Pro Education at no charge with the instructions in this document. Otherwise, there may be a cost to acquire a Windows 10 Pro license in the Store.
-For help with activation issues, click on the appropriate link below for support options.
-* For Volume Licensing Agreement or Shape the Future program customers, go to the [Microsoft Commercial Support](https://support.microsoft.com/gp/commercialsupport) website and select the country/region in which you're seeking commercial support to contact our commercial support team.
-* If you don't have a Volume Licensing Agreement, go to the [Microsoft Support](https://support.microsoft.com/contactus/) website and choose a support option.
+For help with activation issues, select the appropriate link below for support options.
+
+- For Volume Licensing Agreement or Shape the Future program customers, go to the [Microsoft Commercial Support](https://support.microsoft.com/gp/commercialsupport) website and select the country/region in which you're seeking commercial support to contact our commercial support team.
+- If you don't have a Volume Licensing Agreement, go to the [Microsoft Support](https://support.microsoft.com/contactus/) website and choose a support option.
1 Internet access fees may apply.
-2 Devices must be configured for educational use by applying SetEduPolicies using the Set up School PCs app.
+2 Devices must be configured for educational use by applying SetEduPolicies using the Setup School PCs app.
\ No newline at end of file
diff --git a/education/windows/tutorial-school-deployment/configure-device-apps.md b/education/windows/tutorial-school-deployment/configure-device-apps.md
new file mode 100644
index 0000000000..ab88e770c4
--- /dev/null
+++ b/education/windows/tutorial-school-deployment/configure-device-apps.md
@@ -0,0 +1,99 @@
+---
+title: Configure applications with Microsoft Intune
+description: Configure applications with Microsoft Intune in preparation to device deployment
+ms.date: 08/31/2022
+ms.prod: windows
+ms.technology: windows
+ms.topic: tutorial
+ms.localizationpriority: medium
+author: paolomatarazzo
+ms.author: paoloma
+#ms.reviewer:
+manager: aaroncz
+ms.collection: education
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows 11 SE
+---
+
+# Configure applications with Microsoft Intune
+
+With Intune for Education, school IT administrators have access to diverse applications to help students unlock their learning potential. This section discusses tools and resources for adding apps to Intune for Education.
+
+Applications can be assigned to groups:
+
+- If you target apps to a **group of users**, the apps will be installed on any managed devices that the users sign into
+- If you target apps to a **group of devices**, the apps will be installed on those devices and available to any user who signs in
+
+In this section you will:
+> [!div class="checklist"]
+> * Add apps to Intune for Education
+> * Assign apps to groups
+> * Review some considerations for Windows 11 SE devices
+
+## Add apps to Intune for Education
+
+Intune for Education supports the deployment of two types of Windows applications: **web apps** and **desktop apps**.
+
+:::image type="content" source="./images/intune-education-apps.png" alt-text="Intune for Education - Apps" lightbox="./images/intune-education-apps.png" border="true":::
+
+### Desktop apps
+
+The addition of desktop applications to Intune should be carried out by repackaging the apps, and defining the commands to silently install them. The process is described in the article [Add, assign, and monitor a Win32 app in Microsoft Intune][MEM-1].
+
+### Web apps
+
+To create web applications in Intune for Education:
+
+1. Sign in to the Intune for Education portal
+1. Select **Apps**
+1. Select **New app** > **New web app**
+1. Provide a URL for the web app, a name and, optionally, an icon and description
+1. Select **Save**
+
+For more information, see [Add web apps][INT-2].
+
+## Assign apps to groups
+
+To assign applications to a group of users or devices:
+
+1. Sign in to the Intune for Education portal
+1. Select **Groups** > Pick a group to manage
+1. Select **Apps**
+1. Select either **Web apps** or **Windows apps**
+1. Select the apps you want to assign to the group > Save
+
+## Considerations for Windows 11 SE
+
+Windows 11 SE supports all web applications and a *curated list* of desktop applications.
+You can prepare and add a desktop app to Microsoft Intune as a Win32 app from the [approved app list][EDU-1].
+
+The process to add Win32 applications to Intune is described in the article [Add, assign, and monitor a Win32 app in Microsoft Intune][MEM-1].
+
+> [!NOTE]
+> If the applications you need aren't included in the list, anyone in your school district can submit an application request at Microsoft Education Support.
+
+> [!CAUTION]
+> If you assign an app to a device running **Windows 11 SE** and receive the **0x87D300D9** error code with a **Failed** state:
+> - Be sure the app is on the [approved app list][EDU-1]
+> - If you submitted a request to add your own app and it was approved, check that the app meets package requirements
+> - If the app is not approved, it will not run on Windows 11 SE. In this case, you will have to verify if the app can run in a web browser, such as a web app or PWA
+
+________________________________________________________
+
+## Next steps
+
+With the applications configured, you can now deploy students' and teachers' devices.
+
+> [!div class="nextstepaction"]
+> [Next: Deploy devices >](enroll-overview.md)
+
+
+
+[EDU-1]: /education/windows/windows-11-se-overview
+
+[MEM-1]: /mem/intune/apps/apps-win32-add
+
+[INT-1]: /intune-education/express-configuration-intune-edu
+[INT-2]: /intune-education/add-web-apps-edu
\ No newline at end of file
diff --git a/education/windows/tutorial-school-deployment/configure-device-settings.md b/education/windows/tutorial-school-deployment/configure-device-settings.md
new file mode 100644
index 0000000000..333618e34c
--- /dev/null
+++ b/education/windows/tutorial-school-deployment/configure-device-settings.md
@@ -0,0 +1,142 @@
+---
+title: Configure and secure devices with Microsoft Intune
+description: Configure policies with Microsoft Intune in preparation to device deployment
+ms.date: 08/31/2022
+ms.prod: windows
+ms.technology: windows
+ms.topic: tutorial
+ms.localizationpriority: medium
+author: paolomatarazzo
+ms.author: paoloma
+#ms.reviewer:
+manager: aaroncz
+ms.collection: education
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows 11 SE
+---
+
+# Configure and secure devices with Microsoft Intune
+
+With Intune for Education, you can configure settings for devices in the school, to ensure that they comply with specific policies.
+For example, you may need to secure your devices, ensuring that they are kept up to date. Or you may need to configure all the devices with the same look and feel.
+
+Settings can be assigned to groups:
+
+- If you target settings to a **group of users**, those settings will apply, regardless of what managed devices the targeted users sign in to
+- If you target settings to a **group of devices**, those settings will apply regardless of who is using the devices
+
+There are two ways to manage settings in Intune for Education:
+
+- **Express Configuration.** This option is used to configure a selection of settings that are commonly used in school environments
+- **Group settings.** This option is used to configure all settings that are offered by Intune for Education
+
+> [!NOTE]
+> Express Configuration is ideal when you are getting started. Settings are pre-configured to Microsoft-recommended values, but can be changed to fit your school's needs. It is recommended to use Express Configuration to initially set up your Windows devices.
+
+In this section you will:
+> [!div class="checklist"]
+> * Configure settings with Express Configuration
+> * Configure group settings
+> * Create Windows Update policies
+> * Configure security policies
+
+## Configure settings with Express Configuration
+
+With Express Configuration, you can get Intune for Education up and running in just a few steps. You can select a group of devices or users, select applications to distribute, and choose settings from the most commonly used in schools.
+
+> [!TIP]
+> To learn more, and practice step-by-step Express Configuration in Intune for Education, try this interactive demo.
+
+## Configure group settings
+
+Groups are used to manage users and devices with similar management needs, allowing you to apply changes to many devices or users at once. To review the available group settings:
+
+1. Sign in to the Intune for Education portal
+1. Select **Groups** > Pick a group to manage
+1. Select **Windows device settings**
+1. Expand the different categories and review information about individual settings
+
+Settings that are commonly configured for student devices include:
+
+- Wallpaper and lock screen background. See: [Lock screen and desktop][INT-7]
+- Wi-Fi connections. See: [Add Wi-Fi profiles][INT-8]
+- Enablement of the integrated testing and assessment solution *Take a test*. See: [Add Take a Test profile][INT-9]
+
+For more information, see [Windows device settings in Intune for Education][INT-3].
+
+## Create Windows Update policies
+
+It is important to keep Windows devices up to date with the latest security updates. You can create Windows Update policies using Intune for Education.
+
+To create a Windows Update policy:
+
+1. Select **Groups** > Pick a group to manage
+1. Select **Windows device settings**
+1. Expand the category **Update and upgrade**
+1. Configure the required settings as needed
+
+For more information, see [Updates and upgrade][INT-6].
+
+> [!NOTE]
+> If you require a more complex Windows Update policy, you can create it in Microsoft Endpoint Manager. For more information:
+> - [What is Windows Update for Business?][WIN-1]
+> - [Manage Windows software updates in Intune][MEM-1]
+
+## Configure security policies
+
+It is critical to ensure that the devices you manage are secured using the different security technologies available in Windows.
+Intune for Education provides different settings to secure devices.
+
+To create a security policy:
+
+1. Select **Groups** > Pick a group to manage
+1. Select **Windows device settings**
+1. Expand the category **Security**
+1. Configure the required settings as needed, including
+ - Windows Defender
+ - Windows Encryption
+ - Windows SmartScreen
+
+For more information, see [Security][INT-4].
+
+> [!NOTE]
+> If you require more sophisticated security policies, you can create them in Microsoft Endpoint Manager. For more information:
+> - [Antivirus][MEM-2]
+> - [Disk encryption][MEM-3]
+> - [Firewall][MEM-4]
+> - [Endpoint detection and response][MEM-5]
+> - [Attack surface reduction][MEM-6]
+> - [Account protection][MEM-7]
+
+________________________________________________________
+
+## Next steps
+
+With the Intune service configured, you can configure policies and applications to deploy to your students' and teachers' devices.
+
+> [!div class="nextstepaction"]
+> [Next: Configure applications >](configure-device-apps.md)
+
+
+
+[EDU-1]: /education/windows/windows-11-se-overview
+
+[INT-2]: /intune-education/express-configuration-intune-edu
+[INT-3]: /intune-education/all-edu-settings-windows
+[INT-4]: /intune-education/all-edu-settings-windows#security
+[INT-6]: /intune-education/all-edu-settings-windows#updates-and-upgrade
+[INT-7]: /intune-education/all-edu-settings-windows#lock-screen-and-desktop
+[INT-8]: /intune-education/add-wi-fi-profile
+[INT-9]: /intune-education/take-a-test-profiles
+
+[WIN-1]: /windows/deployment/update/waas-manage-updates-wufb
+
+[MEM-1]: /mem/intune/protect/windows-update-for-business-configure
+[MEM-2]: /mem/intune/protect/endpoint-security-antivirus-policy
+[MEM-3]: /mem/intune/protect/encrypt-devices
+[MEM-4]: /mem/intune/protect/endpoint-security-firewall-policy
+[MEM-5]: /mem/intune/protect/endpoint-security-edr-policy
+[MEM-6]: /mem/intune/protect/endpoint-security-asr-policy
+[MEM-7]: /mem/intune/protect/endpoint-security-account-protection-policy
\ No newline at end of file
diff --git a/education/windows/tutorial-school-deployment/configure-devices-overview.md b/education/windows/tutorial-school-deployment/configure-devices-overview.md
new file mode 100644
index 0000000000..bea37bf92b
--- /dev/null
+++ b/education/windows/tutorial-school-deployment/configure-devices-overview.md
@@ -0,0 +1,70 @@
+---
+title: Configure devices with Microsoft Intune
+description: Configure policies and applications in preparation to device deployment
+ms.date: 08/31/2022
+ms.prod: windows
+ms.technology: windows
+ms.topic: tutorial
+ms.localizationpriority: medium
+author: paolomatarazzo
+ms.author: paoloma
+#ms.reviewer:
+manager: aaroncz
+ms.collection: education
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows 11 SE
+---
+
+# Configure settings and applications with Microsoft Intune
+
+Before distributing devices to your users, you must ensure that the devices will be configured with the required policies, settings, and applications as they get enrolled in Intune.
+Microsoft Intune uses Azure AD groups to assign policies and applications to devices.
+With Microsoft Intune for Education, you can conveniently create groups and assign policies and applications to them.
+
+In this section you will:
+> [!div class="checklist"]
+> * Create groups
+> * Create and assign policies to groups
+> * Create and assign applications to groups
+
+## Create groups
+
+By organizing devices, students, classrooms, or learning curricula into groups, you can provide students with the resources and configurations they need.
+
+By default, Intune for Education creates two default groups: *All devices* and *All users*.
+Two additional groups are pre-created if you use **Microsoft School Data Sync (SDS)**: *All teachers* and *All students*. SDS can also be configured to automatically create and maintain groups of students and teachers for each school.
+
+:::image type="content" source="./images/intune-education-groups.png" alt-text="Intune for Education - Groups blade" border="true":::
+
+Beyond the defaults, groups can be customized to suit various needs. For example, if you have both *Windows 10* and *Windows 11 SE* devices in your school, you can create groups, such as *Windows 10 devices* and *Windows 11 SE devices*, to assign different policies and applications to.
+
+Two group types can be created:
+
+- **Assigned groups** are used when you want to manually add users or devices to a group
+- **Dynamic groups** reference rules that you create to assign students or devices to groups, which automate the membership's maintenance of those groups
+
+> [!TIP]
+> If you target applications and policies to a *device dynamic group*, they will be applied to the devices as soon as they are enrolled in Intune, before users signs in. This can be useful in bulk enrollment scenarios, where devices are enrolled without requiring users to sign in. Devices can be configured and prepared in advance, before distribution.
+
+For more information, see:
+
+- [Create groups in Intune for Education][EDU-1]
+- [Manually add or remove users and devices to an existing assigned group][EDU-2]
+- [Edit dynamic group rules to accommodate for new devices, locations, or school years][EDU-3]
+
+________________________________________________________
+
+## Next steps
+
+With the groups created, you can configure policies and applications to deploy to your groups.
+
+> [!div class="nextstepaction"]
+> [Next: Configure policies >](configure-device-settings.md)
+
+
+
+[EDU-1]: /intune-education/create-groups
+[EDU-2]: /intune-education/edit-groups-intune-for-edu
+[EDU-3]: /intune-education/edit-groups-intune-for-edu#edit-dynamic-group-rules
\ No newline at end of file
diff --git a/education/windows/tutorial-school-deployment/enroll-aadj.md b/education/windows/tutorial-school-deployment/enroll-aadj.md
new file mode 100644
index 0000000000..5747c986a4
--- /dev/null
+++ b/education/windows/tutorial-school-deployment/enroll-aadj.md
@@ -0,0 +1,42 @@
+---
+title: Enrollment in Intune with standard out-of-box experience (OOBE)
+description: how to join Azure AD for OOBE and automatically get the device enrolled in Intune
+ms.date: 08/31/2022
+ms.prod: windows
+ms.technology: windows
+ms.topic: tutorial
+ms.localizationpriority: medium
+author: paolomatarazzo
+ms.author: paoloma
+#ms.reviewer:
+manager: aaroncz
+ms.collection: education
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows 11 SE
+---
+# Automatic Intune enrollment via Azure AD join
+
+If you're setting up a Windows device individually, you can use the out-of-box experience to join it to your school's Azure Active Directory tenant, and automatically enroll it in Intune.
+With this process, no advance preparation is needed:
+
+1. Follow the on-screen prompts for region selection, keyboard selection, and network connection
+1. Wait for updates. If any updates are available, they'll be installed at this time
+ :::image type="content" source="./images/win11-oobe-updates.png" alt-text="Windows 11 OOBE - updates page" border="true":::
+1. When prompted, select **Set up for work or school** and authenticate using your school's Azure Active Directory account
+ :::image type="content" source="./images/win11-oobe-auth.png" alt-text="Windows 11 OOBE - authentication page" border="true":::
+1. The device will join Azure AD and automatically enroll in Intune. All settings defined in Intune will be applied to the device
+
+> [!IMPORTANT]
+> If you configured enrollment restrictions in Intune blocking personal Windows devices, this process will not complete. You will need to use a different enrollment method, or ensure that the devices are registered in Autopilot.
+
+:::image type="content" source="./images/win11-login-screen.png" alt-text="Windows 11 login screen" border="false":::
+
+________________________________________________________
+## Next steps
+
+With the devices joined to Azure AD tenant and managed by Intune, you can use Intune to maintain them and report on their status.
+
+> [!div class="nextstepaction"]
+> [Next: Manage devices >](manage-overview.md)
\ No newline at end of file
diff --git a/education/windows/tutorial-school-deployment/enroll-autopilot.md b/education/windows/tutorial-school-deployment/enroll-autopilot.md
new file mode 100644
index 0000000000..a64a7590e3
--- /dev/null
+++ b/education/windows/tutorial-school-deployment/enroll-autopilot.md
@@ -0,0 +1,160 @@
+---
+title: Enrollment in Intune with Windows Autopilot
+description: how to join Azure AD and enroll in Intune using Windows Autopilot
+ms.date: 08/31/2022
+ms.prod: windows
+ms.technology: windows
+ms.topic: tutorial
+ms.localizationpriority: medium
+author: paolomatarazzo
+ms.author: paoloma
+#ms.reviewer:
+manager: aaroncz
+ms.collection: education
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows 11 SE
+---
+
+# Windows Autopilot
+
+Windows Autopilot is designed to simplify all parts of Windows devices lifecycle, from initial deployment through end of life. Using cloud-based services, Windows Autopilot can reduce the overall costs for deploying, managing, and retiring devices.
+
+Traditionally, IT pros spend a significant amount of time building and customizing images that will later be deployed to devices. Windows Autopilot introduces a new, simplified approach. Devices don't need to be reimaged, rather they can be deployed with the OEM image, and customized using cloud-based services.
+
+From the user's perspective, it only takes a few simple operations to make their device ready to use. The only interaction required from the end user is to set their language and regional settings, connect to a network, and verify their credentials. Everything beyond that is automated.
+
+## Prerequisites
+
+Before setting up Windows Autopilot, consider these prerequisites:
+
+- **Software requirements.** Ensure your school and devices meet the [software, networking, licensing, and configuration requirements][WIN-1] for Windows Autopilot
+- **Devices ordered and registered.** Ensure your school IT administrator or Microsoft partner has ordered the devices from an original equipment manufacturer (OEM) and registered them for the Autopilot deployment service. To connect with a partner, you can use the [Microsoft Partner Center][MSFT-1] and work with them to register your devices
+- **Networking requirements.** Ensure students know to connect to the school network during OOBE setup. For more information on managing devices behind firewalls and proxy servers, see [Network endpoints for Microsoft Intune][MEM-1]
+
+> [!NOTE]
+> Where not explicitly specified, both HTTPS (443) and HTTP (80) must be accessible. If you are auto-enrolling your devices into Microsoft Intune or deploying Microsoft Office, follow the networking guidelines for [Microsoft Intune][INT-1] and [Microsoft 365][M365-1].
+
+## Register devices to Windows Autopilot
+
+Before deployment, devices must be registered in the Windows Autopilot service. Each device's unique hardware identity (known as a *hardware hash*) must be uploaded to the Autopilot service. In this way, the Autopilot service can recognize which tenant devices belong to, and which OOBE experience it should present. There are three main ways to register devices to Autopilot:
+
+- **OEM registration process.** When you purchase devices from an OEM or Reseller, that company can automatically register devices to Windows Autopilot and associate them to your tenant. Before this registration can happen, a *Global Administrator* must grant the OEM/Reseller permissions to register devices. For more information, see [OEM registration][MEM-2]
+ > [!NOTE]
+ > For **Microsoft Surface registration**, collect the details shown in this [documentation table][SURF-1] and follow the instruction to submit the request form to Microsoft Support.
+- **Cloud Solution Provider (CSP) registration process.** As with OEMs, CSP partners must be granted permission to register devices for a school. For more information, see [Partner registration][MEM-5]
+ > [!TIP]
+ > Try the Microsoft Partner Center clickable demo, which provides detailed steps to establish a partner relationship and register devices.
+- **Manual registration.** To manually register a device, you must first capture its hardware hash. Once this process has been completed, the hardware hash can be uploaded to the Windows Autopilot service using [Microsoft Intune][MEM-6]
+ > [!IMPORTANT]
+ > **Windows 11 SE** devices do not support the use of Windows PowerShell or Microsoft Configuration Manager to capture hardware hashes. Hardware hashes can only be captured manually. We recommend working with an OEM, partner, or device reseller to register devices.
+
+## Create groups for Autopilot devices
+
+**Windows Autopilot deployment profiles** determine the Autopilot *deployment mode* and define the out-of-box experience of your devices. A device group is required to assign a Windows Autopilot deployment profile to the devices.
+For this task, it's recommended to create dynamic device groups using Autopilot attributes.
+
+Here are the steps for creating a dynamic group for the devices that have an assigned Autopilot group tag:
+
+1. Sign in to the Intune for Education portal
+1. Select **Groups** > **Create group**
+1. Specify a **Group name** and select **Dynamic**
+1. Under **Rules**, select **I want to manage: Devices** and use the clause **Where: Device group tag starts with**, specifying the required tag value
+1. Select **Create group**
+ :::image type="content" source="./images/intune-education-autopilot-group.png" alt-text="Intune for Education - creation of a dynamic group for Autopilot devices" border="true":::
+
+More advanced dynamic membership rules can be created from Microsoft Endpoint Manager admin center. For more information, see [Create an Autopilot device group using Intune][MEM-3].
+
+> [!TIP]
+> You can use these dynamic groups not only to assign Autopilot profiles, but also to target applications and settings.
+
+## Create Autopilot deployment profiles
+
+For Autopilot devices to offer a customized OOBE experience, you must create **Windows Autopilot deployment profiles** and assign them to a group containing the devices.
+A deployment profile is a collection of settings that determine the behavior of the device during OOBE. Among other settings, a deployment profile specifies a **deployment mode**, which can either be:
+1. **User-driven:** devices with this profile are associated with the user enrolling the device. User credentials are required to complete the Azure AD join process during OOBE
+1. **Self-deploying:** devices with this profile aren't associated with the user enrolling the device. User credentials aren't required to complete the Azure AD join process. Rather, the device is joined automatically and, for this reason, specific hardware requirements must be met to use this mode.
+
+To create an Autopilot deployment profile:
+
+1. Sign in to the Intune for Education portal
+1. Select **Groups** > Select a group from the list
+1. Select **Windows device settings**
+1. Expand the **Enrolment** category
+1. From **Configure Autopilot deployment profile for device** select **User-driven**
+1. Ensure that **User account type** is configured as **Standard**
+1. Select **Save**
+
+While Intune for Education offers simple options for Autopilot configurations, more advanced deployment profiles can be created from Microsoft Endpoint Manager admin center. For more information, see [Windows Autopilot deployment profiles][MEM-4].
+
+### Configure an Enrollment Status Page
+
+An Enrollment Status Page (ESP) is a greeting page displayed to users while enrolling or signing in for the first time to Windows devices. The ESP displays provisioning progress, showing applications and profiles installation status.
+
+:::image type="content" source="./images/win11-oobe-esp.gif" alt-text="Windows OOBE - enrollment status page animation." border="false":::
+
+> [!NOTE]
+> Some Windows Autopilot deployment profiles **require** the ESP to be configured.
+
+To deploy the ESP to devices, you need to create an ESP profile in Microsoft Endpoint Manager.
+
+> [!TIP]
+> While testing the deployment process, you can configure the ESP to:
+> - allow the reset of the devices in case the installation fails
+> - allow the use of the device if installation error occurs
+>
+> This enables you to troubleshoot the installation process in case any issues arise and to easily reset the OS. You can turn these settings off once you are done testing.
+
+For more information, see [Set up the Enrollment Status Page][MEM-3].
+
+> [!CAUTION]
+> When targeting an ESP to **Windows 11 SE** devices, only applications included in the [approved app list][EDU-1] should part of the ESP configuration.
+
+### Autopilot end-user experience
+
+Once configuration is complete and devices are distributed, students and teachers are able to complete the out-of-box experience with Autopilot. They can set up their devices at home, at school, or wherever there's a reliable Internet connection.
+When a Windows device is turned on for the first time, the end-user experience with Windows Autopilot is as follows:
+
+1. Identify the language and region
+1. Select the keyboard layout and decide on the option for a second keyboard layout
+1. Connect to the internet: if connecting through Wi-Fi, the user will be prompted to connect to a wireless network. If the device is connected through an ethernet cable, Windows will skip this step
+1. Apply updates: the device will look for and apply required updates
+1. Windows will detect if the device has an Autopilot profile assigned to it. If so, it will proceed with the customized OOBE experience. If the Autopilot profile specifies a naming convention for the device, the device will be renamed, and a reboot will occur
+1. The user authenticates to Azure AD, using the school account
+1. The device joins Azure AD, enrolls in Intune and all the settings and applications are configured
+
+> [!NOTE]
+> Some of these steps may be skipped, depending on the Autopilot profile configuration and if the device is using a wired connection.
+
+:::image type="content" source="./images/win11-login-screen.png" alt-text="Windows 11 login screen" border="false":::
+
+________________________________________________________
+## Next steps
+
+With the devices joined to Azure AD tenant and managed by Intune, you can use Intune to maintain them and report on their status.
+
+> [!div class="nextstepaction"]
+> [Next: Manage devices >](manage-overview.md)
+
+
+
+[MEM-1]: /mem/intune/fundamentals/intune-endpoints
+[MEM-2]: /mem/autopilot/oem-registration
+[MEM-3]: /mem/autopilot/enrollment-autopilot#create-an-autopilot-device-group-using-intune
+[MEM-4]: /mem/autopilot/profiles
+[MEM-5]: /mem/autopilot/partner-registration
+[MEM-6]: /mem/autopilot/add-devices
+
+[WIN-1]: /windows/deployment/windows-autopilot/windows-autopilot-requirements
+
+[MSFT-1]: https://partner.microsoft.com/
+
+[INT-1]: /intune/network-bandwidth-use
+
+[M365-1]: https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2
+
+[EDU-1]: /education/windows/windows-11-se-overview
+[EDU-2]: /intune-education/windows-11-se-overview#windows-autopilot
+
+[SURF-1]: /surface/surface-autopilot-registration-support
\ No newline at end of file
diff --git a/education/windows/tutorial-school-deployment/enroll-overview.md b/education/windows/tutorial-school-deployment/enroll-overview.md
new file mode 100644
index 0000000000..1a0048e8b2
--- /dev/null
+++ b/education/windows/tutorial-school-deployment/enroll-overview.md
@@ -0,0 +1,48 @@
+---
+title: Device enrollment overview
+description: Options to enroll Windows devices in Microsoft Intune
+ms.date: 08/31/2022
+ms.prod: windows
+ms.technology: windows
+ms.topic: overview
+ms.localizationpriority: medium
+author: paolomatarazzo
+ms.author: paoloma
+#ms.reviewer:
+manager: aaroncz
+ms.collection: education
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows 11 SE
+---
+
+# Device enrollment overview
+
+There are three main methods for joining Windows devices to Azure AD and getting them enrolled and managed by Intune:
+
+- **Automatic Intune enrollment via Azure AD join** happens when a user first turns on a device that is in out-of-box experience (OOBE), and selects the option to join Azure AD. In this scenario, the user can customize certain Windows functionalities before reaching the desktop, and becomes a local administrator of the device. This option isn't an ideal enrollment method for education devices
+- **Bulk enrollment with provisioning packages.** Provisioning packages are files that can be used to set up Windows devices, and can include information to connect to Wi-Fi networks and to join an Azure AD tenant. Provisioning packages can be created using either **Set Up School PCs** or **Windows Configuration Designer** applications. These files can be applied during or after the out-of-box experience
+- **Enrollment via Windows Autopilot.** Windows Autopilot is a collection of cloud services to configure the out-of-box experience, enabling light-touch or zero-touch deployment scenarios. Windows Autopilot simplifies the Windows device lifecycle, from initial deployment to end of life, for OEMs, resellers, IT administrators and end users
+
+## Choose the enrollment method
+
+**Windows Autopilot** and the **Set up School PCs** app are usually the most efficient options for school environments.
+This [table][INT-1] describes the ideal scenarios for using either option. It's recommended to review the table when planning your enrollment and deployment strategies.
+
+:::image type="content" source="./images/enroll.png" alt-text="The device lifecycle for Intune-managed devices - enrollment" border="false":::
+
+Select one of the following options to learn the next steps about the enrollment method you chose:
+
+> [!div class="nextstepaction"]
+> [Next: Automatic Intune enrollment via Azure AD join >](enroll-aadj.md)
+
+> [!div class="nextstepaction"]
+> [Next: Bulk enrollment with provisioning packages >](enroll-package.md)
+
+> [!div class="nextstepaction"]
+> [Next: Enroll devices with Windows Autopilot >](enroll-autopilot.md)
+
+
+
+[INT-1]: /intune-education/add-devices-windows#when-to-use-set-up-school-pcs-vs-windows-autopilot
diff --git a/education/windows/tutorial-school-deployment/enroll-package.md b/education/windows/tutorial-school-deployment/enroll-package.md
new file mode 100644
index 0000000000..35f640ae75
--- /dev/null
+++ b/education/windows/tutorial-school-deployment/enroll-package.md
@@ -0,0 +1,76 @@
+---
+title: Enrollment of Windows devices with provisioning packages
+description: options how to enroll Windows devices with provisioning packages using SUSPCs and Windows Configuration Designer
+ms.date: 08/31/2022
+ms.prod: windows
+ms.technology: windows
+ms.topic: tutorial
+ms.localizationpriority: medium
+author: paolomatarazzo
+ms.author: paoloma
+#ms.reviewer:
+manager: aaroncz
+ms.collection: education
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows 11 SE
+---
+
+# Enrollment with provisioning packages
+
+Enrolling devices with provisioning packages is an efficient way to deploy a large number of Windows devices. Some of the benefits of provisioning packages are:
+
+- There are no particular hardware dependencies on the devices to complete the enrollment process
+- Devices don't need to be registered in advance
+- Enrollment is a simple task: just open a provisioning package and the process is automated
+
+You can create provisioning packages using either **Set Up School PCs** or **Windows Configuration Designer** applications, which are described in the following sections.
+
+## Set up School PCs
+
+With Set up School PCs, you can create a package containing the most common device configurations that students need, and enroll devices in Intune. The package is saved on a USB stick, which can then be plugged into devices during OOBE. Applications and settings will be automatically applied to the devices, including the Azure AD join and Intune enrollment process.
+
+### Create a provisioning package
+
+The Set Up School PCs app guides you through configuration choices for school-owned devices.
+
+:::image type="content" source="./images/supcs-win11se.png" alt-text="Configure device settings in Set Up School PCs app" border="false":::
+
+> [!CAUTION]
+> If you are creating a provisioning package for **Windows 11 SE** devices, ensure to select the correct *OS version* in the *Configure device settings* page.
+
+Set Up School PCs will configure many settings, allowing you to optimize devices for shared use and other scenarios.
+
+For more information on prerequisites, configuration, and recommendations, see [Use the Set Up School PCs app][EDU-1].
+
+> [!TIP]
+> To learn more and practice with Set up School PCs, try the Set Up School PCs demo, which provides detailed steps to create a provisioning package and deploy a device.
+## Windows Configuration Designer
+
+Windows Configuration Designer is especially useful in scenarios where a school needs to provision packages for both bring-you-own devices and school-owned devices. Differently from Set Up School PCs, Windows Configuration Designer doesn't offer a guided experience, and allows granular customizations, including the possibility to embed scripts in the package.
+
+:::image type="content" source="./images/wcd.png" alt-text="Set up device page in Windows Configuration Designer" border="false":::
+
+For more information, see [Install Windows Configuration Designer][WIN-1], which provides details about the app, its provisioning process, and considerations for its use.
+
+## Enroll devices with the provisioning package
+
+To provision Windows devices with provisioning packages, insert the USB stick containing the package during the out-of-box experience. The devices will read the content of the package, join Azure AD and automatically enroll in Intune.
+All settings defined in the package and in Intune will be applied to the device, and the device will be ready to use.
+
+:::image type="content" source="./images/win11-oobe-ppkg.gif" alt-text="Windows 11 OOBE - enrollment with provisioning package animation." border="false":::
+
+________________________________________________________
+## Next steps
+
+With the devices joined to Azure AD tenant and managed by Intune, you can use Intune to maintain them and report on their status.
+
+> [!div class="nextstepaction"]
+> [Next: Manage devices >](manage-overview.md)
+
+
+
+[EDU-1]: /education/windows/use-set-up-school-pcs-app
+
+[WIN-1]: /windows/configuration/provisioning-packages/provisioning-install-icd
\ No newline at end of file
diff --git a/education/windows/tutorial-school-deployment/images/advanced-support.png b/education/windows/tutorial-school-deployment/images/advanced-support.png
new file mode 100644
index 0000000000..d7655d1616
Binary files /dev/null and b/education/windows/tutorial-school-deployment/images/advanced-support.png differ
diff --git a/education/windows/tutorial-school-deployment/images/configure.png b/education/windows/tutorial-school-deployment/images/configure.png
new file mode 100644
index 0000000000..6e3219a7cb
Binary files /dev/null and b/education/windows/tutorial-school-deployment/images/configure.png differ
diff --git a/education/windows/tutorial-school-deployment/images/device-lifecycle.png b/education/windows/tutorial-school-deployment/images/device-lifecycle.png
new file mode 100644
index 0000000000..ab14cdb9f0
Binary files /dev/null and b/education/windows/tutorial-school-deployment/images/device-lifecycle.png differ
diff --git a/education/windows/tutorial-school-deployment/images/dfci-profile-expanded.png b/education/windows/tutorial-school-deployment/images/dfci-profile-expanded.png
new file mode 100644
index 0000000000..3386f7673a
Binary files /dev/null and b/education/windows/tutorial-school-deployment/images/dfci-profile-expanded.png differ
diff --git a/education/windows/tutorial-school-deployment/images/dfci-profile.png b/education/windows/tutorial-school-deployment/images/dfci-profile.png
new file mode 100644
index 0000000000..d77dc06f3d
Binary files /dev/null and b/education/windows/tutorial-school-deployment/images/dfci-profile.png differ
diff --git a/education/windows/tutorial-school-deployment/images/enroll.png b/education/windows/tutorial-school-deployment/images/enroll.png
new file mode 100644
index 0000000000..352cda9509
Binary files /dev/null and b/education/windows/tutorial-school-deployment/images/enroll.png differ
diff --git a/education/windows/tutorial-school-deployment/images/enrollment-restrictions.png b/education/windows/tutorial-school-deployment/images/enrollment-restrictions.png
new file mode 100644
index 0000000000..69b22745a6
Binary files /dev/null and b/education/windows/tutorial-school-deployment/images/enrollment-restrictions.png differ
diff --git a/education/windows/tutorial-school-deployment/images/entra-assign-licenses.png b/education/windows/tutorial-school-deployment/images/entra-assign-licenses.png
new file mode 100644
index 0000000000..3f031053d5
Binary files /dev/null and b/education/windows/tutorial-school-deployment/images/entra-assign-licenses.png differ
diff --git a/education/windows/tutorial-school-deployment/images/entra-branding.png b/education/windows/tutorial-school-deployment/images/entra-branding.png
new file mode 100644
index 0000000000..7201c7386d
Binary files /dev/null and b/education/windows/tutorial-school-deployment/images/entra-branding.png differ
diff --git a/education/windows/tutorial-school-deployment/images/entra-device-settings.png b/education/windows/tutorial-school-deployment/images/entra-device-settings.png
new file mode 100644
index 0000000000..ef18b7391f
Binary files /dev/null and b/education/windows/tutorial-school-deployment/images/entra-device-settings.png differ
diff --git a/education/windows/tutorial-school-deployment/images/entra-tenant-name.png b/education/windows/tutorial-school-deployment/images/entra-tenant-name.png
new file mode 100644
index 0000000000..4cf21148d1
Binary files /dev/null and b/education/windows/tutorial-school-deployment/images/entra-tenant-name.png differ
diff --git a/education/windows/tutorial-school-deployment/images/i4e-autopilot-reset.png b/education/windows/tutorial-school-deployment/images/i4e-autopilot-reset.png
new file mode 100644
index 0000000000..69f9fb188a
Binary files /dev/null and b/education/windows/tutorial-school-deployment/images/i4e-autopilot-reset.png differ
diff --git a/education/windows/tutorial-school-deployment/images/i4e-factory-reset.png b/education/windows/tutorial-school-deployment/images/i4e-factory-reset.png
new file mode 100644
index 0000000000..5c1215f6d8
Binary files /dev/null and b/education/windows/tutorial-school-deployment/images/i4e-factory-reset.png differ
diff --git a/education/windows/tutorial-school-deployment/images/intune-diagnostics.png b/education/windows/tutorial-school-deployment/images/intune-diagnostics.png
new file mode 100644
index 0000000000..20b05ad9d7
Binary files /dev/null and b/education/windows/tutorial-school-deployment/images/intune-diagnostics.png differ
diff --git a/education/windows/tutorial-school-deployment/images/intune-education-apps.png b/education/windows/tutorial-school-deployment/images/intune-education-apps.png
new file mode 100644
index 0000000000..ca344cf5cf
Binary files /dev/null and b/education/windows/tutorial-school-deployment/images/intune-education-apps.png differ
diff --git a/education/windows/tutorial-school-deployment/images/intune-education-autopilot-group.png b/education/windows/tutorial-school-deployment/images/intune-education-autopilot-group.png
new file mode 100644
index 0000000000..75543684ca
Binary files /dev/null and b/education/windows/tutorial-school-deployment/images/intune-education-autopilot-group.png differ
diff --git a/education/windows/tutorial-school-deployment/images/intune-education-groups.png b/education/windows/tutorial-school-deployment/images/intune-education-groups.png
new file mode 100644
index 0000000000..87f4546e88
Binary files /dev/null and b/education/windows/tutorial-school-deployment/images/intune-education-groups.png differ
diff --git a/education/windows/tutorial-school-deployment/images/intune-education-portal.png b/education/windows/tutorial-school-deployment/images/intune-education-portal.png
new file mode 100644
index 0000000000..6bcc9f9375
Binary files /dev/null and b/education/windows/tutorial-school-deployment/images/intune-education-portal.png differ
diff --git a/education/windows/tutorial-school-deployment/images/inventory-reporting.png b/education/windows/tutorial-school-deployment/images/inventory-reporting.png
new file mode 100644
index 0000000000..39c904e205
Binary files /dev/null and b/education/windows/tutorial-school-deployment/images/inventory-reporting.png differ
diff --git a/education/windows/tutorial-school-deployment/images/m365-admin-center.png b/education/windows/tutorial-school-deployment/images/m365-admin-center.png
new file mode 100644
index 0000000000..d471b441dd
Binary files /dev/null and b/education/windows/tutorial-school-deployment/images/m365-admin-center.png differ
diff --git a/education/windows/tutorial-school-deployment/images/protect-manage.png b/education/windows/tutorial-school-deployment/images/protect-manage.png
new file mode 100644
index 0000000000..7ee7040a46
Binary files /dev/null and b/education/windows/tutorial-school-deployment/images/protect-manage.png differ
diff --git a/education/windows/tutorial-school-deployment/images/remote-actions.png b/education/windows/tutorial-school-deployment/images/remote-actions.png
new file mode 100644
index 0000000000..cfbd12f2da
Binary files /dev/null and b/education/windows/tutorial-school-deployment/images/remote-actions.png differ
diff --git a/education/windows/tutorial-school-deployment/images/retire.png b/education/windows/tutorial-school-deployment/images/retire.png
new file mode 100644
index 0000000000..c079cfeaac
Binary files /dev/null and b/education/windows/tutorial-school-deployment/images/retire.png differ
diff --git a/education/windows/tutorial-school-deployment/images/supcs-win11se.png b/education/windows/tutorial-school-deployment/images/supcs-win11se.png
new file mode 100644
index 0000000000..700ff6d87f
Binary files /dev/null and b/education/windows/tutorial-school-deployment/images/supcs-win11se.png differ
diff --git a/education/windows/tutorial-school-deployment/images/surface-management-portal-expanded.png b/education/windows/tutorial-school-deployment/images/surface-management-portal-expanded.png
new file mode 100644
index 0000000000..339bd90904
Binary files /dev/null and b/education/windows/tutorial-school-deployment/images/surface-management-portal-expanded.png differ
diff --git a/education/windows/tutorial-school-deployment/images/surface-management-portal.png b/education/windows/tutorial-school-deployment/images/surface-management-portal.png
new file mode 100644
index 0000000000..a1b7dd37ab
Binary files /dev/null and b/education/windows/tutorial-school-deployment/images/surface-management-portal.png differ
diff --git a/education/windows/tutorial-school-deployment/images/wcd.png b/education/windows/tutorial-school-deployment/images/wcd.png
new file mode 100644
index 0000000000..fba5be741f
Binary files /dev/null and b/education/windows/tutorial-school-deployment/images/wcd.png differ
diff --git a/education/windows/tutorial-school-deployment/images/whfb-disable.png b/education/windows/tutorial-school-deployment/images/whfb-disable.png
new file mode 100644
index 0000000000..97177965e3
Binary files /dev/null and b/education/windows/tutorial-school-deployment/images/whfb-disable.png differ
diff --git a/education/windows/tutorial-school-deployment/images/win11-autopilot-reset.png b/education/windows/tutorial-school-deployment/images/win11-autopilot-reset.png
new file mode 100644
index 0000000000..0ec380619e
Binary files /dev/null and b/education/windows/tutorial-school-deployment/images/win11-autopilot-reset.png differ
diff --git a/education/windows/tutorial-school-deployment/images/win11-login-screen.png b/education/windows/tutorial-school-deployment/images/win11-login-screen.png
new file mode 100644
index 0000000000..438dda11bc
Binary files /dev/null and b/education/windows/tutorial-school-deployment/images/win11-login-screen.png differ
diff --git a/education/windows/tutorial-school-deployment/images/win11-oobe-auth.png b/education/windows/tutorial-school-deployment/images/win11-oobe-auth.png
new file mode 100644
index 0000000000..5ebb6a9f14
Binary files /dev/null and b/education/windows/tutorial-school-deployment/images/win11-oobe-auth.png differ
diff --git a/education/windows/tutorial-school-deployment/images/win11-oobe-esp.gif b/education/windows/tutorial-school-deployment/images/win11-oobe-esp.gif
new file mode 100644
index 0000000000..fa2e4c3aeb
Binary files /dev/null and b/education/windows/tutorial-school-deployment/images/win11-oobe-esp.gif differ
diff --git a/education/windows/tutorial-school-deployment/images/win11-oobe-ppkg.gif b/education/windows/tutorial-school-deployment/images/win11-oobe-ppkg.gif
new file mode 100644
index 0000000000..2defd5c1ce
Binary files /dev/null and b/education/windows/tutorial-school-deployment/images/win11-oobe-ppkg.gif differ
diff --git a/education/windows/tutorial-school-deployment/images/win11-oobe-updates.png b/education/windows/tutorial-school-deployment/images/win11-oobe-updates.png
new file mode 100644
index 0000000000..51bbc39c9f
Binary files /dev/null and b/education/windows/tutorial-school-deployment/images/win11-oobe-updates.png differ
diff --git a/education/windows/tutorial-school-deployment/images/win11-wipe.png b/education/windows/tutorial-school-deployment/images/win11-wipe.png
new file mode 100644
index 0000000000..027afae172
Binary files /dev/null and b/education/windows/tutorial-school-deployment/images/win11-wipe.png differ
diff --git a/education/windows/tutorial-school-deployment/index.md b/education/windows/tutorial-school-deployment/index.md
new file mode 100644
index 0000000000..d68fd2fd82
--- /dev/null
+++ b/education/windows/tutorial-school-deployment/index.md
@@ -0,0 +1,87 @@
+---
+title: Introduction
+description: Introduction to deployment and management of Windows devices in education environments
+ms.date: 08/31/2022
+ms.prod: windows
+ms.technology: windows
+ms.topic: conceptual
+ms.localizationpriority: medium
+author: paolomatarazzo
+ms.author: paoloma
+#ms.reviewer:
+manager: aaroncz
+ms.collection: education
+---
+
+# Tutorial: deploy and manage Windows devices in a school
+
+This guide introduces the tools and services available from Microsoft to deploy, configure and manage Windows devices in an education environment.
+
+## Audience and user requirements
+
+This tutorial is intended for education professionals responsible for deploying and managing Windows devices, including:
+
+- School leaders
+- IT administrators
+- Teachers
+- Microsoft partners
+
+This content provides a comprehensive path for schools to deploy and manage new Windows devices with Microsoft Intune. It includes step-by-step information how to manage devices throughout their lifecycle, and specific guidance for **Windows 11 SE** and **Surface devices**.
+
+> [!NOTE]
+> Depending on your school setup scenario, you may not need to implement all steps.
+
+## Device lifecycle management
+
+Historically, school IT administrators and educators have struggled to find an easy-to-use, flexible, and secure way to manage the lifecycle of the devices in their schools. In response, Microsoft has developed integrated suites of products for streamlined, cost-effective device lifecycle management.
+
+Microsoft 365 Education provides tools and services that enable simplified management of all devices through Microsoft Endpoint Manager (MEM). With Microsoft's solutions, IT administrators have the flexibility to support diverse scenarios, including school-owned devices and bring-your-own devices.
+Microsoft Endpoint Manager services include:
+
+- [Microsoft Intune][MEM-1]
+- [Microsoft Intune for Education][INT-1]
+- [Configuration Manager][MEM-2]
+- [Desktop Analytics][MEM-3]
+- [Windows Autopilot][MEM-4]
+- [Surface Management Portal][MEM-5]
+
+These services are part of the Microsoft 365 stack to help secure access, protect data, and manage risk.
+
+## Why Intune for Education?
+
+Windows devices can be managed with Intune for Education, enabling simplified management of multiple devices from a single point.
+From enrollment, through configuration and protection, to resetting, Intune for Education helps school IT administrators manage and optimize the devices throughout their lifecycle:
+
+:::image type="content" source="./images/device-lifecycle.png" alt-text="The device lifecycle for Intune-managed devices" border="false":::
+
+- **Enroll:** to enable remote device management, devices must be enrolled in Intune with an account in your Azure AD tenant. Some enrollment methods require an IT administrator to initiate enrollment, while others require students to complete the initial device setup process. This document discusses the facets of various device enrollment methodologies
+- **Configure:** once the devices are enrolled in Intune, applications and settings will be applied, as defined by the IT administrator
+- **Protect and manage:** in addition to its configuration capabilities, Intune for Education helps protect devices from unauthorized access or malicious attacks. For example, adding an extra layer of authentication with Windows Hello can make devices more secure. Policies are available that let you control settings for Windows Firewall, Endpoint Protection, and software updates
+- **Retire:** when it's time to repurpose a device, Intune for Education offers several options, including resetting the device, removing it from management, or wiping school data. In this document, we cover different device return and exchange scenarios
+
+## Four pillars of modern device management
+
+In the remainder of this document, we'll discuss the key concepts and benefits of modern device management with Microsoft 365 solutions for education. The guidance is organized around the four main pillars of modern device management:
+
+- **Identity management:** setting up and configuring the identity system, with Microsoft 365 Education and Azure Active Directory, as the foundation for user identity and authentication
+- **Initial setup:** setting up the Intune for Education environment for managing devices, including configuring settings, deploying applications, and defining updates cadence
+- **Device enrollment:** Setting up Windows devices for deployment and enrolling them in Intune for Education
+- **Device reset:** Resetting managed devices with Intune for Education
+
+________________________________________________________
+## Next steps
+
+Let's begin with the creation and configuration of your Azure AD tenant and Intune environment.
+
+> [!div class="nextstepaction"]
+> [Next: Set up Azure Active Directory >](set-up-azure-ad.md)
+
+
+
+[MEM-1]: /mem/intune/fundamentals/what-is-intune
+[MEM-2]: /mem/configmgr/core/understand/introduction
+[MEM-3]: /mem/configmgr/desktop-analytics/overview
+[MEM-4]: /mem/autopilot/windows-autopilot
+[MEM-5]: /mem/autopilot/dfci-management
+
+[INT-1]: /intune-education/what-is-intune-for-education
\ No newline at end of file
diff --git a/education/windows/tutorial-school-deployment/manage-overview.md b/education/windows/tutorial-school-deployment/manage-overview.md
new file mode 100644
index 0000000000..6be402a17d
--- /dev/null
+++ b/education/windows/tutorial-school-deployment/manage-overview.md
@@ -0,0 +1,71 @@
+---
+title: Manage devices with Microsoft Intune
+description: Overview of device management capabilities in Intune for Education, including remote actions, remote assistance and inventory/reporting.
+ms.date: 08/31/2022
+ms.prod: windows
+ms.technology: windows
+ms.topic: tutorial
+ms.localizationpriority: medium
+author: paolomatarazzo
+ms.author: paoloma
+#ms.reviewer:
+manager: aaroncz
+ms.collection: education
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows 11 SE
+---
+
+# Manage devices with Microsoft Intune
+
+Microsoft Intune offers a streamlined remote device management experience throughout the school year. IT administrators can optimize device settings, deploy new applications, updates, ensuring that security and privacy are maintained.
+
+:::image type="content" source="./images/protect-manage.png" alt-text="The device lifecycle for Intune-managed devices - protect and manage devices" border="false":::
+
+## Remote device management
+
+With Intune for Education, there are several ways to manage students' devices. Groups can be created to organize devices and students, to facilitate remote management. You can determine which applications students have access to, and fine tune device settings and restrictions. You can also monitor which devices students sign in to, and troubleshoot devices remotely.
+
+### Remote actions
+
+Intune fo Education allows you to perform actions on devices without having to sign in to the devices. For example, you can send a command to a device to restart or to turn off, or you can locate a device.
+
+:::image type="content" source="./images/remote-actions.png" alt-text="Remote actions available in Intune for Education when selecting a Windows device" lightbox="./images/remote-actions.png" border="true":::
+
+With bulk actions, remote actions can be performed on multiple devices at once.
+
+To learn more about remote actions in Intune for Education, see [Remote actions][EDU-1].
+
+## Remote assistance
+
+With devices managed by Intune for Education, you can remotely assist students and teachers that are having issues with their devices.
+
+For more information, see [Remote assistance for managed devices - Intune for Education][EDU-2].
+
+## Device inventory and reporting
+
+With Intune for Education, it's possible view and report on current devices, applications, settings, and overall health. You can also download reports to review or share offline.
+
+Here are the steps for generating reports in Intune for Education:
+
+1. Sign in to the Intune for Education portal
+1. Select **Reports**
+1. Select between one of the report types:
+ - Device inventory
+ - Device actions
+ - Application inventory
+ - Settings errors
+ - Windows Defender
+ - Autopilot deployment
+1. If needed, use the search box to find specific devices, applications, and settings
+1. To download a report, select **Download**. The report will download as a comma-separated value (CSV) file, which you can view and modify in a spreadsheet app like Microsoft Excel.
+ :::image type="content" source="./images/inventory-reporting.png" alt-text="Reporting options available in Intune for Education when selecting the reports blade" border="true":::
+
+To learn more about reports in Intune for Education, see [Reports in Intune for Education][EDU-3].
+
+
+
+[EDU-1]: /intune-education/edu-device-remote-actions
+[EDU-2]: /intune-education/remote-assist-mobile-devices
+[EDU-3]: /intune-education/what-are-reports
diff --git a/education/windows/tutorial-school-deployment/manage-surface-devices.md b/education/windows/tutorial-school-deployment/manage-surface-devices.md
new file mode 100644
index 0000000000..c8d8f1a1c3
--- /dev/null
+++ b/education/windows/tutorial-school-deployment/manage-surface-devices.md
@@ -0,0 +1,54 @@
+---
+title: Management functionalities for Surface devices
+description: Management capabilities offered to Surface devices, including firmware management and the Surface Management Portal
+ms.date: 08/31/2022
+ms.prod: windows
+ms.technology: windows
+ms.topic: tutorial
+ms.localizationpriority: medium
+author: paolomatarazzo
+ms.author: paoloma
+#ms.reviewer:
+manager: aaroncz
+ms.collection: education
+appliesto:
+- ✅ Surface devices
+---
+
+# Management functionalities for Surface devices
+
+Microsoft Surface devices offer many advanced management functionalities, including the possibility to manage firmware settings and a web portal designed for them.
+
+## Manage device firmware for Surface devices
+
+Surface devices use a Unified Extensible Firmware Interface (UEFI) setting that allows you to enable or disable built-in hardware components, protect UEFI settings from being changed, and adjust device boot configuration. With [Device Firmware Configuration Interface profiles built into Intune][INT-1], Surface UEFI management extends the modern management capabilities to the hardware level. Windows can pass management commands from Intune to UEFI for Autopilot-deployed devices.
+
+DFCI supports zero-touch provisioning, eliminates BIOS passwords, and provides control of security settings for boot options, cameras and microphones, built-in peripherals, and more. For more information, see [Manage DFCI on Surface devices][SURF-1] and [Manage DFCI with Windows Autopilot][MEM-1], which includes a list of requirements to use DFCI.
+
+:::image type="content" source="./images/dfci-profile.png" alt-text="Creation of a DFCI profile from Microsoft Endpoint Manager" lightbox="./images/dfci-profile-expanded.png" border="true":::
+
+## Microsoft Surface Management Portal
+
+Located in the Microsoft Endpoint Manager admin center, the Microsoft Surface Management Portal enables you to self-serve, manage, and monitor your school's Intune-managed Surface devices at scale. Get insights into device compliance, support activity, warranty coverage, and more.
+
+When Surface devices are enrolled in cloud management and users sign in for the first time, information automatically flows into the Surface Management Portal, giving you a single pane of glass for Surface-specific administration activities.
+
+To access and use the Surface Management Portal:
+
+1. Sign in to Microsoft Endpoint Manager admin center
+1. Select **All services** > **Surface Management Portal**
+ :::image type="content" source="./images/surface-management-portal.png" alt-text="Surface Management Portal within Microsoft Endpoint Manager" lightbox="./images/surface-management-portal-expanded.png" border="true":::
+1. To obtain insights for all your Surface devices, select **Monitor**
+ - Devices that are out of compliance or not registered, have critically low storage, require updates, or are currently inactive, are listed here
+1. To obtain details on each insights category, select **View report**
+ - This dashboard displays diagnostic information that you can customize and export
+1. To obtain the device's warranty information, select **Device warranty and coverage**
+1. To review a list of support requests and their status, select **Support requests**
+
+
+
+[INT-1]: /intune/configuration/device-firmware-configuration-interface-windows
+
+[MEM-1]: /mem/autopilot/dfci-management
+
+[SURF-1]: /surface/surface-manage-dfci-guide
diff --git a/education/windows/tutorial-school-deployment/reset-wipe.md b/education/windows/tutorial-school-deployment/reset-wipe.md
new file mode 100644
index 0000000000..ca8bac240d
--- /dev/null
+++ b/education/windows/tutorial-school-deployment/reset-wipe.md
@@ -0,0 +1,122 @@
+---
+title: Reset and wipe Windows devices
+description: Reset and wipe options for Windows devices using Intune for Education, including scenarios when to delete devices
+ms.date: 08/31/2022
+ms.prod: windows
+ms.technology: windows
+ms.topic: tutorial
+ms.localizationpriority: medium
+author: paolomatarazzo
+ms.author: paoloma
+#ms.reviewer:
+manager: aaroncz
+ms.collection: education
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows 11 SE
+---
+
+# Device reset options
+
+There are different scenarios that require a device to be reset, for example:
+
+- The device isn't responding to commands
+- The device is lost or stolen
+- It's the end of the life of the device
+- It's the end of the school year and you want to prepare the device for a new school year
+- The device has hardware problems and you want to send it to the service center
+
+:::image type="content" source="./images/retire.png" alt-text="The device lifecycle for Intune-managed devices - retirement" border="false":::
+
+Intune for Education provides two device reset functionalities that enable IT administrators to remotely execute them:
+
+- **Factory reset** (also known as **wipe**) is used to wipe all data and settings from the device, returning it to the default factory settings
+- **Autopilot reset** is used to return the device to a fully configured or known IT-approved state
+
+## Factory reset (wipe)
+
+A factory reset, or a wipe, reverts a device to the original settings when it was purchased. All settings, applications and data installed on the device after purchase are removed. The device is also removed from Intune management.
+
+Once the wipe is completed, the device will be in out-of-box experience.
+
+Here are the steps to perform a factory reset from Intune for Education:
+
+1. Sign in to the Intune for Education portal
+1. Select **Devices**
+1. Select the device you want to reset > **Factory reset**
+1. Select **Factory reset** to confirm the action
+
+:::image type="content" source="./images/win11-wipe.png" alt-text="Three screenshots showing the device being wiped, ending up in OOBE" lightbox="./images/win11-wipe.png" border="false":::
+
+Consider using factory reset in the following example scenarios:
+
+- The device isn't working properly, and you want to reset it without reimaging it
+- It's the end of school year and you want to prepare the device for a new school year
+- You need to reassign the device to a different student, and you want to reset the device to its original settings
+- You're returning a device to the service center, and you want to remove all data and settings from the device
+
+> [!TIP]
+> Consider that once the device is wiped, the new user will go through OOBE. This option may be ideal if the device is also registered in Autopilot to make the OOBE experience seamless, or if you plan to use a provisioning package to re-enroll the device.
+
+## Autopilot Reset
+
+Autopilot Reset is ideal when all data on a device needs to be wiped, but the device remains enrolled in your tenant.
+
+Once the Autopilot reset action is completed, the device will ask to chose region and keyboard layout, then it will display the sign-in screen.
+
+Here are the steps to perform an Autopilot reset from Intune for Education:
+
+1. Sign in to the Intune for Education portal
+1. Select **Devices**
+1. Select the device you want to reset > **Autopilot reset**
+1. Select **Autopilot reset** to confirm the action
+
+:::image type="content" source="./images/win11-autopilot-reset.png" alt-text="Three screenshots showing the device being wiped, ending up in the login screen" border="false":::
+
+Consider using Autopilot reset in the following example scenarios:
+
+- The device isn't working properly, and you want to reset it without reimaging it
+- It's the end of school year and you want to prepare the device for a new school year
+- You need to reassign the device to a different student, and you want to reset the device to without requiring the student to go through OOBE
+
+> [!TIP]
+> Consider that the end user will **not** go through OOBE, and the association of the user to the device in Intune doesn't change. For this reason, this option may be ideal for devices that have been enrolled in Intune as *shared devices* (for example, a device that was enrolled with a provisioning package or using Autopilot self-deploying mode).
+
+## Wiping and deleting a device
+
+There are scenarios that require a device to be deleted from your tenant, for example:
+
+- The device is lost or stolen
+- It's the end of the life of the device
+- The device has been replaced with a new device or has its motherboard replaced
+
+> [!IMPORTANT]
+> The following actions should only be performed for devices that are no longer going to be used in your tenant.
+
+ To completely remove a device, you need to perform the following actions:
+
+1. If possible, perform a **factory reset (wipe)** of the device. If the device can't be wiped, delete the device from Intune using [these steps][MEM-1]
+1. If the device is registered in Autopilot, delete the Autopilot object using [these steps][MEM-2]
+1. Delete the device from Azure Active Directory using [these steps][MEM-3]
+
+## Autopilot considerations for a motherboard replacement scenario
+
+Repairing Autopilot-enrolled devices can be complex, as OEM requirements must be balanced with Autopilot requirements. If a motherboard replacement is needed on an Autopilot device, it's suggested the following process:
+
+1. Deregister the device from Autopilot
+1. Replace the motherboard
+1. Capture a new device ID (4K HH)
+1. Re-register the device with Autopilot
+ > [!IMPORTANT]
+ > For DFCI management, the device must be re-registered by a partner or OEM. Self-registration of devices is not supported with DFCI management.
+1. Reset the device
+1. Return the device
+
+For more information, see [Autopilot motherboard replacement scenario guidance][MEM-4].
+
+
+[MEM-1]: /mem/intune/remote-actions/devices-wipe#delete-devices-from-the-intune-portal
+[MEM-2]: /mem/intune/remote-actions/devices-wipe#delete-devices-from-the-intune-portal
+[MEM-3]: /mem/intune/remote-actions/devices-wipe#delete-devices-from-the-azure-active-directory-portal
+[MEM-4]: /mem/autopilot/autopilot-mbr
diff --git a/education/windows/tutorial-school-deployment/set-up-azure-ad.md b/education/windows/tutorial-school-deployment/set-up-azure-ad.md
new file mode 100644
index 0000000000..efe5fa2545
--- /dev/null
+++ b/education/windows/tutorial-school-deployment/set-up-azure-ad.md
@@ -0,0 +1,179 @@
+---
+title: Set up Azure Active Directory
+description: How to create and prepare your Azure AD tenant for an education environment
+ms.date: 08/31/2022
+ms.prod: windows
+ms.technology: windows
+ms.topic: tutorial
+ms.localizationpriority: medium
+author: paolomatarazzo
+ms.author: paoloma
+#ms.reviewer:
+manager: aaroncz
+ms.collection: education
+#appliesto:
+---
+
+# Set up Azure Active Directory
+
+The Microsoft platform for education simplifies the management of Windows devices with Intune for Education and Microsoft 365 Education. The first, fundamental step, is to configure the identity infrastructure to manage user access and permissions for your school.
+
+Azure Active Directory (Azure AD), which is included with the Microsoft 365 Education subscription, provides authentication and authorization to any Microsoft cloud services. Identity objects are defined in Azure AD for human identities, like students and teachers, as well as non-human identities, like devices, services, and applications. Once users get Microsoft 365 licenses assigned, they'll be able to consume services and access resources within the tenant. With Microsoft 365 Education, you can manage identities for your teachers and students, assign licenses to devices and users, and create groups for the classrooms.
+
+In this section you will:
+> [!div class="checklist"]
+> * Set up a Microsoft 365 Education tenant
+> * Add users, create groups, and assign licenses
+> * Configure school branding
+> * Enable bulk enrollment
+
+## Create a Microsoft 365 tenant
+
+If you don't already have a Microsoft 365 tenant, you'll need to create one.
+
+For more information, see [Create your Office 365 tenant account][M365-1]
+
+> [!TIP]
+> To learn more, and practice how to configure the Microsoft 365 tenant for your school, try this interactive demo.
+### Explore the Microsoft 365 admin center
+
+The **Microsoft 365 admin center** is the hub for all administrative consoles for the Microsoft 365 cloud. To access the Microsoft Entra admin center, sign in with the same global administrator account when you [created the Microsoft 365 tenant](#create-a-microsoft-365-tenant).
+
+From the Microsoft 365 admin center, you can access different administrative dashboards: Azure Active Directory, Microsoft Endpoint Manager, Intune for Education, and others:
+
+:::image type="content" source="./images/m365-admin-center.png" alt-text="*All admin centers* page in *Microsoft 365 admin center*" lightbox="./images/m365-admin-center.png" border="true":::
+
+For more information, see [Overview of the Microsoft 365 admin center][M365-2].
+
+> [!NOTE]
+> Setting up your school's basic cloud infrastructure does not require you to complete the rest of the Microsoft 365 setup. For this reason, we will skip directly to adding students and teachers as users in the Microsoft 365 tenant.
+
+## Add users, create groups, and assign licenses
+
+With the Microsoft 365 tenant in place, it's time to add users, create groups, and assign licenses. All students and teachers need a user account before they can sign in and access the different Microsoft 365 services. There are multiple ways to do this, including using School Data Sync (SDS), synchronizing an on-premises Active Directory, manually, or a combination of the above.
+
+> [!NOTE]
+> Synchronizing your Student Information System (SIS) with School Data Sync is the preferred way to create students and teachers as users in a Microsoft 365 Education tenant. However, if you want to integrate an on-premises directory and synchronize accounts to the cloud, skip to [Azure Active Directory sync](#azure-active-directory-sync) below.
+
+### School Data Sync
+
+School Data Sync (SDS) imports and synchronizes SIS data to create classes in Microsoft 365, such as Microsoft 365 groups and class teams in Microsoft Teams. SDS can be used to create new, cloud-only, identities or to evolve existing identities. Users evolve into *students* or *teachers* and are associated with a *grade*, *school*, and other education-specific attributes.
+
+For more information, see [Overview of School Data Sync][SDS-1].
+
+> [!TIP]
+> To learn more and practice with School Data Sync, follow the Microsoft School Data Sync demo, which provides detailed steps to access, configure, and deploy School Data Sync in your Microsoft 365 Education tenant.
+
+> [!NOTE]
+> You can perform a test deployment by cloning or downloading sample SDS CSV school data from the [O365-EDU-Tools GitHub site](https://github.com/OfficeDev/O365-EDU-Tools).
+>
+> Remember that you should typically deploy test SDS data (users, groups, and so on) in a separate test tenant, not your school production environment.
+
+### Azure Active Directory sync
+
+To integrate an on-premises directory with Azure Active Directory, you can use **Microsoft Azure Active Directory Connect** to synchronize users, groups, and other objects. Azure AD Connect lets you configure the authentication method appropriate for your school, including:
+
+- [Password hash synchronization][AAD-1]
+- [Pass-through authentication][AAD-2]
+- [Federated authentication][AAD-3]
+
+For more information, see [Set up directory synchronization for Microsoft 365][O365-1].
+
+### Create users manually
+
+In addition to the above methods, you can manually add users and groups, and assign licenses through the Microsoft 365 admin center.
+
+There are two options for adding users manually, either individually or in bulk:
+
+1. To add students and teachers as users in Microsoft 365 Education *individually*:
+ - Sign in to the Microsoft Entra admin center
+ - Select **Azure Active Directory** > **Users** > **All users** > **New user** > **Create new user**
+ For more information, see [Add users and assign licenses at the same time][M365-3].
+1. To add *multiple* users to Microsoft 365 Education:
+ - Sign in to the Microsoft Entra admin center
+ - Select **Azure Active Directory** > **Users** > **All users** > **Bulk operations** > **Bulk create**
+
+For more information, see [Add multiple users in the Microsoft 365 admin center][M365-4].
+### Create groups
+
+Creating groups is important to simplify multiple tasks, like assigning licenses, delegating administration, deploy settings, applications or to distribute assignments to students. To create groups:
+
+1. Sign in to the Microsoft Entra admin center
+1. Select **Azure Active Directory** > **Groups** > **All groups** > **New group**
+1. On the **New group** page, select **Group type** > **Security**
+1. Provide a group name and add members, as needed
+1. Select **Next**
+
+For more information, see [Create a group in the Microsoft 365 admin center][M365-5].
+
+### Assign licenses
+
+The recommended way to assign licenses is through group-based licensing. With this method, Azure AD ensures that licenses are assigned to all members of the group. Any new members who join the group are assigned the appropriate licenses, and when members leave, their licenses are removed.
+
+To assign a license to a group:
+
+1. Sign in to the Microsoft Entra admin center
+1. Select **Azure Active Directory** > **Show More** > **Billing** > **Licenses**
+1. Select the required products that you want to assign licenses for > **Assign**
+1. Add the groups to which the licenses should be assigned
+
+ :::image type="content" source="images/entra-assign-licenses.png" alt-text="Assign licenses from Microsoft Entra admin center." lightbox="images/entra-assign-licenses.png":::
+
+For more information, see [Group-based licensing using Azure AD admin center][AAD-4].
+
+## Configure school branding
+
+Configuring your school branding enables a more familiar Autopilot experience to students and teachers. With a custom school branding, you can define a custom logo and a welcome message, which will appear during the Windows out-of-box experience.
+
+To configure your school's branding:
+
+1. Sign in to the Microsoft Entra admin center
+1. Select **Azure Active Directory** > **Show More** > **User experiences** > **Company branding**
+1. You can specify brand settings like background image, logo, username hint and a sign-in page text
+ :::image type="content" source="images/entra-branding.png" alt-text="Configure Azure AD branding from Microsoft Entra admin center." lightbox="images/entra-branding.png":::
+1. To adjust the school tenant's name displayed during OOBE, select **Azure Active Directory** > **Overview** > **Properties**
+1. In the **Name** field, enter the school district or organization's name > **Save**
+ :::image type="content" alt-text="Configure Azure AD tenant name from Microsoft Entra admin center." source="images/entra-tenant-name.png" lightbox="images/entra-tenant-name.png":::
+
+For more information, see [Add branding to your directory][AAD-5].
+
+## Enable bulk enrollment
+
+If you decide to enroll Windows devices using provisioning packages instead of Windows Autopilot, you must ensure that the provisioning packages can join Windows devices to the Azure AD tenant.
+
+To allow provisioning packages to complete the Azure AD Join process:
+
+1. Sign in to the Microsoft Entra admin center
+1. Select **Azure Active Directory** > **Devices** > **Device Settings**
+1. Under **Users may join devices to Azure AD**, select **All**
+ > [!NOTE]
+ > If it is required that only specific users can join devices to Azure AD, select **Selected**. Ensure that the user account that will create provisioning packages is included in the list of users.
+1. Select Save
+ :::image type="content" source="images/entra-device-settings.png" alt-text="Configure device settings from Microsoft Entra admin center." lightbox="images/entra-device-settings.png":::
+
+________________________________________________________
+
+## Next steps
+
+With users and groups created, and licensed for Microsoft 365 Education, you can now configure Microsoft Intune.
+
+> [!div class="nextstepaction"]
+> [Next: Set up Microsoft Intune >](set-up-microsoft-intune.md)
+
+
+
+[AAD-1]: /azure/active-directory/hybrid/whatis-phs
+[AAD-2]: /azure/active-directory/hybrid/how-to-connect-pta
+[AAD-3]: /azure/active-directory/hybrid/how-to-connect-fed-whatis
+[AAD-4]: /azure/active-directory/enterprise-users/licensing-groups-assign
+[AAD-5]: /azure/active-directory/fundamentals/customize-branding
+
+[M365-1]: /microsoft-365/education/deploy/create-your-office-365-tenant
+[M365-2]: /microsoft-365/admin/admin-overview/admin-center-overview
+[M365-3]: /microsoft-365/admin/add-users/add-users
+[M365-4]: /microsoft-365/enterprise/add-several-users-at-the-same-time
+[M365-5]: /microsoft-365/admin/create-groups/create-groups
+
+[O365-1]: /office365/enterprise/set-up-directory-synchronization
+
+[SDS-1]: /schooldatasync/overview-of-school-data-sync
diff --git a/education/windows/tutorial-school-deployment/set-up-microsoft-intune.md b/education/windows/tutorial-school-deployment/set-up-microsoft-intune.md
new file mode 100644
index 0000000000..a75509b502
--- /dev/null
+++ b/education/windows/tutorial-school-deployment/set-up-microsoft-intune.md
@@ -0,0 +1,104 @@
+---
+title: Set up device management
+description: How to configure the Intune service and set up the environment for education.
+ms.date: 08/31/2022
+ms.prod: windows
+ms.technology: windows
+ms.topic: tutorial
+ms.localizationpriority: medium
+author: paolomatarazzo
+ms.author: paoloma
+#ms.reviewer:
+manager: aaroncz
+ms.collection: education
+#appliesto:
+---
+
+# Set up Microsoft Intune
+
+Without the proper tools and resources, managing hundreds or thousands of devices in a school environment can be a complex and time-consuming task. Microsoft Endpoint Manager provides a collection of services that simplifies the management of devices at scale.
+
+Microsoft Intune is one of the services provided by Microsoft Endpoint Manager. The Microsoft Intune service can be managed in different ways, and one of them is **Intune for Education**, a web portal designed for education environments.
+
+:::image type="content" source="./images/intune-education-portal.png" alt-text="Intune for Education dashboard" lightbox="./images/intune-education-portal.png" border="true":::
+
+**Intune for Education** supports the entire device lifecycle, from the enrollment phase through retirement. IT administrators can start managing classroom devices with bulk enrollment options and a streamlined deployment. At the end of the school year, IT admins can reset devices, ensuring they're ready for the next year.
+
+For more information, see [Intune for Education documentation][INT-1].
+
+In this section you will:
+> [!div class="checklist"]
+> * Review Intune's licensing prerequisites
+> * Configure the Intune service for education devices
+
+## Prerequisites
+
+Before configuring settings with Intune for Education, consider the following prerequisites:
+
+- **Intune subscription.** Microsoft Intune is licensed in three ways:
+ - As a standalone service
+ - As part of [Enterprise Mobility + Security][MSFT-1]
+ - As part of a [Microsoft 365 Education subscription][MSFT-2]
+- **Device platform.** Intune for Education can manage devices running a supported version of Windows 10, Windows 11, Windows 11 SE, iOS, and iPad OS
+
+For more information, see [Intune licensing][MEM-1] and [this comparison sheet][MSFT-3], which includes a table detailing the *Microsoft Modern Work Plan for Education*.
+
+## Configure the Intune service for education devices
+
+The Intune service can be configured in different ways, depending on the needs of your school. In this section, you'll configure the Intune service using settings commonly implemented by K-12 school districts.
+
+### Configure enrollment restrictions
+
+With enrollment restrictions, you can prevent certain types of devices from being enrolled and therefore managed by Intune. For example, you can prevent the enrollment of devices that are not owned by the school.
+
+To block personally owned Windows devices from enrolling:
+
+1. Sign in to the Microsoft Endpoint Manager admin center
+1. Select **Devices** > **Enroll devices** > **Enrollment device platform restrictions**
+1. Select the **Windows restrictions** tab
+1. Select **Create restriction**
+1. On the **Basics** page, provide a name for the restriction and, optionally, a description > **Next**
+1. On the **Platform settings** page, in the **Personally owned devices** field, select **Block** > **Next**
+ :::image type="content" source="./images/enrollment-restrictions.png" alt-text="Device enrollment restriction page in Microsoft Endpoint Manager admin center" lightbox="./images/enrollment-restrictions.png" border="true":::
+1. Optionally, on the **Scope tags** page, add scope tags > **Next**
+1. On the **Assignments** page, select **Add groups**, and then use the search box to find and choose groups to which you want to apply the restriction > **Next**
+1. On the **Review + create** page, select **Create** to save the restriction
+
+For more information, see [Create a device platform restriction][MEM-2].
+
+### Disable Windows Hello for Business
+
+Windows Hello for Business is a biometric authentication feature that allows users to sign in to their devices using a PIN, password, or fingerprint. Windows Hello for Business is enabled by default on Windows devices, and to set it up, users must perform for multi-factor authentication (MFA). As a result, this feature may not be ideal for students, who may not have MFA enabled.
+It's suggested to disable Windows Hello for Business on Windows devices at the tenant level, and enabling it only for devices that need it, for example for teachers and staff devices.
+To disable Windows Hello for Business at the tenant level:
+
+1. Sign in to the Microsoft Endpoint Manager admin center
+1. Select **Devices** > **Windows** > **Windows Enrollment**
+1. Select **Windows Hello for Business**
+1. Ensure that **Configure Windows Hello for Business** is set to **disabled**
+1. Select **Save**
+
+:::image type="content" source="./images/whfb-disable.png" alt-text="Disablement of Windows Hello for Business from Microsoft Endpoint Manager admin center." border="true" lightbox="./images/whfb-disable.png":::
+
+For more information how to enable Windows Hello for Business on specific devices, see [Create a Windows Hello for Business policy][MEM-4].
+
+________________________________________________________
+
+## Next steps
+
+With the Intune service configured, you can configure policies and applications in preparation to the deployment of students' and teachers' devices.
+
+> [!div class="nextstepaction"]
+> [Next: Configure devices >](configure-devices-overview.md)
+
+
+
+[MEM-1]: /mem/intune/fundamentals/licenses
+[MEM-2]: /mem/intune/enrollment/enrollment-restrictions-set
+[MEM-4]: /mem/intune/protect/windows-hello#create-a-windows-hello-for-business-policy
+
+[INT-1]: /intune-education/what-is-intune-for-education
+
+[MSFT-1]: https://www.microsoft.com/microsoft-365/enterprise-mobility-security
+[MSFT-2]: https://www.microsoft.com/licensing/product-licensing/microsoft-365-education
+[MSFT-3]: https://edudownloads.azureedge.net/msdownloads/Microsoft-Modern-Work-Plan-Comparison-Education_11-2021.pdf
\ No newline at end of file
diff --git a/education/windows/tutorial-school-deployment/toc.yml b/education/windows/tutorial-school-deployment/toc.yml
new file mode 100644
index 0000000000..294e70dc20
--- /dev/null
+++ b/education/windows/tutorial-school-deployment/toc.yml
@@ -0,0 +1,38 @@
+items:
+ - name: Introduction
+ href: index.md
+ - name: 1. Prepare your tenant
+ items:
+ - name: Set up Azure Active Directory
+ href: set-up-azure-ad.md
+ - name: Set up Microsoft Intune
+ href: set-up-microsoft-intune.md
+ - name: 2. Configure settings and applications
+ items:
+ - name: Overview
+ href: configure-devices-overview.md
+ - name: Configure policies
+ href: configure-device-settings.md
+ - name: Configure applications
+ href: configure-device-apps.md
+ - name: 3. Deploy devices
+ items:
+ - name: Overview
+ href: enroll-overview.md
+ - name: Enroll devices via Azure AD join
+ href: enroll-aadj.md
+ - name: Enroll devices with provisioning packages
+ href: enroll-package.md
+ - name: Enroll devices with Windows Autopilot
+ href: enroll-autopilot.md
+ - name: 4. Manage devices
+ items:
+ - name: Overview
+ href: manage-overview.md
+ - name: Management functionalities for Surface devices
+ href: manage-surface-devices.md
+ - name: Reset and wipe devices
+ href: reset-wipe.md
+ - name: 5. Troubleshoot and get help
+ href: troubleshoot-overview.md
+
diff --git a/education/windows/tutorial-school-deployment/troubleshoot-overview.md b/education/windows/tutorial-school-deployment/troubleshoot-overview.md
new file mode 100644
index 0000000000..9b4a442ee2
--- /dev/null
+++ b/education/windows/tutorial-school-deployment/troubleshoot-overview.md
@@ -0,0 +1,68 @@
+---
+title: Troubleshoot Windows devices
+description: How to troubleshoot Windows devices from Intune and contact Microsoft Support for issues related to Intune and other Endpoint Manager services
+ms.date: 08/31/2022
+ms.prod: windows
+ms.technology: windows
+ms.topic: conceptual #reference troubleshooting how-to end-user-help overview (more in contrib guide)
+ms.localizationpriority: medium
+author: paolomatarazzo
+ms.author: paoloma
+#ms.reviewer:
+manager: aaroncz
+ms.collection: education
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows 11 SE
+---
+
+# Troubleshoot Windows devices
+
+Microsoft Endpoint Manager provides many tools that can help you troubleshoot Windows devices.
+Here's a collection of resources to help you troubleshoot Windows devices managed by Intune:
+
+- [Troubleshooting device enrollment in Intune][MEM-2]
+- [Troubleshooting Windows Autopilot][MEM-9]
+- [Troubleshoot Windows Wi-Fi profiles][MEM-6]
+- [Troubleshooting policies and profiles in Microsoft Intune][MEM-5]
+- [Troubleshooting BitLocker with the Intune encryption report][MEM-4]
+- [Troubleshooting CSP custom settings][MEM-8]
+- [Troubleshooting Win32 app installations with Intune][MEM-7]
+- [Troubleshooting device actions in Intune][MEM-3]
+- [**Collect diagnostics**][MEM-10] is a remote action that lets you collect and download Windows device logs without interrupting the user
+ :::image type="content" source="./images/intune-diagnostics.png" alt-text="Intune for Education dashboard" lightbox="./images/intune-diagnostics.png" border="true":::
+
+## How to contact Microsoft Support
+
+Microsoft provides global technical, pre-sales, billing, and subscription support for cloud-based device management services. This support includes Microsoft Intune, Configuration Manager, Windows 365, and Microsoft Managed Desktop.
+
+Follow these steps to obtain support in Microsoft Endpoint Manager:
+
+- Sign in to the Microsoft Endpoint Manager admin center
+- Select **Troubleshooting + support** > **Help and support**
+ :::image type="content" source="images/advanced-support.png" alt-text="Screenshot that shows how to obtain support from Microsoft Endpoint Manager." lightbox="images/advanced-support.png":::
+- Select the required support scenario: Configuration Manager, Intune, Co-management, or Windows 365
+- Above **How can we help?**, select one of three icons to open different panes: *Find solutions*, *Contact support*, or *Service requests*
+- In the **Find solutions** pane, use the text box to specify a few details about your issue. The console may offer suggestions based on what you've entered. Depending on the presence of specific keywords, the console provides help like:
+ - Run diagnostics: start automated tests and investigations of your tenant from the console to reveal known issues. When you run a diagnostic, you may receive mitigation steps to help with resolution
+ - View insights: find links to documentation that provides context and background specific to the product area or actions you've described
+ - Recommended articles: browse suggested troubleshooting topics and other content related to your issue
+- If needed, use the *Contact support* pane to file an online support ticket
+ > [!IMPORTANT]
+ > When opening a case, be sure to include as many details as possible in the *Description* field. Such information includes: timestamp and date, device ID, device model, serial number, OS version, and any other details relevant to the issue.
+- To review your case history, select the **Service requests** pane. Active cases are at the top of the list, with closed issues also available for review
+
+For more information, see [Microsoft Endpoint Manager support page][MEM-1]
+
+
+[MEM-1]: /mem/get-support
+[MEM-2]: /troubleshoot/mem/intune/troubleshoot-device-enrollment-in-intune
+[MEM-3]: /troubleshoot/mem/intune/troubleshoot-device-actions
+[MEM-4]: /troubleshoot/mem/intune/troubleshoot-bitlocker-admin-center
+[MEM-5]: /troubleshoot/mem/intune/troubleshoot-policies-in-microsoft-intune
+[MEM-6]: /troubleshoot/mem/intune/troubleshoot-wi-fi-profiles#troubleshoot-windows-wi-fi-profiles
+[MEM-7]: /troubleshoot/mem/intune/troubleshoot-win32-app-install
+[MEM-8]: /troubleshoot/mem/intune/troubleshoot-csp-custom-settings
+[MEM-9]: /mem/autopilot/troubleshooting
+[MEM-10]: /mem/intune/remote-actions/collect-diagnostics
diff --git a/education/windows/use-set-up-school-pcs-app.md b/education/windows/use-set-up-school-pcs-app.md
index ca36e12e5a..958e32ad29 100644
--- a/education/windows/use-set-up-school-pcs-app.md
+++ b/education/windows/use-set-up-school-pcs-app.md
@@ -2,18 +2,20 @@
title: Use Set up School PCs app
description: Learn how to use the Set up School PCs app and apply the provisioning package.
keywords: shared cart, shared PC, school, Set up School PCs, overview, how to use
-ms.prod: w10
+ms.prod: windows
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: edu
ms.localizationpriority: medium
-author: dansimp
-ms.author: dansimp
-ms.date: 10/23/2018
+ms.collection: education
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/10/2022
ms.reviewer:
-manager: dansimp
+manager: aaroncz
+appliesto:
+- ✅ Windows 10
---
-
# Use the Set up School PCs app
IT administrators and technical teachers can use the **Set up School PCs** app to quickly set up Windows 10 PCs for students. The app configures PCs with the apps and features students need, and it removes the ones they don't need. During setup, if licensed in your tenant, the app enrolls each student PC into a mobile device management (MDM) provider, such as Intune for Education. You can then manage all the settings the app configures through the MDM.
diff --git a/education/windows/windows-11-se-overview.md b/education/windows/windows-11-se-overview.md
index be73736a92..b740384ed0 100644
--- a/education/windows/windows-11-se-overview.md
+++ b/education/windows/windows-11-se-overview.md
@@ -1,25 +1,22 @@
---
title: What is Windows 11 SE
description: Learn more about Windows 11 SE, and the apps that are included with the operating system. Read about the features IT professionals and administrators should know about Windows 11 SE. Add and deploy your apps using Microsoft Intune for Education.
-ms.prod: w10
+ms.prod: windows
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: mobile
-author: aczechowski
-ms.author: aaroncz
-manager: dougeby
+ms.collection: education
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/10/2022
ms.reviewer:
-ms.localizationpriority: medium
-ms.topic: article
+manager: aaroncz
+appliesto:
+- ✅ Windows 11 SE
---
# Windows 11 SE for Education
-**Applies to**:
-
-- Windows 11 SE
-- Microsoft Intune for Education
-
Windows 11 SE is a new edition of Windows that's designed for education. It runs on web-first devices that use essential education apps. Microsoft Office 365 is preinstalled (subscription sold separately).
For education customers seeking cost-effective devices, Microsoft Windows 11 SE is a great choice. Windows 11 SE includes the following benefits:
@@ -41,6 +38,7 @@ Windows 11 SE comes with some preinstalled apps. The following apps can also run
| Application | Supported version | App Type | Vendor |
| --- | --- | --- | --- |
|AirSecure |8.0.0 |Win32 |AIR|
+|Alertus Desktop |5.4.44.0 |Win32 | Alertus technologies|
|Brave Browser |1.34.80|Win32 |Brave|
|Bulb Digital Portfolio |0.0.7.0|Store|Bulb|
|Cisco Umbrella |3.0.110.0 |Win32 |Cisco|
@@ -56,33 +54,36 @@ Windows 11 SE comes with some preinstalled apps. The following apps can also run
|FortiClient |7.0.1.0083 |Win32 |Fortinet|
|Free NaturalReader |16.1.2 |Win32 |Natural Soft|
|GoGuardian |1.4.4 |Win32 |GoGuardian|
-|Google Chrome |100.0.4896.127|Win32 |Google|
+|Google Chrome |102.0.5005.115|Win32 |Google|
|Illuminate Lockdown Browser |2.0.5 |Win32 |Illuminate Education|
|Immunet |7.5.0.20795 |Win32 |Immunet|
+|Impero Backdrop Client |4.4.86 |Win32 |Impero Software|
|JAWS for Windows |2022.2112.24 |Win32 |Freedom Scientific|
-|Kite Student Portal |8.0.1 |Win32 |Dynamic Learning Maps|
+|Kite Student Portal |8.0.3.0 |Win32 |Dynamic Learning Maps|
|Kortext |2.3.433.0 |Store |Kortext|
|Kurzweil 3000 Assistive Learning |20.13.0000 |Win32 |Kurzweil Educational Systems|
|LanSchool |9.1.0.46 |Win32 |Stoneware|
|Lightspeed Smart Agent |2.6.2 |Win32 |Lightspeed Systems|
+|MetaMoJi ClassRoom |3.12.4.0 |Store |MetaMoJi Corporation|
|Microsoft Connect |10.0.22000.1 |Store |Microsoft|
|Mozilla Firefox |99.0.1 |Win32 |Mozilla|
|NAPLAN |2.5.0 |Win32 |NAP|
+|Netref Student |22.2.0 |Win32 |NetRef|
|NetSupport Manager |12.01.0011 |Win32 |NetSupport|
|NetSupport Notify |5.10.1.215 |Win32 |NetSupport|
|NetSupport School |14.00.0011 |Win32 |NetSupport|
|NextUp Talker |1.0.49 |Win32 |NextUp Technologies|
|NonVisual Desktop Access |2021.3.1 |Win32 |NV Access|
-|NWEA Secure Testing Browser |5.4.300.0 |Win32 |NWEA|
-|Pearson TestNav |1.10.2.0 |Win32 |Pearson|
-|Questar Secure Browser |4.8.3.376 |Win32 |Questar|
+|NWEA Secure Testing Browser |5.4.356.0 |Win32 |NWEA|
+|Pearson TestNav |1.10.2.0 |Store |Pearson|
+|Questar Secure Browser |4.8.3.376 |Win32 |Questar, Inc|
|ReadAndWriteForWindows |12.0.60.0 |Win32 |Texthelp Ltd.|
+|Remote Desktop client (MSRDC) |1.2.3213.0 |Win32 |Microsoft|
|Remote Help |3.8.0.12 |Win32 |Microsoft|
-|Respondus Lockdown Browser |2.0.8.05 |Win32 |Respondus|
+|Respondus Lockdown Browser |2.0.9.00 |Win32 |Respondus|
|Safe Exam Browser |3.3.2.413 |Win32 |Safe Exam Browser|
|Secure Browser |14.0.0 |Win32 |Cambium Development|
-|Secure Browser |4.8.3.376 |Win32 |Questar, Inc|
-|SensoCloud test |2021.11.15.0 |Win32|Senso.Cloud|
+|Senso.Cloud |2021.11.15.0 |Win32|Senso.Cloud|
|SuperNova Magnifier & Screen Reader |21.02 |Win32 |Dolphin Computer Access|
|Zoom |5.9.1 (2581)|Win32 |Zoom|
|ZoomText Fusion |2022.2109.10|Win32 |Freedom Scientific|
@@ -93,7 +94,7 @@ Windows 11 SE comes with some preinstalled apps. The following apps can also run
| App type | Enabled |
| --- | --- |
| Apps that run in a browser | ✔️ Apps that run in a browser, like Progressive Web Apps (PWA) and Web apps, can run on Windows 11 SE without any changes or limitations. |
-| Apps that require installation | ❌ Apps that require an installation, including Microsoft Store apps and Win32 apps can't be installed. If students try to install these apps, the installation fails.
✔️ If there are specific installation-type of apps you want to enable, then work with Microsoft to get them enabled. For more information, see [Add your own apps](#add-your-own-apps) (in this article). |
+| Apps that require installation | ❌ Apps that require an installation, including Microsoft Store apps and Win32 apps can't be installed. If students try to install these apps, the installation fails.
✔️ If there are specific installation-type apps you want to enable, then work with Microsoft to get them enabled. For more information, see [Add your own apps](#add-your-own-apps) (in this article). |
### Add your own apps
diff --git a/education/windows/windows-11-se-settings-list.md b/education/windows/windows-11-se-settings-list.md
index 0e70e1cad2..e654aff272 100644
--- a/education/windows/windows-11-se-settings-list.md
+++ b/education/windows/windows-11-se-settings-list.md
@@ -1,25 +1,22 @@
---
title: Windows 11 SE settings list
description: Windows 11 SE automatically configures settings in the operating system. Learn more about the settings you can control and manage, and the settings you can't change.
-ms.prod: w10
+ms.prod: windows
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: mobile
-author: aczechowski
-ms.author: aaroncz
-manager: dougeby
+ms.collection: education
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/10/2022
ms.reviewer:
-ms.localizationpriority: medium
-ms.topic: article
+manager: aaroncz
+appliesto:
+- ✅ Windows 11 SE
---
# Windows 11 SE for Education settings list
-**Applies to**:
-
-- Windows 11 SE
-- Microsoft Intune for Education
-
Windows 11 SE automatically configures settings and features in the operating system. These settings use the Configuration Service Provider (CSPs) provided by Microsoft. You can use an MDM provider to configure these settings.
This article lists the settings automatically configured. For more information on Windows 11 SE, see [Windows 11 SE for Education overview](windows-11-se-overview.md).
@@ -30,22 +27,24 @@ The following table lists and describes the settings that can be changed by admi
| Setting | Description |
| --- | --- |
-| Block manual unenrollment | Default: Blocked
Users can't unenroll their devices from device management services.
[Experience/AllowManualMDMUnenrollment CSP](/windows/client-management/mdm/policy-csp-experience#experience-allowmanualmdmunenrollment)|
-| Allow option to Show Network | Default: Allowed
Gives users the option to see the **Show Network** folder in File Explorer. |
-| Allow option to Show This PC | Default: Allowed
Gives user the option to see the **Show This PC** folder in File Explorer. |
-| Set Allowed Folder location | Default folders: Documents, Desktop, Pictures, and Downloads
Gives user access to these folders. |
-| Set Allowed Storage Locations | Default: Blocks Local Drives and Network Drives
Blocks user access to these storage locations. |
-| Allow News and Interests | Default: Hide
Hides Widgets. |
-| Disable advertising ID | Default: Disabled
Blocks apps from using usage data to tailor advertisements.
|
-| Enable App Install Control | Default: Turned On
Users can’t download apps from the internet.
[SmartScreen/EnableAppInstallControl CSP](/windows/client-management/mdm/policy-csp-smartscreen#smartscreen-enableappinstallcontrol)|
-| Configure Storage Sense Cloud Content Dehydration Threshold | Default: 30 days
If a file hasn’t been opened in 30 days, it becomes an online-only file. Online-only files can be opened when there's an internet connection. When an online-only file is opened on a device, it downloads and becomes locally available on that device. The file is available until it's unopened for the specified number of days, and becomes online-only again.
Users can't unenroll their devices from device management services.
[Experience/AllowManualMDMUnenrollment CSP](/windows/client-management/mdm/policy-csp-experience#experience-allowmanualmdmunenrollment) |
+| Allow option to Show Network | Default: Allowed
Gives users the option to see the **Show Network** folder in File Explorer. |
+| Allow option to Show This PC | Default: Allowed
Gives user the option to see the **Show This PC** folder in File Explorer. |
+| Set Allowed Folder location | Default folders: Documents, Desktop, Pictures, and Downloads
Gives user access to these folders. |
+| Set Allowed Storage Locations | Default: Blocks local drives and network drives
Blocks user access to these storage locations. |
+| Allow News and Interests | Default: Hide
Hides widgets. |
+| Disable advertising ID | Default: Disabled
Blocks apps from using usage data to tailor advertisements.
|
+| Enable App Install Control | Default: Turned On
Users can't download apps from the internet.
[SmartScreen/EnableAppInstallControl CSP](/windows/client-management/mdm/policy-csp-smartscreen#smartscreen-enableappinstallcontrol)|
+| Configure Storage Sense Cloud Content Dehydration Threshold | Default: 30 days
If a file hasn't been opened in 30 days, it becomes an online-only file. Online-only files can be opened when there's an internet connection. When an online-only file is opened on a device, it downloads and becomes locally available on that device. The file is available until it's unopened for the specified number of days, and becomes online-only again.
Specify a jpg, jpeg, or png image to be used as the desktop image. This setting can take an http or https URL to a remote image to be downloaded, a file URL to a local image.
Specify a jpg, jpeg, or png image to be used as lock screen image. This setting can take an http or https URL to a remote image to be downloaded, a file URL to a local image.
[LockScreenImageUrl](/windows/client-management/mdm/personalization-csp) |
## Settings that can't be changed
diff --git a/education/windows/windows-editions-for-education-customers.md b/education/windows/windows-editions-for-education-customers.md
index 759d485046..172f1e3c6c 100644
--- a/education/windows/windows-editions-for-education-customers.md
+++ b/education/windows/windows-editions-for-education-customers.md
@@ -2,23 +2,22 @@
title: Windows 10 editions for education customers
description: Provides an overview of the two Windows 10 editions that are designed for the needs of K-12 institutions.
keywords: Windows 10 Pro Education, Windows 10 Education, Windows 10 editions, education customers
-ms.prod: w10
+ms.prod: windows
ms.mktglfcycl: plan
ms.sitesec: library
ms.pagetype: edu
ms.localizationpriority: medium
-author: dansimp
-ms.author: dansimp
-ms.date: 05/21/2019
+ms.collection: education
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/10/2022
ms.reviewer:
-manager: dansimp
+manager: aaroncz
+appliesto:
+- ✅ Windows 10
---
# Windows 10 editions for education customers
-**Applies to:**
-
-- Windows 10
-
Windows 10, version 1607 (Anniversary Update) continues our commitment to productivity, security, and privacy for all customers. Windows 10 Pro and Windows 10 Enterprise offer the functionality and safety features demanded by business and education customers around the globe. Windows 10 is the most secure Windows we’ve ever built. All of our Windows commercial editions can be configured to support the needs of schools, through group policies, domain join, and more. To learn more about Microsoft’s commitment to security and privacy in Windows 10, see more on both [security](/windows/security/security-foundations) and [privacy](https://go.microsoft.com/fwlink/?LinkId=822620).
@@ -64,7 +63,7 @@ For any other questions, contact [Microsoft Customer Service and Support](https:
## Related topics
- [Switch to Windows 10 Pro Education from Windows 10 Pro or Windows 10 S](change-to-pro-education.md)
-- [Windows deployment for education](./index.md)
+- [Windows deployment for education](./index.yml)
- [Windows 10 upgrade paths](/windows/deployment/upgrade/windows-10-upgrade-paths)
- [Volume Activation for Windows 10](/windows/deployment/volume-activation/volume-activation-windows-10)
- [Plan for volume activation](/windows/deployment/volume-activation/plan-for-volume-activation-client)
diff --git a/gdpr/TOC.yml b/gdpr/TOC.yml
deleted file mode 100644
index 981fe6d622..0000000000
--- a/gdpr/TOC.yml
+++ /dev/null
@@ -1,2 +0,0 @@
-- name: Index
- href: index.md
diff --git a/gdpr/docfx.json b/gdpr/docfx.json
index eaa6eba4eb..d786f46f58 100644
--- a/gdpr/docfx.json
+++ b/gdpr/docfx.json
@@ -36,7 +36,7 @@
"ms.author": "lizross",
"feedback_system": "GitHub",
"feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
- "feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
+ "feedback_product_url": "https://support.microsoft.com/windows/send-feedback-to-microsoft-with-the-feedback-hub-app-f59187f8-8739-22d6-ba93-f66612949332",
"contributors_to_exclude": [
"rjagiewich",
"traya1",
diff --git a/gdpr/index.md b/gdpr/index.md
deleted file mode 100644
index 6d4bf54dc0..0000000000
--- a/gdpr/index.md
+++ /dev/null
@@ -1,4 +0,0 @@
----
-ms.date: 09/21/2017
----
-# placeholder
\ No newline at end of file
diff --git a/images/compare-changes.png b/images/compare-changes.png
index 0d86db70f5..183953dc8a 100644
Binary files a/images/compare-changes.png and b/images/compare-changes.png differ
diff --git a/images/contribute-link.png b/images/contribute-link.png
index 4cf685e54e..742a6f53ef 100644
Binary files a/images/contribute-link.png and b/images/contribute-link.png differ
diff --git a/images/pencil-icon.png b/images/pencil-icon.png
index 82fe7852dd..f041c32229 100644
Binary files a/images/pencil-icon.png and b/images/pencil-icon.png differ
diff --git a/images/preview-changes.png b/images/preview-changes.png
index cb4ecab594..54761f44d2 100644
Binary files a/images/preview-changes.png and b/images/preview-changes.png differ
diff --git a/images/propose-changes.png b/images/propose-changes.png
new file mode 100644
index 0000000000..5c16f931fc
Binary files /dev/null and b/images/propose-changes.png differ
diff --git a/images/propose-file-change.png b/images/propose-file-change.png
deleted file mode 100644
index aedbc07b16..0000000000
Binary files a/images/propose-file-change.png and /dev/null differ
diff --git a/images/sc-image402.png b/images/sc-image402.png
deleted file mode 100644
index 8bfe73fd87..0000000000
Binary files a/images/sc-image402.png and /dev/null differ
diff --git a/mdop/docfx.json b/mdop/docfx.json
index dfa58fa007..6ff865c683 100644
--- a/mdop/docfx.json
+++ b/mdop/docfx.json
@@ -36,7 +36,7 @@
"ms.date": "04/05/2017",
"feedback_system": "GitHub",
"feedback_github_repo": "https://github.com/MicrosoftDocs/mdop-docs",
- "feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
+ "feedback_product_url": "https://support.microsoft.com/windows/send-feedback-to-microsoft-with-the-feedback-hub-app-f59187f8-8739-22d6-ba93-f66612949332",
"_op_documentIdPathDepotMapping": {
"./": {
"depot_name": "Win.mdop",
diff --git a/smb/TOC.yml b/smb/TOC.yml
deleted file mode 100644
index 45500dc1bc..0000000000
--- a/smb/TOC.yml
+++ /dev/null
@@ -1,5 +0,0 @@
-- name: Windows 10 for SMB
- href: index.md
- items:
- - name: "Get started: Deploy and manage a full cloud IT solution for your business"
- href: cloud-mode-business-setup.md
diff --git a/smb/breadcrumb/toc.yml b/smb/breadcrumb/toc.yml
deleted file mode 100644
index 3fc3bfeaee..0000000000
--- a/smb/breadcrumb/toc.yml
+++ /dev/null
@@ -1,11 +0,0 @@
-- name: Docs
- tocHref: /
- topicHref: /
- items:
- - name: Windows
- tocHref: /windows
- topicHref: https://docs.microsoft.com/windows/#pivot=it-pro
- items:
- - name: SMB
- tocHref: /windows/smb
- topicHref: /windows/smb/index
\ No newline at end of file
diff --git a/smb/cloud-mode-business-setup.md b/smb/cloud-mode-business-setup.md
deleted file mode 100644
index 7da2e85c29..0000000000
--- a/smb/cloud-mode-business-setup.md
+++ /dev/null
@@ -1,590 +0,0 @@
----
-title: Deploy and manage a full cloud IT solution for your business
-description: Learn how to set up a cloud infrastructure for your business, acquire devices and apps, and configure and deploy policies to your devices.
-keywords: smb, full cloud IT solution, small to medium business, deploy, setup, manage, Windows, Intune, Office 365
-ms.prod: w10
-ms.technology:
-ms.author: eravena
-audience: itpro
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: smb
-author: eavena
-ms.reviewer:
-manager: dansimp
-ms.localizationpriority: medium
-ms.topic: conceptual
----
-
-# Get started: Deploy and manage a full cloud IT solution for your business
-
-
-
-**Applies to:**
-
-- Microsoft 365 Business Standard, Azure AD Premium, Intune, Microsoft Store for Business, Windows 10
-
-Are you ready to move your business to the cloud or wondering what it takes to make this happen with Microsoft cloud services and tools?
-
-In this walkthrough, we'll show you how to deploy and manage a full cloud IT solution for your small to medium business using Microsoft 365 Business Standard, Microsoft Azure AD, Intune, Microsoft Store for Business, and Windows 10. We'll show you the basics on how to:
-- Acquire a Microsoft 365 for business domain
-- Add Microsoft Intune and Azure Active Directory (AD) Premium licenses to your business tenant
-- Set up Microsoft Store for Business and manage app deployment and sync with Intune
-- Add users and groups in Azure AD and Intune
-- Create policies and app deployment rules
-- Log in as a user and start using your Windows device
-
-Go to [Microsoft 365 for business](https://www.microsoft.com/microsoft-365/business) to learn more about pricing and purchasing options for your business.
-
-## Prerequisites
-
-Here's a few things to keep in mind before you get started:
-
-- You'll need a registered domain to successfully go through the walkthrough.
- - If you already own a domain, you can add this during the Office 365 setup.
- - If you don't already own a domain, you can purchase a domain from the Microsoft 365 admin center. This walkthrough includes the steps.
-- You'll need an email address to create your Office 365 tenant.
-- We recommend that you use Internet Explorer for the entire walkthrough. Right select on Internet Explorer > **Start InPrivate Browsing**.
-
-## 1. Set up your cloud infrastructure
-To set up a cloud infrastructure for your organization, follow the steps in this section.
-
-### 1.1 Set up Office 365 for business
-
-See [Microsoft 365 admin center for business](/microsoft-365/admin) and [Microsoft 365 resources for nonprofits](https://www.microsoft.com/nonprofits/microsoft-365) to learn more about the setup steps for businesses and nonprofits who have Office 365. You can learn how to:
-- Plan your setup
-- Create Office 365 accounts and how to add your domain.
-- Install Office
-
-To set up your Microsoft 365 for business tenant, see [Get Started with Microsoft 365 for business](/microsoft-365/business-video/what-is-microsoft-365).
-
-If you're new at setting up Office 365, and you'd like to see how it's done, you can follow these steps to get started:
-
-1. Go to [Try or buy a Microsoft 365 for business subscription](/microsoft-365/commerce/try-or-buy-microsoft-365). In this walkthrough, we'll select **Try now**.
-
- **Figure 1** - Try or buy Office 365
-
- 
-
-2. Fill out the sign up form and provide information about you and your company.
-3. Create a user ID and password to use to sign into your account.
-
- This step creates an `onmicrosoft.com` email address. You can use this email address to sign in to the various admin centers. Save your sign-in info so you can use it to sign into [https://portal.office.com](https://portal.office.com) (the admin portal).
-
-4. Select **Create my account** and then enter the phone number you used in step 2 to verify your identity. You'll be asked to enter your verification code.
-5. Select **You're ready to go...** which will take you to the Microsoft 365 admin center.
-
- > [!NOTE]
- > In the Microsoft 365 admin center, icons that are greyed out are still installing.
-
- **Figure 2** - Microsoft 365 admin center
-
- :::image type="content" alt-text="Opens the Microsoft 365 admin center." source="images/office365_portal.png":::
-
-
-6. Select the **Admin** tile to go to the admin center.
-7. In the admin center, click **Next** to see the highlights and welcome info for the admin center. When you're done, click **Go to setup** to complete the Office 365 setup.
-
- This step can take up to a half hour to complete.
-
- **Figure 3** - Admin center
-
- :::image type="content" alt-text="Complete the Office 365 setup in the Microsoft 365 admin center." source="images/office365_admin_portal.png":::
-
-
-8. Go back to the [admin center](https://portal.office.com/adminportal/home#/homepage) to add or buy a domain.
- 1. Select the **Domains** option.
-
- **Figure 4** - Option to add or buy a domain
-
- :::image type="content" alt-text="Add or buy a domain in admin center." source="images/office365_buy_domain.png":::
-
-
- 2. In the **Home > Domains** page, you will see the Microsoft-provided domain, such as `fabrikamdesign.onmicrosoft.com`.
-
- **Figure 5** - Microsoft-provided domain
-
- :::image type="content" alt-text="Microsoft-provided domain." source="images/office365_ms_provided_domain.png":::
-
- - If you already have a domain, select **+ Add domain** to add your existing domain. If you select this option, you'll be required to verify that you own the domain. Follow the steps in the wizard to verify your domain.
- - If you don't already own a domain, select **+ Buy domain**. If you're using a trial plan, you'll be required to upgrade your trial plan in order to buy a domain. Choose the subscription plan to use for your business and provide the details to complete your order.
-
- Once you've added your domain, you'll see it listed in addition to the Microsoft-provided onmicrosoft.com domain.
-
- **Figure 6** - Domains
-
- :::image type="content" alt-text="Verify your domains in the admin center." source="images/office365_additional_domain.png":::
-
-### 1.2 Add users and assign product licenses
-Once you've set up Office and added your domain, it's time to add users so they have access to Office 365. People in your organization need an account before they can sign in and access Office 365. The easiest way to add users is to add them one at a time in the Microsoft 365 admin center.
-
-When adding users, you can also assign admin privileges to certain users in your team. You'll also want to assign **Product licenses** to each user so that subscriptions can be assigned to the person.
-
-**To add users and assign product licenses**
-
-1. In the [admin center](https://portal.office.com/adminportal/home#/homepage), select **Users > Active users**.
-
- **Figure 7** - Add users
-
- :::image type="content" alt-text="Add Office 365 users." source="images/office365_users.png":::
-
-2. In the **Home > Active users** page, add users individually or in bulk.
- - To add users one at a time, select **+ Add a user**.
-
- If you select this option, you'll see the **New user** screen and you can add details about the new user including their name, user name, role, and so on. You also have the opportunity to assign **Product licenses**. For detailed step-by-step info on adding a user account, see [Add users and assign licenses at the same time](/microsoft-365/admin/add-users/add-users).
-
- **Figure 8** - Add an individual user
-
- :::image type="content" alt-text="Add an individual user." source="images/office365_add_individual_user.png":::
-
- - To add multiple users at once, select **More** and then choose **+ Import multiple users**. If you select this option, you'll need to create and upload a CSV file containing the list of users.
-
- The **Import multiple users** screen includes a link where you can learn more about importing multiple users and also links for downloading a sample CSV file (one with headers only and another with headers and sample user information). For detailed step-by-step info on adding multiple users to Office 365, see [Add users and assign licenses at the same time](/microsoft-365/admin/add-users/add-users). Once you've added all the users, don't forget to assign **Product licenses** to the new users.
-
- **Figure 9** - Import multiple users
-
- :::image type="content" alt-text="Import multiple users." source="images/office365_import_multiple_users.png":::
-
-3. Verify that all the users you added appear in the list of **Active users**. The **Status** should indicate the product licenses that were assigned to them.
-
- **Figure 10** - List of active users
-
- :::image type="content" alt-text="Verify users and assigned product licenses." source="images/o365_active_users.png":::
-
-### 1.3 Add Microsoft Intune
-Microsoft Intune provides mobile device management, app management, and PC management capabilities from the cloud. Using Intune, organizations can provide their employees with access to apps, data, and corporate resources from anywhere on almost any device while helping to keep corporate information secure. To learn more, see [Microsoft Intune is an MDM and MAM provider](/mem/intune/fundamentals/what-is-intune).
-
-**To add Microsoft Intune to your tenant**
-
-1. In the [admin center](https://portal.office.com/adminportal/home#/homepage), select **Billing > Purchase services**.
-2. In the **Home > Purchase services** screen, search for **Microsoft Intune**. Hover over **Microsoft Intune** to see the options to start a free 30-day trial or to buy now.
-3. Confirm your order to enable access to Microsoft Intune.
-4. In the admin center, the Intune licenses will show as available and ready to be assigned to users. Select **Users > Active users** and then edit the product licenses assigned to the users to turn on **Intune A Direct**.
-
- **Figure 11** - Assign Intune licenses
-
- :::image type="content" alt-text="Assign Microsoft Intune licenses to users." source="images/o365_assign_intune_license.png":::
-
-5. In the admin center, confirm that **Intune** shows up in the list under **Admin centers**. If it doesn't, sign out and then sign back in and then check again.
-6. Select **Intune**. This step opens the Endpoint Manager admin center.
-
- **Figure 12** - Microsoft Intune management portal
-
- :::image type="content" alt-text="Microsoft Intune management portal." source="images/intune_portal_home.png":::
-
-Intune should now be added to your tenant. We'll come back to Intune later when we [Configure Microsoft Store for Business for app distribution](#17-configure-microsoft-store-for-business-for-app-distribution).
-
-### 1.4 Add Azure AD to your domain
-Microsoft Azure is an open and flexible cloud platform that enables you to quickly build, deploy, and manage apps across a global network of Microsoft-managed datacenters. In this walkthrough, we won't be using the full power of Azure and we'll primarily use it to create groups that we then use for provisioning through Intune.
-
-**To add Azure AD to your domain**
-
-1. In the [admin center](https://portal.office.com/adminportal/home#/homepage), select **Admin centers > Azure AD**.
-
- > [!NOTE]
- > You will need Azure AD Premium to configure automatic MDM enrollment with Intune.
-
-2. If you have not signed up for Azure AD before, you will see the following message. To proceed with the rest of the walkthrough, you need to activate an Azure subscription.
-
- **Figure 13** - Access to Azure AD is not available
-
- :::image type="content" alt-text="Access to Azure AD not available." source="images/azure_ad_access_not_available.png":::
-
-3. From the error message, select the country/region for your business. The region should match with the location you specified when you signed up for Office 365.
-4. Select **Azure subscription**. This step will take you to a free trial sign up screen.
-
- **Figure 14** - Sign up for Microsoft Azure
-
- :::image type="content" alt-text="Sign up for Microsoft Azure." source="images/azure_ad_sign_up_screen.png":::
-
-5. In the **Free trial sign up** screen, fill in the required information and then click **Sign up**.
-6. After you sign up, you should see the message that your subscription is ready. Click **Start managing my service**.
-
- **Figure 15** - Start managing your Azure subscription
-
- :::image type="content" alt-text="Start managing your Azure subscription." source="images/azure_ad_successful_signup.png":::
-
- This step will take you to the [Microsoft Azure portal](https://portal.azure.com).
-
-### 1.5 Add groups in Azure AD
-This section is the walkthrough is optional. However, we recommend that you create groups in Azure AD to manage access to corporate resources, such as apps, policies and settings, and so on. For more information, see [Managing access to resources with Azure Active Directory groups](/azure/active-directory/active-directory-manage-groups.
-
-To add Azure AD group(s), use the [Microsoft Azure portal](https://portal.azure.com). See [Managing groups in Azure Active Directory](/azure/active-directory/active-directory-accessmanagement-manage-groups) for more information about managing groups.
-
-**To add groups in Azure AD**
-
-1. If this is the first time you're setting up your directory, when you navigate to the **Azure Active Directory** node, you will see a screen informing you that your directory is ready for use.
-
- Afterwards, you should see a list of active directories. In the following example, **Fabrikam Design** is the active directory.
-
- **Figure 16** - Azure first sign-in screen
-
- :::image type="content" alt-text="Select Azure AD." source="images/azure_portal_classic_configure_directory.png":::
-
-2. Select the directory (such as Fabrikam Design) to go to the directory's home page.
-
- **Figure 17** - Directory home page
-
- :::image type="content" alt-text="Directory home page." source="images/azure_portal_classic_directory_ready.png":::
-
-3. From the menu options on top, select **Groups**.
-
- **Figure 18** - Azure AD groups
-
- :::image type="content" alt-text="Add groups in Azure AD." source="images/azure_portal_classic_groups.png":::
-
-4. Select **Add a group** (from the top) or **Add group** at the bottom.
-5. In the **Add Group** window, add a name, group type, and description for the group and click the checkmark to save your changes. The new group will appear on the groups list.
-
- **Figure 19** - Newly added group in Azure AD
-
- :::image type="content" alt-text="Verify the new group appears on the list." source="images/azure_portal_classic_all_users_group.png":::
-
-6. In the **Groups** tab, select the arrow next to the group (such as **All users**), add members to the group, and then save your changes.
-
- The members that were added to the group will appear on the list.
-
- **Figure 20** - Members in the new group
-
- :::image type="content" alt-text="Members added to the new group." source="images/azure_portal_classic_members_added.png":::
-
-7. Repeat steps 2-6 to add other groups. You can add groups based on their roles in your company, based on the apps that each group can use, and so on.
-
-### 1.6 Configure automatic MDM enrollment with Intune
-Now that you have Azure AD Premium and have it properly configured, you can configure automatic MDM enrollment with Intune, which allows users to enroll their Windows devices into Intune management, join their devices directly to Azure AD, and get access to Office 365 resources after sign in.
-
-You can read the [Windows 10, Azure AD and Microsoft Intune blog post](https://blogs.technet.microsoft.com/enterprisemobility/2015/08/14/windows-10-azure-ad-and-microsoft-intune-automatic-mdm-enrollment-powered-by-the-cloud/) to learn how you can combine login, Azure AD Join, and Intune MDM enrollment into an easy step so that you can bring your devices into a managed state that complies with the policies for your organization. We will use this blog post as our guide for this part of the walkthrough.
-
-> [!IMPORTANT]
-> We will use the classic Azure portal instead of the new portal to configure automatic MDM enrollment with Intune.
-
-**To enable automatic MDM enrollment**
-
-1. In the Azure portal, click on your company's Azure Active Directory to go back to the main window. Select **Applications** from the list of directory menu options.
-
- The list of applications for your company will appear. **Microsoft Intune** will be one of the applications on the list.
-
- **Figure 21** - List of applications for your company
-
- :::image type="content" alt-text="List of applications for your company." source="images/azure_portal_classic_applications.png":::
-
-2. Select **Microsoft Intune** to configure the application.
-3. In the Microsoft Intune configuration page, click **Configure** to start automatic MDM enrollment configuration with Intune.
-
- **Figure 22** - Configure Microsoft Intune in Azure
-
- :::image type="content" alt-text="Configure Microsoft Intune in Azure." source="images/azure_portal_classic_configure_intune_app.png":::
-
-4. In the Microsoft Intune configuration page:
- - In the **Properties** section, you should see a list of URLs for MDM discovery, MDM terms of use, and MDM compliance.
-
- > [!NOTE]
- > The URLs are automatically configured for your Azure AD tenant so you don't need to change them.
-
- - In the **Manage devices for these users** section, you can specify which users' devices should be managed by Intune.
- - **All** will enable all users' Windows 10 devices to be managed by Intune.
- - **Groups** let you select whether only users that belong to a specific group will have their devices managed by Intune.
-
- > [!NOTE]
- > In this step, choose the group that contains all the users in your organization as members. This is the **All** group.
-
-5. After you've chosen how to manage devices for users, select **Save** to enable automatic MDM enrollment with Intune.
-
- **Figure 23** - Configure Microsoft Intune
-
- :::image type="content" alt-text="Configure automatic MDM enrollment with Intune." source="images/azure_portal_classic_configure_intune_mdm_enrollment.png":::
-
-### 1.7 Configure Microsoft Store for Business for app distribution
-Next, you'll need to configure Microsoft Store for Business to distribute apps with a management tool such as Intune.
-
-In this part of the walkthrough, use the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and [Microsoft Store for Business](https://businessstore.microsoft.com/Store/Apps).
-
-**To associate your Store account with Intune and configure synchronization**
-
-1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-2. In the **Administration** workspace, click **Mobile Device Management**. If this is the first item you're using the portal, click **manage mobile devices** in the **Mobile Device Management** window. The page will refresh and you'll have new options under **Mobile Device Management**.
-
- **Figure 24** - Mobile device management
-
- :::image type="content" alt-text="Set up mobile device management in Intune." source="images/intune_admin_mdm_configure.png":::
-
-3. Sign into [Microsoft Store for Business](https://businessstore.microsoft.com/Store/Apps) using the same tenant account that you used to sign into Intune.
-4. Accept the EULA.
-5. In the Store portal, select **Settings > Management tools** to go to the management tools page.
-6. In the **Management tools** page, find **Microsoft Intune** on the list and click **Activate** to get Intune ready to use with Microsoft Store for Business.
-
- **Figure 25** - Activate Intune as the Store management tool
-
- :::image type="content" alt-text="Activate Intune from the Store portal." source="images/wsfb_management_tools_activate.png":::
-
-7. Go back to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Admin > Mobile Device Management**, expand **Windows**, and then choose **Store for Business**.
-8. In the **Microsoft Store for Business** page, select **Configure Sync** to sync your Store for Business volume-purchased apps with Intune.
-
- **Figure 26** - Configure Store for Business sync in Intune
-
- :::image type="content" alt-text="Configure Store for Business sync in Intune." source="images/intune_admin_mdm_store_sync.png":::
-
-9. In the **Configure Microsoft Store for Business app sync** dialog box, check **Enable Microsoft Store for Business sync**. In the **Language** dropdown list, choose the language in which you want apps from the Store to be displayed in the Intune console and then click **OK**.
-
- **Figure 27** - Enable Microsoft Store for Business sync in Intune
-
- :::image type="content" alt-text="Enable Store for Business sync in Intune." source="images/intune_configure_store_app_sync_dialog.png":::
-
- The **Microsoft Store for Business** page will refresh and it will show the details from the sync.
-
-**To buy apps from the Store**
-
-In your [Microsoft Store for Business portal](https://businessstore.microsoft.com/Store/Apps), you can see the list of apps that you own by going to **Manage > Inventory**. You should see the following apps in your inventory:
-- Sway
-- OneNote
-- PowerPoint Mobile
-- Excel Mobile
-- Word Mobile
-
-In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Apps > Apps > Volume-Purchased Apps** and verify that you can see the same list of apps appear on Intune.
-
-In the following example, we'll show you how to buy apps through the Microsoft Store for Business and then make sure the apps appear on Intune.
-
-**Example 1 - Add other apps like Reader and InstaNote**
-
-1. In the [Microsoft Store for Business portal](https://businessstore.microsoft.com/Store/Apps), click **Shop**, scroll down to the **Made by Microsoft** category, and click **Show all** to see all the Microsoft apps in the list.
-
- **Figure 28** - Shop for Store apps
-
- :::image type="content" alt-text="Shop for Store apps." source="images/wsfb_shop_microsoft_apps.png":::
-
-2. Click to select an app, such as **Reader**. This opens the app page.
-3. In the app's Store page, click **Get the app**. You should see a dialog that confirms your order. Click **Close**. This will refresh the app's Store page.
-4. In the app's Store page, click **Add to private store**.
-5. Next, search for another app by name (such as **InstaNote**) or repeat steps 1-4 for the **InstaNote** app.
-6. Go to **Manage > Inventory** and verify that the apps you purchased appear in your inventory.
-
- **Figure 29** - App inventory shows the purchased apps
-
- :::image type="content" alt-text="Confirm that your inventory shows purchased apps." source="images/wsfb_manage_inventory_newapps.png":::
-
- > [!NOTE]
- > Sync happens automatically, but it may take up to 24 hours for your organization's private store and 12 hours for Intune to sync all your purchased apps. You can force a sync to make this process happen faster. For more info, see [To sync recently purchased apps](#forceappsync).
-
-**To sync recently purchased apps**
-
-If you need to sync your most recently purchased apps and have it appear in your catalog, you can do this by forcing a sync.
-
-1. In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Admin > Mobile Device Management > Windows > Store for Business**.
-2. In the **Microsoft Store for Business** page, click **Sync now** to force a sync.
-
- **Figure 30** - Force a sync in Intune
-
- :::image type="content" alt-text="Force a sync in Intune." source="images/intune_admin_mdm_forcesync.png":::
-
-**To view purchased apps**
-- In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Apps > Apps** and then choose **Volume-Purchased Apps** to see the list of available apps. Verify that the apps you purchased were imported correctly.
-
-**To add more apps**
-- If you have other apps that you want to deploy or manage, you must add it to Microsoft Intune. To deploy Win32 apps and Web links, see [Add apps to Microsoft Intune](/mem/intune/apps/apps-add) for more info on how to do this.
-
-## 2. Set up devices
-
-### 2.1 Set up new devices
-To set up new Windows devices, go through the Windows initial device setup or first-run experience to configure your device.
-
-**To set up a device**
-1. Go through the Windows device setup experience. On a new or reset device, this starts with the **Hi there** screen on devices running Windows 10, version 1607 (Anniversary Update). The setup lets you:
- - Fill in the details in the **Hi there** screen including your home country/region, preferred language, keyboard layout, and timezone
- - Accept the EULA
- - Customize the setup or use Express settings
-
- **Figure 31** - First screen in Windows device setup
-
- :::image type="content" alt-text="First screen in Windows device setup." source="images/win10_hithere.png":::
-
- > [!NOTE]
- > During setup, if you don't have a Wi-Fi network configured, make sure you connect the device to the Internet through a wired/Ethernet connection.
-
-2. In the **Who owns this PC?** screen, select **My work or school owns it** and click **Next**.
-3. In the **Choose how you'll connect** screen, select **Join Azure Active Directory** and click **Next**.
-
- **Figure 32** - Choose how you'll connect your Windows device
-
- :::image type="content" alt-text="Choose how you'll connect the Windows device." source="images/win10_choosehowtoconnect.png":::
-
-4. In the **Let's get you signed in** screen, sign in using a user account you added in section [1.2 Add users and assign product licenses](#12-add-users-and-assign-product-licenses). We suggest signing in as one of the global administrators. Later, sign in on another device using one of the non-admin accounts.
-
- **Figure 33** - Sign in using one of the accounts you added
-
- :::image type="content" alt-text="Sign in using one of the accounts you added." source="images/win10_signin_admin_account.png":::
-
-5. If this is the first time you're signing in, you will be asked to update your password. Update the password and continue with sign-in and setup.
-
- Windows will continue with setup and you may be asked to set up a PIN for Windows Hello if your organization has it enabled.
-
-### 2.2 Verify correct device setup
-Verify that the device is set up correctly and boots without any issues.
-
-**To verify that the device was set up correctly**
-1. Click on the **Start** menu and select some of the options to make sure everything opens properly.
-2. Confirm that the Store and built-in apps are working.
-
-### 2.3 Verify the device is Azure AD joined
-In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), verify that the device is joined to Azure AD and shows up as being managed in Microsoft Intune.
-
-**To verify if the device is joined to Azure AD**
-1. Check the device name on your PC. On your Windows PC, select **Settings > System > About** and then check **PC name**.
-
- **Figure 34** - Check the PC name on your device
-
- :::image type="content" alt-text="Check the PC name on your device." source="images/win10_settings_pcname.png":::
-
-2. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-3. Select **Groups** and then go to **Devices**.
-4. In the **All Devices** page, look at the list of devices and select the entry that matches the name of your PC.
- - Check that the device name appears in the list. Select the device and it will also show the current logged-in user in the **General Information** section.
- - Check the **Management Channel** column and confirm that it says **Managed by Microsoft Intune**.
- - Check the **AAD Registered** column and confirm that it says **Yes**.
-
- **Figure 35** - Check that the device appears in Intune
-
- :::image type="content" alt-text="Check that the device appears in Intune." source="images/intune_groups_devices_list.png":::
-
-## 3. Manage device settings and features
-You can use Microsoft Intune admin settings and policies to manage features on your organization's mobile devices and computers. For more info, see [Manage settings and features on your devices with Microsoft Intune policies](/mem/intune/configuration/device-profiles).
-
-In this section, we'll show you how to reconfigure app deployment settings and add a new policy that will disable the camera for the Intune-managed devices and turn off Windows Hello and PINs during setup.
-
-### 3.1 Reconfigure app deployment settings
-In some cases, if an app is missing from the device, you need to reconfigure the deployment settings for the app and set the app to require installation as soon as possible.
-
-**To reconfigure app deployment settings**
-1. In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Apps** and go to **Apps > Volume-Purchased Apps**.
-2. Select the app, right-click, then select **Manage Deployment...**.
-3. Select the group(s) whose apps will be managed, and then click **Add** to add the group.
-4. Click **Next** at the bottom of the app deployment settings window or select **Deployment Action** on the left column to check the deployment settings for the app.
-5. For each group that you selected, set **Approval** to **Required Install**. This step automatically sets **Deadline** to **As soon as possible**. If **Deadline** is not automatically set, set it to **As soon as possible**.
-
- **Figure 36** - Reconfigure an app's deployment setting in Intune
-
- :::image type="content" alt-text="Reconfigure app deployment settings in Intune." source="images/intune_apps_deploymentaction.png":::
-
-6. Click **Finish**.
-7. Repeat steps 2-6 for other apps that you want to deploy to the device(s) as soon as possible.
-8. Verify that the app shows up on the device using the following steps:
- - Make sure you're logged in to the Windows device.
- - Click the **Start** button and check the apps that appear in the **Recently added** section. If you don't see the apps that you deployed in Intune, give it a few minutes. Only apps that aren't already deployed on the device will appear in the **Recently added** section.
-
- **Figure 37** - Confirm that additional apps were deployed to the device
-
- :::image type="content" alt-text="Confirm that additional apps were deployed to the device." source="images/win10_deploy_apps_immediately.png":::
-
-### 3.2 Configure other settings in Intune
-
-**To disable the camera**
-1. In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Devices > Configuration Policies**.
-2. In the **Policies** window, click **Add** to create a new policy.
-3. On the **Create a New Policy** page, click **Windows** to expand the group, select **General Configuration (Windows 10 Desktop and Mobile and later)**, choose **Create and Deploy a Custom Policy**, and then click **Create Policy**.
-4. On the **Create Policy** page, select **Device Capabilities**.
-5. In the **General** section, add a name and description for this policy. For example:
- - **Name**: Test Policy - Disable Camera
- - **Description**: Disables the camera
-6. Scroll down to the **Hardware** section, find **Allow camera is not configured**, toggle the button so that it changes to **Allow camera** and choose **No** from the dropdown list.
-
- **Figure 38** - Add a configuration policy
-
- :::image type="content" alt-text="Add a configuration policy." source="images/intune_policy_disablecamera.png":::
-
-7. Click **Save Policy**. A confirmation window will pop up.
-8. On the **Deploy Policy** confirmation window, select **Yes** to deploy the policy now.
-9. On the **Management Deployment** window, select the user group(s) or device group(s) that you want to apply the policy to (for example, **All Users**), and then click **Add**.
-10. Click **OK** to close the window.
-
- **Figure 39** - The new policy should appear in the **Policies** list.
-
- :::image type="content" alt-text="New policy appears on the list." source="images/intune_policies_newpolicy_deployed.png":::
-
-**To turn off Windows Hello and PINs during device setup**
-1. Go to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-2. Go to **Mobile Device Management > Windows > Windows Hello for Business**.
-3. In the **Windows Hello for Business** page, select **Disable Windows Hello for Business on enrolled devices**.
-
- **Figure 40** - Policy to disable Windows Hello for Business
-
- :::image type="content" alt-text="Disable Windows Hello for Business." source="images/intune_policy_disable_windowshello.png":::
-
-4. Click **Save**.
-
- > [!NOTE]
- > This policy is a tenant-wide Intune setting. It disables Windows Hello and required PINs during setup for all enrolled devices in a tenant.
-
-To test whether these policies get successfully deployed to your tenant, go through [4. Add more devices and users](#4-add-more-devices-and-users) and setup another Windows device and login as one of the users.
-
-## 4. Add more devices and users
-After your cloud infrastructure is set up and you have a device management strategy in place, you may need to add more devices or users and you want the same policies to apply to these new devices and users. In this section, we'll show you how to do this.
-
-### 4.1 Connect other devices to your cloud infrastructure
-Adding a new device to your cloud-based tenant is easy. For new devices, you can follow the steps in [2. Set up devices](#2-set-up-devices).
-
-For other devices, such as those personally-owned by employees who need to connect to the corporate network to access corporate resources (BYOD), you can follow the steps in this section to get these devices connected.
-
- > [!NOTE]
- > These steps enable users to get access to the organization's resources, but it also gives the organization some control over the device.
-
-**To connect a personal device to your work or school**
-1. On your Windows device, go to **Settings > Accounts**.
-2. Select **Access work or school** and then click **Connect** in the **Connect to work or school** page.
-3. In the **Set up a work or school account** window, click **Join this device to Azure Active Directory** to add an Azure AD account to the device.
-
- **Figure 41** - Add an Azure AD account to the device
-
- :::image type="content" alt-text="Add an Azure AD account to the device." source="images/win10_add_new_user_join_aad.png":::
-
-4. In the **Let's get you signed in** window, enter the work credentials for the account and then click **Sign in** to authenticate the user.
-
- **Figure 42** - Enter the account details
-
- :::image type="content" alt-text="Enter the account details." source="images/win10_add_new_user_account_aadwork.png":::
-
-5. You will be asked to update the password so enter a new password.
-6. Verify the details to make sure you're connecting to the right organization and then click **Join**.
-
- **Figure 43** - Make sure this is your organization
-
- :::image type="content" alt-text="Make sure this is your organization." source="images/win10_confirm_organization_details.png":::
-
-7. You will see a confirmation window that says the device is now connected to your organization. Click **Done**.
-
- **Figure 44** - Confirmation that the device is now connected
-
- :::image type="content" alt-text="Confirmation that the device is now connected." source="images/win10_confirm_device_connected_to_org.png":::
-
-8. The **Connect to work or school** window will refresh and will now include an entry that shows you're connected to your organization's Azure AD. This means the device is now registered in Azure AD and enrolled in MDM and the account should have access to the organization's resources.
-
- **Figure 45** - Device is now enrolled in Azure AD
-
- :::image type="content" alt-text="Device is enrolled in Azure AD." source="images/win10_device_enrolled_in_aad.png":::
-
-9. You can confirm that the new device and user are showing up as Intune-managed by going to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and following the steps in [2.3 Verify the device is Azure AD joined](#23-verify-the-device-is-azure-ad-joined). It may take several minutes before the new device shows up so check again later.
-
-### 4.2 Add a new user
-You can add new users to your tenant simply by adding them to the Microsoft 365 groups. Adding new users to Microsoft 365 groups automatically adds them to the corresponding groups in Microsoft Intune.
-
-See [Add users to Office 365](/microsoft-365/admin/add-users/add-users) to learn more. Once you're done adding new users, go to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and verify that the same users were added to the Intune groups as well.
-
-## Get more info
-
-### For IT admins
-To learn more about the services and tools mentioned in this walkthrough, and learn what other tasks you can do, follow these links:
-- [Set up Office 365 for business](/microsoft-365/admin/setup)
-- Common admin tasks in Office 365 including email and OneDrive in [Manage Office 365](/microsoft-365/admin/)
-- More info about managing devices, apps, data, troubleshooting, and more in the [/mem/intune/](/mem/intune/)
-- Learn more about Windows client in the [Windows client documentation for IT Pros](/windows/resources/).
-- Info about distributing apps to your employees, managing apps, managing settings, and more in [Microsoft Store for Business](/microsoft-store/)
-
-### For information workers
-Whether it's in the classroom, getting the most out of your devices, or learning some of the cool things you can do, we've got teachers covered. Follow these links for more info:
-
-- [Office Help & Training](https://support.microsoft.com/office)
-- [Windows help & learning](https://support.microsoft.com/windows)
-
-## Related topics
-
-- [Windows for business](https://www.microsoft.com/windows/business)
-- [Microsoft 365 for business](https://www.microsoft.com/microsoft-365/business)
diff --git a/smb/docfx.json b/smb/docfx.json
index 9b63f81cad..15de5f0bb4 100644
--- a/smb/docfx.json
+++ b/smb/docfx.json
@@ -48,6 +48,9 @@
"Kellylorenebaker",
"jborsecnik",
"tiburd",
+ "AngelaMotherofDragons",
+ "dstrome",
+ "v-dihans",
"garycentric"
],
"titleSuffix": "Windows for Small to Midsize Business"
diff --git a/smb/images/azure_ad_access_not_available.PNG b/smb/images/azure_ad_access_not_available.PNG
deleted file mode 100644
index 754ff011ea..0000000000
Binary files a/smb/images/azure_ad_access_not_available.PNG and /dev/null differ
diff --git a/smb/images/azure_ad_sign_up_screen.PNG b/smb/images/azure_ad_sign_up_screen.PNG
deleted file mode 100644
index 3c369cfd5b..0000000000
Binary files a/smb/images/azure_ad_sign_up_screen.PNG and /dev/null differ
diff --git a/smb/images/azure_ad_successful_signup.PNG b/smb/images/azure_ad_successful_signup.PNG
deleted file mode 100644
index 197744f309..0000000000
Binary files a/smb/images/azure_ad_successful_signup.PNG and /dev/null differ
diff --git a/smb/images/azure_portal_azure_ad_management.PNG b/smb/images/azure_portal_azure_ad_management.PNG
deleted file mode 100644
index 6401aa910b..0000000000
Binary files a/smb/images/azure_portal_azure_ad_management.PNG and /dev/null differ
diff --git a/smb/images/azure_portal_azure_ad_management_users_groups.png b/smb/images/azure_portal_azure_ad_management_users_groups.png
deleted file mode 100644
index 5010765800..0000000000
Binary files a/smb/images/azure_portal_azure_ad_management_users_groups.png and /dev/null differ
diff --git a/smb/images/azure_portal_classic.PNG b/smb/images/azure_portal_classic.PNG
deleted file mode 100644
index 15132f7a07..0000000000
Binary files a/smb/images/azure_portal_classic.PNG and /dev/null differ
diff --git a/smb/images/azure_portal_classic_add_group.PNG b/smb/images/azure_portal_classic_add_group.PNG
deleted file mode 100644
index 417e9b8a72..0000000000
Binary files a/smb/images/azure_portal_classic_add_group.PNG and /dev/null differ
diff --git a/smb/images/azure_portal_classic_all_users_group.PNG b/smb/images/azure_portal_classic_all_users_group.PNG
deleted file mode 100644
index 55988d9c6c..0000000000
Binary files a/smb/images/azure_portal_classic_all_users_group.PNG and /dev/null differ
diff --git a/smb/images/azure_portal_classic_applications.PNG b/smb/images/azure_portal_classic_applications.PNG
deleted file mode 100644
index 9c39a28e08..0000000000
Binary files a/smb/images/azure_portal_classic_applications.PNG and /dev/null differ
diff --git a/smb/images/azure_portal_classic_configure_directory.png b/smb/images/azure_portal_classic_configure_directory.png
deleted file mode 100644
index 1cece3e84c..0000000000
Binary files a/smb/images/azure_portal_classic_configure_directory.png and /dev/null differ
diff --git a/smb/images/azure_portal_classic_configure_intune.PNG b/smb/images/azure_portal_classic_configure_intune.PNG
deleted file mode 100644
index 0daddd7e83..0000000000
Binary files a/smb/images/azure_portal_classic_configure_intune.PNG and /dev/null differ
diff --git a/smb/images/azure_portal_classic_configure_intune_app.png b/smb/images/azure_portal_classic_configure_intune_app.png
deleted file mode 100644
index 1110714b7c..0000000000
Binary files a/smb/images/azure_portal_classic_configure_intune_app.png and /dev/null differ
diff --git a/smb/images/azure_portal_classic_configure_intune_mdm_enrollment.PNG b/smb/images/azure_portal_classic_configure_intune_mdm_enrollment.PNG
deleted file mode 100644
index a85a28dd7d..0000000000
Binary files a/smb/images/azure_portal_classic_configure_intune_mdm_enrollment.PNG and /dev/null differ
diff --git a/smb/images/azure_portal_classic_directory_ready.PNG b/smb/images/azure_portal_classic_directory_ready.PNG
deleted file mode 100644
index d627036ca3..0000000000
Binary files a/smb/images/azure_portal_classic_directory_ready.PNG and /dev/null differ
diff --git a/smb/images/azure_portal_classic_groups.PNG b/smb/images/azure_portal_classic_groups.PNG
deleted file mode 100644
index a746a0b21b..0000000000
Binary files a/smb/images/azure_portal_classic_groups.PNG and /dev/null differ
diff --git a/smb/images/azure_portal_classic_members_added.PNG b/smb/images/azure_portal_classic_members_added.PNG
deleted file mode 100644
index 5cb5864330..0000000000
Binary files a/smb/images/azure_portal_classic_members_added.PNG and /dev/null differ
diff --git a/smb/images/azure_portal_home.PNG b/smb/images/azure_portal_home.PNG
deleted file mode 100644
index 5f0dcf4c5d..0000000000
Binary files a/smb/images/azure_portal_home.PNG and /dev/null differ
diff --git a/smb/images/azure_portal_select_azure_ad.png b/smb/images/azure_portal_select_azure_ad.png
deleted file mode 100644
index 694d30cbdd..0000000000
Binary files a/smb/images/azure_portal_select_azure_ad.png and /dev/null differ
diff --git a/smb/images/business-cloud-mode-graphic.png b/smb/images/business-cloud-mode-graphic.png
deleted file mode 100644
index 449b7ca356..0000000000
Binary files a/smb/images/business-cloud-mode-graphic.png and /dev/null differ
diff --git a/smb/images/business-cloud-mode.png b/smb/images/business-cloud-mode.png
deleted file mode 100644
index f524b42372..0000000000
Binary files a/smb/images/business-cloud-mode.png and /dev/null differ
diff --git a/smb/images/deploy.png b/smb/images/deploy.png
deleted file mode 100644
index 8fe505f77e..0000000000
Binary files a/smb/images/deploy.png and /dev/null differ
diff --git a/smb/images/deploy_art.png b/smb/images/deploy_art.png
deleted file mode 100644
index 5f2a6d0978..0000000000
Binary files a/smb/images/deploy_art.png and /dev/null differ
diff --git a/smb/images/intune_admin_mdm.PNG b/smb/images/intune_admin_mdm.PNG
deleted file mode 100644
index 3b334b27d5..0000000000
Binary files a/smb/images/intune_admin_mdm.PNG and /dev/null differ
diff --git a/smb/images/intune_admin_mdm_configure.png b/smb/images/intune_admin_mdm_configure.png
deleted file mode 100644
index 0a9cb4b99f..0000000000
Binary files a/smb/images/intune_admin_mdm_configure.png and /dev/null differ
diff --git a/smb/images/intune_admin_mdm_forcesync.PNG b/smb/images/intune_admin_mdm_forcesync.PNG
deleted file mode 100644
index 96d085a261..0000000000
Binary files a/smb/images/intune_admin_mdm_forcesync.PNG and /dev/null differ
diff --git a/smb/images/intune_admin_mdm_store_sync.PNG b/smb/images/intune_admin_mdm_store_sync.PNG
deleted file mode 100644
index 3b884371b0..0000000000
Binary files a/smb/images/intune_admin_mdm_store_sync.PNG and /dev/null differ
diff --git a/smb/images/intune_apps_deploymentaction.PNG b/smb/images/intune_apps_deploymentaction.PNG
deleted file mode 100644
index 0c769017d2..0000000000
Binary files a/smb/images/intune_apps_deploymentaction.PNG and /dev/null differ
diff --git a/smb/images/intune_configure_store_app_sync_dialog.PNG b/smb/images/intune_configure_store_app_sync_dialog.PNG
deleted file mode 100644
index abb41318f1..0000000000
Binary files a/smb/images/intune_configure_store_app_sync_dialog.PNG and /dev/null differ
diff --git a/smb/images/intune_groups_devices_list.PNG b/smb/images/intune_groups_devices_list.PNG
deleted file mode 100644
index f571847bc7..0000000000
Binary files a/smb/images/intune_groups_devices_list.PNG and /dev/null differ
diff --git a/smb/images/intune_policies_newpolicy_deployed.PNG b/smb/images/intune_policies_newpolicy_deployed.PNG
deleted file mode 100644
index 72cb4d5db3..0000000000
Binary files a/smb/images/intune_policies_newpolicy_deployed.PNG and /dev/null differ
diff --git a/smb/images/intune_policy_disable_windowshello.PNG b/smb/images/intune_policy_disable_windowshello.PNG
deleted file mode 100644
index 2b7300c9ce..0000000000
Binary files a/smb/images/intune_policy_disable_windowshello.PNG and /dev/null differ
diff --git a/smb/images/intune_policy_disablecamera.PNG b/smb/images/intune_policy_disablecamera.PNG
deleted file mode 100644
index 53fd969c00..0000000000
Binary files a/smb/images/intune_policy_disablecamera.PNG and /dev/null differ
diff --git a/smb/images/intune_portal_home.PNG b/smb/images/intune_portal_home.PNG
deleted file mode 100644
index b63295fe42..0000000000
Binary files a/smb/images/intune_portal_home.PNG and /dev/null differ
diff --git a/smb/images/learn.png b/smb/images/learn.png
deleted file mode 100644
index 9e8f87f436..0000000000
Binary files a/smb/images/learn.png and /dev/null differ
diff --git a/smb/images/learn_art.png b/smb/images/learn_art.png
deleted file mode 100644
index 1170f9ca26..0000000000
Binary files a/smb/images/learn_art.png and /dev/null differ
diff --git a/smb/images/o365_active_users.PNG b/smb/images/o365_active_users.PNG
deleted file mode 100644
index 8ab381a59d..0000000000
Binary files a/smb/images/o365_active_users.PNG and /dev/null differ
diff --git a/smb/images/o365_add_existing_domain.PNG b/smb/images/o365_add_existing_domain.PNG
deleted file mode 100644
index e29cdca3f9..0000000000
Binary files a/smb/images/o365_add_existing_domain.PNG and /dev/null differ
diff --git a/smb/images/o365_additional_domain.PNG b/smb/images/o365_additional_domain.PNG
deleted file mode 100644
index 5682fb15f7..0000000000
Binary files a/smb/images/o365_additional_domain.PNG and /dev/null differ
diff --git a/smb/images/o365_admin_portal.PNG b/smb/images/o365_admin_portal.PNG
deleted file mode 100644
index cfbf696310..0000000000
Binary files a/smb/images/o365_admin_portal.PNG and /dev/null differ
diff --git a/smb/images/o365_assign_intune_license.PNG b/smb/images/o365_assign_intune_license.PNG
deleted file mode 100644
index 261f096a98..0000000000
Binary files a/smb/images/o365_assign_intune_license.PNG and /dev/null differ
diff --git a/smb/images/o365_domains.PNG b/smb/images/o365_domains.PNG
deleted file mode 100644
index ca79f71f54..0000000000
Binary files a/smb/images/o365_domains.PNG and /dev/null differ
diff --git a/smb/images/o365_microsoft_provided_domain.PNG b/smb/images/o365_microsoft_provided_domain.PNG
deleted file mode 100644
index b2a05eb5a9..0000000000
Binary files a/smb/images/o365_microsoft_provided_domain.PNG and /dev/null differ
diff --git a/smb/images/o365_trynow.PNG b/smb/images/o365_trynow.PNG
deleted file mode 100644
index 5810f3e0f9..0000000000
Binary files a/smb/images/o365_trynow.PNG and /dev/null differ
diff --git a/smb/images/o365_users.PNG b/smb/images/o365_users.PNG
deleted file mode 100644
index e0b462a8c5..0000000000
Binary files a/smb/images/o365_users.PNG and /dev/null differ
diff --git a/smb/images/office365_add_individual_user.PNG b/smb/images/office365_add_individual_user.PNG
deleted file mode 100644
index 87f674fa10..0000000000
Binary files a/smb/images/office365_add_individual_user.PNG and /dev/null differ
diff --git a/smb/images/office365_additional_domain.png b/smb/images/office365_additional_domain.png
deleted file mode 100644
index 940a090477..0000000000
Binary files a/smb/images/office365_additional_domain.png and /dev/null differ
diff --git a/smb/images/office365_admin_center.png b/smb/images/office365_admin_center.png
deleted file mode 100644
index 26808fc27c..0000000000
Binary files a/smb/images/office365_admin_center.png and /dev/null differ
diff --git a/smb/images/office365_admin_portal.png b/smb/images/office365_admin_portal.png
deleted file mode 100644
index fe0f81bda0..0000000000
Binary files a/smb/images/office365_admin_portal.png and /dev/null differ
diff --git a/smb/images/office365_buy_domain.png b/smb/images/office365_buy_domain.png
deleted file mode 100644
index 51ea9c1e6c..0000000000
Binary files a/smb/images/office365_buy_domain.png and /dev/null differ
diff --git a/smb/images/office365_create_userid.png b/smb/images/office365_create_userid.png
deleted file mode 100644
index fc3d070841..0000000000
Binary files a/smb/images/office365_create_userid.png and /dev/null differ
diff --git a/smb/images/office365_domains.png b/smb/images/office365_domains.png
deleted file mode 100644
index 51ea9c1e6c..0000000000
Binary files a/smb/images/office365_domains.png and /dev/null differ
diff --git a/smb/images/office365_import_multiple_users.PNG b/smb/images/office365_import_multiple_users.PNG
deleted file mode 100644
index c1b05fa2c9..0000000000
Binary files a/smb/images/office365_import_multiple_users.PNG and /dev/null differ
diff --git a/smb/images/office365_ms_provided_domain.png b/smb/images/office365_ms_provided_domain.png
deleted file mode 100644
index 18479da421..0000000000
Binary files a/smb/images/office365_ms_provided_domain.png and /dev/null differ
diff --git a/smb/images/office365_plan_subscription_checkout.png b/smb/images/office365_plan_subscription_checkout.png
deleted file mode 100644
index 340336c39e..0000000000
Binary files a/smb/images/office365_plan_subscription_checkout.png and /dev/null differ
diff --git a/smb/images/office365_portal.png b/smb/images/office365_portal.png
deleted file mode 100644
index f3a23d4a65..0000000000
Binary files a/smb/images/office365_portal.png and /dev/null differ
diff --git a/smb/images/office365_signup_page.png b/smb/images/office365_signup_page.png
deleted file mode 100644
index ce2de7f034..0000000000
Binary files a/smb/images/office365_signup_page.png and /dev/null differ
diff --git a/smb/images/office365_trynow.png b/smb/images/office365_trynow.png
deleted file mode 100644
index 72aaeb923a..0000000000
Binary files a/smb/images/office365_trynow.png and /dev/null differ
diff --git a/smb/images/office365_tryorbuy_now.png b/smb/images/office365_tryorbuy_now.png
deleted file mode 100644
index 760e3a74cc..0000000000
Binary files a/smb/images/office365_tryorbuy_now.png and /dev/null differ
diff --git a/smb/images/office365_users.png b/smb/images/office365_users.png
deleted file mode 100644
index ec9231de1b..0000000000
Binary files a/smb/images/office365_users.png and /dev/null differ
diff --git a/smb/images/smb_portal_banner.png b/smb/images/smb_portal_banner.png
deleted file mode 100644
index e38560ab5a..0000000000
Binary files a/smb/images/smb_portal_banner.png and /dev/null differ
diff --git a/smb/images/win10_add_new_user_account_aadwork.PNG b/smb/images/win10_add_new_user_account_aadwork.PNG
deleted file mode 100644
index 378339b1e9..0000000000
Binary files a/smb/images/win10_add_new_user_account_aadwork.PNG and /dev/null differ
diff --git a/smb/images/win10_add_new_user_join_aad.PNG b/smb/images/win10_add_new_user_join_aad.PNG
deleted file mode 100644
index 7924250993..0000000000
Binary files a/smb/images/win10_add_new_user_join_aad.PNG and /dev/null differ
diff --git a/smb/images/win10_change_your_password.PNG b/smb/images/win10_change_your_password.PNG
deleted file mode 100644
index bf9f164290..0000000000
Binary files a/smb/images/win10_change_your_password.PNG and /dev/null differ
diff --git a/smb/images/win10_choosehowtoconnect.PNG b/smb/images/win10_choosehowtoconnect.PNG
deleted file mode 100644
index 0a561b1913..0000000000
Binary files a/smb/images/win10_choosehowtoconnect.PNG and /dev/null differ
diff --git a/smb/images/win10_confirm_device_connected_to_org.PNG b/smb/images/win10_confirm_device_connected_to_org.PNG
deleted file mode 100644
index a70849ebe8..0000000000
Binary files a/smb/images/win10_confirm_device_connected_to_org.PNG and /dev/null differ
diff --git a/smb/images/win10_confirm_organization_details.PNG b/smb/images/win10_confirm_organization_details.PNG
deleted file mode 100644
index 54605d39fe..0000000000
Binary files a/smb/images/win10_confirm_organization_details.PNG and /dev/null differ
diff --git a/smb/images/win10_deivce_enrolled_in_aad.PNG b/smb/images/win10_deivce_enrolled_in_aad.PNG
deleted file mode 100644
index a2c60c114e..0000000000
Binary files a/smb/images/win10_deivce_enrolled_in_aad.PNG and /dev/null differ
diff --git a/smb/images/win10_deploy_apps_immediately.PNG b/smb/images/win10_deploy_apps_immediately.PNG
deleted file mode 100644
index 1e63f77939..0000000000
Binary files a/smb/images/win10_deploy_apps_immediately.PNG and /dev/null differ
diff --git a/smb/images/win10_device_enrolled_in_aad.png b/smb/images/win10_device_enrolled_in_aad.png
deleted file mode 100644
index a2c60c114e..0000000000
Binary files a/smb/images/win10_device_enrolled_in_aad.png and /dev/null differ
diff --git a/smb/images/win10_device_setup_complete.PNG b/smb/images/win10_device_setup_complete.PNG
deleted file mode 100644
index 454e30a441..0000000000
Binary files a/smb/images/win10_device_setup_complete.PNG and /dev/null differ
diff --git a/smb/images/win10_hithere.PNG b/smb/images/win10_hithere.PNG
deleted file mode 100644
index b251b8eb7c..0000000000
Binary files a/smb/images/win10_hithere.PNG and /dev/null differ
diff --git a/smb/images/win10_settings_pcname.PNG b/smb/images/win10_settings_pcname.PNG
deleted file mode 100644
index ff815b0a8a..0000000000
Binary files a/smb/images/win10_settings_pcname.PNG and /dev/null differ
diff --git a/smb/images/win10_signin_admin_account.PNG b/smb/images/win10_signin_admin_account.PNG
deleted file mode 100644
index e6df613284..0000000000
Binary files a/smb/images/win10_signin_admin_account.PNG and /dev/null differ
diff --git a/smb/images/wsfb_account_details.PNG b/smb/images/wsfb_account_details.PNG
deleted file mode 100644
index 7a2594ec3f..0000000000
Binary files a/smb/images/wsfb_account_details.PNG and /dev/null differ
diff --git a/smb/images/wsfb_account_details_2.PNG b/smb/images/wsfb_account_details_2.PNG
deleted file mode 100644
index 7e38f20099..0000000000
Binary files a/smb/images/wsfb_account_details_2.PNG and /dev/null differ
diff --git a/smb/images/wsfb_account_signup_saveinfo.PNG b/smb/images/wsfb_account_signup_saveinfo.PNG
deleted file mode 100644
index f29280352b..0000000000
Binary files a/smb/images/wsfb_account_signup_saveinfo.PNG and /dev/null differ
diff --git a/smb/images/wsfb_manage_inventory_newapps.PNG b/smb/images/wsfb_manage_inventory_newapps.PNG
deleted file mode 100644
index 070728fcad..0000000000
Binary files a/smb/images/wsfb_manage_inventory_newapps.PNG and /dev/null differ
diff --git a/smb/images/wsfb_management_tools.PNG b/smb/images/wsfb_management_tools.PNG
deleted file mode 100644
index 82d11a9a25..0000000000
Binary files a/smb/images/wsfb_management_tools.PNG and /dev/null differ
diff --git a/smb/images/wsfb_management_tools_activate.png b/smb/images/wsfb_management_tools_activate.png
deleted file mode 100644
index bb2ffd99ad..0000000000
Binary files a/smb/images/wsfb_management_tools_activate.png and /dev/null differ
diff --git a/smb/images/wsfb_shop_microsoft_apps.PNG b/smb/images/wsfb_shop_microsoft_apps.PNG
deleted file mode 100644
index 562f3fd1e3..0000000000
Binary files a/smb/images/wsfb_shop_microsoft_apps.PNG and /dev/null differ
diff --git a/smb/images/wsfb_signup_for_account.PNG b/smb/images/wsfb_signup_for_account.PNG
deleted file mode 100644
index d641587c5e..0000000000
Binary files a/smb/images/wsfb_signup_for_account.PNG and /dev/null differ
diff --git a/smb/images/wsfb_store_portal.PNG b/smb/images/wsfb_store_portal.PNG
deleted file mode 100644
index 03a4ad928e..0000000000
Binary files a/smb/images/wsfb_store_portal.PNG and /dev/null differ
diff --git a/smb/includes/smb-content-updates.md b/smb/includes/smb-content-updates.md
index e8f13c7d35..4414b9e00b 100644
--- a/smb/includes/smb-content-updates.md
+++ b/smb/includes/smb-content-updates.md
@@ -2,9 +2,10 @@
-## Week of December 13, 2021
+## Week of July 18, 2022
| Published On |Topic title | Change |
|------|------------|--------|
-| 12/14/2021 | [Deploy and manage a full cloud IT solution for your business](/windows/smb/cloud-mode-business-setup) | modified |
+| 7/22/2022 | Deploy and manage a full cloud IT solution for your business | removed |
+| 7/22/2022 | Windows 10/11 for small to midsize businesses | removed |
diff --git a/smb/index.md b/smb/index.md
deleted file mode 100644
index fb9fbc6fc9..0000000000
--- a/smb/index.md
+++ /dev/null
@@ -1,53 +0,0 @@
----
-title: Windows 10/11 for small to midsize businesses
-description: Microsoft products and devices to transform and grow your businessLearn how to use Windows 10 for your small to midsize business.
-keywords: Windows 10, Windows 11, SMB, small business, midsize business, business
-ms.prod: w10
-ms.technology:
-ms.topic: article
-ms.author: dansimp
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: smb
-author: dansimp
-ms.localizationpriority: medium
-manager: dansimp
-audience: itpro
----
-
-# Windows 10/11 for Small and Medium Business (SMB)
-
-
-
-##  Learn
-
-**[Windows for business](https://www.microsoft.com/windows/business)**
-
-Learn how Windows can help your business be more productive, collaborate better, and be more secure.
-
-**[Bing Pages](https://www.microsoft.com/bing/bing-pages-overview)**
-
-Use Bing to grow your business and enhance your brand online.
-
-**[Customer stories](https://customers.microsoft.com/)**
-
-Read about the latest stories and technology insights.
-
-**[SMB Blog](https://techcommunity.microsoft.com/t5/small-and-medium-business-blog/bg-p/Microsoft365BusinessBlog)**
-
-Read about business strategies and collaborations with SMBs.
-
-**[Business Solutions and Technology](https://www.microsoft.com/store/b/business)**
-
-Learn more about Microsoft products, or when you're ready to buy products and services to help transform your business.
-
-##  Deploy
-
-**[Get started: Deploy and manage a full cloud IT solution for your business](cloud-mode-business-setup.md)**
-
-Using Microsoft cloud services and tools, it can be easy to deploy and manage a full cloud IT solution for your small to midsize business.
-
-## Related articles
-
-- [Windows for business](https://www.microsoft.com/windows/business)
-- [Microsoft 365 for business](https://www.microsoft.com/microsoft-365/business)
diff --git a/store-for-business/acquire-apps-microsoft-store-for-business.md b/store-for-business/acquire-apps-microsoft-store-for-business.md
index 882b7e57ba..9922255c06 100644
--- a/store-for-business/acquire-apps-microsoft-store-for-business.md
+++ b/store-for-business/acquire-apps-microsoft-store-for-business.md
@@ -17,7 +17,7 @@ ms.date: 07/21/2021
# Acquire apps in Microsoft Store for Business and Education
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
> [!IMPORTANT]
> Starting on April 14th, 2021, only free apps will be available in Microsoft Store for Business and Education. For more information, see [Microsoft Store for Business and Education](index.md).
@@ -38,7 +38,7 @@ Some apps are free, and some have a price. Apps can be purchased in the Microsof
- Japan Commercial Bureau (JCB)
## Organization info
-There are a couple of things we need to know when you pay for apps. You can add this info to the **Account information** or **Payments & billing** page before you buy apps. If you haven’t provided it, we’ll ask when you make a purchase. Either way works. Here’s the info you’ll need to provide:
+There are a couple of things we need to know when you pay for apps. You can add this info to the **Account information** or **Payments & billing** page before you buy apps. If you haven't provided it, we'll ask when you make a purchase. Either way works. Here's the info you'll need to provide:
- Legal business address
- Payment option (credit card)
@@ -73,10 +73,10 @@ People in your org can request license for apps that they need, or that others n
3. Select the app you want to purchase.
4. On the product description page, choose your license type - either online or offline.
5. Free apps will be added to **Products & services**. For apps with a price, you can set the quantity you want to buy. Type the quantity and select **Next**.
-6. If you don’t have a payment method saved in **Billing & payments**, we will prompt you for one.
+6. If you don't have a payment method saved in **Billing & payments**, we will prompt you for one.
7. Add your credit card or debit card info, and select **Next**. Your card info is saved as a payment option on **Billing & payments - Payment methods**.
-You’ll also need to have your business address saved on **My organization - Profile**. The address is used to generate tax rates. For more information on taxes for apps, see [organization tax information](./update-microsoft-store-for-business-account-settings.md#organization-tax-information).
+You'll also need to have your business address saved on **My organization - Profile**. The address is used to generate tax rates. For more information on taxes for apps, see [organization tax information](./update-microsoft-store-for-business-account-settings.md#organization-tax-information).
Microsoft Store adds the app to your inventory. From **Products & services**, you can:
- Distribute the app: add to private store, or assign licenses
diff --git a/store-for-business/add-profile-to-devices.md b/store-for-business/add-profile-to-devices.md
index 2ee659bb6b..01fcc41871 100644
--- a/store-for-business/add-profile-to-devices.md
+++ b/store-for-business/add-profile-to-devices.md
@@ -20,7 +20,7 @@ ms.localizationpriority: medium
- Windows 10
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
Windows Autopilot simplifies device set up for IT Admins. For an overview of benefits, scenarios, and prerequisites, see [Overview of Windows Autopilot](/windows/deployment/windows-autopilot/windows-10-autopilot).
@@ -136,11 +136,11 @@ Here's info on some of the errors you might see while working with Autopilot dep
| ---------- | ------------------- |
| wadp001 | Check your file, or ask your device partner for a complete .csv file. This file is missing Serial Number and Product Id info. |
| wadp002 | Check your file, or ask your device partner for updated hardware hash info in the .csv file. Hardware hash info is invalid in the current .csv file. |
-| wadp003 | Looks like you need more than one .csv file for your devices. The maximum allowed is 1,000 items. You’re over the limit! Divide this device data into multiple .csv files. |
+| wadp003 | Looks like you need more than one .csv file for your devices. The maximum allowed is 1,000 items. You're over the limit! Divide this device data into multiple .csv files. |
| wadp004 | Try that again. Something happened on our end. Waiting a bit might help. |
| wadp005 | Check your .csv file with your device provider. One of the devices on your list has been claimed by another organization. |
| wadp006 | Try that again. Something happened on our end. Waiting a bit might help. |
| wadp007 | Check the info for this device in your .csv file. The device is already registered in your organization. |
| wadp008 | The device does not meet Autopilot Deployment requirements. |
-| wadp009 | Check with your device provider for an update .csv file. The current file doesn’t work |
+| wadp009 | Check with your device provider for an update .csv file. The current file doesn't work |
| wadp010 | Try that again. Something happened on our end. Waiting a bit might help. |
\ No newline at end of file
diff --git a/store-for-business/add-unsigned-app-to-code-integrity-policy.md b/store-for-business/add-unsigned-app-to-code-integrity-policy.md
index d96d350d9d..58ca7bff3e 100644
--- a/store-for-business/add-unsigned-app-to-code-integrity-policy.md
+++ b/store-for-business/add-unsigned-app-to-code-integrity-policy.md
@@ -18,72 +18,70 @@ ms.date: 07/21/2021
# Add unsigned app to code integrity policy
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
> [!IMPORTANT]
> We are introducing a new version of the Device Guard Signing Service (DGSS) to be more automation friendly. The new version of the service (DGSS v2) is now available. As announced earlier, you will have until June 9, 2021 to transition to DGSS v2. On June 9, 2021, the existing web-based mechanisms for the current version of the DGSS service will be retired and will no longer be available for use. Please make plans to migrate to the new version of the service by June 9, 2021.
>
-> Following are the major changes we are making to the service:
+> Following are the major changes we are making to the service:
+>
> - The method for consuming the service will change to a more automation-friendly method based on PowerShell cmdlets. These cmdlets are available as a NuGet download at [https://www.nuget.org/packages/Microsoft.Acs.Dgss.Client/](https://www.nuget.org/packages/Microsoft.Acs.Dgss.Client/).
-> - In order to achieve desired isolation, you will be required to get a new CI policy from DGSS v2 (and optionally sign it).
-> - DGSS v2 will not have support for downloading leaf certificates used to sign your files (however, the root certificate will still be available to download). Note that the certificate used to sign a file can be easily extracted from the signed file itself. As a result, after DGSS v1 is retired, you will no longer be able to download the leaf certificates used to sign your files.
+> - In order to achieve desired isolation, you will be required to get a new CI policy from DGSS v2 (and optionally sign it).
+> - DGSS v2 will not have support for downloading leaf certificates used to sign your files (however, the root certificate will still be available to download). Note that the certificate used to sign a file can be easily extracted from the signed file itself. As a result, after DGSS v1 is retired, you will no longer be able to download the leaf certificates used to sign your files.
>
> The following functionality will be available via these PowerShell cmdlets:
+>
> - Get a CI policy
> - Sign a CI policy
-> - Sign a catalog
+> - Sign a catalog
> - Download root cert
-> - Download history of your signing operations
+> - Download history of your signing operations
>
-> For any questions, please contact us at DGSSMigration@microsoft.com.
-
+> For any questions, please contact us at DGSSMigration@microsoft.com.
**Applies to**
-- Windows 10
+- Windows 10
When you want to add an unsigned app to a code integrity policy, you need to start with a code integrity policy created from a reference device. Then, create the catalog files for your unsigned app, sign the catalog files, and then merge the default policy that includes your signing certificate with existing code integrity policies.
-## In this section
-- [Create a code integrity policy based on a reference device](#create-ci-policy)
-- [Create catalog files for your unsigned app](#create-catalog-files)
-- [Catalog signing with Device Guard signing portal](#catalog-signing-device-guard-portal)
+## Create a code integrity policy based on a reference device
-## Create a code integrity policy based on a reference device
To add an unsigned app to a code integrity policy, your code integrity policy must be created from golden image machine. For more information, see [Create a Device Guard code integrity policy based on a reference device](/windows/device-security/device-guard/device-guard-deployment-guide).
-## Create catalog files for your unsigned app
+## Create catalog files for your unsigned app
+
Creating catalog files starts the process for adding an unsigned app to a code integrity policy.
Before you get started, be sure to review these best practices and requirements:
-**Requirements**
+### Requirements
- You'll use Package Inspector during this process.
- Only perform this process with a code integrity policy running in audit mode. You should not perform this process on a system running an enforced Device Guard policy.
-**Best practices**
+### Best practices
- **Naming convention** -- Using a naming convention makes it easier to find deployed catalog files. We'll use \*-Contoso.cat as the naming convention in this topic. For more information, see the section Inventorying catalog files by using Microsoft Endpoint Manager in the [Device Guard deployment guide](/windows/device-security/device-guard/device-guard-deployment-guide).
-- **Where to deploy code integrity policy** -- The [code integrity policy that you created](#create-ci-policy) should be deployed to the system on which you are running Package Inspector. This will ensure that the code integrity policy binaries are trusted.
+- **Where to deploy code integrity policy** -- The [code integrity policy that you created](#create-a-code-integrity-policy-based-on-a-reference-device) should be deployed to the system on which you are running Package Inspector. This will ensure that the code integrity policy binaries are trusted.
Copy the commands for each step into an elevated Windows PowerShell session. You'll use Package Inspector to find and trust all binaries in the app.
-**To create catalog files for your unsigned app**
+### To create catalog files for your unsigned app
-1. Start Package Inspector to scan the C drive.
+1. Start Package Inspector to scan the C drive.
`PackageInspector.exe Start C:`
-2. Copy the installation media to the C drive.
+2. Copy the installation media to the C drive.
Copying the installation media to the C drive ensures that Package Inspector finds and catalogs the installer. If you skip this step, the code integrity policy may trust the application to run, but not trust it to be installed.
-3. Install and start the app.
+3. Install and start the app.
All binaries that are used while Package Inspector is running will be part of the catalog files. After the installation, start the app and make sure that any product updates are installed and any downloadable content was found during the scan. Then, close and restart the app to make sure that the scan found all binaries.
-4. Stop the scan and create definition and catalog files.
+4. Stop the scan and create definition and catalog files.
After app install is complete, stop the Package Inspector scan and create catalog and definition files on your desktop.
@@ -99,17 +97,17 @@ The Package Inspector scan catalogs the hash values for each binary file that is
After you're done, the files are saved to your desktop. You still need to sign the catalog file so that it will be trusted within the code integrity policy.
-## Catalog signing with Device Guard signing portal
+## Catalog signing with Device Guard signing portal
To sign catalog files with the Device Guard signing portal, you need to be signed up with the Microsoft Store for Business.
Catalog signing is a vital step to adding your unsigned apps to your code integrity policy.
-**To sign a catalog file with Device Guard signing portal**
+### To sign a catalog file with Device Guard signing portal
1. Sign in to the [Microsoft Store for Business](https://businessstore.microsoft.com) or [Store for Education](https://educationstore.microsoft.com).
2. Click **Settings**, click **Store settings**, and then click **Device Guard**.
-3. Click **Upload** to upload your unsigned catalog files. These are the catalog files you created earlier in [Create catalog files for your unsigned app](#create-catalog-files).
+3. Click **Upload** to upload your unsigned catalog files. These are the catalog files you created earlier in [Create catalog files for your unsigned app](#create-catalog-files-for-your-unsigned-app).
4. After the files are uploaded, click **Sign** to sign the catalog files.
5. Click Download to download each item:
- signed catalog file
diff --git a/store-for-business/app-inventory-management-microsoft-store-for-business.md b/store-for-business/app-inventory-management-microsoft-store-for-business.md
index 3eb99b3802..c3dd51ee67 100644
--- a/store-for-business/app-inventory-management-microsoft-store-for-business.md
+++ b/store-for-business/app-inventory-management-microsoft-store-for-business.md
@@ -21,7 +21,7 @@ ms.date: 07/21/2021
- Windows 10
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
You can manage all apps that you've acquired on your **Apps & software** page. This page shows all of the content you've acquired, including apps that from Microsoft Store, and line-of-business (LOB) apps that you've accepted into your inventory. After LOB apps are submitted to your organization, you'll see a notification on your **Apps & software** page. On the **New LOB apps** tab, you can accept, or reject the LOB apps. For more information on LOB apps, see [Working with line-of-business apps](working-with-line-of-business-apps.md). The inventory page includes apps acquired by all people in your organization with the Store for Business Admin role.
diff --git a/store-for-business/apps-in-microsoft-store-for-business.md b/store-for-business/apps-in-microsoft-store-for-business.md
index 4e4499a673..c721a02787 100644
--- a/store-for-business/apps-in-microsoft-store-for-business.md
+++ b/store-for-business/apps-in-microsoft-store-for-business.md
@@ -23,7 +23,7 @@ ms.date: 07/21/2021
- Windows 10
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
Microsoft Store for Business and Education has thousands of apps from many different categories.
@@ -55,14 +55,14 @@ Line-of-business (LOB) apps are also supported using Microsoft Store. Admins can
Some apps offer you the option to make in-app purchases. In-app purchases are not currently supported for apps that are acquired through Microsoft Store and distributed to employees.
-If an employee makes an in-app purchase, they'll make it with their personal Microsoft account and pay for it with a personal payment method. The employee will own the item purchased, and it cannot be transferred to your organization’s inventory.
+If an employee makes an in-app purchase, they'll make it with their personal Microsoft account and pay for it with a personal payment method. The employee will own the item purchased, and it cannot be transferred to your organization's inventory.
## Licensing model: online and offline licenses
Microsoft Store supports two options to license apps: online and offline.
### Online licensing
-Online licensing is the default licensing model and is similar to the model used by Microsoft Store. Online licensed apps require customers and devices to connect to Microsoft Store service to acquire an app and its license. License management is enforced based on the user’s Azure AD identity and maintained by Microsoft Store as well as the management tool. By default app updates are handled by Windows Update.
+Online licensing is the default licensing model and is similar to the model used by Microsoft Store. Online licensed apps require customers and devices to connect to Microsoft Store service to acquire an app and its license. License management is enforced based on the user's Azure AD identity and maintained by Microsoft Store as well as the management tool. By default app updates are handled by Windows Update.
Distribution options for online-licensed apps include the ability to:
diff --git a/store-for-business/assign-apps-to-employees.md b/store-for-business/assign-apps-to-employees.md
index a718684e7e..b17921f3b5 100644
--- a/store-for-business/assign-apps-to-employees.md
+++ b/store-for-business/assign-apps-to-employees.md
@@ -23,7 +23,7 @@ ms.date: 07/21/2021
- Windows 10
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
Admins, Purchasers, and Basic Purchasers can assign online-licensed apps to employees or students in their organization.
diff --git a/store-for-business/billing-payments-overview.md b/store-for-business/billing-payments-overview.md
index add114e633..64489e2d0d 100644
--- a/store-for-business/billing-payments-overview.md
+++ b/store-for-business/billing-payments-overview.md
@@ -18,7 +18,7 @@ manager: dansimp
# Billing and payments
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
Access invoices and managed your payment methods.
diff --git a/store-for-business/billing-profile.md b/store-for-business/billing-profile.md
index 284e5f8a87..866fc5fa17 100644
--- a/store-for-business/billing-profile.md
+++ b/store-for-business/billing-profile.md
@@ -18,7 +18,7 @@ manager: dansimp
# Understand billing profiles
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
For commercial customers purchasing software or hardware products from Microsoft using a Microsoft customer agreement, billing profiles let you customize what products are included on your invoice, and how you pay your invoices.
diff --git a/store-for-business/billing-understand-your-invoice-msfb.md b/store-for-business/billing-understand-your-invoice-msfb.md
index 725ba3bd9f..70f8c3d15d 100644
--- a/store-for-business/billing-understand-your-invoice-msfb.md
+++ b/store-for-business/billing-understand-your-invoice-msfb.md
@@ -17,15 +17,15 @@ manager: dansimp
# Understand your Microsoft Customer Agreement invoice
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
-The invoice provides a summary of your charges and provides instructions for payment. It’s available for
+The invoice provides a summary of your charges and provides instructions for payment. It's available for
download in the Portable Document Format (.pdf) for commercial customers from Microsoft Store for Business [Microsoft Store for Business - Invoice](https://businessstore.microsoft.com/manage/payments-billing/invoices) or can be sent via email. This article applies to invoices generated for a Microsoft Customer Agreement billing account. Check if you have a [Microsoft Customer Agreement](https://businessstore.microsoft.com/manage/organization/agreements).
## General invoice information
Invoices are your bill from Microsoft. A few things to note:
-- **Invoice schedule** - You’re invoiced on a monthly basis. You can find out which day of the month you receive invoices by checking invoice date under billing profile overview in [Microsoft Store for Business](https://businessstore.microsoft.com/manage/payments-billing/billing-profiles). Charges that occur between the end of the billing period and the invoice date are included in the next month's invoice, since they are in the next billing period. The billing period start and end dates for each invoice are listed in the invoice PDF above **Billing Summary**.
+- **Invoice schedule** - You're invoiced on a monthly basis. You can find out which day of the month you receive invoices by checking invoice date under billing profile overview in [Microsoft Store for Business](https://businessstore.microsoft.com/manage/payments-billing/billing-profiles). Charges that occur between the end of the billing period and the invoice date are included in the next month's invoice, since they are in the next billing period. The billing period start and end dates for each invoice are listed in the invoice PDF above **Billing Summary**.
- **Billing profile** - Billing profiles are created during your purchase. Invoices are created for each billing profile. Billing profiles let you customize what products are purchased, how you pay for them, and who can make purchases. For more information, see [Understand billing profiles](billing-profile.md)
- **Items included** - Your invoice includes total charges for all first and third-party software and hardware products purchased under a Microsoft Customer Agreement. That includes items purchased from Microsoft Store for Business and Azure Marketplace.
- **Charges** - Your invoice provides information about products purchased and their related charges and taxes. Purchases are aggregated to provide a concise view of your bill.
diff --git a/store-for-business/configure-mdm-provider-microsoft-store-for-business.md b/store-for-business/configure-mdm-provider-microsoft-store-for-business.md
index 0249a8b606..151722f51a 100644
--- a/store-for-business/configure-mdm-provider-microsoft-store-for-business.md
+++ b/store-for-business/configure-mdm-provider-microsoft-store-for-business.md
@@ -22,7 +22,7 @@ ms.date: 07/21/2021
- Windows 10
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
For companies or organizations using mobile device management (MDM) tools, those tools can synchronize with Microsoft Store for Business inventory to manage apps with offline licenses. Store for Business management tool services work with your third-party management tool to manage content.
diff --git a/store-for-business/device-guard-signing-portal.md b/store-for-business/device-guard-signing-portal.md
index dbccbf3bae..4c49b31308 100644
--- a/store-for-business/device-guard-signing-portal.md
+++ b/store-for-business/device-guard-signing-portal.md
@@ -22,7 +22,7 @@ ms.date: 07/21/2021
- Windows 10
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
> [!IMPORTANT]
> We are introducing a new version of the Device Guard Signing Service (DGSS) to be more automation friendly. The new version of the service (DGSS v2) is now available. As announced earlier, you will have until June 9, 2021 to transition to DGSS v2. On June 9, 2021, the existing web-based mechanisms for the current version of the DGSS service will be retired and will no longer be available for use. Please make plans to migrate to the new version of the service by June 9, 2021.
@@ -30,7 +30,7 @@ ms.date: 07/21/2021
> Following are the major changes we are making to the service:
> - The method for consuming the service will change to a more automation-friendly method based on PowerShell cmdlets. These cmdlets are available as a NuGet download, https://www.nuget.org/packages/Microsoft.Acs.Dgss.Client/.
> - In order to achieve desired isolation, you will be required to get a new CI policy from DGSS v2 (and optionally sign it).
-> - DGSS v2 will not have support for downloading leaf certificates used to sign your files (however, the root certificate will still be available to download). Note that the certificate used to sign a file can be easily extracted from the signed file itself. As a result, after DGSS v1 is retired, you will no longer be able to download the leaf certificates used to sign your files.
+> - DGSS v2 will not have support for downloading leaf certificates used to sign your files (however, the root certificate will still be available to download). Note that the certificate used to sign a file can be easily extracted from the signed file itself. As a result, after DGSS v1 is retired, you will no longer be able to download the leaf certificates used to sign your files.
>
> The following functionality will be available via these PowerShell cmdlets:
> - Get a CI policy
diff --git a/store-for-business/distribute-apps-from-your-private-store.md b/store-for-business/distribute-apps-from-your-private-store.md
index c0ccce55a6..343c57ed38 100644
--- a/store-for-business/distribute-apps-from-your-private-store.md
+++ b/store-for-business/distribute-apps-from-your-private-store.md
@@ -22,7 +22,7 @@ ms.date: 07/21/2021
- Windows 10
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
The private store is a feature in Microsoft Store for Business and Education that organizations receive during the signup process. When admins add apps to the private store, all employees in the organization can view and download the apps. Your private store is available as a tab in Microsoft Store app, and is usually named for your company or organization. Only apps with online licenses can be added to the private store.
diff --git a/store-for-business/distribute-apps-to-your-employees-microsoft-store-for-business.md b/store-for-business/distribute-apps-to-your-employees-microsoft-store-for-business.md
index 723648db24..de94448f75 100644
--- a/store-for-business/distribute-apps-to-your-employees-microsoft-store-for-business.md
+++ b/store-for-business/distribute-apps-to-your-employees-microsoft-store-for-business.md
@@ -23,7 +23,7 @@ ms.date: 07/21/2021
- Windows 10
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
Distribute apps to your employees from Microsoft Store for Business and Microsoft Store for Education. You can assign apps to employees, or let employees install them from your private store.
diff --git a/store-for-business/distribute-apps-with-management-tool.md b/store-for-business/distribute-apps-with-management-tool.md
index 38c26e9d99..0e41f26d57 100644
--- a/store-for-business/distribute-apps-with-management-tool.md
+++ b/store-for-business/distribute-apps-with-management-tool.md
@@ -23,7 +23,7 @@ ms.date: 07/21/2021
- Windows 10
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
You can configure a mobile device management (MDM) tool to synchronize your Microsoft Store for Business or Microsoft Store for Education inventory. Microsoft Store management tool services work with MDM tools to manage content.
@@ -46,7 +46,7 @@ MDM tool requirements:
## Distribute offline-licensed apps
-If your vendor doesn’t support the ability to synchronize applications from the management tool services, or can't connect to the management tool services, your vendor may support the ability to deploy offline licensed applications by downloading the application and license from the store and then deploying the app through your MDM. For more information on online and offline licensing with Store for Business, see [Apps in the Microsoft Store for Business](./apps-in-microsoft-store-for-business.md#licensing-model).
+If your vendor doesn't support the ability to synchronize applications from the management tool services, or can't connect to the management tool services, your vendor may support the ability to deploy offline licensed applications by downloading the application and license from the store and then deploying the app through your MDM. For more information on online and offline licensing with Store for Business, see [Apps in the Microsoft Store for Business](./apps-in-microsoft-store-for-business.md#licensing-model).
This diagram shows how you can use a management tool to distribute offline-licensed app to employees in your organization. Once synchronized from Store for Business, management tools can use the Windows Management framework to distribute applications to devices.
diff --git a/store-for-business/distribute-offline-apps.md b/store-for-business/distribute-offline-apps.md
index 5ee0219d23..e431ad264f 100644
--- a/store-for-business/distribute-offline-apps.md
+++ b/store-for-business/distribute-offline-apps.md
@@ -23,8 +23,8 @@ ms.date: 07/21/2021
- Windows 10
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
-
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
+>
Offline licensing is a new licensing option for Windows 10 with Microsoft Store for Business and Microsoft Store for Education. With offline licenses, organizations can download apps and their licenses to deploy within their network, or on devices that are not connected to the Internet. ISVs or devs can opt-in their apps for offline licensing when they submit them to the Windows Dev Center. Only apps that are opted in to offline licensing will show that they are available for offline licensing in Microsoft Store for Business and Microsoft Store for Education. This model allows organizations to deploy apps when users or devices do not have connectivity to the Store.
## Why offline-licensed apps?
diff --git a/store-for-business/docfx.json b/store-for-business/docfx.json
index bf0a63a161..953ad15d25 100644
--- a/store-for-business/docfx.json
+++ b/store-for-business/docfx.json
@@ -57,6 +57,9 @@
"Kellylorenebaker",
"jborsecnik",
"tiburd",
+ "AngelaMotherofDragons",
+ "dstrome",
+ "v-dihans",
"garycentric"
]
},
diff --git a/store-for-business/find-and-acquire-apps-overview.md b/store-for-business/find-and-acquire-apps-overview.md
index 9a624bd3c0..1ae93064e6 100644
--- a/store-for-business/find-and-acquire-apps-overview.md
+++ b/store-for-business/find-and-acquire-apps-overview.md
@@ -23,7 +23,7 @@ ms.date: 07/21/2021
- Windows 10
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
Use the Microsoft Store for Business and Education to find apps for your organization. You can also work with developers to create line-of-business apps that are only available to your organization.
diff --git a/store-for-business/index.md b/store-for-business/index.md
index 83186f8f8b..03852f5eee 100644
--- a/store-for-business/index.md
+++ b/store-for-business/index.md
@@ -21,12 +21,12 @@ ms.date: 07/21/2021
- Windows 10
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
Welcome to the Microsoft Store for Business and Education! You can use Microsoft Store to find, acquire, distribute, and manage apps for your organization or school.
> [!IMPORTANT]
-> Starting April 14, 2021, all apps that charge a base price above free will no longer be available to buy in the Microsoft Store for Business and Education. If you’ve already bought a paid app, you can still use it, but no new purchases will be possible from businessstore.microsoft.com or educationstore.microsoft.com. Also, you won’t be able to buy additional licenses for apps you already bought. You can still assign and reassign licenses for apps that you already own and use the private store. Apps with a base price of “free” will still be available. This change doesn’t impact apps in the Microsoft Store on Windows 10.
+> Starting April 14, 2021, all apps that charge a base price above free will no longer be available to buy in the Microsoft Store for Business and Education. If you've already bought a paid app, you can still use it, but no new purchases will be possible from businessstore.microsoft.com or educationstore.microsoft.com. Also, you won't be able to buy additional licenses for apps you already bought. You can still assign and reassign licenses for apps that you already own and use the private store. Apps with a base price of "free" will still be available. This change doesn't impact apps in the Microsoft Store on Windows 10.
>
> Also starting April 14, 2021, you must sign in with your Azure Active Directory (Azure AD) account before you browse Microsoft Store for Business and Education.
diff --git a/store-for-business/manage-access-to-private-store.md b/store-for-business/manage-access-to-private-store.md
index 35b33daedd..9983264ab6 100644
--- a/store-for-business/manage-access-to-private-store.md
+++ b/store-for-business/manage-access-to-private-store.md
@@ -22,7 +22,7 @@ ms.date: 07/21/2021
- Windows 10
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
You can manage access to your private store in Microsoft Store for Business and Microsoft Store for Education.
diff --git a/store-for-business/manage-apps-microsoft-store-for-business-overview.md b/store-for-business/manage-apps-microsoft-store-for-business-overview.md
index bc995342eb..04e2434086 100644
--- a/store-for-business/manage-apps-microsoft-store-for-business-overview.md
+++ b/store-for-business/manage-apps-microsoft-store-for-business-overview.md
@@ -22,7 +22,7 @@ ms.date: 07/21/2021
- Windows 10
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
Manage products and services in Microsoft Store for Business and Microsoft Store for Education. This includes apps, software, products, devices, and services available under **Products & services**.
diff --git a/store-for-business/manage-orders-microsoft-store-for-business.md b/store-for-business/manage-orders-microsoft-store-for-business.md
index 14825fb5b5..4988dab4d4 100644
--- a/store-for-business/manage-orders-microsoft-store-for-business.md
+++ b/store-for-business/manage-orders-microsoft-store-for-business.md
@@ -17,7 +17,7 @@ manager: dansimp
# Manage app orders in Microsoft Store for Business and Education
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
After you've acquired apps, you can review order information and invoices on **Order history**. On this page, you can view invoices, and request refunds.
diff --git a/store-for-business/manage-private-store-settings.md b/store-for-business/manage-private-store-settings.md
index 5ec635a24d..87d79fbe9d 100644
--- a/store-for-business/manage-private-store-settings.md
+++ b/store-for-business/manage-private-store-settings.md
@@ -22,7 +22,7 @@ ms.localizationpriority: medium
- Windows 10
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
The private store is a feature in Microsoft Store for Business and Education that organizations receive during the sign up process. When admins add apps to the private store, all people in the organization can view and download the apps. Only online-licensed apps can be distributed from your private store.
@@ -50,10 +50,11 @@ You can create collections of apps within your private store. Collections allow
You can add a collection to your private store from the private store, or from the details page for an app.
**From private store**
+
1. Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com).
2. Click your private store.
- 
+ 
3. Click **Add a Collection**.
@@ -65,6 +66,7 @@ You can add a collection to your private store from the private store, or from t
> New collections require at least one app, or they will not be created.
**From app details page**
+
1. Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com).
2. Click **Manage**, and then click **Products & services**.
3. Under **Apps & software**, choose an app you want to include in a new collection.
@@ -84,12 +86,13 @@ If you've already added a Collection to your private store, you can easily add a
1. Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com).
2. Click your private store.
- 
+ 
3. Click the ellipses next to the collection name, and click **Edit collection**.
4. Add or remove products from the collection, and then click **Done**.
You can also add an app to a collection from the app details page.
+
1. Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com).
2. Click **Manage**, and then click **Products & services**.
3. Under **Apps & software**, choose an app you want to include in a new collection.
diff --git a/store-for-business/manage-settings-microsoft-store-for-business.md b/store-for-business/manage-settings-microsoft-store-for-business.md
index f271481d73..12534f788b 100644
--- a/store-for-business/manage-settings-microsoft-store-for-business.md
+++ b/store-for-business/manage-settings-microsoft-store-for-business.md
@@ -22,7 +22,7 @@ ms.date: 07/21/2021
- Windows 10
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
You can add users and groups, as well as update some of the settings associated with the Azure Active Directory (AD) tenant.
diff --git a/store-for-business/manage-users-and-groups-microsoft-store-for-business.md b/store-for-business/manage-users-and-groups-microsoft-store-for-business.md
index 5253b14c06..a57e52bfd5 100644
--- a/store-for-business/manage-users-and-groups-microsoft-store-for-business.md
+++ b/store-for-business/manage-users-and-groups-microsoft-store-for-business.md
@@ -23,7 +23,7 @@ ms.date: 07/21/2021
- Windows 10
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
Microsoft Store for Business and Education manages permissions with a set of roles. Currently, you can [assign these roles to individuals in your organization](roles-and-permissions-microsoft-store-for-business.md), but not to groups.
diff --git a/store-for-business/microsoft-store-for-business-education-powershell-module.md b/store-for-business/microsoft-store-for-business-education-powershell-module.md
index fd4d4e8c20..f599c5cc61 100644
--- a/store-for-business/microsoft-store-for-business-education-powershell-module.md
+++ b/store-for-business/microsoft-store-for-business-education-powershell-module.md
@@ -20,7 +20,7 @@ manager: dansimp
- Windows 10
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
Microsoft Store for Business and Education PowerShell module (preview) is now available on [PowerShell Gallery](https://go.microsoft.com/fwlink/?linkid=853459).
@@ -129,7 +129,7 @@ Remove-MSStoreSeatAssignment -ProductId 9NBLGGH4R2R6 -SkuId 0016 -Username 'user
```
## Assign or reclaim a product with a .csv file
-You can also use the PowerShell module to perform bulk operations on items in **Product and Services**. You'll need a .CSV file with at least one column for “Principal Names” (for example, user@host.com). You can create such a CSV using the AzureAD PowerShell Module.
+You can also use the PowerShell module to perform bulk operations on items in **Product and Services**. You'll need a .CSV file with at least one column for "Principal Names" (for example, user@host.com). You can create such a CSV using the AzureAD PowerShell Module.
**To assign or reclaim seats in bulk:**
diff --git a/store-for-business/microsoft-store-for-business-overview.md b/store-for-business/microsoft-store-for-business-overview.md
index a3cab33039..06da85f98c 100644
--- a/store-for-business/microsoft-store-for-business-overview.md
+++ b/store-for-business/microsoft-store-for-business-overview.md
@@ -19,10 +19,10 @@ ms.date: 07/21/2021
**Applies to**
-- Windows 10
+- Windows 10
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
> [!IMPORTANT]
> Starting on April 14th, 2021, only free apps will be available in Microsoft Store for Business and Education. For more information, see [Microsoft Store for Business and Education](index.md).
@@ -42,7 +42,7 @@ Organizations or schools of any size can benefit from using Microsoft Store for
- **Microsoft Store for Education** – Apps acquired from Microsoft Store for Education
- **Office 365** – Subscriptions
- **Volume licensing** - Apps purchased with volume licensing
-- **Private store** - Create a private store for your business that’s easily available from any Windows 10 device. Your private store is available from Microsoft Store on Windows 10, or with a browser on the Web. People in your organization can download apps from your organization's private store on Windows 10 devices.
+- **Private store** - Create a private store for your business that's easily available from any Windows 10 device. Your private store is available from Microsoft Store on Windows 10, or with a browser on the Web. People in your organization can download apps from your organization's private store on Windows 10 devices.
- **Flexible distribution options** - Flexible options for distributing content and apps to your employee devices:
- Distribute through Microsoft Store services. You can assign apps to individual employees, or make apps available to all employees in your private store.
- Use a management tool from Microsoft, or a 3rd-party tool for advanced distribution and management functions, or for managing images.
@@ -68,7 +68,7 @@ Microsoft Azure Active Directory (AD) accounts for your employees:
- Employees need Azure AD account when they access Store for Business content from Windows devices.
- If you use a management tool to distribute and manage online-licensed apps, all employees will need an Azure AD account
- For offline-licensed apps, Azure AD accounts are not required for employees.
-- Admins can add or remove user accounts in the Microsoft 365 admin center, even if you don’t have an Office 365 subscription. You can access the Office 365 admin portal directly from the Store for Business and Education.
+- Admins can add or remove user accounts in the Microsoft 365 admin center, even if you don't have an Office 365 subscription. You can access the Office 365 admin portal directly from the Store for Business and Education.
For more information on Azure AD, see [About Office 365 and Azure Active Directory](/previous-versions//dn509517(v=technet.10)), and [Intro to Azure: identity and access](https://go.microsoft.com/fwlink/p/?LinkId=708611).
@@ -83,7 +83,7 @@ While not required, you can use a management tool to distribute and manage apps.
## Sign up!
-The first step for getting your organization started with Store for Business and Education is signing up. Sign up using an existing account (the same one you use for Office 365, Dynamics 365, Intune, Azure, etc.) or we’ll quickly create an account for you. You must be a Global Administrator for your organization.
+The first step for getting your organization started with Store for Business and Education is signing up. Sign up using an existing account (the same one you use for Office 365, Dynamics 365, Intune, Azure, etc.) or we'll quickly create an account for you. You must be a Global Administrator for your organization.
## Set up
@@ -101,7 +101,7 @@ After your admin signs up for the Store for Business and Education, they can ass
In some cases, admins will need to add Azure Active Directory (AD) accounts for their employees. For more information, see [Manage user accounts and groups](manage-users-and-groups-microsoft-store-for-business.md).
-Also, if your organization plans to use a management tool, you’ll need to configure your management tool to sync with Store for Business and Education.
+Also, if your organization plans to use a management tool, you'll need to configure your management tool to sync with Store for Business and Education.
## Get apps and content
@@ -128,7 +128,7 @@ App distribution is handled through two channels, either through the Microsoft S
**Distribute with Store for Business and Education**:
- Email link – After purchasing an app, Admins can send employees a link in an email message. Employees can click the link to install the app.
-- Curate private store for all employees – A private store can include content you’ve purchased from Microsoft Store for Business, and your line-of-business apps that you’ve submitted to Microsoft Store for Business. Apps in your private store are available to all of your employees. They can browse the private store and install apps when needed.
+- Curate private store for all employees – A private store can include content you've purchased from Microsoft Store for Business, and your line-of-business apps that you've submitted to Microsoft Store for Business. Apps in your private store are available to all of your employees. They can browse the private store and install apps when needed.
- To use the options above users must be signed in with an Azure AD account on a Windows 10 device. Licenses are assigned as individuals install apps.
**Using a management tool** – For larger organizations that want a greater level of control over how apps are distributed and managed, a management tools provides other distribution options:
diff --git a/store-for-business/notifications-microsoft-store-business.md b/store-for-business/notifications-microsoft-store-business.md
index dd8d1a7d29..916cb00349 100644
--- a/store-for-business/notifications-microsoft-store-business.md
+++ b/store-for-business/notifications-microsoft-store-business.md
@@ -24,7 +24,7 @@ ms.date: 07/21/2021
- Windows 10
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
Microsoft Store for Business and Microsoft Store for Education use a set of notifications to alert admins if there is an issue or outage with Microsoft Store.
@@ -32,9 +32,9 @@ Microsoft Store for Business and Microsoft Store for Education use a set of noti
| Store area | Notification message | Customer impact |
| ---------- | -------------------- | --------------- |
-| General | We’re on it. Something happened on our end with the Store. Waiting a bit might help. | You might be unable to sign in. There might be an intermittent Azure AD outage. |
-| Manage | We’re on it. Something happened on our end with management for apps and software. We’re working to fix the problem. | You might be unable to manage inventory, including viewing inventory, distributing apps, assigning licenses, or viewing and managing order history. |
-| Shop | We’re on it. Something happened on our end with purchasing. We’re working to fix the problem. | Shop might not be available. You might not be able to purchase new, or additional licenses. |
-| Private store | We’re on it. Something happened on our end with your organization’s private store. People in your organization can’t download apps right now. We’re working to fix the problem. | People in your organization might not be able to view the private store, or get apps. |
-| Acquisition and licensing | We’re on it. People in your org might not be able to install or use certain apps. We’re working to fix the problem. | People in your org might not be able to claim a license from your private store. |
-| Partner | We’re on it. Something happened on our end with Find a Partner. We’re working to fix the problem. | You might not be able to search for a partner. |
+| General | We're on it. Something happened on our end with the Store. Waiting a bit might help. | You might be unable to sign in. There might be an intermittent Azure AD outage. |
+| Manage | We're on it. Something happened on our end with management for apps and software. We're working to fix the problem. | You might be unable to manage inventory, including viewing inventory, distributing apps, assigning licenses, or viewing and managing order history. |
+| Shop | We're on it. Something happened on our end with purchasing. We're working to fix the problem. | Shop might not be available. You might not be able to purchase new, or additional licenses. |
+| Private store | We're on it. Something happened on our end with your organization's private store. People in your organization can't download apps right now. We're working to fix the problem. | People in your organization might not be able to view the private store, or get apps. |
+| Acquisition and licensing | We're on it. People in your org might not be able to install or use certain apps. We're working to fix the problem. | People in your org might not be able to claim a license from your private store. |
+| Partner | We're on it. Something happened on our end with Find a Partner. We're working to fix the problem. | You might not be able to search for a partner. |
diff --git a/store-for-business/payment-methods.md b/store-for-business/payment-methods.md
index 43f09a403e..1ccc6c81fd 100644
--- a/store-for-business/payment-methods.md
+++ b/store-for-business/payment-methods.md
@@ -18,7 +18,7 @@ manager: dansimp
# Payment methods
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
You can purchase products and services from Microsoft Store for Business using your credit card. You can enter your credit card information on **Payment methods**, or when you purchase an app. We currently accept these credit cards:
- VISA
@@ -54,4 +54,4 @@ Once you select **Add**, the information you provided will be validated with a t
Once you click **Update**, the information you provided will be validated with a test authorization transaction and, if validated, the payment option will be added to your list of available payment options. Otherwise, you will be prompted for additional information or notified if there are any problems.
> [!NOTE]
-> Certain actions, like updating or adding a payment option, require temporary “test authorization” transactions to validate the payment option. These may appear on your statement as $0.00 authorizations or as small pending transactions. These transactions are temporary and should not impact your account unless you make several changes in a short period of time, or have a low balance.
+> Certain actions, like updating or adding a payment option, require temporary "test authorization" transactions to validate the payment option. These may appear on your statement as $0.00 authorizations or as small pending transactions. These transactions are temporary and should not impact your account unless you make several changes in a short period of time, or have a low balance.
diff --git a/store-for-business/prerequisites-microsoft-store-for-business.md b/store-for-business/prerequisites-microsoft-store-for-business.md
index 2b8ea7784d..99e6061d97 100644
--- a/store-for-business/prerequisites-microsoft-store-for-business.md
+++ b/store-for-business/prerequisites-microsoft-store-for-business.md
@@ -22,7 +22,7 @@ ms.date: 07/21/2021
- Windows 10
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
> [!IMPORTANT]
> Starting on April 14th, 2021, only free apps will be available in Microsoft Store for Business and Education. For more information, see [Microsoft Store for Business and Education](index.md).
diff --git a/store-for-business/release-history-microsoft-store-business-education.md b/store-for-business/release-history-microsoft-store-business-education.md
index a4f1f93a78..4ced84898d 100644
--- a/store-for-business/release-history-microsoft-store-business-education.md
+++ b/store-for-business/release-history-microsoft-store-business-education.md
@@ -16,7 +16,7 @@ manager: dansimp
# Microsoft Store for Business and Education release history
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
Microsoft Store for Business and Education regularly releases new and improved features. Here's a summary of new or updated features in previous releases.
@@ -39,13 +39,13 @@ Looking for info on the latest release? Check out [What's new in Microsoft Store
- **Immersive Reader app available in Microsoft Store for Education** - This app is a free tool that uses proven techniques to improve reading and writing for people regardless of their age or ability. You can add the app to your private store, so students can easily install and use it.
## April 2018
-- **Assign apps to larger groups** - We're making it easier for admins to assign apps to groups of people. Admins can assign licenses to groups of any size, and include subgroups within those groups. We’ll figure out who’s in those groups, and assign licenses to people in the groups (skipping people who already have licenses). Along the way, we’ll let you know how many licenses are needed, and provide an estimate on the time required to assign licenses.
+- **Assign apps to larger groups** - We're making it easier for admins to assign apps to groups of people. Admins can assign licenses to groups of any size, and include subgroups within those groups. We'll figure out who's in those groups, and assign licenses to people in the groups (skipping people who already have licenses). Along the way, we'll let you know how many licenses are needed, and provide an estimate on the time required to assign licenses.
- **Change collection order in private store** - Private store collections make it easy for groups of people to find the apps that they need. Now, you can customize the order of your private store collections.
- **Office 365 subscription management** - We know that sometimes customers need to cancel a subscription. While we don't want to lose a customer, we want the process for managing subscriptions to be easy. Now, you can delete your Office 365 subscription without calling Support. From Microsoft Store for Business and Education, you can request to delete an Office 365 subscription. We'll wait three days before permanently deleting the subscription. In case of a mistake, customers are welcome to reactivate subscriptions during the three-day period.
## March 2018
- **Performance improvements in private store** - We've made it significantly faster for you to update the private store. Many changes to the private store are available immediately after you make them. [Get more info](./manage-private-store-settings.md#private-store-performance)
-- **Private store collection updates** - We’ve made it easier to find apps when creating private store collections – now you can search and filter results.
+- **Private store collection updates** - We've made it easier to find apps when creating private store collections – now you can search and filter results.
[Get more info](./manage-private-store-settings.md#private-store-collections)
- **Manage Skype Communication credits** - Office 365 customers that own Skype Communication Credits can now see and manage them in Microsoft Store for Business. You can view your account, add funds to your account, and manage auto-recharge settings.
- **Upgrade Microsoft 365 trial subscription** - Customers with Office 365 can upgrade their subscription and automatically re-assign their user licenses over to a new target subscription. For example, you could upgrade your Office 365 for business subscription to a Microsoft 365 for business subscription.
diff --git a/store-for-business/roles-and-permissions-microsoft-store-for-business.md b/store-for-business/roles-and-permissions-microsoft-store-for-business.md
index d04d9e5277..83baa7d2d3 100644
--- a/store-for-business/roles-and-permissions-microsoft-store-for-business.md
+++ b/store-for-business/roles-and-permissions-microsoft-store-for-business.md
@@ -23,7 +23,7 @@ ms.date: 07/21/2021
- Windows 10
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
> [!IMPORTANT]
> Starting on April 14th, 2021, only free apps will be available in Microsoft Store for Business and Education. For more information, see [Microsoft Store for Business and Education](index.md).
diff --git a/store-for-business/settings-reference-microsoft-store-for-business.md b/store-for-business/settings-reference-microsoft-store-for-business.md
index 442ff303d1..3bbc577f09 100644
--- a/store-for-business/settings-reference-microsoft-store-for-business.md
+++ b/store-for-business/settings-reference-microsoft-store-for-business.md
@@ -18,7 +18,7 @@ ms.date: 07/21/2021
# Settings reference: Microsoft Store for Business and Education
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
The Microsoft Store for Business and Education has a group of settings that admins use to manage the store.
diff --git a/store-for-business/sign-code-integrity-policy-with-device-guard-signing.md b/store-for-business/sign-code-integrity-policy-with-device-guard-signing.md
index d7f05fb986..5de355b03c 100644
--- a/store-for-business/sign-code-integrity-policy-with-device-guard-signing.md
+++ b/store-for-business/sign-code-integrity-policy-with-device-guard-signing.md
@@ -18,7 +18,7 @@ ms.date: 07/21/2021
# Sign code integrity policy with Device Guard signing
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
> [!IMPORTANT]
@@ -27,7 +27,7 @@ ms.date: 07/21/2021
> Following are the major changes we are making to the service:
> - The method for consuming the service will change to a more automation-friendly method based on PowerShell cmdlets. These cmdlets are available as a NuGet download, https://www.nuget.org/packages/Microsoft.Acs.Dgss.Client/.
> - In order to achieve desired isolation, you will be required to get a new CI policy from DGSS v2 (and optionally sign it).
-> - DGSS v2 will not have support for downloading leaf certificates used to sign your files (however, the root certificate will still be available to download). Note that the certificate used to sign a file can be easily extracted from the signed file itself. As a result, after DGSS v1 is retired, you will no longer be able to download the leaf certificates used to sign your files.
+> - DGSS v2 will not have support for downloading leaf certificates used to sign your files (however, the root certificate will still be available to download). Note that the certificate used to sign a file can be easily extracted from the signed file itself. As a result, after DGSS v1 is retired, you will no longer be able to download the leaf certificates used to sign your files.
>
> The following functionality will be available via these PowerShell cmdlets:
> - Get a CI policy
diff --git a/store-for-business/sign-up-microsoft-store-for-business-overview.md b/store-for-business/sign-up-microsoft-store-for-business-overview.md
index c51e8f7899..5303f4a421 100644
--- a/store-for-business/sign-up-microsoft-store-for-business-overview.md
+++ b/store-for-business/sign-up-microsoft-store-for-business-overview.md
@@ -22,7 +22,7 @@ ms.date: 07/21/2021
- Windows 10
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
IT admins can sign up for Microsoft Store for Business and Education, and get started working with apps.
diff --git a/store-for-business/troubleshoot-microsoft-store-for-business.md b/store-for-business/troubleshoot-microsoft-store-for-business.md
index febe7110b0..48cfe3c2fc 100644
--- a/store-for-business/troubleshoot-microsoft-store-for-business.md
+++ b/store-for-business/troubleshoot-microsoft-store-for-business.md
@@ -22,7 +22,7 @@ ms.date: 07/21/2021
- Windows 10
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
Troubleshooting topics for Microsoft Store for Business.
diff --git a/store-for-business/update-microsoft-store-for-business-account-settings.md b/store-for-business/update-microsoft-store-for-business-account-settings.md
index edc1a362da..55f5f4fc07 100644
--- a/store-for-business/update-microsoft-store-for-business-account-settings.md
+++ b/store-for-business/update-microsoft-store-for-business-account-settings.md
@@ -18,7 +18,7 @@ manager: dansimp
# Update Billing account settings
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
A billing account contains defining information about your organization.
@@ -35,9 +35,9 @@ We need your business address, email contact, and tax-exemption certificates tha
Before purchasing apps that have a fee, you need to add or update your organization's business address, contact email address, and contact name.
-We use the Business address to calculate sales tax. If your organization's address has already been entered for other commercial purchases through Microsoft Store, or through other online purchases such as Office 365 or Azure subscriptions, then we’ll use the same address in Microsoft Store for Business and Microsoft Store for Education. If we don’t have an address, we’ll ask you to enter it during your first purchase.
+We use the Business address to calculate sales tax. If your organization's address has already been entered for other commercial purchases through Microsoft Store, or through other online purchases such as Office 365 or Azure subscriptions, then we'll use the same address in Microsoft Store for Business and Microsoft Store for Education. If we don't have an address, we'll ask you to enter it during your first purchase.
-We need an email address in case we need to contact you about your Microsoft Store for Business and for Education account. This email account should reach the admin for your organization’s Office 365 or Azure AD tenant that is used with Microsoft Store.
+We need an email address in case we need to contact you about your Microsoft Store for Business and for Education account. This email account should reach the admin for your organization's Office 365 or Azure AD tenant that is used with Microsoft Store.
**To update billing account information**
1. Sign in to the [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com)
@@ -100,7 +100,7 @@ If you qualify for tax-exempt status in your market, start a service request to
1. Sign in to the [Microsoft Store for Business](https://businessstore.microsoft.com).
2. Select **Manage**, click **Support**, and then under **Store settings & configuration** select **Create technical support ticket**.
-You’ll need this documentation:
+You'll need this documentation:
|Country or locale | Documentation |
|------------------|----------------|
diff --git a/store-for-business/whats-new-microsoft-store-business-education.md b/store-for-business/whats-new-microsoft-store-business-education.md
index 4b0cd1e47d..31965af7f3 100644
--- a/store-for-business/whats-new-microsoft-store-business-education.md
+++ b/store-for-business/whats-new-microsoft-store-business-education.md
@@ -16,7 +16,7 @@ manager: dansimp
# What's new in Microsoft Store for Business and Education
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
Microsoft Store for Business and Education regularly releases new and improved features.
@@ -35,7 +35,7 @@ Microsoft Store for Business and Education regularly releases new and improved f
+#### Windows Server
-**.NET NGEN Blog (Highly Recommended)**
+Server performance tuning guidelines for [Microsoft Windows Server 2012 R2](/previous-versions/dn529133(v=vs.85))
-- [How to speed up NGEN optimization](https://blogs.msdn.com/b/dotnet/archive/2013/08/06/wondering-why-mscorsvw-exe-has-high-cpu-usage-you-can-speed-it-up.aspx)
+#### Server roles
-**Windows Server and Server Roles**
+- [Remote Desktop Virtualization Host](/previous-versions/dn567643(v=vs.85))
-Server Performance Tuning Guidelines for
+- [Remote Desktop Session Host](/previous-versions/dn567648(v=vs.85))
-- [Microsoft Windows Server 2012 R2](/previous-versions//dn529133(v=vs.85))
-
-- [Microsoft Windows Server 2012](https://download.microsoft.com/download/0/0/B/00BE76AF-D340-4759-8ECD-C80BC53B6231/performance-tuning-guidelines-windows-server-2012.docx)
-
-- [Microsoft Windows Server 2008 R2](https://download.microsoft.com/download/6/B/2/6B2EBD3A-302E-4553-AC00-9885BBF31E21/Perf-tun-srv-R2.docx)
-
-**Server Roles**
-
-- [Remote Desktop Virtualization Host](/previous-versions//dn567643(v=vs.85))
-
-- [Remote Desktop Session Host](/previous-versions//dn567648(v=vs.85))
-
-- [IIS Relevance: App-V Management, Publishing, Reporting Web Services](/previous-versions//dn567678(v=vs.85))
+- [IIS Relevance: App-V Management, Publishing, Reporting Web Services](/previous-versions/dn567678(v=vs.85))
- [File Server (SMB) Relevance: If used for App-V Content Storage and Delivery in SCS Mode](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj134210(v=ws.11))
-**Windows Client (Guest OS) Performance Tuning Guidance**
+#### Windows Client (guest OS) performance tuning guidance
-- [Optimization Script: (Provided by Microsoft Support)](/archive/blogs/jeff_stokes/the-microsoft-premier-field-engineer-pfe-view-on-virtual-desktop-vdi-density)
-
-- [Microsoft Windows 8](https://download.microsoft.com/download/6/0/1/601D7797-A063-4FA7-A2E5-74519B57C2B4/Windows_8_VDI_Image_Client_Tuning_Guide.pdf)
+- [The Microsoft Premier Field Engineer (PFE) view on Virtual Desktop (VDI) Density](/archive/blogs/jeff_stokes/the-microsoft-premier-field-engineer-pfe-view-on-virtual-desktop-vdi-density)
- [Optimization Script: (Provided by Microsoft Support)](/archive/blogs/jeff_stokes/hot-off-the-presses-get-it-now-the-windows-8-vdi-optimization-script-courtesy-of-pfe)
@@ -404,7 +387,7 @@ Removing FB1 doesn't require the original application installer. After completin
### Creating a new virtual application package on the sequencer
-If, during sequencer monitoring, an SxS Assembly (such as a VC++ Runtime) is installed as part of an application’s installation, SxS Assembly will be automatically detected and included in the package. The administrator will be notified and will have the option to exclude the SxS Assembly.
+If, during sequencer monitoring, an SxS Assembly (such as a VC++ Runtime) is installed as part of an application's installation, SxS Assembly will be automatically detected and included in the package. The administrator will be notified and will have the option to exclude the SxS Assembly.
**Client Side**:
diff --git a/windows/application-management/app-v/appv-supported-configurations.md b/windows/application-management/app-v/appv-supported-configurations.md
index 071879bc7c..2522c24732 100644
--- a/windows/application-management/app-v/appv-supported-configurations.md
+++ b/windows/application-management/app-v/appv-supported-configurations.md
@@ -119,7 +119,7 @@ See the Windows or Windows Server documentation for the hardware requirements.
## Supported versions of Microsoft Endpoint Configuration Manager
-The App-V client works with Configuration Manager versions starting with Technical Preview for System Center Configuration Manager, version 1606.
+The App-V client works with Configuration Manager versions starting with Technical Preview for Configuration Manager, version 1606.
## Related articles
diff --git a/windows/application-management/apps-in-windows-10.md b/windows/application-management/apps-in-windows-10.md
index ba0a92dcf7..0c38b376be 100644
--- a/windows/application-management/apps-in-windows-10.md
+++ b/windows/application-management/apps-in-windows-10.md
@@ -1,11 +1,11 @@
---
title: Learn about the different app types in Windows 10/11 | Microsoft Docs
-ms.reviewer:
-manager: dougeby
description: Learn more and understand the different types of apps that run on Windows 10 and Windows 11. For example, learn more about UWP, WPF, Win32, and Windows Forms apps, including the best way to install these apps.
ms.prod: w10
-ms.author: aaroncz
-author: aczechowski
+author: nicholasswhite
+ms.author: nwhite
+manager: aaroncz
+ms.reviewer:
ms.localizationpriority: medium
ms.topic: article
ms.collection: highpri
diff --git a/windows/application-management/docfx.json b/windows/application-management/docfx.json
index 88a99ecd24..1f3a0d4e61 100644
--- a/windows/application-management/docfx.json
+++ b/windows/application-management/docfx.json
@@ -21,6 +21,7 @@
"files": [
"**/*.png",
"**/*.jpg",
+ "**/*.svg",
"**/*.gif"
],
"exclude": [
diff --git a/windows/application-management/enterprise-background-activity-controls.md b/windows/application-management/enterprise-background-activity-controls.md
index d85b5ea89f..60cb9c5b79 100644
--- a/windows/application-management/enterprise-background-activity-controls.md
+++ b/windows/application-management/enterprise-background-activity-controls.md
@@ -1,13 +1,13 @@
---
-author: aczechowski
title: Remove background task resource restrictions
description: Allow enterprise background tasks unrestricted access to computer resources.
-ms.author: aaroncz
+ms.prod: w10
+author: nicholasswhite
+ms.author: nwhite
+manager: aaroncz
ms.date: 10/03/2017
ms.reviewer:
-manager: dougeby
ms.topic: article
-ms.prod: w10
---
# Remove background task resource restrictions
@@ -43,7 +43,7 @@ Starting with Windows 10, version 1703, enterprises can control background activ
`./Vendor/Microsoft/Policy/Config/Privacy/LetAppsRunInBackground_ForceDenyTheseApps`
`./Vendor/Microsoft/Policy/Config/Privacy/LetAppsRunInBackground_UserInControlOfTheseApps`
-These policies control the background activity battery settings for Universal Windows Platform (UWP) apps. They enable apps to not be managed by the Windows system policies and not be restricted when battery saver is active. Applying these policies to a device will disable the user controls for the applications specified in the policies in the **Settings** app. See [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider#privacy-letappsruninbackground) for more information about these policies.
+These policies control the background activity battery settings for Universal Windows Platform (UWP) apps. They enable apps to not be managed by the Windows system policies and not be restricted when battery saver is active. Applying these policies to a device will disable the user controls for the applications specified in the policies in the **Settings** app. For more information about these policies, visit [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider#privacy-letappsruninbackground).
An app can determine which settings are in place for itself by using [BackgroundExecutionManager.RequestAccessAsync](/uwp/api/Windows.ApplicationModel.Background.BackgroundAccessStatus) before any background activity is attempted, and then examining the returned [BackgroundAccessStatus](/uwp/api/windows.applicationmodel.background.backgroundaccessstatus) enumeration. The values of this enumeration correspond to settings in the **battery usage by App** settings page:
diff --git a/windows/application-management/includes/app-v-end-life-statement.md b/windows/application-management/includes/app-v-end-life-statement.md
index 17dace9c69..87c9ec2b04 100644
--- a/windows/application-management/includes/app-v-end-life-statement.md
+++ b/windows/application-management/includes/app-v-end-life-statement.md
@@ -1,9 +1,9 @@
---
-author: aczechowski
-ms.author: aaroncz
+author: nicholasswhite
+ms.author: nwhite
+manager: aaroncz
ms.date: 09/20/2021
ms.reviewer:
-manager: dougeby
ms.prod: w10
ms.topic: include
---
diff --git a/windows/application-management/includes/applies-to-windows-client-versions.md b/windows/application-management/includes/applies-to-windows-client-versions.md
index 7cb153ddb7..b26f9904a6 100644
--- a/windows/application-management/includes/applies-to-windows-client-versions.md
+++ b/windows/application-management/includes/applies-to-windows-client-versions.md
@@ -1,9 +1,9 @@
---
-author: aczechowski
-ms.author: aaroncz
+author: nicholasswhite
+ms.author: nwhite
+manager: aaroncz
ms.date: 09/28/2021
ms.reviewer:
-manager: dougeby
ms.prod: w10
ms.topic: include
---
diff --git a/windows/application-management/index.yml b/windows/application-management/index.yml
index 8f6b781ec5..e13b0747f4 100644
--- a/windows/application-management/index.yml
+++ b/windows/application-management/index.yml
@@ -13,9 +13,9 @@ metadata:
ms.collection:
- windows-10
- highpri
- author: aczechowski
- ms.author: aaroncz
- manager: dougeby
+ author: nicholasswhite
+ ms.author: nwhite
+ manager: aaroncz
ms.date: 08/24/2021 #Required; mm/dd/yyyy format.
ms.localizationpriority : medium
diff --git a/windows/application-management/manage-windows-mixed-reality.md b/windows/application-management/manage-windows-mixed-reality.md
deleted file mode 100644
index 98fff77da2..0000000000
--- a/windows/application-management/manage-windows-mixed-reality.md
+++ /dev/null
@@ -1,104 +0,0 @@
----
-title: Enable or block Windows Mixed Reality apps in the enterprise (Windows 10/11)
-description: Learn how to enable Windows Mixed Reality apps in WSUS or block the Windows Mixed Reality portal in enterprises.
-ms.reviewer:
-manager: dougeby
-ms.prod: w10
-ms.localizationpriority: medium
-author: aczechowski
-ms.author: aaroncz
-ms.topic: article
----
-
-# Enable or block Windows Mixed Reality apps in enterprises
-
-[!INCLUDE [Applies to Windows client versions](./includes/applies-to-windows-client-versions.md)]
-
-
-[Windows Mixed Reality](https://blogs.windows.com/windowsexperience/2017/10/03/the-era-of-windows-mixed-reality-begins-october-17/) was introduced in Windows 10, version 1709 (also known as the Fall Creators Update), as a [Windows Feature on Demand (FOD)](/windows-hardware/manufacture/desktop/features-on-demand-v2--capabilities). Features on Demand are Windows feature packages that can be added at any time. When a Windows client needs a new feature, it can request the feature package from Windows Update.
-
-Organizations that use Windows Server Update Services (WSUS) must take action to [enable Windows Mixed Reality](#enable-windows-mixed-reality-in-wsus). Any organization that wants to prohibit use of Windows Mixed Reality can [block the installation of the Mixed Reality Portal](#block-the-mixed-reality-portal).
-
-## Enable Windows Mixed Reality in WSUS
-
-1. [Check your version of Windows.](https://support.microsoft.com/help/13443/windows-which-operating-system)
-
- >[!NOTE]
- >You must be on at least Windows 10, version 1709, to run Windows Mixed Reality.
-
-2. Windows Mixed Reality Feature on Demand (FOD) is downloaded from Windows Update. If access to Windows Update is blocked, you must manually install the Windows Mixed Reality FOD.
-
- 1. Download the FOD .cab file:
-
- - [Windows 11, version 21H2](https://software-download.microsoft.com/download/sg/Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd_64~~.cab)
- - [Windows 10, version 2004](https://software-download.microsoft.com/download/pr/6cf73b63/Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd64~~.cab)
- - [Windows 10, version 1903 and 1909](https://software-download.microsoft.com/download/pr/Microsoft-Windows-Holographic-Desktop-FOD-Package-31bf3856ad364e35-amd64.cab)
- - [Windows 10, version 1809](https://software-download.microsoft.com/download/pr/microsoft-windows-holographic-desktop-fod-package31bf3856ad364e35amd64_1.cab)
- - [Windows 10, version 1803](https://download.microsoft.com/download/9/9/3/9934B163-FA01-4108-A38A-851B4ACD1244/Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd64~~.cab)
- - [Windows 10, version 1709](https://download.microsoft.com/download/6/F/8/6F816172-AC7D-4F45-B967-D573FB450CB7/Microsoft-Windows-Holographic-Desktop-FOD-Package.cab)
-
- > [!NOTE]
- > You must download the FOD .cab file that matches your operating system version.
-
- 1. Use `Dism` to add Windows Mixed Reality FOD to the image.
-
- ```powershell
- Dism /Online /Add-Package /PackagePath:(path)
- ```
-
- > [!NOTE]
- > On Windows 10 and 11, you must rename the FOD .CAB file to: **Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd64~~.cab**
-
- 1. In **Settings** > **Update & Security** > **Windows Update**, select **Check for updates**.
-
-
-IT admins can also create [Side by side feature store (shared folder)](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj127275(v=ws.11)) to allow access to the Windows Mixed Reality FOD.
-
-## Block the Mixed Reality Portal
-
-You can use the [AppLocker configuration service provider (CSP)](/windows/client-management/mdm/applocker-csp) to block the Mixed Reality software.
-
-In the following example, the **Id** can be any generated GUID and the **Name** can be any name you choose. Note that `BinaryName="*"` allows you to block any app executable in the Mixed Reality Portal package. **Binary/VersionRange**, as shown in the example, will block all versions of the Mixed Reality Portal app.
-
-```xml
-
-
-
- $CmdID$
-
-
- ./Vendor/MSFT/PolicyManager/My/ApplicationManagement/ApplicationRestrictions
-
-
- chr
- text/plain
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- >
-
-
-
-
-
-
-```
-
-
-## Related articles
-
-- [Mixed reality](https://developer.microsoft.com/windows/mixed-reality/mixed_reality)
diff --git a/windows/application-management/per-user-services-in-windows.md b/windows/application-management/per-user-services-in-windows.md
index 4657bd8ea3..7735990889 100644
--- a/windows/application-management/per-user-services-in-windows.md
+++ b/windows/application-management/per-user-services-in-windows.md
@@ -2,11 +2,11 @@
title: Per-user services in Windows 10 and Windows Server
description: Learn about per-user services, how to change the template service Startup Type, and manage per-user services through Group Policy and security templates.
ms.prod: w10
-ms.author: aaroncz
-author: aczechowski
+author: nicholasswhite
+ms.author: nwhite
+manager: aaroncz
ms.date: 09/14/2017
ms.reviewer:
-manager: dougeby
---
# Per-user services in Windows 10 and Windows Server
@@ -41,7 +41,7 @@ Before you disable any of these services, review the **Description** column in t
| 1803 | DevicePickerUserSvc | DevicePicker | Manual | | Device Picker |
| 1703 | DevicesFlowUserSvc | DevicesFlow | Manual | | Device Discovery and Connecting |
| 1703 | MessagingService | MessagingService | Manual | | Service supporting text messaging and related functionality |
-| 1607 | OneSyncSvc | Sync Host | Auto (delayed) | | Synchronizes mail, contacts, calendar, and other user data. Mail and other applications dependent on this service don't work correctly when this service is not running. |
+| 1607 | OneSyncSvc | Sync Host | Auto (delayed) | | Synchronizes mail, contacts, calendar, and other user data. Mail and other applications dependent on this service don't work correctly when this service isn't running. |
| 1607 | PimIndexMaintenanceSvc | Contact Data | Manual | UnistoreSvc | Indexes contact data for fast contact searching. If you stop or disable this service, search results might not display all contacts. |
| 1709 | PrintWorkflowUserSvc | PrintWorkflow | Manual | | Print Workflow |
| 1607 | UnistoreSvc | User Data Storage | Manual | | Handles storage of structured user data, including contact info, calendars, and messages. If you stop or disable this service, apps that use this data might not work correctly. |
@@ -71,7 +71,7 @@ In light of these restrictions, you can use the following methods to manage per-
### Manage template services using a security template
-You can manage the CDPUserSvc and OneSyncSvc per-user services with a [security template](/windows/device-security/security-policy-settings/administer-security-policy-settings#bkmk-sectmpl). See [Administer security policy settings](/windows/device-security/security-policy-settings/administer-security-policy-settings) for more information.
+You can manage the CDPUserSvc and OneSyncSvc per-user services with a [security template](/windows/device-security/security-policy-settings/administer-security-policy-settings#bkmk-sectmpl). For more information, visit [Administer security policy settings](/windows/device-security/security-policy-settings/administer-security-policy-settings).
For example:
@@ -87,13 +87,13 @@ Revision=1
### Manage template services using Group Policy preferences
-If a per-user service can't be disabled using a the security template, you can disable it by using Group Policy preferences.
+If a per-user service can't be disabled using the security template, you can disable it by using Group Policy preferences.
-1. On a Windows Server domain controller or Windows 10 PC that has the [Remote Server Administration Tools (RSAT)](https://www.microsoft.com/download/details.aspx?id=45520) installed, click **Start**, type GPMC.MSC, and then press **Enter** to open the **Group Policy Management Console**.
+1. On a Windows Server domain controller or Windows 10 PC that has the [Remote Server Administration Tools (RSAT)](https://www.microsoft.com/download/details.aspx?id=45520) installed, select **Start**, type GPMC.MSC, and then press **Enter** to open the **Group Policy Management Console**.
2. Create a new Group Policy Object (GPO) or use an existing GPO.
-3. Right-click the GPO and click **Edit** to launch the Group Policy Object Editor.
+3. Right-click the GPO and select **Edit** to launch the Group Policy Object Editor.
4. Depending on how you want to target the Group Policy, under **Computer configuration** or **User configuration** browse to Preferences\Windows Settings\Registry.
@@ -101,23 +101,23 @@ If a per-user service can't be disabled using a the security template, you can d
-6. Make sure that HKEY_Local_Machine is selected for Hive and then click ... (the ellipses) next to Key Path.
+6. Make sure that HKEY_Local_Machine is selected for Hive and then select ... (the ellipses) next to Key Path.
-7. Browse to **System\CurrentControlSet\Services\PimIndexMaintenanceSvc**. In the list of values, highlight **Start** and click **Select**.
+7. Browse to **System\CurrentControlSet\Services\PimIndexMaintenanceSvc**. In the list of values, highlight **Start** and select **Select**.
-8. Change **Value data** from **00000003** to **00000004** and click **OK**. Note setting the Value data to **4** = **Disabled**.
+8. Change **Value data** from **00000003** to **00000004** and select **OK**. Note setting the Value data to **4** = **Disabled**.
-9. To add the other services that cannot be managed with a Group Policy templates, edit the policy and repeat steps 5-8.
+9. To add the other services that can't be managed with a Group Policy templates, edit the policy and repeat steps 5-8.
### Managing Template Services with reg.exe
-If you cannot use Group Policy Preferences to manage the per-user services, you can edit the registry with reg.exe.
+If you can't use Group Policy Preferences to manage the per-user services, you can edit the registry with reg.exe.
To disable the Template Services, change the Startup Type for each service to 4 (disabled).
For example:
@@ -135,7 +135,7 @@ REG.EXE ADD HKLM\System\CurrentControlSet\Services\WpnUserService /v Start /t RE
### Managing Template Services with regedit.exe
-If you cannot use Group Policy preferences to manage the per-user services, you can edit the registry with regedit.exe. To disable the template services, change the Startup Type for each service to 4 (disabled):
+If you can't use Group Policy preferences to manage the per-user services, you can edit the registry with regedit.exe. To disable the template services, change the Startup Type for each service to 4 (disabled):
@@ -159,7 +159,7 @@ Sample script using [sc.exe](/previous-versions/windows/it-pro/windows-server-20
```
sc.exe configure start= disabled
```
-Note that the space after "=" is intentional.
+The space after "=" is intentional.
Sample script using the [Set-Service PowerShell cmdlet](/previous-versions/windows/it-pro/windows-powershell-1.0/ee176963(v=technet.10)):
@@ -169,7 +169,7 @@ Set-Service -StartupType Disabled
## View per-user services in the Services console (services.msc)
-As mentioned you can't view the template services in the Services console, but you can see the user-specific per-user services - they are displayed using the \_LUID format (where LUID is the locally unique identifier).
+As mentioned you can't view the template services in the Services console, but you can see the user-specific per-user services - they're displayed using the \_LUID format (where LUID is the locally unique identifier).
For example, you might see the following per-user services listed in the Services console:
diff --git a/windows/application-management/private-app-repository-mdm-company-portal-windows-11.md b/windows/application-management/private-app-repository-mdm-company-portal-windows-11.md
index 17fe815f82..b039ab012b 100644
--- a/windows/application-management/private-app-repository-mdm-company-portal-windows-11.md
+++ b/windows/application-management/private-app-repository-mdm-company-portal-windows-11.md
@@ -1,11 +1,11 @@
---
title: Use the Company Portal app for your private app repo on Windows 11 devices | Microsoft Docs
description: Use the Company Portal app in Windows 11 devices to access the private app repository for your organization or company apps. Add apps to an MDM/MAM provider, and deploy the apps to Windows devices using policies. The Company Portal app replaces Microsoft Store for Business private store on Windows 11 devices.
-manager: dougeby
-ms.author: aaroncz
+author: nicholasswhite
+ms.author: nwhite
+manager: aaroncz
ms.reviewer: amanh
ms.prod: w11
-author: aczechowski
ms.date: 09/15/2021
ms.localizationpriority: medium
---
@@ -26,7 +26,7 @@ This article discusses the Company Portal app installation options, adding organ
## Before you begin
-The Company Portal app is included with Microsoft Endpoint Manager (MEM). Endpoint Manager is a Mobile Device Management (MDM) and Mobile Application manager (MAM) provider. It help manages your devices, and manage apps on your devices.
+The Company Portal app is included with Microsoft Endpoint Manager. Endpoint Manager is a Mobile Device Management (MDM) and Mobile Application manager (MAM) provider. It help manages your devices, and manage apps on your devices.
If you're not managing your devices using an MDM provider, the following resources may help you get started:
diff --git a/windows/application-management/provisioned-apps-windows-client-os.md b/windows/application-management/provisioned-apps-windows-client-os.md
index c155a0e790..b61fb4f87e 100644
--- a/windows/application-management/provisioned-apps-windows-client-os.md
+++ b/windows/application-management/provisioned-apps-windows-client-os.md
@@ -1,11 +1,11 @@
---
title: Get the provisioned apps on Windows client operating system | Microsoft Docs
ms.reviewer:
-manager: dougeby
+author: nicholasswhite
+ms.author: nwhite
+manager: aaroncz
description: Use the Windows PowerShell Get-AppxProvisionedPackage command to get a list off the provisioned apps installed in Windows OS. See a list of some common provisioned apps installed a Windows Enterprise client computer or device, including Windows 10/11.
ms.prod: w10
-ms.author: aaroncz
-author: aczechowski
ms.localizationpriority: medium
ms.topic: article
---
@@ -17,7 +17,7 @@ ms.topic: article
- Windows 10
- Windows 11
-Provisioned apps are included with the OS, and automatically installed when a user signs into a Windows device the first time. They are per-user apps, and typically installed in the `C:\Program Files\WindowsApps` folder. On your Windows devices, you can use Windows PowerShell to see the provisioned apps automatically installed.
+Provisioned apps are included with the OS, and automatically installed when a user signs into a Windows device the first time. They're per-user apps, and typically installed in the `C:\Program Files\WindowsApps` folder. On your Windows devices, you can use Windows PowerShell to see the provisioned apps automatically installed.
This article lists some of the built-in provisioned apps on the different Windows client OS versions, and lists the Windows PowerShell command to get a list.
diff --git a/windows/application-management/remove-provisioned-apps-during-update.md b/windows/application-management/remove-provisioned-apps-during-update.md
index d05b8db3c7..817364d24a 100644
--- a/windows/application-management/remove-provisioned-apps-during-update.md
+++ b/windows/application-management/remove-provisioned-apps-during-update.md
@@ -2,17 +2,17 @@
title: How to keep apps removed from Windows 10 from returning during an update
description: How to keep provisioned apps that were removed from your machine from returning during an update.
ms.prod: w10
-ms.author: aaroncz
-author: aczechowski
+author: nicholasswhite
+ms.author: nwhite
+manager: aaroncz
ms.date: 05/25/2018
ms.reviewer:
-manager: dougeby
---
# How to keep apps removed from Windows 10 from returning during an update
> Applies to: Windows 10 (General Availability Channel)
-When you update a computer running Windows 10, version 1703 or 1709, you might see provisioned apps that you previously removed return post-update. This can happen if the computer was offline when you removed the apps. This issue was fixed in Windows 10, version 1803.
+When you update a computer running Windows 10, version 1703 or 1709, you might see provisioned apps that you previously removed post-update. This can happen if the computer was offline when you removed the apps. Windows 10, version 1803 has fixed this issue.
>[!NOTE]
>* This issue only occurs after a feature update (from one version to the next), not monthly updates or security-related updates.
diff --git a/windows/application-management/sideload-apps-in-windows-10.md b/windows/application-management/sideload-apps-in-windows-10.md
index 0e20c16ba3..466370dcd1 100644
--- a/windows/application-management/sideload-apps-in-windows-10.md
+++ b/windows/application-management/sideload-apps-in-windows-10.md
@@ -2,10 +2,10 @@
title: Sideload LOB apps in Windows client OS | Microsoft Docs
description: Learn how to sideload line-of-business (LOB) apps in Windows client operating systems, including Windows 10/11. When you sideload an app, you deploy a signed app package to a device.
ms.reviewer:
-manager: dougeby
-ms.author: aaroncz
+author: nicholasswhite
+ms.author: nwhite
+manager: aaroncz
ms.prod: w10
-author: aczechowski
ms.localizationpriority: medium
---
diff --git a/windows/application-management/svchost-service-refactoring.md b/windows/application-management/svchost-service-refactoring.md
index 7fe5fa1c05..67476d451f 100644
--- a/windows/application-management/svchost-service-refactoring.md
+++ b/windows/application-management/svchost-service-refactoring.md
@@ -2,11 +2,11 @@
title: Service Host service refactoring in Windows 10 version 1703
description: Learn about the SvcHost Service Refactoring introduced in Windows 10 version 1703.
ms.prod: w10
-ms.author: aaroncz
-author: aczechowski
+author: nicholasswhite
+ms.author: nwhite
+manager: aaroncz
ms.date: 07/20/2017
ms.reviewer:
-manager: dougeby
---
# Changes to Service Host grouping in Windows 10
diff --git a/windows/application-management/system-apps-windows-client-os.md b/windows/application-management/system-apps-windows-client-os.md
index 89689b0d06..eef2f72573 100644
--- a/windows/application-management/system-apps-windows-client-os.md
+++ b/windows/application-management/system-apps-windows-client-os.md
@@ -1,11 +1,11 @@
---
title: Get the system apps on Windows client operating system | Microsoft Docs
ms.reviewer:
-manager: dougeby
+author: nicholasswhite
+ms.author: nwhite
+manager: aaroncz
description: Use the Windows PowerShell Get-AppxPackage command to get a list off the system apps installed in Windows OS. See a list of some common system apps installed a Windows Enterprise client computer or device, including Windows 10/11.
ms.prod: w10
-ms.author: aaroncz
-author: aczechowski
ms.localizationpriority: medium
ms.topic: article
---
diff --git a/windows/client-management/administrative-tools-in-windows-10.md b/windows/client-management/administrative-tools-in-windows-10.md
index edca458380..5260e5f1db 100644
--- a/windows/client-management/administrative-tools-in-windows-10.md
+++ b/windows/client-management/administrative-tools-in-windows-10.md
@@ -2,11 +2,9 @@
title: Windows Tools/Administrative Tools
description: The folders for Windows Tools and Administrative Tools are folders in the Control Panel that contain tools for system administrators and advanced users.
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-author: aczechowski
-ms.author: aaroncz
-manager: dougeby
+author: vinaypamnani-msft
+ms.author: vinpa
+manager: aaroncz
ms.localizationpriority: medium
ms.date: 03/28/2022
ms.topic: article
diff --git a/windows/client-management/advanced-troubleshooting-802-authentication.md b/windows/client-management/advanced-troubleshooting-802-authentication.md
index 59c8210b09..eba023fe12 100644
--- a/windows/client-management/advanced-troubleshooting-802-authentication.md
+++ b/windows/client-management/advanced-troubleshooting-802-authentication.md
@@ -2,10 +2,7 @@
title: Advanced Troubleshooting 802.1X Authentication
ms.reviewer:
description: Troubleshoot authentication flow by learning how 802.1X Authentication works for wired and wireless clients.
-keywords: advanced troubleshooting, 802.1X authentication, troubleshooting, authentication, Wi-Fi
ms.prod: w10
-ms.mktglfcycl:
-ms.sitesec: library
author: aczechowski
ms.author: aaroncz
manager: dougeby
diff --git a/windows/client-management/advanced-troubleshooting-boot-problems.md b/windows/client-management/advanced-troubleshooting-boot-problems.md
index dd92af8c4f..817cffb7c0 100644
--- a/windows/client-management/advanced-troubleshooting-boot-problems.md
+++ b/windows/client-management/advanced-troubleshooting-boot-problems.md
@@ -2,11 +2,11 @@
title: Advanced troubleshooting for Windows boot problems
description: Learn to troubleshoot when Windows can't boot. This article includes advanced troubleshooting techniques intended for use by support agents and IT professionals.
ms.prod: w10
-ms.sitesec: library
-author: aczechowski
+ms.technology: windows
ms.localizationpriority: medium
+ms.date: 06/02/2022
+author: aczechowski
ms.author: aaroncz
-ms.date: 11/16/2018
ms.reviewer:
manager: dougeby
ms.topic: troubleshooting
@@ -15,16 +15,15 @@ ms.collection: highpri
# Advanced troubleshooting for Windows boot problems
-
Try our Virtual Agent - It can help you quickly identify and fix common Windows boot issues
+
Try our Virtual Agent - It can help you quickly identify and fix common Windows boot issues.
> [!NOTE]
-> This article is intended for use by support agents and IT professionals. If you're looking for more general information about recovery options, see [Recovery options in Windows 10](https://support.microsoft.com/help/12415).
+> This article is intended for use by support agents and IT professionals. If you're looking for more general information about recovery options, see [Recovery options in Windows 10](https://support.microsoft.com/windows/recovery-options-in-windows-31ce2444-7de3-818c-d626-e3b5a3024da5).
## Summary
There are several reasons why a Windows-based computer may have problems during startup. To troubleshoot boot problems, first determine in which of the following phases the computer gets stuck:
-
| Phase | Boot Process | BIOS | UEFI |
|-----------|----------------------|------------------------------------|-----------------------------------|
| 1 | PreBoot | MBR/PBR (Bootstrap Code) | UEFI Firmware |
@@ -32,31 +31,21 @@ There are several reasons why a Windows-based computer may have problems during
| 3 | Windows OS Loader | %SystemRoot%\system32\winload.exe | %SystemRoot%\system32\winload.efi |
| 4 | Windows NT OS Kernel | %SystemRoot%\system32\ntoskrnl.exe | |
-**1. PreBoot**
+1. **PreBoot**: The PC's firmware initiates a power-on self test (POST) and loads firmware settings. This pre-boot process ends when a valid system disk is detected. Firmware reads the master boot record (MBR), and then starts Windows Boot Manager.
-The PC’s firmware initiates a Power-On Self Test (POST) and loads firmware settings. This pre-boot process ends when a valid system disk is detected. Firmware reads the master boot record (MBR), and then starts Windows Boot Manager.
+2. **Windows Boot Manager**: Windows Boot Manager finds and starts the Windows loader (Winload.exe) on the Windows boot partition.
-**2. Windows Boot Manager**
+3. **Windows operating system loader**: Essential drivers required to start the Windows kernel are loaded and the kernel starts to run.
-Windows Boot Manager finds and starts the Windows loader (Winload.exe) on the Windows boot partition.
+4. **Windows NT OS Kernel**: The kernel loads into memory the system registry hive and other drivers that are marked as BOOT_START.
-**3. Windows operating system loader**
-
-Essential drivers required to start the Windows kernel are loaded and the kernel starts to run.
-
-**4. Windows NT OS Kernel**
-
-The kernel loads into memory the system registry hive and other drivers that are marked as BOOT_START.
-
-The kernel passes control to the session manager process (Smss.exe) which initializes the system session, and loads and starts the devices and drivers that aren't marked BOOT_START.
-
-Here's a summary of the boot sequence, what will be seen on the display, and typical boot problems at that point in the sequence. Before starting troubleshooting, you have to understand the outline of the boot process and display status to ensure that the issue is properly identified at the beginning of the engagement.
-
-
-[Click to enlarge](img-boot-sequence.md)
+ The kernel passes control to the session manager process (Smss.exe) which initializes the system session, and loads and starts the devices and drivers that aren't marked BOOT_START.
+
+Here's a summary of the boot sequence, what will be seen on the display, and typical boot problems at that point in the sequence. Before you start troubleshooting, you have to understand the outline of the boot process and display status to ensure that the issue is properly identified at the beginning of the engagement. Select the thumbnail to view it larger.
+:::image type="content" source="images/boot-sequence-thumb.png" alt-text="Diagram of the boot sequence flowchart." lightbox="images/boot-sequence.png":::
Each phase has a different approach to troubleshooting. This article provides troubleshooting techniques for problems that occur during the first three phases.
@@ -69,7 +58,6 @@ Each phase has a different approach to troubleshooting. This article provides tr
>
> `Bcdedit /set {default} bootmenupolicy legacy`
-
## BIOS phase
To determine whether the system has passed the BIOS phase, follow these steps:
@@ -86,26 +74,25 @@ To determine whether the system has passed the BIOS phase, follow these steps:
If the screen is black except for a blinking cursor, or if you receive one of the following error codes, this status indicates that the boot process is stuck in the Boot Loader phase:
-- Boot Configuration Data (BCD) missing or corrupted
-- Boot file or MBR corrupted
-- Operating system Missing
-- Boot sector missing or corrupted
-- Bootmgr missing or corrupted
-- Unable to boot due to system hive missing or corrupted
-
-To troubleshoot this problem, use Windows installation media to start the computer, press Shift+F10 for a command prompt, and then use any of the following methods.
+- Boot Configuration Data (BCD) missing or corrupted
+- Boot file or MBR corrupted
+- Operating system Missing
+- Boot sector missing or corrupted
+- Bootmgr missing or corrupted
+- Unable to boot due to system hive missing or corrupted
+To troubleshoot this problem, use Windows installation media to start the computer, press **Shift** + **F10** for a command prompt, and then use any of the following methods.
### Method 1: Startup Repair tool
The Startup Repair tool automatically fixes many common problems. The tool also lets you quickly diagnose and repair more complex startup problems. When the computer detects a startup problem, the computer starts the Startup Repair tool. When the tool starts, it performs diagnostics. These diagnostics include analyzing startup log files to determine the cause of the problem. When the Startup Repair tool determines the cause, the tool tries to fix the problem automatically.
-To do this task of invoking the Startup Repair tool, follow these steps.
+To do this task of invoking the Startup Repair tool, follow these steps.
> [!NOTE]
-> For additional methods to start WinRE, see [Windows Recovery Environment (Windows RE)](/windows-hardware/manufacture/desktop/windows-recovery-environment--windows-re--technical-reference#span-identrypointsintowinrespanspan-identrypointsintowinrespanspan-identrypointsintowinrespanentry-points-into-winre).
+> For additional methods to start WinRE, see [Windows Recovery Environment (Windows RE)](/windows-hardware/manufacture/desktop/windows-recovery-environment--windows-re--technical-reference#entry-points-into-winre).
-1. Start the system to the installation media for the installed version of Windows. For more information, see [Create installation media for Windows](https://support.microsoft.com/help/15088).
+1. Start the system to the installation media for the installed version of Windows. For more information, see [Create installation media for Windows](https://support.microsoft.com/windows/create-installation-media-for-windows-99a58364-8c02-206f-aa6f-40c3b507420d).
2. On the **Install Windows** screen, select **Next** > **Repair your computer**.
@@ -117,28 +104,26 @@ To do this task of invoking the Startup Repair tool, follow these steps.
The Startup Repair tool generates a log file to help you understand the startup problems and the repairs that were made. You can find the log file in the following location:
-**%windir%\System32\LogFiles\Srt\Srttrail.txt**
-
-
-For more information, see [A Stop error occurs, or the computer stops responding when you try to start Windows Vista or Windows 7](https://support.microsoft.com/help/925810/a-stop-error-occurs-or-the-computer-stops-responding-when-you-try-to-s)
+`%windir%\System32\LogFiles\Srt\Srttrail.txt`
+For more information, see [Troubleshoot blue screen errors](https://support.microsoft.com/sbs/windows/troubleshoot-blue-screen-errors-5c62726c-6489-52da-a372-3f73142c14ad).
### Method 2: Repair Boot Codes
To repair boot codes, run the following command:
-```console
+```command
BOOTREC /FIXMBR
```
To repair the boot sector, run the following command:
-```console
+```command
BOOTREC /FIXBOOT
```
> [!NOTE]
-> Running **BOOTREC** together with **Fixmbr** overwrites only the master boot code. If the corruption in the MBR affects the partition table, running **Fixmbr** may not fix the problem.
+> Running `BOOTREC` together with `Fixmbr` overwrites only the master boot code. If the corruption in the MBR affects the partition table, running `Fixmbr` may not fix the problem.
### Method 3: Fix BCD errors
@@ -146,15 +131,15 @@ If you receive BCD-related errors, follow these steps:
1. Scan for all the systems that are installed. To do this step, run the following command:
- ```console
+ ```command
Bootrec /ScanOS
```
2. Restart the computer to check whether the problem is fixed.
3. If the problem isn't fixed, run the following commands:
-
- ```console
+
+ ```command
bcdedit /export c:\bcdbackup
attrib c:\boot\bcd -r -s -h
@@ -172,128 +157,116 @@ If methods 1, 2 and 3 don't fix the problem, replace the Bootmgr file from drive
1. At a command prompt, change the directory to the System Reserved partition.
-2. Run the **attrib** command to unhide the file:
+2. Run the `attrib` command to unhide the file:
- ```console
+ ```command
attrib -r -s -h
```
3. Navigate to the system drive and run the same command:
- ```console
+ ```command
attrib -r -s -h
```
-4. Rename the Bootmgr file as Bootmgr.old:
+4. Rename the `bootmgr` file as `bootmgr.old`:
- ```console
+ ```command
ren c:\bootmgr bootmgr.old
```
5. Navigate to the system drive.
-6. Copy the Bootmgr file, and then paste it to the System Reserved partition.
+6. Copy the `bootmgr` file, and then paste it to the System Reserved partition.
7. Restart the computer.
-### Method 5: Restore System Hive
+### Method 5: Restore system hive
-If Windows can't load the system registry hive into memory, you must restore the system hive. To do this step,, use the Windows Recovery Environment or use Emergency Repair Disk (ERD) to copy the files from the C:\Windows\System32\config\RegBack to C:\Windows\System32\config.
+If Windows can't load the system registry hive into memory, you must restore the system hive. To do this step, use the Windows Recovery Environment or use the Emergency Repair Disk (ERD) to copy the files from the `C:\Windows\System32\config\RegBack` directory to `C:\Windows\System32\config`.
If the problem persists, you may want to restore the system state backup to an alternative location, and then retrieve the registry hives to be replaced.
> [!NOTE]
-> Starting in Windows 10, version 1803, Windows no longer automatically backs up the system registry to the RegBack folder.This change is by design, and is intended to help reduce the overall disk footprint size of Windows. To recover a system with a corrupt registry hive, Microsoft recommends that you use a system restore point. For more details, check [this article](/troubleshoot/windows-client/deployment/system-registry-no-backed-up-regback-folder)
+> Starting in Windows 10, version 1803, Windows no longer automatically backs up the system registry to the RegBack folder.This change is by design, and is intended to help reduce the overall disk footprint size of Windows. To recover a system with a corrupt registry hive, Microsoft recommends that you use a system restore point. For more information, see [The system registry is no longer backed up to the RegBack folder starting in Windows 10 version 1803](/troubleshoot/windows-client/deployment/system-registry-no-backed-up-regback-folder).
## Kernel Phase
If the system gets stuck during the kernel phase, you experience multiple symptoms or receive multiple error messages. These error messages include, but aren't limited to, the following examples:
-- A Stop error appears after the splash screen (Windows Logo screen).
+- A Stop error appears after the splash screen (Windows Logo screen).
-- Specific error code is displayed.
+- Specific error code is displayed. For example, `0x00000C2` , `0x0000007B` , or `inaccessible boot device`.
+ - [Advanced troubleshooting for Stop error 7B or Inaccessible_Boot_Device](./troubleshoot-inaccessible-boot-device.md)
+ - [Advanced troubleshooting for Event ID 41 "The system has rebooted without cleanly shutting down first"](troubleshoot-event-id-41-restart.md)
- For example, "0x00000C2" , "0x0000007B" , "inaccessible boot device" and so on.
- - [Advanced troubleshooting for Stop error 7B or Inaccessible_Boot_Device](./troubleshoot-inaccessible-boot-device.md)
- - [Advanced troubleshooting for Event ID 41 "The system has rebooted without cleanly shutting down first"](troubleshoot-event-id-41-restart.md)
+- The screen is stuck at the "spinning wheel" (rolling dots) "system busy" icon.
-- The screen is stuck at the "spinning wheel" (rolling dots) "system busy" icon.
-
-- A black screen appears after the splash screen.
+- A black screen appears after the splash screen.
To troubleshoot these problems, try the following recovery boot options one at a time.
-**Scenario 1: Try to start the computer in Safe mode or Last Known Good Configuration**
+### Scenario 1: Try to start the computer in Safe mode or Last Known Good Configuration
On the **Advanced Boot Options** screen, try to start the computer in **Safe Mode** or **Safe Mode with Networking**. If either of these options works, use Event Viewer to help identify and diagnose the cause of the boot problem. To view events that are recorded in the event logs, follow these steps:
-1. Use one of the following methods to open Event Viewer:
+1. Use one of the following methods to open Event Viewer:
- - Click **Start**, point to **Administrative Tools**, and then click
- **Event Viewer**.
+ - Go to the **Start** menu, select **Administrative Tools**, and then select **Event Viewer**.
- - Start the Event Viewer snap-in in Microsoft Management Console (MMC).
+ - Start the Event Viewer snap-in in Microsoft Management Console (MMC).
-2. In the console tree, expand Event Viewer, and then click the log that you
- want to view. For example, click **System log** or **Application log**.
+2. In the console tree, expand Event Viewer, and then select the log that you want to view. For example, choose **System log** or **Application log**.
-3. In the details pane, double-click the event that you want to view.
+3. In the details pane, open the event that you want to view.
-4. On the **Edit** menu, click **Copy**, open a new document in the program in
- which you want to paste the event (for example, Microsoft Word), and then
- click **Paste**.
-
-5. Use the Up Arrow or Down Arrow key to view the description of the previous
- or next event.
+4. On the **Edit** menu, select **Copy**. Open a new document in the program in which you want to paste the event. For example, Microsoft Word. Then select **Paste**.
+5. Use the up arrow or down arrow key to view the description of the previous or next event.
### Clean boot
-To troubleshoot problems that affect services, do a clean boot by using System Configuration (msconfig).
+To troubleshoot problems that affect services, do a clean boot by using System Configuration (`msconfig`).
Select **Selective startup** to test the services one at a time to determine which one is causing the problem. If you can't find the cause, try including system services. However, in most cases, the problematic service is third-party.
Disable any service that you find to be faulty, and try to start the computer again by selecting **Normal startup**.
-For detailed instructions, see [How to perform a clean boot in Windows](https://support.microsoft.com/help/929135/how-to-perform-a-clean-boot-in-windows).
+For detailed instructions, see [How to perform a clean boot in Windows](https://support.microsoft.com/topic/how-to-perform-a-clean-boot-in-windows-da2f9573-6eec-00ad-2f8a-a97a1807f3dd).
If the computer starts in Disable Driver Signature mode, start the computer in Disable Driver Signature Enforcement mode, and then follow the steps that are documented in the following article to determine which drivers or files require driver signature enforcement:
-[Troubleshooting boot problem caused by missing driver signature (x64)](/archive/blogs/askcore/troubleshooting-boot-issues-due-to-missing-driver-signature-x64)
+[Troubleshooting boot problem caused by missing driver signature (x64)](/archive/blogs/askcore/troubleshooting-boot-issues-due-to-missing-driver-signature-x64)
> [!NOTE]
> If the computer is a domain controller, try Directory Services Restore mode (DSRM).
>
> This method is an important step if you encounter Stop error "0xC00002E1" or "0xC00002E2"
-
-**Examples**
+#### Examples
> [!WARNING]
-> Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these
-problems can be solved. Modify the registry at your own risk.
+> Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft can't guarantee that these problems can be solved. Modify the registry at your own risk.
*Error code INACCESSIBLE_BOOT_DEVICE (STOP 0x7B)*
To troubleshoot this Stop error, follow these steps to filter the drivers:
-1. Go to Windows Recovery Environment (WinRE) by putting an ISO disk of the system in the disk drive. The ISO should be of the same version of Windows or a later version.
+1. Go to Windows Recovery Environment (WinRE) by putting an ISO disk of the system in the disk drive. The ISO should be of the same version of Windows or a later version.
-2. Open the registry.
+2. Open the registry.
-3. Load the system hive, and name it as "test."
+3. Load the system hive, and name it **test**.
-4. Under the following registry subkey, check for lower filter and upper filter items for Non-Microsoft Drivers:
-
- **HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Class**
-
-5. For each third-party driver that you locate, click the upper or lower filter, and then delete the value data.
+4. Under the following registry subkey, check for lower filter and upper filter items for non-Microsoft drivers:
-6. Search through the whole registry for similar items. Process as an appropriate, and then unload the registry hive.
+ `HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class`
-7. Restart the server in Normal mode.
+5. For each third-party driver that you locate, select the upper or lower filter, and then delete the value data.
-For more troubleshooting steps, see the following articles:
+6. Search through the whole registry for similar items. Process as appropriate, and then unload the registry hive.
-- [Advanced troubleshooting for Stop error 7B or Inaccessible_Boot_Device](./troubleshoot-inaccessible-boot-device.md)
+7. Restart the server in Normal mode.
+
+For more troubleshooting steps, see [Advanced troubleshooting for Stop error 7B or Inaccessible_Boot_Device](./troubleshoot-inaccessible-boot-device.md).
To fix problems that occur after you install Windows updates, check for pending updates by using these steps:
@@ -301,16 +274,15 @@ To fix problems that occur after you install Windows updates, check for pending
2. Run the command:
- ```console
+ ```command
DISM /image:C:\ /get-packages
```
3. If there are any pending updates, uninstall them by running the following commands:
- ```console
+ ```command
DISM /image:C:\ /remove-package /packagename: name of the package
- ```
- ```console
+
DISM /Image:C:\ /Cleanup-Image /RevertPendingActions
```
@@ -318,72 +290,67 @@ To fix problems that occur after you install Windows updates, check for pending
If the computer doesn't start, follow these steps:
-1. Open A Command Prompt window in WinRE, and start a text editor, such as Notepad.
+1. Open a command prompt window in WinRE, and start a text editor, such as Notepad.
-2. Navigate to the system drive, and search for windows\winsxs\pending.xml.
+2. Navigate to the system drive, and search for `windows\winsxs\pending.xml`.
-3. If the Pending.xml file is found, rename the file as Pending.xml.old.
+3. If the pending.xml file is found, rename the file as `pending.xml.old`.
-4. Open the registry, and then load the component hive in HKEY_LOCAL_MACHINE as a test.
+4. Open the registry, and then load the component hive in HKEY_LOCAL_MACHINE as test.
-5. Highlight the loaded test hive, and then search for the **pendingxmlidentifier** value.
+5. Highlight the loaded test hive, and then search for the `pendingxmlidentifier` value.
-6. If the **pendingxmlidentifier** value exists, delete the value.
+6. If the `pendingxmlidentifier` value exists, delete it.
-7. Unload the test hive.
+7. Unload the test hive.
-8. Load the system hive, name it as "test".
+8. Load the system hive, name it **test**.
-9. Navigate to the following subkey:
-
- **HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\TrustedInstaller**
-
-10. Change the **Start** value from **1** to **4**
+9. Navigate to the following subkey:
+
+ `HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TrustedInstaller`
+
+10. Change the **Start** value from `1` to `4`.
11. Unload the hive.
12. Try to start the computer.
-If the Stop error occurs late in the startup process, or if the Stop error is still being generated, you can capture a memory dump. A good memory dump can help determine the root cause of the Stop error. For details, see the following articles:
+If the Stop error occurs late in the startup process, or if the Stop error is still being generated, you can capture a memory dump. A good memory dump can help determine the root cause of the Stop error. For more information, see [Generate a kernel or complete crash dump](./generate-kernel-or-complete-crash-dump.md).
-- [Generate a kernel or complete crash dump](./generate-kernel-or-complete-crash-dump.md)
+For more information about page file problems in Windows 10 or Windows Server 2016, see [Introduction to page files](./introduction-page-file.md).
-For more information about page file problems in Windows 10 or Windows Server 2016, see the following article:
-- [Introduction to page files](./introduction-page-file.md)
+For more information about Stop errors, see [Advanced troubleshooting for Stop error or blue screen error issue](./troubleshoot-stop-errors.md).
-For more information about Stop errors, see the following Knowledge Base article:
-- [Advanced troubleshooting for Stop error or blue screen error issue](./troubleshoot-stop-errors.md)
+Sometimes the dump file shows an error that's related to a driver. For example, `windows\system32\drivers\stcvsm.sys` is missing or corrupted. In this instance, follow these guidelines:
-
-If the dump file shows an error that is related to a driver (for example, windows\system32\drivers\stcvsm.sys is missing or corrupted), follow these guidelines:
-
-- Check the functionality that is provided by the driver. If the driver is a third-party boot driver, make sure that you understand what it does.
+- Check the functionality that's provided by the driver. If the driver is a third-party boot driver, make sure that you understand what it does.
- If the driver isn't important and has no dependencies, load the system hive, and then disable the driver.
- If the stop error indicates system file corruption, run the system file checker in offline mode.
- - To do this, open WinRE, open a command prompt, and then run the following command:
+ - To do this action, open WinRE, open a command prompt, and then run the following command:
- ```console
- SFC /Scannow /OffBootDir=C:\ /OffWinDir=C:\Windows
- ```
+ ```command
+ SFC /Scannow /OffBootDir=C:\ /OffWinDir=C:\Windows
+ ```
- For more information, see [Using System File Checker (SFC) To Fix Issues](/archive/blogs/askcore/using-system-file-checker-sfc-to-fix-issues)
+ For more information, see [Using system file checker (SFC) to fix issues](/archive/blogs/askcore/using-system-file-checker-sfc-to-fix-issues).
- - If there's disk corruption, run the check disk command:
+ - If there's disk corruption, run the check disk command:
- ```console
- chkdsk /f /r
- ```
+ ```command
+ chkdsk /f /r
+ ```
- - If the Stop error indicates general registry corruption, or if you believe that new drivers or services were installed, follow these steps:
+- If the Stop error indicates general registry corruption, or if you believe that new drivers or services were installed, follow these steps:
- 1. Start WinRE, and open a Command Prompt window.
- 2. Start a text editor, such as Notepad.
- 3. Navigate to C:\Windows\System32\Config\.
- 4. Rename the all five hives by appending ".old" to the name.
- 5. Copy all the hives from the Regback folder, paste them in the Config folder, and then try to start the computer in Normal mode.
+ 1. Start WinRE, and open a command prompt window.
+ 2. Start a text editor, such as Notepad.
+ 3. Navigate to `C:\Windows\System32\Config\`.
+ 4. Rename the all five hives by appending `.old` to the name.
+ 5. Copy all the hives from the `Regback` folder, paste them in the `Config` folder, and then try to start the computer in Normal mode.
> [!NOTE]
-> Starting in Windows 10, version 1803, Windows no longer automatically backs up the system registry to the RegBack folder.This change is by design, and is intended to help reduce the overall disk footprint size of Windows. To recover a system with a corrupt registry hive, Microsoft recommends that you use a system restore point. For more details, check [this article](/troubleshoot/windows-client/deployment/system-registry-no-backed-up-regback-folder).
+> Starting in Windows 10, version 1803, Windows no longer automatically backs up the system registry to the RegBack folder.This change is by design, and is intended to help reduce the overall disk footprint size of Windows. To recover a system with a corrupt registry hive, Microsoft recommends that you use a system restore point. For more information, see [The system registry is no longer backed up to the RegBack folder starting in Windows 10 version 1803](/troubleshoot/windows-client/deployment/system-registry-no-backed-up-regback-folder).
diff --git a/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md b/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md
index 8ab2aede4e..35484e641a 100644
--- a/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md
+++ b/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md
@@ -3,10 +3,7 @@ title: Advanced Troubleshooting Wireless Network Connectivity
ms.reviewer:
manager: dougeby
description: Learn how to troubleshoot Wi-Fi connections. Troubleshooting Wi-Fi connections requires understanding the basic flow of the Wi-Fi autoconnect state machine.
-keywords: troubleshooting, wireless network connectivity, wireless, Wi-Fi
ms.prod: w10
-ms.mktglfcycl:
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/client-management/change-default-removal-policy-external-storage-media.md b/windows/client-management/change-default-removal-policy-external-storage-media.md
index 8b0e587b74..7a16f17f4d 100644
--- a/windows/client-management/change-default-removal-policy-external-storage-media.md
+++ b/windows/client-management/change-default-removal-policy-external-storage-media.md
@@ -1,15 +1,15 @@
---
title: Windows 10 default media removal policy
-description: In Windows 10, version 1809, the default removal policy for external storage media changed from "Better performance" to "Quick removal."
+description: In Windows 10, version 1809, the default removal policy for external storage media changed from Better performance to Quick removal.
ms.prod: w10
-author: Teresa-Motiv
-ms.author: dougeby
+author: vinaypamnani-msft
+ms.author: vinpa
ms.date: 11/25/2020
ms.topic: article
ms.custom:
-- CI 111493
-- CI 125140
-- CSSTroubleshooting
+ - CI 111493
+ - CI 125140
+ - CSSTroubleshooting
audience: ITPro
ms.localizationpriority: medium
manager: kaushika
diff --git a/windows/client-management/connect-to-remote-aadj-pc.md b/windows/client-management/connect-to-remote-aadj-pc.md
index cf0c18ee1d..50338f7ae8 100644
--- a/windows/client-management/connect-to-remote-aadj-pc.md
+++ b/windows/client-management/connect-to-remote-aadj-pc.md
@@ -1,17 +1,13 @@
---
title: Connect to remote Azure Active Directory-joined PC (Windows)
description: You can use Remote Desktop Connection to connect to an Azure AD-joined PC.
-keywords: ["MDM", "device management", "RDP", "AADJ"]
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: devices
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
-ms.author: dansimp
+ms.author: vinpa
ms.date: 01/18/2022
ms.reviewer:
-manager: dansimp
+manager: aaroncz
ms.topic: article
ms.collection: highpri
---
@@ -66,7 +62,7 @@ Ensure [Remote Credential Guard](/windows/access-protection/remote-credential-gu
- Adding users using policy
- Starting in Windows 10, version 2004, you can add users to the Remote Desktop Users using MDM policies as described in [How to manage the local administrators group on Azure AD joined devices](/azure/active-directory/devices/assign-local-admin#manage-administrator-privileges-using-azure-ad-groups-preview).
+ Starting in Windows 10, version 2004, you can add users to the Remote Desktop Users using MDM policies as described in [How to manage the local administrators group on Azure AD-joined devices](/azure/active-directory/devices/assign-local-admin#manage-administrator-privileges-using-azure-ad-groups-preview).
> [!TIP]
> When you connect to the remote PC, enter your account name in this format: AzureAD\yourloginid@domain.com.
@@ -87,6 +83,9 @@ The table below lists the supported configurations for remotely connecting to an
> [!NOTE]
> If the RDP client is running Windows Server 2016 or Windows Server 2019, to be able to connect to Azure Active Directory-joined PCs, it must [allow Public Key Cryptography Based User-to-User (PKU2U) authentication requests to use online identities](/windows/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities).
+> [!NOTE]
+> When an Azure Active Directory group is added to the Remote Desktop Users group on a Windows device, it isn't honoured when the user that belongs to the Azure AD group logs in through Remote Desktop Protocol (they can't sign in using Remote Desktop Connection). In this scenario, Network Level Authentication should be disabled to run the connection.
+
## Related topics
[How to use Remote Desktop](https://support.microsoft.com/windows/how-to-use-remote-desktop-5fe128d5-8fb1-7a23-3b8a-41e636865e8c)
diff --git a/windows/client-management/data-collection-for-802-authentication.md b/windows/client-management/data-collection-for-802-authentication.md
index 8717d386a2..686860ae52 100644
--- a/windows/client-management/data-collection-for-802-authentication.md
+++ b/windows/client-management/data-collection-for-802-authentication.md
@@ -3,10 +3,7 @@ title: Data collection for troubleshooting 802.1X authentication
ms.reviewer:
manager: dansimp
description: Use the steps in this article to collect data that can be used to troubleshoot 802.1X authentication issues.
-keywords: troubleshooting, data collection, data, 802.1X authentication, authentication, data
ms.prod: w10
-ms.mktglfcycl:
-ms.sitesec: library
author: dansimp
ms.localizationpriority: medium
ms.author: dansimp
diff --git a/windows/client-management/determine-appropriate-page-file-size.md b/windows/client-management/determine-appropriate-page-file-size.md
index 6c0e959124..54cd623df2 100644
--- a/windows/client-management/determine-appropriate-page-file-size.md
+++ b/windows/client-management/determine-appropriate-page-file-size.md
@@ -2,7 +2,6 @@
title: How to determine the appropriate page file size for 64-bit versions of Windows
description: Learn how to determine the appropriate page file size for 64-bit versions of Windows.
ms.prod: w10
-ms.sitesec: library
ms.topic: troubleshooting
author: Deland-Han
ms.localizationpriority: medium
diff --git a/windows/client-management/docfx.json b/windows/client-management/docfx.json
index 85c108b97e..21740e86df 100644
--- a/windows/client-management/docfx.json
+++ b/windows/client-management/docfx.json
@@ -21,6 +21,7 @@
"files": [
"**/*.png",
"**/*.jpg",
+ "**/*.svg",
"**/*.gif"
],
"exclude": [
@@ -41,7 +42,7 @@
"manager": "dansimp",
"feedback_system": "GitHub",
"feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
- "feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
+ "feedback_product_url": "https://support.microsoft.com/windows/send-feedback-to-microsoft-with-the-feedback-hub-app-f59187f8-8739-22d6-ba93-f66612949332",
"_op_documentIdPathDepotMapping": {
"./": {
"depot_name": "MSDN.win-client-management",
diff --git a/windows/client-management/generate-kernel-or-complete-crash-dump.md b/windows/client-management/generate-kernel-or-complete-crash-dump.md
index b3c3a0f026..e631ae9d84 100644
--- a/windows/client-management/generate-kernel-or-complete-crash-dump.md
+++ b/windows/client-management/generate-kernel-or-complete-crash-dump.md
@@ -2,7 +2,6 @@
title: Generate a kernel or complete crash dump
description: Learn how to generate a kernel or complete crash dump, and then use the output to troubleshoot several issues.
ms.prod: w10
-ms.sitesec: library
ms.topic: troubleshooting
author: Deland-Han
ms.localizationpriority: medium
diff --git a/windows/client-management/group-policies-for-enterprise-and-education-editions.md b/windows/client-management/group-policies-for-enterprise-and-education-editions.md
index 3d50f1d30a..44304f2950 100644
--- a/windows/client-management/group-policies-for-enterprise-and-education-editions.md
+++ b/windows/client-management/group-policies-for-enterprise-and-education-editions.md
@@ -2,14 +2,12 @@
title: Group Policy settings that apply only to Windows 10 Enterprise and Education Editions (Windows 10)
description: Use this topic to learn about Group Policy settings that apply only to Windows 10 Enterprise and Windows 10 Education.
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/14/2021
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: troubleshooting
---
diff --git a/windows/client-management/images/quick-assist-get.png b/windows/client-management/images/quick-assist-get.png
new file mode 100644
index 0000000000..fc7ccdd1a4
Binary files /dev/null and b/windows/client-management/images/quick-assist-get.png differ
diff --git a/windows/client-management/img-boot-sequence.md b/windows/client-management/img-boot-sequence.md
deleted file mode 100644
index 6ce343dade..0000000000
--- a/windows/client-management/img-boot-sequence.md
+++ /dev/null
@@ -1,17 +0,0 @@
----
-title: Boot sequence flowchart
-description: View a full-sized view of the boot sequence flowchart. Use the link to return to the Advanced troubleshooting for Windows boot problems article.
-ms.date: 11/16/2018
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
-author: dansimp
-ms.topic: article
-ms.prod: w10
----
-
-# Boot sequence flowchart
-
-Return to: [Advanced troubleshooting for Windows boot problems](advanced-troubleshooting-boot-problems.md)
-
-
diff --git a/windows/client-management/includes/allow-a-shared-books-folder-shortdesc.md b/windows/client-management/includes/allow-a-shared-books-folder-shortdesc.md
index 9b1d7821f3..57b5523dd9 100644
--- a/windows/client-management/includes/allow-a-shared-books-folder-shortdesc.md
+++ b/windows/client-management/includes/allow-a-shared-books-folder-shortdesc.md
@@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
-audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
diff --git a/windows/client-management/includes/allow-address-bar-drop-down-shortdesc.md b/windows/client-management/includes/allow-address-bar-drop-down-shortdesc.md
index 116864a49f..031d179b36 100644
--- a/windows/client-management/includes/allow-address-bar-drop-down-shortdesc.md
+++ b/windows/client-management/includes/allow-address-bar-drop-down-shortdesc.md
@@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
-audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
diff --git a/windows/client-management/includes/allow-adobe-flash-shortdesc.md b/windows/client-management/includes/allow-adobe-flash-shortdesc.md
index dca6cf6233..45365c58bd 100644
--- a/windows/client-management/includes/allow-adobe-flash-shortdesc.md
+++ b/windows/client-management/includes/allow-adobe-flash-shortdesc.md
@@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
-audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
diff --git a/windows/client-management/includes/allow-clearing-browsing-data-on-exit-shortdesc.md b/windows/client-management/includes/allow-clearing-browsing-data-on-exit-shortdesc.md
index af3d4fefef..82ccb5f2ed 100644
--- a/windows/client-management/includes/allow-clearing-browsing-data-on-exit-shortdesc.md
+++ b/windows/client-management/includes/allow-clearing-browsing-data-on-exit-shortdesc.md
@@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
-audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
diff --git a/windows/client-management/includes/allow-configuration-updates-for-books-library-shortdesc.md b/windows/client-management/includes/allow-configuration-updates-for-books-library-shortdesc.md
index 40a927c882..f8b89a8e2e 100644
--- a/windows/client-management/includes/allow-configuration-updates-for-books-library-shortdesc.md
+++ b/windows/client-management/includes/allow-configuration-updates-for-books-library-shortdesc.md
@@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
-audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
diff --git a/windows/client-management/includes/allow-cortana-shortdesc.md b/windows/client-management/includes/allow-cortana-shortdesc.md
index fbfa0f13b0..234b73f7d2 100644
--- a/windows/client-management/includes/allow-cortana-shortdesc.md
+++ b/windows/client-management/includes/allow-cortana-shortdesc.md
@@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
-audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
diff --git a/windows/client-management/includes/allow-developer-tools-shortdesc.md b/windows/client-management/includes/allow-developer-tools-shortdesc.md
index 9d134d4a38..41176ffb3b 100644
--- a/windows/client-management/includes/allow-developer-tools-shortdesc.md
+++ b/windows/client-management/includes/allow-developer-tools-shortdesc.md
@@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
-audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
diff --git a/windows/client-management/includes/allow-extended-telemetry-for-books-tab-shortdesc.md b/windows/client-management/includes/allow-extended-telemetry-for-books-tab-shortdesc.md
index 6fa1849707..3c9d3f6b42 100644
--- a/windows/client-management/includes/allow-extended-telemetry-for-books-tab-shortdesc.md
+++ b/windows/client-management/includes/allow-extended-telemetry-for-books-tab-shortdesc.md
@@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
-audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
diff --git a/windows/client-management/includes/allow-extensions-shortdesc.md b/windows/client-management/includes/allow-extensions-shortdesc.md
index ca5e422178..8276b06760 100644
--- a/windows/client-management/includes/allow-extensions-shortdesc.md
+++ b/windows/client-management/includes/allow-extensions-shortdesc.md
@@ -1,11 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-Microsoft Edge allows users to add or personalize extensions in Microsoft Edge by default. With this policy, you can configure Microsoft to prevent users from adding or personalizing extensions.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge allows users to add or personalize extensions in Microsoft Edge by default. With this policy, you can configure Microsoft to prevent users from adding or personalizing extensions.
diff --git a/windows/client-management/includes/allow-fullscreen-mode-shortdesc.md b/windows/client-management/includes/allow-fullscreen-mode-shortdesc.md
index 06b4e1eb02..8c616dedff 100644
--- a/windows/client-management/includes/allow-fullscreen-mode-shortdesc.md
+++ b/windows/client-management/includes/allow-fullscreen-mode-shortdesc.md
@@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
-audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
diff --git a/windows/client-management/includes/allow-inprivate-browsing-shortdesc.md b/windows/client-management/includes/allow-inprivate-browsing-shortdesc.md
index 4e15608ff7..1340e13406 100644
--- a/windows/client-management/includes/allow-inprivate-browsing-shortdesc.md
+++ b/windows/client-management/includes/allow-inprivate-browsing-shortdesc.md
@@ -1,11 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-By default, Microsoft Edge allows InPrivate browsing, and after closing all InPrivate tabs, Microsoft Edge deletes the browsing data from the device. With this policy, you can configure Microsoft Edge to prevent InPrivate web browsing.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, Microsoft Edge allows InPrivate browsing, and after closing all InPrivate tabs, Microsoft Edge deletes the browsing data from the device. With this policy, you can configure Microsoft Edge to prevent InPrivate web browsing.
diff --git a/windows/client-management/includes/allow-microsoft-compatibility-list-shortdesc.md b/windows/client-management/includes/allow-microsoft-compatibility-list-shortdesc.md
index 46d2b5f57e..35a86bfd85 100644
--- a/windows/client-management/includes/allow-microsoft-compatibility-list-shortdesc.md
+++ b/windows/client-management/includes/allow-microsoft-compatibility-list-shortdesc.md
@@ -1,11 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-During browser navigation, Microsoft Edge checks the Microsoft Compatibility List for websites with known compatibility issues. If found, users are prompted to use Internet Explorer, where the site loads and displays correctly. Periodically during browser navigation, Microsoft Edge downloads the latest version of the list and applies the updates. With this policy, you can configure Microsoft Edge to ignore the compatibility list. You can view the compatibility list at about:compat.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+During browser navigation, Microsoft Edge checks the Microsoft Compatibility List for websites with known compatibility issues. If found, users are prompted to use Internet Explorer, where the site loads and displays correctly. Periodically during browser navigation, Microsoft Edge downloads the latest version of the list and applies the updates. With this policy, you can configure Microsoft Edge to ignore the compatibility list. You can view the compatibility list at about:compat.
diff --git a/windows/client-management/includes/allow-prelaunch-shortdesc.md b/windows/client-management/includes/allow-prelaunch-shortdesc.md
index fcaf11e3ef..a8437f2035 100644
--- a/windows/client-management/includes/allow-prelaunch-shortdesc.md
+++ b/windows/client-management/includes/allow-prelaunch-shortdesc.md
@@ -1,11 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-Microsoft Edge pre-launches as a background process during Windows startup when the system is idle waiting to be launched by the user. Pre-launching helps the performance of Microsoft Edge and minimizes the amount of time required to start Microsoft Edge. You can also configure Microsoft Edge to prevent from pre-launching.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge pre-launches as a background process during Windows startup when the system is idle waiting to be launched by the user. Pre-launching helps the performance of Microsoft Edge and minimizes the amount of time required to start Microsoft Edge. You can also configure Microsoft Edge to prevent from pre-launching.
diff --git a/windows/client-management/includes/allow-printing-shortdesc.md b/windows/client-management/includes/allow-printing-shortdesc.md
index f03766176c..288599efdd 100644
--- a/windows/client-management/includes/allow-printing-shortdesc.md
+++ b/windows/client-management/includes/allow-printing-shortdesc.md
@@ -1,11 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-Microsoft Edge allows users to print web content by default. With this policy, you can configure Microsoft Edge to prevent users from printing web content.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge allows users to print web content by default. With this policy, you can configure Microsoft Edge to prevent users from printing web content.
diff --git a/windows/client-management/includes/allow-saving-history-shortdesc.md b/windows/client-management/includes/allow-saving-history-shortdesc.md
index 822a8f9b81..8f5084cda1 100644
--- a/windows/client-management/includes/allow-saving-history-shortdesc.md
+++ b/windows/client-management/includes/allow-saving-history-shortdesc.md
@@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
-audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
diff --git a/windows/client-management/includes/allow-search-engine-customization-shortdesc.md b/windows/client-management/includes/allow-search-engine-customization-shortdesc.md
index 1ecba430cb..d7acad8b8d 100644
--- a/windows/client-management/includes/allow-search-engine-customization-shortdesc.md
+++ b/windows/client-management/includes/allow-search-engine-customization-shortdesc.md
@@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
-audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
diff --git a/windows/client-management/includes/allow-sideloading-of-extensions-shortdesc.md b/windows/client-management/includes/allow-sideloading-of-extensions-shortdesc.md
index 985741be58..5774f8089e 100644
--- a/windows/client-management/includes/allow-sideloading-of-extensions-shortdesc.md
+++ b/windows/client-management/includes/allow-sideloading-of-extensions-shortdesc.md
@@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
-audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
diff --git a/windows/client-management/includes/allow-tab-preloading-shortdesc.md b/windows/client-management/includes/allow-tab-preloading-shortdesc.md
index 783d8517ed..5008070f5b 100644
--- a/windows/client-management/includes/allow-tab-preloading-shortdesc.md
+++ b/windows/client-management/includes/allow-tab-preloading-shortdesc.md
@@ -1,11 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-Microsoft Edge allows preloading of the Start and New Tab pages during Windows sign in, and each time Microsoft Edge closes by default. Preloading minimizes the amount of time required to start Microsoft Edge and load a new tab. With this policy, you can configure Microsoft Edge to prevent preloading of tabs.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge allows preloading of the Start and New Tab pages during Windows sign-in, and each time Microsoft Edge closes by default. Preloading minimizes the amount of time required to start Microsoft Edge and load a new tab. With this policy, you can configure Microsoft Edge to prevent preloading of tabs.
diff --git a/windows/client-management/includes/allow-web-content-on-new-tab-page-shortdesc.md b/windows/client-management/includes/allow-web-content-on-new-tab-page-shortdesc.md
index eb2a40f269..5d9a75ed5a 100644
--- a/windows/client-management/includes/allow-web-content-on-new-tab-page-shortdesc.md
+++ b/windows/client-management/includes/allow-web-content-on-new-tab-page-shortdesc.md
@@ -1,11 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 11/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-By default, Microsoft Edge loads the default New Tab page and lets the users make changes. If you disable this policy, a blank page loads instead of the New Tab page and prevents users from changing it.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 11/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, Microsoft Edge loads the default New Tab page and lets the users make changes. If you disable this policy, a blank page loads instead of the New Tab page and prevents users from changing it.
diff --git a/windows/client-management/includes/allow-windows-app-to-share-data-users-shortdesc.md b/windows/client-management/includes/allow-windows-app-to-share-data-users-shortdesc.md
index 51e769d22c..2c63762356 100644
--- a/windows/client-management/includes/allow-windows-app-to-share-data-users-shortdesc.md
+++ b/windows/client-management/includes/allow-windows-app-to-share-data-users-shortdesc.md
@@ -1,11 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-With this policy, you can configure Windows 10 to share application data among multiple users on the system and with other instances of that app. Data shared through the SharedLocal folder is available through the Windows.Storage API. If you previously enabled this policy and now want to disable it, any shared app data remains in the SharedLocal folder.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+With this policy, you can configure Windows 10 to share application data among multiple users on the system and with other instances of that app. Data shared through the SharedLocal folder is available through the Windows.Storage API. If you previously enabled this policy and now want to disable it, any shared app data remains in the SharedLocal folder.
diff --git a/windows/client-management/includes/always-show-books-library-shortdesc.md b/windows/client-management/includes/always-show-books-library-shortdesc.md
index 264f64a898..a9e0bdb003 100644
--- a/windows/client-management/includes/always-show-books-library-shortdesc.md
+++ b/windows/client-management/includes/always-show-books-library-shortdesc.md
@@ -1,11 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-Microsoft Edge shows the Books Library only in countries or regions where supported. With this policy, you can configure Microsoft Edge to show the Books Library regardless of the device’s country or region.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge shows the Books Library only in countries or regions where supported. With this policy, you can configure Microsoft Edge to show the Books Library regardless of the device’s country or region.
diff --git a/windows/client-management/includes/configure-additional-search-engines-shortdesc.md b/windows/client-management/includes/configure-additional-search-engines-shortdesc.md
index cd9e9d9751..2560751600 100644
--- a/windows/client-management/includes/configure-additional-search-engines-shortdesc.md
+++ b/windows/client-management/includes/configure-additional-search-engines-shortdesc.md
@@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
-audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
diff --git a/windows/client-management/includes/configure-adobe-flash-click-to-run-setting-shortdesc.md b/windows/client-management/includes/configure-adobe-flash-click-to-run-setting-shortdesc.md
index 0f73c32d5f..d409c6374c 100644
--- a/windows/client-management/includes/configure-adobe-flash-click-to-run-setting-shortdesc.md
+++ b/windows/client-management/includes/configure-adobe-flash-click-to-run-setting-shortdesc.md
@@ -1,11 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-Microsoft Edge supports Adobe Flash as a built-in feature rather than as an external add-on and updates automatically via Windows Update. By default, Microsoft Edge prevents Adobe Flash content from loading automatically, requiring action from the user, for example, clicking the **Click-to-Run** button. Depending on how often the content loads and runs, the sites for the content gets added to the auto-allowed list. Disable this policy if you want Adobe Flash content to load automatically.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge supports Adobe Flash as a built-in feature rather than as an external add-on and updates automatically via Windows Update. By default, Microsoft Edge prevents Adobe Flash content from loading automatically, requiring action from the user, for example, clicking the **Click-to-Run** button. Depending on how often the content loads and runs, the sites for the content gets added to the auto-allowed list. Disable this policy if you want Adobe Flash content to load automatically.
diff --git a/windows/client-management/includes/configure-autofill-shortdesc.md b/windows/client-management/includes/configure-autofill-shortdesc.md
index 94441080d8..74af7970c6 100644
--- a/windows/client-management/includes/configure-autofill-shortdesc.md
+++ b/windows/client-management/includes/configure-autofill-shortdesc.md
@@ -1,11 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-By default, users can choose to use the Autofill feature to populate the form fields automatically. With this policy, you can configure Microsoft Edge, when enabled to use Autofill or, when disabled to prevent using Autofill.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, users can choose to use the Autofill feature to populate the form fields automatically. With this policy, you can configure Microsoft Edge, when enabled to use Autofill or, when disabled to prevent using Autofill.
diff --git a/windows/client-management/includes/configure-browser-telemetry-for-m365-analytics-shortdesc.md b/windows/client-management/includes/configure-browser-telemetry-for-m365-analytics-shortdesc.md
index 90eddc5182..935810a840 100644
--- a/windows/client-management/includes/configure-browser-telemetry-for-m365-analytics-shortdesc.md
+++ b/windows/client-management/includes/configure-browser-telemetry-for-m365-analytics-shortdesc.md
@@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
-audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
diff --git a/windows/client-management/includes/configure-cookies-shortdesc.md b/windows/client-management/includes/configure-cookies-shortdesc.md
index 93152d2e3d..eeb223000b 100644
--- a/windows/client-management/includes/configure-cookies-shortdesc.md
+++ b/windows/client-management/includes/configure-cookies-shortdesc.md
@@ -1,11 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-Microsoft Edge allows all cookies from all websites by default. With this policy, you can configure Microsoft to block only 3rd-party cookies or block all cookies.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge allows all cookies from all websites by default. With this policy, you can configure Microsoft to block only 3rd-party cookies or block all cookies.
diff --git a/windows/client-management/includes/configure-do-not-track-shortdesc.md b/windows/client-management/includes/configure-do-not-track-shortdesc.md
index c5253680b3..d69135a7e9 100644
--- a/windows/client-management/includes/configure-do-not-track-shortdesc.md
+++ b/windows/client-management/includes/configure-do-not-track-shortdesc.md
@@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
-audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
diff --git a/windows/client-management/includes/configure-enterprise-mode-site-list-shortdesc.md b/windows/client-management/includes/configure-enterprise-mode-site-list-shortdesc.md
index d13febee60..f98aa94435 100644
--- a/windows/client-management/includes/configure-enterprise-mode-site-list-shortdesc.md
+++ b/windows/client-management/includes/configure-enterprise-mode-site-list-shortdesc.md
@@ -1,11 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-Microsoft Edge does not support ActiveX controls, Browser Helper Objects, VBScript, or other legacy technology. If you have sites or apps that use this technology, you can configure Microsoft Edge to check the Enterprise Mode Site List XML file that lists the sites and domains with compatibility issues and switch to IE11 automatically. You can use the same site list for both Microsoft Edge and IE11, or you can use separate lists. By default, Microsoft Edge ignores the Enterprise Mode and the Enterprise Mode Site List XML file. In this case, users might experience problems while using legacy apps. These sites and domains must be viewed using Internet Explorer 11 and Enterprise Mode.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge does not support ActiveX controls, Browser Helper Objects, VBScript, or other legacy technology. If you have sites or apps that use this technology, you can configure Microsoft Edge to check the Enterprise Mode Site List XML file that lists the sites and domains with compatibility issues and switch to IE11 automatically. You can use the same site list for both Microsoft Edge and IE11, or you can use separate lists. By default, Microsoft Edge ignores the Enterprise Mode and the Enterprise Mode Site List XML file. In this case, users might experience problems while using legacy apps. These sites and domains must be viewed using Internet Explorer 11 and Enterprise Mode.
diff --git a/windows/client-management/includes/configure-favorites-bar-shortdesc.md b/windows/client-management/includes/configure-favorites-bar-shortdesc.md
index 8f16c20242..661818a582 100644
--- a/windows/client-management/includes/configure-favorites-bar-shortdesc.md
+++ b/windows/client-management/includes/configure-favorites-bar-shortdesc.md
@@ -1,11 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-Microsoft Edge hides the favorites bar by default but shows it on the Start and New Tab pages. Also, by default, the Favorites Bar toggle, in Settings, is set to Off but enabled letting users make changes. With this policy, you can configure Microsoft Edge to either show or hide the Favorites Bar on all pages.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge hides the favorites bar by default but shows it on the Start and New Tab pages. Also, by default, the Favorites Bar toggle, in Settings, is set to Off but enabled letting users make changes. With this policy, you can configure Microsoft Edge to either show or hide the Favorites Bar on all pages.
diff --git a/windows/client-management/includes/configure-favorites-shortdesc.md b/windows/client-management/includes/configure-favorites-shortdesc.md
index 9317df97f3..34e0cded8f 100644
--- a/windows/client-management/includes/configure-favorites-shortdesc.md
+++ b/windows/client-management/includes/configure-favorites-shortdesc.md
@@ -1,11 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-Discontinued in Windows 10, version 1809. Use the **[Provision Favorites](../available-policies.md#provision-favorites)** policy instead.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Discontinued in Windows 10, version 1809. Use the **[Provision Favorites](../available-policies.md#provision-favorites)** policy instead.
diff --git a/windows/client-management/includes/configure-home-button-shortdesc.md b/windows/client-management/includes/configure-home-button-shortdesc.md
index c02a0dcee9..17d1b68784 100644
--- a/windows/client-management/includes/configure-home-button-shortdesc.md
+++ b/windows/client-management/includes/configure-home-button-shortdesc.md
@@ -1,11 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-Microsoft Edge shows the home button and by clicking it the Start page loads by default. With this policy, you can configure the home button to load the New Tab page or a URL defined in the Set Home Button URL policy. You can also configure Microsoft Edge to hide the home button.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge shows the home button and by clicking it the Start page loads by default. With this policy, you can configure the home button to load the New Tab page or a URL defined in the Set Home Button URL policy. You can also configure Microsoft Edge to hide the home button.
diff --git a/windows/client-management/includes/configure-kiosk-mode-shortdesc.md b/windows/client-management/includes/configure-kiosk-mode-shortdesc.md
index 8397ff7c18..b16c3d18e4 100644
--- a/windows/client-management/includes/configure-kiosk-mode-shortdesc.md
+++ b/windows/client-management/includes/configure-kiosk-mode-shortdesc.md
@@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
-audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
diff --git a/windows/client-management/includes/configure-kiosk-reset-after-idle-timeout-shortdesc.md b/windows/client-management/includes/configure-kiosk-reset-after-idle-timeout-shortdesc.md
index 3a7657e544..767c933e7c 100644
--- a/windows/client-management/includes/configure-kiosk-reset-after-idle-timeout-shortdesc.md
+++ b/windows/client-management/includes/configure-kiosk-reset-after-idle-timeout-shortdesc.md
@@ -1,11 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-You can configure Microsoft Edge kiosk mode to reset to the configured start experience after a specified amount of idle time in minutes (0-1440). The reset timer begins after the last user interaction. Once the idle time meets the time specified, a confirmation message prompts the user to continue, and if no user action, Microsoft Edge kiosk mode resets after 30 seconds. Resetting to the configured start experience deletes the current user’s browsing data.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+You can configure Microsoft Edge kiosk mode to reset to the configured start experience after a specified amount of idle time in minutes (0-1440). The reset timer begins after the last user interaction. Once the idle time meets the time specified, a confirmation message prompts the user to continue, and if no user action, Microsoft Edge kiosk mode resets after 30 seconds. Resetting to the configured start experience deletes the current user’s browsing data.
diff --git a/windows/client-management/includes/configure-open-microsoft-edge-with-shortdesc.md b/windows/client-management/includes/configure-open-microsoft-edge-with-shortdesc.md
index 97d9c264c0..26dc5e0d88 100644
--- a/windows/client-management/includes/configure-open-microsoft-edge-with-shortdesc.md
+++ b/windows/client-management/includes/configure-open-microsoft-edge-with-shortdesc.md
@@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
-audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
diff --git a/windows/client-management/includes/configure-password-manager-shortdesc.md b/windows/client-management/includes/configure-password-manager-shortdesc.md
index 0d3bd9b655..f0b41c5b0f 100644
--- a/windows/client-management/includes/configure-password-manager-shortdesc.md
+++ b/windows/client-management/includes/configure-password-manager-shortdesc.md
@@ -1,11 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-By default, Microsoft Edge uses Password Manager automatically, allowing users to manager passwords locally. Disabling this policy restricts Microsoft Edge from using Password Manager. Don’t configure this policy if you want to let users choose to save and manage passwords locally using Password Manager.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, Microsoft Edge uses Password Manager automatically, allowing users to manager passwords locally. Disabling this policy restricts Microsoft Edge from using Password Manager. Don’t configure this policy if you want to let users choose to save and manage passwords locally using Password Manager.
diff --git a/windows/client-management/includes/configure-pop-up-blocker-shortdesc.md b/windows/client-management/includes/configure-pop-up-blocker-shortdesc.md
index d15347179d..a34c788e1e 100644
--- a/windows/client-management/includes/configure-pop-up-blocker-shortdesc.md
+++ b/windows/client-management/includes/configure-pop-up-blocker-shortdesc.md
@@ -1,12 +1,12 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-By default, Microsoft Edge turns off Pop-up Blocker, which opens pop-up windows. Enabling this policy turns on Pop-up Blocker preventing pop-up windows from opening. If you want users to choose to use Pop-up Blocker, don’t configure this policy.
-
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, Microsoft Edge turns off Pop-up Blocker, which opens pop-up windows. Enabling this policy turns on Pop-up Blocker preventing pop-up windows from opening. If you want users to choose to use Pop-up Blocker, don’t configure this policy.
+
diff --git a/windows/client-management/includes/configure-search-suggestions-in-address-bar-shortdesc.md b/windows/client-management/includes/configure-search-suggestions-in-address-bar-shortdesc.md
index 2bdf42c6d3..71b3e06d0d 100644
--- a/windows/client-management/includes/configure-search-suggestions-in-address-bar-shortdesc.md
+++ b/windows/client-management/includes/configure-search-suggestions-in-address-bar-shortdesc.md
@@ -1,11 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-By default, users can choose to see search suggestions in the Address bar of Microsoft Edge. Disabling this policy hides the search suggestions and enabling this policy shows the search suggestions.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, users can choose to see search suggestions in the Address bar of Microsoft Edge. Disabling this policy hides the search suggestions and enabling this policy shows the search suggestions.
diff --git a/windows/client-management/includes/configure-start-pages-shortdesc.md b/windows/client-management/includes/configure-start-pages-shortdesc.md
index e8c18a3d8b..76e4a07003 100644
--- a/windows/client-management/includes/configure-start-pages-shortdesc.md
+++ b/windows/client-management/includes/configure-start-pages-shortdesc.md
@@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
-audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
diff --git a/windows/client-management/includes/configure-windows-defender-smartscreen-shortdesc.md b/windows/client-management/includes/configure-windows-defender-smartscreen-shortdesc.md
index 8eeb1e44a5..1682bc2ca2 100644
--- a/windows/client-management/includes/configure-windows-defender-smartscreen-shortdesc.md
+++ b/windows/client-management/includes/configure-windows-defender-smartscreen-shortdesc.md
@@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
-audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
diff --git a/windows/client-management/includes/disable-lockdown-of-start-pages-shortdesc.md b/windows/client-management/includes/disable-lockdown-of-start-pages-shortdesc.md
index 37156ee3a7..12bcdd34b8 100644
--- a/windows/client-management/includes/disable-lockdown-of-start-pages-shortdesc.md
+++ b/windows/client-management/includes/disable-lockdown-of-start-pages-shortdesc.md
@@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
-audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
diff --git a/windows/client-management/includes/do-not-sync-browser-settings-shortdesc.md b/windows/client-management/includes/do-not-sync-browser-settings-shortdesc.md
index f0cb07d514..b269a7f3e3 100644
--- a/windows/client-management/includes/do-not-sync-browser-settings-shortdesc.md
+++ b/windows/client-management/includes/do-not-sync-browser-settings-shortdesc.md
@@ -1,11 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-By default, the “browser” group syncs automatically between user’s devices and allowing users to choose to make changes. The “browser” group uses the _Sync your Settings_ option in Settings to sync information like history and favorites. Enabling this policy prevents the “browser” group from using the Sync your Settings option. If you want syncing turned off by default but not disabled, select the _Allow users to turn “browser” syncing_ option.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, the “browser” group syncs automatically between user’s devices and allowing users to choose to make changes. The “browser” group uses the _Sync your Settings_ option in Settings to sync information like history and favorites. Enabling this policy prevents the “browser” group from using the Sync your Settings option. If you want syncing turned off by default but not disabled, select the _Allow users to turn “browser” syncing_ option.
diff --git a/windows/client-management/includes/do-not-sync-shortdesc.md b/windows/client-management/includes/do-not-sync-shortdesc.md
index f61cc11548..2fe09c0260 100644
--- a/windows/client-management/includes/do-not-sync-shortdesc.md
+++ b/windows/client-management/includes/do-not-sync-shortdesc.md
@@ -1,11 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-By default, Microsoft Edge turns on the _Sync your settings_ toggle in **Settings > Device sync settings** letting users choose what to sync on their devices. Enabling this policy turns off and disables the _Sync your settings_ toggle preventing the syncing of user’s settings between their devices. If you want syncing turned off by default in Microsoft Edge but not disabled, enable this policy and select the _Allow users to turn syncing on_ option.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, Microsoft Edge turns on the _Sync your settings_ toggle in **Settings > Device sync settings** letting users choose what to sync on their devices. Enabling this policy turns off and disables the _Sync your settings_ toggle preventing the syncing of user’s settings between their devices. If you want syncing turned off by default in Microsoft Edge but not disabled, enable this policy and select the _Allow users to turn syncing on_ option.
diff --git a/windows/client-management/includes/keep-favorites-in-sync-between-ie-and-edge-shortdesc.md b/windows/client-management/includes/keep-favorites-in-sync-between-ie-and-edge-shortdesc.md
index 3bd062d263..0b377e56b6 100644
--- a/windows/client-management/includes/keep-favorites-in-sync-between-ie-and-edge-shortdesc.md
+++ b/windows/client-management/includes/keep-favorites-in-sync-between-ie-and-edge-shortdesc.md
@@ -1,11 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-By default, Microsoft Edge does not sync the user’s favorites between IE and Microsoft Edge. Enabling this policy syncs favorites between Internet Explorer and Microsoft Edge. Changes to favorites in one browser reflect in the other, including additions, deletions, modifications, and ordering of favorites.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, Microsoft Edge does not sync the user’s favorites between IE and Microsoft Edge. Enabling this policy syncs favorites between Internet Explorer and Microsoft Edge. Changes to favorites in one browser reflect in the other, including additions, deletions, modifications, and ordering of favorites.
diff --git a/windows/client-management/includes/microsoft-browser-extension-policy-shortdesc.md b/windows/client-management/includes/microsoft-browser-extension-policy-shortdesc.md
index 05fce92a47..2b26624e8c 100644
--- a/windows/client-management/includes/microsoft-browser-extension-policy-shortdesc.md
+++ b/windows/client-management/includes/microsoft-browser-extension-policy-shortdesc.md
@@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 04/23/2020
ms.reviewer:
-audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
diff --git a/windows/client-management/includes/prevent-access-to-about-flags-page-shortdesc.md b/windows/client-management/includes/prevent-access-to-about-flags-page-shortdesc.md
index f4acce9ce0..d5f609cfa6 100644
--- a/windows/client-management/includes/prevent-access-to-about-flags-page-shortdesc.md
+++ b/windows/client-management/includes/prevent-access-to-about-flags-page-shortdesc.md
@@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
-audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
diff --git a/windows/client-management/includes/prevent-bypassing-windows-defender-prompts-for-files-shortdesc.md b/windows/client-management/includes/prevent-bypassing-windows-defender-prompts-for-files-shortdesc.md
index 3676adbc89..f6b222fde2 100644
--- a/windows/client-management/includes/prevent-bypassing-windows-defender-prompts-for-files-shortdesc.md
+++ b/windows/client-management/includes/prevent-bypassing-windows-defender-prompts-for-files-shortdesc.md
@@ -1,11 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-By default, Microsoft Edge allows users to bypass (ignore) the Windows Defender SmartScreen warnings about potentially malicious files, allowing them to continue downloading the unverified file(s). Enabling this policy prevents users from bypassing the warnings, blocking them from downloading of the unverified file(s).
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, Microsoft Edge allows users to bypass (ignore) the Windows Defender SmartScreen warnings about potentially malicious files, allowing them to continue downloading the unverified file(s). Enabling this policy prevents users from bypassing the warnings, blocking them from downloading of the unverified file(s).
diff --git a/windows/client-management/includes/prevent-bypassing-windows-defender-prompts-for-sites-shortdesc.md b/windows/client-management/includes/prevent-bypassing-windows-defender-prompts-for-sites-shortdesc.md
index 05bae5dac6..d04429bef8 100644
--- a/windows/client-management/includes/prevent-bypassing-windows-defender-prompts-for-sites-shortdesc.md
+++ b/windows/client-management/includes/prevent-bypassing-windows-defender-prompts-for-sites-shortdesc.md
@@ -1,11 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-By default, Microsoft Edge allows users to bypass (ignore) the Windows Defender SmartScreen warnings about potentially malicious sites, allowing them to continue to the site. With this policy though, you can configure Microsoft Edge to prevent users from bypassing the warnings, blocking them from continuing to the site.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, Microsoft Edge allows users to bypass (ignore) the Windows Defender SmartScreen warnings about potentially malicious sites, allowing them to continue to the site. With this policy though, you can configure Microsoft Edge to prevent users from bypassing the warnings, blocking them from continuing to the site.
diff --git a/windows/client-management/includes/prevent-certificate-error-overrides-shortdesc.md b/windows/client-management/includes/prevent-certificate-error-overrides-shortdesc.md
index 675180c666..c73e676517 100644
--- a/windows/client-management/includes/prevent-certificate-error-overrides-shortdesc.md
+++ b/windows/client-management/includes/prevent-certificate-error-overrides-shortdesc.md
@@ -1,11 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-Microsoft Edge, by default, allows overriding of the security warnings to sites that have SSL errors, bypassing or ignoring certificate errors. Enabling this policy prevents overriding of the security warnings.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge, by default, allows overriding of the security warnings to sites that have SSL errors, bypassing or ignoring certificate errors. Enabling this policy prevents overriding of the security warnings.
diff --git a/windows/client-management/includes/prevent-changes-to-favorites-shortdesc.md b/windows/client-management/includes/prevent-changes-to-favorites-shortdesc.md
index 33db87a522..b635ee64e8 100644
--- a/windows/client-management/includes/prevent-changes-to-favorites-shortdesc.md
+++ b/windows/client-management/includes/prevent-changes-to-favorites-shortdesc.md
@@ -1,11 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-By default, users can add, import, and make changes to the Favorites list in Microsoft Edge. Enabling this policy locks down the Favorites list in Microsoft Edge, preventing users from making changes. When enabled, Microsoft Edge turns off the Save a Favorite, Import settings, and context menu items, such as Create a new folder. Enable only this policy or the Keep favorites in sync between Internet Explorer and Microsoft Edge policy. If you enable both, Microsoft Edge prevents users from syncing their favorites between the two browsers.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, users can add, import, and make changes to the Favorites list in Microsoft Edge. Enabling this policy locks down the Favorites list in Microsoft Edge, preventing users from making changes. When enabled, Microsoft Edge turns off the Save a Favorite, Import settings, and context menu items, such as Create a new folder. Enable only this policy or the Keep favorites in sync between Internet Explorer and Microsoft Edge policy. If you enable both, Microsoft Edge prevents users from syncing their favorites between the two browsers.
diff --git a/windows/client-management/includes/prevent-edge-from-gathering-live-tile-info-shortdesc.md b/windows/client-management/includes/prevent-edge-from-gathering-live-tile-info-shortdesc.md
index 30d9a48e8d..bba9ec1ad5 100644
--- a/windows/client-management/includes/prevent-edge-from-gathering-live-tile-info-shortdesc.md
+++ b/windows/client-management/includes/prevent-edge-from-gathering-live-tile-info-shortdesc.md
@@ -1,11 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-By default, Microsoft Edge collects the Live Tile metadata and sends it to Microsoft to help provide users a complete experience when they pin Live Tiles to the Start menu. However, with this policy, you can configure Microsoft Edge to prevent Microsoft from collecting Live Tile metadata, providing users with a limited experience.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, Microsoft Edge collects the Live Tile metadata and sends it to Microsoft to help provide users a complete experience when they pin Live Tiles to the Start menu. However, with this policy, you can configure Microsoft Edge to prevent Microsoft from collecting Live Tile metadata, providing users with a limited experience.
diff --git a/windows/client-management/includes/prevent-first-run-webpage-from-opening-shortdesc.md b/windows/client-management/includes/prevent-first-run-webpage-from-opening-shortdesc.md
index 9ed6170971..c156c94126 100644
--- a/windows/client-management/includes/prevent-first-run-webpage-from-opening-shortdesc.md
+++ b/windows/client-management/includes/prevent-first-run-webpage-from-opening-shortdesc.md
@@ -1,11 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-By default, when launching Microsoft Edge for the first time, the First Run webpage (a welcome page) hosted on Microsoft.com loads automatically via an FWLINK. The welcome page lists the new features and helpful tips of Microsoft Edge. With this policy, you can configure Microsoft Edge to prevent loading the welcome page on first explicit user-launch.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, when launching Microsoft Edge for the first time, the First Run webpage (a welcome page) hosted on Microsoft.com loads automatically via an FWLINK. The welcome page lists the new features and helpful tips of Microsoft Edge. With this policy, you can configure Microsoft Edge to prevent loading the welcome page on first explicit user-launch.
diff --git a/windows/client-management/includes/prevent-turning-off-required-extensions-shortdesc.md b/windows/client-management/includes/prevent-turning-off-required-extensions-shortdesc.md
index b7331dd725..4209d79579 100644
--- a/windows/client-management/includes/prevent-turning-off-required-extensions-shortdesc.md
+++ b/windows/client-management/includes/prevent-turning-off-required-extensions-shortdesc.md
@@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
-audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
diff --git a/windows/client-management/includes/prevent-users-to-turn-on-browser-syncing-shortdesc.md b/windows/client-management/includes/prevent-users-to-turn-on-browser-syncing-shortdesc.md
index e624de62e6..037c535aa8 100644
--- a/windows/client-management/includes/prevent-users-to-turn-on-browser-syncing-shortdesc.md
+++ b/windows/client-management/includes/prevent-users-to-turn-on-browser-syncing-shortdesc.md
@@ -1,11 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-By default, the “browser” group syncs automatically between the user’s devices, letting users make changes. With this policy, though, you can prevent the “browser” group from syncing and prevent users from turning on the _Sync your Settings_ toggle in Settings. If you want syncing turned off by default but not disabled, select the _Allow users to turn “browser” syncing_ option in the Do not sync browser policy. For this policy to work correctly, you must enable the Do not sync browser policy.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, the “browser” group syncs automatically between the user’s devices, letting users make changes. With this policy, though, you can prevent the “browser” group from syncing and prevent users from turning on the _Sync your Settings_ toggle in Settings. If you want syncing turned off by default but not disabled, select the _Allow users to turn “browser” syncing_ option in the Do not sync browser policy. For this policy to work correctly, you must enable the Do not sync browser policy.
diff --git a/windows/client-management/includes/prevent-using-localhost-ip-address-for-webrtc-shortdesc.md b/windows/client-management/includes/prevent-using-localhost-ip-address-for-webrtc-shortdesc.md
index b7b66d315b..fe0bc3c307 100644
--- a/windows/client-management/includes/prevent-using-localhost-ip-address-for-webrtc-shortdesc.md
+++ b/windows/client-management/includes/prevent-using-localhost-ip-address-for-webrtc-shortdesc.md
@@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
-audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
diff --git a/windows/client-management/includes/provision-favorites-shortdesc.md b/windows/client-management/includes/provision-favorites-shortdesc.md
index 2ddbc5c6d7..6f47ca66c4 100644
--- a/windows/client-management/includes/provision-favorites-shortdesc.md
+++ b/windows/client-management/includes/provision-favorites-shortdesc.md
@@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
-audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
diff --git a/windows/client-management/includes/search-provider-discovery-shortdesc.md b/windows/client-management/includes/search-provider-discovery-shortdesc.md
index 8f54c4b93a..8524933996 100644
--- a/windows/client-management/includes/search-provider-discovery-shortdesc.md
+++ b/windows/client-management/includes/search-provider-discovery-shortdesc.md
@@ -1,11 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-Microsoft Edge follows the OpenSearch 1.1 specification to discover and use web search providers. When a user browses to a search service, the OpenSearch description is picked up and saved for later use. Users can then choose to add the search service to use in the Microsoft Edge address bar.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge follows the OpenSearch 1.1 specification to discover and use web search providers. When a user browses to a search service, the OpenSearch description is picked up and saved for later use. Users can then choose to add the search service to use in the Microsoft Edge address bar.
diff --git a/windows/client-management/includes/send-all-intranet-sites-to-ie-shortdesc.md b/windows/client-management/includes/send-all-intranet-sites-to-ie-shortdesc.md
index 787f96dd9b..3b17cd7e5f 100644
--- a/windows/client-management/includes/send-all-intranet-sites-to-ie-shortdesc.md
+++ b/windows/client-management/includes/send-all-intranet-sites-to-ie-shortdesc.md
@@ -1,11 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-By default, all websites, including intranet sites, open in Microsoft Edge automatically. Only enable this policy if there are known compatibility problems with Microsoft Edge. Enabling this policy loads only intranet sites in Internet Explorer 11 automatically.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, all websites, including intranet sites, open in Microsoft Edge automatically. Only enable this policy if there are known compatibility problems with Microsoft Edge. Enabling this policy loads only intranet sites in Internet Explorer 11 automatically.
diff --git a/windows/client-management/includes/set-default-search-engine-shortdesc.md b/windows/client-management/includes/set-default-search-engine-shortdesc.md
index 39b408d1b4..958dd67138 100644
--- a/windows/client-management/includes/set-default-search-engine-shortdesc.md
+++ b/windows/client-management/includes/set-default-search-engine-shortdesc.md
@@ -1,11 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-By default, Microsoft Edge uses the search engine specified in App settings, letting users make changes at any time unless the Allow search engine customization policy is disabled, which restricts users from making changes. With this policy, you can either remove or use the policy-set search engine. When you remove the policy-set search engine, Microsoft Edge uses the specified search engine for the market, which lets users make changes to the default search engine. You can use the policy-set search engine specified in the OpenSearch XML, which prevents users from making changes.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, Microsoft Edge uses the search engine specified in App settings, letting users make changes at any time unless the Allow search engine customization policy is disabled, which restricts users from making changes. With this policy, you can either remove or use the policy-set search engine. When you remove the policy-set search engine, Microsoft Edge uses the specified search engine for the market, which lets users make changes to the default search engine. You can use the policy-set search engine specified in the OpenSearch XML, which prevents users from making changes.
diff --git a/windows/client-management/includes/set-home-button-url-shortdesc.md b/windows/client-management/includes/set-home-button-url-shortdesc.md
index 863cfdf84a..67e62738a6 100644
--- a/windows/client-management/includes/set-home-button-url-shortdesc.md
+++ b/windows/client-management/includes/set-home-button-url-shortdesc.md
@@ -1,11 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-By default, Microsoft Edge shows the home button and loads the Start page, and locks down the home button to prevent users from changing what page loads. Enabling this policy loads a custom URL for the home button. When you enable this policy, and enable the Configure Home Button policy with the _Show home button & set a specific page_ option selected, a custom URL loads when the user clicks the home button.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, Microsoft Edge shows the home button and loads the Start page, and locks down the home button to prevent users from changing what page loads. Enabling this policy loads a custom URL for the home button. When you enable this policy, and enable the Configure Home Button policy with the _Show home button & set a specific page_ option selected, a custom URL loads when the user clicks the home button.
diff --git a/windows/client-management/includes/set-new-tab-url-shortdesc.md b/windows/client-management/includes/set-new-tab-url-shortdesc.md
index 5062d322e4..a909cbbdc7 100644
--- a/windows/client-management/includes/set-new-tab-url-shortdesc.md
+++ b/windows/client-management/includes/set-new-tab-url-shortdesc.md
@@ -1,11 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-Microsoft Edge loads the default New Tab page by default. Enabling this policy lets you set a New Tab page URL in Microsoft Edge, preventing users from changing it. When you enable this policy, and you disable the Allow web content on New Tab page policy, Microsoft Edge ignores any URL specified in this policy and opens about:blank.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge loads the default New Tab page by default. Enabling this policy lets you set a New Tab page URL in Microsoft Edge, preventing users from changing it. When you enable this policy, and you disable the Allow web content on New Tab page policy, Microsoft Edge ignores any URL specified in this policy and opens about:blank.
diff --git a/windows/client-management/includes/show-message-when-opening-sites-in-ie-shortdesc.md b/windows/client-management/includes/show-message-when-opening-sites-in-ie-shortdesc.md
index 1dc59094fd..5fda91f3db 100644
--- a/windows/client-management/includes/show-message-when-opening-sites-in-ie-shortdesc.md
+++ b/windows/client-management/includes/show-message-when-opening-sites-in-ie-shortdesc.md
@@ -1,10 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-Microsoft Edge does not show a notification before opening sites in Internet Explorer 11. However, with this policy, you can configure Microsoft Edge to display a notification before a site opens in IE11 or let users continue in Microsoft Edge. If you want users to continue in Microsoft Edge, enable this policy to show the _Keep going in Microsoft Edge_ link in the notification. For this policy to work correctly, you must also enable the Configure the Enterprise Mode Site List or Send all intranet sites to Internet Explorer 11, or both.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge does not show a notification before opening sites in Internet Explorer 11. However, with this policy, you can configure Microsoft Edge to display a notification before a site opens in IE11 or let users continue in Microsoft Edge. If you want users to continue in Microsoft Edge, enable this policy to show the _Keep going in Microsoft Edge_ link in the notification. For this policy to work correctly, you must also enable the Configure the Enterprise Mode Site List or Send all intranet sites to Internet Explorer 11, or both.
diff --git a/windows/client-management/includes/unlock-home-button-shortdesc.md b/windows/client-management/includes/unlock-home-button-shortdesc.md
index 0dd37009b6..722998c5bf 100644
--- a/windows/client-management/includes/unlock-home-button-shortdesc.md
+++ b/windows/client-management/includes/unlock-home-button-shortdesc.md
@@ -1,11 +1,11 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-By default, when you enable the Configure Home Button policy or provide a URL in the Set Home Button URL policy, Microsoft Edge locks down the home button to prevent users from changing the settings. When you enable this policy, users can make changes to the home button even if you enabled the Configure Home Button or Set Home Button URL policies.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, when you enable the Configure Home Button policy or provide a URL in the Set Home Button URL policy, Microsoft Edge locks down the home button to prevent users from changing the settings. When you enable this policy, users can make changes to the home button even if you enabled the Configure Home Button or Set Home Button URL policies.
diff --git a/windows/client-management/index.yml b/windows/client-management/index.yml
index 2bb8db6fd8..4dd2469b3f 100644
--- a/windows/client-management/index.yml
+++ b/windows/client-management/index.yml
@@ -18,7 +18,7 @@ metadata:
manager: dougeby
ms.date: 03/28/2022 #Required; mm/dd/yyyy format.
localization_priority: medium
-
+
# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new
landingContent:
@@ -34,7 +34,7 @@ landingContent:
- text: Create mandatory user profiles
url: mandatory-user-profile.md
- text: Mobile device management (MDM)
- url: mdm/index.md
+ url: mdm/index.yml
- text: MDM for device updates
url: mdm/device-update-management.md
- text: Mobile device enrollment
diff --git a/windows/client-management/introduction-page-file.md b/windows/client-management/introduction-page-file.md
index be5ce9c487..af10628683 100644
--- a/windows/client-management/introduction-page-file.md
+++ b/windows/client-management/introduction-page-file.md
@@ -2,7 +2,6 @@
title: Introduction to the page file
description: Learn about the page files in Windows. A page file is an optional, hidden system file on a hard disk.
ms.prod: w10
-ms.sitesec: library
ms.topic: troubleshooting
author: Deland-Han
ms.localizationpriority: medium
diff --git a/windows/client-management/manage-corporate-devices.md b/windows/client-management/manage-corporate-devices.md
index 100a615574..022820d4e9 100644
--- a/windows/client-management/manage-corporate-devices.md
+++ b/windows/client-management/manage-corporate-devices.md
@@ -1,16 +1,12 @@
---
title: Manage corporate devices
description: You can use the same management tools to manage all device types running Windows 10 or Windows 11 desktops, laptops, tablets, and phones.
-ms.assetid: 62D6710C-E59C-4077-9C7E-CE0A92DFC05D
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
-keywords: ["MDM", "device management"]
+manager: aaroncz
+ms.author: vinpa
+keywords: [MDM, device management]
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: devices
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/14/2021
ms.topic: article
@@ -49,11 +45,5 @@ You can use the same management tools to manage all device types running Windows
[Windows 10 (and Windows 11) and Azure Active Directory: Embracing the Cloud](https://go.microsoft.com/fwlink/p/?LinkId=615768)
-Microsoft Virtual Academy course: [System Center 2012 R2 Configuration Manager & Windows Intune](/learn/)
-
-
-
-
-
-
+Microsoft Virtual Academy course: [Configuration Manager & Windows Intune](/learn/)
\ No newline at end of file
diff --git a/windows/client-management/manage-device-installation-with-group-policy.md b/windows/client-management/manage-device-installation-with-group-policy.md
index 29a9358bf0..a78fb7d156 100644
--- a/windows/client-management/manage-device-installation-with-group-policy.md
+++ b/windows/client-management/manage-device-installation-with-group-policy.md
@@ -2,13 +2,11 @@
title: Manage Device Installation with Group Policy (Windows 10 and Windows 11)
description: Find out how to manage Device Installation Restrictions with Group Policy.
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-author: aczechowski
+author: vinaypamnani-msft
ms.date: 09/14/2021
ms.reviewer:
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
---
@@ -20,8 +18,8 @@ ms.topic: article
- Windows 11
- Windows Server 2022
-
## Summary
+
By using Windows operating systems, administrators can determine what devices can be installed on computers they manage. This guide summarizes the device installation process and demonstrates several techniques for controlling device installation by using Group Policy.
## Introduction
@@ -62,7 +60,6 @@ It's more difficult for users to make unauthorized copies of company data if use
You can ensure that users install only those devices that your technical support team is trained and equipped to support. This benefit reduces support costs and user confusion.
-
## Scenario Overview
The scenarios presented in this guide illustrate how you can control device installation and usage on the computers that you manage. The scenarios use Group Policy on a local machine to simplify using the procedures in a lab environment. In an environment where you manage multiple client computers, you should apply these settings using Group Policy.. With Group Policy deployed by Active Directory, you can apply settings to all computers that are members of a domain or an organizational unit in a domain. For more information about how to use Group Policy to manage your client computers, see Group Policy at the Microsoft Web site.
@@ -92,7 +89,6 @@ This scenario, although similar to scenario #2, brings another layer of complexi
In this scenario, combining all previous four scenarios, you'll learn how to protect a machine from all unauthorized USB devices. The administrator wants to allow users to install only a small set of authorized USB devices while preventing any other USB device from being installed. In addition, this scenario includes an explanation of how to apply the ‘prevent’ functionality to existing USB devices that have already been installed on the machine, and the administrator likes to prevent any farther interaction with them (blocking them all together). This scenario builds on the policies and structure we introduced in the first four scenarios and therefore it's preferred to go over them first before attempting this scenario.
-
## Technology Review
The following sections provide a brief overview of the core technologies discussed in this guide and give background information that is necessary to understand the scenarios.
@@ -128,14 +124,14 @@ Hardware IDs are the identifiers that provide the exact match between a device a
Windows uses these identifiers to select a driver if the operating system can't find a match with the device ID or any of the other hardware IDs. Compatible IDs are listed in the order of decreasing suitability. These strings are optional, and, when provided, they're generic, such as Disk. When a match is made using a compatible ID, you can typically use only the most basic functions of the device.
-When you install a device, such as a printer, a USB storage device, or a keyboard, Windows searches for driver packages that match the device you are attempting to install. During this search, Windows assigns a "rank" to each driver package it discovers with at least one match to a hardware or compatible ID. The rank indicates how well the driver matches the device. Lower rank numbers indicate better matches between the driver and the device. A rank of zero represents the best possible match. A match with the device ID to one in the driver package results in a lower (better) rank than a match to one of the other hardware IDs. Similarly, a match to a hardware ID results in a better rank than a match to any of the compatible IDs. After Windows ranks all of the driver packages, it installs the one with the lowest overall rank. For more information about the process of ranking and selecting driver packages, see How Setup Selects Drivers in the Microsoft Docs library.
+When you install a device, such as a printer, a USB storage device, or a keyboard, Windows searches for driver packages that match the device you are attempting to install. During this search, Windows assigns a "rank" to each driver package it discovers with at least one match to a hardware or compatible ID. The rank indicates how well the driver matches the device. Lower rank numbers indicate better matches between the driver and the device. A rank of zero represents the best possible match. A match with the device ID to one in the driver package results in a lower (better) rank than a match to one of the other hardware IDs. Similarly, a match to a hardware ID results in a better rank than a match to any of the compatible IDs. After Windows ranks all of the driver packages, it installs the one with the lowest overall rank. For more information about the process of ranking and selecting driver packages, see [How Windows selects a driver package for a device](/windows-hardware/drivers/install/how-windows-selects-a-driver-for-a-device).
> [!NOTE]
> For more information about the driver installation process, see the "Technology review" section of the Step-by-Step Guide to Driver Signing and Staging.
Some physical devices create one or more logical devices when they're installed. Each logical device might handle part of the functionality of the physical device. For example, a multi-function device, such as an all-in-one scanner/fax/printer, might have a different device identification string for each function.
-When you use Device Installation policies to allow or prevent the installation of a device that uses logical devices, you must allow or prevent all of the device identification strings for that device. For example, if a user attempts to install a multifunction device and you didn't allow or prevent all of the identification strings for both physical and logical devices, you could get unexpected results from the installation attempt. For more detailed information about hardware IDs, see Device Identification Strings in Microsoft Docs.
+When you use Device Installation policies to allow or prevent the installation of a device that uses logical devices, you must allow or prevent all of the device identification strings for that device. For example, if a user attempts to install a multifunction device and you didn't allow or prevent all of the identification strings for both physical and logical devices, you could get unexpected results from the installation attempt. For more detailed information about hardware IDs, see [Device identification strings](/windows-hardware/drivers/install/device-identification-strings).
#### Device setup classes
@@ -145,7 +141,7 @@ When you use device Classes to allow or prevent users from installing drivers, y
For example, a multi-function device, such as an all-in-one scanner/fax/printer, has a GUID for a generic multi-function device, a GUID for the printer function, a GUID for the scanner function, and so on. The GUIDs for the individual functions are "child nodes" under the multi-function device GUID. To install a child node, Windows must also be able to install the parent node. You must allow installation of the device setup class of the parent GUID for the multi-function device in addition to any child GUIDs for the printer and scanner functions.
-For more information, see [Device Setup Classes](/windows-hardware/drivers/install/overview-of-device-setup-classes) in Microsoft Docs.
+For more information, see [Device Setup Classes](/windows-hardware/drivers/install/overview-of-device-setup-classes).
This guide doesn't depict any scenarios that use device setup classes. However, the basic principles demonstrated with device identification strings in this guide also apply to device setup classes. After you discover the device setup class for a specific device, you can then use it in a policy to either allow or prevent installation of drivers for that class of devices.
@@ -156,14 +152,13 @@ The following two links provide the complete list of Device Setup Classes. ‘Sy
#### ‘Removable Device’ Device type
-Some devices could be classified as _Removable Device_. A device is considered _removable_ when the driver for the device to which it's connected indicates that the device is removable. For example, a USB device is reported to be removable by the drivers for the USB hub to which the device is connected.
-
+Some devices could be classified as _Removable Device_. A device is considered _removable_ when the driver for the device to which it's connected indicates that the device is removable. For example, a USB device is reported to be removable by the drivers for the USB hub to which the device is connected.
### Group Policy Settings for Device Installation
Group Policy is an infrastructure that allows you to specify managed configurations for users and computers through Group Policy settings and Group Policy Preferences.
-Device Installation section in Group Policy is a set of policies that control which device could or couldn't be installed on a machine. Whether you want to apply the settings to a stand-alone computer or to many computers in an Active Directory domain, you use the Group Policy Object Editor to configure and apply the policy settings. For more information, see Group Policy Object Editor Technical Reference.
+Device Installation section in Group Policy is a set of policies that control which device could or couldn't be installed on a machine. Whether you want to apply the settings to a stand-alone computer or to many computers in an Active Directory domain, you use the Group Policy Object Editor to configure and apply the policy settings. For more information, see [Group Policy Object Editor](/previous-versions/windows/desktop/Policy/group-policy-object-editor).
The following passages are brief descriptions of the Device Installation policies that are used in this guide.
@@ -212,12 +207,9 @@ This policy setting will change the evaluation order in which Allow and Prevent
> If you disable or don't configure this policy setting, the default evaluation is used. By default, all "Prevent installation..." policy settings have precedence over any other policy setting that allows Windows to install a device.
Some of these policies take precedence over other policies. The flowchart shown below illustrates how Windows processes them to determine whether a user can install a device or not, as shown in Figure below.
-
+
 _Device Installation policies flow chart_
-
-
-
## Requirements for completing the scenarios
### General
@@ -261,7 +253,7 @@ To find device identification strings using Device Manager
3. Device Manager starts and displays a tree representing all of the devices detected on your computer. At the top of the tree is a node with your computers name next to it. Lower nodes represent the various categories of hardware into which your computers devices are grouped.
4. Find the “Printers” section and find the target printer
-
+
 _Selecting the printer in Device Manager_
5. Double-click the printer and move to the ‘Details’ tab.
@@ -275,7 +267,7 @@ To find device identification strings using Device Manager
 _HWID and Compatible ID_
> [!TIP]
- > You can also determine your device identification strings by using the PnPUtil command-line utility. For more information, see [PnPUtil - Windows drivers](/windows-hardware/drivers/devtest/pnputil) in Microsoft Docs.
+ > You can also determine your device identification strings by using the PnPUtil command-line utility. For more information, see [PnPUtil - Windows drivers](/windows-hardware/drivers/devtest/pnputil).
### Getting device identifiers using PnPUtil
@@ -318,7 +310,7 @@ Setting up the environment for the scenario with the following steps:
1. Open Group Policy Editor and navigate to the Device Installation Restriction section.
-2. Disable all previous Device Installation policies, except ‘Apply layered order of evaluation’—although the policy is disabled in default, this policy is recommended to be enabled in most practical applications.
+2. Disable all previous Device Installation policies, except ‘Apply layered order of evaluation’—although the policy is disabled in default, this policy is recommended to be enabled in most practical applications.
3. If there are any enabled policies, changing their status to ‘disabled’, would clear them from all parameters
@@ -335,7 +327,7 @@ Getting the right device identifier to prevent it from being installed:
- [System-Defined Device Setup Classes Available to Vendors - Windows drivers](/windows-hardware/drivers/install/system-defined-device-setup-classes-available-to-vendors)
- [System-Defined Device Setup Classes Reserved for System Use - Windows drivers](/windows-hardware/drivers/install/system-defined-device-setup-classes-reserved-for-system-use)
-3. Our current scenario is focused on preventing all printers from being installed, as such here's the Class GUID for most of printers in the market:
+3. Our current scenario is focused on preventing all printers from being installed, as such here's the Class GUID for most of printers in the market:
> Printers\
> Class = Printer\
@@ -349,7 +341,7 @@ Creating the policy to prevent all printers from being installed:
1. Open Group Policy Object Editor—either click the Start button, type mmc gpedit.msc in the Start Search box, and then press ENTER; or type in the Windows search “Group Policy Editor” and open the UI.
-2. Navigate to the Device Installation Restriction page:
+2. Navigate to the Device Installation Restriction page:
> Computer Configuration > Administrative Templates > System > Device Installation > Device Installation Restrictions
@@ -627,12 +619,12 @@ These devices are internal devices on the machine that define the USB port conne
> [!IMPORTANT]
> Some device in the system have several layers of connectivity to define their installation on the system. USB thumb-drives are such devices. Thus, when looking to either block or allow them on a system, it's important to understand the path of connectivity for each device. There are several generic Device IDs that are commonly used in systems and could provide a good start to build an ‘Allow list’ in such cases. See below for the list:
->
-> PCI\CC_0C03; PCI\CC_0C0330; PCI\VEN_8086; PNP0CA1; PNP0CA1&HOST (for Host Controllers)/
+>
+> PCI\CC_0C03; PCI\CC_0C0330; PCI\VEN_8086; PNP0CA1; PNP0CA1&HOST (for Host Controllers)/
> USB\ROOT_HUB30; USB\ROOT_HUB20 (for USB Root Hubs)/
> USB\USB20_HUB (for Generic USB Hubs)/
->
-> Specifically for desktop machines, it's very important to list all the USB devices that your keyboards and mice are connected through in the above list. Failing to do so could block a user from accessing its machine through HID devices.
+>
+> Specifically for desktop machines, it's very important to list all the USB devices that your keyboards and mice are connected through in the above list. Failing to do so could block a user from accessing its machine through HID devices.
>
> Different PC manufacturers sometimes have different ways to nest USB devices in the PnP tree, but in general this is how it's done.
diff --git a/windows/client-management/manage-settings-app-with-group-policy.md b/windows/client-management/manage-settings-app-with-group-policy.md
index 56a3adc040..d78eac22f8 100644
--- a/windows/client-management/manage-settings-app-with-group-policy.md
+++ b/windows/client-management/manage-settings-app-with-group-policy.md
@@ -2,13 +2,11 @@
title: Manage the Settings app with Group Policy (Windows 10 and Windows 11)
description: Find out how to manage the Settings app with Group Policy so you can hide specific pages from users.
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/14/2021
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
---
diff --git a/windows/client-management/manage-windows-10-in-your-organization-modern-management.md b/windows/client-management/manage-windows-10-in-your-organization-modern-management.md
index cc38c493dd..367392eba4 100644
--- a/windows/client-management/manage-windows-10-in-your-organization-modern-management.md
+++ b/windows/client-management/manage-windows-10-in-your-organization-modern-management.md
@@ -1,140 +1,136 @@
---
title: Manage Windows 10 in your organization - transitioning to modern management
-description: This topic offers strategies for deploying and managing Windows 10, including deploying Windows 10 in a mixed environment.
-keywords: ["MDM", "device management", "group policy", "Azure Active Directory"]
+description: This article offers strategies for deploying and managing Windows 10, including deploying Windows 10 in a mixed environment.
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: devices
-author: dansimp
ms.localizationpriority: medium
-ms.date: 04/26/2018
+ms.date: 06/03/2022
+author: vinaypamnani-msft
+ms.author: vinpa
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
-ms.topic: article
+manager: aaroncz
+ms.topic: overview
---
# Manage Windows 10 in your organization - transitioning to modern management
Use of personal devices for work, and employees working outside the office, may be changing how your organization manages devices. Certain parts of your organization might require deep, granular control over devices, while other parts might seek lighter, scenario-based management that empowers the modern workforce. Windows 10 offers the flexibility to respond to these changing requirements, and can easily be deployed in a mixed environment. You can shift the percentage of Windows 10 devices gradually, following the normal upgrade schedules used in your organization.
-Your organization might have considered bringing in Windows 10 devices and downgrading them to Windows 7 until everything is in place for a formal upgrade process. While this downgrade may appear to save costs due to standardization, greater savings can come from avoiding the downgrade and immediately taking advantage of the cost reductions Windows 10 can provide. Because Windows 10 devices can be managed using the same processes and technology as other previous Windows versions, it’s easy for versions to coexist.
+Your organization might have considered bringing in Windows 10 devices and downgrading them to an earlier version of Windows until everything is in place for a formal upgrade process. While this downgrade may appear to save costs due to standardization, greater savings can come from avoiding the downgrade and immediately taking advantage of the cost reductions Windows 10 can provide. Because Windows 10 devices can be managed using the same processes and technology as other previous Windows versions, it's easy for versions to coexist.
-Your organization can support various operating systems across a wide range of device types, and manage them through a common set of tools such as Microsoft Endpoint Configuration Manager, Microsoft Intune, or other third-party products. This “managed diversity” enables you to empower your users to benefit from the productivity enhancements available on their new Windows 10 devices (including rich touch and ink support), while still maintaining your standards for security and manageability. It can help you and your organization benefit from Windows 10 much faster.
+Your organization can support various operating systems across a wide range of device types, and manage them through a common set of tools such as Microsoft Endpoint Configuration Manager, Microsoft Intune, or other third-party products. This "managed diversity" enables you to empower your users to benefit from the productivity enhancements available on their new Windows 10 devices (including rich touch and ink support), while still maintaining your standards for security and manageability. It can help you and your organization benefit from Windows 10 much faster.
This six-minute video demonstrates how users can bring in a new retail device and be up and working with their personalized settings and a managed experience in a few minutes, without being on the corporate network. It also demonstrates how IT can apply policies and configurations to ensure device compliance.
> [!VIDEO https://www.youtube.com/embed/g1rIcBhhxpA]
- >[!NOTE]
- >The video demonstrates the configuration process using the classic Azure portal, which is retired. Customers should use the new Azure portal. [Learn how use the new Azure portal to perform tasks that you used to do in the classic Azure portal.](/information-protection/deploy-use/migrate-portal)
+> [!NOTE]
+> The video demonstrates the configuration process using the classic Azure portal, which is retired. Customers should use the new Azure portal. [Learn how use the new Azure portal to perform tasks that you used to do in the classic Azure portal.](/information-protection/deploy-use/migrate-portal)
-This topic offers guidance on strategies for deploying and managing Windows 10, including deploying Windows 10 in a mixed environment. The topic covers [management options](#reviewing-the-management-options-with-windows-10) plus the four stages of the device lifecycle:
+This article offers guidance on strategies for deploying and managing Windows 10, including deploying Windows 10 in a mixed environment. It covers [management options](#reviewing-the-management-options-with-windows-10) plus the four stages of the device lifecycle:
-- [Deployment and Provisioning](#deployment-and-provisioning)
+- [Deployment and Provisioning](#deployment-and-provisioning)
-- [Identity and Authentication](#identity-and-authentication)
+- [Identity and Authentication](#identity-and-authentication)
-- [Configuration](#settings-and-configuration)
+- [Configuration](#settings-and-configuration)
-- [Updating and Servicing](#updating-and-servicing)
+- [Updating and Servicing](#updating-and-servicing)
## Reviewing the management options with Windows 10
Windows 10 offers a range of management options, as shown in the following diagram:
-
+:::image type="content" source="images/windows-10-management-range-of-options.png" alt-text="Diagram of the path to modern IT." lightbox="images/windows-10-management-range-of-options.png":::
-As indicated in the diagram, Microsoft continues to provide support for deep manageability and security through technologies like Group Policy, Active Directory, and Microsoft Configuration Manager. It also delivers a “mobile-first, cloud-first” approach of simplified, modern management using cloud-based device management solutions such as Microsoft Enterprise Mobility + Security (EMS). Future Windows innovations, delivered through Windows as a Service, are complemented by cloud services like Microsoft Intune, Azure Active Directory, Azure Information Protection, Office 365, and the Microsoft Store for Business.
+As indicated in the diagram, Microsoft continues to provide support for deep manageability and security through technologies like group Policy, Active Directory, and Configuration Manager. It also delivers a "mobile-first, cloud-first" approach of simplified, modern management using cloud-based device management solutions such as Microsoft Enterprise Mobility + Security (EMS). Future Windows innovations, delivered through Windows as a Service, are complemented by cloud services like Microsoft Intune, Azure Active Directory, Azure Information Protection, Office 365, and the Microsoft Store for Business.
-## Deployment and Provisioning
+## Deployment and provisioning
-With Windows 10, you can continue to use traditional OS deployment, but you can also “manage out of the box.” To transform new devices into fully configured, fully managed devices, you can:
+With Windows 10, you can continue to use traditional OS deployment, but you can also "manage out of the box." To transform new devices into fully configured, fully managed devices, you can:
+- Avoid reimaging by using dynamic provisioning, enabled by a cloud-based device management service such as [Windows Autopilot](/mem/autopilot/windows-autopilot) or [Microsoft Intune](/mem/intune/fundamentals/).
-- Avoid reimaging by using dynamic provisioning, enabled by a cloud-based device management services such as [Microsoft Autopilot](/windows/deployment/windows-10-auto-pilot) or [Microsoft Intune](/mem/intune/fundamentals/).
+- Create self-contained provisioning packages built with the Windows Configuration Designer. For more information, see [Provisioning packages for Windows](/windows/configuration/provisioning-packages/provisioning-packages).
-- Create self-contained provisioning packages built with the [Windows Configuration Designer](/windows/configuration/provisioning-packages/provisioning-packages).
+- Use traditional imaging techniques such as deploying custom images using [Configuration Manager](/mem/configmgr/core/understand/introduction).
-- Use traditional imaging techniques such as deploying custom images using [Microsoft Endpoint Configuration Manager](/configmgr/core/understand/introduction).
+You have multiple options for [upgrading to Windows 10](/windows/deployment/windows-10-deployment-scenarios). For existing devices running Windows 8.1, you can use the robust in-place upgrade process for a fast, reliable move to Windows 10 while automatically preserving all the existing apps, data, and settings. This process usage can mean lower deployment costs, and improved productivity as end users can be immediately productive - everything is right where they left it. You can also use a traditional wipe-and-load approach if you prefer, using the same tools that you use today.
-You have multiple options for [upgrading to Windows 10](/windows/deployment/windows-10-deployment-scenarios). For existing devices running Windows 7 or Windows 8.1, you can use the robust in-place upgrade process for a fast, reliable move to Windows 10 while automatically preserving all the existing apps, data, and settings. This process usage can mean lower deployment costs, and improved productivity as end users can be immediately productive – everything is right where they left it. You can also use a traditional wipe-and-load approach if you prefer, using the same tools that you use today with Windows 7.
+## Identity and authentication
-## Identity and Authentication
-
-You can use Windows 10 and services like [Azure Active Directory](/azure/active-directory/fundamentals/active-directory-whatis) in new ways for cloud-based identity, authentication, and management. You can offer your users the ability to **“bring your own device” (BYOD)** or to **“choose your own device” (CYOD)** from a selection you make available. At the same time, you might be managing PCs and tablets that must be domain-joined because of specific applications or resources that are used on them.
+You can use Windows 10 and services like [Azure Active Directory](/azure/active-directory/fundamentals/active-directory-whatis) in new ways for cloud-based identity, authentication, and management. You can offer your users the ability to **"bring your own device" (BYOD)** or to **"choose your own device" (CYOD)** from a selection you make available. At the same time, you might be managing PCs and tablets that must be domain-joined because of specific applications or resources that are used on them.
You can envision user and device management as falling into these two categories:
-- **Corporate (CYOD) or personal (BYOD) devices used by mobile users for SaaS apps such as Office 365.** With Windows 10, your employees can self-provision their devices:
+- **Corporate (CYOD) or personal (BYOD) devices used by mobile users for SaaS apps such as Office 365.** With Windows 10, your employees can self-provision their devices:
- - For corporate devices, they can set up corporate access with [Azure AD Join](/azure/active-directory/devices/overview). When you offer them Azure AD Join with automatic Intune MDM enrollment, they can bring devices into a corporate-managed state in [*one step*](https://techcommunity.microsoft.com/t5/azure-active-directory-identity/windows-10-azure-ad-and-microsoft-intune-automatic-mdm/ba-p/244067), all from the cloud. Azure AD Join is also a great solution for temporary staff, partners, or other part-time employees. These accounts can be kept separate from the on-premises AD domain but still access needed corporate resources.
+ - For corporate devices, they can set up corporate access with [Azure AD join](/azure/active-directory/devices/overview). When you offer them Azure AD Join with automatic Intune MDM enrollment, they can bring devices into a corporate-managed state in [*one step*](https://techcommunity.microsoft.com/t5/azure-active-directory-identity/windows-10-azure-ad-and-microsoft-intune-automatic-mdm/ba-p/244067), all from the cloud.
- - Likewise, for personal devices, employees can use a new, simplified [BYOD experience](/azure/active-directory/devices/overview) to add their work account to Windows, then access work resources on the device.
+ Azure AD join is also a great solution for temporary staff, partners, or other part-time employees. These accounts can be kept separate from the on-premises AD domain but still access needed corporate resources.
-- **Domain joined PCs and tablets used for traditional applications and access to important resources.** These applications and resources may be traditional ones that require authentication or accessing highly sensitive or classified resources on-premises.
- With Windows 10, if you have an on-premises [Active Directory](/windows-server/identity/whats-new-active-directory-domain-services) domain that’s [integrated with Azure AD](/azure/active-directory/devices/hybrid-azuread-join-plan), when employee devices are joined, they automatically register with Azure AD. This registration provides:
+ - Likewise, for personal devices, employees can use a new, simplified [BYOD experience](/azure/active-directory/devices/overview) to add their work account to Windows, then access work resources on the device.
- - Single sign-on to cloud and on-premises resources from everywhere
+- **Domain joined PCs and tablets used for traditional applications and access to important resources.** These applications and resources may be traditional ones that require authentication or accessing highly sensitive or classified resources on-premises.
- - [Enterprise roaming of settings](/azure/active-directory/devices/enterprise-state-roaming-overview)
+ With Windows 10, if you have an on-premises [Active Directory](/windows-server/identity/whats-new-active-directory-domain-services) domain that's [integrated with Azure AD](/azure/active-directory/devices/hybrid-azuread-join-plan), when employee devices are joined, they automatically register with Azure AD. This registration provides:
- - [Conditional access](/azure/active-directory/conditional-access/overview) to corporate resources based on the health or configuration of the device
+ - Single sign-on to cloud and on-premises resources from everywhere
- - [Windows Hello for Business](/windows/security/identity-protection/hello-for-business/hello-identity-verification)
+ - [Enterprise roaming of settings](/azure/active-directory/devices/enterprise-state-roaming-enable)
- - Windows Hello
+ - [Conditional access](/azure/active-directory/conditional-access/overview) to corporate resources based on the health or configuration of the device
- Domain joined PCs and tablets can continue to be managed with the [Configuration Manager](/configmgr/core/understand/introduction) client or Group Policy.
+ - [Windows Hello for Business](/windows/security/identity-protection/hello-for-business/hello-identity-verification)
+
+ - Windows Hello
+
+ Domain joined PCs and tablets can continue to be managed with the [Configuration Manager](/mem/configmgr/core/understand/introduction) client or group policy.
For more information about how Windows 10 and Azure AD optimize access to work resources across a mix of devices and scenarios, see [Using Windows 10 devices in your workplace](/azure/active-directory/devices/overview).
As you review the roles in your organization, you can use the following generalized decision tree to begin to identify users or devices that require domain join. Consider switching the remaining users to Azure AD.
-
+:::image type="content" source="images/windows-10-management-cyod-byod-flow.png" alt-text="Diagram of decision tree for device authentication options." lightbox="images/windows-10-management-cyod-byod-flow.png":::
-## Settings and Configuration
+## Settings and configuration
-Your configuration requirements are defined by multiple factors, including the level of management needed, the devices and data managed, and your industry requirements. Meanwhile, employees are frequently concerned about IT applying strict policies to their personal devices, but they still want access to corporate email and documents. With Windows 10, you can create a consistent set of configurations across PCs, tablets, and phones through the common MDM layer.
+Your configuration requirements are defined by multiple factors, including the level of management needed, the devices and data managed, and your industry requirements. Meanwhile, employees are frequently concerned about IT applying strict policies to their personal devices, but they still want access to corporate email and documents. With Windows 10, you can create a consistent set of configurations across PCs, tablets, and phones through the common MDM layer.
-**MDM**: [MDM](https://www.microsoft.com/cloud-platform/mobile-device-management) gives you a way to configure settings that achieve your administrative intent without exposing every possible setting. (In contrast, Group Policy exposes fine-grained settings that you control individually.) One benefit of MDM is that it enables you to apply broader privacy, security, and application management settings through lighter and more efficient tools. MDM also allows you to target Internet-connected devices to manage policies without using GP that requires on-premises domain-joined devices. This provision makes MDM the best choice for devices that are constantly on the go.
+**MDM**: MDM gives you a way to configure settings that achieve your administrative intent without exposing every possible setting. (In contrast, group policy exposes fine-grained settings that you control individually.) One benefit of MDM is that it enables you to apply broader privacy, security, and application management settings through lighter and more efficient tools. MDM also allows you to target Internet-connected devices to manage policies without using group policy that requires on-premises domain-joined devices. This provision makes MDM the best choice for devices that are constantly on the go.
-**Group Policy** and **Microsoft Endpoint Configuration Manager**: Your organization might still need to manage domain joined computers at a granular level such as Internet Explorer’s 1,500 configurable Group Policy settings. If so, Group Policy and Configuration Manager continue to be excellent management choices:
+**Group policy** and **Configuration Manager**: Your organization might still need to manage domain joined computers at a granular level such as Internet Explorer's 1,500 configurable group policy settings. If so, group policy and Configuration Manager continue to be excellent management choices:
-- Group Policy is the best way to granularly configure domain joined Windows PCs and tablets connected to the corporate network using Windows-based tools. Microsoft continues to add Group Policy settings with each new version of Windows.
+- Group policy is the best way to granularly configure domain joined Windows PCs and tablets connected to the corporate network using Windows-based tools. Microsoft continues to add group policy settings with each new version of Windows.
-- Configuration Manager remains the recommended solution for granular configuration with robust software deployment, Windows updates, and OS deployment.
+- Configuration Manager remains the recommended solution for granular configuration with robust software deployment, Windows updates, and OS deployment.
+## Updating and servicing
-## Updating and Servicing
+With Windows as a Service, your IT department no longer needs to perform complex imaging (wipe-and-load) processes with each new Windows release. Whether on current branch (CB) or current branch for business (CBB), devices receive the latest feature and quality updates through simple - often automatic - patching processes. For more information, see [Windows 10 deployment scenarios](/windows/deployment/windows-10-deployment-scenarios).
-With Windows as a Service, your IT department no longer needs to perform complex imaging (wipe-and-load) processes with each new Windows release. Whether on current branch (CB) or current branch for business (CBB), devices receive the latest feature and quality updates through simple – often automatic – patching processes. For more information, see [Windows 10 deployment scenarios](/windows/deployment/windows-10-deployment-scenarios).
-
-MDM with Intune provide tools for applying Windows updates to client computers in your organization. Configuration Manager allows rich management and tracking capabilities of these updates, including maintenance windows and automatic deployment rules.
+MDM with Intune provide tools for applying Windows updates to client computers in your organization. Configuration Manager allows rich management and tracking capabilities of these updates, including maintenance windows and automatic deployment rules.
## Next steps
There are various steps you can take to begin the process of modernizing device management in your organization:
-**Assess current management practices, and look for investments you might make today.** Which of your current practices need to stay the same, and which can you change? Specifically, what elements of traditional management do you need to retain and where can you modernize? Whether you take steps to minimize custom imaging, re-evaluate settings management, or reassesses authentication and compliance, the benefits can be immediate. You can use the [MDM Migration Analysis Tool (MMAT)](https://aka.ms/mmat) to help determine which Group Policies are set for a target user/computer and cross-reference them against the list of available MDM policies.
+**Assess current management practices, and look for investments you might make today.** Which of your current practices need to stay the same, and which can you change? Specifically, what elements of traditional management do you need to retain and where can you modernize? Whether you take steps to minimize custom imaging, reevaluate settings management, or reassesses authentication and compliance, the benefits can be immediate. You can use [Group policy analytics in Microsoft Endpoint Manager](/mem/intune/configuration/group-policy-analytics) to help determine which group policies supported by cloud-based MDM providers, including Microsoft Intune.
**Assess the different use cases and management needs in your environment.** Are there groups of devices that could benefit from lighter, simplified management? BYOD devices, for example, are natural candidates for cloud-based management. Users or devices handling more highly regulated data might require an on-premises Active Directory domain for authentication. Configuration Manager and EMS provide you the flexibility to stage implementation of modern management scenarios while targeting different devices the way that best suits your business needs.
**Review the decision trees in this article.** With the different options in Windows 10, plus Configuration Manager and Enterprise Mobility + Security, you have the flexibility to handle imaging, authentication, settings, and management tools for any scenario.
-**Take incremental steps.** Moving towards modern device management doesn’t have to be an overnight transformation. New operating systems and devices can be brought in while older ones remain. With this “managed diversity,” users can benefit from productivity enhancements on new Windows 10 devices, while you continue to maintain older devices according to your standards for security and manageability. Starting with Windows 10, version 1803, the new policy [MDMWinsOverGP](./mdm/policy-csp-controlpolicyconflict.md#controlpolicyconflict-mdmwinsovergp) was added to allow MDM policies to take precedence over GP when both GP and its equivalent MDM policies are set on the device. You can start implementing MDM policies while keeping your GP environment. Here's the list of MDM policies with equivalent GP - [Policies supported by GP](./mdm/policy-configuration-service-provider.md)
+**Take incremental steps.** Moving towards modern device management doesn't have to be an overnight transformation. New operating systems and devices can be brought in while older ones remain. With this "managed diversity," users can benefit from productivity enhancements on new Windows 10 devices, while you continue to maintain older devices according to your standards for security and manageability. The CSP policy [MDMWinsOverGP](./mdm/policy-csp-controlpolicyconflict.md#controlpolicyconflict-mdmwinsovergp) allows MDM policies to take precedence over group policy when both group policy and its equivalent MDM policies are set on the device. You can start implementing MDM policies while keeping your group policy environment. For more information, including the list of MDM policies with equivalent group policies, see [Policies supported by group policy](./mdm/policy-configuration-service-provider.md).
+**Optimize your existing investments**. On the road from traditional on-premises management to modern cloud-based management, take advantage of the flexible, hybrid architecture of Configuration Manager and Intune. Co-management enables you to concurrently manage Windows 10 devices by using both Configuration Manager and Intune. For more information, see the following articles:
-**Optimize your existing investments**. On the road from traditional on-premises management to modern cloud-based management, take advantage of the flexible, hybrid architecture of Configuration Manager and Intune. Configuration Manager 1710 onward, co-management enables you to concurrently manage Windows 10 devices by using both Configuration Manager and Intune. See these topics for details:
+- [Co-management for Windows devices](/mem/configmgr/comanage/overview)
+- [Prepare Windows devices for co-management](/mem/configmgr/comanage/how-to-prepare-Win10)
+- [Switch Configuration Manager workloads to Intune](/mem/configmgr/comanage/how-to-switch-workloads)
+- [Co-management dashboard in Configuration Manager](/mem/configmgr/comanage/how-to-monitor)
-- [Co-management for Windows 10 devices](/configmgr/core/clients/manage/co-management-overview)
-- [Prepare Windows 10 devices for co-management](/configmgr/core/clients/manage/co-management-prepare)
-- [Switch Configuration Manager workloads to Intune](/configmgr/core/clients/manage/co-management-switch-workloads)
-- [Co-management dashboard in Configuration Manager](/configmgr/core/clients/manage/co-management-dashboard)
+## Related articles
-## Related topics
-
-- [What is Intune?](/mem/intune/fundamentals/what-is-intune)
-- [Windows 10 Policy CSP](./mdm/policy-configuration-service-provider.md)
-- [Windows 10 Configuration service Providers](./mdm/configuration-service-provider-reference.md)
+- [What is Intune?](/mem/intune/fundamentals/what-is-intune)
+- [Windows 10 policy CSP](./mdm/policy-configuration-service-provider.md)
+- [Windows 10 configuration service providers](./mdm/configuration-service-provider-reference.md)
diff --git a/windows/client-management/mandatory-user-profile.md b/windows/client-management/mandatory-user-profile.md
index d45e85d719..cbf11a9442 100644
--- a/windows/client-management/mandatory-user-profile.md
+++ b/windows/client-management/mandatory-user-profile.md
@@ -1,15 +1,12 @@
---
title: Create mandatory user profiles (Windows 10 and Windows 11)
description: A mandatory user profile is a special type of pre-configured roaming user profile that administrators can use to specify settings for users.
-keywords: [".man","ntuser"]
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-author: dansimp
-ms.author: dansimp
+author: vinaypamnani-msft
+ms.author: vinpa
ms.date: 09/14/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
ms.topic: article
ms.collection: highpri
---
diff --git a/windows/client-management/mdm/Language-pack-management-csp.md b/windows/client-management/mdm/Language-pack-management-csp.md
index 25a95f6c0b..d4a2294c65 100644
--- a/windows/client-management/mdm/Language-pack-management-csp.md
+++ b/windows/client-management/mdm/Language-pack-management-csp.md
@@ -2,12 +2,12 @@
title: Language Pack Management CSP
description: Language Pack Management CSP allows a direct way to provision language packs remotely in Windows 10.
ms.reviewer:
-manager: dansimp
-ms.author: v-nsatapathy
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: nimishasatapathy
+author: vinaypamnani-msft
ms.date: 06/22/2021
---
@@ -18,12 +18,13 @@ The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|Yes|
+|Pro|Yes|Yes|
+|Windows SE|Yes|Yes|
|Business|No|No|
-|Enterprise|No|Yes|
-|Education|No|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
-The Language Pack Management CSP allows a direct way to provision languages remotely in Windows. MDMs like Intune can use management commands remotely to devices to configure language-related settings for System and new users.
+The Language Pack Management CSP allows a way to easily add languages and related language features and manage settings like System Preferred UI Language, System Locale, Input method (Keyboard), Locale, Speech Recognizer, User Preferred Language List. This CSP can be accessed using the new [LanguagePackManagement](/powershell/module/languagepackmanagement) PowerShell module.
1. Enumerate installed languages and features with GET command on the "InstalledLanguages" node. Below are the samples:
@@ -94,4 +95,4 @@ The Language Pack Management CSP allows a direct way to provision languages remo
## Related topics
-[Configuration service provider reference](configuration-service-provider-reference.md)
\ No newline at end of file
+[Configuration service provider reference](configuration-service-provider-reference.md)
diff --git a/windows/client-management/mdm/accountmanagement-csp.md b/windows/client-management/mdm/accountmanagement-csp.md
index b55a87941f..03a75d8a7a 100644
--- a/windows/client-management/mdm/accountmanagement-csp.md
+++ b/windows/client-management/mdm/accountmanagement-csp.md
@@ -1,14 +1,14 @@
---
title: AccountManagement CSP
description: Learn about the AccountManagement CSP, which is used to configure settings in the Account Manager service.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 03/23/2018
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# AccountManagement CSP
diff --git a/windows/client-management/mdm/accountmanagement-ddf.md b/windows/client-management/mdm/accountmanagement-ddf.md
index 51380b7ed8..d425503b6a 100644
--- a/windows/client-management/mdm/accountmanagement-ddf.md
+++ b/windows/client-management/mdm/accountmanagement-ddf.md
@@ -1,14 +1,14 @@
---
title: AccountManagement DDF file
description: View the OMA DM device description framework (DDF) for the AccountManagement configuration service provider. This file is used to configure settings.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 03/23/2018
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# AccountManagement DDF file
diff --git a/windows/client-management/mdm/accounts-csp.md b/windows/client-management/mdm/accounts-csp.md
index 94eba45c92..d447311a4e 100644
--- a/windows/client-management/mdm/accounts-csp.md
+++ b/windows/client-management/mdm/accounts-csp.md
@@ -1,14 +1,14 @@
---
title: Accounts CSP
description: The Accounts configuration service provider (CSP) is used by the enterprise to rename devices, and create local Windows accounts & join them to a group.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 03/27/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Accounts CSP
@@ -19,6 +19,7 @@ The table below shows the applicability of Windows:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/accounts-ddf-file.md b/windows/client-management/mdm/accounts-ddf-file.md
index e522821656..b2bffb3a42 100644
--- a/windows/client-management/mdm/accounts-ddf-file.md
+++ b/windows/client-management/mdm/accounts-ddf-file.md
@@ -1,14 +1,14 @@
---
title: Accounts DDF file
description: View the XML file containing the device description framework (DDF) for the Accounts configuration service provider.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 04/17/2018
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Accounts DDF file
diff --git a/windows/client-management/mdm/activesync-csp.md b/windows/client-management/mdm/activesync-csp.md
index 3cc8bc3399..d174729230 100644
--- a/windows/client-management/mdm/activesync-csp.md
+++ b/windows/client-management/mdm/activesync-csp.md
@@ -1,14 +1,13 @@
---
title: ActiveSync CSP
-description: Learn how the ActiveSync configuration service provider is used to set up and change settings for Exchange ActiveSync.
-ms.assetid: c65093ef-bd36-4f32-9dab-edb7bcfb3188
+description: Learn how the ActiveSync configuration service provider is used to set up and change settings for Exchange ActiveSync.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
@@ -20,6 +19,7 @@ The table below shows the applicability of Windows:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/activesync-ddf-file.md b/windows/client-management/mdm/activesync-ddf-file.md
index 1b592ff96e..323fc038e9 100644
--- a/windows/client-management/mdm/activesync-ddf-file.md
+++ b/windows/client-management/mdm/activesync-ddf-file.md
@@ -1,14 +1,13 @@
---
title: ActiveSync DDF file
description: Learn about the OMA DM device description framework (DDF) for the ActiveSync configuration service provider.
-ms.assetid: c4cd4816-ad8f-45b2-9b81-8abb18254096
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/add-an-azure-ad-tenant-and-azure-ad-subscription.md b/windows/client-management/mdm/add-an-azure-ad-tenant-and-azure-ad-subscription.md
index 3328f5ca2a..f5f05c6ddb 100644
--- a/windows/client-management/mdm/add-an-azure-ad-tenant-and-azure-ad-subscription.md
+++ b/windows/client-management/mdm/add-an-azure-ad-tenant-and-azure-ad-subscription.md
@@ -1,14 +1,13 @@
---
title: Add an Azure AD tenant and Azure AD subscription
description: Here's a step-by-step guide to adding an Azure Active Directory tenant, adding an Azure AD subscription, and registering your subscription.
-ms.assetid: 36D94BEC-A6D8-47D2-A547-EBD7B7D163FA
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/alljoynmanagement-csp.md b/windows/client-management/mdm/alljoynmanagement-csp.md
index 589580af1a..e8aab159fb 100644
--- a/windows/client-management/mdm/alljoynmanagement-csp.md
+++ b/windows/client-management/mdm/alljoynmanagement-csp.md
@@ -1,14 +1,13 @@
---
title: AllJoynManagement CSP
description: The AllJoynManagement configuration service provider (CSP) allows an IT administrator to enumerate the AllJoyn devices that are connected to the AllJoyn bus.
-ms.assetid: 468E0EE5-EED3-48FF-91C0-89F9D159AA8C
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/alljoynmanagement-ddf.md b/windows/client-management/mdm/alljoynmanagement-ddf.md
index 961f8f1183..edc188feac 100644
--- a/windows/client-management/mdm/alljoynmanagement-ddf.md
+++ b/windows/client-management/mdm/alljoynmanagement-ddf.md
@@ -1,14 +1,13 @@
---
title: AllJoynManagement DDF
description: Learn the OMA DM device description framework (DDF) for the AllJoynManagement configuration service provider.
-ms.assetid: 540C2E60-A041-4749-A027-BBAF0BB046E4
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/application-csp.md b/windows/client-management/mdm/application-csp.md
index f09f6f0d3d..466550a3e5 100644
--- a/windows/client-management/mdm/application-csp.md
+++ b/windows/client-management/mdm/application-csp.md
@@ -1,14 +1,13 @@
---
title: APPLICATION CSP
description: Learn how the APPLICATION configuration service provider is used to configure an application transport using Open Mobile Alliance (OMA) Client Provisioning.
-ms.assetid: 0705b5e9-a1e7-4d70-a73d-7f758ffd8099
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
@@ -20,6 +19,7 @@ The table below shows the applicability of Windows:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/applicationcontrol-csp-ddf.md b/windows/client-management/mdm/applicationcontrol-csp-ddf.md
index 2c91bf430b..62648efd94 100644
--- a/windows/client-management/mdm/applicationcontrol-csp-ddf.md
+++ b/windows/client-management/mdm/applicationcontrol-csp-ddf.md
@@ -1,11 +1,11 @@
---
title: ApplicationControl CSP DDF
description: View the OMA DM device description framework (DDF) for the ApplicationControl configuration service provider. DDF files are used only with OMA DM provisioning XML.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 07/10/2019
---
diff --git a/windows/client-management/mdm/applicationcontrol-csp.md b/windows/client-management/mdm/applicationcontrol-csp.md
index 3beb09b98d..e587cf8a3c 100644
--- a/windows/client-management/mdm/applicationcontrol-csp.md
+++ b/windows/client-management/mdm/applicationcontrol-csp.md
@@ -1,12 +1,11 @@
---
title: ApplicationControl CSP
description: The ApplicationControl CSP allows you to manage multiple Windows Defender Application Control (WDAC) policies from an MDM server.
-keywords: security, malware
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.reviewer: jsuther1974
ms.date: 09/10/2020
---
@@ -19,13 +18,14 @@ The table below shows the applicability of Windows:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
Windows Defender Application Control (WDAC) policies can be managed from an MDM server, or locally by using PowerShell via the WMI Bridge through the ApplicationControl configuration service provider (CSP). The ApplicationControl CSP was added in Windows 10, version 1903. This CSP provides expanded diagnostic capabilities and support for [multiple policies](/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies) (introduced in Windows 10, version 1903). It also provides support for rebootless policy deployment (introduced in Windows 10, version 1709). Unlike the [AppLocker CSP](applocker-csp.md), the ApplicationControl CSP correctly detects the presence of no-reboot option and consequently doesn't schedule a reboot.
-Existing WDAC policies deployed using the AppLocker CSP's CodeIntegrity node can now be deployed using the ApplicationControl CSP URI. Although WDAC policy deployment via the AppLocker CSP will continue to be supported, all new feature work will be done in the ApplicationControl CSP only.
+Existing Windows Defender Application Control (WDAC) policies deployed using the AppLocker CSP's CodeIntegrity node can now be deployed using the ApplicationControl CSP URI. Although, WDAC policy deployment via the AppLocker CSP will continue to be supported, all new feature work will be done in the ApplicationControl CSP only.
The following example shows the ApplicationControl CSP in tree format.
@@ -150,9 +150,9 @@ Scope is dynamic. Supported operation is Get.
Value type is char.
-## Microsoft Endpoint Manager (MEM) Intune Usage Guidance
+## Microsoft Endpoint Manager Intune Usage Guidance
-For customers using Intune standalone or hybrid management with Microsoft Endpoint Manager Configuration Manager (MEMCM) to deploy custom policies via the ApplicationControl CSP, refer to [Deploy Windows Defender Application Control policies by using Microsoft Intune](/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune).
+For customers using Intune standalone or hybrid management with Microsoft Endpoint Configuration Manager to deploy custom policies via the ApplicationControl CSP, refer to [Deploy Windows Defender Application Control policies by using Microsoft Intune](/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune).
## Generic MDM Server Usage Guidance
@@ -301,7 +301,7 @@ An example of Delete command is:
## PowerShell and WMI Bridge Usage Guidance
-The ApplicationControl CSP can also be managed locally from PowerShell or via Microsoft Endpoint Manager Configuration Manager's (MEMCM, formerly known as SCCM) task sequence scripting by using the [WMI Bridge Provider](./using-powershell-scripting-with-the-wmi-bridge-provider.md).
+The ApplicationControl CSP can also be managed locally from PowerShell or via Configuration Manager's task sequence scripting by using the [WMI Bridge Provider](./using-powershell-scripting-with-the-wmi-bridge-provider.md).
### Setup for using the WMI Bridge
diff --git a/windows/client-management/mdm/applocker-csp.md b/windows/client-management/mdm/applocker-csp.md
index c70d901cd1..abccc814e8 100644
--- a/windows/client-management/mdm/applocker-csp.md
+++ b/windows/client-management/mdm/applocker-csp.md
@@ -1,14 +1,13 @@
---
title: AppLocker CSP
description: Learn how the AppLocker configuration service provider is used to specify which applications are allowed or disallowed.
-ms.assetid: 32FEA2C9-3CAD-40C9-8E4F-E3C69637580F
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 11/19/2019
---
@@ -20,6 +19,7 @@ The table below shows the applicability of Windows:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/applocker-ddf-file.md b/windows/client-management/mdm/applocker-ddf-file.md
index 2f322128e5..30adaa5b15 100644
--- a/windows/client-management/mdm/applocker-ddf-file.md
+++ b/windows/client-management/mdm/applocker-ddf-file.md
@@ -1,14 +1,13 @@
---
title: AppLocker DDF file
description: Learn about the OMA DM device description framework (DDF) for the AppLocker DDF file configuration service provider.
-ms.assetid: 79E199E0-5454-413A-A57A-B536BDA22496
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/applocker-xsd.md b/windows/client-management/mdm/applocker-xsd.md
index bf80bc1d61..4c9943e332 100644
--- a/windows/client-management/mdm/applocker-xsd.md
+++ b/windows/client-management/mdm/applocker-xsd.md
@@ -1,20 +1,18 @@
---
title: AppLocker XSD
description: View the XSD for the AppLocker CSP. The AppLocker CSP XSD provides an example of how the schema is organized.
-ms.assetid: 70CF48DD-AD7D-4BCF-854F-A41BFD95F876
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
# AppLocker XSD
-
Here's the XSD for the AppLocker CSP.
```xml
diff --git a/windows/client-management/mdm/appv-deploy-and-config.md b/windows/client-management/mdm/appv-deploy-and-config.md
index 79bb949ff1..a407704b93 100644
--- a/windows/client-management/mdm/appv-deploy-and-config.md
+++ b/windows/client-management/mdm/appv-deploy-and-config.md
@@ -1,14 +1,14 @@
---
title: Deploy and configure App-V apps using MDM
description: Configure, deploy, and manage Microsoft Application Virtualization (App-V) apps using Microsoft Endpoint Manager or App-V server.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Deploy and configure App-V apps using MDM
diff --git a/windows/client-management/mdm/assign-seats.md b/windows/client-management/mdm/assign-seats.md
index e99f6fb7de..7394103149 100644
--- a/windows/client-management/mdm/assign-seats.md
+++ b/windows/client-management/mdm/assign-seats.md
@@ -1,14 +1,13 @@
---
title: Assign seat
description: The Assign seat operation assigns seat for a specified user in the Microsoft Store for Business.
-ms.assetid: B42BF490-35C9-405C-B5D6-0D9F0E377552
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/18/2017
---
diff --git a/windows/client-management/mdm/assignedaccess-csp.md b/windows/client-management/mdm/assignedaccess-csp.md
index 5f61ca771d..c0085b11e0 100644
--- a/windows/client-management/mdm/assignedaccess-csp.md
+++ b/windows/client-management/mdm/assignedaccess-csp.md
@@ -2,12 +2,12 @@
title: AssignedAccess CSP
description: The AssignedAccess configuration service provider (CSP) is used set the device to run in kiosk mode.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 05/03/2022
---
@@ -19,6 +19,7 @@ The table below shows the applicability of Windows:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/assignedaccess-ddf.md b/windows/client-management/mdm/assignedaccess-ddf.md
index aee7adb47a..36b3670dac 100644
--- a/windows/client-management/mdm/assignedaccess-ddf.md
+++ b/windows/client-management/mdm/assignedaccess-ddf.md
@@ -1,14 +1,13 @@
---
title: AssignedAccess DDF
-description: Learn about the OMA DM device description framework (DDF) for the AssignedAccess configuration service provider.
-ms.assetid: 224FADDB-0EFD-4E5A-AE20-1BD4ABE24306
+description: Learn how the OMA DM device description framework (DDF) for the AssignedAccess configuration service provider.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 02/22/2018
---
diff --git a/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md b/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md
index a0a4883d44..467e007dd7 100644
--- a/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md
+++ b/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md
@@ -1,14 +1,13 @@
---
title: Azure Active Directory integration with MDM
description: Azure Active Directory is the world largest enterprise cloud identity management service.
-ms.assetid: D03B0765-5B5F-4C7B-9E2B-18E747D504EE
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.collection: highpri
---
@@ -359,7 +358,7 @@ With Azure integrated MDM enrollment, there's no discovery phase and the discove
There are two different MDM enrollment types that integrate with Azure AD, and use Azure AD user and device identities. Depending on the enrollment type, the MDM service may need to manage a single user or multiple users.
-**Multiple user management for Azure AD joined devices**
+**Multiple user management for Azure AD-joined devices**
In this scenario the MDM enrollment applies to every Azure AD user who signs in to the Azure AD joined device - call this enrollment type a device enrollment or a multi-user enrollment. The management server can determine the user identity, determine what policies are targeted for this user, and send corresponding policies to the device. To allow management server to identify current user that is logged on to the device, the OMA DM client uses the Azure AD user tokens. Each management session contains an extra HTTP header that contains an Azure AD user token. This information is provided in the DM package sent to the management server. However, in some circumstances Azure AD user token isn't sent over to the management server. One such scenario happens immediately after MDM enrollments completes during Azure AD join process. Until Azure AD join process is finished and Azure AD user signs on to the machine, Azure AD user token isn't available to OMA-DM process. Typically, MDM enrollment completes before Azure AD user sign in to machine and the initial management session doesn't contain an Azure AD user token. The management server should check if the token is missing and only send device policies in such case. Another possible reason for a missing Azure AD token in the OMA-DM payload is when a guest user is logged on to the device.
**Adding a work account and MDM enrollment to a device**
diff --git a/windows/client-management/mdm/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md b/windows/client-management/mdm/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md
index ce25592491..e54875a1df 100644
--- a/windows/client-management/mdm/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md
+++ b/windows/client-management/mdm/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md
@@ -1,14 +1,14 @@
---
title: Azure AD and Microsoft Intune - Automatic MDM enrollment in the new Portal
description: Azure AD and Microsoft Intune - Automatic MDM enrollment in the new portal
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/18/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Azure AD and Microsoft Intune: Automatic MDM enrollment in the new Portal
diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md
index b4564bd96c..1334adc13d 100644
--- a/windows/client-management/mdm/bitlocker-csp.md
+++ b/windows/client-management/mdm/bitlocker-csp.md
@@ -1,17 +1,18 @@
---
title: BitLocker CSP
description: Learn how the BitLocker configuration service provider (CSP) is used by the enterprise to manage encryption of PCs and devices.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 02/04/2022
ms.reviewer:
-manager: dansimp
+manager: aaroncz
ms.collection: highpri
---
+
# BitLocker CSP
The BitLocker configuration service provider (CSP) is used by the enterprise to manage encryption of PCs and devices. This CSP was added in Windows 10, version 1703. Starting in Windows 10, version 1809, it's also supported in Windows 10 Pro.
@@ -76,6 +77,7 @@ Allows the administrator to require encryption that needs to be turned on by usi
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -136,6 +138,7 @@ Allows you to set the default encryption method for each of the different drive
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -209,6 +212,7 @@ Allows you to associate unique organizational identifiers to a new drive that is
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -266,6 +270,7 @@ Allows users on devices that are compliant with InstantGo or the Microsoft Hardw
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -305,6 +310,7 @@ Allows users to configure whether or not enhanced startup PINs are used with Bit
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -347,6 +353,7 @@ Allows you to configure whether standard users are allowed to change BitLocker P
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -389,6 +396,7 @@ Allows users to enable authentication options that require user input from the p
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -438,6 +446,7 @@ Allows you to configure the encryption type that is used by BitLocker.
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -485,6 +494,7 @@ This setting is a direct mapping to the BitLocker Group Policy "Require addition
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -582,6 +592,7 @@ This setting is a direct mapping to the BitLocker Group Policy "Configure minimu
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -648,6 +659,7 @@ This setting is a direct mapping to the BitLocker Group Policy "Configure pre-bo
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -724,6 +736,7 @@ This setting is a direct mapping to the BitLocker Group Policy "Choose how BitLo
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -741,7 +754,7 @@ ADMX Info:
This setting allows you to control how BitLocker-protected operating system drives are recovered in the absence of required startup key information. This setting is applied when you turn on BitLocker.
-The "OSAllowDRA_Name" (Allow certificate-based data recovery agent) data field is used to specify whether a data recovery agent can be used with BitLocker-protected operating system drives. Before a data recovery agent can be used, it must be added from the Public Key Policies item in either the Group Policy Management Console or the Local Group Policy Editor. For more information about adding data recovery agents, see the BitLocker Drive Encryption Deployment Guide on Microsoft Docs.
+The "OSAllowDRA_Name" (Allow certificate-based data recovery agent) data field is used to specify whether a data recovery agent can be used with BitLocker-protected operating system drives. Before a data recovery agent can be used, it must be added from the Public Key Policies item in either the Group Policy Management Console or the Local Group Policy Editor. For more information about adding data recovery agents, see [BitLocker recovery guide](/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan).
In "OSRecoveryPasswordUsageDropDown_Name" and "OSRecoveryKeyUsageDropDown_Name" (Configure user storage of BitLocker recovery information) set whether users are allowed, required, or not allowed to generate a 48-digit recovery password or a 256-bit recovery key.
@@ -812,6 +825,7 @@ This setting is a direct mapping to the BitLocker Group Policy "Choose how BitLo
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -829,7 +843,7 @@ ADMX Info:
This setting allows you to control how BitLocker-protected fixed data drives are recovered in the absence of the required credentials. This setting is applied when you turn on BitLocker.
-The "FDVAllowDRA_Name" (Allow data recovery agent) data field is used to specify whether a data recovery agent can be used with BitLocker-protected fixed data drives. Before a data recovery agent can be used, it must be added from the Public Key Policies item in either the Group Policy Management Console or the Local Group Policy Editor. For more information about adding data recovery agents, see the BitLocker Drive Encryption Deployment Guide on Microsoft Docs.
+The "FDVAllowDRA_Name" (Allow data recovery agent) data field is used to specify whether a data recovery agent can be used with BitLocker-protected fixed data drives. Before a data recovery agent can be used, it must be added from the Public Key Policies item in either the Group Policy Management Console or the Local Group Policy Editor. For more information about adding data recovery agents, see [BitLocker recovery guide](/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan).
In "FDVRecoveryPasswordUsageDropDown_Name" (Configure user storage of BitLocker recovery information) set whether users are allowed, required, or not allowed to generate a 48-digit recovery password or a 256-bit recovery key.
@@ -903,6 +917,7 @@ This setting is a direct mapping to the BitLocker Group Policy "Deny write acces
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -960,6 +975,7 @@ Allows you to configure the encryption type on fixed data drives that is used by
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1007,6 +1023,7 @@ This setting is a direct mapping to the BitLocker Group Policy "Deny write acces
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1073,6 +1090,7 @@ Allows you to configure the encryption type that is used by BitLocker.
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1114,6 +1132,7 @@ Allows you to control the use of BitLocker on removable data drives.
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1160,7 +1179,7 @@ If you don't configure this policy setting, users can use BitLocker on removable
Allows the admin to disable the warning prompt for other disk encryption on the user machines that are targeted when the RequireDeviceEncryption policy is set to 1.
> [!IMPORTANT]
-> Starting in Windows 10, version 1803, the value 0 can only be set for Azure Active Directory joined devices. When RequireDeviceEncryption is set to 1 and AllowWarningForOtherDiskEncryption is set to 0, Windows will attempt to silently enable [BitLocker](/windows/device-security/bitlocker/bitlocker-overview).
+> Starting in Windows 10, version 1803, the value 0 can only be set for Azure Active Directory-joined devices. When RequireDeviceEncryption is set to 1 and AllowWarningForOtherDiskEncryption is set to 0, Windows will attempt to silently enable [BitLocker](/windows/device-security/bitlocker/bitlocker-overview).
> [!Warning]
> When you enable BitLocker on a device with third-party encryption, it may render the device unusable and require you to reinstall Windows.
@@ -1170,6 +1189,7 @@ Allows the admin to disable the warning prompt for other disk encryption on the
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1178,7 +1198,7 @@ Allows the admin to disable the warning prompt for other disk encryption on the
The following list shows the supported values:
-- 0 – Disables the warning prompt. Starting in Windows 10, version 1803, the value 0 can only be set for Azure Active Directory joined devices. Windows will attempt to silently enable BitLocker for value 0.
+- 0 – Disables the warning prompt. Starting in Windows 10, version 1803, the value 0 can only be set for Azure Active Directory-joined devices. Windows will attempt to silently enable BitLocker for value 0.
- 1 (default) – Warning prompt allowed.
```xml
@@ -1224,6 +1244,7 @@ If "AllowWarningForOtherDiskEncryption" isn't set, or is set to "1", "RequireDev
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1268,6 +1289,7 @@ This setting initiates a client-driven recovery password refresh after an OS dri
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1315,6 +1337,7 @@ Each server-side recovery key rotation is represented by a request ID. The serve
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1325,6 +1348,13 @@ Value type is string.
Supported operation is Execute. Request ID is expected as a parameter.
+> [!NOTE]
+> Key rotation is supported only on these enrollment types. For more information, see [deviceEnrollmentType enum](/graph/api/resources/intune-devices-deviceenrollmenttype).
+> - windowsAzureADJoin.
+> - windowsBulkAzureDomainJoin.
+> - windowsAzureADJoinUsingDeviceAuth.
+> - windowsCoManagement.
+
> [!TIP]
> Key rotation feature will only work when:
>
@@ -1353,6 +1383,7 @@ This node reports compliance state of device encryption on the system.
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1413,6 +1444,7 @@ Status code can be one of the following values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1439,6 +1471,7 @@ This node needs to be queried in synchronization with RotateRecoveryPasswordsSta
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/bitlocker-ddf-file.md b/windows/client-management/mdm/bitlocker-ddf-file.md
index db4049e60e..663e7d623f 100644
--- a/windows/client-management/mdm/bitlocker-ddf-file.md
+++ b/windows/client-management/mdm/bitlocker-ddf-file.md
@@ -1,15 +1,15 @@
---
title: BitLocker DDF file
description: Learn about the OMA DM device description framework (DDF) for the BitLocker configuration service provider.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/30/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# BitLocker DDF file
@@ -646,7 +646,7 @@ The XML below is the current version for this CSP.
1 = This is the default, when the policy is not set. Warning prompt and encryption notification is allowed.
0 = Disables the warning prompt and encryption notification. Starting in Windows 10, next major update,
- the value 0 only takes affect on Azure Active Directory joined devices.
+ the value 0 only takes affect on Azure Active Directory-joined devices.
Windows will attempt to silently enable BitLocker for value 0.
If you want to disable this policy use the following SyncML:
@@ -744,15 +744,15 @@ The XML below is the current version for this CSP.
- Allows Admin to configure Numeric Recovery Password Rotation upon use for OS and fixed drives on AAD and Hybrid domain joined devices.
- When not configured, Rotation is turned on by default for AAD only and off on Hybrid. The Policy will be effective only when
+ Allows Admin to configure Numeric Recovery Password Rotation upon use for OS and fixed drives on Azure Active Directory and Hybrid domain joined devices.
+ When not configured, Rotation is turned on by default for Azure AD only and off on Hybrid. The Policy will be effective only when
Active Directory back up for recovery password is configured to required.
For OS drive: Turn on "Do not enable Bitlocker until recovery information is stored to AD DS for operating system drives"
For Fixed drives: Turn on "Do not enable Bitlocker until recovery information is stored to AD DS for fixed data drives"
Supported Values: 0 - Numeric Recovery Passwords rotation OFF.
- 1 - Numeric Recovery Passwords Rotation upon use ON for AAD joined devices. Default value
- 2 - Numeric Recovery Passwords Rotation upon use ON for both AAD and Hybrid devices
+ 1 - Numeric Recovery Passwords Rotation upon use ON for Azure Active Directory-joined devices. Default value
+ 2 - Numeric Recovery Passwords Rotation upon use ON for both Azure AD and Hybrid devices
If you want to disable this policy use the following SyncML:
@@ -783,7 +783,7 @@ The XML below is the current version for this CSP.
-
+
diff --git a/windows/client-management/mdm/bulk-assign-and-reclaim-seats-from-user.md b/windows/client-management/mdm/bulk-assign-and-reclaim-seats-from-user.md
index a47e4f4613..a02395dea5 100644
--- a/windows/client-management/mdm/bulk-assign-and-reclaim-seats-from-user.md
+++ b/windows/client-management/mdm/bulk-assign-and-reclaim-seats-from-user.md
@@ -1,14 +1,13 @@
---
title: Bulk assign and reclaim seats from users
description: The Bulk assign and reclaim seats from users operation returns reclaimed or assigned seats in the Microsoft Store for Business.
-ms.assetid: 99E2F37D-1FF3-4511-8969-19571656780A
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/18/2017
---
diff --git a/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md b/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md
index 0309b24aad..c54261ccfa 100644
--- a/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md
+++ b/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md
@@ -4,18 +4,16 @@ description: Bulk enrollment is an efficient way to set up a large number of dev
MS-HAID:
- 'p\_phdevicemgmt.bulk\_enrollment'
- 'p\_phDeviceMgmt.bulk\_enrollment\_using\_Windows\_provisioning\_tool'
-ms.assetid: DEB98FF3-CC5C-47A1-9277-9EF939716C87
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
-
# Bulk enrollment
Bulk enrollment is an efficient way to set up a large number of devices to be managed by an MDM server without the need to reimage the devices. In Windows 10 and 11 desktop devices, you can use the [Provisioning CSP](provisioning-csp.md) for bulk enrollment, except for the Azure Active Directory Join (Cloud Domain Join) enrollment scenario.
diff --git a/windows/client-management/mdm/cellularsettings-csp.md b/windows/client-management/mdm/cellularsettings-csp.md
index 668e91047f..6c97d9489d 100644
--- a/windows/client-management/mdm/cellularsettings-csp.md
+++ b/windows/client-management/mdm/cellularsettings-csp.md
@@ -1,14 +1,13 @@
---
title: CellularSettings CSP
description: Learn how the CellularSettings configuration service provider is used to configure cellular settings on a mobile device.
-ms.assetid: ce8b6f16-37ca-4aaf-98b0-306d12e326df
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
@@ -20,6 +19,7 @@ The table below shows the applicability of Windows:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/certificate-authentication-device-enrollment.md b/windows/client-management/mdm/certificate-authentication-device-enrollment.md
index 1d2eebc12f..9ea52d92fc 100644
--- a/windows/client-management/mdm/certificate-authentication-device-enrollment.md
+++ b/windows/client-management/mdm/certificate-authentication-device-enrollment.md
@@ -1,14 +1,13 @@
---
title: Certificate authentication device enrollment
description: This section provides an example of the mobile device enrollment protocol using certificate authentication policy.
-ms.assetid: 57DB3C9E-E4C9-4275-AAB5-01315F9D3910
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/certificate-renewal-windows-mdm.md b/windows/client-management/mdm/certificate-renewal-windows-mdm.md
index 758b284713..96a2369975 100644
--- a/windows/client-management/mdm/certificate-renewal-windows-mdm.md
+++ b/windows/client-management/mdm/certificate-renewal-windows-mdm.md
@@ -4,14 +4,13 @@ description: Learn how to find all the resources that you need to provide contin
MS-HAID:
- 'p\_phdevicemgmt.certificate\_renewal'
- 'p\_phDeviceMgmt.certificate\_renewal\_windows\_mdm'
-ms.assetid: F910C50C-FF67-40B0-AAB0-CA7CE02A9619
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/certificatestore-csp.md b/windows/client-management/mdm/certificatestore-csp.md
index 010ec8b52d..585bfdba94 100644
--- a/windows/client-management/mdm/certificatestore-csp.md
+++ b/windows/client-management/mdm/certificatestore-csp.md
@@ -1,14 +1,13 @@
---
title: CertificateStore CSP
description: Use the CertificateStore configuration service provider (CSP) to add secure socket layers (SSL), intermediate, and self-signed certificates.
-ms.assetid: 0fe28629-3cc3-42a0-91b3-3624c8462fd3
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 02/28/2020
---
@@ -20,6 +19,7 @@ The table below shows the applicability of Windows:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/certificatestore-ddf-file.md b/windows/client-management/mdm/certificatestore-ddf-file.md
index e7ebbe235d..a99edbb1e3 100644
--- a/windows/client-management/mdm/certificatestore-ddf-file.md
+++ b/windows/client-management/mdm/certificatestore-ddf-file.md
@@ -1,14 +1,13 @@
---
title: CertificateStore DDF file
description: Learn about OMA DM device description framework (DDF) for the CertificateStore configuration service provider. DDF files are used with OMA DM provisioning XML.
-ms.assetid: D9A12D4E-3122-45C3-AD12-CC4FFAEC08B8
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/change-history-for-mdm-documentation.md b/windows/client-management/mdm/change-history-for-mdm-documentation.md
index ef943cbe35..a01ff5b853 100644
--- a/windows/client-management/mdm/change-history-for-mdm-documentation.md
+++ b/windows/client-management/mdm/change-history-for-mdm-documentation.md
@@ -1,13 +1,13 @@
---
title: Change history for MDM documentation
description: This article lists new and updated articles for Mobile Device Management.
+author: vinaypamnani-msft
+ms.author: vinpa
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
ms.localizationpriority: medium
ms.date: 10/19/2020
---
@@ -60,7 +60,7 @@ This article lists new and updated articles for the Mobile Device Management (MD
|New or updated article | Description|
|--- | ---|
|[BitLocker CSP](bitlocker-csp.md)|Added the bitmask table for the Status/DeviceEncryptionStatus node.|
-|[Policy CSP - RestrictedGroups](policy-csp-restrictedgroups.md)| Updated the topic with more details. Added policy timeline table.
+|[Policy CSP - RestrictedGroups](policy-csp-restrictedgroups.md)| Updated the topic with more details. Added policy timeline table.
## February 2020
@@ -162,7 +162,7 @@ This article lists new and updated articles for the Mobile Device Management (MD
|--- | ---|
|[Policy CSP - Storage](policy-csp-storage.md)|Added the following new policies: AllowStorageSenseGlobal, ConfigStorageSenseGlobalCadence, AllowStorageSenseTemporaryFilesCleanup, ConfigStorageSenseRecycleBinCleanupThreshold, ConfigStorageSenseDownloadsCleanupThreshold, and ConfigStorageSenseCloudContentCleanupThreshold.|
|[SharedPC CSP](sharedpc-csp.md)|Updated values and supported operations.|
-|[Mobile device management](index.md)|Updated information about MDM Security Baseline.|
+|[Mobile device management](index.yml)|Updated information about MDM Security Baseline.|
## December 2018
@@ -174,7 +174,6 @@ This article lists new and updated articles for the Mobile Device Management (MD
|New or updated article | Description|
|--- | ---|
-|[Mobile device management](index.md#mmat) | Added information about the MDM Migration Analysis Tool (MMAT).|
|[Policy CSP - DeviceGuard](policy-csp-deviceguard.md) | Updated ConfigureSystemGuardLaunch policy and replaced EnableSystemGuard with it.|
## August 2018
@@ -227,7 +226,6 @@ This article lists new and updated articles for the Mobile Device Management (MD
|[WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md)|Added the following node in Windows 10, version 1803:
Settings/AllowVirtualGPU
Settings/SaveFilesToHost|
|[NetworkProxy CSP](networkproxy-csp.md)|Added the following node in Windows 10, version 1803:
ProxySettingsPerUser|
|[Accounts CSP](accounts-csp.md)|Added a new CSP in Windows 10, version 1803.|
-|[MDM Migration Analysis Tool (MMAT)](https://aka.ms/mmat)|Updated version available. MMAT is a tool you can use to determine which Group Policies are set on a target user/computer and cross-reference them against the list of supported MDM policies.|
|[CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download)|Added the DDF download of Windows 10, version 1803 configuration service providers.|
|[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1803:
LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_OutgoingNTLMTrafficToRemoteServers|
diff --git a/windows/client-management/mdm/cleanpc-csp.md b/windows/client-management/mdm/cleanpc-csp.md
index 454f964acd..74cd9636c7 100644
--- a/windows/client-management/mdm/cleanpc-csp.md
+++ b/windows/client-management/mdm/cleanpc-csp.md
@@ -1,14 +1,14 @@
---
title: CleanPC CSP
description: The CleanPC configuration service provider (CSP) allows you to remove user-installed and pre-installed applications, with the option to persist user data.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# CleanPC CSP
@@ -19,6 +19,7 @@ The table below shows the applicability of Windows:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/cleanpc-ddf.md b/windows/client-management/mdm/cleanpc-ddf.md
index 9e4fbdbf1b..9677737584 100644
--- a/windows/client-management/mdm/cleanpc-ddf.md
+++ b/windows/client-management/mdm/cleanpc-ddf.md
@@ -1,14 +1,13 @@
---
title: CleanPC DDF
description: Learn about the OMA DM device description framework (DDF) for the CleanPC configuration service provider. DDF files are used only with OMA DM provisioning XML.
-ms.assetid: A2182898-1577-4675-BAE5-2A3A9C2AAC9B
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/clientcertificateinstall-csp.md b/windows/client-management/mdm/clientcertificateinstall-csp.md
index 028cae12a8..faff015660 100644
--- a/windows/client-management/mdm/clientcertificateinstall-csp.md
+++ b/windows/client-management/mdm/clientcertificateinstall-csp.md
@@ -1,14 +1,13 @@
---
title: ClientCertificateInstall CSP
-description: Learn how the ClientCertificateInstall configuration service provider (CSP) enables the enterprise to install client certificates.
-ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7
+description: The ClientCertificateInstall configuration service provider (CSP) enables the enterprise to install client certificates.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 07/30/2021
---
@@ -20,6 +19,7 @@ The table below shows the applicability of Windows:
|---|---|---|
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -376,7 +376,7 @@ The date type format is Null, meaning this node doesn’t contain a value.
The only supported operation is Execute.
**ClientCertificateInstall/SCEP/*UniqueID*/Install/AADKeyIdentifierList**
-Optional. Specify the Azure AD Key Identifier List as a list of semicolon separated values. On Enroll, the values in this list are validated against the Azure AD Key present on the device. If no match is found, enrollment will fail.
+Optional. Specify the Azure Active Directory Key Identifier List as a list of semicolon separated values. On Enroll, the values in this list are validated against the Azure AD Key present on the device. If no match is found, enrollment will fail.
Data type is string.
diff --git a/windows/client-management/mdm/clientcertificateinstall-ddf-file.md b/windows/client-management/mdm/clientcertificateinstall-ddf-file.md
index 492a95c621..716eff3eef 100644
--- a/windows/client-management/mdm/clientcertificateinstall-ddf-file.md
+++ b/windows/client-management/mdm/clientcertificateinstall-ddf-file.md
@@ -1,20 +1,18 @@
---
title: ClientCertificateInstall DDF file
description: Learn about the OMA DM device description framework (DDF) for the ClientCertificateInstall configuration service provider.
-ms.assetid: 7F65D045-A750-4CDE-A1CE-7D152AA060CA
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
---
# ClientCertificateInstall DDF file
-
This topic shows the OMA DM device description framework (DDF) for the **ClientCertificateInstall** configuration service provider. DDF files are used only with OMA DM provisioning XML.
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
@@ -931,7 +929,7 @@ Supported operation is Exec.
- Optional. Specify the AAD Key Identifier List as a semicolon separated values. On Enroll, the values in this list are validated against the AAD Key present on the device. If no match is found, enrollment will fail.
+ Optional. Specify the Azure Active Directory Key Identifier List as a semicolon separated values. On Enroll, the values in this list are validated against the Azure AD Key present on the device. If no match is found, enrollment will fail.
diff --git a/windows/client-management/mdm/cm-cellularentries-csp.md b/windows/client-management/mdm/cm-cellularentries-csp.md
index 2e54d92c4c..910c3b6c31 100644
--- a/windows/client-management/mdm/cm-cellularentries-csp.md
+++ b/windows/client-management/mdm/cm-cellularentries-csp.md
@@ -1,14 +1,13 @@
---
title: CM\_CellularEntries CSP
description: Learn how to configure the General Packet Radio Service (GPRS) entries using the CM\_CellularEntries CSP.
-ms.assetid: f8dac9ef-b709-4b76-b6f5-34c2e6a3c847
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 08/02/2017
---
@@ -20,6 +19,7 @@ The table below shows the applicability of Windows:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/cmpolicy-csp.md b/windows/client-management/mdm/cmpolicy-csp.md
index d1ce18151d..38d7d17625 100644
--- a/windows/client-management/mdm/cmpolicy-csp.md
+++ b/windows/client-management/mdm/cmpolicy-csp.md
@@ -1,14 +1,13 @@
---
title: CMPolicy CSP
description: Learn how the CMPolicy configuration service provider (CSP) is used to define rules that the Connection Manager uses to identify correct connections.
-ms.assetid: 62623915-9747-4eb1-8027-449827b85e6b
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
@@ -20,6 +19,7 @@ The table below shows the applicability of Windows:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/cmpolicyenterprise-csp.md b/windows/client-management/mdm/cmpolicyenterprise-csp.md
index 6f0e51f6ee..8515da3881 100644
--- a/windows/client-management/mdm/cmpolicyenterprise-csp.md
+++ b/windows/client-management/mdm/cmpolicyenterprise-csp.md
@@ -1,14 +1,13 @@
---
title: CMPolicyEnterprise CSP
description: Learn how the CMPolicyEnterprise CSP is used to define rules that the Connection Manager uses to identify the correct connection for a connection request.
-ms.assetid: A0BE3458-ABED-4F80-B467-F842157B94BF
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
@@ -20,6 +19,7 @@ The table below shows the applicability of Windows:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|No|No|
|Education|No|No|
diff --git a/windows/client-management/mdm/cmpolicyenterprise-ddf-file.md b/windows/client-management/mdm/cmpolicyenterprise-ddf-file.md
index d0ca95bb1d..47fd1ec39d 100644
--- a/windows/client-management/mdm/cmpolicyenterprise-ddf-file.md
+++ b/windows/client-management/mdm/cmpolicyenterprise-ddf-file.md
@@ -1,20 +1,18 @@
---
title: CMPolicyEnterprise DDF file
description: Learn about the OMA DM device description framework (DDF) for the CMPolicyEnterprise configuration service provider.
-ms.assetid: 065EF07A-0CF3-4EE5-B620-3464A75B7EED
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
---
# CMPolicyEnterprise DDF file
-
This topic shows the OMA DM device description framework (DDF) for the **CMPolicyEnterprise** configuration service provider. DDF files are used only with OMA DM provisioning XML.
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
diff --git a/windows/client-management/mdm/config-lock.md b/windows/client-management/mdm/config-lock.md
index a2167e456e..a9339f8e76 100644
--- a/windows/client-management/mdm/config-lock.md
+++ b/windows/client-management/mdm/config-lock.md
@@ -1,12 +1,12 @@
---
title: Secured-core configuration lock
description: A secured-core PC (SCPC) feature that prevents configuration drift from secured-core PC features caused by unintentional misconfiguration.
-manager: dansimp
-ms.author: v-lsaldanha
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w11
ms.technology: windows
-author: lovina-saldanha
+author: vinaypamnani-msft
ms.date: 05/24/2022
---
diff --git a/windows/client-management/mdm/configuration-service-provider-reference.md b/windows/client-management/mdm/configuration-service-provider-reference.md
index d12b45b482..62eca97eea 100644
--- a/windows/client-management/mdm/configuration-service-provider-reference.md
+++ b/windows/client-management/mdm/configuration-service-provider-reference.md
@@ -1,14 +1,13 @@
---
title: Configuration service provider reference
description: A configuration service provider (CSP) is an interface to read, set, modify, or delete configuration settings on the device.
-ms.assetid: 71823658-951f-4163-9c40-c4d4adceaaec
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/18/2020
ms.collection: highpri
---
diff --git a/windows/client-management/mdm/customdeviceui-csp.md b/windows/client-management/mdm/customdeviceui-csp.md
index ba7ddde489..759f17f26a 100644
--- a/windows/client-management/mdm/customdeviceui-csp.md
+++ b/windows/client-management/mdm/customdeviceui-csp.md
@@ -1,14 +1,13 @@
---
title: CustomDeviceUI CSP
description: Learn how the CustomDeviceUI configuration service provider (CSP) allows OEMs to implement their custom foreground application.
-ms.assetid: 20ED1867-7B9E-4455-B397-53B8B15C95A3
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/customdeviceui-ddf.md b/windows/client-management/mdm/customdeviceui-ddf.md
index 40621f8a86..f847a4ba95 100644
--- a/windows/client-management/mdm/customdeviceui-ddf.md
+++ b/windows/client-management/mdm/customdeviceui-ddf.md
@@ -1,20 +1,18 @@
---
title: CustomDeviceUI DDF
description: Learn about the OMA DM device description framework (DDF) for the CustomDeviceUI configuration service provider.
-ms.assetid: E6D6B902-C57C-48A6-9654-CCBA3898455E
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
---
# CustomDeviceUI DDF
-
This topic shows the OMA DM device description framework (DDF) for the **CustomDeviceUI** configuration service provider. DDF files are used only with OMA DM provisioning XML.
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
diff --git a/windows/client-management/mdm/data-structures-windows-store-for-business.md b/windows/client-management/mdm/data-structures-windows-store-for-business.md
index 4621e9a56d..e39e9c9e12 100644
--- a/windows/client-management/mdm/data-structures-windows-store-for-business.md
+++ b/windows/client-management/mdm/data-structures-windows-store-for-business.md
@@ -1,17 +1,16 @@
---
title: Data structures for Microsoft Store for Business
description: Learn about the various data structures for Microsoft Store for Business.
-MS-HAID:
-- 'p\_phdevicemgmt.business\_store\_data\_structures'
-- 'p\_phDeviceMgmt.data\_structures\_windows\_store\_for\_business'
-ms.assetid: ABE44EC8-CBE5-4775-BA8A-4564CB73531B
+MS-HAID:
+ - 'p\_phdevicemgmt.business\_store\_data\_structures'
+ - 'p\_phDeviceMgmt.data\_structures\_windows\_store\_for\_business'
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/18/2017
---
diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md
index 24f01509db..ca3b7ea096 100644
--- a/windows/client-management/mdm/defender-csp.md
+++ b/windows/client-management/mdm/defender-csp.md
@@ -1,14 +1,13 @@
---
title: Defender CSP
description: Learn how the Windows Defender configuration service provider is used to configure various Windows Defender actions across the enterprise.
-ms.assetid: 481AA74F-08B2-4A32-B95D-5A3FD05B335C
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 02/22/2022
---
@@ -19,6 +18,7 @@ ms.date: 02/22/2022
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/defender-ddf.md b/windows/client-management/mdm/defender-ddf.md
index fe6514f5c2..1a99f5c85b 100644
--- a/windows/client-management/mdm/defender-ddf.md
+++ b/windows/client-management/mdm/defender-ddf.md
@@ -1,14 +1,13 @@
---
title: Defender DDF file
description: Learn how the OMA DM device description framework (DDF) for the Defender configuration service provider is used.
-ms.assetid: 39B9E6CF-4857-4199-B3C3-EC740A439F65
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 07/23/2021
---
diff --git a/windows/client-management/mdm/devdetail-csp.md b/windows/client-management/mdm/devdetail-csp.md
index 11a1e2668d..a1b368c716 100644
--- a/windows/client-management/mdm/devdetail-csp.md
+++ b/windows/client-management/mdm/devdetail-csp.md
@@ -1,14 +1,13 @@
---
title: DevDetail CSP
description: Learn how the DevDetail configuration service provider handles the management object. This CSP provides device-specific parameters to the OMA DM server.
-ms.assetid: 719bbd2d-508d-439b-b175-0874c7e6c360
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 03/27/2020
---
@@ -18,6 +17,7 @@ ms.date: 03/27/2020
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/devdetail-ddf-file.md b/windows/client-management/mdm/devdetail-ddf-file.md
index 29a697c6d8..957eb5558f 100644
--- a/windows/client-management/mdm/devdetail-ddf-file.md
+++ b/windows/client-management/mdm/devdetail-ddf-file.md
@@ -1,14 +1,13 @@
---
title: DevDetail DDF file
description: Learn about the OMA DM device description framework (DDF) for the DevDetail configuration service provider.
-ms.assetid: 645fc2b5-2d2c-43b1-9058-26bedbe9f00d
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/03/2020
---
diff --git a/windows/client-management/mdm/developersetup-csp.md b/windows/client-management/mdm/developersetup-csp.md
index b27c178d3c..592432a187 100644
--- a/windows/client-management/mdm/developersetup-csp.md
+++ b/windows/client-management/mdm/developersetup-csp.md
@@ -1,14 +1,13 @@
---
title: DeveloperSetup CSP
description: The DeveloperSetup configuration service provider (CSP) is used to configure developer mode on the device. This CSP was added in the Windows 10, version 1703.
-ms.assetid:
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2018
---
diff --git a/windows/client-management/mdm/developersetup-ddf.md b/windows/client-management/mdm/developersetup-ddf.md
index 13d4a19b6a..ae96fa64df 100644
--- a/windows/client-management/mdm/developersetup-ddf.md
+++ b/windows/client-management/mdm/developersetup-ddf.md
@@ -1,14 +1,13 @@
---
title: DeveloperSetup DDF file
description: This topic shows the OMA DM device description framework (DDF) for the DeveloperSetup configuration service provider. This CSP was added in Windows 10, version 1703.
-ms.assetid:
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/device-update-management.md b/windows/client-management/mdm/device-update-management.md
index 22f1b88991..bd5f317fc2 100644
--- a/windows/client-management/mdm/device-update-management.md
+++ b/windows/client-management/mdm/device-update-management.md
@@ -1,20 +1,17 @@
---
title: Mobile device management MDM for device updates
description: Windows 10 provides several APIs to help mobile device management (MDM) solutions manage updates. Learn how to use these APIs to implement update management.
-ms.assetid: C27BAEE7-2890-4FB7-9549-A6EACC790777
ms.reviewer:
-manager: dansimp
-keywords: mdm,management,administrator
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 11/15/2017
ms.collection: highpri
---
-
# Mobile device management (MDM) for device updates
>[!TIP]
@@ -861,7 +858,7 @@ Here's the list of corresponding Group Policy settings in HKLM\\Software\\Polici
|DeferFeatureUpdates|REG_DWORD|1: defer feature updates
Other value or absent: don’t defer feature updates|
|DeferFeatureUpdatesPeriodInDays|REG_DWORD|0-180: days to defer feature updates|
|PauseFeatureUpdates|REG_DWORD|1: pause feature updates
Other value or absent: don’t pause feature updates|
-|ExcludeWUDriversInQualityUpdate|REG_DWORD|1: exclude WU drivers
Other value or absent: offer WU drivers|
+|ExcludeWUDriversInQualityUpdate|REG_DWORD|1: exclude Windows Update drivers
Other value or absent: offer Windows Update drivers|
Here's the list of older policies that are still supported for backward compatibility. You can use these older policies for Windows 10, version 1511 devices.
diff --git a/windows/client-management/mdm/devicelock-csp.md b/windows/client-management/mdm/devicelock-csp.md
index f0d67e6950..29938e34dc 100644
--- a/windows/client-management/mdm/devicelock-csp.md
+++ b/windows/client-management/mdm/devicelock-csp.md
@@ -1,14 +1,13 @@
---
title: DeviceLock CSP
description: Learn how the DeviceLock configuration service provider (CSP) is used by the enterprise management server to configure device lock related policies.
-ms.assetid: 9a547efb-738e-4677-95d3-5506d350d8ab
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/devicelock-ddf-file.md b/windows/client-management/mdm/devicelock-ddf-file.md
index c396396f46..974d878b01 100644
--- a/windows/client-management/mdm/devicelock-ddf-file.md
+++ b/windows/client-management/mdm/devicelock-ddf-file.md
@@ -1,14 +1,13 @@
---
title: DeviceLock DDF file
description: Learn about the OMA DM device description framework (DDF) for the DeviceLock configuration service provider (CSP).
-ms.assetid: 46a691b9-6350-4987-bfc7-f8b1eece3ad9
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/devicemanageability-csp.md b/windows/client-management/mdm/devicemanageability-csp.md
index a932bc0ed7..b650e3c405 100644
--- a/windows/client-management/mdm/devicemanageability-csp.md
+++ b/windows/client-management/mdm/devicemanageability-csp.md
@@ -1,14 +1,13 @@
---
title: DeviceManageability CSP
-description: Learn how the DeviceManageability configuration service provider (CSP) is used to retrieve general information about MDM configuration capabilities on the device.
-ms.assetid: FE563221-D5B5-4EFD-9B60-44FE4066B0D2
+description: Learn how the DeviceManageability configuration service provider (CSP) is used to retrieve general information about MDM configuration capabilities on the device.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 11/01/2017
---
@@ -20,6 +19,7 @@ The table below shows the applicability of Windows:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/devicemanageability-ddf.md b/windows/client-management/mdm/devicemanageability-ddf.md
index ca69075d3a..23dd9b8cf6 100644
--- a/windows/client-management/mdm/devicemanageability-ddf.md
+++ b/windows/client-management/mdm/devicemanageability-ddf.md
@@ -1,14 +1,13 @@
---
title: DeviceManageability DDF
description: This topic shows the OMA DM device description framework (DDF) for the DeviceManageability configuration service provider. This CSP was added in Windows 10, version 1607.
-ms.assetid: D7FA8D51-95ED-40D2-AA84-DCC4BBC393AB
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/devicestatus-csp.md b/windows/client-management/mdm/devicestatus-csp.md
index 3f04f4495f..c900b41939 100644
--- a/windows/client-management/mdm/devicestatus-csp.md
+++ b/windows/client-management/mdm/devicestatus-csp.md
@@ -1,14 +1,13 @@
---
title: DeviceStatus CSP
description: Learn how the DeviceStatus configuration service provider keeps track of device inventory and queries the compliance state of devices within the enterprise.
-ms.assetid: 039B2010-9290-4A6E-B77B-B2469B482360
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/25/2021
---
@@ -20,6 +19,7 @@ The table below shows the applicability of Windows:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/devicestatus-ddf.md b/windows/client-management/mdm/devicestatus-ddf.md
index 4b820066f6..9019f6a5b9 100644
--- a/windows/client-management/mdm/devicestatus-ddf.md
+++ b/windows/client-management/mdm/devicestatus-ddf.md
@@ -1,20 +1,18 @@
---
title: DeviceStatus DDF
description: This topic shows the OMA DM device description framework (DDF) for the DeviceStatus configuration service provider. DDF files are used only with OMA DM provisioning XML.
-ms.assetid: 780DC6B4-48A5-4F74-9F2E-6E0D88902A45
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 03/12/2018
---
# DeviceStatus DDF
-
This topic shows the OMA DM device description framework (DDF) for the **DeviceStatus** configuration service provider. DDF files are used only with OMA DM provisioning XML.
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
diff --git a/windows/client-management/mdm/devinfo-csp.md b/windows/client-management/mdm/devinfo-csp.md
index e5dc49d8ee..fe9309086b 100644
--- a/windows/client-management/mdm/devinfo-csp.md
+++ b/windows/client-management/mdm/devinfo-csp.md
@@ -1,14 +1,13 @@
---
title: DevInfo CSP
description: Learn how the DevInfo configuration service provider handles the managed object that provides device information to the OMA DM server.
-ms.assetid: d3eb70db-1ce9-4c72-a13d-651137c1713c
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
@@ -20,6 +19,7 @@ The table below shows the applicability of Windows:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/devinfo-ddf-file.md b/windows/client-management/mdm/devinfo-ddf-file.md
index 3cf4154682..ae70ac7ba1 100644
--- a/windows/client-management/mdm/devinfo-ddf-file.md
+++ b/windows/client-management/mdm/devinfo-ddf-file.md
@@ -1,20 +1,18 @@
---
title: DevInfo DDF file
description: Learn about the OMA DM device description framework (DDF) for the DevInfo configuration service provider (CSP).
-ms.assetid: beb07cc6-4133-4c0f-aa05-64db2b4a004f
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
---
# DevInfo DDF file
-
This topic shows the OMA DM device description framework (DDF) for the **DevInfo** configuration service provider. DDF files are used only with OMA DM provisioning XML.
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
diff --git a/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md b/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md
index 057030f5f3..b28a49b37e 100644
--- a/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md
+++ b/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md
@@ -1,21 +1,20 @@
---
title: Diagnose MDM failures in Windows 10
description: Learn how to collect MDM logs. Examining these logs can help diagnose enrollment or device management issues in Windows 10 devices managed by an MDM server.
-ms.assetid: 12D8263B-D839-4B19-9346-31E0CDD0CBF9
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/25/2018
ms.collection: highpri
---
# Diagnose MDM failures in Windows 10
-To help diagnose enrollment or device management issues in Windows 10 devices managed by an MDM server, you can examine the MDM logs collected from the desktop. The following sections describe the procedures for collecting MDM logs.
+To help diagnose enrollment or device management issues in Windows 10 devices managed by an MDM server, you can examine the MDM logs collected from the desktop. The following sections describe the procedures for collecting MDM logs.
## Download the MDM Diagnostic Information log from Windows 10 PCs
@@ -31,32 +30,34 @@ To help diagnose enrollment or device management issues in Windows 10 devices m
1. In File Explorer, navigate to c:\Users\Public\Documents\MDMDiagnostics to see the report.
-## Use command to collect logs directly from Windows 10 PCs
+## Use command to collect logs directly from Windows 10 PCs
You can also collect the MDM Diagnostic Information logs using the following command:
```xml
-mdmdiagnosticstool.exe -area DeviceEnrollment;DeviceProvisioning;Autopilot -zip c:\users\public\documents\MDMDiagReport.zip
+mdmdiagnosticstool.exe -area "DeviceEnrollment;DeviceProvisioning;Autopilot" -zip "c:\users\public\documents\MDMDiagReport.zip"
```
-- In File Explorer, navigate to c:\Users\Public\Documents\MDMDiagnostics to see the report.
+
+- In File Explorer, navigate to c:\Users\Public\Documents\MDMDiagnostics to see the report.
### Understanding zip structure
+
The zip file will have logs according to the areas that were used in the command. This explanation is based on DeviceEnrollment, DeviceProvisioning and Autopilot areas. It applies to the zip files collected via command line or Feedback Hub
-- DiagnosticLogCSP_Collector_Autopilot_*: Autopilot etls
-- DiagnosticLogCSP_Collector_DeviceProvisioning_*: Provisioning etls (Microsoft-Windows-Provisioning-Diagnostics-Provider)
-- MDMDiagHtmlReport.html: Summary snapshot of MDM space configurations and policies. Includes, management url, MDM server device ID, certificates, policies.
-- MdmDiagLogMetadata, json: mdmdiagnosticstool metadata file, contains command-line arguments used to run the tool
-- MDMDiagReport.xml: contains a more detail view into the MDM space configurations, e.g enrollment variables
-- MdmDiagReport_RegistryDump.reg: contains dumps from common MDM registry locations
-- MdmLogCollectorFootPrint.txt: mdmdiagnosticslog tool logs from running the command
-- *.evtx: Common event viewer logs microsoft-windows-devicemanagement-enterprise-diagnostics-provider-admin.evtx main one that contains MDM events.
+- DiagnosticLogCSP_Collector_Autopilot_*: Autopilot etls
+- DiagnosticLogCSP_Collector_DeviceProvisioning_*: Provisioning etls (Microsoft-Windows-Provisioning-Diagnostics-Provider)
+- MDMDiagHtmlReport.html: Summary snapshot of MDM space configurations and policies. Includes, management url, MDM server device ID, certificates, policies.
+- MdmDiagLogMetadata, json: mdmdiagnosticstool metadata file, contains command-line arguments used to run the tool
+- MDMDiagReport.xml: contains a more detail view into the MDM space configurations, e.g enrollment variables
+- MdmDiagReport_RegistryDump.reg: contains dumps from common MDM registry locations
+- MdmLogCollectorFootPrint.txt: mdmdiagnosticslog tool logs from running the command
+- *.evtx: Common event viewer logs microsoft-windows-devicemanagement-enterprise-diagnostics-provider-admin.evtx main one that contains MDM events.
-## Collect logs directly from Windows 10 PCs
+## Collect logs directly from Windows 10 PCs
-Starting with the Windows 10, version 1511, MDM logs are captured in the Event Viewer in the following location:
+Starting with the Windows 10, version 1511, MDM logs are captured in the Event Viewer in the following location:
-- Applications and Services Logs > Microsoft > Windows > DeviceManagement-Enterprise-Diagnostic-Provider
+- Applications and Services Logs > Microsoft > Windows > DeviceManagement-Enterprise-Diagnostic-Provider
Here's a screenshot:
@@ -64,34 +65,34 @@ Here's a screenshot:
In this location, the **Admin** channel logs events by default. However, if you need more details logs you can enable **Debug** logs by choosing **Show Analytic and Debug** logs option in **View** menu in Event Viewer.
-**To collect Admin logs**
+### Collect admin logs
-1. Right click on the **Admin** node.
-2. Select **Save all events as**.
-3. Choose a location and enter a filename.
-4. Click **Save**.
-5. Choose **Display information for these languages** and then select **English**.
-6. Click **Ok**.
+1. Right click on the **Admin** node.
+2. Select **Save all events as**.
+3. Choose a location and enter a filename.
+4. Click **Save**.
+5. Choose **Display information for these languages** and then select **English**.
+6. Click **Ok**.
For more detailed logging, you can enable **Debug** logs. Right click on the **Debug** node and then click **Enable Log**.
-**To collect Debug logs**
+### Collect debug logs
-1. Right click on the **Debug** node.
-2. Select **Save all events as**.
-3. Choose a location and enter a filename.
-4. Click **Save**.
-5. Choose **Display information for these languages** and then select **English**.
-6. Click **Ok**.
+1. Right click on the **Debug** node.
+2. Select **Save all events as**.
+3. Choose a location and enter a filename.
+4. Click **Save**.
+5. Choose **Display information for these languages** and then select **English**.
+6. Click **Ok**.
-You can open the log files (.evtx files) in the Event Viewer on a Windows 10 PC running the November 2015 update.
+You can open the log files (.evtx files) in the Event Viewer on a Windows 10 PC running the November 2015 update.
-## Collect logs remotely from Windows 10 PCs
+## Collect logs remotely from Windows 10 PCs
When the PC is already enrolled in MDM, you can remotely collect logs from the PC through the MDM channel if your MDM server supports this facility. The [DiagnosticLog CSP](diagnosticlog-csp.md) can be used to enable an event viewer channel by full name. Here are the Event Viewer names for the Admin and Debug channels:
-- Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%2FAdmin
-- Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%2FDebug
+- Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%2FAdmin
+- Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%2FDebug
Example: Enable the Debug channel logging
@@ -236,27 +237,27 @@ After the logs are collected on the device, you can retrieve the files through t
For best results, ensure that the PC or VM on which you're viewing logs matches the build of the OS from which the logs were collected.
-1. Open eventvwr.msc.
-2. Right-click on **Event Viewer(Local)** and select **Open Saved Log**.
+1. Open eventvwr.msc.
+2. Right-click on **Event Viewer(Local)** and select **Open Saved Log**.
-3. Navigate to the etl file that you got from the device and then open the file.
-4. Click **Yes** when prompted to save it to the new log format.
+3. Navigate to the etl file that you got from the device and then open the file.
+4. Click **Yes** when prompted to save it to the new log format.
-5. The new view contains traces from the channel. Click on **Filter Current Log** from the **Actions** menu.
+5. The new view contains traces from the channel. Click on **Filter Current Log** from the **Actions** menu.
-6. Add a filter to Event sources by selecting **DeviceManagement-EnterpriseDiagnostics-Provider** and click **OK**.
+6. Add a filter to Event sources by selecting **DeviceManagement-EnterpriseDiagnostics-Provider** and click **OK**.
-7. Now you're ready to start reviewing the logs.
+7. Now you're ready to start reviewing the logs.
@@ -284,5 +285,3 @@ Here's an example of how to collect current MDM device state data using the [Dia
```
-
-
diff --git a/windows/client-management/mdm/diagnosticlog-csp.md b/windows/client-management/mdm/diagnosticlog-csp.md
index 6476b2d5e2..119d455dec 100644
--- a/windows/client-management/mdm/diagnosticlog-csp.md
+++ b/windows/client-management/mdm/diagnosticlog-csp.md
@@ -1,14 +1,13 @@
---
title: DiagnosticLog CSP
description: Learn about the feature areas of the DiagnosticLog configuration service provider (CSP), including the DiagnosticLog area and Policy area.
-ms.assetid: F76E0056-3ACD-48B2-BEA1-1048C96571C3
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 11/19/2019
---
@@ -20,6 +19,7 @@ The table below shows the applicability of Windows:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/diagnosticlog-ddf.md b/windows/client-management/mdm/diagnosticlog-ddf.md
index 0f25053a37..379b38b3fe 100644
--- a/windows/client-management/mdm/diagnosticlog-ddf.md
+++ b/windows/client-management/mdm/diagnosticlog-ddf.md
@@ -1,20 +1,18 @@
---
title: DiagnosticLog DDF
description: Learn about the the OMA DM device description framework (DDF) for the DiagnosticLog configuration service provider (CSP).
-ms.assetid: 9DD75EDA-5913-45B4-9BED-20E30CDEBE16
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
---
# DiagnosticLog DDF
-
This topic shows the OMA DM device description framework (DDF) for the DiagnosticLog configuration service provider.
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
diff --git a/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md b/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md
index f3e3c24cf9..31fbaa5aa9 100644
--- a/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md
+++ b/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md
@@ -1,21 +1,19 @@
---
title: Disconnecting from the management infrastructure (unenrollment)
description: Disconnecting is initiated either locally by the user using a phone or remotely by the IT admin using management server.
-MS-HAID:
-- 'p\_phdevicemgmt.disconnecting\_from\_the\_management\_infrastructure\_\_unenrollment\_'
-- 'p\_phDeviceMgmt.disconnecting\_from\_mdm\_unenrollment'
-ms.assetid: 33B2B248-631B-451F-B534-5DA095C4C8E8
+MS-HAID:
+ - 'p\_phdevicemgmt.disconnecting\_from\_the\_management\_infrastructure\_\_unenrollment\_'
+ - 'p\_phDeviceMgmt.disconnecting\_from\_mdm\_unenrollment'
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
-
# Disconnecting from the management infrastructure (unenrollment)
The Disconnecting process is done either locally by the user who uses a phone or remotely by the IT administrator using management server. The user-initiated disconnection process is similar to the initial connection, wherein its initiation is from the same location in the Setting Control Panel as creating the workplace account.
@@ -125,7 +123,7 @@ When the server initiates disconnection, all undergoing sessions for the enrollm
## Unenrollment from Work Access settings page
-If the user is enrolled into MDM using an Azure Active Directory (AAD Join or by adding a Microsoft work account), the MDM account will show up under the Work Access page. However, the **Disconnect** button is greyed out and not accessible. Users can remove that MDM account by removing the AAD association to the device.
+If the user is enrolled into MDM using an Azure Active Directory (AAD Join or by adding a Microsoft work account), the MDM account will show up under the Work Access page. However, the **Disconnect** button is greyed out and not accessible. Users can remove that MDM account by removing the Azure AD association to the device.
You can only use the Work Access page to unenroll under the following conditions:
diff --git a/windows/client-management/mdm/dmacc-csp.md b/windows/client-management/mdm/dmacc-csp.md
index 50fd9dfd0d..ad9d6ccc76 100644
--- a/windows/client-management/mdm/dmacc-csp.md
+++ b/windows/client-management/mdm/dmacc-csp.md
@@ -1,14 +1,13 @@
---
title: DMAcc CSP
description: Learn how the DMAcc configuration service provider (CSP) allows an OMA Device Management (DM) version 1.2 server to handle OMA DM account objects.
-ms.assetid: 43e73d8a-6617-44e7-8459-5c96f4422e63
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
@@ -20,6 +19,7 @@ The table below shows the applicability of Windows:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/dmacc-ddf-file.md b/windows/client-management/mdm/dmacc-ddf-file.md
index 2d1d256133..4ba6320269 100644
--- a/windows/client-management/mdm/dmacc-ddf-file.md
+++ b/windows/client-management/mdm/dmacc-ddf-file.md
@@ -1,20 +1,18 @@
---
title: DMAcc DDF file
description: Learn about the OMA DM device description framework (DDF) for the DMAcc configuration service provider (CSP).
-ms.assetid: 44dc99aa-2a85-498b-8f52-a81863765606
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
---
# DMAcc DDF file
-
This topic shows the OMA DM device description framework (DDF) for the **DMAcc** configuration service provider. DDF files are used only with OMA DM provisioning XML.
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
diff --git a/windows/client-management/mdm/dmclient-csp.md b/windows/client-management/mdm/dmclient-csp.md
index 80655c5989..dbaec53d02 100644
--- a/windows/client-management/mdm/dmclient-csp.md
+++ b/windows/client-management/mdm/dmclient-csp.md
@@ -1,14 +1,13 @@
---
title: DMClient CSP
description: Understand how the DMClient configuration service provider (CSP) is used to specify enterprise-specific mobile device management (MDM) configuration settings.
-ms.assetid: a5cf35d9-ced0-4087-a247-225f102f2544
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 11/01/2017
---
@@ -20,6 +19,7 @@ The table below shows the applicability of Windows:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -50,6 +50,8 @@ DMClient
------------Unenroll
------------AADResourceID
------------AADDeviceID
+------------AADSendDeviceToken
+------------ForceAadToken
------------EnrollmentType
------------EnableOmaDmKeepAliveMessage
------------HWDevID
@@ -72,6 +74,21 @@ DMClient
----------------NumberOfRemainingScheduledRetries
----------------PollOnLogin
----------------AllUsersPollOnFirstLogin
+------------LinkedEnrollment
+----------------Priority
+----------------Enroll
+----------------Unenroll
+----------------EnrollStatus
+----------------LastError
+------------Recovery
+----------------AllowRecovery
+----------------RecoveryStatus
+----------------InitiateRecovery
+------------MultipleSession
+----------------NumAllowedConcurrentUserSessionForBackgroundSync
+----------------NumAllowedConcurrentUserSessionAtUserLogonSync
+----------------IntervalForScheduledRetriesForUserSession
+----------------NumberOfScheduledRetriesForUserSession
----Unenroll
----UpdateManagementServiceAddress
```
@@ -325,6 +342,11 @@ Supported operations are Add, Delete, Get, and Replace.
Value type is bool.
+**Provider/*ProviderID*/ForceAadToken**
+The value type is integer/enum.
+
+The value is "1" and it means client should always send Azure Active Directory device token during check-in/sync.
+
**Provider/*ProviderID*/Poll**
Optional. Polling schedules must use the DMClient CSP. The Registry paths previously associated with polling using the Registry CSP are now deprecated.
@@ -443,6 +465,117 @@ Optional. Boolean value that allows the IT admin to require the device to start
Supported operations are Add, Get, and Replace.
+**Provider/*ProviderID*/LinkedEnrollment/Priority**
+This node is an integer, value is "0" or "1".
+
+Default is 1, meaning the MDM enrollment is the “winning” authority for conflicting policies/resources. Value 1 means MMP-C enrollment is the “winning” one.
+Support operations are Get and Set.
+
+**Provider/*ProviderID*/LinkedEnrollment/Enroll**
+This is an execution node and will trigger a silent MMP-C enrollment, using the Azure Active Directory device token pulled from the Azure AD-joined device. There is no user interaction needed.
+
+Support operation is Exec.
+
+**Provider/*ProviderID*/LinkedEnrollment/Unenroll**
+This is an execution node and will trigger a silent MMP-C unenroll, there is no user interaction needed. On un-enrollment, all the settings/resources set by MMPC will be rolled back(rollback details will be covered later).
+
+Support operation is Exec.
+
+**Provider/*ProviderID*/LinkedEnrollment/EnrollStatus**
+
+This node can be used to check both enroll and unenroll statuses.
+This will return the enroll action status and is defined as a enum class LinkedEnrollmentStatus. The values are aas follows:
+
+- Undefined = 0
+- EnrollmentNotStarted = 1
+- InProgress = 2
+- Failed = 3
+- Succeeded = 4
+- UnEnrollmentQueued = 5
+- UnEnrollmentSucceeded = 8
+
+Support operation is Get only.
+
+**Provider/*ProviderID*/LinkedEnrollment/LastError**
+
+This specifies the Hresult to report the enrollment/unenroll results.
+
+**Provider/*ProviderID*/Recovery/AllowRecovery**
+
+This node determines whether or not the client will automatically initiate a MDM Recovery operation when it detects issues with the MDM certificate.
+
+Supported operations are Get, Add, Replace and Delete.
+
+The supported values for this node are 1-true (allow) and 0-false(not allow). Default value is 0.
+
+**Provider/*ProviderID*/Recovery/RecoveryStatus**
+
+This node tracks the status of a Recovery request from the InitiateRecovery node. The values are as follows:
+
+0 - No Recovery request has been processed.
+1 - Recovery is in Process.
+2 - Recovery has finished successfully.
+3 - Recovery has failed to start because TPM is not available.
+4 - Recovery has failed to start because Azure Active Directory keys are not protected by the TPM.
+5 - Recovery has failed to start because the MDM keys are already protected by the TPM.
+6 - Recovery has failed to start because the TPM is not ready for attestation.
+7 - Recovery has failed because the client cannot authenticate to the server.
+8 - Recovery has failed because the server has rejected the client's request.
+
+Supported operation is Get only.
+
+**Provider/*ProviderID*/Recovery/InitiateRecovery**
+
+This node initiates an MDM Recovery operation on the client.
+
+If initiated with argument 0, it triggers MDM Recovery, no matter the state of the device.
+
+If initiated with argument 1, it triggers only if the MDM certificate’s private key isn’t already protected by the TPM, if there is a TPM to put the private key into, and if the TPM is ready for attestation.
+
+Supported operation is Exec only.
+
+**Provider/*ProviderID*/MultipleSession/NumAllowedConcurrentUserSessionForBackgroundSync**
+
+Optional. This node specifies maximum number of concurrent user sync sessions in background.
+
+The default value is dynamically decided by the client based on CPU usage.
+
+The values are : 0= none, 1= sequential, anything else= parallel.
+
+Supported operations are Get, Add, Replace and Delete.
+
+Value type is integer. Only applicable for Windows Enterprise multi-session.
+
+
+**Provider/*ProviderID*/MultipleSession/NumAllowedConcurrentUserSessionAtUserLogonSync**
+Optional. This node specifies maximum number of concurrent user sync sessions at User Login.
+
+The default value is dynamically decided by the client based on CPU usage.
+
+The values are : 0= none, 1= sequential, anything else= parallel.
+
+Supported operations are Get, Add, Replace and Delete.
+
+Value type is integer. Only applicable for Windows Enterprise multi-session.
+
+**Provider/*ProviderID*/MultipleSession/IntervalForScheduledRetriesForUserSession**
+Optional. This node specifies the waiting time (in minutes) for the initial set of retries as specified by the number of retries in `//Poll/NumberOfScheduledRetriesForUserSession`.
+
+If IntervalForScheduledRetriesForUserSession is not set, then the default value is used. The default value is 0. If the value is set to 0, this schedule is disabled.
+
+This configuration is only applicable for Windows Multi-session Editions.
+
+Supported operations are Get and Replace.
+
+**Provider/*ProviderID*/MultipleSession/NumberOfScheduledRetriesForUserSession**
+Optional. This node specifies the number of times the DM client should retry to connect to the server when the client is initially configured or enrolled to communicate with the server.
+
+If the value is set to 0 and the IntervalForScheduledRetriesForUserSession value is not 0, then the schedule will be set to repeat an infinite number of times.
+
+The default value is 0. This configuration is only applicable for Windows Multi-session Editions.
+
+Supported operations are Get and Replace.
+
**Provider/*ProviderID*/ConfigLock**
Optional. This node enables [Config Lock](config-lock.md) feature. If enabled, policies defined in the Config Lock document will be monitored and quickly remediated when a configuration drift is detected.
@@ -496,7 +629,7 @@ The status error mapping is listed below.
|--- |--- |
|0|Success|
|1|Failure: invalid PFN|
-|2|Failure: invalid or expired device authentication with MSA|
+|2|Failure: invalid or expired device authentication with Microsoft account|
|3|Failure: WNS client registration failed due to an invalid or revoked PFN|
|4|Failure: no Channel URI assigned|
|5|Failure: Channel URI has expired|
diff --git a/windows/client-management/mdm/dmclient-ddf-file.md b/windows/client-management/mdm/dmclient-ddf-file.md
index 9121cdc2b4..2f7ca1fb7e 100644
--- a/windows/client-management/mdm/dmclient-ddf-file.md
+++ b/windows/client-management/mdm/dmclient-ddf-file.md
@@ -1,14 +1,13 @@
---
title: DMClient DDF file
description: Learn about the OMA DM device description framework (DDF) for the DMClient configuration service provider (CSP).
-ms.assetid: A21B33AF-DB76-4059-8170-FADF2CB898A0
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
---
@@ -981,7 +980,7 @@ The XML below is for Windows 10, version 1803.
- Send the device AAD token, if the user one can't be returned
+ Send the device Azure Active Directory token, if the user one can't be returned
@@ -1661,7 +1660,7 @@ The XML below is for Windows 10, version 1803.
0
- Device Only. This node determines whether or not the MDM progress page is blocking in the AADJ or DJ++ case, as well as which remediation options are available.
+ Device Only. This node determines whether or not the MDM progress page is blocking in the Azure Active Directory-joined or DJ++ case, as well as which remediation options are available.
@@ -1740,7 +1739,7 @@ The XML below is for Windows 10, version 1803.
true
- Device only. This node decides wheter or not the MDM device progress page skips after AADJ or Hybrid AADJ in OOBE.
+ Device only. This node decides whether or not the MDM device progress page skips after Azure Active Directory-joined or Hybrid Azure AD-joined in OOBE.
@@ -1766,7 +1765,7 @@ The XML below is for Windows 10, version 1803.
false
- Device only. This node decides wheter or not the MDM user progress page skips after AADJ or DJ++ after user login.
+ Device only. This node decides wheter or not the MDM user progress page skips after Azure Active Directory-joined or DJ++ after user login.
diff --git a/windows/client-management/mdm/dmprocessconfigxmlfiltered.md b/windows/client-management/mdm/dmprocessconfigxmlfiltered.md
index 67d29f0ce3..471f590bc9 100644
--- a/windows/client-management/mdm/dmprocessconfigxmlfiltered.md
+++ b/windows/client-management/mdm/dmprocessconfigxmlfiltered.md
@@ -2,23 +2,21 @@
title: DMProcessConfigXMLFiltered function
description: Learn how the DMProcessConfigXMLFiltered function configures phone settings by using OMA Client Provisioning XML.
Search.Refinement.TopicID: 184
-ms.assetid: 31D79901-6206-454C-AE78-9B85A3B3487F
ms.reviewer:
-manager: dansimp
-keywords: ["DMProcessConfigXMLFiltered function"]
-topic_type:
-- apiref
-api_name:
-- DMProcessConfigXMLFiltered
-api_location:
-- dmprocessxmlfiltered.dll
-api_type:
-- DllExport
-ms.author: dansimp
+manager: aaroncz
+topic_type:
+ - apiref
+api_name:
+ - DMProcessConfigXMLFiltered
+api_location:
+ - dmprocessxmlfiltered.dll
+api_type:
+ - DllExport
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/dmsessionactions-csp.md b/windows/client-management/mdm/dmsessionactions-csp.md
index 438ec54bdd..e9c3080fba 100644
--- a/windows/client-management/mdm/dmsessionactions-csp.md
+++ b/windows/client-management/mdm/dmsessionactions-csp.md
@@ -1,14 +1,14 @@
---
title: DMSessionActions CSP
description: Learn how the DMSessionActions configuration service provider (CSP) is used to manage the number of sessions the client skips if the device is in a low-power state.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# DMSessionActions CSP
@@ -19,6 +19,7 @@ The table below shows the applicability of Windows:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/dmsessionactions-ddf.md b/windows/client-management/mdm/dmsessionactions-ddf.md
index 7cebc030ce..fcb5cb106e 100644
--- a/windows/client-management/mdm/dmsessionactions-ddf.md
+++ b/windows/client-management/mdm/dmsessionactions-ddf.md
@@ -1,14 +1,14 @@
---
title: DMSessionActions DDF file
description: Learn about the OMA DM device description framework (DDF) for the DMSessionActions configuration service provider (CSP).
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# DMSessionActions DDF file
diff --git a/windows/client-management/mdm/dynamicmanagement-csp.md b/windows/client-management/mdm/dynamicmanagement-csp.md
index bb204af81d..3e4e54c181 100644
--- a/windows/client-management/mdm/dynamicmanagement-csp.md
+++ b/windows/client-management/mdm/dynamicmanagement-csp.md
@@ -1,14 +1,14 @@
---
title: DynamicManagement CSP
description: Learn how the Dynamic Management configuration service provider (CSP) enables configuration of policies that change how the device is managed.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
ms.reviewer:
-manager: dansimp
+manager: aaroncz
ms.collection: highpri
---
@@ -20,6 +20,7 @@ The table below shows the applicability of Windows:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/dynamicmanagement-ddf.md b/windows/client-management/mdm/dynamicmanagement-ddf.md
index 5bf20a535b..0e2a6dd191 100644
--- a/windows/client-management/mdm/dynamicmanagement-ddf.md
+++ b/windows/client-management/mdm/dynamicmanagement-ddf.md
@@ -1,14 +1,13 @@
---
title: DynamicManagement DDF file
description: Learn about the OMA DM device description framework (DDF) for the DynamicManagement configuration service provider (CSP).
-ms.assetid: 7e266db0-2fd9-4412-b428-4550f41a1738
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/eap-configuration.md b/windows/client-management/mdm/eap-configuration.md
index 9f9d1ab88c..1298e152d0 100644
--- a/windows/client-management/mdm/eap-configuration.md
+++ b/windows/client-management/mdm/eap-configuration.md
@@ -1,25 +1,22 @@
---
title: EAP configuration
description: Learn how to create an Extensible Authentication Protocol (EAP) configuration XML for a VPN profile, including details about EAP certificate filtering in Windows 10.
-ms.assetid: DD3F2292-4B4C-4430-A57F-922FED2A8FAE
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
# EAP configuration
-
This article provides a step-by-step guide for creating an Extensible Authentication Protocol (EAP) configuration XML for a VPN profile, including information about EAP certificate filtering in Windows 10.
## Create an EAP configuration XML for a VPN profile
-
To get the EAP configuration from your desktop using the rasphone tool that is shipped in the box:
1. Run rasphone.exe.
@@ -107,15 +104,13 @@ To get the EAP configuration from your desktop using the rasphone tool that is s
```
> [!NOTE]
- > You should check with mobile device management (MDM) vendor if you need to pass this XML in escaped format. The XSDs for all EAP methods are shipped in the box and can be found at the following locations:
- - C:\\Windows\\schemas\\EAPHost
- - C:\\Windows\\schemas\\EAPMethods
+ > You should check with Mobile Device Management (MDM) vendor, if you need to pass this XML in escaped format. The XSDs for all EAP methods are shipped in the box and can be found at the following locations:
+ > - C:\\Windows\\schemas\\EAPHost
+ > - C:\\Windows\\schemas\\EAPMethods
-
## EAP certificate filtering
-
In your deployment, if you have multiple certificates provisioned on the device and the Wi-Fi profile provisioned doesn't have a strict filtering criteria, you might see connection failures when connecting to Wi-Fi. The solution is to ensure that the Wi-Fi profile provisioned has strict filtering criteria so that it matches only one certificate.
Enterprises deploying certificate-based EAP authentication for VPN and Wi-Fi can encounter a situation where there are multiple certificates that meet the default criteria for authentication. This situation can lead to issues such as:
@@ -123,18 +118,18 @@ Enterprises deploying certificate-based EAP authentication for VPN and Wi-Fi can
- The user might be prompted to select the certificate.
- The wrong certificate might be auto-selected and cause an authentication failure.
-A production ready deployment must have the appropriate certificate details as part of the profile being deployed. The following information explains how to create or update an EAP configuration XML such that the extraneous certificates are filtered out and the appropriate certificate can be used for the authentication.
+A production ready deployment must have appropriate certificate details as part of the profile being deployed. The following information explains how to create or update an EAP configuration XML such that the extraneous certificates are filtered out and appropriate certificate can be used for the authentication.
-EAP XML must be updated with relevant information for your environment. This task can be done manually by editing the following XML sample, or by using the step-by-step UI guide. After the EAP XML is updated, refer to instructions from your MDM to deploy the updated configuration as follows:
+EAP XML must be updated with relevant information for your environment. This task can be done manually by editing the following XML sample or by using the step-by-step UI guide. After the EAP XML is updated, refer to instructions from your MDM to deploy the updated configuration as follows:
-- For Wi-Fi, look for the `` section of your current WLAN Profile XML. (This section is what you specify for the WLanXml node in the Wi-Fi CSP.) Within these tags you'll find the complete EAP configuration. Replace the section under `` with your updated XML and update your Wi-Fi profile. You can refer to your MDM’s guidance on how to deploy a new Wi-Fi profile.
+- For Wi-Fi, look for the `` section of your current WLAN Profile XML. (This section is what you specify for the WLanXml node in the Wi-Fi CSP.) Within these tags, you'll find the complete EAP configuration. Replace the section under `` with your updated XML and update your Wi-Fi profile. You can refer to your MDM’s guidance on how to deploy a new Wi-Fi profile.
- For VPN, EAP configuration is a separate field in the MDM configuration. Work with your MDM provider to identify and update the appropriate field.
For information about EAP settings, see .
For information about generating an EAP XML, see the EAP configuration article.
-For more information about extended key usage (EKU), see .
+For more information about extended key usage (EKU), see .
For information about adding EKU to a certificate, see .
@@ -142,9 +137,9 @@ The following list describes the prerequisites for a certificate to be used with
- The certificate must have at least one of the following EKU properties:
- - Client Authentication. As defined by RFC 5280, this property is a well-defined OID with value 1.3.6.1.5.5.7.3.2.
- - Any Purpose. This property is an EKU-defined one and is published by Microsoft, and is a well-defined OID with value 1.3.6.1.4.1.311.10.12.1. The inclusion of this OID implies that the certificate can be used for any purpose. The advantage of this EKU over the All Purpose EKU is that other non-critical or custom EKUs can still be added to the certificate for effective filtering.
- - All Purpose. As defined by RFC 5280, if a CA includes EKUs to satisfy some application needs, but doesn't want to restrict usage of the key, the CA can add an EKU value of 0. A certificate with such an EKU can be used for all purposes.
+ - Client Authentication: As defined by RFC 5280, this property is a well-defined OID with value 1.3.6.1.5.5.7.3.2.
+ - Any Purpose: This property is an EKU-defined one and is published by Microsoft. It is a well-defined OID with value 1.3.6.1.4.1.311.10.12.1. The inclusion of this OID implies that the certificate can be used for any purpose. The advantage of this EKU over the All Purpose EKU is that other non-critical or custom EKUs can still be added to the certificate for effective filtering.
+ - All Purpose: As defined by RFC 5280, if a CA includes EKUs to satisfy some application needs, but doesn't want to restrict usage of the key, the CA can add an EKU value of 0. A certificate with such an EKU can be used for all purposes.
- The user or the computer certificate on the client must chain to a trusted root CA.
- The user or the computer certificate doesn't fail any one of the checks that are performed by the CryptoAPI certificate store, and the certificate passes requirements in the remote access policy.
@@ -157,7 +152,6 @@ The following XML sample explains the properties for the EAP TLS XML, including
> For PEAP or TTLS profiles, the EAP TLS XML is embedded within some PEAP-specific or TTLS-specific elements.
-
```xml
@@ -261,7 +255,6 @@ The following XML sample explains the properties for the EAP TLS XML, including
> The EAP TLS XSD is located at %systemdrive%\\Windows\\schemas\\EAPMethods\\eaptlsconnectionpropertiesv3.xsd.
-
Alternatively, you can use the following procedure to create an EAP configuration XML:
1. Follow steps 1 through 7 in the EAP configuration article.
@@ -290,8 +283,7 @@ Alternatively, you can use the following procedure to create an EAP configuratio
> [!NOTE]
> You can also set all the other applicable EAP Properties through this UI as well. A guide for what these properties mean can be found in the [Extensible Authentication Protocol (EAP) Settings for Network Access](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh945104(v=ws.11)) article.
-
-
+## Related topics
-
+[Configuration service provider reference](configuration-service-provider-reference.md)
diff --git a/windows/client-management/mdm/email2-csp.md b/windows/client-management/mdm/email2-csp.md
index dab6f05a0e..a88665101f 100644
--- a/windows/client-management/mdm/email2-csp.md
+++ b/windows/client-management/mdm/email2-csp.md
@@ -1,14 +1,13 @@
---
title: EMAIL2 CSP
description: Learn how the EMAIL2 configuration service provider (CSP) is used to configure Simple Mail Transfer Protocol (SMTP) email accounts.
-ms.assetid: bcfc9d98-bc2e-42c6-9b81-0b5bf65ce2b8
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
@@ -20,6 +19,7 @@ The table below shows the applicability of Windows:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/email2-ddf-file.md b/windows/client-management/mdm/email2-ddf-file.md
index 11c6ba0946..ec7d604849 100644
--- a/windows/client-management/mdm/email2-ddf-file.md
+++ b/windows/client-management/mdm/email2-ddf-file.md
@@ -1,20 +1,18 @@
---
title: EMAIL2 DDF file
description: Learn how the OMA DM device description framework (DDF) for the EMAIL2 configuration service provider (CSP).
-ms.assetid: 7e266db0-2fd9-4412-b428-4550f41a1738
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
---
# EMAIL2 DDF file
-
This topic shows the OMA DM device description framework (DDF) for the **EMAIL2** configuration service provider. DDF files are used only with OMA DM provisioning XML.
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
diff --git a/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md b/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md
index 7a4821350c..a8fdcc53b2 100644
--- a/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md
+++ b/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md
@@ -1,15 +1,15 @@
---
title: Enable ADMX policies in MDM
description: Use this step-by-step guide to configure a selected set of Group Policy administrative templates (ADMX policies) in Mobile Device Management (MDM).
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 11/01/2017
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Enable ADMX policies in MDM
diff --git a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
index 767c141d9a..b7a2a1544c 100644
--- a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
+++ b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
@@ -1,14 +1,14 @@
---
title: Enroll a Windows 10 device automatically using Group Policy
description: Learn how to use a Group Policy to trigger auto-enrollment to MDM for Active Directory (AD) domain-joined devices.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 04/30/2022
-ms.reviewer:
-manager: dansimp
+ms.reviewer:
+manager: aaroncz
ms.collection: highpri
---
@@ -127,7 +127,7 @@ Requirements:
> In Windows 10, version 1903, the MDM.admx file was updated to include an option to select which credential is used to enroll the device. **Device Credential** is a new option that will only have an effect on clients that have installed Windows 10, version 1903 or later. The default behavior for older releases is to revert to **User Credential**.
> **Device Credential** is only supported for Microsoft Intune enrollment in scenarios with Co-management or Azure Virtual Desktop because the Intune subscription is user centric.
- When a group policy refresh occurs on the client, a task is created and scheduled to run every 5 minutes for the duration of one day. The task is called "Schedule created by enrollment client for automatically enrolling in MDM from AAD."
+ When a group policy refresh occurs on the client, a task is created and scheduled to run every 5 minutes for the duration of one day. The task is called "Schedule created by enrollment client for automatically enrolling in MDM from Azure Active Directory."
To see the scheduled task, launch the [Task Scheduler app](#task-scheduler-app).
@@ -270,7 +270,7 @@ To collect Event Viewer logs:
> This task isn't visible to standard users, run Scheduled Tasks with administrative credentials to find the task.
This task runs every 5 minutes for the duration of one day. To confirm if the task succeeded, check the task scheduler event logs:
- **Applications and Services Logs > Microsoft > Windows > Task Scheduler > Operational**. Look for an entry where the task scheduler created by enrollment client for automatically enrolling in MDM from AAD is triggered by event ID 107.
+ **Applications and Services Logs > Microsoft > Windows > Task Scheduler > Operational**. Look for an entry where the task scheduler created by enrollment client for automatically enrolling in MDM from Azure Active Directory is triggered by event ID 107.
:::image type="content" alt-text="Event ID 107." source="images/auto-enrollment-event-id-107.png" lightbox="images/auto-enrollment-event-id-107.png":::
diff --git a/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md b/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md
index 75870e43e0..40b17f8970 100644
--- a/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md
+++ b/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md
@@ -1,11 +1,11 @@
---
title: EnrollmentStatusTracking DDF
description: View the OMA DM DDF for the EnrollmentStatusTracking configuration service provider. DDF files are used only with OMA DM provisioning XML.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 05/17/2019
---
diff --git a/windows/client-management/mdm/enrollmentstatustracking-csp.md b/windows/client-management/mdm/enrollmentstatustracking-csp.md
index b7893f3be0..3ad33fa688 100644
--- a/windows/client-management/mdm/enrollmentstatustracking-csp.md
+++ b/windows/client-management/mdm/enrollmentstatustracking-csp.md
@@ -1,11 +1,11 @@
---
title: EnrollmentStatusTracking CSP
description: Learn how to execute a hybrid certificate trust deployment of Windows Hello for Business, for systems with no previous installations.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 05/21/2019
---
@@ -17,6 +17,7 @@ The table below shows the applicability of Windows:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/enterprise-app-management.md b/windows/client-management/mdm/enterprise-app-management.md
index d5a45549a2..d2dc640f22 100644
--- a/windows/client-management/mdm/enterprise-app-management.md
+++ b/windows/client-management/mdm/enterprise-app-management.md
@@ -1,14 +1,13 @@
---
title: Enterprise app management
description: This article covers one of the key mobile device management (MDM) features in Windows 10 for managing the lifecycle of apps across all of Windows.
-ms.assetid: 225DEE61-C3E3-4F75-BC79-5068759DFE99
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 10/04/2021
---
diff --git a/windows/client-management/mdm/enterpriseapn-csp.md b/windows/client-management/mdm/enterpriseapn-csp.md
index 1facdd010f..7988975af6 100644
--- a/windows/client-management/mdm/enterpriseapn-csp.md
+++ b/windows/client-management/mdm/enterpriseapn-csp.md
@@ -1,14 +1,13 @@
---
title: EnterpriseAPN CSP
-description: Learn how the EnterpriseAPN configuration service provider is used by the enterprise to provision an APN for the Internet.
-ms.assetid: E125F6A5-EE44-41B1-A8CC-DF295082E6B2
+description: The EnterpriseAPN configuration service provider is used by the enterprise to provision an APN for the Internet.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/22/2017
---
@@ -20,6 +19,7 @@ The table below shows the applicability of Windows:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/enterpriseapn-ddf.md b/windows/client-management/mdm/enterpriseapn-ddf.md
index 60e6f5ba4a..e83aef75e3 100644
--- a/windows/client-management/mdm/enterpriseapn-ddf.md
+++ b/windows/client-management/mdm/enterpriseapn-ddf.md
@@ -1,20 +1,18 @@
---
title: EnterpriseAPN DDF
description: Learn about the OMA DM device description framework (DDF) for the EnterpriseAPN configuration service provider (CSP).
-ms.assetid: A953ADEF-4523-425F-926C-48DA62EB9E21
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
---
# EnterpriseAPN DDF
-
This topic shows the OMA DM device description framework (DDF) for the **EnterpriseAPN** configuration service provider. DDF files are used only with OMA DM provisioning XML.
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
diff --git a/windows/client-management/mdm/enterpriseappvmanagement-csp.md b/windows/client-management/mdm/enterpriseappvmanagement-csp.md
index 7a1cc8d6dd..23d45c61be 100644
--- a/windows/client-management/mdm/enterpriseappvmanagement-csp.md
+++ b/windows/client-management/mdm/enterpriseappvmanagement-csp.md
@@ -1,14 +1,14 @@
---
title: EnterpriseAppVManagement CSP
-description: Examine the tree format for EnterpriseAppVManagement CSP to manage virtual applications in Windows 10 or Windows 11 PCs. (Enterprise and Education editions).
-ms.author: dansimp
+description: Examine the tree format for EnterpriseAppVManagement CSP to manage virtual applications in Windows 10 or Windows 11 PCs. (Enterprise and Education editions).
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# EnterpriseAppVManagement CSP
@@ -19,6 +19,7 @@ The table below shows the applicability of Windows:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/enterpriseappvmanagement-ddf.md b/windows/client-management/mdm/enterpriseappvmanagement-ddf.md
index 1c18aff981..0572ef9f96 100644
--- a/windows/client-management/mdm/enterpriseappvmanagement-ddf.md
+++ b/windows/client-management/mdm/enterpriseappvmanagement-ddf.md
@@ -1,14 +1,14 @@
---
title: EnterpriseAppVManagement DDF file
description: Learn about the OMA DM device description framework (DDF) for the EnterpriseAppVManagement configuration service provider (CSP).
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# EnterpriseAppVManagement DDF file
diff --git a/windows/client-management/mdm/enterprisedataprotection-csp.md b/windows/client-management/mdm/enterprisedataprotection-csp.md
index a83cfc02b3..bf660969d6 100644
--- a/windows/client-management/mdm/enterprisedataprotection-csp.md
+++ b/windows/client-management/mdm/enterprisedataprotection-csp.md
@@ -3,12 +3,12 @@ title: EnterpriseDataProtection CSP
description: Learn how the EnterpriseDataProtection configuration service provider (CSP) configures Windows Information Protection (formerly, Enterprise Data Protection) settings.
ms.assetid: E2D4467F-A154-4C00-9208-7798EF3E25B3
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 08/09/2017
---
@@ -20,18 +20,24 @@ The table below shows the applicability of Windows:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
The EnterpriseDataProtection configuration service provider (CSP) is used to configure settings for Windows Information Protection (WIP), formerly known as Enterprise Data Protection. For more information about WIP, see [Protect your enterprise data using Windows Information Protection (WIP)](/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip).
-> [!Note]
-> To make WIP functional, the AppLocker CSP and the network isolation-specific settings must also be configured. For more information, see [AppLocker CSP](applocker-csp.md) and NetworkIsolation policies in [Policy CSP](policy-configuration-service-provider.md).
+> [!NOTE]
+> Starting in July 2022, Microsoft is deprecating Windows Information Protection (WIP) and the APIs that support WIP. Microsoft will continue to support WIP on supported versions of Windows. New versions of Windows won't include new capabilities for WIP, and it won't be supported in future versions of Windows. For more information, see [Announcing sunset of Windows Information Protection](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/announcing-the-sunset-of-windows-information-protection-wip/ba-p/3579282).
+>
+> For your data protection needs, Microsoft recommends that you use [Microsoft Purview Information Protection](/microsoft-365/compliance/information-protection) and [Microsoft Purview Data Loss Prevention](/microsoft-365/compliance/dlp-learn-about-dlp). Purview simplifies the configuration set-up and provides an advanced set of capabilities.
-While WIP has no hard dependency on VPN, for best results you should configure VPN profiles first before you configure the WIP policies. For VPN best practice recommendations, see [VPNv2 CSP](vpnv2-csp.md).
+> [!NOTE]
+> To make Windows Information Protection functional, the AppLocker CSP and the network isolation-specific settings must also be configured. For more information, see [AppLocker CSP](applocker-csp.md) and NetworkIsolation policies in [Policy CSP](policy-configuration-service-provider.md).
-To learn more about WIP, see the following articles:
+While Windows Information Protection has no hard dependency on VPN, for best results you should configure VPN profiles first before you configure the WIP policies. For VPN best practice recommendations, see [VPNv2 CSP](vpnv2-csp.md).
+
+To learn more about Windows Information Protection, see the following articles:
- [Create a Windows Information Protection (WIP) policy](/windows/security/information-protection/windows-information-protection/overview-create-wip-policy)
- [General guidance and best practices for Windows Information Protection (WIP)](/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip)
@@ -62,8 +68,8 @@ The root node for the Windows Information Protection (WIP) configuration setting
**Settings/EDPEnforcementLevel**
Set the WIP enforcement level.
-> [!Note]
-> Setting this value isn't sufficient to enable WIP on the device. Attempts to change this value will fail when the WIP cleanup is running.
+> [!NOTE]
+> Setting this value isn't sufficient to enable Windows Information Protection on the device. Attempts to change this value will fail when the WIP cleanup is running.
The following list shows the supported values:
@@ -75,14 +81,13 @@ The following list shows the supported values:
Supported operations are Add, Get, Replace, and Delete. Value type is integer.
**Settings/EnterpriseProtectedDomainNames**
-A list of domains used by the enterprise for its user identities separated by pipes ("|"). The first domain in the list must be the primary enterprise ID, that is, the one representing the managing authority for WIP. User identities from one of these domains is considered an enterprise managed account and data associated with it should be protected. For example, the domains for all email accounts owned by the enterprise would be expected to appear in this list. Attempts to change this value will fail when the WIP cleanup is running.
+A list of domains used by the enterprise for its user identities separated by pipes ("|"). The first domain in the list must be the primary enterprise ID, that is, the one representing the managing authority for Windows Information Protection. User identities from one of these domains is considered an enterprise managed account and data associated with it should be protected. For example, the domains for all email accounts owned by the enterprise would be expected to appear in this list. Attempts to change this value will fail when the WIP cleanup is running.
Changing the primary enterprise ID isn't supported and may cause unexpected behavior on the client.
-> [!Note]
+> [!NOTE]
> The client requires domain name to be canonical, otherwise the setting will be rejected by the client.
-
Here are the steps to create canonical domain names:
1. Transform the ASCII characters (A-Z only) to lowercase. For example, Microsoft.COM -> microsoft.com.
@@ -241,7 +246,7 @@ For EFSCertificate KeyTag, it's expected to be a DER ENCODED binary certificate.
Supported operations are Add, Get, Replace, and Delete. Value type is base-64 encoded certificate.
**Settings/RevokeOnUnenroll**
-This policy controls whether to revoke the WIP keys when a device unenrolls from the management service. If set to 0 (Don't revoke keys), the keys won't be revoked and the user will continue to have access to protected files after unenrollment. If the keys aren't revoked, there will be no revoked file cleanup, later. Prior to sending the unenroll command, when you want a device to do a selective wipe when it's unenrolled, then you should explicitly set this policy to 1.
+This policy controls whether to revoke the Windows Information Protection keys when a device unenrolls from the management service. If set to 0 (Don't revoke keys), the keys won't be revoked and the user will continue to have access to protected files after unenrollment. If the keys aren't revoked, there will be no revoked file cleanup, later. Prior to sending the unenroll command, when you want a device to do a selective wipe when it's unenrolled, then you should explicitly set this policy to 1.
The following list shows the supported values:
@@ -251,7 +256,7 @@ The following list shows the supported values:
Supported operations are Add, Get, Replace, and Delete. Value type is integer.
**Settings/RevokeOnMDMHandoff**
-Added in Windows 10, version 1703. This policy controls whether to revoke the WIP keys when a device upgrades from mobile application management (MAM) to MDM. If set to 0 (Don't revoke keys), the keys won't be revoked and the user will continue to have access to protected files after upgrade. This setting is recommended if the MDM service is configured with the same WIP EnterpriseID as the MAM service.
+Added in Windows 10, version 1703. This policy controls whether to revoke the Windows Information Protection keys when a device upgrades from mobile application management (MAM) to MDM. If set to 0 (Don't revoke keys), the keys won't be revoked and the user will continue to have access to protected files after upgrade. This setting is recommended if the MDM service is configured with the same WIP EnterpriseID as the MAM service.
- 0 - Don't revoke keys.
- 1 (default) - Revoke keys.
@@ -264,7 +269,7 @@ TemplateID GUID to use for Rights Management Service (RMS) encryption. The RMS t
Supported operations are Add, Get, Replace, and Delete. Value type is string (GUID).
**Settings/AllowAzureRMSForEDP**
-Specifies whether to allow Azure RMS encryption for WIP.
+Specifies whether to allow Azure RMS encryption for Windows Information Protection.
- 0 (default) – Don't use RMS.
- 1 – Use RMS.
@@ -277,7 +282,7 @@ When this policy isn't specified, the existing auto-encryption behavior is appli
Supported operations are Add, Get, Replace and Delete. Value type is string.
**Settings/EDPShowIcons**
-Determines whether overlays are added to icons for WIP protected files in Explorer and enterprise only app tiles on the **Start** menu. Starting in Windows 10, version 1703 this setting also configures the visibility of the WIP icon in the title bar of a WIP-protected app.
+Determines whether overlays are added to icons for WIP protected files in Explorer and enterprise only app tiles on the **Start** menu. Starting in Windows 10, version 1703 this setting also configures the visibility of the Windows Information Protection icon in the title bar of a WIP-protected app.
The following list shows the supported values:
- 0 (default) - No WIP overlays on icons or tiles.
@@ -286,7 +291,7 @@ The following list shows the supported values:
Supported operations are Add, Get, Replace, and Delete. Value type is integer.
**Status**
-A read-only bit mask that indicates the current state of WIP on the Device. The MDM service can use this value to determine the current overall state of WIP. WIP is only on (bit 0 = 1) if WIP mandatory policies and WIP AppLocker settings are configured.
+A read-only bit mask that indicates the current state of Windows Information Protection on the Device. The MDM service can use this value to determine the current overall state of WIP. WIP is only on (bit 0 = 1) if WIP mandatory policies and WIP AppLocker settings are configured.
Suggested values:
@@ -298,7 +303,7 @@ Bit 0 indicates whether WIP is on or off.
Bit 1 indicates whether AppLocker WIP policies are set.
-Bit 3 indicates whether the mandatory WIP policies are configured. If one or more of the mandatory WIP policies aren't configured, the bit 3 is set to 0 (zero).
+Bit 3 indicates whether the mandatory Windows Information Protection policies are configured. If one or more of the mandatory WIP policies aren't configured, the bit 3 is set to 0 (zero).
Here's the list of mandatory WIP policies:
diff --git a/windows/client-management/mdm/enterprisedataprotection-ddf-file.md b/windows/client-management/mdm/enterprisedataprotection-ddf-file.md
index 1b0ee74568..f8be987381 100644
--- a/windows/client-management/mdm/enterprisedataprotection-ddf-file.md
+++ b/windows/client-management/mdm/enterprisedataprotection-ddf-file.md
@@ -1,14 +1,13 @@
---
title: EnterpriseDataProtection DDF file
description: The following topic shows the OMA DM device description framework (DDF) for the EnterpriseDataProtection configuration service provider.
-ms.assetid: C6427C52-76F9-4EE0-98F9-DE278529D459
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md b/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md
index b7c829d77b..d06146f5a0 100644
--- a/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md
+++ b/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md
@@ -3,12 +3,12 @@ title: EnterpriseDesktopAppManagement CSP
description: Learn how the EnterpriseDesktopAppManagement CSP handles enterprise desktop application management tasks, such as installing or removing applications.
ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 07/11/2017
---
@@ -20,6 +20,7 @@ The table below shows the applicability of Windows:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -375,7 +376,7 @@ For Intune standalone environment, the MSI package will determine the MSI execut
|User|Install the MSI per-user LocURI contains a User prefix, such as ./User|Install the MSI per-device LocURI contains a Device prefix, such as ./Device|Install the MSI per-user LocURI contains a User prefix, such as ./User|
|System|Install the MSI per-user LocURI contains a User prefix, such as ./User|Install the MSI per-device LocURI contains a Device prefix, such as ./Device|Install the MSI per-user LocURI contains a User prefix, such as ./User|
-The following table applies to SCCM hybrid environment.
+The following table applies to Configuration Manager hybrid environment:
|Target|Per-user MSI|Per-machine MSI|Dual mode MSI|
|--- |--- |--- |--- |
diff --git a/windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md b/windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md
index 329d5cb253..dcf0663717 100644
--- a/windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md
+++ b/windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md
@@ -1,20 +1,18 @@
---
title: EnterpriseDesktopAppManagement DDF
description: This topic shows the OMA DM device description framework (DDF) for the EnterpriseDesktopAppManagement configuration service provider.
-ms.assetid: EF448602-65AC-4D59-A0E8-779876542FE3
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
# EnterpriseDesktopAppManagement DDF
-
This topic shows the OMA DM device description framework (DDF) for the **EnterpriseDesktopAppManagement** configuration service provider.
DDF files are used only with OMA DM provisioning XML.
diff --git a/windows/client-management/mdm/enterprisedesktopappmanagement2-xsd.md b/windows/client-management/mdm/enterprisedesktopappmanagement2-xsd.md
index 097a08b4f8..4117208a89 100644
--- a/windows/client-management/mdm/enterprisedesktopappmanagement2-xsd.md
+++ b/windows/client-management/mdm/enterprisedesktopappmanagement2-xsd.md
@@ -1,20 +1,18 @@
---
title: EnterpriseDesktopAppManagement XSD
description: This topic contains the XSD schema file for the EnterpriseDesktopAppManagement configuration service provider’s DownloadInstall parameter.
-ms.assetid: 60980257-4F48-4A68-8E8E-1EF0A3F090E2
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
# EnterpriseDesktopAppManagement XSD
-
This topic contains the XSD schema file for the EnterpriseDesktopAppManagement configuration service provider’s DownloadInstall parameter.
```xml
diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-csp.md b/windows/client-management/mdm/enterprisemodernappmanagement-csp.md
index 0b73271a16..6aed81068c 100644
--- a/windows/client-management/mdm/enterprisemodernappmanagement-csp.md
+++ b/windows/client-management/mdm/enterprisemodernappmanagement-csp.md
@@ -1,14 +1,13 @@
---
title: EnterpriseModernAppManagement CSP
description: Learn how the EnterpriseModernAppManagement configuration service provider (CSP) is used for the provisioning and reporting of modern enterprise apps.
-ms.assetid: 9DD0741A-A229-41A0-A85A-93E185207C42
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 11/19/2021
---
@@ -20,6 +19,7 @@ The table below shows the applicability of Windows:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md b/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md
index 4ffad48863..3a270aad3c 100644
--- a/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md
+++ b/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md
@@ -1,14 +1,13 @@
---
title: EnterpriseModernAppManagement DDF
description: Learn about the OMA DM device description framework (DDF) for the EnterpriseModernAppManagement configuration service provider (CSP).
-ms.assetid:
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 10/01/2019
---
diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-xsd.md b/windows/client-management/mdm/enterprisemodernappmanagement-xsd.md
index 53de7e899e..95016ab8fc 100644
--- a/windows/client-management/mdm/enterprisemodernappmanagement-xsd.md
+++ b/windows/client-management/mdm/enterprisemodernappmanagement-xsd.md
@@ -1,20 +1,18 @@
---
title: EnterpriseModernAppManagement XSD
description: In this article, view the EnterpriseModernAppManagement XSD example so you can set application parameters.
-ms.assetid: D393D094-25E5-4E66-A60F-B59CC312BF57
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
# EnterpriseModernAppManagement XSD
-
Here is the XSD for the application parameters.
```xml
diff --git a/windows/client-management/mdm/esim-enterprise-management.md b/windows/client-management/mdm/esim-enterprise-management.md
index f3e01980bb..cdc60b2936 100644
--- a/windows/client-management/mdm/esim-enterprise-management.md
+++ b/windows/client-management/mdm/esim-enterprise-management.md
@@ -1,13 +1,10 @@
---
title: eSIM Enterprise Management
description: Learn how Mobile Device Management (MDM) Providers support the eSIM Profile Management Solution on Windows.
-keywords: eSIM enterprise management
ms.prod: w10
-ms.mktglfcycl:
-ms.sitesec: library
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
-ms.author: dansimp
+ms.author: vinpa
ms.topic: conceptual
---
diff --git a/windows/client-management/mdm/euiccs-csp.md b/windows/client-management/mdm/euiccs-csp.md
index e75cd3532d..8d50139134 100644
--- a/windows/client-management/mdm/euiccs-csp.md
+++ b/windows/client-management/mdm/euiccs-csp.md
@@ -1,14 +1,14 @@
---
title: eUICCs CSP
description: Learn how the eUICCs CSP is used to support eUICC enterprise use cases and enables the IT admin to manage (assign, reassign, remove) subscriptions to employees.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 03/02/2018
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# eUICCs CSP
@@ -19,6 +19,7 @@ The table below shows the applicability of Windows:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/euiccs-ddf-file.md b/windows/client-management/mdm/euiccs-ddf-file.md
index 1649e9b5ca..c17f08e0f3 100644
--- a/windows/client-management/mdm/euiccs-ddf-file.md
+++ b/windows/client-management/mdm/euiccs-ddf-file.md
@@ -1,20 +1,18 @@
---
title: eUICCs DDF file
description: Learn about the OMA DM device description framework (DDF) for the eUICCs configuration service provider (CSP).
-ms.assetid: c4cd4816-ad8f-45b2-9b81-8abb18254096
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 03/02/2018
---
# eUICCs DDF file
-
This topic shows the OMA DM device description framework (DDF) for the **eUICCs** configuration service provider. DDF files are used only with OMA DM provisioning XML.
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
diff --git a/windows/client-management/mdm/federated-authentication-device-enrollment.md b/windows/client-management/mdm/federated-authentication-device-enrollment.md
index 6dc5301d1b..d0e4cb46c1 100644
--- a/windows/client-management/mdm/federated-authentication-device-enrollment.md
+++ b/windows/client-management/mdm/federated-authentication-device-enrollment.md
@@ -1,14 +1,13 @@
---
title: Federated authentication device enrollment
description: This section provides an example of the mobile device enrollment protocol using federated authentication policy.
-ms.assetid: 049ECA6E-1AF5-4CB2-8F1C-A5F22D722DAA
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 07/28/2017
---
diff --git a/windows/client-management/mdm/firewall-csp.md b/windows/client-management/mdm/firewall-csp.md
index b5412b3604..af9202d9ca 100644
--- a/windows/client-management/mdm/firewall-csp.md
+++ b/windows/client-management/mdm/firewall-csp.md
@@ -1,14 +1,13 @@
---
title: Firewall CSP
description: The Firewall configuration service provider (CSP) allows the mobile device management (MDM) server to configure the Windows Defender Firewall global settings.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: manikadhiman
-ms.date: 11/29/2021
+author: vinaypamnani-msft
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Firewall configuration service provider (CSP)
@@ -19,6 +18,7 @@ The table below shows the applicability of Windows:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -97,6 +97,7 @@ Firewall
----------------Protocol
----------------LocalPortRanges
----------------RemotePortRanges
+----------------IcmpTypesAndCodes
----------------LocalAddressRanges
----------------RemoteAddressRanges
----------------Description
@@ -111,6 +112,13 @@ Firewall
----------------FriendlyName
----------------Status
----------------Name
+----------------RemoteAddressDynamicKeywords
+--------DynamicKeywords
+----------------Addresses
+-------------------------Id
+---------------------------------Keyword
+---------------------------------Addresses
+---------------------------------AutoResolve
```
**./Vendor/MSFT/Firewall**
@@ -244,7 +252,7 @@ Default value is true.
Value type is bool. Supported operations are Add, Get and Replace.
**/DefaultOutboundAction**
-This value is the action that the firewall does by default (and evaluates at the very end) on outbound connections. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, the local store value is used. DefaultOutboundAction will block all outbound traffic unless it's explicitly specified not to block.
+This value is the action that the firewall does by default (and evaluates at the very end) on outbound connections. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, the local store value is used. DefaultOutboundAction will allow all outbound traffic unless it's explicitly specified not to allow.
- 0x00000000 - allow
- 0x00000001 - block
@@ -340,11 +348,18 @@ Comma separated list of ranges, For example, 100-120,200,300-320.
If not specified, the default is All.
Value type is string. Supported operations are Add, Get, Replace, and Delete.
+
+**FirewallRules/_FirewallRuleName_/IcmpTypesAndCodes**
+ICMP types and codes applicable to the firewall rule. To specify all ICMP types and codes, use the “\*” character. For specific ICMP types and codes, use the “:” character to separate the type and code, for example, 3:4, 1:\*. The “\*” character can be used to represent any code. The “\*” character cannot be used to specify any type; examples such as “\*:4” or “\*:\*” are invalid.
+If not specified, the default is All.
+Value type is string. Supported operations are Add, Get, Replace, and Delete.
+
**FirewallRules/*FirewallRuleName*/LocalAddressRanges**
Comma-separated list of local addresses covered by the rule. The default value is "*". Valid tokens include:
- "*" indicates any local address. If present, the local address must be the only token included.
- A subnet can be specified using either the subnet mask or network prefix notation. If neither a subnet mask nor a network prefix is specified, the subnet mask defaults to 255.255.255.255.
+- A valid IPv4 address.
- A valid IPv6 address.
- An IPv4 address range in the format of "start address - end address" with no spaces included.
- An IPv6 address range in the format of "start address - end address" with no spaces included.
@@ -365,7 +380,8 @@ List of comma separated tokens specifying the remote addresses covered by the ru
- "Internet"
- "Ply2Renders"
- "LocalSubnet" indicates any local address on the local subnet. This token isn't case-sensitive.
-- A subnet can be specified using either the subnet mask or network prefix notation. If neither a subnet mask not a network prefix is specified, the subnet mask defaults to 255.255.255.255.
+- A subnet can be specified using either the subnet mask or network prefix notation. If neither a subnet mask nor a network prefix is specified, the subnet mask defaults to 255.255.255.255.
+- A valid IPv4 address.
- A valid IPv6 address.
- An IPv4 address range in the format of "start address - end address" with no spaces included.
- An IPv6 address range in the format of "start address - end address" with no spaces included.
@@ -438,6 +454,44 @@ Value type is string. Supported operation is Get.
Name of the rule.
Value type is string. Supported operations are Add, Get, Replace, and Delete.
+**FirewallRules/_FirewallRuleName_/RemoteAddressDynamicKeywords**
+Comma separated list of Dynamic Keyword Address Ids (GUID strings) specifying the remote addresses covered by the rule.
+Value type is string. Supported operations are Add, Get, Replace, and Delete.
+
+
+**MdmStore/DynamicKeywords**
+Interior node.
+Supported operation is Get.
+
+**MdmStore/DynamicKeywords/Addresses**
+Interior node.
+Supported operation is Get.
+
+**MdmStore/DynamicKeywords/Addresses/Id**
+A unique GUID string identifier for this dynamic keyword address.
+Value type is string. Supported operations are Add, Delete, and Get.
+
+**MdmStore/DynamicKeywords/Addresses/Id/Keyword**
+A String representing a keyword. If the AutoResolve value is true, this should be a Fully Qualified Domain Name (wildcards accepted, for example "contoso.com" or "*.contoso.com").
+Value type is string. Supported operations are Add, Delete, and Get.
+
+**MdmStore/DynamicKeywords/Addresses/Id/Addresses**
+Consists of one or more comma-delimited tokens specifying the addresses covered by this keyword. This value should not be set if AutoResolve is true.
+
+Valid tokens include:
+- A subnet specified using either the subnet mask or network prefix notation. If neither a subnet mask nor a network prefix is specified, the subnet mask defaults to 255.255.255.255.
+- A valid IPv4 address.
+- A valid IPv6 address.
+- An IPv4 address range in the format of "start address-end address" with no spaces included.
+- An IPv6 address range in the format of "start address-end address" with no spaces included.
+Supported operations are Add, Delete, Replace, and Get.
+
+**MdmStore/DynamicKeywords/Addresses/Id/AutoResolve**
+Boolean value. If this flag is set to TRUE, then the 'keyword' field of this object is expected to be a Fully Qualified Domain Name, and the addresses will be automatically resolved. This flag should only be set if the Microsoft Defender Advanced Threat Protection Service is present.
+Value type is string. Supported operations are Add, Delete, and Get.
+Value type is string. Supported operations are Add, Delete, and Get.
+
+
## Related topics
-[Configuration service provider reference](configuration-service-provider-reference.md)
\ No newline at end of file
+[Configuration service provider reference](configuration-service-provider-reference.md)
diff --git a/windows/client-management/mdm/firewall-ddf-file.md b/windows/client-management/mdm/firewall-ddf-file.md
index fa54a62a29..50b8729198 100644
--- a/windows/client-management/mdm/firewall-ddf-file.md
+++ b/windows/client-management/mdm/firewall-ddf-file.md
@@ -1,14 +1,14 @@
---
title: Firewall DDF file
description: Learn about the OMA DM device description framework (DDF) for the Firewall configuration service provider.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Firewall CSP
diff --git a/windows/client-management/mdm/get-inventory.md b/windows/client-management/mdm/get-inventory.md
index 1528b38039..2aa1418ebf 100644
--- a/windows/client-management/mdm/get-inventory.md
+++ b/windows/client-management/mdm/get-inventory.md
@@ -1,17 +1,16 @@
---
title: Get Inventory
description: The Get Inventory operation retrieves information from the Microsoft Store for Business to determine if new or updated applications are available.
-MS-HAID:
-- 'p\_phdevicemgmt.get\_seatblock'
-- 'p\_phDeviceMgmt.get\_inventory'
-ms.assetid: C5485722-FC49-4358-A097-74169B204E74
+MS-HAID:
+ - 'p\_phdevicemgmt.get\_seatblock'
+ - 'p\_phDeviceMgmt.get\_inventory'
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/18/2017
---
diff --git a/windows/client-management/mdm/get-localized-product-details.md b/windows/client-management/mdm/get-localized-product-details.md
index 42e72419df..373bebf5d7 100644
--- a/windows/client-management/mdm/get-localized-product-details.md
+++ b/windows/client-management/mdm/get-localized-product-details.md
@@ -1,14 +1,13 @@
---
title: Get localized product details
description: The Get localized product details operation retrieves the localization information of a product from the Microsoft Store for Business.
-ms.assetid: EF6AFCA9-8699-46C9-A3BB-CD2750C07901
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/07/2020
---
diff --git a/windows/client-management/mdm/get-offline-license.md b/windows/client-management/mdm/get-offline-license.md
index b75fe48a08..8960d7a7eb 100644
--- a/windows/client-management/mdm/get-offline-license.md
+++ b/windows/client-management/mdm/get-offline-license.md
@@ -1,14 +1,13 @@
---
title: Get offline license
description: The Get offline license operation retrieves the offline license information of a product from the Microsoft Store for Business.
-ms.assetid: 08DAD813-CF4D-42D6-A783-994A03AEE051
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/18/2017
---
diff --git a/windows/client-management/mdm/get-product-details.md b/windows/client-management/mdm/get-product-details.md
index 091c5884ce..14b0e24af9 100644
--- a/windows/client-management/mdm/get-product-details.md
+++ b/windows/client-management/mdm/get-product-details.md
@@ -1,14 +1,13 @@
---
title: Get product details
description: The Get product details operation retrieves the product information from the Microsoft Store for Business for a specific application.
-ms.assetid: BC432EBA-CE5E-43BD-BD54-942774767286
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/18/2017
---
diff --git a/windows/client-management/mdm/get-product-package.md b/windows/client-management/mdm/get-product-package.md
index 42061b81b9..2fa11f65b3 100644
--- a/windows/client-management/mdm/get-product-package.md
+++ b/windows/client-management/mdm/get-product-package.md
@@ -1,14 +1,13 @@
---
title: Get product package
description: The Get product package operation retrieves the information about a specific application in the Microsoft Store for Business.
-ms.assetid: 4314C65E-6DDC-405C-A591-D66F799A341F
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/18/2017
---
diff --git a/windows/client-management/mdm/get-product-packages.md b/windows/client-management/mdm/get-product-packages.md
index 3cb5f24efe..4312842783 100644
--- a/windows/client-management/mdm/get-product-packages.md
+++ b/windows/client-management/mdm/get-product-packages.md
@@ -1,14 +1,13 @@
---
title: Get product packages
description: The Get product packages operation retrieves the information about applications in the Microsoft Store for Business.
-ms.assetid: 039468BF-B9EE-4E1C-810C-9ACDD55C0835
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/18/2017
---
diff --git a/windows/client-management/mdm/get-seat.md b/windows/client-management/mdm/get-seat.md
index b8b6aa4fa6..66b6b7340f 100644
--- a/windows/client-management/mdm/get-seat.md
+++ b/windows/client-management/mdm/get-seat.md
@@ -1,14 +1,13 @@
---
title: Get seat
description: The Get seat operation retrieves the information about an active seat for a specified user in the Microsoft Store for Business.
-ms.assetid: 715BAEB2-79FD-4945-A57F-482F9E7D07C6
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/18/2017
---
diff --git a/windows/client-management/mdm/get-seats-assigned-to-a-user.md b/windows/client-management/mdm/get-seats-assigned-to-a-user.md
index 5f70d09f93..27a30678ae 100644
--- a/windows/client-management/mdm/get-seats-assigned-to-a-user.md
+++ b/windows/client-management/mdm/get-seats-assigned-to-a-user.md
@@ -1,14 +1,13 @@
---
title: Get seats assigned to a user
description: The Get seats assigned to a user operation retrieves information about assigned seats in the Microsoft Store for Business.
-ms.assetid: CB963E44-8C7C-46F9-A979-89BBB376172B
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/18/2017
---
diff --git a/windows/client-management/mdm/get-seats.md b/windows/client-management/mdm/get-seats.md
index 8872ddf1ec..333d467ee8 100644
--- a/windows/client-management/mdm/get-seats.md
+++ b/windows/client-management/mdm/get-seats.md
@@ -1,14 +1,13 @@
---
title: Get seats
description: The Get seats operation retrieves the information about active seats in the Microsoft Store for Business.
-ms.assetid: 32945788-47AC-4259-B616-F359D48F4F2F
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/18/2017
---
diff --git a/windows/client-management/mdm/healthattestation-csp.md b/windows/client-management/mdm/healthattestation-csp.md
index e9f9d1928d..9c85e6205e 100644
--- a/windows/client-management/mdm/healthattestation-csp.md
+++ b/windows/client-management/mdm/healthattestation-csp.md
@@ -1,14 +1,13 @@
---
title: Device HealthAttestation CSP
description: Learn how the DHA-CSP enables enterprise IT managers to assess if a device is booted to a trusted and compliant state, and take enterprise policy actions.
-ms.assetid: 6F2D783C-F6B4-4A81-B9A2-522C4661D1AC
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date:
---
@@ -20,6 +19,7 @@ The table below shows the applicability of Windows:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -138,7 +138,7 @@ Data fields:
- rpID (Relying Party Identifier): This field contains an identifier that can be used to help determine the caller.
- serviceEndpoint : This field contains the complete URL of the Microsoft Azure Attestation provider instance to be used for evaluation.
- nonce: This field contains an arbitrary number that can be used only once in a cryptographic communication. It's often a random or pseudo-random number issued in an authentication protocol to ensure that old communications can't be reused in replay attacks.
-- aadToken: The AAD token to be used for authentication against the Microsoft Azure Attestation service.
+- aadToken: The Azure Active Directory token to be used for authentication against the Microsoft Azure Attestation service.
- cv: This field contains an identifier(Correlation Vector) that will be passed in to the service call, and that can be used for diagnostics purposes.
Sample Data:
@@ -407,7 +407,7 @@ calls between client and MAA and for each call the GUID is separated by semicolo
};
```
-3. Call TriggerAttestation with your rpid, AAD token and the attestURI: Use the Attestation URL generated in step 1, and append the appropriate api version you want to hit. For more information about the api version, see [Attestation - Attest Tpm - REST API](/rest/api/attestation/attestation/attest-tpm).
+3. Call TriggerAttestation with your rpid, Azure Active Directory token and the attestURI: Use the Attestation URL generated in step 1, and append the appropriate api version you want to hit. For more information about the api version, see [Attestation - Attest Tpm - REST API](/rest/api/attestation/attestation/attest-tpm).
4. Call GetAttestReport and decode and parse the report to ensure the attested report contains the required properties: GetAttestReport return the signed attestation token as a JWT. The JWT can be decoded to parse the information per the attestation policy.
@@ -834,9 +834,8 @@ When the MDM-Server receives the above data, it must:
- Forward (HTTP Post) the XML data struct (including the nonce that was appended in the previous step) to the assigned DHA-Service that runs on:
- - DHA-Cloud (Microsoft owned and operated DHA-Service) scenario: [https://has.spserv.microsoft.com/DeviceHealthAttestation/ValidateHealthCertificate/v3](https://has.spserv.microsoft.com/DeviceHealthAttestation/ValidateHealthCertificate/v3)
- - DHA-OnPrem or DHA-EMC: [https://FullyQualifiedDomainName-FDQN/DeviceHealthAttestation/ValidateHealthCertificate/v3](https://FullyQualifiedDomainName-FDQN/DeviceHealthAttestation/ValidateHealthCertificate/v3)
-
+ - DHA-Cloud (Microsoft owned and operated DHA-Service) scenario: `https://has.spserv.microsoft.com/DeviceHealthAttestation/ValidateHealthCertificate/v3`
+ - DHA-OnPrem or DHA-EMC: `https://FullyQualifiedDomainName-FDQN/DeviceHealthAttestation/ValidateHealthCertificate/v3`
### Step 7: Receive response from the DHA-service
When the Microsoft Device Health Attestation Service receives a request for verification, it performs the following steps:
diff --git a/windows/client-management/mdm/healthattestation-ddf.md b/windows/client-management/mdm/healthattestation-ddf.md
index 6272e91bf1..1d1e14d1ab 100644
--- a/windows/client-management/mdm/healthattestation-ddf.md
+++ b/windows/client-management/mdm/healthattestation-ddf.md
@@ -1,14 +1,13 @@
---
title: HealthAttestation DDF
description: Learn about the OMA DM device description framework (DDF) for the HealthAttestation configuration service provider.
-ms.assetid: D20AC78D-D2D4-434B-B9FD-294BCD9D1DDE
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/implement-server-side-mobile-application-management.md b/windows/client-management/mdm/implement-server-side-mobile-application-management.md
index 35bed03a19..9d71b7234b 100644
--- a/windows/client-management/mdm/implement-server-side-mobile-application-management.md
+++ b/windows/client-management/mdm/implement-server-side-mobile-application-management.md
@@ -1,77 +1,77 @@
---
-title: Implement server-side support for mobile application management on Windows
+title: Support for mobile application management on Windows
description: Learn about implementing the Windows version of mobile application management (MAM), which is a lightweight solution for managing company data access and security on personal devices.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
-ms.date: 06/26/2017
+author: vinaypamnani-msft
+ms.date: 08/03/2022
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
-# Implement server-side support for mobile application management on Windows
+# Support for mobile application management on Windows
The Windows version of mobile application management (MAM) is a lightweight solution for managing company data access and security on personal devices. MAM support is built into Windows on top of Windows Information Protection (WIP), starting in Windows 10, version 1703.
## Integration with Azure AD
-MAM on Windows is integrated with Azure Active Directory (Azure AD) identity service. The MAM service supports Azure AD-integrated authentication for the user and the device during enrollment and the downloading of MAM policies. MAM integration with Azure AD is similar to mobile device management (MDM) integration. See [Azure Active Directory integration with MDM](azure-active-directory-integration-with-mdm.md).
+MAM on Windows is integrated with Azure Active Directory (Azure AD) identity service. The MAM service supports Azure AD-integrated authentication for the user and the device during enrollment and the downloading of MAM policies. MAM integration with Azure AD is similar to mobile device management (MDM) integration. See [Azure Active Directory integration with MDM](azure-active-directory-integration-with-mdm.md).
-MAM enrollment is integrated with adding a work account flow to a personal device. If both MAM and Azure AD-integrated MDM services are provided in an organization, a user's personal devices will be enrolled to MAM or MDM, depending on the user’s actions. If a user adds their work or school Azure AD account as a secondary account to the machine, their device will be enrolled to MAM. If a user joins their device to Azure AD, it will be enrolled to MDM. In general, a device that has a personal account as its primary account is considered a personal device and should be enrolled to MAM. An Azure AD join, and enrollment to MDM, should be used to manage corporate devices.
+MAM enrollment is integrated with adding a work account flow to a personal device. If both MAM and Azure AD-integrated MDM services are provided in an organization, a user's personal devices will be enrolled to MAM or MDM, depending on the user’s actions. If a user adds their work or school Azure AD account as a secondary account to the machine, their device will be enrolled to MAM. If a user joins their device to Azure AD, it will be enrolled to MDM. In general, a device that has a personal account as its primary account is considered a personal device and should be enrolled to MAM. An Azure AD join, and enrollment to MDM, should be used to manage corporate devices.
-On personal devices, users can add an Azure AD account as a secondary account to the device while keeping their personal account as primary. Users can add an Azure AD account to the device from a supported Azure AD-integrated application, such as the next update of Microsoft Office 365 or Microsoft Office Mobile. Alternatively, users can add an Azure AD account from **Settings > Accounts > Access work or school**.
+On personal devices, users can add an Azure AD account as a secondary account to the device while keeping their personal account as primary. Users can add an Azure AD account to the device from a supported Azure AD-integrated application, such as the next update of Microsoft Office 365 or Microsoft Office Mobile. Alternatively, users can add an Azure AD account from **Settings > Accounts > Access work or school**.
-Regular non-admin users can enroll to MAM.
+Regular non-admin users can enroll to MAM.
-## Integration with Windows Information Protection
+## Integration with Windows Information Protection
-MAM on Windows takes advantage of [built-in Windows Information Protection (WIP) policies](/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip) to protect company data on the device. To protect user-owned applications on personal devices, MAM limits enforcement of WIP policies to [enlightened apps](/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip) and WIP-aware apps. Enlightened apps can differentiate between corporate and personal data, correctly determining which to protect based on WIP policies. WIP-aware apps indicate to Windows that they don't handle personal data, and therefore, it's safe for Windows to protect data on their behalf.
+MAM on Windows takes advantage of [built-in Windows Information Protection (WIP) policies](/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip) to protect company data on the device. To protect user-owned applications on personal devices, MAM limits enforcement of WIP policies to [enlightened apps](/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip) and WIP-aware apps. Enlightened apps can differentiate between corporate and personal data, correctly determining which to protect based on WIP policies. WIP-aware apps indicate to Windows that they don't handle personal data, and therefore, it's safe for Windows to protect data on their behalf.
-To make applications WIP-aware, app developers need to include the following data in the app resource file.
+To make applications WIP-aware, app developers need to include the following data in the app resource file.
``` syntax
-// Mark this binary as Allowed for WIP (EDP) purpose
- MICROSOFTEDPAUTOPROTECTIONALLOWEDAPPINFO EDPAUTOPROTECTIONALLOWEDAPPINFOID
- BEGIN
- 0x0001
- END
+// Mark this binary as Allowed for WIP (EDP) purpose
+ MICROSOFTEDPAUTOPROTECTIONALLOWEDAPPINFO EDPAUTOPROTECTIONALLOWEDAPPINFOID
+ BEGIN
+ 0x0001
+ END
```
## Configuring an Azure AD tenant for MAM enrollment
-MAM enrollment requires integration with Azure AD. The MAM service provider needs to publish the Management MDM app to the Azure AD app gallery. With Azure AD in Windows 10, version 1703, onward, the same cloud-based Management MDM app will support both MDM and MAM enrollments. If you've already published your MDM app, it needs to be updated to include MAM Enrollment and Terms of use URLs. The screenshot below illustrates the management app for an IT admin configuration.
+MAM enrollment requires integration with Azure AD. The MAM service provider needs to publish the Management MDM app to the Azure AD app gallery. With Azure AD in Windows 10, version 1703, onward, the same cloud-based Management MDM app will support both MDM and MAM enrollments. If you've already published your MDM app, it needs to be updated to include MAM Enrollment and Terms of use URLs. The screenshot below illustrates the management app for an IT admin configuration.
:::image type="content" alt-text="Mobile application management app." source="images/implement-server-side-mobile-application-management.png":::
-MAM and MDM services in an organization could be provided by different vendors. Depending on the company configuration, IT admin typically needs to add one or two Azure AD Management apps to configure MAM and MDM policies. For example, if both MAM and MDM are provided by the same vendor, then an IT Admin needs to add one Management app from this vendor that will contain both MAM and MDM policies for the organization. Alternatively, if the MAM and MDM services in an organization are provided by two different vendors, then two Management apps from the two vendors need to be configured for the company in Azure AD: one for MAM and one for MDM.
+MAM and MDM services in an organization could be provided by different vendors. Depending on the company configuration, IT admin typically needs to add one or two Azure AD Management apps to configure MAM and MDM policies. For example, if both MAM and MDM are provided by the same vendor, then an IT Admin needs to add one Management app from this vendor that will contain both MAM and MDM policies for the organization. Alternatively, if the MAM and MDM services in an organization are provided by two different vendors, then two Management apps from the two vendors need to be configured for the company in Azure AD: one for MAM and one for MDM.
> [!NOTE]
-> If the MDM service in an organization isn't integrated with Azure AD and uses auto-discovery, only one Management app for MAM needs to be configured.
+> If the MDM service in an organization isn't integrated with Azure AD and uses auto-discovery, only one Management app for MAM needs to be configured.
## MAM enrollment
-MAM enrollment is based on the MAM extension of [[MS-MDE2] protocol](/openspecs/windows_protocols/ms-mde2/4d7eadd5-3951-4f1c-8159-c39e07cbe692). MAM enrollment supports Azure AD [federated authentication](federated-authentication-device-enrollment.md) as the only authentication method.
+MAM enrollment is based on the MAM extension of [[MS-MDE2] protocol](/openspecs/windows_protocols/ms-mde2/4d7eadd5-3951-4f1c-8159-c39e07cbe692). MAM enrollment supports Azure AD [federated authentication](federated-authentication-device-enrollment.md) as the only authentication method.
-Below are protocol changes for MAM enrollment:
-- MDM discovery isn't supported.
+Below are protocol changes for MAM enrollment:
+- MDM discovery isn't supported.
- APPAUTH node in [DMAcc CSP](dmacc-csp.md) is optional.
-- MAM enrollment variation of [MS-MDE2] protocol doesn't support the client authentication certificate, and therefore doesn't support the [MS-XCEP] protocol. Servers must use an Azure AD token for client authentication during policy syncs. Policy sync sessions must be performed over one-way SSL using server certificate authentication.
+- MAM enrollment variation of [MS-MDE2] protocol doesn't support the client authentication certificate, and therefore doesn't support the [MS-XCEP] protocol. Servers must use an Azure AD token for client authentication during policy syncs. Policy sync sessions must be performed over one-way SSL using server certificate authentication.
-Here's an example provisioning XML for MAM enrollment.
+Here's an example provisioning XML for MAM enrollment.
```xml
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
```
Since the [Poll](dmclient-csp.md#provider-providerid-poll) node isn’t provided above, the device would default to once every 24 hours.
@@ -80,27 +80,27 @@ Since the [Poll](dmclient-csp.md#provider-providerid-poll) node isn’t provided
MAM on Windows supports the following configuration service providers (CSPs). All other CSPs will be blocked. Note the list may change later based on customer feedback:
-- [AppLocker CSP](applocker-csp.md) for configuration of WIP enterprise allowed apps.
+- [AppLocker CSP](applocker-csp.md) for configuration of Windows Information Protection enterprise allowed apps.
- [ClientCertificateInstall CSP](clientcertificateinstall-csp.md) for installing VPN and Wi-Fi certs.
- [DeviceStatus CSP](devicestatus-csp.md) required for Conditional Access support (starting with Windows 10, version 1703).
- [DevInfo CSP](devinfo-csp.md).
- [DMAcc CSP](dmacc-csp.md).
- [DMClient CSP](dmclient-csp.md) for polling schedules configuration and MDM discovery URL.
-- [EnterpriseDataProtection CSP](enterprisedataprotection-csp.md) has WIP policies.
+- [EnterpriseDataProtection CSP](enterprisedataprotection-csp.md) has Windows Information Protection policies.
- [Health Attestation CSP](healthattestation-csp.md) required for Conditional Access support (starting with Windows 10, version 1703).
- [PassportForWork CSP](passportforwork-csp.md) for Windows Hello for Business PIN management.
- [Policy CSP](policy-configuration-service-provider.md) specifically for NetworkIsolation and DeviceLock areas.
-- [Reporting CSP](reporting-csp.md) for retrieving WIP logs.
+- [Reporting CSP](reporting-csp.md) for retrieving Windows Information Protection logs.
- [RootCaTrustedCertificates CSP](rootcacertificates-csp.md).
- [VPNv2 CSP](vpnv2-csp.md) should be omitted for deployments where IT is planning to allow access and protect cloud-only resources with MAM.
-- [WiFi CSP](wifi-csp.md) should be omitted for deployments where IT is planning to allow access and protect cloud-only resources with MAM.
+- [WiFi CSP](wifi-csp.md) should be omitted for deployments where IT is planning to allow access and protect cloud-only resources with MAM.
## Device lock policies and EAS
-MAM supports device lock policies similar to MDM. The policies are configured by DeviceLock area of Policy CSP and PassportForWork CSP.
+MAM supports device lock policies similar to MDM. The policies are configured by DeviceLock area of Policy CSP and PassportForWork CSP.
-We don't recommend configuring both Exchange ActiveSync (EAS) and MAM policies for the same device. However, if both are configured, the client will behave as follows:
+We don't recommend configuring both Exchange ActiveSync (EAS) and MAM policies for the same device. However, if both are configured, the client will behave as follows:
- When EAS policies are sent to a device that already has MAM policies, Windows evaluates whether the existing MAM policies are compliant with the configured EAS policies, and reports compliance with EAS.
- If the device is found to be compliant, EAS will report compliance with the server to allow mail to sync. MAM supports mandatory EAS policies only. Checking EAS compliance doesn't require device admin rights.
@@ -116,13 +116,13 @@ MAM policy syncs are modeled after MDM. The MAM client uses an Azure AD token to
Windows doesn't support applying both MAM and MDM policies to the same devices. If configured by the admin, users can change their MAM enrollment to MDM.
> [!NOTE]
-> When users upgrade from MAM to MDM on Windows Home edition, they lose access to WIP. On Windows Home edition, we don't recommend pushing MDM policies to enable users to upgrade.
+> When users upgrade from MAM to MDM on Windows Home edition, they lose access to Windows Information Protection. On Windows Home edition, we don't recommend pushing MDM policies to enable users to upgrade.
To configure MAM device for MDM enrollment, the admin needs to configure the MDM Discovery URL in the DMClient CSP. This URL will be used for MDM enrollment.
-In the process of changing MAM enrollment to MDM, MAM policies will be removed from the device after MDM policies have been successfully applied. Normally when WIP policies are removed from the device, the user’s access to WIP-protected documents is revoked (selective wipe) unless EDP CSP RevokeOnUnenroll is set to false. To prevent selective wipe on enrollment change from MAM to MDM, the admin needs to ensure that:
+In the process of changing MAM enrollment to MDM, MAM policies will be removed from the device after MDM policies have been successfully applied. Normally when Windows Information Protection policies are removed from the device, the user’s access to WIP-protected documents is revoked (selective wipe) unless EDP CSP RevokeOnUnenroll is set to false. To prevent selective wipe on enrollment change from MAM to MDM, the admin needs to ensure that:
-- Both MAM and MDM policies for the organization support WIP.
+- Both MAM and MDM policies for the organization support Windows Information Protection.
- EDP CSP Enterprise ID is the same for both MAM and MDM.
- EDP CSP RevokeOnMDMHandoff is set to false.
diff --git a/windows/client-management/mdm/index.md b/windows/client-management/mdm/index.md
deleted file mode 100644
index 7fe9cd95eb..0000000000
--- a/windows/client-management/mdm/index.md
+++ /dev/null
@@ -1,84 +0,0 @@
----
-title: Mobile device management
-description: Windows 10 and Windows 11 provides an enterprise-level solution to mobile management, to help IT pros comply with security policies while avoiding compromise of user's privacy
-MS-HAID:
-- 'p\_phDeviceMgmt.provisioning\_and\_device\_management'
-- 'p\_phDeviceMgmt.mobile\_device\_management\_windows\_mdm'
-ms.assetid: 50ac90a7-713e-4487-9cb9-b6d6fdaa4e5b
-ms.author: dansimp
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: dansimp
-ms.collection: highpri
----
-
-# Mobile device management
-
-Windows 10 and Windows 11 provides an enterprise management solution to help IT pros manage company security policies and business applications, while avoiding compromise of the users' privacy on their personal devices. A built-in management component can communicate with the management server.
-
-There are two parts to the Windows management component:
-
-- The enrollment client, which enrolls and configures the device to communicate with the enterprise management server.
-- The management client, which periodically synchronizes with the management server to check for updates and apply the latest policies set by IT.
-
-Third-party MDM servers can manage Windows 10 by using the MDM protocol. The built-in management client is able to communicate with a third-party server proxy that supports the protocols outlined in this document to perform enterprise management tasks. The third-party server will have the same consistent first-party user experience for enrollment, which also provides simplicity for Windows 10 users. MDM servers don't need to create or download a client to manage Windows 10. For details about the MDM protocols, see [\[MS-MDM\]: Mobile Device Management Protocol](/openspecs/windows_protocols/ms-mdm/33769a92-ac31-47ef-ae7b-dc8501f7104f) and [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2](/openspecs/windows_protocols/ms-mde2/4d7eadd5-3951-4f1c-8159-c39e07cbe692).
-
-## MDM security baseline
-
-With Windows 10, version 1809, Microsoft is also releasing a Microsoft MDM security baseline that functions like the Microsoft GP-based security baseline. You can easily integrate this baseline into any MDM to support IT pros' operational needs, addressing security concerns for modern cloud-managed devices.
-
-The MDM security baseline includes policies that cover the following areas:
-
-- Microsoft inbox security technology (not deprecated) such as BitLocker, Windows Defender SmartScreen, and Device Guard (virtual-based security), Exploit Guard, Microsoft Defender Antivirus, and Firewall
-- Restricting remote access to devices
-- Setting credential requirements for passwords and PINs
-- Restricting use of legacy technology
-- Legacy technology policies that offer alternative solutions with modern technology
-- And much more
-
-For more details about the MDM policies defined in the MDM security baseline and what Microsoft's recommended baseline policy values are, see:
-
-- [MDM Security baseline for Windows 11](https://download.microsoft.com/download/2/C/4/2C418EC7-31E0-4A74-8928-6DCD512F9A46/Windows11-MDM-SecurityBaseLine-Document.zip)
-- [MDM Security baseline for Windows 10, version 2004](https://download.microsoft.com/download/2/C/4/2C418EC7-31E0-4A74-8928-6DCD512F9A46/2004-MDM-SecurityBaseLine-Document.zip)
-- [MDM Security baseline for Windows 10, version 1909](https://download.microsoft.com/download/2/C/4/2C418EC7-31E0-4A74-8928-6DCD512F9A46/1909-MDM-SecurityBaseLine-Document.zip)
-- [MDM Security baseline for Windows 10, version 1903](https://download.microsoft.com/download/2/C/4/2C418EC7-31E0-4A74-8928-6DCD512F9A46/1903-MDM-SecurityBaseLine-Document.zip)
-
-- [MDM Security baseline for Windows 10, version 1809](https://download.microsoft.com/download/2/C/4/2C418EC7-31E0-4A74-8928-6DCD512F9A46/1809-MDM-SecurityBaseLine-Document-[Preview].zip)
-
-For information about the MDM policies defined in the Intune security baseline, see [Windows security baseline settings for Intune](/mem/intune/protect/security-baseline-settings-mdm-all).
-
-
-
-## Learn about migrating to MDM
-
-When an organization wants to move to MDM to manage devices, they should prepare by analyzing their current Group Policy settings to see what they need to transition to MDM management. Microsoft created the [MDM Migration Analysis Tool](https://aka.ms/mmat/) (MMAT) to help. MMAT determines which Group Policies have been set for a target user or computer and then generates a report that lists the level of support for each policy setting in MDM equivalents. For more information, see [MMAT Instructions](https://github.com/WindowsDeviceManagement/MMAT/blob/master/MDM%20Migration%20Analysis%20Tool%20Instructions.pdf).
-
-
-## Learn about device enrollment
-
-
-- [Mobile device enrollment](mobile-device-enrollment.md)
-- [Federated authentication device enrollment](federated-authentication-device-enrollment.md)
-- [Certificate authentication device enrollment](certificate-authentication-device-enrollment.md)
-- [On-premise authentication device enrollment](on-premise-authentication-device-enrollment.md)
-
-## Learn about device management
-
-
-- [Azure Active Directory integration with MDM](azure-active-directory-integration-with-mdm.md)
-- [Enterprise app management](enterprise-app-management.md)
-- [Mobile device management (MDM) for device updates](device-update-management.md)
-- [Enable offline upgrades to Windows 10 for Windows Embedded 8.1 Handheld devices](enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md)
-- [OMA DM protocol support](oma-dm-protocol-support.md)
-- [Structure of OMA DM provisioning files](structure-of-oma-dm-provisioning-files.md)
-- [Server requirements for OMA DM](server-requirements-windows-mdm.md)
-- [Enterprise settings, policies, and app management](windows-mdm-enterprise-settings.md)
-
-## Learn about configuration service providers
-
-
-- [Configuration service provider reference](configuration-service-provider-reference.md)
-- [WMI providers supported in Windows 10](wmi-providers-supported-in-windows.md)
-- [Using PowerShell scripting with the WMI Bridge Provider](using-powershell-scripting-with-the-wmi-bridge-provider.md)
-- [MDM Bridge WMI Provider](/windows/win32/dmwmibridgeprov/mdm-bridge-wmi-provider-portal)
diff --git a/windows/client-management/mdm/index.yml b/windows/client-management/mdm/index.yml
new file mode 100644
index 0000000000..93540583f5
--- /dev/null
+++ b/windows/client-management/mdm/index.yml
@@ -0,0 +1,79 @@
+### YamlMime:Landing
+
+title: Mobile Device Management # < 60 chars
+summary: Find out how to enroll Windows devices and manage company security policies and business applications. # < 160 chars
+
+metadata:
+ title: Mobile Device Management # Required; page title displayed in search results. Include the brand. < 60 chars.
+ description: Find out how to enroll Windows devices and manage company security policies and business applications. # Required; article description that is displayed in search results. < 160 chars.
+ ms.topic: landing-page # Required
+ services: windows-10
+ ms.prod: windows
+ ms.collection:
+ - windows-10
+ - highpri
+ ms.custom: intro-hub-or-landing
+ author: vinaypamnani-msft
+ ms.author: vinpa
+ manager: aaroncz
+ ms.date: 08/04/2022
+ localization_priority: medium
+
+# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new
+
+landingContent:
+ # Cards and links should be based on top customer tasks or top subjects
+ # Start card title with a verb
+ # Card (optional)
+ - title: Device enrollment
+ linkLists:
+ - linkListType: overview
+ links:
+ - text: Mobile device enrollment
+ url: mobile-device-enrollment.md
+ - linkListType: concept
+ links:
+ - text: Enroll Windows devices
+ url: mdm-enrollment-of-windows-devices.md
+ - text: Automatic enrollment using Azure AD
+ url: azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md
+ - text: Automatic enrollment using Group Policy
+ url: enroll-a-windows-10-device-automatically-using-group-policy.md
+ - text: Bulk enrollment
+ url: bulk-enrollment-using-windows-provisioning-tool.md
+
+ # Card (optional)
+ - title: Device management
+ linkLists:
+ - linkListType: overview
+ links:
+ - text: Enterprise settings, policies, and app management
+ url: windows-mdm-enterprise-settings.md
+ - linkListType: concept
+ links:
+ - text: Enterprise app management
+ url: enterprise-app-management.md
+ - text: Device updates management
+ url: device-update-management.md
+ - text: Secured-core PC configuration lock
+ url: config-lock.md
+ - text: Diagnose MDM failures
+ url: diagnose-mdm-failures-in-windows-10.md
+
+ # Card (optional)
+ - title: CSP reference
+ linkLists:
+ - linkListType: overview
+ links:
+ - text: Configuration service provider reference
+ url: configuration-service-provider-reference.md
+ - linkListType: reference
+ links:
+ - text: Policy CSP
+ url: policy-configuration-service-provider.md
+ - text: Policy CSP - Update
+ url: policy-csp-update.md
+ - text: DynamicManagement CSP
+ url: dynamicmanagement-csp.md
+ - text: BitLocker CSP
+ url: bitlocker-csp.md
diff --git a/windows/client-management/mdm/management-tool-for-windows-store-for-business.md b/windows/client-management/mdm/management-tool-for-windows-store-for-business.md
index d210a1ee7e..e67b40bb24 100644
--- a/windows/client-management/mdm/management-tool-for-windows-store-for-business.md
+++ b/windows/client-management/mdm/management-tool-for-windows-store-for-business.md
@@ -1,17 +1,16 @@
---
title: Management tool for the Microsoft Store for Business
description: The Microsoft Store for Business has a new web service designed for the enterprise to acquire, manage, and distribute applications in bulk.
-MS-HAID:
-- 'p\_phdevicemgmt.business\_store\_portal\_management\_tool'
-- 'p\_phDeviceMgmt.management\_tool\_for\_windows\_store\_for\_business'
-ms.assetid: 0E39AE85-1703-4B24-9A7F-831C6455068F
+MS-HAID:
+ - 'p\_phdevicemgmt.business\_store\_portal\_management\_tool'
+ - 'p\_phDeviceMgmt.management\_tool\_for\_windows\_store\_for\_business'
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 10/27/2017
---
diff --git a/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md b/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md
index 632623eed5..d8748f2ee6 100644
--- a/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md
+++ b/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md
@@ -1,17 +1,16 @@
---
title: MDM enrollment of Windows 10-based devices
description: Learn about mobile device management (MDM) enrollment of Windows 10-based devices to simplify access to your organization’s resources.
-MS-HAID:
-- 'p\_phdevicemgmt.enrollment\_ui'
-- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices'
-ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883
+MS-HAID:
+ - 'p\_phdevicemgmt.enrollment\_ui'
+ - 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices'
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.collection: highpri
---
@@ -274,7 +273,7 @@ The deep link used for connecting your device to work will always use the follow
| Parameter | Description | Supported Value for Windows 10|
|-----------|--------------------------------------------------------------|----------------------------------------------|
-| mode | Describes which mode will be executed in the enrollment app. Added in Windows 10, version 1607| Mobile Device Management (MDM), Adding Work Account (AWA), and Azure Active Directory Joined (AADJ). |
+| mode | Describes which mode will be executed in the enrollment app. Added in Windows 10, version 1607| Mobile Device Management (MDM), Adding Work Account (AWA), and Azure Active Directory-joined. |
|username | Specifies the email address or UPN of the user who should be enrolled into MDM. Added in Windows 10, version 1703. | string |
| servername | Specifies the MDM server URL that will be used to enroll the device. Added in Windows 10, version 1703. | string|
| accesstoken | Custom parameter for MDM servers to use as they see fit. Typically, this parameter's value can be used as a token to validate the enrollment request. Added in Windows 10, version 1703. | string |
@@ -283,7 +282,7 @@ The deep link used for connecting your device to work will always use the follow
| ownership | Custom parameter for MDM servers to use as they see fit. Typically, this parameter's value can be used to determine whether the device is BYOD or Corp Owned. Added in Windows 10, version 1703. | 1, 2, or 3. Where "1" means ownership is unknown, "2" means the device is personally owned, and "3" means the device is corporate-owned |
> [!NOTE]
-> AWA and AADJ values for mode are only supported on Windows 10, version 1709 and later.
+> AWA and Azure Active Directory-joined values for mode are only supported on Windows 10, version 1709 and later.
### Connect to MDM using a deep link
diff --git a/windows/client-management/mdm/mdm-overview.md b/windows/client-management/mdm/mdm-overview.md
new file mode 100644
index 0000000000..d0e376cd1f
--- /dev/null
+++ b/windows/client-management/mdm/mdm-overview.md
@@ -0,0 +1,72 @@
+---
+title: Mobile Device Management overview
+description: Windows 10 and Windows 11 provide an enterprise-level solution to mobile management, to help IT pros comply with security policies while avoiding compromise of user's privacy.
+ms.date: 08/04/2022
+ms.technology: windows
+ms.topic: article
+ms.prod: w10
+ms.localizationpriority: medium
+author: vinaypamnani-msft
+ms.author: vinpa
+manager: aaroncz
+ms.collection: highpri
+---
+
+# Mobile Device Management overview
+
+Windows 10 and Windows 11 provide an enterprise management solution to help IT pros manage company security policies and business applications, while avoiding compromise of the users' privacy on their personal devices. A built-in management component can communicate with the management server.
+
+There are two parts to the Windows management component:
+
+- The enrollment client, which enrolls and configures the device to communicate with the enterprise management server.
+- The management client, which periodically synchronizes with the management server to check for updates and apply the latest policies set by IT.
+
+Third-party MDM servers can manage Windows 10 by using the MDM protocol. The built-in management client is able to communicate with a third-party server proxy that supports the protocols outlined in this document to perform enterprise management tasks. The third-party server will have the same consistent first-party user experience for enrollment, which also provides simplicity for Windows 10 users. MDM servers don't need to create or download a client to manage Windows 10. For details about the MDM protocols, see [\[MS-MDM\]: Mobile Device Management Protocol](/openspecs/windows_protocols/ms-mdm/33769a92-ac31-47ef-ae7b-dc8501f7104f) and [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2](/openspecs/windows_protocols/ms-mde2/4d7eadd5-3951-4f1c-8159-c39e07cbe692).
+
+## MDM security baseline
+
+With Windows 10, version 1809, Microsoft is also releasing a Microsoft MDM security baseline that functions like the Microsoft GP-based security baseline. You can easily integrate this baseline into any MDM to support IT pros' operational needs, addressing security concerns for modern cloud-managed devices.
+
+The MDM security baseline includes policies that cover the following areas:
+
+- Microsoft inbox security technology (not deprecated) such as BitLocker, Windows Defender SmartScreen, and Device Guard (virtual-based security), Exploit Guard, Microsoft Defender Antivirus, and Firewall
+- Restricting remote access to devices
+- Setting credential requirements for passwords and PINs
+- Restricting use of legacy technology
+- Legacy technology policies that offer alternative solutions with modern technology
+- And much more
+
+For more information about the MDM policies defined in the MDM security baseline and what Microsoft's recommended baseline policy values are, see:
+
+- [MDM Security baseline for Windows 11](https://download.microsoft.com/download/2/C/4/2C418EC7-31E0-4A74-8928-6DCD512F9A46/Windows11-MDM-SecurityBaseLine-Document.zip)
+- [MDM Security baseline for Windows 10, version 2004](https://download.microsoft.com/download/2/C/4/2C418EC7-31E0-4A74-8928-6DCD512F9A46/2004-MDM-SecurityBaseLine-Document.zip)
+- [MDM Security baseline for Windows 10, version 1909](https://download.microsoft.com/download/2/C/4/2C418EC7-31E0-4A74-8928-6DCD512F9A46/1909-MDM-SecurityBaseLine-Document.zip)
+- [MDM Security baseline for Windows 10, version 1903](https://download.microsoft.com/download/2/C/4/2C418EC7-31E0-4A74-8928-6DCD512F9A46/1903-MDM-SecurityBaseLine-Document.zip)
+- [MDM Security baseline for Windows 10, version 1809](https://download.microsoft.com/download/2/C/4/2C418EC7-31E0-4A74-8928-6DCD512F9A46/1809-MDM-SecurityBaseLine-Document-[Preview].zip)
+
+For information about the MDM policies defined in the Intune security baseline, see [Windows security baseline settings for Intune](/mem/intune/protect/security-baseline-settings-mdm-all).
+
+## Learn about device enrollment
+
+- [Mobile device enrollment](mobile-device-enrollment.md)
+- [Federated authentication device enrollment](federated-authentication-device-enrollment.md)
+- [Certificate authentication device enrollment](certificate-authentication-device-enrollment.md)
+- [On-premise authentication device enrollment](on-premise-authentication-device-enrollment.md)
+
+## Learn about device management
+
+- [Azure Active Directory integration with MDM](azure-active-directory-integration-with-mdm.md)
+- [Enterprise app management](enterprise-app-management.md)
+- [Mobile device management (MDM) for device updates](device-update-management.md)
+- [Enable offline upgrades to Windows 10 for Windows Embedded 8.1 Handheld devices](enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md)
+- [OMA DM protocol support](oma-dm-protocol-support.md)
+- [Structure of OMA DM provisioning files](structure-of-oma-dm-provisioning-files.md)
+- [Server requirements for OMA DM](server-requirements-windows-mdm.md)
+- [Enterprise settings, policies, and app management](windows-mdm-enterprise-settings.md)
+
+## Learn about configuration service providers
+
+- [Configuration service provider reference](configuration-service-provider-reference.md)
+- [WMI providers supported in Windows 10](wmi-providers-supported-in-windows.md)
+- [Using PowerShell scripting with the WMI Bridge Provider](using-powershell-scripting-with-the-wmi-bridge-provider.md)
+- [MDM Bridge WMI Provider](/windows/win32/dmwmibridgeprov/mdm-bridge-wmi-provider-portal)
diff --git a/windows/client-management/mdm/mobile-device-enrollment.md b/windows/client-management/mdm/mobile-device-enrollment.md
index 7a55677360..b161e96c13 100644
--- a/windows/client-management/mdm/mobile-device-enrollment.md
+++ b/windows/client-management/mdm/mobile-device-enrollment.md
@@ -1,14 +1,13 @@
---
title: Mobile device enrollment
description: Learn how mobile device enrollment verifies that only authenticated and authorized devices can be managed by their enterprise.
-ms.assetid: 08C8B3DB-3263-414B-A368-F47B94F47A11
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 08/11/2017
ms.collection: highpri
---
diff --git a/windows/client-management/mdm/multisim-csp.md b/windows/client-management/mdm/multisim-csp.md
index a2823f1674..0042735b48 100644
--- a/windows/client-management/mdm/multisim-csp.md
+++ b/windows/client-management/mdm/multisim-csp.md
@@ -1,14 +1,14 @@
---
title: MultiSIM CSP
description: MultiSIM configuration service provider (CSP) allows the enterprise to manage devices with dual SIM single active configuration.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 03/22/2018
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# MultiSIM CSP
@@ -19,6 +19,7 @@ The table below shows the applicability of Windows:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/multisim-ddf.md b/windows/client-management/mdm/multisim-ddf.md
index 18b9586283..662c3e0384 100644
--- a/windows/client-management/mdm/multisim-ddf.md
+++ b/windows/client-management/mdm/multisim-ddf.md
@@ -1,14 +1,14 @@
---
title: MultiSIM DDF file
description: XML file containing the device description framework for the MultiSIM configuration service provider.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 02/27/2018
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# MultiSIM DDF
diff --git a/windows/client-management/mdm/nap-csp.md b/windows/client-management/mdm/nap-csp.md
index 0bb096d110..2a4d93d58f 100644
--- a/windows/client-management/mdm/nap-csp.md
+++ b/windows/client-management/mdm/nap-csp.md
@@ -1,14 +1,13 @@
---
title: NAP CSP
description: Learn how the Network Access Point (NAP) configuration service provider (CSP) is used to manage and query GPRS and CDMA connections.
-ms.assetid: 82f04492-88a6-4afd-af10-a62b8d444d21
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
@@ -20,6 +19,7 @@ The table below shows the applicability of Windows:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/napdef-csp.md b/windows/client-management/mdm/napdef-csp.md
index a332c37d9c..ebef8beec0 100644
--- a/windows/client-management/mdm/napdef-csp.md
+++ b/windows/client-management/mdm/napdef-csp.md
@@ -1,14 +1,13 @@
---
title: NAPDEF CSP
description: Learn how the NAPDEF configuration service provider (CSP) is used to add, modify, or delete WAP network access points (NAPs).
-ms.assetid: 9bcc65dd-a72b-4f90-aba7-4066daa06988
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
@@ -20,6 +19,7 @@ The table below shows the applicability of Windows:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/networkproxy-csp.md b/windows/client-management/mdm/networkproxy-csp.md
index e97a9517eb..c249a38718 100644
--- a/windows/client-management/mdm/networkproxy-csp.md
+++ b/windows/client-management/mdm/networkproxy-csp.md
@@ -1,14 +1,14 @@
---
title: NetworkProxy CSP
description: Learn how the NetworkProxy configuration service provider (CSP) is used to configure a proxy server for ethernet and Wi-Fi connections.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 08/29/2018
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# NetworkProxy CSP
@@ -19,6 +19,7 @@ The table below shows the applicability of Windows:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/networkproxy-ddf.md b/windows/client-management/mdm/networkproxy-ddf.md
index 2b5f2798f2..ed25d003b2 100644
--- a/windows/client-management/mdm/networkproxy-ddf.md
+++ b/windows/client-management/mdm/networkproxy-ddf.md
@@ -1,14 +1,14 @@
---
title: NetworkProxy DDF file
description: AppNetworkProxyLocker DDF file
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# NetworkProxy DDF file
diff --git a/windows/client-management/mdm/networkqospolicy-csp.md b/windows/client-management/mdm/networkqospolicy-csp.md
index ddd9b34ad5..5b5d5d930e 100644
--- a/windows/client-management/mdm/networkqospolicy-csp.md
+++ b/windows/client-management/mdm/networkqospolicy-csp.md
@@ -1,14 +1,14 @@
---
title: NetworkQoSPolicy CSP
description: The NetworkQoSPolicy CSP applies the Quality of Service (QoS) policy for Microsoft Surface Hub. This CSP was added in Windows 10, version 1703.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 04/22/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# NetworkQoSPolicy CSP
@@ -19,6 +19,7 @@ The table below shows the applicability of Windows:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/networkqospolicy-ddf.md b/windows/client-management/mdm/networkqospolicy-ddf.md
index 379f5051ca..972f823ac5 100644
--- a/windows/client-management/mdm/networkqospolicy-ddf.md
+++ b/windows/client-management/mdm/networkqospolicy-ddf.md
@@ -1,14 +1,13 @@
---
title: NetworkQoSPolicy DDF
description: View the OMA DM device description framework (DDF) for the NetworkQoSPolicy configuration service provider. DDF files are used only with OMA DM provisioning XML.
-ms.assetid:
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
index 90157cf9e6..fdfb90c836 100644
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@@ -1,17 +1,16 @@
---
title: What's new in MDM enrollment and management
description: Discover what's new and breaking changes in Windows 10 and Windows 11 mobile device management (MDM) enrollment and management experience across all Windows 10 devices.
-MS-HAID:
-- 'p\_phdevicemgmt.mdm\_enrollment\_and\_management\_overview'
-- 'p\_phDeviceMgmt.new\_in\_windows\_mdm\_enrollment\_management'
-ms.assetid: 9C42064F-091C-4901-BC73-9ABE79EE4224
+MS-HAID:
+ - 'p\_phdevicemgmt.mdm\_enrollment\_and\_management\_overview'
+ - 'p\_phDeviceMgmt.new\_in\_windows\_mdm\_enrollment\_management'
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 10/20/2020
---
@@ -89,7 +88,7 @@ For information about EAP Settings, see .
+For more information about extended key usage, see .
For information about adding extended key usage (EKU) to a certificate, see .
@@ -250,7 +249,7 @@ Alternatively you can use the following procedure to create an EAP Configuration
After the MDM client automatically renews the WNS channel URI, the MDM client will immediately check-in with the MDM server. Henceforth, for every MDM client check-in, the MDM server should send a GET request for "ProviderID/Push/ChannelURI" to retrieve the latest channel URI and compare it with the existing channel URI; then update the channel URI if necessary.
-### User provisioning failure in Azure Active Directory joined Windows 10 and Windows 11 devices
+### User provisioning failure in Azure Active Directory-joined Windows 10 and Windows 11 devices
In Azure AD joined Windows 10 and Windows 11, provisioning /.User resources fails when the user isn't logged in as an Azure AD user. If you attempt to join Azure AD from **Settings** > **System** > **About** user interface, ensure to sign out and sign in with Azure AD credentials to get your organizational configuration from your MDM server. This behavior is by design.
@@ -270,7 +269,7 @@ The DM agent for [push-button reset](/windows-hardware/manufacture/desktop/push-
No. Only one MDM is allowed.
-### How do I set the maximum number of Azure Active Directory joined devices per user?
+### How do I set the maximum number of Azure Active Directory-joined devices per user?
1. Sign in to the portal as tenant admin: https://portal.azure.com.
2. Select Active Directory on the left pane.
diff --git a/windows/client-management/mdm/nodecache-csp.md b/windows/client-management/mdm/nodecache-csp.md
index 6509a63fd1..dc9bf7a054 100644
--- a/windows/client-management/mdm/nodecache-csp.md
+++ b/windows/client-management/mdm/nodecache-csp.md
@@ -1,14 +1,13 @@
---
title: NodeCache CSP
description: Use the NodeCache configuration service provider (CSP) to synchronize, monitor, and manage the client cache.
-ms.assetid: b4dd2b0d-79ef-42ac-ab5b-ee07b3097876
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
@@ -20,6 +19,7 @@ The table below shows the applicability of Windows:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/nodecache-ddf-file.md b/windows/client-management/mdm/nodecache-ddf-file.md
index a344d5d843..8fb7117803 100644
--- a/windows/client-management/mdm/nodecache-ddf-file.md
+++ b/windows/client-management/mdm/nodecache-ddf-file.md
@@ -1,14 +1,13 @@
---
title: NodeCache DDF file
description: Learn about the OMA DM device description framework (DDF) for the NodeCache configuration service provider (CSP).
-ms.assetid: d7605098-12aa-4423-89ae-59624fa31236
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/office-csp.md b/windows/client-management/mdm/office-csp.md
index a3435d97ad..5fc7af65c0 100644
--- a/windows/client-management/mdm/office-csp.md
+++ b/windows/client-management/mdm/office-csp.md
@@ -1,14 +1,14 @@
---
title: Office CSP
description: The Office configuration service provider (CSP) enables a Microsoft Office client to be installed on a device. This CSP was added in Windows 10, version 1703.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 08/15/2018
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Office CSP
@@ -19,6 +19,7 @@ The table below shows the applicability of Windows:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/office-ddf.md b/windows/client-management/mdm/office-ddf.md
index dedda7070e..94b6fecffe 100644
--- a/windows/client-management/mdm/office-ddf.md
+++ b/windows/client-management/mdm/office-ddf.md
@@ -1,14 +1,13 @@
---
title: Office DDF
description: This topic shows the OMA DM device description framework (DDF) for the Office configuration service provider. DDF files are used only with OMA DM provisioning XML.
-ms.assetid:
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 08/15/2018
---
diff --git a/windows/client-management/mdm/oma-dm-protocol-support.md b/windows/client-management/mdm/oma-dm-protocol-support.md
index 04d615adff..add5219c9e 100644
--- a/windows/client-management/mdm/oma-dm-protocol-support.md
+++ b/windows/client-management/mdm/oma-dm-protocol-support.md
@@ -1,14 +1,13 @@
---
title: OMA DM protocol support
description: See how the OMA DM client communicates with the server over HTTPS and uses DM Sync (OMA DM v1.2) as the message payload.
-ms.assetid: e882aaae-447e-4bd4-9275-463824da4fa0
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/on-premise-authentication-device-enrollment.md b/windows/client-management/mdm/on-premise-authentication-device-enrollment.md
index 97f5528a43..129f2a8aae 100644
--- a/windows/client-management/mdm/on-premise-authentication-device-enrollment.md
+++ b/windows/client-management/mdm/on-premise-authentication-device-enrollment.md
@@ -1,14 +1,13 @@
---
title: On-premises authentication device enrollment
description: This section provides an example of the mobile device enrollment protocol using on-premises authentication policy.
-ms.assetid: 626AC8B4-7575-4C41-8D59-185D607E3A47
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/passportforwork-csp.md b/windows/client-management/mdm/passportforwork-csp.md
index 145efad2c6..d45249dffe 100644
--- a/windows/client-management/mdm/passportforwork-csp.md
+++ b/windows/client-management/mdm/passportforwork-csp.md
@@ -1,14 +1,13 @@
---
title: PassportForWork CSP
description: The PassportForWork configuration service provider is used to provision Windows Hello for Business (formerly Microsoft Passport for Work).
-ms.assetid: 3BAE4827-5497-41EE-B47F-5C071ADB2C51
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 07/19/2019
---
@@ -20,6 +19,7 @@ The table below shows the applicability of Windows:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/passportforwork-ddf.md b/windows/client-management/mdm/passportforwork-ddf.md
index c8bf22bdf1..5bdaf460f7 100644
--- a/windows/client-management/mdm/passportforwork-ddf.md
+++ b/windows/client-management/mdm/passportforwork-ddf.md
@@ -1,14 +1,13 @@
---
title: PassportForWork DDF
description: View the OMA DM device description framework (DDF) for the PassportForWork configuration service provider. DDF files are used only with OMA DM provisioning XML.
-ms.assetid: A2182898-1577-4675-BAE5-2A3A9C2AAC9B
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 07/29/2019
---
diff --git a/windows/client-management/mdm/personalization-csp.md b/windows/client-management/mdm/personalization-csp.md
index e2a493bd58..465ac4ecd9 100644
--- a/windows/client-management/mdm/personalization-csp.md
+++ b/windows/client-management/mdm/personalization-csp.md
@@ -1,14 +1,14 @@
---
title: Personalization CSP
description: Use the Personalization CSP to lock screen and desktop background images, prevent users from changing the image, and use the settings in a provisioning package.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
-ms.date: 06/26/2017
+author: vinaypamnani-msft
+ms.date: 06/28/2022
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Personalization CSP
@@ -19,6 +19,7 @@ The table below shows the applicability of Windows:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|Yes|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/personalization-ddf.md b/windows/client-management/mdm/personalization-ddf.md
index bc7605048f..80cdb39b9b 100644
--- a/windows/client-management/mdm/personalization-ddf.md
+++ b/windows/client-management/mdm/personalization-ddf.md
@@ -1,14 +1,14 @@
---
title: Personalization DDF file
-description: Learn how to set the OMA DM device description framework (DDF) for the Personalization configuration service provider (CSP).
-ms.author: dansimp
+description: Learn how to set the OMA DM device description framework (DDF) for the Personalization configuration service provider (CSP).
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Personalization DDF file
diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index 96ba99c053..e06e70792f 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -2,12 +2,12 @@
title: ADMX-backed policies in Policy CSP
description: Learn about the ADMX-backed policies in Policy CSP.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 10/08/2020
---
diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md
index fe99b88a1c..55f6a99ca0 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md
@@ -2,12 +2,12 @@
title: Policies in Policy CSP supported by Group Policy
description: Learn about the policies in Policy CSP supported by Group Policy.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 07/18/2019
---
diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md
index 58fffbd813..f70f86e654 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md
@@ -2,12 +2,12 @@
title: Policies in Policy CSP supported by HoloLens (1st gen) Commercial Suite
description: Learn the policies in Policy CSP supported by HoloLens (1st gen) Commercial Suite.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/17/2019
---
diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md
index 7d67b45cd3..102a2eb6bc 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md
@@ -2,12 +2,12 @@
title: Policies in Policy CSP supported by HoloLens (1st gen) Development Edition
description: Learn about the policies in Policy CSP supported by HoloLens (1st gen) Development Edition.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 07/18/2019
---
diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
index 142d9058c1..8687773b6b 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
@@ -2,14 +2,14 @@
title: Policies in Policy CSP supported by HoloLens 2
description: Learn about the policies in Policy CSP supported by HoloLens 2.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
-ms.date: 03/01/2022
+ms.date: 08/01/2022
---
# Policies in Policy CSP supported by HoloLens 2
@@ -50,11 +50,23 @@ ms.date: 03/01/2022
- [DeviceLock/MinDevicePasswordLength](policy-csp-devicelock.md#devicelock-mindevicepasswordlength)
- [Experience/AllowCortana](policy-csp-experience.md#experience-allowcortana)
- [Experience/AllowManualMDMUnenrollment](policy-csp-experience.md#experience-allowmanualmdmunenrollment)
+- [MixedReality/AADGroupMembershipCacheValidityInDays](policy-csp-mixedreality.md#mixedreality-aadgroupmembershipcachevalidityindays)
- [MixedReality/AADGroupMembershipCacheValidityInDays](./policy-csp-mixedreality.md#mixedreality-aadgroupmembershipcachevalidityindays) 9
-- [MixedReality/AutoLogonUser](./policy-csp-mixedreality.md#mixedreality-autologonuser) 10
+- [MixedReality/AllowCaptivePortalBeforeSignIn](./policy-csp-mixedreality.md#mixedreality-allowcaptiveportalpeforesignin) Insider
+- [MixedReality/AllowLaunchUriInSingleAppKiosk](./policy-csp-mixedreality.md#mixedreality-allowlaunchuriinsingleappkiosk)10
+- [MixedReality/AutoLogonUser](./policy-csp-mixedreality.md#mixedreality-autologonuser) 11
- [MixedReality/BrightnessButtonDisabled](./policy-csp-mixedreality.md#mixedreality-brightnessbuttondisabled) 9
+- [MixedReality/ConfigureMovingPlatform](policy-csp-mixedreality.md#mixedreality-configuremovingplatform) *[Feb. 2022 Servicing release](/hololens/hololens-release-notes#windows-holographic-version-21h2---february-2022-update)
+- [MixedReality/ConfigureNtpClient](./policy-csp-mixedreality.md#mixedreality-configurentpclient) Insider
+- [MixedReality/DisallowNetworkConnectivityPassivePolling](./policy-csp-mixedreality.md#mixedreality-disablesisallownetworkconnectivitypassivepolling) Insider
- [MixedReality/FallbackDiagnostics](./policy-csp-mixedreality.md#mixedreality-fallbackdiagnostics) 9
+- [MixedReality/HeadTrackingMode](policy-csp-mixedreality.md#mixedreality-headtrackingmode) 9
+- [MixedReality/ManualDownDirectionDisabled](policy-csp-mixedreality.md#mixedreality-manualdowndirectiondisabled) *[Feb. 2022 Servicing release](/hololens/hololens-release-notes#windows-holographic-version-21h2---february-2022-update)
- [MixedReality/MicrophoneDisabled](./policy-csp-mixedreality.md#mixedreality-microphonedisabled) 9
+- [MixedReality/NtpClientEnabled](./policy-csp-mixedreality.md#mixedreality-ntpclientenabled) Insider
+- [MixedReality/SkipCalibrationDuringSetup](./policy-csp-mixedreality.md#mixedreality-skipcalibrationduringsetup) Insider
+- [MixedReality/SkipTrainingDuringSetup](./policy-csp-mixedreality.md#mixedreality-skiptrainingduringsetup) Insider
+- [MixedReality/VisitorAutoLogon](policy-csp-mixedreality.md#mixedreality-visitorautologon) 10
- [MixedReality/VolumeButtonDisabled](./policy-csp-mixedreality.md#mixedreality-volumebuttondisabled) 9
- [Power/DisplayOffTimeoutOnBattery](./policy-csp-power.md#power-displayofftimeoutonbattery) 9
- [Power/DisplayOffTimeoutPluggedIn](./policy-csp-power.md#power-displayofftimeoutpluggedin) 9
@@ -63,6 +75,7 @@ ms.date: 03/01/2022
- [Power/StandbyTimeoutOnBattery](./policy-csp-power.md#power-standbytimeoutonbattery) 9
- [Power/StandbyTimeoutPluggedIn](./policy-csp-power.md#power-standbytimeoutpluggedin) 9
- [Privacy/AllowInputPersonalization](policy-csp-privacy.md#privacy-allowinputpersonalization)
+- [Privacy/DisablePrivacyExperience](./policy-csp-privacy.md#privacy-disableprivacyexperience) Insider
- [Privacy/LetAppsAccessAccountInfo](policy-csp-privacy.md#privacy-letappsaccessaccountinfo)
- [Privacy/LetAppsAccessAccountInfo_ForceAllowTheseApps](policy-csp-privacy.md#privacy-letappsaccessaccountinfo-forceallowtheseapps)
- [Privacy/LetAppsAccessAccountInfo_ForceDenyTheseApps](policy-csp-privacy.md#privacy-letappsaccessaccountinfo-forcedenytheseapps)
@@ -92,6 +105,11 @@ ms.date: 03/01/2022
- [Settings/AllowVPN](policy-csp-settings.md#settings-allowvpn)
- [Settings/PageVisibilityList](./policy-csp-settings.md#settings-pagevisibilitylist) 9
- [Speech/AllowSpeechModelUpdate](policy-csp-speech.md#speech-allowspeechmodelupdate)
+- [Storage/AllowStorageSenseGlobal](policy-csp-storage.md#storage-allowstoragesenseglobal) Insider
+- [Storage/AllowStorageSenseTemporaryFilesCleanup](policy-csp-storage.md#storage-allowstoragesensetemporaryfilescleanup) Insider
+- [Storage/ConfigStorageSenseCloudContentDehydrationThreshold](policy-csp-storage.md#storage-configstoragesensecloudcontentdehydrationthreshold) Insider
+- [Storage/ConfigStorageSenseDownloadsCleanupThreshold](policy-csp-storage.md#storage-configstoragesensedownloadscleanupthreshold) Insider
+- [Storage/ConfigStorageSenseGlobalCadence](policy-csp-storage.md#storage-configstoragesenseglobalcadence) Insider
- [System/AllowCommercialDataPipeline](policy-csp-system.md#system-allowcommercialdatapipeline)
- [System/AllowLocation](policy-csp-system.md#system-allowlocation)
- [System/AllowStorageCard](policy-csp-system.md#system-allowstoragecard)
@@ -102,13 +120,13 @@ ms.date: 03/01/2022
- [Update/ActiveHoursStart](./policy-csp-update.md#update-activehoursstart) 9
- [Update/AllowAutoUpdate](policy-csp-update.md#update-allowautoupdate)
- [Update/AllowUpdateService](policy-csp-update.md#update-allowupdateservice)
-- [Update/AutoRestartNotificationSchedule](policy-csp-update.md#update-autorestartnotificationschedule) 10
-- [Update/AutoRestartRequiredNotificationDismissal](policy-csp-update.md#update-autorestartrequirednotificationdismissal) 10
+- [Update/AutoRestartNotificationSchedule](policy-csp-update.md#update-autorestartnotificationschedule) 11
+- [Update/AutoRestartRequiredNotificationDismissal](policy-csp-update.md#update-autorestartrequirednotificationdismissal) 11
- [Update/BranchReadinessLevel](policy-csp-update.md#update-branchreadinesslevel)
-- [Update/ConfigureDeadlineForFeatureUpdates](policy-csp-update.md#update-configuredeadlineforfeatureupdates) 10
-- [Update/ConfigureDeadlineForQualityUpdates](policy-csp-update.md#update-configuredeadlineforqualityupdates) 10
-- [Update/ConfigureDeadlineGracePeriod](policy-csp-update.md#update-configuredeadlinegraceperiod) 10
-- [Update/ConfigureDeadlineNoAutoReboot](policy-csp-update.md#update-configuredeadlinenoautoreboot) 10
+- [Update/ConfigureDeadlineForFeatureUpdates](policy-csp-update.md#update-configuredeadlineforfeatureupdates) 11
+- [Update/ConfigureDeadlineForQualityUpdates](policy-csp-update.md#update-configuredeadlineforqualityupdates) 11
+- [Update/ConfigureDeadlineGracePeriod](policy-csp-update.md#update-configuredeadlinegraceperiod) 11
+- [Update/ConfigureDeadlineNoAutoReboot](policy-csp-update.md#update-configuredeadlinenoautoreboot) 11
- [Update/DeferFeatureUpdatesPeriodInDays](policy-csp-update.md#update-deferfeatureupdatesperiodindays)
- [Update/DeferQualityUpdatesPeriodInDays](policy-csp-update.md#update-deferqualityupdatesperiodindays)
- [Update/ManagePreviewBuilds](policy-csp-update.md#update-managepreviewbuilds)
@@ -116,10 +134,10 @@ ms.date: 03/01/2022
- [Update/PauseQualityUpdates](policy-csp-update.md#update-pausequalityupdates)
- [Update/ScheduledInstallDay](policy-csp-update.md#update-scheduledinstallday)
- [Update/ScheduledInstallTime](policy-csp-update.md#update-scheduledinstalltime)
-- [Update/ScheduleImminentRestartWarning](policy-csp-update.md#update-scheduleimminentrestartwarning) 10
-- [Update/ScheduleRestartWarning](policy-csp-update.md#update-schedulerestartwarning) 10
+- [Update/ScheduleImminentRestartWarning](policy-csp-update.md#update-scheduleimminentrestartwarning) 11
+- [Update/ScheduleRestartWarning](policy-csp-update.md#update-schedulerestartwarning) 11
- [Update/SetDisablePauseUXAccess](policy-csp-update.md#update-setdisablepauseuxaccess)
-- [Update/UpdateNotificationLevel](policy-csp-update.md#update-updatenotificationlevel) 10
+- [Update/UpdateNotificationLevel](policy-csp-update.md#update-updatenotificationlevel) 11
- [Wifi/AllowManualWiFiConfiguration](policy-csp-wifi.md#wifi-allowmanualwificonfiguration)
- [Wifi/AllowWiFi](policy-csp-wifi.md#wifi-allowwifi) 8
@@ -133,8 +151,10 @@ Footnotes:
- 6 - Available in Windows 10, version 1903.
- 7 - Available in Windows 10, version 1909.
- 8 - Available in Windows 10, version 2004.
-- 9 - Available in [Windows Holographic, version 20H2](/hololens/hololens-release-notes#windows-holographic-version-20h2)
-- 10 - Available in [Windows Holographic, version 21H2](/hololens/hololens-release-notes#windows-holographic-version-21h2)
+- 9 - Available in [Windows Holographic, version 20H2](/hololens/hololens-release-notes-2004#windows-holographic-version-20h2)
+- 10 - Available in [Windows Holographic, version 21H1](/hololens/hololens-release-notes#windows-holographic-version-21h1)
+- 11 - Available in [Windows Holographic, version 21H2](/hololens/hololens-release-notes#windows-holographic-version-21h2)
+- Insider - Available in our current [HoloLens Insider builds](/hololens/hololens-insider).
## Related topics
diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-core.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-core.md
index 0c5f378ed9..710a6bea37 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-core.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-core.md
@@ -2,12 +2,12 @@
title: Policies in Policy CSP supported by Windows 10 IoT Core
description: Learn about the policies in Policy CSP supported by Windows 10 IoT Core.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/16/2019
---
diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md
index 5ab411d317..128bb7099b 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md
@@ -2,12 +2,12 @@
title: Policies in Policy CSP supported by Microsoft Surface Hub
description: Learn about the policies in Policy CSP supported by Microsoft Surface Hub.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 07/22/2020
---
diff --git a/windows/client-management/mdm/policies-in-policy-csp-that-can-be-set-using-eas.md b/windows/client-management/mdm/policies-in-policy-csp-that-can-be-set-using-eas.md
index 4f12cf7aec..0529c08779 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-that-can-be-set-using-eas.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-that-can-be-set-using-eas.md
@@ -2,12 +2,12 @@
title: Policies in Policy CSP that can be set using Exchange Active Sync (EAS)
description: Learn about the policies in Policy CSP that can be set using Exchange Active Sync (EAS).
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 07/18/2019
---
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 3d9ccc2215..3b79fcf245 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -1,14 +1,13 @@
---
title: Policy CSP
description: Learn how the Policy configuration service provider (CSP) enables the enterprise to configure policies on Windows 10 and Windows 11.
-ms.assetid: 4F3A1134-D401-44FC-A583-6EDD3070BA4F
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 07/18/2019
ms.collection: highpri
@@ -8361,9 +8360,6 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC
@@ -48,6 +51,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -64,12 +68,12 @@ manager: dansimp
-Specifies whether user is allowed to add non-MSA email accounts.
+Specifies whether user is allowed to add email accounts other than Microsoft account.
Most restricted value is 0.
> [!NOTE]
-> This policy will only block UI/UX-based methods for adding non-Microsoft accounts.
+> This policy will only block UI/UX-based methods for adding non-Microsoft accounts.
@@ -92,6 +96,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -109,7 +114,7 @@ The following list shows the supported values:
-Specifies whether the user is allowed to use an MSA account for non-email related connection authentication and services.
+Specifies whether the user is allowed to use a Microsoft account for non-email related connection authentication and services.
Most restricted value is 0.
@@ -134,6 +139,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -154,10 +160,10 @@ The following list shows the supported values:
Added in Windows 10, version 1703. Allows IT Admins the ability to disable the "Microsoft Account Sign-In Assistant" (wlidsvc) NT service.
> [!NOTE]
-> If the MSA service is disabled, Windows Update will no longer offer feature updates to devices running Windows 10 1709 or higher. See [Feature updates are not being offered while other updates are](/windows/deployment/update/windows-update-troubleshooting#feature-updates-are-not-being-offered-while-other-updates-are).
+> If the Microsoft account service is disabled, Windows Update will no longer offer feature updates to devices running Windows 10 1709 or higher. See [Feature updates are not being offered while other updates are](/windows/deployment/update/windows-update-troubleshooting#feature-updates-are-not-being-offered-while-other-updates-are).
> [!NOTE]
-> If the MSA service is disabled, the Subscription Activation feature will not work properly and your users will not be able to “step-up” from Windows 10 Pro to Windows 10 Enterprise, because the MSA ticket for license authentication cannot be generated. The machine will remain on Windows 10 Pro and no error will be displayed in the Activation Settings app.
+> If the Microsoft account service is disabled, the Subscription Activation feature will not work properly and your users will not be able to “step-up” from Windows 10 Pro to Windows 10 Enterprise, because the Microsoft account ticket for license authentication cannot be generated. The machine will remain on Windows 10 Pro and no error will be displayed in the Activation Settings app.
@@ -180,6 +186,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -207,6 +214,48 @@ The following list shows the supported values:
+
+
+**Accounts/RestrictToEnterpriseDeviceAuthenticationOnly**
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|Yes|
+|Business|No|Yes|
+|Enterprise|No|Yes|
+|Education|No|Yes|
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 11, version 22H2. This setting determines whether to only allow enterprise device authentication for the Microsoft Account Sign-in Assistant service (wlidsvc). By default, this setting is disabled and allows both user and device authentication. When the value is set to 1, we only allow device authentication and block user authentication.
+
+Most restricted value is 1.
+
+
+
+The following list shows the supported values:
+
+- 0 (default) - Allow both device and user authentication.
+- 1 - Only allow device authentication. Block user authentication.
+
+
+
+
+
diff --git a/windows/client-management/mdm/policy-csp-activexcontrols.md b/windows/client-management/mdm/policy-csp-activexcontrols.md
index 206b52f009..572eef454e 100644
--- a/windows/client-management/mdm/policy-csp-activexcontrols.md
+++ b/windows/client-management/mdm/policy-csp-activexcontrols.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ActiveXControls
description: Learn about various Policy configuration service provider (CSP) - ActiveXControls settings, including SyncML, for Windows 10.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ActiveXControls
@@ -45,6 +45,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md b/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md
index bc9d52e929..05cbc1fcee 100644
--- a/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md
+++ b/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_ActiveXInstallService
description: Learn about the Policy CSP - ADMX_ActiveXInstallService.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 11/09/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_ActiveXInstallService
@@ -45,6 +45,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md b/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md
index c31c112030..cf5b1966c0 100644
--- a/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md
+++ b/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_AddRemovePrograms
description: Learn about the Policy CSP - ADMX_AddRemovePrograms.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 08/13/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_AddRemovePrograms
@@ -129,10 +129,11 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|||
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
-|Education|||
+|Education|Yes|Yes|
@@ -186,8 +187,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -244,8 +246,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -303,8 +306,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -358,8 +362,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -413,8 +418,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -469,8 +475,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -524,8 +531,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -582,8 +590,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -639,8 +648,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-admx-admpwd.md b/windows/client-management/mdm/policy-csp-admx-admpwd.md
index f8dee79bd9..5dd95ce744 100644
--- a/windows/client-management/mdm/policy-csp-admx-admpwd.md
+++ b/windows/client-management/mdm/policy-csp-admx-admpwd.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_AdmPwd
description: Learn about the Policy CSP - ADMX_AdmPwd.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 11/09/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_AdmPwd
@@ -54,6 +54,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -96,6 +97,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -141,6 +143,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -186,6 +189,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-admx-appcompat.md b/windows/client-management/mdm/policy-csp-admx-appcompat.md
index 09fc5c811d..ecdf4b38bf 100644
--- a/windows/client-management/mdm/policy-csp-admx-appcompat.md
+++ b/windows/client-management/mdm/policy-csp-admx-appcompat.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_AppCompat
description: Policy CSP - ADMX_AppCompat
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 08/20/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_AppCompat
@@ -76,8 +76,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -129,8 +130,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -176,8 +178,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -227,8 +230,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -278,8 +282,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -332,8 +337,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -375,8 +381,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -425,8 +432,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -474,8 +482,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md b/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md
index 7dc13ae3e1..3e30dc883a 100644
--- a/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md
+++ b/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_AppxPackageManager
description: Learn about the Policy CSP - ADMX_AppxPackageManager.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 11/10/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_AppxPackageManager
@@ -43,8 +43,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-admx-appxruntime.md b/windows/client-management/mdm/policy-csp-admx-appxruntime.md
index 4095c01ad1..786dc5626b 100644
--- a/windows/client-management/mdm/policy-csp-admx-appxruntime.md
+++ b/windows/client-management/mdm/policy-csp-admx-appxruntime.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_AppXRuntime
description: Learn about the Policy CSP - ADMX_AppXRuntime.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 11/10/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_AppXRuntime
@@ -52,8 +52,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -98,8 +99,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -144,8 +146,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -192,8 +195,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md b/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md
index a54fcdbac7..0b7733a5a2 100644
--- a/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md
+++ b/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_AttachmentManager
description: Learn about the Policy CSP - ADMX_AttachmentManager.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 11/10/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_AttachmentManager
@@ -55,8 +55,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -106,8 +107,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes
@@ -157,8 +159,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -204,8 +207,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -251,8 +255,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-admx-auditsettings.md b/windows/client-management/mdm/policy-csp-admx-auditsettings.md
index c55966c2f8..d3fbdfca47 100644
--- a/windows/client-management/mdm/policy-csp-admx-auditsettings.md
+++ b/windows/client-management/mdm/policy-csp-admx-auditsettings.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_AuditSettings
description: Learn about the Policy CSP - ADMX_AuditSettings.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 08/13/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_AuditSettings.
@@ -43,8 +43,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-admx-bits.md b/windows/client-management/mdm/policy-csp-admx-bits.md
index 5aaff2305b..52c73b763f 100644
--- a/windows/client-management/mdm/policy-csp-admx-bits.md
+++ b/windows/client-management/mdm/policy-csp-admx-bits.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_Bits
description: Learn about the Policy CSP - ADMX_Bits.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 10/20/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_Bits
@@ -82,8 +82,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -130,8 +131,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -179,8 +181,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -229,8 +232,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -278,8 +282,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -330,8 +335,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -381,8 +387,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -429,8 +436,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -477,8 +485,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -525,8 +534,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -575,8 +585,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -624,8 +635,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -673,8 +685,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -722,8 +735,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md b/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md
index 91b1d7c6aa..86f2b2d508 100644
--- a/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md
+++ b/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_CipherSuiteOrder
description: Learn about the Policy CSP - ADMX_CipherSuiteOrder.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 08/17/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_CipherSuiteOrder
@@ -46,8 +46,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -96,8 +97,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-admx-com.md b/windows/client-management/mdm/policy-csp-admx-com.md
index 45c2e3e28b..8426131fb5 100644
--- a/windows/client-management/mdm/policy-csp-admx-com.md
+++ b/windows/client-management/mdm/policy-csp-admx-com.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_COM
description: Learn about the Policy CSP - ADMX_COM.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 08/18/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_COM
@@ -46,8 +46,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -98,8 +99,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-admx-controlpanel.md b/windows/client-management/mdm/policy-csp-admx-controlpanel.md
index 8f008a5bcd..55e7b8a33f 100644
--- a/windows/client-management/mdm/policy-csp-admx-controlpanel.md
+++ b/windows/client-management/mdm/policy-csp-admx-controlpanel.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_ControlPanel
description: Learn about the Policy CSP - ADMX_ControlPanel.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 11/05/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_ControlPanel
@@ -52,8 +52,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -108,8 +109,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -159,8 +161,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -217,8 +220,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md b/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md
index e8e6178c75..637df89faf 100644
--- a/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md
+++ b/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_ControlPanelDisplay
description: Learn about the Policy CSP - ADMX_ControlPanelDisplay.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 11/05/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_ControlPanelDisplay
@@ -112,8 +112,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -158,8 +159,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -202,8 +204,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -249,8 +252,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -297,8 +301,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -342,8 +347,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -391,8 +397,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -442,8 +449,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -487,8 +495,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -532,8 +541,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -581,8 +591,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -628,8 +639,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -680,8 +692,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -727,8 +740,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -772,8 +786,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -817,8 +832,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -860,8 +876,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -905,8 +922,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -950,8 +968,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1002,8 +1021,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1055,8 +1075,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1107,8 +1128,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1152,8 +1174,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1206,8 +1229,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-admx-cpls.md b/windows/client-management/mdm/policy-csp-admx-cpls.md
index 19f04975a7..b7c40099e2 100644
--- a/windows/client-management/mdm/policy-csp-admx-cpls.md
+++ b/windows/client-management/mdm/policy-csp-admx-cpls.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_Cpls
-description: Policy CSP - ADMX_Cpls
-ms.author: dansimp
+description: Learn about the Policy CSP - ADMX_Cpls.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 08/26/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_Cpls
@@ -43,8 +43,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -64,7 +65,7 @@ manager: dansimp
This policy setting allows an administrator to standardize the account pictures for all users on a system to the default account picture. One application for this policy setting is to standardize the account pictures to a company logo.
> [!NOTE]
-> The default account picture is stored at %PROGRAMDATA%\Microsoft\User Account Pictures\user.jpg. The default guest picture is stored at %PROGRAMDATA%\Microsoft\User Account Pictures\guest.jpg. If the default pictures do not exist, an empty frame is displayed.
+> The default account picture is stored at `%PROGRAMDATA%\Microsoft\User Account Pictures\user.jpg.` The default guest picture is stored at `%PROGRAMDATA%\Microsoft\User Account Pictures\guest.jpg.` If the default pictures do not exist, an empty frame is displayed.
If you enable this policy setting, the default user account picture will display for all users on the system with no customization allowed.
@@ -84,6 +85,8 @@ ADMX Info:
-
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-credentialproviders.md b/windows/client-management/mdm/policy-csp-admx-credentialproviders.md
index 92381f92cc..b72ed7c028 100644
--- a/windows/client-management/mdm/policy-csp-admx-credentialproviders.md
+++ b/windows/client-management/mdm/policy-csp-admx-credentialproviders.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_CredentialProviders
-description: Policy CSP - ADMX_CredentialProviders
-ms.author: dansimp
+description: Learn about the Policy CSP - ADMX_CredentialProviders.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 11/11/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_CredentialProviders
@@ -50,8 +50,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -100,8 +101,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -122,7 +124,7 @@ This policy setting allows the administrator to assign a specified credential pr
If you enable this policy setting, the specified credential provider is selected on other user tile.
-If you disable or do not configure this policy setting, the system picks the default credential provider on other user tile.
+If you disable or don't configure this policy setting, the system picks the default credential provider on other user tile.
> [!NOTE]
> A list of registered credential providers and their GUIDs can be found in the registry at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers.
@@ -149,8 +151,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -190,4 +193,8 @@ ADMX Info:
-
\ No newline at end of file
+
+
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-credssp.md b/windows/client-management/mdm/policy-csp-admx-credssp.md
index 18929d3fd6..fb4a63852b 100644
--- a/windows/client-management/mdm/policy-csp-admx-credssp.md
+++ b/windows/client-management/mdm/policy-csp-admx-credssp.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_CredSsp
-description: Policy CSP - ADMX_CredSsp
-ms.author: dansimp
+description: Learn about the Policy CSP - ADMX_CredSsp.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 11/12/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_CredSsp
@@ -73,8 +73,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -130,8 +131,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -191,8 +193,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -247,8 +250,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -305,8 +309,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -363,8 +368,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -421,8 +427,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -479,8 +486,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -535,8 +543,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -591,8 +600,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -647,8 +657,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -699,3 +710,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-credui.md b/windows/client-management/mdm/policy-csp-admx-credui.md
index a62ce22ddd..68623bfc04 100644
--- a/windows/client-management/mdm/policy-csp-admx-credui.md
+++ b/windows/client-management/mdm/policy-csp-admx-credui.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_CredUI
-description: Policy CSP - ADMX_CredUI
-ms.author: dansimp
+description: Learn about the Policy CSP - ADMX_CredUI.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 11/09/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_CredUI
@@ -46,8 +46,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -67,7 +68,7 @@ manager: dansimp
This policy setting requires the user to enter Microsoft Windows credentials using a trusted path, to prevent a Trojan horse or other types of malicious code from stealing the user’s Windows credentials.
> [!NOTE]
-> This policy affects nonlogon authentication tasks only. As a security best practice, this policy should be enabled.
+> This policy affects non-logon authentication tasks only. As a security best practice, this policy should be enabled.
If you enable this policy setting, users will be required to enter Windows credentials on the Secure Desktop through the trusted path mechanism.
@@ -94,8 +95,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -129,3 +131,6 @@ ADMX Info:
<
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md b/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md
index 89ce54faf5..0d6a23d272 100644
--- a/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md
+++ b/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_CtrlAltDel
-description: Policy CSP - ADMX_CtrlAltDel
-ms.author: dansimp
+description: Learn about the Policy CSP - ADMX_CtrlAltDel.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 08/26/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_CtrlAltDel
@@ -52,8 +52,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -74,7 +75,7 @@ This policy setting prevents users from changing their Windows password on deman
If you enable this policy setting, the **Change Password** button on the Windows Security dialog box won't appear when you press Ctrl+Alt+Del.
-However, users are still able to change their password when prompted by the system. The system prompts users for a new password when an administrator requires a new password or their password is expiring.
+However, users will still be able to change their password when prompted by the system. The system prompts users for a new password when an administrator requires a new password or their password is expiring.
@@ -99,8 +100,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -148,8 +150,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -195,8 +198,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -215,11 +219,11 @@ ADMX Info:
This policy setting disables or removes all menu items and buttons that log the user off the system.
-If you enable this policy setting, users won't see the Log off menu item when they press Ctrl+Alt+Del. This scenario will prevent them from logging off unless they restart or shut down the computer, or clicking Log off from the Start menu.
+If you enable this policy setting, users won't see the Logoff menu item when they press Ctrl+Alt+Del. This scenario will prevent them from logging off unless they restart or shut down the computer, or clicking Log off from the Start menu.
Also, see the 'Remove Logoff on the Start Menu' policy setting.
-If you disable or don't configure this policy setting, users can see and select the Log off menu item when they press Ctrl+Alt+Del.
+If you disable or don't configure this policy setting, users can see and select the Logoff menu item when they press Ctrl+Alt+Del.
@@ -237,3 +241,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-datacollection.md b/windows/client-management/mdm/policy-csp-admx-datacollection.md
index 33f7687705..18b990f41a 100644
--- a/windows/client-management/mdm/policy-csp-admx-datacollection.md
+++ b/windows/client-management/mdm/policy-csp-admx-datacollection.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_DataCollection
-description: Policy CSP - ADMX_DataCollection
-ms.author: dansimp
+description: Learn about the Policy CSP - ADMX_DataCollection.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/01/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_DataCollection
@@ -43,8 +43,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -86,3 +87,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-dcom.md b/windows/client-management/mdm/policy-csp-admx-dcom.md
index 510d934391..f826ec41b1 100644
--- a/windows/client-management/mdm/policy-csp-admx-dcom.md
+++ b/windows/client-management/mdm/policy-csp-admx-dcom.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_DCOM
-description: Policy CSP - ADMX_DCOM
-ms.author: dansimp
+description: Learn about the Policy CSP - ADMX_DCOM.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: nimishasatapathy
+author: vinaypamnani-msft
ms.date: 09/08/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_DCOM
@@ -46,8 +46,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -66,9 +67,10 @@ manager: dansimp
This policy setting allows you to specify that local computer administrators can supplement the "Define Activation Security Check exemptions" list.
-- If you enable this policy setting, and DCOM doesn't find an explicit entry for a DCOM server application ID (appid) in the "Define Activation Security Check exemptions" policy (if enabled). Then DCOM will look for an entry in the locally configured list.
+If you enable this policy setting, and DCOM doesn't find an explicit entry for a DCOM server application ID (appid) in the "Define Activation Security Check exemptions" policy (if enabled). Then DCOM will look for an entry in the locally configured list.
+
+If you disable this policy setting, DCOM won't look in the locally configured DCOM activation security check exemption list.
-- If you disable this policy setting, DCOM won't look in the locally configured DCOM activation security check exemption list.
If you don't configure this policy setting, DCOM will only look in the locally configured exemption list if the "Define Activation Security Check exemptions" policy isn't configured.
> [!NOTE]
@@ -95,8 +97,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -120,14 +123,20 @@ DCOM server application IDs added to this policy must be listed in curly brace f
For example, `{b5dcb061-cefb-42e0-a1be-e6a6438133fe}`.
If you enter a non-existent or improperly formatted application, ID DCOM will add it to the list without checking for errors.
-- If you enable this policy setting, you can view and change the list of DCOM activation security check exemptions defined by Group Policy settings.
If you add an application ID to this list and set its value to one, DCOM won't enforce the Activation security check for that DCOM server.
If you add an application ID to this list and set its value to 0, DCOM will always enforce the Activation security check for that DCOM server regardless of local
-settings.
-- If you disable this policy setting, the application ID exemption list defined by Group Policy is deleted, and the one defined by local computer administrators is used.
+settings.
-If you don't configure this policy setting, the application ID exemption list defined by local computer administrators is used. Notes: The DCOM Activation security check is done after a DCOM server process is started, but before an object activation request is dispatched to the server process.
+If you enable this policy setting, you can view and change the list of DCOM activation security check exemptions defined by Group Policy settings.
+
+If you disable this policy setting, the application ID exemption list defined by Group Policy is deleted, and the one defined by local computer administrators is used.
+
+If you don't configure this policy setting, the application ID exemption list defined by local computer administrators is used.
+
+>[!Note]
+> The DCOM Activation security check is done after a DCOM server process is started, but before an object activation request is dispatched to the server process.
+
This access check is done against the DCOM server's custom launch permission security descriptor if it exists, or otherwise against the configured defaults. If the DCOM server's custom launch permission contains explicit DENY entries, then the object activations that would have previously succeeded for such specified users, once the DCOM server process was up and running, might now fail instead.
The proper action in this situation is to reconfigure the DCOM server's custom launch permission settings for correct security settings, but this policy setting may be used in the short term as an application compatibility deployment aid.
@@ -154,3 +163,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-desktop.md b/windows/client-management/mdm/policy-csp-admx-desktop.md
index a7ea8ccda9..c18835be26 100644
--- a/windows/client-management/mdm/policy-csp-admx-desktop.md
+++ b/windows/client-management/mdm/policy-csp-admx-desktop.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_Desktop
-description: Policy CSP - ADMX_Desktop
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_Desktop.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/02/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_Desktop
@@ -127,8 +127,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -175,8 +176,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -225,8 +227,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -273,8 +276,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -321,8 +325,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -370,8 +375,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -413,8 +419,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -459,8 +466,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -508,8 +516,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -552,8 +561,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -603,8 +613,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -653,8 +664,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -700,8 +712,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -746,8 +759,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -776,7 +790,6 @@ If you disable or don't configure this policy setting, the Properties menu comma
-
ADMX Info:
- GP Friendly name: *Remove Properties from the Documents icon context menu*
@@ -796,8 +809,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -842,8 +856,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -890,8 +905,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -936,8 +952,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -980,8 +997,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1025,8 +1043,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1077,8 +1096,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1122,8 +1142,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1171,8 +1192,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1219,8 +1241,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1263,8 +1286,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1310,8 +1334,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1362,8 +1387,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1414,8 +1440,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1463,8 +1490,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1501,3 +1529,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-devicecompat.md b/windows/client-management/mdm/policy-csp-admx-devicecompat.md
index b1ccc54155..b2ca71c22d 100644
--- a/windows/client-management/mdm/policy-csp-admx-devicecompat.md
+++ b/windows/client-management/mdm/policy-csp-admx-devicecompat.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_DeviceCompat
-description: Policy CSP - ADMX_DeviceCompat
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_DeviceCompat.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: nimishasatapathy
+author: vinaypamnani-msft
ms.date: 08/09/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_DeviceCompat
@@ -45,8 +45,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -86,8 +87,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -104,7 +106,7 @@ ADMX Info:
-Changes behavior of third-party drivers to work around incompatibilities introduced between OS versions.
+Changes behavior of third-party drivers to work around incompatibilities introduced between OS versions.
@@ -118,4 +120,8 @@ ADMX Info:
-
\ No newline at end of file
+
+
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-deviceguard.md b/windows/client-management/mdm/policy-csp-admx-deviceguard.md
index 5ac4d423c2..d39a25209b 100644
--- a/windows/client-management/mdm/policy-csp-admx-deviceguard.md
+++ b/windows/client-management/mdm/policy-csp-admx-deviceguard.md
@@ -1,19 +1,22 @@
---
title: Policy CSP - ADMX_DeviceGuard
-description: Policy CSP - ADMX_DeviceGuard
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_DeviceGuard.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/08/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_DeviceGuard
+> [!WARNING]
+> Group Policy-based deployment of Windows Defender Application Control policies only supports single-policy format WDAC policies. To use WDAC on devices running Windows 10 1903 and greater, or Windows 11, we recommend using an alternative method for [policy deployment](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide).
+
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
@@ -43,8 +46,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -68,11 +72,12 @@ If you deploy a Code Integrity Policy, Windows will restrict what can run in bot
To enable this policy, the machine must be rebooted.
The file path must be either a UNC path (for example, `\\ServerName\ShareName\SIPolicy.p7b`),
or a locally valid path (for example, `C:\FolderName\SIPolicy.p7b)`.
-
+
The local machine account (LOCAL SYSTEM) must have access permission to the policy file.
-If using a signed and protected policy, then disabling this policy setting doesn't remove the feature from the computer. Instead, you must either:
-1. First update the policy to a non-protected policy and then disable the setting.
-2. Disable the setting and then remove the policy from each computer, with a physically present user.
+If using a signed and protected policy, then disabling this policy setting doesn't remove the feature from the computer. Instead, you must either:
+
+- First update the policy to a non-protected policy and then disable the setting. (or)
+- Disable the setting and then remove the policy from each computer, with a physically present user.
@@ -89,3 +94,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md b/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md
index 62efd762ae..1da8e03482 100644
--- a/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md
+++ b/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_DeviceInstallation
-description: Policy CSP - ADMX_DeviceInstallation
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_DeviceInstallation.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 11/19/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_DeviceInstallation
@@ -64,8 +64,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -110,8 +111,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -156,8 +158,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -202,8 +205,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -248,8 +252,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -272,7 +277,8 @@ If you enable this policy setting, set the number of seconds you want the system
If you disable or don't configure this policy setting, the system doesn't force a reboot.
-Note: If no reboot is forced, the device installation restriction right won't take effect until the system is restarted.
+>[!Note]
+> If no reboot is forced, the device installation restriction right won't take effect until the system is restarted.
@@ -296,8 +302,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -341,8 +348,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -387,8 +395,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -426,4 +435,8 @@ ADMX Info:
-
\ No newline at end of file
+
+
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-devicesetup.md b/windows/client-management/mdm/policy-csp-admx-devicesetup.md
index c54fe1375e..d4559a5746 100644
--- a/windows/client-management/mdm/policy-csp-admx-devicesetup.md
+++ b/windows/client-management/mdm/policy-csp-admx-devicesetup.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_DeviceSetup
-description: Policy CSP - ADMX_DeviceSetup
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_DeviceSetup.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 11/19/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_DeviceSetup
@@ -46,8 +46,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -92,8 +93,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -114,7 +116,10 @@ This policy setting allows you to specify the order in which Windows searches so
If you enable this policy setting, you can select whether Windows searches for drivers on Windows Update unconditionally, only if necessary, or not at all.
-Searching always implies that Windows will attempt to search Windows Update exactly one time. With this setting, Windows won't continually search for updates. This setting is used to ensure that the best software will be found for the device, even if the network is temporarily available. If the setting for searching only if needed is specified, then Windows will search for a driver only if a driver isn't locally available on the system.
+>[!Note]
+> Searching always implies that Windows will attempt to search Windows Update exactly one time. With this setting, Windows won't continually search for updates.
+
+This setting is used to ensure that the best software will be found for the device, even if the network is temporarily available. If the setting for searching is enabled and only when needed is specified, then Windows will search for a driver only if a driver isn't locally available on the system.
If you disable or don't configure this policy setting, members of the Administrators group can determine the priority order in which Windows searches source locations for device drivers.
@@ -133,3 +138,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-dfs.md b/windows/client-management/mdm/policy-csp-admx-dfs.md
index 49774e691d..3a36dd326e 100644
--- a/windows/client-management/mdm/policy-csp-admx-dfs.md
+++ b/windows/client-management/mdm/policy-csp-admx-dfs.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_DFS
-description: Policy CSP - ADMX_DFS
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_DFS.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: nimishasatapathy
+author: vinaypamnani-msft
ms.date: 09/08/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_DFS
@@ -42,8 +42,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -63,10 +64,9 @@ manager: dansimp
This policy setting allows you to configure how often a Distributed File System (DFS) client attempts to discover domain controllers on a network.
By default, a DFS client attempts to discover domain controllers every 15 minutes.
-- If you enable this policy setting, you can configure how often a DFS client attempts to discover domain controllers.
-This value is specified in minutes.
+If you enable this policy setting, you can configure how often a DFS client attempts to discover domain controllers. This value is specified in minutes.
-- If you disable or do not configure this policy setting, the default value of 15 minutes applies.
+If you disable or don't configure this policy setting, the default value of 15 minutes applies.
> [!NOTE]
> The minimum value you can select is 15 minutes. If you try to set this setting to a value less than 15 minutes, the default value of 15 minutes is applied.
@@ -87,3 +87,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-digitallocker.md b/windows/client-management/mdm/policy-csp-admx-digitallocker.md
index fafc357e89..4cb25e95d8 100644
--- a/windows/client-management/mdm/policy-csp-admx-digitallocker.md
+++ b/windows/client-management/mdm/policy-csp-admx-digitallocker.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_DigitalLocker
-description: Policy CSP - ADMX_DigitalLocker
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_DigitalLocker.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 08/31/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_DigitalLocker
@@ -46,8 +46,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -74,7 +75,6 @@ If you disable or don't configure this setting, Digital Locker can be run.
-
ADMX Info:
- GP Friendly name: *Do not allow Digital Locker to run*
@@ -94,8 +94,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -137,3 +138,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md b/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md
index 312e6550d5..9262266a8d 100644
--- a/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md
+++ b/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_DiskDiagnostic
-description: Policy CSP - ADMX_DiskDiagnostic
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_DiskDiagnostic.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: nimishasatapathy
+author: vinaypamnani-msft
ms.date: 09/08/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_DiskDiagnostic
@@ -46,8 +46,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -66,12 +67,13 @@ manager: dansimp
This policy setting substitutes custom alert text in the disk diagnostic message shown to users when a disk reports a S.M.A.R.T. fault.
-- If you enable this policy setting, Windows displays custom alert text in the disk diagnostic message. The custom text may not exceed 512 characters.
-- If you disable or do not configure this policy setting, Windows displays the default alert text in the disk diagnostic message.
+If you enable this policy setting, Windows displays custom alert text in the disk diagnostic message. The custom text may not exceed 512 characters.
-No reboots or service restarts are required for this policy setting to take effect: changes take effect immediately.
+If you disable or don't configure this policy setting, Windows displays the default alert text in the disk diagnostic message.
-This policy setting only takes effect if the Disk Diagnostic scenario policy setting is enabled or not configured and the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled, diagnostic scenarios are not executed.
+No reboots or service restarts are required for this policy setting to take effect, whereas changes take effect immediately.
+
+This policy setting only takes effect if the Disk Diagnostic scenario policy setting is enabled or not configured and the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled, diagnostic scenarios aren't executed.
The DPS can be configured with the Services snap-in to the Microsoft Management Console.
> [!NOTE]
@@ -99,8 +101,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -121,12 +124,15 @@ This policy setting determines the execution level for S.M.A.R.T.-based disk dia
Self-Monitoring And Reporting Technology (S.M.A.R.T.) is a standard mechanism for storage devices to report faults to Windows. A disk that reports a S.M.A.R.T. fault may need to be repaired or replaced. The Diagnostic Policy Service (DPS) detects and logs S.M.A.R.T. faults to the event log when they occur.
-- If you enable this policy setting, the DPS also warns users of S.M.A.R.T. faults and guides them through backup and recovery to minimize potential data loss.
-- If you disable this policy, S.M.A.R.T. faults are still detected and logged, but no corrective action is taken.
-- If you do not configure this policy setting, the DPS enables S.M.A.R.T. fault resolution by default. This policy setting takes effect only if the diagnostics-wide scenario execution policy is not configured.
+If you enable this policy setting, the DPS also warns users of S.M.A.R.T. faults and guides them through backup and recovery to minimize potential data loss.
-No reboots or service restarts are required for this policy setting to take effect: changes take effect immediately.
-This policy setting takes effect only when the DPS is in the running state. When the service is stopped or disabled, diagnostic scenarios are not executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console.
+If you disable this policy, S.M.A.R.T. faults are still detected and logged, but no corrective action is taken.
+
+If you don't configure this policy setting, the DPS enables S.M.A.R.T. fault resolution by default. This policy setting takes effect only if the diagnostics-wide scenario execution policy isn't configured.
+
+No reboots or service restarts are required for this policy setting to take effect, whereas changes take effect immediately.
+
+This policy setting takes effect only when the DPS is in the running state. When the service is stopped or disabled, diagnostic scenarios aren't executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console.
> [!NOTE]
> For Windows Server systems, this policy setting applies only if the Desktop Experience optional component is installed and the Remote Desktop Services role is not installed.
@@ -147,3 +153,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-disknvcache.md b/windows/client-management/mdm/policy-csp-admx-disknvcache.md
index 6e82fec127..92b5a4725e 100644
--- a/windows/client-management/mdm/policy-csp-admx-disknvcache.md
+++ b/windows/client-management/mdm/policy-csp-admx-disknvcache.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_DiskNVCache
-description: Policy CSP - ADMX_DiskNVCache
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_DiskNVCache.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 08/12/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_DiskNVCache
@@ -49,8 +49,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -71,7 +72,6 @@ This policy setting turns off the boot and resumes optimizations for the hybrid
If you enable this policy setting, the system doesn't use the non-volatile (NV) cache to optimize boot and resume.
-If you disable this policy setting, the system uses the NV cache to achieve faster boot and resume.
The system determines the data that will be stored in the NV cache to optimize boot and resume.
The required data is stored in the NV cache during shutdown and hibernate, respectively. This storage in such a location might cause a slight increase in the time taken for shutdown and hibernate. If you don't configure this policy setting, the default behavior is observed and the NV cache is used for boot and resume optimizations.
@@ -97,8 +97,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -125,8 +126,6 @@ If you disable this policy setting, the system will manage the NV cache on the d
This policy setting will take effect on next boot. If you don't configure this policy setting, the default behavior is to turn on support for the NV cache.
-
-
@@ -148,8 +147,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -172,7 +172,10 @@ If you enable this policy setting, frequently written files such as the file sys
If you disable this policy setting, the system will store frequently written data into the non-volatile (NV) cache. This storage allows the system to exclusively run out of the NV cache and power down the disk for longer periods to save power.
-This usage can cause increased wear of the NV cache. If you don't configure this policy setting, the default behavior of the system is observed and frequently written files will be stored in the NV cache. Note: This policy setting is applicable only if the NV cache feature is on.
+This can cause increased wear of the NV cache. If you don't configure this policy setting, the default behavior of the system is observed and frequently written files will be stored in the NV cache.
+
+>[!Note]
+> This policy setting is applicable only if the NV cache feature is on.
@@ -192,3 +195,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-diskquota.md b/windows/client-management/mdm/policy-csp-admx-diskquota.md
index 5982c438b4..bc75db6e4a 100644
--- a/windows/client-management/mdm/policy-csp-admx-diskquota.md
+++ b/windows/client-management/mdm/policy-csp-admx-diskquota.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_DiskQuota
-description: Policy CSP - ADMX_DiskQuota
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_DiskQuota.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 08/12/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_DiskQuota
@@ -59,8 +59,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -104,8 +105,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -158,8 +160,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -210,8 +213,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -260,8 +264,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -310,8 +315,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -354,3 +360,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md b/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md
index ff67fc4f25..7efbc6544a 100644
--- a/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md
+++ b/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_DistributedLinkTracking
-description: Policy CSP - ADMX_DistributedLinkTracking
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_DistributedLinkTracking.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 03/22/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_DistributedLinkTracking
@@ -43,8 +43,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -61,8 +62,10 @@ manager: dansimp
-This policy specifies that Distributed Link Tracking clients in this domain may use the Distributed Link Tracking (DLT) server, which runs on domain controllers.
-The DLT client enables programs to track linked files that are moved within an NTFS volume, to another NTFS volume on the same computer, or to an NTFS volume on another computer.
+This policy specifies that Distributed Link Tracking clients in this domain may use the Distributed Link Tracking (DLT) server, which runs on domain controllers.
+
+The DLT client enables programs to track linked files that are moved within an NTFS volume, to another NTFS volume on the same computer, or to an NTFS volume on another computer.
+
The DLT client can more reliably track links when allowed to use the DLT server.
This policy shouldn't be set unless the DLT server is running on all domain controllers in the domain.
@@ -85,3 +88,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-dnsclient.md b/windows/client-management/mdm/policy-csp-admx-dnsclient.md
index 8410109042..8af9f82bc0 100644
--- a/windows/client-management/mdm/policy-csp-admx-dnsclient.md
+++ b/windows/client-management/mdm/policy-csp-admx-dnsclient.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_DnsClient
-description: Policy CSP - ADMX_DnsClient
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_DnsClient.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 08/12/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_DnsClient
@@ -105,8 +105,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -150,8 +151,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -203,8 +205,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -249,8 +252,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -313,8 +317,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -359,8 +364,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -405,8 +411,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -453,8 +460,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -502,8 +510,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -554,8 +563,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -580,7 +590,8 @@ If you enable this policy setting, a computer will register A and PTR resource r
For example, with a computer name of mycomputer, a primary DNS suffix of microsoft.com, and a connection specific DNS suffix of VPNconnection, a computer will register A and PTR resource records for mycomputer.VPNconnection and mycomputer.microsoft.com when this policy setting is enabled.
-Important: This policy setting is ignored on a DNS client computer if dynamic DNS registration is disabled.
+>[!Important]
+> This policy setting is ignored on a DNS client computer if dynamic DNS registration is disabled.
If you disable this policy setting, or if you don't configure this policy setting, a DNS client computer won't register any A and PTR resource records using a connection-specific DNS suffix.
@@ -605,8 +616,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -631,7 +643,7 @@ If you enable this policy setting, registration of PTR records will be determine
To use this policy setting, click Enabled, and then select one of the following options from the drop-down list:
-- don't register: Computers won't attempt to register PTR resource records
+- Do not register: Computers won't attempt to register PTR resource records
- Register: Computers will attempt to register PTR resource records even if registration of the corresponding A records wasn't successful.
- Register only if A record registration succeeds: Computers will attempt to register PTR resource records only if registration of the corresponding A records was successful.
@@ -658,8 +670,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -704,8 +717,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -726,11 +740,11 @@ This policy setting specifies whether dynamic updates should overwrite existing
This policy setting is designed for computers that register address (A) resource records in DNS zones that don't use Secure Dynamic Updates. Secure Dynamic Update preserves ownership of resource records and doesn't allow a DNS client to overwrite records that are registered by other computers.
-During dynamic update of resource records in a zone that doesn't use Secure Dynamic Updates, an A resource record might exist that associates the client's host name with an IP address different than the one currently in use by the client. By default, the DNS client attempts to replace the existing A resource record with an A resource record that has the client's current IP address.
+During dynamic update of resource records in a zone that doesn't use Secure Dynamic Updates, an A resource record might exist that associates the client's host name with an IP address different than the one currently in use by the client. By default, the DNS client attempts to replace the existing (A) resource record with an (A) resource record that has the client's current IP address.
-If you enable this policy setting or if you don't configure this policy setting, DNS clients maintain their default behavior and will attempt to replace conflicting A resource records during dynamic update.
+If you enable this policy setting or if you don't configure this policy setting, DNS clients maintain their default behavior and will attempt to replace conflicting (A) resource records during dynamic update.
-If you disable this policy setting, existing A resource records that contain conflicting IP addresses won't be replaced during a dynamic update, and an error will be recorded in Event Viewer.
+If you disable this policy setting, existing (A) resource records that contain conflicting IP addresses won't be replaced during a dynamic update, and an error will be recorded in Event Viewer.
@@ -754,8 +768,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -807,8 +822,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -855,8 +871,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -908,8 +925,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -954,8 +972,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1002,8 +1021,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1054,8 +1074,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1102,8 +1123,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1166,8 +1188,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1207,3 +1230,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-dwm.md b/windows/client-management/mdm/policy-csp-admx-dwm.md
index 10b9761d52..920a8c9d98 100644
--- a/windows/client-management/mdm/policy-csp-admx-dwm.md
+++ b/windows/client-management/mdm/policy-csp-admx-dwm.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_DWM
-description: Policy CSP - ADMX_DWM
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_DWM.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 08/31/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_DWM
@@ -58,8 +58,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -107,8 +108,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -156,8 +158,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -204,8 +207,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -252,8 +256,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -301,8 +306,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -343,3 +349,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-eaime.md b/windows/client-management/mdm/policy-csp-admx-eaime.md
index 21ee8c0b36..c08bae6677 100644
--- a/windows/client-management/mdm/policy-csp-admx-eaime.md
+++ b/windows/client-management/mdm/policy-csp-admx-eaime.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_EAIME
-description: Policy CSP - ADMX_EAIME
-ms.author: dansimp
+description: Learn about the Policy CSP - ADMX_EAIME.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 11/19/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_EAIME
@@ -76,8 +76,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -127,8 +128,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -190,8 +192,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -243,8 +246,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -293,8 +297,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -346,8 +351,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -396,8 +402,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -444,8 +451,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -494,8 +502,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -544,8 +553,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -594,8 +604,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -644,8 +655,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -686,3 +698,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md b/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md
index 00a8db9920..21c1fdf20f 100644
--- a/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md
+++ b/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_EncryptFilesonMove
-description: Policy CSP - ADMX_EncryptFilesonMove
-ms.author: dansimp
+description: Learn about the Policy CSP - ADMX_EncryptFilesonMove.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/02/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_EncryptFilesonMove
@@ -43,8 +43,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -63,9 +64,9 @@ manager: dansimp
This policy setting prevents File Explorer from encrypting files that are moved to an encrypted folder.
-If you enable this policy setting, File Explorer will not automatically encrypt files that are moved to an encrypted folder.
+If you enable this policy setting, File Explorer won't automatically encrypt files that are moved to an encrypted folder.
-If you disable or do not configure this policy setting, File Explorer automatically encrypts files that are moved to an encrypted folder.
+If you disable or don't configure this policy setting, File Explorer automatically encrypts files that are moved to an encrypted folder.
This setting applies only to files moved within a volume. When files are moved to other volumes, or if you create a new file in an encrypted folder, File Explorer encrypts those files automatically.
@@ -86,3 +87,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md b/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md
index 2ab763817c..01470abcbe 100644
--- a/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md
+++ b/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_EnhancedStorage
-description: Policy CSP - ADMX_EnhancedStorage
-ms.author: dansimp
+description: Learn about the Policy CSP - ADMX_EnhancedStorage.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 11/23/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_EnhancedStorage
@@ -58,8 +58,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -76,7 +77,7 @@ manager: dansimp
-This policy setting allows you to configure a list of Enhanced Storage devices by manufacturer and product ID that are usable on your computer.
+This policy setting allows you to configure a list of Enhanced Storage devices that contain a manufacturer and product ID that are usable on your computer.
If you enable this policy setting, only Enhanced Storage devices that contain a manufacturer and product ID specified in this policy are usable on your computer.
@@ -103,8 +104,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -121,7 +123,7 @@ ADMX Info:
-This policy setting allows you to create a list of IEEE 1667 silos, compliant with the Institute of Electrical and Electronics Engineers, Inc. (IEEE) 1667 specification, that are usable on your computer.
+This policy setting allows you to create a list of IEEE 1667 silos, compliant with the Institute of Electrical and Electronics Engineers, Inc. (IEEE) 1667 specification, that is usable on your computer.
If you enable this policy setting, only IEEE 1667 silos that match a silo type identifier specified in this policy are usable on your computer.
@@ -148,8 +150,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -193,8 +196,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -238,8 +242,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -258,7 +263,8 @@ ADMX Info:
This policy setting locks Enhanced Storage devices when the computer is locked.
-This policy setting is supported in Windows Server SKUs only.
+>[!Note]
+>This policy setting is supported in Windows Server SKUs only.
If you enable this policy setting, the Enhanced Storage device remains locked when the computer is locked.
@@ -285,8 +291,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -324,3 +331,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-errorreporting.md b/windows/client-management/mdm/policy-csp-admx-errorreporting.md
index 7e72497d05..75e7132a34 100644
--- a/windows/client-management/mdm/policy-csp-admx-errorreporting.md
+++ b/windows/client-management/mdm/policy-csp-admx-errorreporting.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_ErrorReporting
-description: Policy CSP - ADMX_ErrorReporting
-ms.author: dansimp
+description: Learn about the Policy CSP - ADMX_ErrorReporting.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 11/23/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_ErrorReporting
@@ -127,8 +127,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -178,8 +179,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -225,8 +227,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -249,11 +252,14 @@ To create a list of applications for which Windows Error Reporting never reports
If you enable this policy setting, you can create a list of applications that are always included in error reporting. To add applications to the list, click Show under the Report errors for applications on this list setting, and edit the list of application file names in the Show Contents dialog box. The file names must include the .exe file name extension (for example, notepad.exe). Errors that are generated by applications on this list are always reported, even if the Default dropdown in the Default application reporting policy setting is set to report no application errors.
-If the Report all errors in Microsoft applications or Report all errors in Windows components check boxes in the Default Application Reporting policy setting are filled, Windows Error Reporting reports errors as if all applications in these categories were added to the list in this policy setting. (Note: The Microsoft applications category includes the Windows components category.)
+If the Report all errors in Microsoft applications or Report all errors in Windows components check boxes in the Default Application Reporting policy setting are filled, Windows Error Reporting reports errors as if all applications in these categories were added to the list in this policy setting.
+
+>[!Note]
+>The Microsoft applications category includes the Windows components category.
If you disable this policy setting or don't configure it, the Default application reporting settings policy setting takes precedence.
-Also see the "Default Application Reporting" and "Application Exclusion List" policies.
+Also, see the "Default Application Reporting" and "Application Exclusion List" policies.
This setting will be ignored if the 'Configure Error Reporting' setting is disabled or not configured.
@@ -279,8 +285,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -307,22 +314,17 @@ This policy setting doesn't enable or disable Windows Error Reporting. To turn W
If you enable this policy setting, the setting overrides any user changes made to Windows Error Reporting settings in Control Panel, and default values are applied for any Windows Error Reporting policy settings that aren't configured (even if users have changed settings by using Control Panel). If you enable this policy setting, you can configure the following settings in the policy setting:
- "Do not display links to any Microsoft ‘More information’ websites": Select this option if you don't want error dialog boxes to display links to Microsoft websites.
-
- "Do not collect additional files": Select this option if you don't want extra files to be collected and included in error reports.
-
- "Do not collect additional computer data": Select this option if you don't want additional information about the computer to be collected and included in error reports.
-
- "Force queue mode for application errors": Select this option if you don't want users to report errors. When this option is selected, errors are stored in a queue directory, and the next administrator to sign in to the computer can send the error reports to Microsoft.
-
- "Corporate file path": Type a UNC path to enable Corporate Error Reporting. All errors are stored at the specified location instead of being sent directly to Microsoft, and the next administrator to sign in to the computer can send the error reports to Microsoft.
-
- "Replace instances of the word ‘Microsoft’ with": You can specify text with which to customize your error report dialog boxes. The word ""Microsoft"" is replaced with the specified text.
If you don't configure this policy setting, users can change Windows Error Reporting settings in Control Panel. By default, these settings are Enable Reporting on computers that are running Windows XP, and Report to Queue on computers that are running Windows Server 2003.
If you disable this policy setting, configuration settings in the policy setting are left blank.
-See related policy settings Display Error Notification (same folder as this policy setting), and Turn off Windows Error Reporting in Computer Configuration/Administrative Templates/System/Internet Communication Management/Internet Communication settings.
+See related policy settings Display Error Notification (same folder as this policy setting), and turn off Windows Error Reporting in Computer Configuration/Administrative Templates/System/Internet Communication Management/Internet Communication settings.
@@ -345,8 +347,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -394,8 +397,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -439,8 +443,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|No|No|
@@ -484,8 +489,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -529,8 +535,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|No|No|
@@ -572,8 +579,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -617,8 +625,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -662,8 +671,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -707,8 +717,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -752,8 +763,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -797,8 +809,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -842,8 +855,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -887,8 +901,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -910,13 +925,9 @@ This policy setting determines the consent behavior of Windows Error Reporting f
If you enable this policy setting, you can add specific event types to a list by clicking Show, and typing event types in the Value Name column of the Show Contents dialog box. Event types are those types meant for generic, non-fatal errors: crash, no response, and kernel fault errors. For each specified event type, you can set a consent level of 0, 1, 2, 3, or 4.
- 0 (Disable): Windows Error Reporting sends no data to Microsoft for this event type.
-
- 1 (Always ask before sending data): Windows prompts the user for consent to send reports.
-
- 2 (Send parameters): Windows Error Reporting automatically sends the minimum data required to check for an existing solution, and Windows prompts the user for consent to send more data requested by Microsoft.
-
- 3 (Send parameters and safe extra data): Windows Error Reporting automatically sends the minimum data required to check for an existing solution, and data which Windows has determined (within a high probability) doesn't contain personally identifiable data, and prompts the user for consent to send more data requested by Microsoft.
-
- 4 (Send all data): Any data requested by Microsoft is sent automatically.
If you disable or don't configure this policy setting, then the default consent settings that are applied are those settings specified by the user in Control Panel, or in the Configure Default Consent policy setting.
@@ -942,8 +953,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|No|No|
|Education|Yes|Yes|
@@ -987,8 +999,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1032,8 +1045,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1054,13 +1068,10 @@ This policy setting determines the default consent behavior of Windows Error Rep
If you enable this policy setting, you can set the default consent handling for error reports. The following list describes the Consent level settings that are available in the pull-down menu in this policy setting:
-- Always ask before sending data: Windows prompts users for consent to send reports.
-
-- Send parameters: Only the minimum data that is required to check for an existing solution is sent automatically, and Windows prompts users for consent to send more data that is requested by Microsoft.
-
-- Send parameters and safe extra data: the minimum data that is required to check for an existing solution, along with data which Windows has determined (within a high probability) doesn't contain personally identifiable information is sent automatically, and Windows prompts the user for consent to send more data that is requested by Microsoft.
-
-- Send all data: any error reporting data requested by Microsoft is sent automatically.
+- **Always ask before sending data**: Windows prompts users for consent to send reports.
+- **Send parameters**: Only the minimum data that is required to check for an existing solution is sent automatically, and Windows prompts users for consent to send more data that is requested by Microsoft.
+- **Send parameters and safe extra data**: the minimum data that is required to check for an existing solution, along with data which Windows has determined (within a high probability) doesn't contain personally identifiable information is sent automatically, and Windows prompts the user for consent to send more data that is requested by Microsoft.
+- **Send all data**: any error reporting data requested by Microsoft is sent automatically.
If this policy setting is disabled or not configured, then the consent level defaults to the highest-privacy setting: Always ask before sending data.
@@ -1085,8 +1096,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1107,13 +1119,10 @@ This policy setting determines the default consent behavior of Windows Error Rep
If you enable this policy setting, you can set the default consent handling for error reports. The following list describes the Consent level settings that are available in the pull-down menu in this policy setting:
-- Always ask before sending data: Windows prompts users for consent to send reports.
-
-- Send parameters: Only the minimum data that is required to check for an existing solution is sent automatically, and Windows prompts users for consent to send more data that is requested by Microsoft.
-
-- Send parameters and safe extra data: the minimum data that is required to check for an existing solution, along with data which Windows has determined (within a high probability) doesn't contain personally identifiable information is sent automatically, and Windows prompts the user for consent to send more data that is requested by Microsoft.
-
-- Send all data: any error reporting data requested by Microsoft is sent automatically.
+- **Always ask before sending data**: Windows prompts users for consent to send reports.
+- **Send parameters**: Only the minimum data that is required to check for an existing solution is sent automatically, and Windows prompts users for consent to send more data that is requested by Microsoft.
+- **Send parameters and safe extra data**: the minimum data that is required to check for an existing solution, along with data which Windows has determined (within a high probability) doesn't contain personally identifiable information is sent automatically, and Windows prompts the user for consent to send more data that is requested by Microsoft.
+- **Send all data**: any error reporting data requested by Microsoft is sent automatically.
If this policy setting is disabled or not configured, then the consent level defaults to the highest-privacy setting: Always ask before sending data.
@@ -1138,8 +1147,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1183,8 +1193,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1229,8 +1240,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1274,8 +1286,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1319,8 +1332,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1364,8 +1378,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1409,8 +1424,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1456,8 +1472,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1497,3 +1514,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-eventforwarding.md b/windows/client-management/mdm/policy-csp-admx-eventforwarding.md
index ffd209aa8f..627492ca73 100644
--- a/windows/client-management/mdm/policy-csp-admx-eventforwarding.md
+++ b/windows/client-management/mdm/policy-csp-admx-eventforwarding.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_EventForwarding
-description: Policy CSP - ADMX_EventForwarding
-ms.author: dansimp
+description: Learn about the Policy CSP - ADMX_EventForwarding.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 08/17/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_EventForwarding
@@ -47,8 +47,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -97,8 +98,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -122,11 +124,11 @@ If you enable this policy setting, you can configure the Source Computer to cont
Use the following syntax when using the HTTPS protocol:
``` syntax
-
Server=https://:5986/wsman/SubscriptionManager/WEC,Refresh=,IssuerCA=.
```
-When using the HTTP protocol, use port 5985.
+>[!Note]
+> When using the HTTP protocol, use port 5985.
If you disable or don't configure this policy setting, the Event Collector computer won't be specified.
@@ -146,3 +148,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-eventlog.md b/windows/client-management/mdm/policy-csp-admx-eventlog.md
index 5156768413..471b6a5631 100644
--- a/windows/client-management/mdm/policy-csp-admx-eventlog.md
+++ b/windows/client-management/mdm/policy-csp-admx-eventlog.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_EventLog
-description: Policy CSP - ADMX_EventLog
-ms.author: dansimp
+description: Learn about the Policy CSP - ADMX_EventLog.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/01/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_EventLog
@@ -103,8 +103,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -125,7 +126,10 @@ This policy setting turns on logging.
If you enable or don't configure this policy setting, then events can be written to this log.
-If the policy setting is disabled, then no new events can be logged. Events can always be read from the log, regardless of this policy setting.
+If the policy setting is disabled, then no new events can be logged.
+
+>[!Note]
+> Events can always be read from the log, regardless of this policy setting.
@@ -148,8 +152,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -193,8 +198,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -238,8 +244,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -283,8 +290,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -328,8 +336,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -373,8 +382,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -420,8 +430,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -467,8 +478,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -514,8 +526,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -561,8 +574,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -609,8 +623,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -657,8 +672,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -705,8 +721,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -753,8 +770,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -800,8 +818,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -847,8 +866,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -894,8 +914,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -941,8 +962,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|No|No|
|Education|Yes|Yes|
@@ -965,7 +987,8 @@ If you enable this policy setting and a log file reaches its maximum size, new e
If you disable or don't configure this policy setting and a log file reaches its maximum size, new events overwrite old events.
-Note: Old events may or may not be retained according to the "Backup log automatically when full" policy setting.
+>[!Note]
+> Old events may or may not be retained according to the "Backup log automatically when full" policy setting.
@@ -988,8 +1011,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1012,7 +1036,8 @@ If you enable this policy setting and a log file reaches its maximum size, new e
If you disable or don't configure this policy setting and a log file reaches its maximum size, new events overwrite old events.
-Note: Old events may or may not be retained according to the "Backup log automatically when full" policy setting.
+>[!Note]
+> Old events may or may not be retained according to the "Backup log automatically when full" policy setting.
@@ -1036,8 +1061,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1060,7 +1086,8 @@ If you enable this policy setting and a log file reaches its maximum size, new e
If you disable or don't configure this policy setting and a log file reaches its maximum size, new events overwrite old events.
-Note: Old events may or may not be retained according to the "Backup log automatically when full" policy setting.
+>[!Note]
+> Old events may or may not be retained according to the "Backup log automatically when full" policy setting.
@@ -1077,3 +1104,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-eventlogging.md b/windows/client-management/mdm/policy-csp-admx-eventlogging.md
index 135c65ed8f..03921b2021 100644
--- a/windows/client-management/mdm/policy-csp-admx-eventlogging.md
+++ b/windows/client-management/mdm/policy-csp-admx-eventlogging.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_EventLogging
-description: Policy CSP - ADMX_EventLogging
-ms.author: dansimp
+description: Learn about the Policy CSP - ADMX_EventLogging.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: nimishasatapathy
+author: vinaypamnani-msft
ms.date: 09/12/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_EventLogging
@@ -43,8 +43,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -63,11 +64,11 @@ manager: dansimp
This policy setting lets you configure Protected Event Logging.
-- If you enable this policy setting, components that support it will use the certificate you supply to encrypt potentially sensitive event log data before writing it to the event log. Data will be encrypted using the Cryptographic Message Syntax (CMS) standard and the public key you provide.
+If you enable this policy setting, components that support it will use the certificate you supply to encrypt potentially sensitive event log data before writing it to the event log. Data will be encrypted using the Cryptographic Message Syntax (CMS) standard and the public key you provide.
-You can use the Unprotect-CmsMessage PowerShell cmdlet to decrypt these encrypted messages, if you have access to the private key corresponding to the public key that they were encrypted with.
+You can use the `Unprotect-CmsMessage` PowerShell cmdlet to decrypt these encrypted messages, if you have access to the private key corresponding to the public key that they were encrypted with.
-- If you disable or don't configure this policy setting, components won't encrypt event log messages before writing them to the event log.
+If you disable or don't configure this policy setting, components won't encrypt event log messages before writing them to the event log.
@@ -85,3 +86,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-eventviewer.md b/windows/client-management/mdm/policy-csp-admx-eventviewer.md
index b5dd4d7f65..a3979738bd 100644
--- a/windows/client-management/mdm/policy-csp-admx-eventviewer.md
+++ b/windows/client-management/mdm/policy-csp-admx-eventviewer.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_EventViewer
-description: Policy CSP - ADMX_EventViewer
-ms.author: dansimp
+description: Learn about the Policy CSP - ADMX_EventViewer.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: nimishasatapathy
+author: vinaypamnani-msft
ms.date: 09/13/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_EventViewer
@@ -49,8 +49,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -91,8 +92,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -132,8 +134,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -150,9 +153,9 @@ ADMX Info:
-This URL is the one that will be passed to the Description area in the Event Properties dialog box.
-Change this value if you want to use a different Web server to handle event information requests.
+This URL is the one that will be passed to the Description area in the Event Properties dialog box.
+Change this value if you want to use a different Web server to handle event information requests.
@@ -170,3 +173,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-explorer.md b/windows/client-management/mdm/policy-csp-admx-explorer.md
index cc7f6818aa..c3be668f23 100644
--- a/windows/client-management/mdm/policy-csp-admx-explorer.md
+++ b/windows/client-management/mdm/policy-csp-admx-explorer.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_Explorer
-description: Policy CSP - ADMX_Explorer
-ms.author: dansimp
+description: Learn about the Policy CSP - ADMX_Explorer.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/08/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_Explorer
@@ -55,8 +55,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -73,7 +74,7 @@ manager: dansimp
-Sets the target of the More Information link that will be displayed when the user attempts to run a program that is blocked by policy.
+This policy setting sets the target of the More Information link that will be displayed when the user attempts to run a program that is blocked by policy.
@@ -96,8 +97,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -145,8 +147,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -163,7 +166,7 @@ ADMX Info:
-This policy setting allows administrators who have configured roaming profile in conjunction with Delete Cached Roaming Profile Group Policy setting to ensure that Explorer won't reinitialize default program associations and other settings to default values.
+This policy setting allows administrators who have configured roaming profile with Delete Cached Roaming Profile Group Policy setting to ensure that Explorer won't reinitialize default program associations and other settings to default values.
If you enable this policy setting on a machine that doesn't contain all programs installed in the same manner as it was on the machine on which the user had last logged on, unexpected behavior could occur.
@@ -188,8 +191,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -206,14 +210,14 @@ ADMX Info:
-This policy setting allows administrators to prevent users from adding new items such as files or folders to the root of their Users Files folder in File Explorer.
+This policy setting allows administrators to prevent users from adding new items, such as files or folders to the root of their Users Files folder in File Explorer.
-If you enable this policy setting, users will no longer be able to add new items such as files or folders to the root of their Users Files folder in File Explorer.
+If you enable this policy setting, users will no longer be able to add new items, such as files or folders to the root of their Users Files folder in File Explorer.
If you disable or don't configure this policy setting, users will be able to add new items such as files or folders to the root of their Users Files folder in File Explorer.
> [!NOTE]
-> Enabling this policy setting doesn't prevent the user from being able to add new items such as files and folders to their actual file system profile folder at %userprofile%.
+> Enabling this policy setting doesn't prevent the user from being able to add new items, such as files and folders to their actual file system profile folder at %userprofile%.
@@ -236,8 +240,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -254,7 +259,9 @@ ADMX Info:
-This policy is similar to settings directly available to computer users. Disabling animations can improve usability for users with some visual disabilities, and also improve performance and battery life in some scenarios.
+This policy is similar to settings directly available to computer users.
+
+Disabling animations can improve usability for users with some visual disabilities, and also improve performance and battery life in some scenarios.
@@ -269,4 +276,8 @@ ADMX Info:
-
\ No newline at end of file
+
+
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-externalboot.md b/windows/client-management/mdm/policy-csp-admx-externalboot.md
index 88a074cba8..7d85473280 100644
--- a/windows/client-management/mdm/policy-csp-admx-externalboot.md
+++ b/windows/client-management/mdm/policy-csp-admx-externalboot.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_ExternalBoot
-description: Policy CSP - ADMX_ExternalBoot
-ms.author: dansimp
+description: Learn about the Policy CSP - ADMX_ExternalBoot.
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: nimishasatapathy
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/13/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_ExternalBoot
@@ -51,8 +51,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -71,9 +72,9 @@ manager: dansimp
This policy specifies whether the PC can use the hibernation sleep state (S4) when started from a Windows To Go workspace.
-- If you enable this setting, Windows, when started from a Windows To Go workspace, can hibernate the PC.
+If you enable this setting, Windows, when started from a Windows To Go workspace, can hibernate the PC.
-- If you disable or don't configure this setting, Windows, when started from a Windows To Go workspace, and can't hibernate the PC.
+If you disable or don't configure this setting, Windows, when started from a Windows To Go workspace, and can't hibernate the PC.
@@ -99,8 +100,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -145,8 +147,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -165,9 +168,9 @@ ADMX Info:
This policy setting controls whether the PC will boot to Windows To Go if a USB device containing a Windows To Go workspace is connected, and controls whether users can make changes using the Windows To Go Startup Options Control Panel item.
-- If you enable this setting, booting to Windows To Go when a USB device is connected will be enabled, and users won't be able to make changes using the Windows To Go Startup Options Control Panel item.
+If you enable this setting, booting to Windows To Go when a USB device is connected will be enabled, and users won't be able to make changes using the Windows To Go Startup Options Control Panel item.
-- If you disable this setting, booting to Windows To Go when a USB device is connected won't be enabled unless a user configures the option manually in the BIOS or other boot order configuration.
+If you disable this setting, booting to Windows To Go when a USB device is connected won't be enabled unless a user configures the option manually in the BIOS or other boot order configuration.
If you don't configure this setting, users who are members of the Administrators group can make changes using the Windows To Go Startup Options Control Panel item.
@@ -185,3 +188,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-filerecovery.md b/windows/client-management/mdm/policy-csp-admx-filerecovery.md
index 74cc4f3f50..e81f6e1043 100644
--- a/windows/client-management/mdm/policy-csp-admx-filerecovery.md
+++ b/windows/client-management/mdm/policy-csp-admx-filerecovery.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_FileRecovery
-description: Policy CSP - ADMX_FileRecovery
-ms.author: dansimp
+description: Learn about the Policy CSP - ADMX_FileRecovery.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 03/24/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_FileRecovery
@@ -40,8 +40,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -74,3 +75,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-filerevocation.md b/windows/client-management/mdm/policy-csp-admx-filerevocation.md
index 3fd0807394..6cf18b696b 100644
--- a/windows/client-management/mdm/policy-csp-admx-filerevocation.md
+++ b/windows/client-management/mdm/policy-csp-admx-filerevocation.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_FileRevocation
-description: Policy CSP - ADMX_FileRevocation
-ms.author: dansimp
+description: Learn about the Policy CSP - ADMX_FileRevocation.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: nimishasatapathy
+author: vinaypamnani-msft
ms.date: 09/13/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_FileRevocation
@@ -41,8 +41,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -60,9 +61,9 @@ manager: dansimp
Windows Runtime applications can protect content that has been associated with an enterprise identifier (EID), but can only revoke access to content it protected. To allow an application to revoke access to all content on the device that is protected by a particular enterprise, add an entry to the list on a new line that contains the enterprise identifier, separated by a comma, and the Package Family Name of the application. The EID must be an internet domain belonging to the enterprise in standard international domain name format.
Example value: `Contoso.com,ContosoIT.HumanResourcesApp_m5g0r7arhahqy`
-- If you enable this policy setting, the application identified by the Package Family Name will be permitted to revoke access to all content protected using the specified EID on the device.
+If you enable this policy setting, the application identified by the Package Family Name will be permitted to revoke access to all content protected using the specified EID on the device.
-- If you disable or don't configure this policy setting, the only Windows Runtime applications that can revoke access to all enterprise-protected content on the device are Windows Mail and the user-selected mailto protocol handler app.
+If you disable or don't configure this policy setting, the only Windows Runtime applications that can revoke access to all enterprise-protected content on the device are Windows Mail and the user-selected mailto protocol handler app.
Any other Windows Runtime application will only be able to revoke access to content it protected.
@@ -85,3 +86,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md b/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md
index 18ddd06906..5f9d1741bd 100644
--- a/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md
+++ b/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_FileServerVSSProvider
-description: Policy CSP - ADMX_FileServerVSSProvider
-ms.author: dansimp
+description: Learn about the Policy CSP - ADMX_FileServerVSSProvider.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/02/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_FileServerVSSProvider
@@ -43,8 +43,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -86,3 +87,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-filesys.md b/windows/client-management/mdm/policy-csp-admx-filesys.md
index ab0c455e6b..e5c5587bc2 100644
--- a/windows/client-management/mdm/policy-csp-admx-filesys.md
+++ b/windows/client-management/mdm/policy-csp-admx-filesys.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_FileSys
-description: Policy CSP - ADMX_FileSys
-ms.author: dansimp
+description: Learn about the Policy CSP - ADMX_FileSys.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/02/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_FileSys
@@ -62,8 +62,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -99,12 +100,12 @@ ADMX Info:
**ADMX_FileSys/DisableDeleteNotification**
-
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -146,8 +147,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -164,8 +166,9 @@ ADMX Info:
-Encryption can add to the processing overhead of filesystem operations. Enabling this setting will prevent access to and creation of encrypted files.
+Encryption can add to the processing overhead of filesystem operations.
+Enabling this setting will prevent access to and creation of encrypted files.
ADMX Info:
@@ -184,8 +187,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -202,7 +206,9 @@ ADMX Info:
-Encrypting the page file prevents malicious users from reading data that has been paged to disk, but also adds processing overhead for filesystem operations. Enabling this setting will cause the page files to be encrypted.
+Encrypting the page file prevents malicious users from reading data that has been paged to disk, but also adds processing overhead for filesystem operations.
+
+Enabling this setting will cause the page files to be encrypted.
@@ -223,8 +229,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -241,7 +248,9 @@ ADMX Info:
-Enabling Win32 long paths will allow manifested win32 applications and Windows Store applications to access paths beyond the normal 260 character limit per node on file systems that support it. Enabling this setting will cause the long paths to be accessible within the process.
+Enabling Win32 long paths will allow manifested win32 applications and Windows Store applications to access paths beyond the normal 260 character limit per node on file systems that support it.
+
+Enabling this setting will cause the long paths to be accessible within the process.
@@ -262,8 +271,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -282,7 +292,9 @@ ADMX Info:
This policy setting provides control over whether or not short names are generated during file creation. Some applications require short names for compatibility, but short names have a negative performance impact on the system.
-If you enable short names on all volumes, then short names will always be generated. If you disable them on all volumes, then they'll never be generated. If you set short name creation to be configurable on a per volume basis, then an on-disk flag will determine whether or not short names are created on a given volume. If you disable short name creation on all data volumes, then short names will only be generated for files created on the system volume.
+If you enable short names on all volumes, then short names will always be generated. If you disable them on all volumes, then they'll never be generated. If you set short name creation to be configurable on a per volume basis, then an on-disk flag will determine whether or not short names are created on a given volume.
+
+If you disable short name creation on all data volumes, then short names will only be generated for files created on the system volume.
@@ -304,8 +316,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -353,8 +366,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -390,3 +404,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-folderredirection.md b/windows/client-management/mdm/policy-csp-admx-folderredirection.md
index cebe91fbd3..cca8d67c3b 100644
--- a/windows/client-management/mdm/policy-csp-admx-folderredirection.md
+++ b/windows/client-management/mdm/policy-csp-admx-folderredirection.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_FolderRedirection
-description: Policy CSP - ADMX_FolderRedirection
-ms.author: dansimp
+description: Learn about the Policy CSP - ADMX_FolderRedirection.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/02/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_FolderRedirection
@@ -60,8 +60,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -111,8 +112,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -161,8 +163,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -206,8 +209,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -254,8 +258,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -301,8 +306,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -350,8 +356,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -395,3 +402,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-framepanes.md b/windows/client-management/mdm/policy-csp-admx-framepanes.md
index 4b83f0c105..a30e0b8b87 100644
--- a/windows/client-management/mdm/policy-csp-admx-framepanes.md
+++ b/windows/client-management/mdm/policy-csp-admx-framepanes.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_FramePanes
-description: Policy CSP - ADMX_FramePanes
-ms.author: dansimp
+description: Learn about the Policy CSP - ADMX_FramePanes.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: nimishasatapathy
+author: vinaypamnani-msft
ms.date: 09/14/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_FramePanes
@@ -43,8 +43,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -63,14 +64,14 @@ manager: dansimp
This policy setting shows or hides the Details Pane in File Explorer.
-- If you enable this policy setting and configure it to hide the pane, the Details Pane in File Explorer is hidden and can't be turned on by the user.
+If you enable this policy setting and configure it to hide the pane, the Details Pane in File Explorer is hidden and can't be turned on by the user.
-- If you enable this policy setting and configure it to show the pane, the Details Pane is always visible and can't be hidden by the user.
+If you enable this policy setting and configure it to show the pane, the Details Pane is always visible and can't be hidden by the user.
> [!NOTE]
> This has a side effect of not being able to toggle to the Preview Pane since the two can't be displayed at the same time.
-- If you disable, or don't configure this policy setting, the Details Pane is hidden by default and can be displayed by the user.
+If you disable, or don't configure this policy setting, the Details Pane is hidden by default and can be displayed by the user.
This setting is the default policy setting.
@@ -94,8 +95,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -114,9 +116,9 @@ ADMX Info:
Hides the Preview Pane in File Explorer.
-- If you enable this policy setting, the Preview Pane in File Explorer is hidden and can't be turned on by the user.
+If you enable this policy setting, the Preview Pane in File Explorer is hidden and can't be turned on by the user.
-- If you disable, or don't configure this setting, the Preview Pane is hidden by default and can be displayed by the user.
+If you disable, or don't configure this setting, the Preview Pane is hidden by default and can be displayed by the user.
@@ -132,3 +134,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-fthsvc.md b/windows/client-management/mdm/policy-csp-admx-fthsvc.md
index 3cf5694548..d571a60d05 100644
--- a/windows/client-management/mdm/policy-csp-admx-fthsvc.md
+++ b/windows/client-management/mdm/policy-csp-admx-fthsvc.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_FTHSVC
-description: Policy CSP - ADMX_FTHSVC
-ms.author: dansimp
+description: Learn about the Policy CSP - ADMX_FTHSVC.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: nimishasatapathy
+author: vinaypamnani-msft
ms.date: 09/15/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_FTHSVC
@@ -42,8 +42,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -62,12 +63,14 @@ manager: dansimp
This policy setting permits or prohibits the Diagnostic Policy Service (DPS) from automatically resolving any heap corruption problems.
-- If you enable this policy setting, the DPS detects, troubleshoots, and attempts to resolve automatically any heap corruption problems.
+If you enable this policy setting, the DPS detects, troubleshoots, and attempts to resolve automatically any heap corruption problems.
-- If you disable this policy setting, Windows cannot detect, troubleshoot, and attempt to resolve automatically any heap corruption problems that are handled by the DPS.
-If you do not configure this policy setting, the DPS enables Fault Tolerant Heap for resolution by default.
-This policy setting takes effect only if the diagnostics-wide scenario execution policy is not configured.
-This policy setting takes effect only when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios are not executed.
+If you disable this policy setting, Windows can't detect, troubleshoot, and attempt to resolve automatically any heap corruption problems that are handled by the DPS.
+
+If you don't configure this policy setting, the DPS enables Fault Tolerant Heap for resolution by default.
+
+This policy setting takes effect only if the diagnostics-wide scenario execution policy isn't configured.
+This policy setting takes effect only when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios aren't executed.
The DPS can be configured with the Services snap-in to the Microsoft Management Console.
No system restart or service restart is required for this policy setting to take effect: changes take effect immediately.
@@ -87,3 +90,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-globalization.md b/windows/client-management/mdm/policy-csp-admx-globalization.md
index 45623d01c7..51540ef8ab 100644
--- a/windows/client-management/mdm/policy-csp-admx-globalization.md
+++ b/windows/client-management/mdm/policy-csp-admx-globalization.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_Globalization
-description: Policy CSP - ADMX_Globalization
-ms.author: dansimp
+description: Learn about the Policy CSP - ADMX_Globalization.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/14/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_Globalization
@@ -112,8 +112,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -134,9 +135,9 @@ This policy prevents automatic copying of user input methods to the system accou
This confinement doesn't affect the availability of user input methods on the lock screen or with the UAC prompt.
-If the policy is Enabled, then the user will get input methods enabled for the system account on the sign-in page.
+If the policy is enabled, then the user will get input methods enabled for the system account on the sign-in page.
-If the policy is Disabled or Not Configured, then the user will be able to use input methods enabled for their user account on the sign-in page.
+If the policy is disabled or not configured, then the user will be able to use input methods enabled for their user account on the sign-in page.
@@ -160,8 +161,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -213,8 +215,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -266,8 +269,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -319,8 +323,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -369,8 +374,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -418,8 +424,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -465,8 +472,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -490,7 +498,7 @@ Automatic learning enables the collection and storage of text and ink written by
> [!NOTE]
> Automatic learning of both text and ink might not be available for all languages, even when handwriting personalization is available. For more information, see Tablet PC Help.
-If you enable this policy setting, automatic learning stops and any stored data is deleted. Users can't configure this setting in Control Panel.
+If you enable this policy setting, automatic learning stops and any stored data are deleted. Users can't configure this setting in Control Panel.
If you disable this policy setting, automatic learning is turned on. Users can't configure this policy setting in Control Panel. Collected data is only used for handwriting recognition, if handwriting personalization is turned on.
@@ -524,8 +532,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -549,7 +558,7 @@ Automatic learning enables the collection and storage of text and ink written by
> [!NOTE]
> Automatic learning of both text and ink might not be available for all languages, even when handwriting personalization is available. For more information, see Tablet PC Help.
-If you enable this policy setting, automatic learning stops and any stored data is deleted. Users can't configure this setting in Control Panel.
+If you enable this policy setting, automatic learning stops and any stored data are deleted. Users can't configure this setting in Control Panel.
If you disable this policy setting, automatic learning is turned on. Users can't configure this policy setting in Control Panel. Collected data is only used for handwriting recognition, if handwriting personalization is turned on.
@@ -583,8 +592,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -630,8 +640,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -679,8 +690,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -730,8 +742,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -777,8 +790,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -826,8 +840,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -875,8 +890,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -924,8 +940,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -977,8 +994,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1030,8 +1048,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1077,8 +1096,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1099,9 +1119,9 @@ This policy turns off the autocorrect misspelled words option. This turn off doe
The autocorrect misspelled words option controls whether or not errors in typed text will be automatically corrected.
-If the policy is Enabled, then the option will be locked to not autocorrect misspelled words.
+If the policy is enabled, then the option will be locked to not autocorrect misspelled words.
-If the policy is Disabled or Not Configured, then the user will be free to change the setting according to their preference.
+If the policy is disabled or not configured, then the user will be free to change the setting according to their preference.
The availability and function of this setting is dependent on supported languages being enabled.
@@ -1125,8 +1145,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1147,9 +1168,9 @@ This policy turns off the highlight misspelled words option. This turn off doesn
The highlight misspelled words option controls whether or next spelling errors in typed text will be highlighted.
-If the policy is Enabled, then the option will be locked to not highlight misspelled words.
+If the policy is enabled, then the option will be locked to not highlight misspelled words.
-If the policy is Disabled or Not Configured, then the user will be free to change the setting according to their preference.
+If the policy is disabled or not configured, then the user will be free to change the setting according to their preference.
The availability and function of this setting is dependent on supported languages being enabled.
@@ -1174,8 +1195,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1196,9 +1218,9 @@ This policy turns off the insert a space after selecting a text prediction optio
The insert a space after selecting a text prediction option controls whether or not a space will be inserted after the user selects a text prediction candidate when using the on-screen keyboard.
-If the policy is Enabled, then the option will be locked to not insert a space after selecting a text prediction.
+If the policy is enabled, then the option will be locked to not insert a space after selecting a text prediction.
-If the policy is Disabled or Not Configured, then the user will be free to change the setting according to their preference.
+If the policy is disabled or not configured, then the user will be free to change the setting according to their preference.
The availability and function of this setting is dependent on supported languages being enabled.
@@ -1222,8 +1244,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1244,9 +1267,9 @@ This policy turns off the offer text predictions as I type option. This turn off
The offer text predictions as I type option controls whether or not text prediction suggestions will be presented to the user on the on-screen keyboard.
-If the policy is Enabled, then the option will be locked to not offer text predictions.
+If the policy is enabled, then the option will be locked to not offer text predictions.
-If the policy is Disabled or Not Configured, then the user will be free to change the setting according to their preference.
+If the policy is disabled or not configured, then the user will be free to change the setting according to their preference.
The availability and function of this setting is dependent on supported languages being enabled.
@@ -1271,8 +1294,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1312,4 +1336,8 @@ ADMX Info:
-
\ No newline at end of file
+
+
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-grouppolicy.md b/windows/client-management/mdm/policy-csp-admx-grouppolicy.md
index f3e83e48f1..986333d80f 100644
--- a/windows/client-management/mdm/policy-csp-admx-grouppolicy.md
+++ b/windows/client-management/mdm/policy-csp-admx-grouppolicy.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_GroupPolicy
-description: Policy CSP - ADMX_GroupPolicy
-ms.author: dansimp
+description: Learn about the Policy CSP - ADMX_GroupPolicy.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/21/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_GroupPolicy
@@ -168,8 +168,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -224,8 +225,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -276,8 +278,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -330,8 +333,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -384,8 +388,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -436,8 +441,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -490,8 +496,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -544,8 +551,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -594,8 +602,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -646,8 +655,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -698,8 +708,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -754,8 +765,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -810,8 +822,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -856,8 +869,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -911,8 +925,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -966,8 +981,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1008,8 +1024,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1065,8 +1082,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1114,8 +1132,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1165,8 +1184,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1219,8 +1239,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1267,8 +1288,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1317,8 +1339,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1367,8 +1390,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1415,8 +1439,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1468,8 +1493,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1512,8 +1538,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1567,8 +1594,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1624,8 +1652,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1681,8 +1710,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1705,7 +1735,7 @@ In addition to background updates, Group Policy for the computer is always updat
By default, computer Group Policy is updated in the background every 90 minutes, with a random offset of 0 to 30 minutes.
-If you enable this setting, you can specify an update rate from 0 to 64,800 minutes (45 days). If you select 0 minutes, the computer tries to update Group Policy every 7 seconds. However, because updates might interfere with users' work and increase network traffic, very short update intervals aren't appropriate for most installations.
+If you enable this setting, you can specify an update rate from 0 to 64,800 minutes (45 days). If you select 0 minutes, the computer tries to update Group Policy every 7 seconds. However, because updates might interfere with users' work and increase network traffic, short update intervals aren't appropriate for most installations.
If you disable this setting, Group Policy is updated every 90 minutes (the default). To specify that Group Policy should never be updated while the computer is in use, select the "Turn off background refresh of Group Policy" policy.
@@ -1740,8 +1770,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1762,7 +1793,7 @@ This policy setting specifies how often Group Policy is updated on domain contro
By default, Group Policy on the domain controllers is updated every five minutes.
-If you enable this setting, you can specify an update rate from 0 to 64,800 minutes (45 days). If you select 0 minutes, the domain controller tries to update Group Policy every 7 seconds. However, because updates might interfere with users' work and increase network traffic, very short update intervals aren't appropriate for most installations.
+If you enable this setting, you can specify an update rate from 0 to 64,800 minutes (45 days). If you select 0 minutes, the domain controller tries to update Group Policy every 7 seconds. However, because updates might interfere with users' work and increase network traffic, short update intervals aren't appropriate for most installations.
If you disable or don't configure this setting, the domain controller updates Group Policy every 5 minutes (the default). To specify that Group Policies for users should never be updated while the computer is in use, select the "Turn off background refresh of Group Policy" setting.
@@ -1793,8 +1824,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1817,7 +1849,7 @@ In addition to background updates, Group Policy for users is always updated when
By default, user Group Policy is updated in the background every 90 minutes, with a random offset of 0 to 30 minutes.
-If you enable this setting, you can specify an update rate from 0 to 64,800 minutes (45 days). If you select 0 minutes, the computer tries to update user Group Policy every 7 seconds. However, because updates might interfere with users' work and increase network traffic, very short update intervals aren't appropriate for most installations.
+If you enable this setting, you can specify an update rate from 0 to 64,800 minutes (45 days). If you select 0 minutes, the computer tries to update user Group Policy every 7 seconds. However, because updates might interfere with users' work and increase network traffic, short update intervals aren't appropriate for most installations.
If you disable this setting, user Group Policy is updated every 90 minutes (the default). To specify that Group Policy for users should never be updated while the computer is in use, select the "Turn off background refresh of Group Policy" setting.
@@ -1854,8 +1886,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1906,8 +1939,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1954,8 +1988,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2000,8 +2035,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2025,7 +2061,6 @@ By default, when you edit a Group Policy Object (GPO) using the Group Policy Obj
This edit-option leads to the following behavior:
- If you originally created the GPO with, for example, an English system, the GPO contains English ADM files.
-
- If you later edit the GPO from a different-language system, you get the English ADM files as they were in the GPO.
You can change this behavior by using this setting.
@@ -2034,7 +2069,7 @@ If you enable this setting, the Group Policy Object Editor snap-in always uses l
This pattern leads to the following behavior:
-- If you had originally created the GPO with an English system, and then you edit the GPO with a Japanese system, the Group Policy Object Editor snap-in uses the local Japanese ADM files, and you see the text in Japanese under Administrative Templates.
+If you had originally created the GPO with an English system, and then you edit the GPO with a Japanese system, the Group Policy Object Editor snap-in uses the local Japanese ADM files, and you see the text in Japanese under Administrative Templates.
If you disable or don't configure this setting, the Group Policy Object Editor snap-in always loads all ADM files from the actual GPO.
@@ -2063,8 +2098,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2084,21 +2120,15 @@ ADMX Info:
This security feature provides a means to override individual process MitigationOptions settings. This security feature can be used to enforce many security policies specific to applications. The application name is specified as the Value name, including extension. The Value is specified as a bit field with a series of flags in particular positions. Bits can be set to either 0 (setting is forced off), 1 (setting is forced on), or ? (setting retains its existing value prior to GPO evaluation). The recognized bit locations are:
-PROCESS_CREATION_MITIGATION_POLICY_DEP_ENABLE (0x00000001)
-Enables data execution prevention (DEP) for the child process
+PROCESS_CREATION_MITIGATION_POLICY_DEP_ENABLE (0x00000001): Enables data execution prevention (DEP) for the child process
-PROCESS_CREATION_MITIGATION_POLICY_DEP_ATL_THUNK_ENABLE (0x00000002)
-Enables DEP-ATL thunk emulation for the child process. DEP-ATL thunk emulation causes the system to intercept NX faults that originate from the Active Template Library (ATL) thunk layer.
+PROCESS_CREATION_MITIGATION_POLICY_DEP_ATL_THUNK_ENABLE (0x00000002): Enables DEP-ATL thunk emulation for the child process. DEP-ATL thunk emulation causes the system to intercept NX faults that originate from the Active Template Library (ATL) thunk layer.
-PROCESS_CREATION_MITIGATION_POLICY_SEHOP_ENABLE (0x00000004)
-Enables structured exception handler overwrite protection (SEHOP) for the child process. SEHOP blocks exploits that use the structured exception handler (SEH) overwrite technique.
+PROCESS_CREATION_MITIGATION_POLICY_SEHOP_ENABLE (0x00000004): Enables structured exception handler overwrite protection (SEHOP) for the child process. SEHOP blocks exploits that use the structured exception handler (SEH) overwrite technique.
-PROCESS_CREATION_MITIGATION_POLICY_FORCE_RELOCATE_IMAGES_ALWAYS_ON (0x00000100)
-The force Address Space Layout Randomization (ASLR) policy forcibly rebases images that aren't dynamic base compatible by acting as though an image base collision happened at load time. If relocations are required, images that don't have a base relocation section won't be loaded.
+PROCESS_CREATION_MITIGATION_POLICY_FORCE_RELOCATE_IMAGES_ALWAYS_ON (0x00000100): The force Address Space Layout Randomization (ASLR) policy forcibly rebases images that aren't dynamic base compatible by acting as though an image base collision happened at load time. If relocations are required, images that don't have a base relocation section won't be loaded.
-PROCESS_CREATION_MITIGATION_POLICY_BOTTOM_UP_ASLR_ALWAYS_ON (0x00010000)
-PROCESS_CREATION_MITIGATION_POLICY_BOTTOM_UP_ASLR_ALWAYS_OFF (0x00020000)
-The bottom-up randomization policy, which includes stack randomization options, causes a random location to be used as the lowest user address.
+PROCESS_CREATION_MITIGATION_POLICY_BOTTOM_UP_ASLR_ALWAYS_ON (0x00010000),PROCESS_CREATION_MITIGATION_POLICY_BOTTOM_UP_ASLR_ALWAYS_OFF (0x00020000): The bottom-up randomization policy, which includes stack randomization options, causes a random location to be used as the lowest user address.
For instance, to enable PROCESS_CREATION_MITIGATION_POLICY_DEP_ENABLE and PROCESS_CREATION_MITIGATION_POLICY_FORCE_RELOCATE_IMAGES_ALWAYS_ON, disable PROCESS_CREATION_MITIGATION_POLICY_BOTTOM_UP_ASLR_ALWAYS_OFF, and to leave all other options at their default values, specify a value of:
???????????????0???????1???????1
@@ -2127,8 +2157,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2178,8 +2209,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2220,8 +2252,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2271,8 +2304,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2325,8 +2359,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2371,8 +2406,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2391,13 +2427,12 @@ ADMX Info:
This policy setting directs the system to apply the set of Group Policy objects for the computer to any user who signs in to a computer affected by this setting. It's intended for special-use computers, such as those in public places, laboratories, and classrooms, where you must modify the user setting based on the computer that is being used.
-By default, the user's Group Policy Objects determine which user settings apply. If this setting is enabled, then, when a user signs in to this computer, the computer's Group Policy Objects determine which set of Group Policy Objects applies.
+By default, the user's Group Policy Objects determine which user settings apply. If this setting is enabled, then when a user signs in to this computer, the computer's Group Policy Objects determine which set of Group Policy Objects applies.
If you enable this setting, you can select one of the following modes from the Mode box:
-"Replace" indicates that the user settings defined in the computer's Group Policy Objects replace the user settings normally applied to the user.
-
-"Merge" indicates that the user settings defined in the computer's Group Policy Objects and the user settings normally applied to the user are combined. If the settings conflict, the user settings in the computer's Group Policy Objects take precedence over the user's normal settings.
+- "Replace" indicates that the user settings defined in the computer's Group Policy Objects replace the user settings normally applied to the user.
+- "Merge" indicates that the user settings defined in the computer's Group Policy Objects and the user settings normally applied to the user are combined. If the settings conflict, the user settings in the computer's Group Policy Objects take precedence over the user's normal settings.
If you disable this setting or don't configure it, the user's Group Policy Objects determines which user settings apply.
@@ -2419,4 +2454,8 @@ ADMX Info:
-
\ No newline at end of file
+
+
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-help.md b/windows/client-management/mdm/policy-csp-admx-help.md
index 3bdf5aa985..ef05d2efca 100644
--- a/windows/client-management/mdm/policy-csp-admx-help.md
+++ b/windows/client-management/mdm/policy-csp-admx-help.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_Help
-description: Policy CSP - ADMX_Help
-ms.author: dansimp
+description: Learn about the Policy CSP - ADMX_Help.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/03/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_Help
@@ -22,7 +22,7 @@ manager: dansimp
-
## ADMX_Help policies
@@ -51,8 +51,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -82,7 +83,7 @@ If you disable or don't configure this policy setting, DEP is turned on for HTML
ADMX Info:
-- GP Friendly name: *Turn off Data Execution Prevention for HTML Help Executible*
+- GP Friendly name: *Turn off Data Execution Prevention for HTML Help Executable*
- GP name: *DisableHHDEP*
- GP path: *System*
- GP ADMX file name: *Help.admx*
@@ -99,8 +100,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -159,8 +161,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -210,8 +213,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -256,3 +260,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-helpandsupport.md b/windows/client-management/mdm/policy-csp-admx-helpandsupport.md
index 806207275f..e013dc38ab 100644
--- a/windows/client-management/mdm/policy-csp-admx-helpandsupport.md
+++ b/windows/client-management/mdm/policy-csp-admx-helpandsupport.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_HelpAndSupport
-description: Policy CSP - ADMX_HelpAndSupport
-ms.author: dansimp
+description: Learn about the Policy CSP - ADMX_HelpAndSupport.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/03/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_HelpAndSupport
@@ -51,8 +51,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -71,9 +72,9 @@ manager: dansimp
This policy setting specifies whether active content links in trusted assistance content are rendered. By default, the Help viewer renders trusted assistance content with active elements such as ShellExecute links and Guided Help links.
-If you enable this policy setting, active content links are not rendered. The text is displayed, but there are no clickable links for these elements.
+If you enable this policy setting, active content links aren't rendered. The text is displayed, but there are no clickable links for these elements.
-If you disable or do not configure this policy setting, the default behavior applies (Help viewer renders trusted assistance content with active elements).
+If you disable or don't configure this policy setting, the default behavior applies (Help viewer renders trusted assistance content with active elements).
@@ -97,8 +98,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -117,9 +119,9 @@ ADMX Info:
This policy setting specifies whether users can provide ratings for Help content.
-If you enable this policy setting, ratings controls are not added to Help content.
+If you enable this policy setting, ratings controls aren't added to Help content.
-If you disable or do not configure this policy setting, ratings controls are added to Help topics.
+If you disable or don't configure this policy setting, ratings controls are added to Help topics.
Users can use the control to provide feedback on the quality and usefulness of the Help and Support content.
@@ -144,8 +146,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -164,9 +167,9 @@ ADMX Info:
This policy setting specifies whether users can participate in the Help Experience Improvement program. The Help Experience Improvement program collects information about how customers use Windows Help so that Microsoft can improve it.
-If you enable this policy setting, users cannot participate in the Help Experience Improvement program.
+If you enable this policy setting, users can't participate in the Help Experience Improvement program.
-If you disable or do not configure this policy setting, users can turn on the Help Experience Improvement program feature from the Help and Support settings page.
+If you disable or don't configure this policy setting, users can turn on the Help Experience Improvement program feature from the Help and Support settings page.
@@ -190,8 +193,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -212,7 +216,7 @@ This policy setting specifies whether users can search and view content from Win
If you enable this policy setting, users are prevented from accessing online assistance content from Windows Online.
-If you disable or do not configure this policy setting, users can access online assistance if they have a connection to the Internet and have not disabled Windows Online from the Help and Support Options page.
+If you disable or don't configure this policy setting, users can access online assistance if they have a connection to the Internet and haven't disabled Windows Online from the Help and Support Options page.
@@ -232,3 +236,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-hotspotauth.md b/windows/client-management/mdm/policy-csp-admx-hotspotauth.md
index bf33f5110d..ba8121417b 100644
--- a/windows/client-management/mdm/policy-csp-admx-hotspotauth.md
+++ b/windows/client-management/mdm/policy-csp-admx-hotspotauth.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_HotSpotAuth
-description: Policy CSP - ADMX_HotSpotAuth
-ms.author: dansimp
+description: Learn about the Policy CSP - ADMX_HotSpotAuth.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: nimishasatapathy
+author: vinaypamnani-msft
ms.date: 09/15/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_HotSpotAuth
@@ -42,8 +42,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -66,9 +67,9 @@ This policy setting defines whether WLAN hotspots are probed for Wireless Intern
- If authentication is successful, users will be connected automatically on subsequent attempts. Credentials can also be configured by network operators.
-- If you enable this policy setting, or if you do not configure this policy setting, WLAN hotspots are automatically probed for WISPR protocol support.
+- If you enable this policy setting, or if you don't configure this policy setting, WLAN hotspots are automatically probed for WISPR protocol support.
-- If you disable this policy setting, WLAN hotspots are not probed for WISPr protocol support, and users can only authenticate with WLAN hotspots using a web browser.
+- If you disable this policy setting, WLAN hotspots aren't probed for WISPr protocol support, and users can only authenticate with WLAN hotspots using a web browser.
@@ -87,3 +88,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-icm.md b/windows/client-management/mdm/policy-csp-admx-icm.md
index 2f9b7183ac..9e9178ac7a 100644
--- a/windows/client-management/mdm/policy-csp-admx-icm.md
+++ b/windows/client-management/mdm/policy-csp-admx-icm.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_ICM
-description: Policy CSP - ADMX_ICM
-ms.author: dansimp
+description: Learn about the Policy CSP - ADMX_ICM.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/17/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_ICM
@@ -117,8 +117,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -165,8 +166,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -213,8 +215,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -264,8 +267,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -317,8 +321,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -370,8 +375,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -420,8 +426,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -470,8 +477,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -518,8 +526,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -566,8 +575,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -613,8 +623,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -659,8 +670,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -707,8 +719,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -759,8 +772,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -808,8 +822,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -859,8 +874,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -907,8 +923,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -955,8 +972,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1003,8 +1021,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1051,8 +1070,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1099,8 +1119,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1145,8 +1166,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1193,8 +1215,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1239,8 +1262,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1287,8 +1311,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1337,8 +1362,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1384,3 +1410,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-iis.md b/windows/client-management/mdm/policy-csp-admx-iis.md
index 424b4a38f2..cdae65ef17 100644
--- a/windows/client-management/mdm/policy-csp-admx-iis.md
+++ b/windows/client-management/mdm/policy-csp-admx-iis.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_IIS
-description: Policy CSP - ADMX_IIS
-ms.author: dansimp
+description: Learn about the Policy CSP - ADMX_IIS.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: nimishasatapathy
+author: vinaypamnani-msft
ms.date: 09/17/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_IIS
@@ -42,8 +42,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -62,11 +63,11 @@ manager: dansimp
This policy setting prevents installation of Internet Information Services (IIS) on this computer.
-- If you enable this policy setting, Internet Information Services (IIS) can't be installed, and you'll not be able to install Windows components or applications that require IIS. Users installing Windows components or applications that require IIS might not receive a warning that IIS can't be installed because of this Group Policy setting.
+If you enable this policy setting, Internet Information Services (IIS) can't be installed, and you'll not be able to install Windows components or applications that require IIS. Users installing Windows components or applications that require IIS might not receive a warning that IIS can't be installed because of this Group Policy setting.
-Enabling this setting won't have any effect on IIS if IIS is already installed on the computer.
+Enabling this setting won't have any effect on IIS, if IIS is already installed on the computer.
-- If you disable or don't configure this policy setting, IIS can be installed, and all the programs and applications that require IIS to run."
+If you disable or don't configure this policy setting, IIS can be installed, and all the programs and applications that require IIS to run."
@@ -86,3 +87,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-iscsi.md b/windows/client-management/mdm/policy-csp-admx-iscsi.md
index c9465d3231..e4938d1f67 100644
--- a/windows/client-management/mdm/policy-csp-admx-iscsi.md
+++ b/windows/client-management/mdm/policy-csp-admx-iscsi.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_iSCSI
-description: Policy CSP - ADMX_iSCSI
-ms.author: dansimp
+description: Learn about the Policy CSP - ADMX_iSCSI.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/17/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_iSCSI
@@ -49,8 +49,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -93,8 +94,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -136,8 +138,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -175,3 +178,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-kdc.md b/windows/client-management/mdm/policy-csp-admx-kdc.md
index 1173ca86f8..ec99d97b12 100644
--- a/windows/client-management/mdm/policy-csp-admx-kdc.md
+++ b/windows/client-management/mdm/policy-csp-admx-kdc.md
@@ -1,18 +1,19 @@
---
title: Policy CSP - ADMX_kdc
-description: Policy CSP - ADMX_kdc
-ms.author: dansimp
+description: Learn about the Policy CSP - ADMX_kdc.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 08/13/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_kdc
+
>[!TIP]
> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
@@ -57,8 +58,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -106,7 +108,7 @@ Impact on domain controller performance when this policy setting is enabled:
- Secure Kerberos domain capability discovery is required, resulting in more message exchanges.
- Claims and compound authentication for Dynamic Access Control increase the size and complexity of the data in the message, which results in more processing time and greater Kerberos service ticket size.
-- Kerberos armoring fully encrypts Kerberos messages and signs Kerberos errors, which results in increased processing time, but doesn't change the service ticket size.
+- Kerberos armoring fully encrypts Kerberos messages and signs Kerberos errors, which result in increased processing time, but doesn't change the service ticket size.
@@ -130,8 +132,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -178,8 +181,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -230,8 +234,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -279,8 +284,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -325,8 +331,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -372,3 +379,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-kerberos.md b/windows/client-management/mdm/policy-csp-admx-kerberos.md
index 998eb8189d..3cbff4ed32 100644
--- a/windows/client-management/mdm/policy-csp-admx-kerberos.md
+++ b/windows/client-management/mdm/policy-csp-admx-kerberos.md
@@ -1,18 +1,19 @@
---
title: Policy CSP - ADMX_Kerberos
-description: Policy CSP - ADMX_Kerberos
-ms.author: dansimp
+description: Learn about the Policy CSP - ADMX_Kerberos.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 11/12/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_Kerberos
+
>[!TIP]
> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
@@ -63,8 +64,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -112,8 +114,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -165,8 +168,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -213,8 +217,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -261,8 +266,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -307,8 +313,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -355,8 +362,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -409,8 +417,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -449,3 +458,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-lanmanserver.md b/windows/client-management/mdm/policy-csp-admx-lanmanserver.md
index a905d94c9a..3fe3659069 100644
--- a/windows/client-management/mdm/policy-csp-admx-lanmanserver.md
+++ b/windows/client-management/mdm/policy-csp-admx-lanmanserver.md
@@ -1,18 +1,19 @@
---
title: Policy CSP - ADMX_LanmanServer
-description: Policy CSP - ADMX_LanmanServer
-ms.author: dansimp
+description: Learn about the Policy CSP - ADMX_LanmanServer.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 08/13/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_LanmanServer
+
>[!TIP]
> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
@@ -51,8 +52,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -117,8 +119,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -177,8 +180,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -199,9 +203,7 @@ This policy setting specifies whether the BranchCache hash generation service su
If you specify only one version that is supported, content information for that version is the only type that is generated by BranchCache, and it's the only type of content information that can be retrieved by client computers. For example, if you enable support for V1 hashes, BranchCache generates only V1 hashes and client computers can retrieve only V1 hashes.
-Policy configuration
-
-Select one of the following options:
+For policy configuration, select one of the following options:
- Not Configured. With this selection, BranchCache settings aren't applied to client computers by this policy setting. In this circumstance, which is the default, both V1 and V2 hash generation and retrieval are supported.
- Enabled. With this selection, the policy setting is applied and the hash version(s) that are specified in "Hash version supported" are generated and retrieved.
@@ -237,8 +239,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -282,3 +285,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md b/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md
index 8fcfe9af1e..969840fdeb 100644
--- a/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md
+++ b/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md
@@ -1,18 +1,19 @@
---
title: Policy CSP - ADMX_LanmanWorkstation
-description: Policy CSP - ADMX_LanmanWorkstation
-ms.author: dansimp
+description: Learn about the Policy CSP - ADMX_LanmanWorkstation.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/08/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_LanmanWorkstation
+
>[!TIP]
> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
@@ -48,8 +49,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -115,8 +117,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -164,8 +167,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -207,4 +211,8 @@ ADMX Info:
-
\ No newline at end of file
+
+
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md b/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md
index a362e05ab9..2f421ddce0 100644
--- a/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md
+++ b/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_LeakDiagnostic
-description: Policy CSP - ADMX_LeakDiagnostic
-ms.author: dansimp
+description: Learn about the Policy CSP - ADMX_LeakDiagnostic.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: nimishasatapathy
+author: vinaypamnani-msft
ms.date: 09/17/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_LeakDiagnostic
@@ -42,8 +42,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -62,13 +63,13 @@ manager: dansimp
This policy setting substitutes custom alert text in the disk diagnostic message shown to users when a disk reports a S.M.A.R.T. fault.
-- If you enable this policy setting, Windows displays custom alert text in the disk diagnostic message. The custom text may not exceed 512 characters.
+If you enable this policy setting, Windows displays custom alert text in the disk diagnostic message. The custom text may not exceed 512 characters.
-- If you disable or do not configure this policy setting, Windows displays the default alert text in the disk diagnostic message.
+If you disable or don't configure this policy setting, Windows displays the default alert text in the disk diagnostic message.
No reboots or service restarts are required for this policy setting to take effect: changes take effect immediately.
-This policy setting only takes effect if the Disk Diagnostic scenario policy setting is enabled or not configured and the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled, diagnostic scenarios are not executed.
+This policy setting only takes effect if the Disk Diagnostic scenario policy setting is enabled or not configured and the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled, diagnostic scenarios aren't executed.
The DPS can be configured with the Services snap-in to the Microsoft Management Console.
@@ -94,3 +95,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md b/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md
index 841a1b47a1..ac18bf4c6f 100644
--- a/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md
+++ b/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md
@@ -1,18 +1,19 @@
---
title: Policy CSP - ADMX_LinkLayerTopologyDiscovery
-description: Policy CSP - ADMX_LinkLayerTopologyDiscovery
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_LinkLayerTopologyDiscovery.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/04/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_LinkLayerTopologyDiscovery
+
>[!TIP]
> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
@@ -45,8 +46,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -93,8 +95,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -137,3 +140,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md b/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md
index 9b40c8b242..6557e565a3 100644
--- a/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md
+++ b/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md
@@ -1,21 +1,28 @@
---
title: Policy CSP - ADMX_LocationProviderAdm
-description: Policy CSP - ADMX_LocationProviderAdm
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_LocationProviderAdm.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: nimishasatapathy
+author: vinaypamnani-msft
ms.date: 09/20/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_LocationProviderAdm
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+> [!WARNING]
+> Some information relates to pre-released products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -38,8 +45,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -58,17 +66,11 @@ manager: dansimp
This policy setting turns off the Windows Location Provider feature for this computer.
-- If you enable this policy setting, the Windows Location Provider feature will be turned off, and all programs on this computer will not be able to use the Windows Location Provider feature.
+- If you enable this policy setting, the Windows Location Provider feature will be turned off, and all programs on this computer won't be able to use the Windows Location Provider feature.
-- If you disable or do not configure this policy setting, all programs on this computer can use the Windows Location Provider feature.
+- If you disable or don't configure this policy setting, all programs on this computer can use the Windows Location Provider feature.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -82,7 +84,10 @@ ADMX Info:
> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+> These policies are currently only available as a part of Windows Insider release.
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-logon.md b/windows/client-management/mdm/policy-csp-admx-logon.md
index 2f68cebffb..3386f503ec 100644
--- a/windows/client-management/mdm/policy-csp-admx-logon.md
+++ b/windows/client-management/mdm/policy-csp-admx-logon.md
@@ -1,18 +1,19 @@
---
title: Policy CSP - ADMX_Logon
-description: Policy CSP - ADMX_Logon
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_Logon.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/21/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_Logon
+
>[!TIP]
> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
@@ -84,8 +85,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -102,7 +104,7 @@ manager: dansimp
-This policy prevents the user from showing account details (email address or user name) on the sign-in screen.
+This policy prevents the user from showing account details (email address or user name) on the sign-in screen.
If you enable this policy setting, the user can't choose to show account details on the sign-in screen.
@@ -110,7 +112,6 @@ If you disable or don't configure this policy setting, the user may choose to sh
-
ADMX Info:
- GP Friendly name: *Block user from showing account details on sign-in*
@@ -130,8 +131,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -176,8 +178,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -225,8 +228,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -274,8 +278,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -327,8 +332,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -380,8 +386,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -426,8 +433,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -472,8 +480,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -529,8 +538,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -583,8 +593,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -636,8 +647,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -690,8 +702,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -710,7 +723,7 @@ ADMX Info:
This policy setting determines whether Group Policy processing is synchronous (that is, whether computers wait for the network to be fully initialized during computer startup and user sign in). By default, on client computers, Group Policy processing isn't synchronous; client computers typically don't wait for the network to be fully initialized at startup and sign in. Existing users are signed in using cached credentials, which results in shorter sign-in times. Group Policy is applied in the background after the network becomes available.
-Because this process (of applying Group Policy) is a background refresh, extensions such as Software Installation and Folder Redirection take two sign-ins to apply changes. To be able to operate safely, these extensions require that no users be signed in. Therefore, they must be processed in the foreground before users are actively using the computer. In addition, changes that are made to the user object, such as adding a roaming profile path, home directory, or user object logon script, may take up to two sign-ins to be detected.
+Because this process (of applying Group Policy) is a background refresh, extensions such as Software Installation and Folder Redirection take two sign-ins to apply changes. To be able to operate safely, these extensions require that no users be signed in. Therefore, they must be processed in the foreground before users are actively using the computer. In addition, changes that are made to the user object, such as adding a roaming profile path, home directory, or user object logon script may take up to two sign-ins to be detected.
If a user with a roaming profile, home directory, or user object logon script signs in to a computer, computers always wait for the network to be initialized before signing in the user. If a user has never signed in to this computer before, computers always wait for the network to be initialized.
@@ -754,8 +767,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -800,8 +814,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -847,3 +862,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
index c2d83759c2..88b2c471c4 100644
--- a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
+++ b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_MicrosoftDefenderAntivirus
-description: Policy CSP - ADMX_MicrosoftDefenderAntivirus
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_MicrosoftDefenderAntivirus.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
-ms.date: 01/03/2022
+author: vinaypamnani-msft
+ms.date: 08/19/2022
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_MicrosoftDefenderAntivirus
@@ -318,8 +318,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -364,8 +365,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -414,8 +416,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -434,14 +437,9 @@ ADMX Info:
Allows an administrator to specify if Automatic Exclusions feature for Server SKUs should be turned off.
-Disabled (Default):
-Microsoft Defender Antivirus will exclude pre-defined list of paths from the scan to improve performance.
+If you disable or don't configure this policy setting, Microsoft Defender Antivirus will exclude pre-defined list of paths from the scan to improve performance. It is disabled by default.
-Enabled:
-Microsoft Defender Antivirus won't exclude pre-defined list of paths from scans. This non-exclusion can impact machine performance in some scenarios.
-
-Not configured:
-Same as Disabled.
+If you enable this policy setting, Microsoft Defender Antivirus won't exclude pre-defined list of paths from scans. This non-exclusion can impact machine performance in some scenarios.
@@ -465,8 +463,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -485,8 +484,8 @@ ADMX Info:
This feature ensures the device checks in real time with the Microsoft Active Protection Service (MAPS) before allowing certain content to be run or accessed. If this feature is disabled, the check won't occur, which will lower the protection state of the device.
-Enabled – The Block at First Sight setting is turned on.
-Disabled – The Block at First Sight setting is turned off.
+If you enable this feature, the Block at First Sight setting is turned on.
+If you disable this feature, the Block at First Sight setting is turned off.
This feature requires these Policy settings to be set as follows:
@@ -497,7 +496,6 @@ This feature requires these Policy settings to be set as follows:
-
ADMX Info:
- GP Friendly name: *Configure the 'Block at First Sight' feature*
@@ -517,8 +515,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -563,8 +562,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -611,8 +611,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -657,8 +658,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -699,8 +701,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -743,8 +746,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -785,8 +789,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -842,8 +847,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -915,8 +921,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -974,8 +981,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1034,8 +1042,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1085,8 +1094,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1131,8 +1141,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1173,8 +1184,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1219,8 +1231,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1265,8 +1278,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1317,8 +1331,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1369,8 +1384,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1415,8 +1431,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1461,8 +1478,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1507,8 +1525,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1553,8 +1572,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1599,8 +1619,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1645,8 +1666,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1691,8 +1713,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1737,8 +1760,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1783,8 +1807,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1829,8 +1854,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1875,8 +1901,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1921,8 +1948,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1967,8 +1995,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2013,8 +2042,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2059,8 +2089,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2117,8 +2148,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2163,8 +2195,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2205,8 +2238,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2247,8 +2281,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2292,8 +2327,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2338,8 +2374,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2378,8 +2415,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2420,8 +2458,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2462,8 +2501,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2511,8 +2551,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2557,8 +2598,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2603,8 +2645,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2650,8 +2693,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2696,8 +2740,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2742,8 +2787,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2788,8 +2834,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2834,8 +2881,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2880,8 +2928,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2926,8 +2975,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2971,8 +3021,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3017,8 +3068,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3063,8 +3115,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3109,8 +3162,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3155,8 +3209,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3201,8 +3256,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3247,8 +3303,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3293,8 +3350,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3339,8 +3397,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3385,8 +3444,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3431,8 +3491,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3477,8 +3538,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3523,8 +3585,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3581,8 +3644,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3627,8 +3691,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3673,8 +3738,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3691,7 +3757,7 @@ ADMX Info:
-This policy setting allows you to define the number of days that must pass before spyware security intelligence is considered out of date. If security intelligence is determined to be out of date, this state may trigger several other actions, including falling back to an alternative update source or displaying a warning icon in the user interface. By default, this value is set to 14 days.
+This policy setting allows you to define the number of days that must pass before spyware security intelligence is considered out of date. If security intelligence is determined to be out of date, this state may trigger several other actions, including falling back to an alternative update source or displaying a warning icon in the user interface. By default, this value is set to 7 days.
We don't recommend setting the value to less than 2 days to prevent machines from going out of date.
@@ -3721,8 +3787,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3767,8 +3834,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3813,8 +3881,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3859,8 +3928,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3905,8 +3975,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3951,8 +4022,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3999,8 +4071,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4045,8 +4118,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4091,8 +4165,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4149,8 +4224,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4195,8 +4271,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4239,8 +4316,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4285,8 +4363,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4331,8 +4410,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4377,8 +4457,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4437,8 +4518,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4484,8 +4566,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4532,8 +4615,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4578,8 +4662,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4624,8 +4709,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4668,8 +4754,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4708,3 +4795,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-mmc.md b/windows/client-management/mdm/policy-csp-admx-mmc.md
index 33f6ed7399..1d1d07a118 100644
--- a/windows/client-management/mdm/policy-csp-admx-mmc.md
+++ b/windows/client-management/mdm/policy-csp-admx-mmc.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_MMC
-description: Policy CSP - ADMX_MMC
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_MMC.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/03/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_MMC
@@ -54,8 +54,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -110,8 +111,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -166,8 +168,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -222,8 +225,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -272,8 +276,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -323,3 +328,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md b/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md
index 1514a912be..1dc887ce45 100644
--- a/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md
+++ b/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_MMCSnapins
-description: Policy CSP - ADMX_MMCSnapins
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_MMCSnapins.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 08/13/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_MMCSnapins
@@ -351,8 +351,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -373,7 +374,7 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted. It can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited. It cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited. It can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
@@ -405,8 +406,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -427,7 +429,7 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted. It can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited. It cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited. It can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
@@ -460,8 +462,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -482,15 +485,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -515,8 +518,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -537,15 +541,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -570,8 +574,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -592,15 +597,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -625,8 +630,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -645,17 +651,17 @@ ADMX Info:
This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -680,8 +686,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -702,13 +709,13 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -735,8 +742,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -757,15 +765,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted. It can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -790,8 +798,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -812,15 +821,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -845,8 +854,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -867,15 +877,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -900,8 +910,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -922,15 +933,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -955,8 +966,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -977,15 +989,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -1009,8 +1021,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1031,15 +1044,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -1063,8 +1076,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1085,15 +1099,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -1117,8 +1131,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1139,15 +1154,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -1171,8 +1186,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1193,15 +1209,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -1225,8 +1241,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1247,15 +1264,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -1279,8 +1296,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1301,15 +1319,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -1333,8 +1351,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1355,15 +1374,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -1387,8 +1406,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1409,15 +1429,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -1441,8 +1461,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1463,15 +1484,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -1495,8 +1516,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1517,15 +1539,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -1549,8 +1571,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1571,15 +1594,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -1603,8 +1626,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1625,15 +1649,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -1657,8 +1681,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1679,15 +1704,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -1711,8 +1736,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1733,15 +1759,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -1765,8 +1791,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1787,15 +1814,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -1819,8 +1846,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1841,15 +1869,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -1873,8 +1901,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1895,15 +1924,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -1928,8 +1957,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1950,15 +1980,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -1982,8 +2012,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2004,15 +2035,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -2036,8 +2067,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2058,15 +2090,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -2090,8 +2122,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2112,15 +2145,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -2144,8 +2177,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2166,15 +2200,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -2198,8 +2232,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2220,15 +2255,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -2252,8 +2287,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2274,15 +2310,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -2306,8 +2342,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2328,15 +2365,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -2360,8 +2397,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2380,19 +2418,19 @@ ADMX Info:
This policy setting permits or prohibits use of the Group Policy tab in property sheets for the Active Directory Users and Computers and Active Directory Sites and Services snap-ins.
-If you enable this setting, the Group Policy tab is displayed in the property sheet for a site, domain, or organizational unit displayed by the Active Directory Users and Computers and Active Directory Sites and Services snap-ins. If you disable the setting, the Group Policy tab is not displayed in those snap-ins.
+If you enable this setting, the Group Policy tab is displayed in the property sheet for a site, domain, or organizational unit displayed by the Active Directory Users and Computers and Active Directory Sites and Services snap-ins. If you disable the setting, the Group Policy tab isn't displayed in those snap-ins.
-If this setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this tab is displayed.
+If this setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this tab is displayed.
- If "Restrict users to the explicitly permitted list of snap-ins" is enabled, users will not have access to the Group Policy tab.
-To explicitly permit use of the Group Policy tab, enable this setting. If this setting is not configured (or disabled), the Group Policy tab is inaccessible.
+To explicitly permit use of the Group Policy tab, enable this setting. If this setting isn't configured (or disabled), the Group Policy tab is inaccessible.
- If "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users will have access to the Group Policy tab.
-To explicitly prohibit use of the Group Policy tab, disable this setting. If this setting is not configured (or enabled), the Group Policy tab is accessible.
+To explicitly prohibit use of the Group Policy tab, disable this setting. If this setting isn't configured (or enabled), the Group Policy tab is accessible.
-When the Group Policy tab is inaccessible, it does not appear in the site, domain, or organizational unit property sheets.
+When the Group Policy tab is inaccessible, it doesn't appear in the site, domain, or organizational unit property sheets.
@@ -2416,8 +2454,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2438,15 +2477,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -2470,8 +2509,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2492,15 +2532,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -2524,8 +2564,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2546,15 +2587,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -2578,8 +2619,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2600,15 +2642,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -2632,8 +2674,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2654,15 +2697,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -2686,8 +2729,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2708,15 +2752,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -2740,8 +2784,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2762,15 +2807,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -2794,8 +2839,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2816,15 +2862,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -2848,8 +2894,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2870,15 +2917,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -2902,8 +2949,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2924,15 +2972,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -2956,8 +3004,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2978,15 +3027,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -3010,8 +3059,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3032,15 +3082,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -3064,8 +3114,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3086,15 +3137,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -3118,8 +3169,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3140,15 +3192,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -3172,8 +3224,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3194,15 +3247,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -3226,8 +3279,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3248,15 +3302,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -3280,8 +3334,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3302,15 +3357,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -3334,8 +3389,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3356,15 +3412,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -3388,8 +3444,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3410,15 +3467,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -3442,8 +3499,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3464,15 +3522,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -3496,8 +3554,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3518,15 +3577,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -3550,8 +3609,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3572,15 +3632,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -3604,8 +3664,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3626,15 +3687,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -3658,8 +3719,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3680,15 +3742,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -3712,8 +3774,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3734,15 +3797,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -3766,8 +3829,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3788,15 +3852,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -3820,8 +3884,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3842,15 +3907,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -3874,8 +3939,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3896,15 +3962,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -3928,8 +3994,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3950,15 +4017,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -3982,8 +4049,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4004,15 +4072,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -4036,8 +4104,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4058,15 +4127,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -4090,8 +4159,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4112,15 +4182,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -4144,8 +4214,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4166,15 +4237,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -4198,8 +4269,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4220,15 +4292,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -4252,8 +4324,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4274,15 +4347,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -4306,8 +4379,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4328,15 +4402,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -4360,8 +4434,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4382,15 +4457,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -4414,8 +4489,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4436,15 +4512,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -4468,8 +4544,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4490,15 +4567,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -4522,8 +4599,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4544,15 +4622,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -4576,8 +4654,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4598,15 +4677,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -4630,8 +4709,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4652,15 +4732,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -4684,8 +4764,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4706,15 +4787,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -4738,8 +4819,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4760,15 +4842,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -4792,8 +4874,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4814,15 +4897,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -4846,8 +4929,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4868,15 +4952,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -4900,8 +4984,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4922,15 +5007,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -4954,8 +5039,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4976,15 +5062,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -5008,8 +5094,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5030,15 +5117,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -5062,8 +5149,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5084,15 +5172,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -5116,8 +5204,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5138,15 +5227,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -5170,8 +5259,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5192,15 +5282,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -5224,8 +5314,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5246,15 +5337,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -5278,8 +5369,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5300,15 +5392,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -5332,8 +5424,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5354,15 +5447,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -5386,8 +5479,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5408,15 +5502,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -5440,8 +5534,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5462,15 +5557,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -5494,8 +5589,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5516,15 +5612,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -5548,8 +5644,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5570,15 +5667,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -5602,8 +5699,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5624,15 +5722,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -5656,8 +5754,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5678,15 +5777,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -5710,8 +5809,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5732,15 +5832,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -5764,8 +5864,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5786,15 +5887,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -5818,8 +5919,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5840,15 +5942,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -5872,8 +5974,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5894,15 +5997,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -5926,8 +6029,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5948,15 +6052,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -5980,8 +6084,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -6002,15 +6107,15 @@ This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -6027,3 +6132,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md b/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md
index 1b428b1884..462bfc2801 100644
--- a/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md
+++ b/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_MobilePCMobilityCenter
-description: Policy CSP - ADMX_MobilePCMobilityCenter
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_MobilePCMobilityCenter.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: nimishasatapathy
+author: vinaypamnani-msft
ms.date: 09/20/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_MobilePCMobilityCenter
@@ -46,8 +46,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -65,11 +66,11 @@ manager: dansimp
This policy setting turns off Windows Mobility Center.
-- If you enable this policy setting, the user is unable to invoke Windows Mobility Center. The Windows Mobility Center UI is removed from all shell entry points and the .exe file does not launch it.
+- If you enable this policy setting, the user is unable to invoke Windows Mobility Center. The Windows Mobility Center UI is removed from all shell entry points and the .exe file doesn't launch it.
- If you disable this policy setting, the user is able to invoke Windows Mobility Center and the .exe file launches it.
-If you do not configure this policy setting, Windows Mobility Center is on by default.
+If you don't configure this policy setting, Windows Mobility Center is on by default.
@@ -93,8 +94,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -111,12 +113,12 @@ ADMX Info:
-This policy setting turns off Windows Mobility Center.
-- If you enable this policy setting, the user is unable to invoke Windows Mobility Center. The Windows Mobility Center UI is removed from all shell entry points and the .exe file does not launch it.
+This policy setting turns off Windows Mobility Center.
+- If you enable this policy setting, the user is unable to invoke Windows Mobility Center. The Windows Mobility Center UI is removed from all shell entry points and the .exe file doesn't launch it.
- If you disable this policy setting, the user is able to invoke Windows Mobility Center and the .exe file launches it.
-If you do not configure this policy setting, Windows Mobility Center is on by default.
+If you don't configure this policy setting, Windows Mobility Center is on by default.
@@ -133,3 +135,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md b/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md
index f9fe20c69c..a0b6581b36 100644
--- a/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md
+++ b/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_MobilePCPresentationSettings
-description: Policy CSP - ADMX_MobilePCPresentationSettings
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_MobilePCPresentationSettings.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: nimishasatapathy
+author: vinaypamnani-msft
ms.date: 09/20/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_MobilePCPresentationSettings
@@ -47,8 +47,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -67,9 +68,9 @@ manager: dansimp
This policy setting turns off Windows presentation settings.
-- If you enable this policy setting, Windows presentation settings cannot be invoked.
+If you enable this policy setting, Windows presentation settings can't be invoked.
-- If you disable this policy setting, Windows presentation settings can be invoked.
+If you disable this policy setting, Windows presentation settings can be invoked.
The presentation settings icon will be displayed in the notification area. This will give users a quick and easy way to configure their system settings before a presentation to block system notifications and screen blanking, adjust speaker volume, and apply a custom background image.
@@ -100,8 +101,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -120,14 +122,15 @@ ADMX Info:
This policy setting turns off Windows presentation settings.
-- If you enable this policy setting, Windows presentation settings cannot be invoked.
+If you enable this policy setting, Windows presentation settings can't be invoked.
-- If you disable this policy setting, Windows presentation settings can be invoked.
+If you disable this policy setting, Windows presentation settings can be invoked.
The presentation settings icon will be displayed in the notification area. This will give users a quick and easy way to configure their system settings before a presentation to block system notifications and screen blanking, adjust speaker volume, and apply a custom background image.
> [!NOTE]
> Users will be able to customize their system settings for presentations in Windows Mobility Center.
+
If you do not configure this policy setting, Windows presentation settings can be invoked.
@@ -145,3 +148,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-msapolicy.md b/windows/client-management/mdm/policy-csp-admx-msapolicy.md
index 21ecaf3e29..a706344772 100644
--- a/windows/client-management/mdm/policy-csp-admx-msapolicy.md
+++ b/windows/client-management/mdm/policy-csp-admx-msapolicy.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_MSAPolicy
-description: Policy CSP - ADMX_MSAPolicy
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_MSAPolicy.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/14/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_MSAPolicy
@@ -42,8 +42,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -60,7 +61,7 @@ manager: dansimp
-This policy setting controls whether users can provide Microsoft accounts for authentication for applications or services. If this setting is enabled, all applications and services on the device are prevented from using Microsoft accounts for authentication.
+This policy setting controls whether users can provide Microsoft accounts for authentication, applications or services. If this setting is enabled, all applications and services on the device are prevented from using Microsoft accounts for authentication.
This functionality applies both to existing users of a device and new users who may be added. However, any application or service that has already authenticated a user won't be affected by enabling this setting until the authentication cache expires.
@@ -82,7 +83,8 @@ ADMX Info:
-
-
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-msched.md b/windows/client-management/mdm/policy-csp-admx-msched.md
index 4bcef7a8d0..039423c269 100644
--- a/windows/client-management/mdm/policy-csp-admx-msched.md
+++ b/windows/client-management/mdm/policy-csp-admx-msched.md
@@ -1,18 +1,19 @@
---
title: Policy CSP - ADMX_msched
-description: Policy CSP - ADMX_msched
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_msched.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/08/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_msched
+
>[!TIP]
> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
@@ -45,8 +46,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -91,8 +93,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -133,8 +136,8 @@ ADMX Info:
-
-
-
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-msdt.md b/windows/client-management/mdm/policy-csp-admx-msdt.md
index 74fa908dc8..3cf6d8ccbd 100644
--- a/windows/client-management/mdm/policy-csp-admx-msdt.md
+++ b/windows/client-management/mdm/policy-csp-admx-msdt.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_MSDT
-description: Policy CSP - ADMX_MSDT
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_MSDT.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/09/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_MSDT
@@ -48,8 +48,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -100,8 +101,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -164,8 +166,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -212,3 +215,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-msi.md b/windows/client-management/mdm/policy-csp-admx-msi.md
index acdf31ff93..ee2aa88f20 100644
--- a/windows/client-management/mdm/policy-csp-admx-msi.md
+++ b/windows/client-management/mdm/policy-csp-admx-msi.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_MSI
-description: Policy CSP - ADMX_MSI
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_MSI.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/16/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_MSI
@@ -110,8 +110,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -161,8 +162,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -185,7 +187,7 @@ If you enable this policy setting, all users are permitted to install programs f
This policy setting doesn't affect installations that run in the user's security context. By default, users can install from removable media when the installation runs in their own security context.
-If you disable or don't configure this policy setting, by default, users can install programs from removable media only when the installation runs in the user's security context. During privileged installations, such as those offered on the desktop or displayed in Add or Remove Programs, only system administrators can install from removable media.
+If you disable or don't configure this policy setting, users can install programs from removable media by default, only when the installation runs in the user's security context. During privileged installations, such as those offered on the desktop or displayed in Add or Remove Programs, only system administrators can install from removable media.
Also, see the "Prevent removable media source for any install" policy setting.
@@ -212,8 +214,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -260,8 +263,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -313,8 +317,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -366,8 +371,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -413,8 +419,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -464,8 +471,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -517,8 +525,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -568,8 +577,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -620,8 +630,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -668,8 +679,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -717,8 +729,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -764,8 +777,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -814,8 +828,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -864,8 +879,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -914,8 +930,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -962,8 +979,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1010,8 +1028,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1063,8 +1082,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1116,8 +1136,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1163,8 +1184,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1212,8 +1234,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1265,8 +1288,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1309,7 +1333,8 @@ ADMX Info:
+
+## Related topics
-
-
\ No newline at end of file
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-msifilerecovery.md b/windows/client-management/mdm/policy-csp-admx-msifilerecovery.md
index 2d23267cbd..b1d046c306 100644
--- a/windows/client-management/mdm/policy-csp-admx-msifilerecovery.md
+++ b/windows/client-management/mdm/policy-csp-admx-msifilerecovery.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_MsiFileRecovery
-description: Policy CSP - ADMX_MsiFileRecovery
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_MsiFileRecovery.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: nimishasatapathy
+author: vinaypamnani-msft
ms.date: 09/20/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_MsiFileRecovery
@@ -42,8 +42,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -94,4 +95,8 @@ ADMX Info:
-
\ No newline at end of file
+
+
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-nca.md b/windows/client-management/mdm/policy-csp-admx-nca.md
index 4a0b0ee3ae..7bfd8617d3 100644
--- a/windows/client-management/mdm/policy-csp-admx-nca.md
+++ b/windows/client-management/mdm/policy-csp-admx-nca.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_nca
description: Policy CSP - ADMX_nca
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/14/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_nca
@@ -63,8 +63,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -119,8 +120,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -161,8 +163,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -209,8 +212,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -253,8 +257,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -306,8 +311,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -349,8 +355,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -395,8 +402,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -431,7 +439,8 @@ ADMX Info:
-
-
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-ncsi.md b/windows/client-management/mdm/policy-csp-admx-ncsi.md
index 2560340dd7..ddb9baa7e7 100644
--- a/windows/client-management/mdm/policy-csp-admx-ncsi.md
+++ b/windows/client-management/mdm/policy-csp-admx-ncsi.md
@@ -1,18 +1,19 @@
---
title: Policy CSP - ADMX_NCSI
-description: Policy CSP - ADMX_NCSI
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_NCSI.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/14/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_NCSI
+
>[!TIP]
> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
@@ -60,8 +61,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -78,11 +80,10 @@ manager: dansimp
-This policy setting enables you to specify the expected address of the host name used for the DNS probe. Successful resolution of the host name to this address indicates corporate connectivity.
+This policy setting enables you to specify the expected address of the host name used for the DNS probe. Successful resolution of the host name to this address indicates corporate connectivity.
-
ADMX Info:
- GP Friendly name: *Specify corporate DNS probe host address*
@@ -102,8 +103,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -144,8 +146,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -162,7 +165,7 @@ ADMX Info:
-This policy setting enables you to specify the list of IPv6 corporate site prefixes to monitor for corporate connectivity. Reachability of addresses with any of these prefixes indicates corporate connectivity.
+This policy setting enables you to specify the list of IPv6 corporate site prefixes to monitor for corporate connectivity. Reachability of addresses with any of the prefixes indicates corporate connectivity.
@@ -186,8 +189,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -231,8 +235,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -249,7 +254,7 @@ ADMX Info:
-This policy setting enables you to specify the HTTPS URL of the corporate website that clients use to determine the current domain location (i.e. whether the computer is inside or outside the corporate network). Reachability of the URL destination indicates that the client location is inside corporate network; otherwise it is outside the network.
+This policy setting enables you to specify the HTTPS URL of the corporate website that clients use to determine the current domain location (that is, whether the computer is inside or outside the corporate network). Reachability of the URL destination indicates that the client location is inside corporate network; otherwise it is outside the network.
@@ -273,8 +278,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -291,7 +297,7 @@ ADMX Info:
-This policy setting enables you to specify DNS binding behavior. NCSI by default will restrict DNS lookups to the interface it is currently probing on. If you enable this setting, NCSI will allow the DNS lookups to happen on any interface.
+This policy setting enables you to specify DNS binding behavior. NCSI by default will restrict DNS lookups to the interface it's currently probing on. If you enable this setting, NCSI will allow the DNS lookups to happen on any interface.
@@ -315,8 +321,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -352,3 +359,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-netlogon.md b/windows/client-management/mdm/policy-csp-admx-netlogon.md
index 4527aa2946..119133aa16 100644
--- a/windows/client-management/mdm/policy-csp-admx-netlogon.md
+++ b/windows/client-management/mdm/policy-csp-admx-netlogon.md
@@ -1,18 +1,19 @@
---
title: Policy CSP - ADMX_Netlogon
-description: Policy CSP - ADMX_Netlogon
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_Netlogon.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/15/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_Netlogon
+
>[!TIP]
> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
@@ -144,8 +145,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -198,8 +200,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -228,7 +231,6 @@ If you don't configure this policy setting, DC Locator APIs can return IPv4/IPv6
-
ADMX Info:
- GP Friendly name: *Return domain controller address type*
@@ -250,8 +252,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -268,13 +271,13 @@ ADMX Info:
-This policy setting specifies whether the computers to which this setting is applied attempts DNS name resolution of single-label domain names, by appending different registered DNS suffixes, and uses NetBIOS name resolution only if DNS name resolution fails. This policy, including the specified default behavior, isn't used if the AllowSingleLabelDnsDomain policy setting is enabled.
+This policy setting specifies whether the computers to which this setting is applied attempts DNS name resolution of single-label domain names, by appending different registered DNS suffixes, and uses NetBIOS name resolution only if DNS name resolution fails. This policy, including the specified default behavior, isn't used if the `AllowSingleLabelDnsDomain` policy setting is enabled.
-By default, when no setting is specified for this policy, the behavior is the same as explicitly enabling this policy, unless the AllowSingleLabelDnsDomain policy setting is enabled.
+By default, when no setting is specified for this policy, the behavior is the same as explicitly enabling this policy, unless the `AllowSingleLabelDnsDomain` policy setting is enabled.
-If you enable this policy setting, when the AllowSingleLabelDnsDomain policy isn't enabled, computers to which this policy is applied, will locate a domain controller hosting an Active Directory domain specified with a single-label name, by appending different registered DNS suffixes to perform DNS name resolution. The single-label name isn't used without appending DNS suffixes unless the computer is joined to a domain that has a single-label DNS name in the Active Directory forest. NetBIOS name resolution is performed on the single-label name only, if DNS resolution fails.
+If you enable this policy setting, when the `AllowSingleLabelDnsDomain` policy isn't enabled, computers to which this policy is applied, will locate a domain controller hosting an Active Directory domain specified with a single-label name, by appending different registered DNS suffixes to perform DNS name resolution. The single-label name isn't used without appending DNS suffixes unless the computer is joined to a domain that has a single-label DNS name in the Active Directory forest. NetBIOS name resolution is performed on the single-label name only, if DNS resolution fails.
-If you disable this policy setting, when the AllowSingleLabelDnsDomain policy isn't enabled, computers to which this policy is applied, will only use NetBIOS name resolution to attempt to locate a domain controller hosting an Active Directory domain specified with a single-label name. The computers won't attempt DNS name resolution in this case, unless the computer is searching for a domain with a single label DNS name to which this computer is joined, in the Active Directory forest.
+If you disable this policy setting, when the `AllowSingleLabelDnsDomain` policy isn't enabled, computers to which this policy is applied, will only use NetBIOS name resolution to attempt to locate a domain controller hosting an Active Directory domain specified with a single-label name. The computers won't attempt DNS name resolution in this case, unless the computer is searching for a domain with a single label DNS name to which this computer is joined, in the Active Directory forest.
@@ -300,8 +303,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -352,8 +356,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -372,11 +377,11 @@ ADMX Info:
This policy setting specifies whether the computers to which this setting is applied attempt DNS name resolution of a single-label domain name.
-By default, the behavior specified in the AllowDnsSuffixSearch is used. If the AllowDnsSuffixSearch policy is disabled, then NetBIOS name resolution is used exclusively, to locate a domain controller hosting an Active Directory domain specified with a single-label name.
+By default, the behavior specified in the `AllowDnsSuffixSearch` is used. If the `AllowDnsSuffixSearch` policy is disabled, then NetBIOS name resolution is used exclusively, to locate a domain controller hosting an Active Directory domain specified with a single-label name.
If you enable this policy setting, computers to which this policy is applied will attempt to locate a domain controller hosting an Active Directory domain specified with a single-label name using DNS name resolution.
-If you disable this policy setting, computers to which this setting is applied will use the AllowDnsSuffixSearch policy, if it isn't disabled or perform NetBIOS name resolution otherwise, to attempt to locate a domain controller that hosts an Active Directory domain specified with a single-label name. the computers won't the DNS name resolution in this case, unless the computer is searching for a domain with a single label DNS name that exists in the Active Directory forest to which this computer is joined.
+If you disable this policy setting, computers to which this setting is applied will use the `AllowDnsSuffixSearch` policy, if it isn't disabled or perform NetBIOS name resolution otherwise, to attempt to locate a domain controller that hosts an Active Directory domain specified with a single-label name. The computers won't use the DNS name resolution in this case, unless the computer is searching for a domain with a single label DNS name that exists in the Active Directory forest to which this computer is joined.
If you don't configure this policy setting, it isn't applied to any computers, and computers use their local configuration.
@@ -404,8 +409,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -454,8 +460,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -507,8 +514,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -559,8 +567,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -614,8 +623,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -671,8 +681,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -720,8 +731,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -764,8 +776,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -816,8 +829,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -892,8 +906,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -945,8 +960,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -998,8 +1014,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1045,8 +1062,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1065,7 +1083,7 @@ ADMX Info:
This policy setting specifies the extra time for the computer to wait for the domain controller’s (DC) response when logging on to the network.
-To specify the expected dial-up delay at sign in, click Enabled, and then enter the desired value in seconds (for example, the value "60" is 1 minute).
+To specify the expected dial-up delay at sign-in, click Enabled, and then enter the desired value in seconds (for example, the value "60" is 1 minute).
If you don't configure this policy setting, it isn't applied to any computers, and computers use their local configuration.
@@ -1093,8 +1111,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1145,8 +1164,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1163,7 +1183,7 @@ ADMX Info:
-This policy setting specifies the sites for which the global catalogs (GC) should register site-specific GC locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the GC resides, and records registered by a GC configured to register GC Locator DNS SRV records for those sites without a GC that are closest to it.
+This policy setting specifies the sites for which the global catalogs (GC) should register site-specific GC locator DNS SRV resource records. The records are registered in addition to the site-specific SRV records registered for the site where the GC resides, and records registered by a GC configured to register GC Locator DNS SRV records for those sites without a GC that are closest to it.
The GC Locator DNS records and the site-specific SRV records are dynamically registered by the Net Logon service, and they're used to locate the GC. An Active Directory site is one or more well-connected TCP/IP subnets that allow administrators to configure Active Directory access and replication. A GC is a domain controller that contains a partial replica of every domain in Active Directory.
@@ -1195,8 +1215,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1248,8 +1269,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1298,8 +1320,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1348,8 +1371,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1396,8 +1420,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1446,8 +1471,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1466,7 +1492,7 @@ ADMX Info:
This policy setting specifies the amount of time (in seconds) the DC locator remembers that a domain controller (DC) couldn't be found in a domain. When a subsequent attempt to locate the DC occurs within the time set in this setting, DC Discovery immediately fails, without attempting to find the DC.
-The default value for this setting is 45 seconds. The maximum value for this setting is 7 days (7*24*60*60). The minimum value for this setting is 0.
+The default value for this setting is 45 seconds. The maximum value for this setting is seven days (7*24*60*60). The minimum value for this setting is 0.
> [!WARNING]
> If the value for this setting is too large, a client won't attempt to find any DCs that were initially unavailable. If the value for this setting is too small, clients will attempt to find DCs even when none are available.
@@ -1495,8 +1521,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1550,8 +1577,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1596,8 +1624,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1651,8 +1680,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1705,8 +1735,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1755,8 +1786,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1805,8 +1837,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1860,8 +1893,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1912,8 +1946,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1955,3 +1990,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-networkconnections.md b/windows/client-management/mdm/policy-csp-admx-networkconnections.md
index 5da60f709b..178901d5b6 100644
--- a/windows/client-management/mdm/policy-csp-admx-networkconnections.md
+++ b/windows/client-management/mdm/policy-csp-admx-networkconnections.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_NetworkConnections
-description: Policy CSP - ADMX_NetworkConnections
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_NetworkConnections.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 10/21/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_NetworkConnections
@@ -121,8 +121,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -178,8 +179,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -231,8 +233,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -289,8 +292,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -342,8 +346,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -401,8 +406,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -458,8 +464,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -508,8 +515,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -554,8 +562,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -606,8 +615,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -656,8 +666,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -702,8 +713,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -763,8 +775,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -816,8 +829,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -871,8 +885,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -924,8 +939,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -979,8 +995,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1038,8 +1055,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1097,8 +1115,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1145,8 +1164,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1202,8 +1222,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1259,8 +1280,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1314,8 +1336,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1367,8 +1390,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1420,8 +1444,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1446,7 +1471,7 @@ If you enable this setting, ICS can't be enabled or configured by administrators
If you disable this setting or don't configure it and have two or more connections, administrators can enable ICS. The Advanced tab in the properties dialog box for a LAN or remote access connection is available. In addition, the user is presented with the option to enable Internet Connection Sharing in the Network Setup Wizard and Make New Connection Wizard.
-By default, ICS is disabled when you create a remote access connection, but administrators can use the Advanced tab to enable it. When running the New Connection Wizard or Network Setup Wizard, administrators can choose to enable ICS.
+By default, ICS is disabled when you create a remote access connection, but administrators can use the Advanced tab to enable it. When administrators are running the New Connection Wizard or Network Setup Wizard, they can choose to enable ICS.
> [!NOTE]
> Internet Connection Sharing is only available when two or more network connections are present.
@@ -1479,8 +1504,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1529,8 +1555,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1567,5 +1594,8 @@ ADMX Info:
+
-
\ No newline at end of file
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-offlinefiles.md b/windows/client-management/mdm/policy-csp-admx-offlinefiles.md
index 6a461fb657..efc0936d36 100644
--- a/windows/client-management/mdm/policy-csp-admx-offlinefiles.md
+++ b/windows/client-management/mdm/policy-csp-admx-offlinefiles.md
@@ -1,18 +1,19 @@
---
title: Policy CSP - ADMX_OfflineFiles
-description: Policy CSP - ADMX_OfflineFiles
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_OfflineFiles.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/21/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_OfflineFiles
+
>[!TIP]
> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
@@ -177,8 +178,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -225,8 +227,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -247,7 +250,7 @@ This policy setting lists network files and folders that are always available fo
If you enable this policy setting, the files you enter are always available offline to users of the computer. To specify a file or folder, click Show. In the Show Contents dialog box in the Value Name column, type the fully qualified UNC path to the file or folder. Leave the Value column field blank.
-If you disable this policy setting, the list of files or folders made always available offline (including those files or folders inherited from lower precedence GPOs) is deleted and no files or folders are made available for offline use by Group Policy (though users can still specify their own files and folders for offline use).
+If you disable this policy setting, the list of files or folders made always available offline (including those files or folders inherited from lower precedence GPOs) is deleted. And, no files or folders are made available for offline use by Group Policy (though users can still specify their own files and folders for offline use).
If you don't configure this policy setting, no files or folders are made available for offline use by Group Policy.
@@ -276,8 +279,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -298,7 +302,7 @@ This policy setting lists network files and folders that are always available fo
If you enable this policy setting, the files you enter are always available offline to users of the computer. To specify a file or folder, click Show. In the Show Contents dialog box in the Value Name column, type the fully qualified UNC path to the file or folder. Leave the Value column field blank.
-If you disable this policy setting, the list of files or folders made always available offline (including those files or folders inherited from lower precedence GPOs) is deleted and no files or folders are made available for offline use by Group Policy (though users can still specify their own files and folders for offline use).
+If you disable this policy setting, the list of files or folders made always available offline (including those files or folders inherited from lower precedence GPOs) is deleted. And, no files or folders are made available for offline use by Group Policy (though users can still specify their own files and folders for offline use).
If you don't configure this policy setting, no files or folders are made available for offline use by Group Policy.
@@ -327,8 +331,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -375,8 +380,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -433,8 +439,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -458,7 +465,6 @@ This setting also disables the "When a network connection is lost" option on the
If you enable this setting, you can use the "Action" box to specify how computers in the group respond.
- "Work offline" indicates that the computer can use local copies of network files while the server is inaccessible.
-
- "Never go offline" indicates that network files aren't available while the server is inaccessible.
If you disable this setting or select the "Work offline" option, users can work offline if disconnected.
@@ -494,8 +500,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -518,8 +525,7 @@ This setting also disables the "When a network connection is lost" option on the
If you enable this setting, you can use the "Action" box to specify how computers in the group respond.
-- "Work offline" indicates that the computer can use local copies of network files while the server is inaccessible.
-
+- "Work offline" indicates that the computer can use local copies of network files while the server is inaccessible.
- "Never go offline" indicates that network files aren't available while the server is inaccessible.
If you disable this setting or select the "Work offline" option, users can work offline if disconnected.
@@ -555,8 +561,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -612,8 +619,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -663,8 +671,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -694,7 +703,7 @@ If you don't configure this policy setting, encryption of the Offline Files cach
> [!NOTE]
> By default, this cache is protected on NTFS partitions by ACLs.
-This setting is applied at user sign in. If this setting is changed after user sign in, then user sign out and sign in is required for this setting to take effect.
+This setting is applied at user sign-in. If this setting is changed after user sign-in, then user sign-out and sign-in is required for this setting to take effect.
@@ -717,8 +726,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -737,7 +747,7 @@ ADMX Info:
This policy setting determines which events the Offline Files feature records in the event log.
-Offline Files records events in the Application log in Event Viewer when it detects errors. By default, Offline Files records an event only when the offline files storage cache is corrupted. However, you can use this setting to specify the other events you want Offline Files to record.
+Offline Files records events in the Application login Event Viewer when it detects errors. By default, Offline Files records an event only when the offline files storage cache is corrupted. However, you can use this setting to specify the other events you want Offline Files to record.
To use this setting, in the "Enter" box, select the number corresponding to the events you want the system to log. The levels are cumulative; that is, each level includes the events in all preceding levels.
@@ -774,8 +784,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -794,16 +805,13 @@ ADMX Info:
This policy setting determines which events the Offline Files feature records in the event log.
-Offline Files records events in the Application log in Event Viewer when it detects errors. By default, Offline Files records an event only when the offline files storage cache is corrupted. However, you can use this setting to specify the other events you want Offline Files to record.
+Offline Files records events in the Application login Event Viewer when it detects errors. By default, Offline Files records an event only when the offline files storage cache is corrupted. However, you can use this setting to specify the other events you want Offline Files to record.
To use this setting, in the "Enter" box, select the number corresponding to the events you want the system to log. The levels are cumulative; that is, each level includes the events in all preceding levels.
-- "0" records an error when the offline storage cache is corrupted.
-
+- "0" records an error when the offline storage cache is corrupted.
- "1" also records an event when the server hosting the offline file is disconnected from the network.
-
- "2" also records events when the local computer is connected and disconnected from the network.
-
- "3" also records an event when the server hosting the offline file is reconnected to the network.
> [!NOTE]
@@ -831,8 +839,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -877,8 +886,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -897,7 +907,7 @@ ADMX Info:
Lists types of files that can't be used offline.
-This setting lets you exclude certain types of files from automatic and manual caching for offline use. The system doesn't cache files of the type specified in this setting even when they reside on a network share configured for automatic caching. Also, if users try to make a file of this type available offline, the operation will fail and the following message will be displayed in the Synchronization Manager progress dialog box: "Files of this type cannot be made available offline."
+This setting lets you exclude certain types of files from automatic and manual caching for offline use. The system doesn't cache files of the type specified in this setting even when they reside on a network share configured for automatic caching. Also, if users try to make a file of this type available offline, the operation will fail and the following message will be displayed in the Synchronization Manager progress dialog box: "Files of this type can't be made available offline."
This setting is designed to protect files that can't be separated, such as database components.
@@ -928,8 +938,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -989,8 +1000,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1050,8 +1062,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1101,8 +1114,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1152,8 +1166,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1203,8 +1218,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1254,8 +1270,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1304,8 +1321,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1354,8 +1372,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1408,8 +1427,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1462,8 +1482,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1519,8 +1540,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1576,8 +1598,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1626,8 +1649,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1674,8 +1698,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1723,8 +1748,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1743,7 +1769,7 @@ ADMX Info:
This policy setting allows you to turn on economical application of administratively assigned Offline Files.
-If you enable or don't configure this policy setting, only new files and folders in administratively assigned folders are synchronized at sign in. Files and folders that are already available offline are skipped and are synchronized later.
+If you enable or don't configure this policy setting, only new files and folders in administratively assigned folders are synchronized at sign-in. Files and folders that are already available offline are skipped and are synchronized later.
If you disable this policy setting, all administratively assigned folders are synchronized at logon.
@@ -1769,8 +1795,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1820,8 +1847,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1871,8 +1899,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1917,8 +1946,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1963,8 +1993,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2009,8 +2040,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2055,8 +2087,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2111,8 +2144,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2161,8 +2195,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2216,8 +2251,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2271,8 +2307,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2293,7 +2330,7 @@ This policy setting determines whether offline files are fully synchronized when
This setting also disables the "Synchronize all offline files before logging on" option on the Offline Files tab. This disablement prevents users from trying to change the option while a setting controls it.
-If you enable this setting, offline files are fully synchronized at sign in. Full synchronization ensures that offline files are complete and current. Enabling this setting automatically enables logon synchronization in Synchronization Manager.
+If you enable this setting, offline files are fully synchronized at sign-in. Full synchronization ensures that offline files are complete and current. Enabling this setting automatically enables logon synchronization in Synchronization Manager.
If this setting is disabled and Synchronization Manager is configured for logon synchronization, the system performs only a quick synchronization. Quick synchronization ensures that files are complete but doesn't ensure that they're current.
@@ -2328,8 +2365,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2350,11 +2388,11 @@ This policy setting determines whether offline files are fully synchronized when
This setting also disables the "Synchronize all offline files before logging on" option on the Offline Files tab. This disablement prevents users from trying to change the option while a setting controls it.
-If you enable this setting, offline files are fully synchronized at sign in. Full synchronization ensures that offline files are complete and current. Enabling this setting automatically enables logon synchronization in Synchronization Manager.
+If you enable this setting, offline files are fully synchronized at sign-in. Full synchronization ensures that offline files are complete and current. Enabling this setting automatically enables logon synchronization in Synchronization Manager.
If this setting is disabled and Synchronization Manager is configured for logon synchronization, the system performs only a quick synchronization. Quick synchronization ensures that files are complete but doesn't ensure that they're current.
-If you don't configure this setting and Synchronization Manager is configured for logon synchronization, the system performs a quick synchronization by default, but users can change this option.
+If you don't configure this setting and Synchronization Manager is configured for logon synchronization, the system performs a quick synchronization by default. However, users can change this option.
This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.
@@ -2383,8 +2421,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2432,8 +2471,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2481,8 +2521,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2527,8 +2568,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2573,8 +2615,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2615,3 +2658,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-pca.md b/windows/client-management/mdm/policy-csp-admx-pca.md
index 940b2bc510..28a333dfcc 100644
--- a/windows/client-management/mdm/policy-csp-admx-pca.md
+++ b/windows/client-management/mdm/policy-csp-admx-pca.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_pca
-description: Policy CSP - ADMX_pca
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_pca.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: nimishasatapathy
+author: vinaypamnani-msft
ms.date: 09/20/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_pca
@@ -61,8 +61,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -81,10 +82,11 @@ manager: dansimp
This policy setting configures the Program Compatibility Assistant (PCA) to diagnose failures with application and driver compatibility.
-- If you enable this policy setting, the PCA is configured to detect failures during application installation, failures during application runtime, and drivers blocked due to compatibility issues. When failures are detected, the PCA will provide options to run the application in a compatibility mode or get help online through a Microsoft website.
-- If you disable this policy setting, the PCA does not detect compatibility issues for applications and drivers.
+If you enable this policy setting, the PCA is configured to detect failures during application installation, failures during application runtime, and drivers blocked due to compatibility issues. When failures are detected, the PCA will provide options to run the application in a compatibility mode or get help online through a Microsoft website.
-If you do not configure this policy setting, the PCA is configured to detect failures during application installation, failures during application runtime, and drivers blocked due to compatibility issues.
+If you disable this policy setting, the PCA doesn't detect compatibility issues for applications and drivers.
+
+If you don't configure this policy setting, the PCA is configured to detect failures during application installation, failures during application runtime, and drivers blocked due to compatibility issues.
> [!NOTE]
> This policy setting has no effect if the "Turn off Program Compatibility Assistant" policy setting is enabled.
@@ -112,8 +114,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -130,7 +133,7 @@ ADMX Info:
-This setting exists only for backward compatibility, and is not valid for this version of Windows.
+This setting exists only for backward compatibility, and isn't valid for this version of Windows.
To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative
Templates\Windows Components\Application Compatibility.
@@ -157,8 +160,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -176,7 +180,7 @@ ADMX Info:
-This setting exists only for backward compatibility, and is not valid for this version of Windows. To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative Templates\Windows Components\Application Compatibility.
+This setting exists only for backward compatibility, and isn't valid for this version of Windows. To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative Templates\Windows Components\Application Compatibility.
@@ -198,8 +202,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -217,7 +222,7 @@ ADMX Info:
-This setting exists only for backward compatibility, and is not valid for this version of Windows. To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative Templates\Windows Components\Application Compatibility.
+This setting exists only for backward compatibility, and isn't valid for this version of Windows. To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative Templates\Windows Components\Application Compatibility.
@@ -240,8 +245,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -259,7 +265,8 @@ ADMX Info:
-This setting exists only for backward compatibility, and is not valid for this version of Windows.
+This setting exists only for backward compatibility, and isn't valid for this version of Windows.
+
To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative Templates\Windows Components\Application Compatibility.
@@ -283,8 +290,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -302,7 +310,8 @@ ADMX Info:
-This setting exists only for backward compatibility, and is not valid for this version of Windows.
+This setting exists only for backward compatibility, and isn't valid for this version of Windows.
+
To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative Templates\Windows Components\Application Compatibility.
@@ -326,8 +335,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -345,7 +355,8 @@ ADMX Info:
-This setting exists only for backward compatibility, and is not valid for this version of Windows.
+This setting exists only for backward compatibility, and isn't valid for this version of Windows.
+
To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative Templates\Windows Components\Application Compatibility.
@@ -364,3 +375,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md b/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md
index d6a2ec5b2f..b5e4199768 100644
--- a/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md
+++ b/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md
@@ -1,18 +1,19 @@
---
title: Policy CSP - ADMX_PeerToPeerCaching
-description: Policy CSP - ADMX_PeerToPeerCaching
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_PeerToPeerCaching.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/16/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_PeerToPeerCaching
+
>[!TIP]
> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
@@ -65,8 +66,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -89,9 +91,7 @@ This policy setting specifies whether BranchCache is enabled on client computers
- Set BranchCache Hosted Cache mode
- Configure Hosted Cache Servers
-Policy configuration
-
-Select one of the following options:
+For policy configuration, select one of the following options:
- Not Configured: With this selection, BranchCache settings aren't applied to client computers by this policy. In the circumstance where client computers are domain members but you don't want to enable BranchCache on all client computers, you can specify Not Configured for this domain Group Policy setting, and then configure local computer policy to enable BranchCache on individual client computers. Because the domain Group Policy setting isn't configured, it won't over-write the enabled setting that you use on individual client computers where you want to enable BranchCache.
- Enabled: With this selection, BranchCache is turned on for all client computers where the policy is applied. For example, if this policy is enabled in domain Group Policy, BranchCache is turned on for all domain member client computers to which the policy is applied.
@@ -122,8 +122,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -144,9 +145,7 @@ This policy setting specifies whether BranchCache distributed cache mode is enab
In distributed cache mode, client computers download content from BranchCache-enabled main office content servers, cache the content locally, and serve the content to other BranchCache distributed cache mode clients in the branch office.
-Policy configuration
-
-Select one of the following options:
+For policy configuration, select one of the following options:
- Not Configured: With this selection, BranchCache settings aren't applied to client computers by this policy. In the circumstance where client computers are domain members but you don't want to enable BranchCache on all client computers, you can specify Not Configured for this domain Group Policy setting, and then configure local computer policy to enable BranchCache on individual client computers. Because the domain Group Policy setting isn't configured, it won't over-write the enabled setting that you use on individual client computers where you want to enable BranchCache.
- Enabled: With this selection, BranchCache distributed cache mode is enabled for all client computers where the policy is applied. For example, if this policy is enabled in domain Group Policy, BranchCache distributed cache mode is turned on for all domain member client computers to which the policy is applied.
@@ -177,8 +176,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -199,9 +199,7 @@ This policy setting specifies whether BranchCache hosted cache mode is enabled o
When a client computer is configured as a hosted cache mode client, it's able to download cached content from a hosted cache server that is located at the branch office. In addition, when the hosted cache client obtains content from a content server, the client can upload the content to the hosted cache server for access by other hosted cache clients at the branch office.
-Policy configuration
-
-Select one of the following options:
+For policy configuration, select one of the following options:
- Not Configured: With this selection, BranchCache settings aren't applied to client computers by this policy. In the circumstance where client computers are domain members but you don't want to enable BranchCache on all client computers, you can specify Not Configured for this domain Group Policy setting, and then configure local computer policy to enable BranchCache on individual client computers. Because the domain Group Policy setting isn't configured, it won't over-write the enabled setting that you use on individual client computers where you want to enable BranchCache.
- Enabled: With this selection, BranchCache hosted cache mode is enabled for all client computers where the policy is applied. For example, if this policy is enabled in domain Group Policy, BranchCache hosted cache mode is turned on for all domain member client computers to which the policy is applied.
@@ -238,8 +236,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -272,9 +271,7 @@ This policy setting can only be applied to client computers that are running at
If you disable, or don't configure this setting, a client won't attempt to discover hosted cache servers by service connection point.
-Policy configuration
-
-Select one of the following options:
+For policy configuration, select one of the following options:
- Not Configured: With this selection, BranchCache settings aren't applied to client computers by this policy setting, and client computers don't perform hosted cache server discovery.
- Enabled: With this selection, the policy setting is applied to client computers, which perform automatically hosted cache server discovery and which are configured as hosted cache mode clients.
@@ -302,8 +299,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -324,13 +322,11 @@ This policy setting specifies whether client computers are configured to use hos
If you enable this policy setting and specify valid computer names of hosted cache servers, hosted cache mode is enabled for all client computers to which the policy setting is applied. For this policy setting to take effect, you must also enable the "Turn on BranchCache" policy setting.
-This policy setting can only be applied to client computers that are running at least Windows 8. This policy has no effect on computers that are running Windows 7 or Windows Vista. Client computers to which this policy setting is applied, in addition to the "Set BranchCache Hosted Cache mode" policy setting, use the hosted cache servers that are specified in this policy setting and don't use the hosted cache server that is configured in the policy setting "Set BranchCache Hosted Cache Mode."
+This policy setting can only be applied to client computers that are running at least Windows 8. This policy has no effect on computers that are running Windows 7 or Windows Vista. Client computers to which this policy setting is applied, in addition to the "Set BranchCache Hosted Cache mode" policy setting, use the hosted cache servers that are specified in this policy setting and don't use the hosted cache server that is configured in the policy setting "Set BranchCache Hosted Cache Mode".
If you don't configure this policy setting, or if you disable this policy setting, client computers that are configured with hosted cache mode still function correctly.
-Policy configuration
-
-Select one of the following options:
+For policy configuration, select one of the following options:
- Not Configured: With this selection, BranchCache settings aren't applied to client computers by this policy setting.
- Enabled: With this selection, the policy setting is applied to client computers, which are configured as hosted cache mode clients that use the hosted cache servers that you specify in "Hosted cache servers."
@@ -362,8 +358,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -382,9 +379,7 @@ ADMX Info:
This policy setting is used only when you've deployed one or more BranchCache-enabled file servers at your main office. This policy setting specifies when client computers in branch offices start caching content from file servers based on the network latency - or delay - that occurs when the clients download content from the main office over a Wide Area Network (WAN) link. When you configure a value for this setting, which is the maximum round trip network latency allowed before caching begins, clients don't cache content until the network latency reaches the specified value; when network latency is greater than the value, clients begin caching content after they receive it from the file servers.
-Policy configuration
-
-Select one of the following options:
+For policy configuration, select one of the following options:
- Not Configured: With this selection, BranchCache latency settings aren't applied to client computers by this policy. In the circumstance where client computers are domain members but you don't want to configure a BranchCache latency setting on all client computers, you can specify Not Configured for this domain Group Policy setting, and then configure local computer policy to enable BranchCache latency settings on individual client computers. Because the domain Group Policy setting isn't configured, it won't over-write the latency setting that you use on individual client computers.
- Enabled: With this selection, the BranchCache maximum round trip latency setting is enabled for all client computers where the policy is applied. For example, if Configure BranchCache for network files is enabled in domain Group Policy, the BranchCache latency setting that you specify in the policy is turned on for all domain member client computers to which the policy is applied.
@@ -416,8 +411,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -440,9 +436,7 @@ If you enable this policy setting, you can configure the percentage of total dis
If you disable or don't configure this policy setting, the cache is set to 5 percent of the total disk space on the client computer.
-Policy configuration
-
-Select one of the following options:
+For policy configuration, select one of the following options:
- Not Configured: With this selection, BranchCache client computer cache settings aren't applied to client computers by this policy. In the circumstance where client computers are domain members but you don't want to configure a BranchCache client computer cache setting on all client computers, you can specify Not Configured for this domain Group Policy setting, and then configure local computer policy to enable BranchCache client computer cache settings on individual client computers. Because the domain Group Policy setting isn't configured, it won't over-write the client computer cache setting that you use on individual client computers.
- Enabled: With this selection, the BranchCache client computer cache setting is enabled for all client computers where the policy is applied. For example, if Set percentage of disk space used for client computer cache is enabled in domain Group Policy, the BranchCache client computer cache setting that you specify in the policy is turned on for all domain member client computers to which the policy is applied.
@@ -477,8 +471,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -501,9 +496,7 @@ If you enable this policy setting, you can configure the age for segments in the
If you disable or don't configure this policy setting, the age is set to 28 days.
-Policy configuration
-
-Select one of the following options:
+For policy configuration, select one of the following options:
- Not Configured: With this selection, BranchCache client computer cache age settings aren't applied to client computers by this policy. In the circumstance where client computers are domain members but you don't want to configure a BranchCache client computer cache age setting on all client computers, you can specify Not Configured for this domain Group Policy setting, and then configure local computer policy to enable BranchCache client computer cache age settings on individual client computers. Because the domain Group Policy setting isn't configured, it won't over-write the client computer cache age setting that you use on individual client computers.
- Enabled: With this selection, the BranchCache client computer cache age setting is enabled for all client computers where the policy is applied. For example, if this policy setting is enabled in domain Group Policy, the BranchCache client computer cache age that you specify in the policy is turned on for all domain member client computers to which the policy is applied.
@@ -535,8 +528,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -559,9 +553,7 @@ If you enable this policy setting, all clients use the version of BranchCache th
If you don't configure this setting, all clients will use the version of BranchCache that matches their operating system.
-Policy configuration
-
-Select one of the following options:
+For policy configuration, select one of the following options:
- Not Configured: With this selection, this policy setting isn't applied to client computers, and the clients run the version of BranchCache that is included with their operating system.
- Enabled: With this selection, this policy setting is applied to client computers based on the value of the option setting "Select from the following versions" that you specify.
@@ -591,3 +583,7 @@ ADMX Info:
+
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-pentraining.md b/windows/client-management/mdm/policy-csp-admx-pentraining.md
index e3c4ae75b9..322223fccc 100644
--- a/windows/client-management/mdm/policy-csp-admx-pentraining.md
+++ b/windows/client-management/mdm/policy-csp-admx-pentraining.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_PenTraining
-description: Policy CSP - ADMX_PenTraining
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_PenTraining.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/22/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_PenTraining
@@ -45,8 +45,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -65,9 +66,9 @@ manager: dansimp
Turns off Tablet PC Pen Training.
-- If you enable this policy setting, users cannot open Tablet PC Pen Training.
+- If you enable this policy setting, users can't open Tablet PC Pen Training.
-- If you disable or do not configure this policy setting, users can open Tablet PC Pen Training.
+- If you disable or don't configure this policy setting, users can open Tablet PC Pen Training.
@@ -91,8 +92,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -111,9 +113,9 @@ ADMX Info:
Turns off Tablet PC Pen Training.
-- If you enable this policy setting, users cannot open Tablet PC Pen Training.
+- If you enable this policy setting, users can't open Tablet PC Pen Training.
-- If you disable or do not configure this policy setting, users can open Tablet PC Pen Training.
+- If you disable or don't configure this policy setting, users can open Tablet PC Pen Training.
@@ -131,3 +133,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md b/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md
index 639a44a171..7c956fcf64 100644
--- a/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md
+++ b/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md
@@ -1,18 +1,19 @@
---
title: Policy CSP - ADMX_PerformanceDiagnostics
-description: Policy CSP - ADMX_PerformanceDiagnostics
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_PerformanceDiagnostics.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/16/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_PerformanceDiagnostics
+
>[!TIP]
> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
@@ -51,8 +52,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -71,7 +73,7 @@ manager: dansimp
This policy setting determines the execution level for Windows Boot Performance Diagnostics.
-If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows Boot Performance problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting and resolution, the DPS will detect Windows Boot Performance problems and indicate to the user that assisted resolution is available.
+If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows Boot Performance problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting, and resolution, the DPS will detect Windows Boot Performance problems and indicate to the user that assisted resolution is available.
If you disable this policy setting, Windows won't be able to detect, troubleshoot or resolve any Windows Boot Performance problems that are handled by the DPS.
@@ -79,7 +81,8 @@ If you don't configure this policy setting, the DPS will enable Windows Boot Per
This policy setting takes effect only if the diagnostics-wide scenario execution policy isn't configured.
-No system restart or service restart is required for this policy to take effect: changes take effect immediately.
+>[!Note]
+>No system restart or service restart is required for this policy to take effect; changes take effect immediately.
This policy setting will only take effect when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios won't be executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console.
@@ -105,8 +108,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -125,7 +129,7 @@ ADMX Info:
Determines the execution level for Windows Standby/Resume Performance Diagnostics.
-If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows Standby/Resume Performance problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting and resolution, the DPS will detect Windows Standby/Resume Performance problems and indicate to the user that assisted resolution is available.
+If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows Standby/Resume Performance problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting, and resolution, the DPS will detect Windows Standby/Resume Performance problems and indicate to the user that assisted resolution is available.
If you disable this policy setting, Windows won't be able to detect, troubleshoot or resolve any Windows Standby/Resume Performance problems that are handled by the DPS.
@@ -159,8 +163,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -179,7 +184,7 @@ ADMX Info:
This policy setting determines the execution level for Windows Shutdown Performance Diagnostics.
-If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows Shutdown Performance problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting and resolution, the DPS will detect Windows Shutdown Performance problems and indicate to the user that assisted resolution is available.
+If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows Shutdown Performance problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting, and resolution, the DPS will detect Windows Shutdown Performance problems and indicate to the user that assisted resolution is available.
If you disable this policy setting, Windows won't be able to detect, troubleshoot or resolve any Windows Shutdown Performance problems that are handled by the DPS.
@@ -213,8 +218,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -233,7 +239,7 @@ ADMX Info:
Determines the execution level for Windows Standby/Resume Performance Diagnostics.
-If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows Standby/Resume Performance problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting and resolution, the DPS will detect Windows Standby/Resume Performance problems and indicate to the user that assisted resolution is available.
+If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows Standby/Resume Performance problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting, and resolution, the DPS will detect Windows Standby/Resume Performance problems and indicate to the user that assisted resolution is available.
If you disable this policy setting, Windows won't be able to detect, troubleshoot or resolve any Windows Standby/Resume Performance problems that are handled by the DPS.
@@ -263,3 +269,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-power.md b/windows/client-management/mdm/policy-csp-admx-power.md
index 31a6511577..e1e9ee133b 100644
--- a/windows/client-management/mdm/policy-csp-admx-power.md
+++ b/windows/client-management/mdm/policy-csp-admx-power.md
@@ -1,18 +1,19 @@
---
title: Policy CSP - ADMX_Power
-description: Policy CSP - ADMX_Power
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_Power.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/22/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_Power
+
>[!TIP]
> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
@@ -114,8 +115,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -136,9 +138,9 @@ This policy setting allows you to control the network connectivity state in stan
If you enable this policy setting, network connectivity will be maintained in standby.
-If you disable this policy setting, network connectivity in standby is not guaranteed. This connectivity restriction currently applies to WLAN networks only, and is subject to change.
+If you disable this policy setting, network connectivity in standby isn't guaranteed. This connectivity restriction currently applies to WLAN networks only, and is subject to change.
-If you do not configure this policy setting, users control this setting.
+If you don't configure this policy setting, users control this setting.
@@ -162,8 +164,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -184,7 +187,7 @@ This policy setting allows you to turn on the ability for applications and servi
If you enable this policy setting, an application or service may prevent the system from sleeping (Hybrid Sleep, Stand By, or Hibernate).
-If you disable or do not configure this policy setting, users control this setting.
+If you disable or don't configure this policy setting, users control this setting.
@@ -208,8 +211,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -234,7 +238,7 @@ If you enable this policy setting, select one of the following actions:
- Hibernate
- Shut down
-If you disable this policy or do not configure this policy setting, users control this setting.
+If you disable this policy or don't configure this policy setting, users control this setting.
@@ -258,8 +262,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -280,7 +285,7 @@ This policy setting allows applications and services to prevent automatic sleep.
If you enable this policy setting, any application, service, or device driver prevents Windows from automatically transitioning to sleep after a period of user inactivity.
-If you disable or do not configure this policy setting, applications, services, or drivers do not prevent Windows from automatically transitioning to sleep. Only user input is used to determine if Windows should automatically sleep.
+If you disable or don't configure this policy setting, applications, services, or drivers don't prevent Windows from automatically transitioning to sleep. Only user input is used to determine if Windows should automatically sleep.
@@ -304,8 +309,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -326,7 +332,7 @@ This policy setting allows applications and services to prevent automatic sleep.
If you enable this policy setting, any application, service, or device driver prevents Windows from automatically transitioning to sleep after a period of user inactivity.
-If you disable or do not configure this policy setting, applications, services, or drivers do not prevent Windows from automatically transitioning to sleep. Only user input is used to determine if Windows should automatically sleep.
+If you disable or don't configure this policy setting, applications, services, or drivers don't prevent Windows from automatically transitioning to sleep. Only user input is used to determine if Windows should automatically sleep.
@@ -350,8 +356,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -372,7 +379,7 @@ This policy setting allows you to manage automatic sleep with open network files
If you enable this policy setting, the computer automatically sleeps when network files are open.
-If you disable or do not configure this policy setting, the computer does not automatically sleep when network files are open.
+If you disable or don't configure this policy setting, the computer doesn't automatically sleep when network files are open.
@@ -396,8 +403,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -418,7 +426,7 @@ This policy setting allows you to manage automatic sleep with open network files
If you enable this policy setting, the computer automatically sleeps when network files are open.
-If you disable or do not configure this policy setting, the computer does not automatically sleep when network files are open.
+If you disable or don't configure this policy setting, the computer doesn't automatically sleep when network files are open.
@@ -442,8 +450,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -460,11 +469,11 @@ ADMX Info:
-This policy setting specifies the active power plan from a specified power plan’s GUID. The GUID for a custom power plan GUID can be retrieved by using powercfg, the power configuration command line tool.
+This policy setting specifies the active power plan from a specified power plan’s GUID. The GUID for a custom power plan GUID can be retrieved by using `powercfg`, the power configuration command line tool.
If you enable this policy setting, you must specify a power plan, specified as a GUID using the following format: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX (For example, 103eea6e-9fcd-4544-a713-c282d8e50083), indicating the power plan to be active.
-If you disable or do not configure this policy setting, users can see and change this setting.
+If you disable or don't configure this policy setting, users can see and change this setting.
@@ -488,8 +497,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -515,7 +525,7 @@ If you enable this policy setting, select one of the following actions:
- Hibernate
- Shut down
-If you disable or do not configure this policy setting, users control this setting.
+If you disable or don't configure this policy setting, users control this setting.
@@ -539,8 +549,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -566,7 +577,7 @@ If you enable this policy setting, select one of the following actions:
- Hibernate
- Shut down
-If you disable or do not configure this policy setting, users control this setting.
+If you disable or don't configure this policy setting, users control this setting.
@@ -590,8 +601,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -614,7 +626,7 @@ If you enable this policy setting, you must enter a numeric value (percentage) t
To set the action that is triggered, see the "Critical Battery Notification Action" policy setting.
-If you disable this policy setting or do not configure it, users control this setting.
+If you disable this policy setting or don't configure it, users control this setting.
@@ -638,8 +650,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -664,7 +677,7 @@ To configure the low battery notification level, see the "Low Battery Notificati
The notification will only be shown if the "Low Battery Notification Action" policy setting is configured to "No Action".
-If you disable or do not configure this policy setting, users can control this setting.
+If you disable or don't configure this policy setting, users can control this setting.
@@ -688,8 +701,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -712,7 +726,7 @@ If you enable this policy setting, you must enter a numeric value (percentage) t
To set the action that is triggered, see the "Low Battery Notification Action" policy setting.
-If you disable this policy setting or do not configure it, users control this setting.
+If you disable this policy setting or don't configure it, users control this setting.
@@ -736,8 +750,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -758,9 +773,9 @@ This policy setting allows you to control the network connectivity state in stan
If you enable this policy setting, network connectivity will be maintained in standby.
-If you disable this policy setting, network connectivity in standby is not guaranteed. This connectivity restriction currently applies to WLAN networks only, and is subject to change.
+If you disable this policy setting, network connectivity in standby isn't guaranteed. This connectivity restriction currently applies to WLAN networks only, and is subject to change.
-If you do not configure this policy setting, users control this setting.
+If you don't configure this policy setting, users control this setting.
@@ -784,8 +799,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -806,7 +822,7 @@ This policy setting allows you to turn on the ability for applications and servi
If you enable this policy setting, an application or service may prevent the system from sleeping (Hybrid Sleep, Stand By, or Hibernate).
-If you disable or do not configure this policy setting, users control this setting.
+If you disable or don't configure this policy setting, users control this setting.
@@ -830,8 +846,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -856,7 +873,7 @@ If you enable this policy setting, select one of the following actions:
- Hibernate
- Shut down
-If you disable this policy or do not configure this policy setting, users control this setting.
+If you disable this policy or don't configure this policy setting, users control this setting.
@@ -880,8 +897,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -902,7 +920,7 @@ This policy setting specifies the period of inactivity before Windows turns off
If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows turns off the hard disk.
-If you disable or do not configure this policy setting, users can see and change this setting.
+If you disable or don't configure this policy setting, users can see and change this setting.
@@ -926,8 +944,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -948,7 +967,7 @@ This policy setting specifies the period of inactivity before Windows turns off
If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows turns off the hard disk.
-If you disable or do not configure this policy setting, users can see and change this setting.
+If you disable or don't configure this policy setting, users can see and change this setting.
@@ -972,8 +991,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -992,7 +1012,7 @@ ADMX Info:
This policy setting allows you to configure whether power is automatically turned off when Windows shutdown completes.
-This setting does not affect Windows shutdown behavior when shutdown is manually selected using the Start menu or Task Manager user interfaces.
+This setting doesn't affect Windows shutdown behavior when shutdown is manually selected using the Start menu or Task Manager user interfaces.
Applications such as UPS software may rely on Windows shutdown behavior.
@@ -1000,7 +1020,7 @@ This setting is only applicable when Windows shutdown is initiated by software p
If you enable this policy setting, the computer system safely shuts down and remains in a powered state, ready for power to be safely removed.
-If you disable or do not configure this policy setting, the computer system safely shuts down to a fully powered-off state.
+If you disable or don't configure this policy setting, the computer system safely shuts down to a fully powered-off state.
@@ -1024,8 +1044,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1048,7 +1069,7 @@ If you enable this policy setting, desktop background slideshow is enabled.
If you disable this policy setting, the desktop background slideshow is disabled.
-If you disable or do not configure this policy setting, users control this setting.
+If you disable or don't configure this policy setting, users control this setting.
@@ -1072,8 +1093,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1096,7 +1118,7 @@ If you enable this policy setting, desktop background slideshow is enabled.
If you disable this policy setting, the desktop background slideshow is disabled.
-If you disable or do not configure this policy setting, users control this setting.
+If you disable or don't configure this policy setting, users control this setting.
@@ -1120,8 +1142,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1142,7 +1165,7 @@ This policy setting specifies the active power plan from a list of default Windo
If you enable this policy setting, specify a power plan from the Active Power Plan list.
-If you disable or do not configure this policy setting, users control this setting.
+If you disable or don't configure this policy setting, users control this setting.
@@ -1166,8 +1189,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1186,9 +1210,9 @@ ADMX Info:
This policy setting allows you to configure client computers to lock and prompt for a password when resuming from a hibernate or suspend state.
-If you enable this policy setting, the client computer is locked and prompted for a password when it is resumed from a suspend or hibernate state.
+If you enable this policy setting, the client computer is locked and prompted for a password when it's resumed from a suspend or hibernate state.
-If you disable or do not configure this policy setting, users control if their computer is automatically locked or not after performing a resume operation.
+If you disable or don't configure this policy setting, users control if their computer is automatically locked or not after performing a resume operation.
@@ -1212,8 +1236,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1234,7 +1259,7 @@ This policy setting allows you to turn off Power Throttling.
If you enable this policy setting, Power Throttling will be turned off.
-If you disable or do not configure this policy setting, users control this setting.
+If you disable or don't configure this policy setting, users control this setting.
@@ -1258,8 +1283,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1280,7 +1306,7 @@ This policy setting specifies the percentage of battery capacity remaining that
If you enable this policy setting, you must enter a numeric value (percentage) to set the battery level that triggers the reserve power notification.
-If you disable or do not configure this policy setting, users can see and change this setting.
+If you disable or don't configure this policy setting, users can see and change this setting.
@@ -1299,3 +1325,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md b/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md
index 0f0b567c4d..0818fc3b94 100644
--- a/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md
+++ b/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md
@@ -1,18 +1,19 @@
---
title: Policy CSP - ADMX_PowerShellExecutionPolicy
-description: Policy CSP - ADMX_PowerShellExecutionPolicy
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_PowerShellExecutionPolicy.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 10/26/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_PowerShellExecutionPolicy
+
>[!TIP]
> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
@@ -51,8 +52,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -72,7 +74,7 @@ manager: dansimp
This policy setting allows you to turn on logging for Windows PowerShell modules.
-If you enable this policy setting, pipeline execution events for members of the specified modules are recorded in the Windows PowerShell log in Event Viewer. Enabling this policy setting for a module is equivalent to setting the LogPipelineExecutionDetails property of the module to True.
+If you enable this policy setting, pipeline execution events for members of the specified modules are recorded in the Windows PowerShell login Event Viewer. Enabling this policy setting for a module is equivalent to setting the LogPipelineExecutionDetails property of the module to True.
If you disable this policy setting, logging of execution events is disabled for all Windows PowerShell modules. Disabling this policy setting for a module is equivalent to setting the LogPipelineExecutionDetails property of the module to False. If this policy setting isn't configured, the LogPipelineExecutionDetails property of a module or snap-in determines whether the execution events of a module or snap-in are logged. By default, the LogPipelineExecutionDetails property of all modules and snap-ins is set to False.
@@ -103,8 +105,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -126,7 +129,7 @@ This policy setting lets you configure the script execution policy, controlling
If you enable this policy setting, the scripts selected in the drop-down list are allowed to run. The "Allow only signed scripts" policy setting allows scripts to execute only if they're signed by a trusted publisher.
-The "Allow local scripts and remote signed scripts" policy setting allows any local scripts to run; scripts that originate from the Internet must be signed by a trusted publisher. The "Allow all scripts" policy setting allows all scripts to run.
+The "Allow local scripts and remote signed scripts" policy setting allows any local scripts to run. And, the scripts that originate from the Internet must be signed by a trusted publisher. The "Allow all scripts" policy setting allows all scripts to run.
If you disable this policy setting, no scripts are allowed to run.
@@ -155,8 +158,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -207,8 +211,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -251,4 +256,8 @@ ADMX Info:
-
\ No newline at end of file
+
+
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-previousversions.md b/windows/client-management/mdm/policy-csp-admx-previousversions.md
index 690fb95593..05320e6fd6 100644
--- a/windows/client-management/mdm/policy-csp-admx-previousversions.md
+++ b/windows/client-management/mdm/policy-csp-admx-previousversions.md
@@ -1,22 +1,19 @@
---
title: Policy CSP - ADMX_PreviousVersions
description: Policy CSP - ADMX_PreviousVersions
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/01/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_PreviousVersions
-
-
-
## ADMX_PreviousVersions policies
> [!TIP]
@@ -26,6 +23,10 @@ manager: dansimp
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+
+
ADMX_PreviousVersions/DisableLocalPage_1
@@ -64,8 +65,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -84,13 +86,10 @@ manager: dansimp
This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a local file.
-- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a local file.
-
-- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a local file.
-
-- If the user clicks the Restore button, Windows attempts to restore the file from the local disk.
-
-- If you do not configure this policy setting, it is disabled by default. The Restore button is active when the previous version is of a local file.
+- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a local file.
+- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a local file.
+- If the user clicks the Restore button, Windows attempts to restore the file from the local disk.
+- If you don't configure this policy setting, it's disabled by default. The Restore button is active when the previous version is of a local file.
@@ -114,8 +113,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -134,13 +134,10 @@ ADMX Info:
This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a local file.
-- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a local file.
-
-- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a local file.
-
-- If the user clicks the Restore button, Windows attempts to restore the file from the local disk.
-
-- If you do not configure this policy setting, it is disabled by default. The Restore button is active when the previous version is of a local file.
+- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a local file.
+- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a local file.
+- If the user clicks the Restore button, Windows attempts to restore the file from the local disk.
+- If you don't configure this policy setting, it's disabled by default. The Restore button is active when the previous version is of a local file.
@@ -164,8 +161,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -184,13 +182,10 @@ ADMX Info:
This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a file on a file share.
-- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a file on a file share.
-
-- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a file on a file share.
-
-- If the user clicks the Restore button, Windows attempts to restore the file from the file share.
-
-- If you do not configure this policy setting, it is disabled by default. The Restore button is active when the previous version is of a file on a file share.
+- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a file on a file share.
+- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a file on a file share.
+- If the user clicks the Restore button, Windows attempts to restore the file from the file share.
+- If you don't configure this policy setting, it's disabled by default. The Restore button is active when the previous version is of a file on a file share.
@@ -214,8 +209,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -234,13 +230,10 @@ ADMX Info:
This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a file on a file share.
-- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a file on a file share.
-
-- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a file on a file share.
-
-- If the user clicks the Restore button, Windows attempts to restore the file from the file share.
-
-- If you do not configure this policy setting, it is disabled by default. The Restore button is active when the previous version is of a file on a file share.
+- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a file on a file share.
+- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a file on a file share.
+- If the user clicks the Restore button, Windows attempts to restore the file from the file share.
+- If you don't configure this policy setting, it's disabled by default. The Restore button is active when the previous version is of a file on a file share.
@@ -265,8 +258,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -285,11 +279,9 @@ ADMX Info:
This policy setting lets you hide entries in the list of previous versions of a file in which the previous version is located on backup media. Previous versions can come from the on-disk restore points or the backup media.
-- If you enable this policy setting, users cannot see any previous versions corresponding to backup copies, and can see only previous versions corresponding to on-disk restore points.
-
-- If you disable this policy setting, users can see previous versions corresponding to backup copies as well as previous versions corresponding to on-disk restore points.
-
-If you do not configure this policy setting, it is disabled by default.
+- If you enable this policy setting, users can't see any previous versions corresponding to backup copies, and can see only previous versions corresponding to on-disk restore points.
+- If you disable this policy setting, users can see previous versions corresponding to backup copies and previous versions corresponding to on-disk restore points.
+- If you don't configure this policy setting, it's disabled by default.
@@ -313,8 +305,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -333,11 +326,9 @@ ADMX Info:
This policy setting lets you hide entries in the list of previous versions of a file in which the previous version is located on backup media. Previous versions can come from the on-disk restore points or the backup media.
-- If you enable this policy setting, users cannot see any previous versions corresponding to backup copies, and can see only previous versions corresponding to on-disk restore points.
-
-- If you disable this policy setting, users can see previous versions corresponding to backup copies as well as previous versions corresponding to on-disk restore points.
-
-If you do not configure this policy setting, it is disabled by default.
+- If you enable this policy setting, users can't see any previous versions corresponding to backup copies, and can see only previous versions corresponding to on-disk restore points.
+- If you disable this policy setting, users can see previous versions corresponding to backup copies and previous versions corresponding to on-disk restore points.
+- If you don't configure this policy setting, it's disabled by default.
@@ -361,8 +352,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -381,13 +373,10 @@ ADMX Info:
This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a file on a file share.
-- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a file on a file share.
-
-- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a file on a file share.
-
-- If the user clicks the Restore button, Windows attempts to restore the file from the file share.
-
-- If you do not configure this policy setting, it is disabled by default. The Restore button is active when the previous version is of a file on a file share.
+- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a file on a file share.
+- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a file on a file share.
+- If the user clicks the Restore button, Windows attempts to restore the file from the file share.
+- If you don't configure this policy setting, it's disabled by default. The Restore button is active when the previous version is of a file on a file share.
@@ -411,8 +400,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -431,13 +421,10 @@ ADMX Info:
This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a file on a file share.
-- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a file on a file share.
-
-- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a file on a file share.
-
-- If the user clicks the Restore button, Windows attempts to restore the file from the file share.
-
-- If you do not configure this policy setting, it is disabled by default. The Restore button is active when the previous version is of a file on a file share.
+- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a file on a file share.
+- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a file on a file share.
+- If the user clicks the Restore button, Windows attempts to restore the file from the file share.
+- If you don't configure this policy setting, it's disabled by default. The Restore button is active when the previous version is of a file on a file share.
@@ -452,3 +439,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-printing.md b/windows/client-management/mdm/policy-csp-admx-printing.md
index 0ea4840878..f107901b56 100644
--- a/windows/client-management/mdm/policy-csp-admx-printing.md
+++ b/windows/client-management/mdm/policy-csp-admx-printing.md
@@ -1,18 +1,19 @@
---
title: Policy CSP - ADMX_Printing
-description: Policy CSP - ADMX_Printing
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_Printing.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/15/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_Printing
+
>[!TIP]
> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
@@ -118,8 +119,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -171,8 +173,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -224,8 +227,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -249,7 +253,8 @@ If you enable this policy setting, you replace the "Get help with printing" defa
If you disable this setting or don't configure it, or if you don't enter an alternate Internet address, the default link will appear in the Printers folder.
> [!NOTE]
-> Web pages links only appear in the Printers folder when Web view is enabled. If Web view is disabled, the setting has no effect. (To enable Web view, open the Printers folder, and, on the Tools menu, click Folder Options, click the General tab, and then click "Enable Web content in folders.")
+> Web pages links only appear in the Printers folder when Web view is enabled. If Web view is disabled, the setting has no effect.
+> To enable Web view, open the Printers folder, and, on the Tools menu, click Folder Options, click the General tab, and then click "Enable Web content in folders."
Also, see the "Activate Internet printing" setting in this setting folder and the "Browse a common web site to find printers" setting in User Configuration\Administrative Templates\Control Panel\Printers.
@@ -277,8 +282,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -303,10 +309,8 @@ If you disable this policy setting, the client computer will only search the loc
This policy setting isn't configured by default, and the behavior depends on the version of Windows that you're using.
-
-
ADMX Info:
- GP Friendly name: *Extend Point and Print connection to search Windows Update*
@@ -326,8 +330,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -386,8 +391,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -435,8 +441,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -492,8 +499,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -536,8 +544,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -586,8 +595,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -636,8 +646,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -684,8 +695,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -730,8 +742,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -778,8 +791,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -835,8 +849,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -881,8 +896,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -927,8 +943,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -977,8 +994,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1027,8 +1045,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1077,8 +1096,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1125,8 +1145,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1176,8 +1197,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1227,8 +1249,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1275,8 +1298,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1328,8 +1352,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1377,8 +1402,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1418,5 +1444,8 @@ ADMX Info:
+
-
\ No newline at end of file
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-printing2.md b/windows/client-management/mdm/policy-csp-admx-printing2.md
index 87ff13e471..3032187dbe 100644
--- a/windows/client-management/mdm/policy-csp-admx-printing2.md
+++ b/windows/client-management/mdm/policy-csp-admx-printing2.md
@@ -1,18 +1,19 @@
---
title: Policy CSP - ADMX_Printing2
-description: Policy CSP - ADMX_Printing2
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_Printing2.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/15/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_Printing2
+
>[!TIP]
> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
@@ -66,8 +67,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -117,8 +119,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -168,8 +171,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -186,7 +190,7 @@ ADMX Info:
-Determines whether the pruning service on a domain controller prunes printer objects that aren't automatically republished whenever the host computer doesn't respond, just as it does with Windows 2000 printers. This setting applies to printers running operating systems other than Windows 2000 and to Windows 2000 printers published outside their forest.
+This policy setting determines whether the pruning service on a domain controller prunes printer objects that aren't automatically republished whenever the host computer doesn't respond, just as it does with Windows 2000 printers. This setting applies to printers running operating systems other than Windows 2000 and to Windows 2000 printers published outside their forest.
The Windows pruning service prunes printer objects from Active Directory when the computer that published them doesn't respond to contact requests. Computers running Windows 2000 Professional detect and republish deleted printer objects when they rejoin the network. However, because non-Windows 2000 computers and computers in other domains can't republish printers in Active Directory automatically, by default, the system never prunes their printer objects.
@@ -226,8 +230,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -279,8 +284,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -330,8 +336,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -383,8 +390,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -409,10 +417,8 @@ If you enable this policy setting, the contact events are recorded in the event
If you disable or don't configure this policy setting, the contact events aren't recorded in the event log.
-Note: This setting doesn't affect the logging of pruning events; the actual pruning of a printer is always logged.
-
> [!NOTE]
-> This setting is used only on domain controllers.
+> This setting doesn't affect the logging of pruning events; the actual pruning of a printer is always logged. This setting is used only on domain controllers.
@@ -436,8 +442,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -484,8 +491,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -525,4 +533,8 @@ ADMX Info:
-
\ No newline at end of file
+
+
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-programs.md b/windows/client-management/mdm/policy-csp-admx-programs.md
index c1089d79fe..3758a6ba32 100644
--- a/windows/client-management/mdm/policy-csp-admx-programs.md
+++ b/windows/client-management/mdm/policy-csp-admx-programs.md
@@ -1,18 +1,19 @@
---
title: Policy CSP - ADMX_Programs
-description: Policy CSP - ADMX_Programs
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_Programs.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/01/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_Programs
+
>[!TIP]
> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
@@ -60,8 +61,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -82,7 +84,7 @@ This setting removes the Set Program Access and Defaults page from the Programs
The Set Program Access and Computer Defaults page allows administrators to specify default programs for certain activities, such as Web browsing or sending e-mail, as well as specify the programs that are accessible from the Start menu, desktop, and other locations.
-If this setting is disabled or not configured, the Set Program Access and Defaults button is available to all users.
+If this setting is disabled or not configured, the "Set Program Access and Defaults" button is available to all users.
This setting doesn't prevent users from using other tools and methods to change program access or defaults.
@@ -90,7 +92,6 @@ This setting doesn't prevent the Default Programs icon from appearing on the Sta
-
ADMX Info:
- GP Friendly name: *Hide "Set Program Access and Computer Defaults" page*
@@ -110,8 +111,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -163,8 +165,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -211,8 +214,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -257,8 +261,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -307,8 +312,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -353,8 +359,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -400,3 +407,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md b/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md
index 5339356365..d5ba645c1e 100644
--- a/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md
+++ b/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md
@@ -1,24 +1,19 @@
---
title: Policy CSP - ADMX_PushToInstall
-description: Policy CSP - ADMX_PushToInstall
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_PushToInstall.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/01/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_PushToInstall
-
-
-
-## ADMX_PushToInstall policies
-
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
@@ -26,6 +21,11 @@ manager: dansimp
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+
+## ADMX_PushToInstall policies
+
ADMX_PushToInstall/DisablePushToInstall
@@ -43,8 +43,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -77,3 +78,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-radar.md b/windows/client-management/mdm/policy-csp-admx-radar.md
index 80e2f293b0..bcfa2454cb 100644
--- a/windows/client-management/mdm/policy-csp-admx-radar.md
+++ b/windows/client-management/mdm/policy-csp-admx-radar.md
@@ -1,24 +1,19 @@
---
title: Policy CSP - ADMX_Radar
-description: Policy CSP - ADMX_Radar
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_Radar.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/08/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_Radar
-
-
-
-## ADMX_Radar policies
-
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
@@ -26,6 +21,11 @@ manager: dansimp
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+
+## ADMX_Radar policies
+
ADMX_Radar/WdiScenarioExecutionPolicy
@@ -43,8 +43,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -63,14 +64,19 @@ manager: dansimp
This policy determines the execution level for Windows Resource Exhaustion Detection and Resolution.
-- If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows Resource Exhaustion problems and attempt to determine their root causes.
+If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows Resource Exhaustion problems and attempt to determine their root causes.
-These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting and resolution, the DPS will detect Windows Resource Exhaustion problems and indicate to the user that assisted resolution is available.
+These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting, and resolution, the DPS will detect Windows Resource Exhaustion problems and indicate to the user that assisted resolution is available.
-- If you disable this policy setting, Windows won't be able to detect, troubleshoot or resolve any Windows Resource Exhaustion problems that are handled by the DPS.
+If you disable this policy setting, Windows won't be able to detect, troubleshoot or resolve any Windows Resource Exhaustion problems that are handled by the DPS.
If you don't configure this policy setting, the DPS will enable Windows Resource Exhaustion for resolution by default.
-This policy setting takes effect only if the diagnostics-wide scenario execution policy isn't configured. No system restart or service restart is required for this policy to take effect: changes take effect immediately. This policy setting will only take effect when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios won't be executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console.
+This policy setting takes effect only if the diagnostics-wide scenario execution policy isn't configured.
+
+No system restart or service restart is required for this policy to take effect; changes take effect immediately.
+
+>[!Note]
+> This policy setting will only take effect when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios won't be executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console.
@@ -88,3 +94,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-reliability.md b/windows/client-management/mdm/policy-csp-admx-reliability.md
index 006b2c772d..08a42720fb 100644
--- a/windows/client-management/mdm/policy-csp-admx-reliability.md
+++ b/windows/client-management/mdm/policy-csp-admx-reliability.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_Reliability
description: Policy CSP - ADMX_Reliability
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 08/13/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_Reliability
@@ -51,8 +51,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -104,8 +105,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -156,8 +158,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -209,8 +212,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-admx-remoteassistance.md b/windows/client-management/mdm/policy-csp-admx-remoteassistance.md
index 31a892b671..5d6a8d5676 100644
--- a/windows/client-management/mdm/policy-csp-admx-remoteassistance.md
+++ b/windows/client-management/mdm/policy-csp-admx-remoteassistance.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_RemoteAssistance
-description: Policy CSP - ADMX_RemoteAssistance
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_RemoteAssistance.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/14/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_RemoteAssistance
@@ -45,8 +45,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -69,7 +70,7 @@ If you enable this policy setting, only computers running this version (or later
If you disable this policy setting, computers running this version and a previous version of the operating system can connect to this computer.
-If you don't configure this policy setting, users can configure the setting in System Properties in the Control Panel.
+If you don't configure this policy setting, users can configure this setting in System Properties in the Control Panel.
@@ -93,8 +94,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -150,4 +152,8 @@ ADMX Info:
-
\ No newline at end of file
+
+
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-removablestorage.md b/windows/client-management/mdm/policy-csp-admx-removablestorage.md
index 7ce8e84d8f..f4f47dc890 100644
--- a/windows/client-management/mdm/policy-csp-admx-removablestorage.md
+++ b/windows/client-management/mdm/policy-csp-admx-removablestorage.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_RemovableStorage
-description: Policy CSP - ADMX_RemovableStorage
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_RemovableStorage.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/10/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_RemovableStorage
@@ -135,8 +135,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -157,7 +158,7 @@ This policy setting configures the amount of time (in seconds) that the operatin
If you enable this policy setting, you can set the number of seconds you want the system to wait until a reboot.
-If you disable or do not configure this setting, the operating system does not force a reboot.
+If you disable or don't configure this setting, the operating system does not force a reboot.
> [!NOTE]
> If no reboot is forced, the access right does not take effect until the operating system is restarted.
@@ -184,8 +185,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -206,7 +208,7 @@ This policy setting configures the amount of time (in seconds) that the operatin
If you enable this policy setting, you can set the number of seconds you want the system to wait until a reboot.
-If you disable or do not configure this setting, the operating system does not force a reboot
+If you disable or don't configure this setting, the operating system does not force a reboot
> [!NOTE]
> If no reboot is forced, the access right does not take effect until the operating system is restarted.
@@ -233,8 +235,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -255,7 +258,7 @@ This policy setting denies execute access to the CD and DVD removable storage cl
If you enable this policy setting, execute access is denied to this removable storage class.
-If you disable or do not configure this policy setting, execute access is allowed to this removable storage class.
+If you disable or don't configure this policy setting, execute access is allowed to this removable storage class.
@@ -279,8 +282,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -301,7 +305,7 @@ This policy setting denies read access to the CD and DVD removable storage class
If you enable this policy setting, read access is denied to this removable storage class.
-If you disable or do not configure this policy setting, read access is allowed to this removable storage class.
+If you disable or don't configure this policy setting, read access is allowed to this removable storage class.
@@ -324,8 +328,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -346,7 +351,7 @@ This policy setting denies read access to the CD and DVD removable storage class
If you enable this policy setting, read access is denied to this removable storage class.
-If you disable or do not configure this policy setting, read access is allowed to this removable storage class.
+If you disable or don't configure this policy setting, read access is allowed to this removable storage class.
@@ -370,8 +375,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -392,7 +398,7 @@ This policy setting denies write access to the CD and DVD removable storage clas
If you enable this policy setting, write access is denied to this removable storage class.
-If you disable or do not configure this policy setting, write access is allowed to this removable storage class.
+If you disable or don't configure this policy setting, write access is allowed to this removable storage class.
@@ -416,8 +422,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -438,7 +445,7 @@ This policy setting denies write access to the CD and DVD removable storage clas
If you enable this policy setting, write access is denied to this removable storage class.
-If you disable or do not configure this policy setting, write access is allowed to this removable storage class.
+If you disable or don't configure this policy setting, write access is allowed to this removable storage class.
@@ -462,8 +469,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -484,7 +492,7 @@ This policy setting denies read access to custom removable storage classes.
If you enable this policy setting, read access is denied to these removable storage classes.
-If you disable or do not configure this policy setting, read access is allowed to these removable storage classes.
+If you disable or don't configure this policy setting, read access is allowed to these removable storage classes.
@@ -508,8 +516,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -530,7 +539,7 @@ This policy setting denies read access to custom removable storage classes.
If you enable this policy setting, read access is denied to these removable storage classes.
-If you disable or do not configure this policy setting, read access is allowed to these removable storage classes.
+If you disable or don't configure this policy setting, read access is allowed to these removable storage classes.
@@ -554,8 +563,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -576,7 +586,7 @@ This policy setting denies write access to custom removable storage classes.
If you enable this policy setting, write access is denied to these removable storage classes.
-If you disable or do not configure this policy setting, write access is allowed to these removable storage classes.
+If you disable or don't configure this policy setting, write access is allowed to these removable storage classes.
@@ -599,8 +609,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -621,7 +632,7 @@ This policy setting denies write access to custom removable storage classes.
If you enable this policy setting, write access is denied to these removable storage classes.
-If you disable or do not configure this policy setting, write access is allowed to these removable storage classes.
+If you disable or don't configure this policy setting, write access is allowed to these removable storage classes.
@@ -644,8 +655,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -666,7 +678,7 @@ This policy setting denies execute access to the Floppy Drives removable storage
If you enable this policy setting, execute access is denied to this removable storage class.
-If you disable or do not configure this policy setting, execute access is allowed to this removable storage class.
+If you disable or don't configure this policy setting, execute access is allowed to this removable storage class.
@@ -689,8 +701,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -711,7 +724,7 @@ This policy setting denies read access to the Floppy Drives removable storage cl
If you enable this policy setting, read access is denied to this removable storage class.
-If you disable or do not configure this policy setting, read access is allowed to this removable storage class.
+If you disable or don't configure this policy setting, read access is allowed to this removable storage class.
@@ -734,8 +747,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -756,7 +770,7 @@ This policy setting denies read access to the Floppy Drives removable storage cl
If you enable this policy setting, read access is denied to this removable storage class.
-If you disable or do not configure this policy setting, read access is allowed to this removable storage class.
+If you disable or don't configure this policy setting, read access is allowed to this removable storage class.
@@ -779,8 +793,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -801,7 +816,7 @@ This policy setting denies write access to the Floppy Drives removable storage c
If you enable this policy setting, write access is denied to this removable storage class.
-If you disable or do not configure this policy setting, write access is allowed to this removable storage class.
+If you disable or don't configure this policy setting, write access is allowed to this removable storage class.
@@ -823,8 +838,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -845,7 +861,7 @@ This policy setting denies write access to the Floppy Drives removable storage c
If you enable this policy setting, write access is denied to this removable storage class.
-If you disable or do not configure this policy setting, write access is allowed to this removable storage class.
+If you disable or don't configure this policy setting, write access is allowed to this removable storage class.
@@ -868,8 +884,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -890,7 +907,7 @@ This policy setting denies execute access to removable disks.
If you enable this policy setting, execute access is denied to this removable storage class.
-If you disable or do not configure this policy setting, execute access is allowed to this removable storage class.
+If you disable or don't configure this policy setting, execute access is allowed to this removable storage class.
@@ -912,8 +929,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -934,7 +952,7 @@ This policy setting denies read access to removable disks.
If you enable this policy setting, read access is denied to this removable storage class.
-If you disable or do not configure this policy setting, read access is allowed to this removable storage class.
+If you disable or don't configure this policy setting, read access is allowed to this removable storage class.
@@ -957,8 +975,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -979,7 +998,7 @@ This policy setting denies read access to removable disks.
If you enable this policy setting, read access is denied to this removable storage class.
-If you disable or do not configure this policy setting, read access is allowed to this removable storage class.
+If you disable or don't configure this policy setting, read access is allowed to this removable storage class.
@@ -1001,8 +1020,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1023,7 +1043,7 @@ This policy setting denies write access to removable disks.
If you enable this policy setting, write access is denied to this removable storage class.
-If you disable or do not configure this policy setting, write access is allowed to this removable storage class.
+If you disable or don't configure this policy setting, write access is allowed to this removable storage class.
> [!NOTE]
> To require that users write data to BitLocker-protected storage, enable the policy setting "Deny write access to drives not protected by BitLocker," which is located in "Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives."
@@ -1049,8 +1069,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1073,7 +1094,7 @@ This policy setting takes precedence over any individual removable storage polic
If you enable this policy setting, no access is allowed to any removable storage class.
-If you disable or do not configure this policy setting, write and read accesses are allowed to all removable storage classes.
+If you disable or don't configure this policy setting, write and read accesses are allowed to all removable storage classes.
@@ -1096,8 +1117,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1120,7 +1142,7 @@ This policy setting takes precedence over any individual removable storage polic
If you enable this policy setting, no access is allowed to any removable storage class.
-If you disable or do not configure this policy setting, write and read accesses are allowed to all removable storage classes.
+If you disable or don't configure this policy setting, write and read accesses are allowed to all removable storage classes.
@@ -1143,8 +1165,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1165,7 +1188,7 @@ This policy setting grants normal users direct access to removable storage devic
If you enable this policy setting, remote users can open direct handles to removable storage devices in remote sessions.
-If you disable or do not configure this policy setting, remote users cannot open direct handles to removable storage devices in remote sessions.
+If you disable or don't configure this policy setting, remote users cannot open direct handles to removable storage devices in remote sessions.
@@ -1188,8 +1211,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1210,7 +1234,7 @@ This policy setting denies execute access to the Tape Drive removable storage cl
If you enable this policy setting, execute access is denied to this removable storage class.
-If you disable or do not configure this policy setting, execute access is allowed to this removable storage class.
+If you disable or don't configure this policy setting, execute access is allowed to this removable storage class.
@@ -1233,8 +1257,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1255,7 +1280,7 @@ This policy setting denies read access to the Tape Drive removable storage class
If you enable this policy setting, read access is denied to this removable storage class.
-If you disable or do not configure this policy setting, read access is allowed to this removable storage class.
+If you disable or don't configure this policy setting, read access is allowed to this removable storage class.
@@ -1277,8 +1302,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1299,7 +1325,7 @@ This policy setting denies read access to the Tape Drive removable storage class
If you enable this policy setting, read access is denied to this removable storage class.
-If you disable or do not configure this policy setting, read access is allowed to this removable storage class.
+If you disable or don't configure this policy setting, read access is allowed to this removable storage class.
@@ -1322,8 +1348,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1344,7 +1371,7 @@ This policy setting denies write access to the Tape Drive removable storage clas
If you enable this policy setting, write access is denied to this removable storage class.
-If you disable or do not configure this policy setting, write access is allowed to this removable storage class.
+If you disable or don't configure this policy setting, write access is allowed to this removable storage class.
@@ -1366,8 +1393,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1388,7 +1416,7 @@ This policy setting denies write access to the Tape Drive removable storage clas
If you enable this policy setting, write access is denied to this removable storage class.
-If you disable or do not configure this policy setting, write access is allowed to this removable storage class.
+If you disable or don't configure this policy setting, write access is allowed to this removable storage class.
@@ -1411,8 +1439,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1433,7 +1462,7 @@ This policy setting denies read access to removable disks, which may include med
If you enable this policy setting, read access is denied to this removable storage class.
-If you disable or do not configure this policy setting, read access is allowed to this removable storage class.
+If you disable or don't configure this policy setting, read access is allowed to this removable storage class.
@@ -1456,8 +1485,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1478,7 +1508,7 @@ This policy setting denies read access to removable disks, which may include med
If you enable this policy setting, read access is denied to this removable storage class.
-If you disable or do not configure this policy setting, read access is allowed to this removable storage class.
+If you disable or don't configure this policy setting, read access is allowed to this removable storage class.
@@ -1500,8 +1530,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1522,7 +1553,7 @@ This policy setting denies write access to removable disks, which may include me
If you enable this policy setting, write access is denied to this removable storage class.
-If you disable or do not configure this policy setting, write access is allowed to this removable storage class.
+If you disable or don't configure this policy setting, write access is allowed to this removable storage class.
@@ -1545,8 +1576,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1563,11 +1595,11 @@ ADMX Info:
-This policy setting denies write access to removable disks, which may include media players, cellular phones, auxiliary displays, and CE devices.
+This policy setting denies write access to removable disks that may include media players, cellular phones, auxiliary displays, and CE devices.
If you enable this policy setting, write access is denied to this removable storage class.
-If you disable or do not configure this policy setting, write access is allowed to this removable storage class.
+If you disable or don't configure this policy setting, write access is allowed to this removable storage class.
@@ -1584,4 +1616,8 @@ ADMX Info:
-
\ No newline at end of file
+
+
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-rpc.md b/windows/client-management/mdm/policy-csp-admx-rpc.md
index 24ee32b891..6f085b0205 100644
--- a/windows/client-management/mdm/policy-csp-admx-rpc.md
+++ b/windows/client-management/mdm/policy-csp-admx-rpc.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_RPC
-description: Policy CSP - ADMX_RPC
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_RPC.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/08/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_RPC
@@ -51,8 +51,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -79,7 +80,7 @@ If you don't configure this policy setting, it remains disabled. It will only g
If you enable this policy setting, the RPC runtime will generate extended error information.
-You must select an error response type in the drop-down box.
+You must select an error response type from the folowing options in the drop-down box:
- "Off" disables all extended error information for all processes. RPC only generates an error code.
- "On with Exceptions" enables extended error information, but lets you disable it for selected processes. To disable extended error information for a process while this policy setting is in effect, the command that starts the process must begin with one of the strings in the Extended Error Information Exception field.
@@ -93,7 +94,7 @@ You must select an error response type in the drop-down box.
>
> The default policy setting, "Off," is designed for systems where extended error information is considered to be sensitive, and it should not be made available remotely.
>
-> This policy setting will not be applied until the system is rebooted.
+> This policy setting won't be applied until the system is rebooted.
@@ -116,8 +117,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -145,11 +147,10 @@ If you don't configure this policy setting, it remains disabled and will generat
If you enable this policy setting, then:
- "Off" directs the RPC Runtime to generate RPC_S_SEC_PKG_ERROR if the client asks for delegation, but the created security context doesn't support delegation.
-
- "On" directs the RPC Runtime to accept security contexts that don't support delegation even if delegation was asked for.
> [!NOTE]
-> This policy setting will not be applied until the system is rebooted.
+> This policy setting won't be applied until the system is rebooted.
@@ -174,8 +175,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -207,7 +209,7 @@ If you don't configure this policy setting, it will remain disabled. The idle c
If you enable this policy setting, and the IIS server running the RPC HTTP proxy is configured with a lower idle connection timeout, the timeout on the IIS server is used. Otherwise, the provided timeout value is used. The timeout is given in seconds.
> [!NOTE]
-> This policy setting will not be applied until the system is rebooted.
+> This policy setting won't be applied until the system is rebooted.
@@ -231,8 +233,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -255,22 +258,18 @@ If you disable this policy setting, the RPC runtime defaults to "Auto2" level.
If you don't configure this policy setting, the RPC defaults to "Auto2" level.
-If you enable this policy setting, you can use the drop-down box to determine which systems maintain RPC state information.
+If you enable this policy setting, you can use the drop-down box to determine which systems maintain RPC state information from the following:
- "None" indicates that the system doesn't maintain any RPC state information. Note: Because the basic state information required for troubleshooting has a negligible effect on performance and uses only about 4K of memory, this setting isn't recommended for most installations.
-
- "Auto1" directs RPC to maintain basic state information only if the computer has at least 64 MB of memory.
-
- "Auto2" directs RPC to maintain basic state information only if the computer has at least 128 MB of memory and is running Windows 2000 Server, Windows 2000 Advanced Server, or Windows 2000 Datacenter Server.
-
- "Server" directs RPC to maintain basic state information on the computer, regardless of its capacity.
-
- "Full" directs RPC to maintain complete RPC state information on the system, regardless of its capacity. Because this level can degrade performance, it's recommended for use only while you're investigating an RPC problem.
> [!NOTE]
> To retrieve the RPC state information from a system that maintains it, you must use a debugging tool.
>
-> This policy setting will not be applied until the system is rebooted.
+> This policy setting won't be applied until the system is rebooted.
@@ -288,3 +287,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-scripts.md b/windows/client-management/mdm/policy-csp-admx-scripts.md
index 46d2eeb48e..fec515d046 100644
--- a/windows/client-management/mdm/policy-csp-admx-scripts.md
+++ b/windows/client-management/mdm/policy-csp-admx-scripts.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_Scripts
-description: Policy CSP - ADMX_Scripts
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_Scripts.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/17/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_Scripts
@@ -75,8 +75,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -121,8 +122,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -147,7 +149,7 @@ If you enable this setting, then, in the Seconds box, you can type a number from
This interval is important when other system tasks must wait while the scripts complete. By default, each startup script must complete before the next one runs. Also, you can use the "Run logon scripts synchronously" setting to direct the system to wait for the logon scripts to complete before loading the desktop.
-An excessively long interval can delay the system and inconvenience users. However, if the interval is too short, prerequisite tasks might not be done, and the system can appear to be ready prematurely.
+An excessively long interval can delay the system and cause inconvenience to users. However, if the interval is too short, prerequisite tasks might not be done, and the system can appear to be ready prematurely.
If you disable or don't configure this setting, the system lets the combined set of scripts run for up to 600 seconds (10 minutes). This value is the default value.
@@ -173,8 +175,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -201,19 +204,19 @@ There are three GPOs (GPO A, GPO B, and GPO C). This policy setting is enabled i
GPO B and GPO C include the following computer startup scripts:
-GPO B: B.cmd, B.ps1
-GPO C: C.cmd, C.ps1
+- GPO B: B.cmd, B.ps1
+- GPO C: C.cmd, C.ps1
Assume also that there are two computers, DesktopIT and DesktopSales.
For DesktopIT, GPOs A, B, and C are applied. Therefore, the scripts for GPOs B and C run in the following order for DesktopIT:
-Within GPO B: B.ps1, B.cmd
-Within GPO C: C.ps1, C.cmd
+- Within GPO B: B.ps1, B.cmd
+- Within GPO C: C.ps1, C.cmd
For DesktopSales, GPOs B and C are applied, but not GPO A. Therefore, the scripts for GPOs B and C run in the following order for DesktopSales:
-Within GPO B: B.cmd, B.ps1
-Within GPO C: C.cmd, C.ps1
+- Within GPO B: B.cmd, B.ps1
+- Within GPO C: C.cmd, C.ps1
> [!NOTE]
> This policy setting determines the order in which computer startup and shutdown scripts are run within all applicable GPOs. You can override this policy setting for specific script types within a specific GPO by configuring the following policy settings for the GPO:
@@ -242,8 +245,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -292,8 +296,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -340,8 +345,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -388,8 +394,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -436,8 +443,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -484,8 +492,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -532,8 +541,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -583,8 +593,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -634,8 +645,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -663,19 +675,19 @@ There are three GPOs (GPO A, GPO B, and GPO C). This policy setting is enabled i
GPO B and GPO C include the following user logon scripts:
-GPO B: B.cmd, B.ps1
-GPO C: C.cmd, C.ps1
+- GPO B: B.cmd, B.ps1
+- GPO C: C.cmd, C.ps1
Assume also that there are two users, Qin Hong and Tamara Johnston.
For Qin, GPOs A, B, and C are applied. Therefore, the scripts for GPOs B and C run in the following order for Qin:
-Within GPO B: B.ps1, B.cmd
-Within GPO C: C.ps1, C.cmd
+- Within GPO B: B.ps1, B.cmd
+- Within GPO C: C.ps1, C.cmd
For Tamara, GPOs B and C are applied, but not GPO A. Therefore, the scripts for GPOs B and C run in the following order for Tamara:
-Within GPO B: B.cmd, B.ps1
-Within GPO C: C.cmd, C.ps1
+- Within GPO B: B.cmd, B.ps1
+- Within GPO C: C.cmd, C.ps1
> [!NOTE]
> This policy setting determines the order in which user logon and logoff scripts are run within all applicable GPOs. You can override this policy setting for specific script types within a specific GPO by configuring the following policy settings for the GPO:
@@ -702,3 +714,7 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
+
diff --git a/windows/client-management/mdm/policy-csp-admx-sdiageng.md b/windows/client-management/mdm/policy-csp-admx-sdiageng.md
index 5b902e0ec5..354380bdd2 100644
--- a/windows/client-management/mdm/policy-csp-admx-sdiageng.md
+++ b/windows/client-management/mdm/policy-csp-admx-sdiageng.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_sdiageng
-description: Policy CSP - ADMX_sdiageng
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_sdiageng.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/18/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_sdiageng
@@ -48,8 +48,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -68,7 +69,7 @@ manager: dansimp
This policy setting allows Internet-connected users to access and search troubleshooting content that is hosted on Microsoft content servers. Users can access online troubleshooting content from within the Troubleshooting Control Panel UI by clicking "Yes" when they are prompted by a message that states, "Do you want the most up-to-date troubleshooting content?"
-If you enable or do not configure this policy setting, users who are connected to the Internet can access and search troubleshooting content that is hosted on Microsoft content servers from within the Troubleshooting Control Panel user interface.
+If you enable or don't configure this policy setting, users who are connected to the Internet can access and search troubleshooting content that is hosted on Microsoft content servers from within the Troubleshooting Control Panel user interface.
If you disable this policy setting, users can only access and search troubleshooting content that is available locally on their computers, even if they are connected to the Internet. They are prevented from connecting to the Microsoft servers that host the Windows Online Troubleshooting Service.
@@ -94,8 +95,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -114,11 +116,11 @@ ADMX Info:
This policy setting allows users to access and run the troubleshooting tools that are available in the Troubleshooting Control Panel and to run the troubleshooting wizard to troubleshoot problems on their computers.
-If you enable or do not configure this policy setting, users can access and run the troubleshooting tools from the Troubleshooting Control Panel.
+If you enable or don't configure this policy setting, users can access and run the troubleshooting tools from the Troubleshooting Control Panel.
If this policy setting is disabled, the users cannot access or run the troubleshooting tools from the Control Panel.
->[!Note]
+>[!NOTE]
>This setting also controls a user's ability to launch standalone troubleshooting packs such as those found in .diagcab files.
@@ -143,8 +145,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -165,7 +168,7 @@ This policy setting determines whether scripted diagnostics will execute diagnos
If you enable this policy setting, the scripted diagnostics execution engine validates the signer of any diagnostic package and runs only those signed by trusted publishers.
-If you disable or do not configure this policy setting, the scripted diagnostics execution engine runs all digitally signed packages.
+If you disable or don't configure this policy setting, the scripted diagnostics execution engine runs all digitally signed packages.
@@ -183,4 +186,6 @@ ADMX Info:
+## Related topics
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-sdiagschd.md b/windows/client-management/mdm/policy-csp-admx-sdiagschd.md
index 31c0354809..84cea15e19 100644
--- a/windows/client-management/mdm/policy-csp-admx-sdiagschd.md
+++ b/windows/client-management/mdm/policy-csp-admx-sdiagschd.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_sdiagschd
-description: Policy CSP - ADMX_sdiagschd
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_sdiagschd.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/17/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_sdiagschd
@@ -43,8 +43,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -63,12 +64,12 @@ manager: dansimp
This policy determines whether scheduled diagnostics will run to proactively detect and resolve system problems.
-- If you enable this policy setting, you must choose an execution level.
+If you enable this policy setting, you must choose an execution level from the following:
-If you choose detection and troubleshooting only, Windows will periodically detect and troubleshoot problems. The user will be notified of the problem for interactive resolution.
-If you choose detection, troubleshooting and resolution, Windows will resolve some of these problems silently without requiring user input.
+- If you choose detection and troubleshooting only, Windows will periodically detect and troubleshoot problems. The user will be notified of the problem for interactive resolution.
+- If you choose detection, troubleshooting and resolution, Windows will resolve some of these problems silently without requiring user input.
-- If you disable this policy setting, Windows won't be able to detect, troubleshoot or resolve problems on a scheduled basis.
+If you disable this policy setting, Windows won't be able to detect, troubleshoot or resolve problems on a scheduled basis.
If you don't configure this policy setting, local troubleshooting preferences will take precedence, as configured in the control panel. If no local troubleshooting preference is configured, scheduled diagnostics are enabled for detection, troubleshooting and resolution by default. No reboots or service restarts are required for this policy to take effect: changes take effect immediately. This policy setting will only take effect when the Task Scheduler service is in the running state. When the service is stopped or disabled, scheduled diagnostics won't be executed. The Task Scheduler service can be configured with the Services snap-in to the Microsoft Management Console.
@@ -88,3 +89,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-securitycenter.md b/windows/client-management/mdm/policy-csp-admx-securitycenter.md
index 92746a10df..66efb88c7f 100644
--- a/windows/client-management/mdm/policy-csp-admx-securitycenter.md
+++ b/windows/client-management/mdm/policy-csp-admx-securitycenter.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_Securitycenter
-description: Policy CSP - ADMX_Securitycenter
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_Securitycenter.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/18/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_Securitycenter
@@ -42,8 +42,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -60,7 +61,9 @@ manager: dansimp
-This policy setting specifies whether Security Center is turned on or off for computers that are joined to an Active Directory domain. When Security Center is turned on, it monitors essential security settings and notifies the user when the computer might be at risk. The Security Center Control Panel category view also contains a status section, where the user can get recommendations to help increase the computer's security. When Security Center isn't enabled on the domain, the notifications and the Security Center status section aren't displayed.
+This policy setting specifies whether Security Center is turned on or off for computers that are joined to an Active Directory domain. When Security Center is turned on, it monitors essential security settings and notifies the user when the computer might be at risk.
+
+The Security Center Control Panel category view also contains a status section, where the user can get recommendations to help increase the computer's security. When Security Center isn't enabled on the domain, the notifications and the Security Center status section aren't displayed.
Security Center can only be turned off for computers that are joined to a Windows domain. When a computer isn't joined to a Windows domain, the policy setting will have no effect.
@@ -89,3 +92,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-sensors.md b/windows/client-management/mdm/policy-csp-admx-sensors.md
index 560b651c17..37049367dc 100644
--- a/windows/client-management/mdm/policy-csp-admx-sensors.md
+++ b/windows/client-management/mdm/policy-csp-admx-sensors.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_Sensors
-description: Policy CSP - ADMX_Sensors
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_Sensors.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 10/22/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_Sensors
@@ -54,8 +54,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -74,9 +75,9 @@ manager: dansimp
This policy setting turns off scripting for the location feature.
-If you enable this policy setting, scripts for the location feature will not run.
+If you enable this policy setting, scripts for the location feature won't run.
-If you disable or do not configure this policy setting, all location scripts will run.
+If you disable or don't configure this policy setting, all location scripts will run.
@@ -100,8 +101,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -122,7 +124,7 @@ This policy setting turns off scripting for the location feature.
If you enable this policy setting, scripts for the location feature will not run.
-If you disable or do not configure this policy setting, all location scripts will run.
+If you disable or don't configure this policy setting, all location scripts will run.
@@ -146,8 +148,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -168,7 +171,7 @@ This policy setting turns off the location feature for this computer.
If you enable this policy setting, the location feature is turned off, and all programs on this computer are prevented from using location information from the location feature.
-If you disable or do not configure this policy setting, all programs on this computer will not be prevented from using location information from the location feature.
+If you disable or don't configure this policy setting, all programs on this computer won't be prevented from using location information from the location feature.
@@ -192,8 +195,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -212,9 +216,9 @@ ADMX Info:
This policy setting turns off the sensor feature for this computer.
-If you enable this policy setting, the sensor feature is turned off, and all programs on this computer cannot use the sensor feature.
+If you enable this policy setting, the sensor feature is turned off, and all programs on this computer can't use the sensor feature.
-If you disable or do not configure this policy setting, all programs on this computer can use the sensor feature.
+If you disable or don't configure this policy setting, all programs on this computer can use the sensor feature.
@@ -238,8 +242,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -258,9 +263,9 @@ ADMX Info:
This policy setting turns off the sensor feature for this computer.
-If you enable this policy setting, the sensor feature is turned off, and all programs on this computer cannot use the sensor feature.
+If you enable this policy setting, the sensor feature is turned off, and all programs on this computer can't use the sensor feature.
-If you disable or do not configure this policy setting, all programs on this computer can use the sensor feature.
+If you disable or don't configure this policy setting, all programs on this computer can use the sensor feature.
@@ -278,4 +283,8 @@ ADMX Info:
-
\ No newline at end of file
+
+
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-servermanager.md b/windows/client-management/mdm/policy-csp-admx-servermanager.md
index 8bb98497e4..2f5de5c9a8 100644
--- a/windows/client-management/mdm/policy-csp-admx-servermanager.md
+++ b/windows/client-management/mdm/policy-csp-admx-servermanager.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_ServerManager
-description: Policy CSP - ADMX_ServerManager
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_ServerManager.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/18/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_ServerManager
@@ -52,8 +52,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -70,11 +71,11 @@ manager: dansimp
-This policy setting allows you to turn off the automatic display of Server Manager at a sign in.
+This policy setting allows you to turn off the automatic display of Server Manager at sign in.
-- If you enable this policy setting, Server Manager isn't displayed automatically when a user signs in to the server.
+If you enable this policy setting, Server Manager isn't displayed automatically when a user signs in to the server.
-- If you disable this policy setting, Server Manager is displayed automatically when a user signs in to the server.
+If you disable this policy setting, Server Manager is displayed automatically when a user signs in to the server.
If you don't configure this policy setting, Server Manager is displayed when a user signs in to the server. However, if the "Do not show me this console at logon" (Windows Server 2008 and Windows Server 2008 R2) or “Do not start Server Manager automatically at logon” (Windows Server 2012) option is selected, the console isn't displayed automatically at a sign in.
@@ -104,8 +105,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -154,8 +156,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -174,9 +177,9 @@ ADMX Info:
This policy setting allows you to turn off the automatic display of the Initial Configuration Tasks window at a sign in on Windows Server 2008 and Windows Server 2008 R2.
-- If you enable this policy setting, the Initial Configuration Tasks window isn't displayed when an administrator signs in to the server.
+If you enable this policy setting, the Initial Configuration Tasks window isn't displayed when an administrator signs in to the server.
-- If you disable this policy setting, the Initial Configuration Tasks window is displayed when an administrator signs in to the server.
+If you disable this policy setting, the Initial Configuration Tasks window is displayed when an administrator signs in to the server.
If you don't configure this policy setting, the Initial Configuration Tasks window is displayed when an administrator signs in to the server. However, if an administrator selects the "Do not show this window at logon" option, the window isn't displayed on subsequent logons.
@@ -202,8 +205,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -243,3 +247,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-servicing.md b/windows/client-management/mdm/policy-csp-admx-servicing.md
index a995b45573..07ca3a013c 100644
--- a/windows/client-management/mdm/policy-csp-admx-servicing.md
+++ b/windows/client-management/mdm/policy-csp-admx-servicing.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_Servicing
-description: Policy CSP - ADMX_Servicing
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_Servicing.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/18/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_Servicing
@@ -37,8 +37,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -81,3 +82,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-settingsync.md b/windows/client-management/mdm/policy-csp-admx-settingsync.md
index 9d61845ecc..c68630eec1 100644
--- a/windows/client-management/mdm/policy-csp-admx-settingsync.md
+++ b/windows/client-management/mdm/policy-csp-admx-settingsync.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_SettingSync
-description: Policy CSP - ADMX_SettingSync
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_SettingSync.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/01/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_SettingSync
@@ -66,8 +66,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -84,11 +85,11 @@ manager: dansimp
-Prevent the "AppSync" group from syncing to and from this PC. This option turns off and disables the "AppSync" group on the "sync your settings" page in PC settings.
+This policy setting prevents the "AppSync" group from syncing to and from this PC. This option turns off and disables the "AppSync" group on the "sync your settings" page in PC settings.
If you enable this policy setting, the "AppSync" group won't be synced.
-Use the option "Allow users to turn app syncing on" so that syncing it turned off by default but not disabled.
+Use the option "Allow users to turn app syncing on" so that syncing it is turned off by default but not disabled.
If you don't set or disable this setting, syncing of the "AppSync" group is on by default and configurable by the user.
@@ -114,8 +115,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -132,11 +134,11 @@ ADMX Info:
-Prevent the "app settings" group from syncing to and from this PC. This option turns off and disables the "app settings" group on the "sync your settings" page in PC settings.
+This policy seting prevents the "app settings" group from syncing to and from this PC. This option turns off and disables the "app settings" group on the "sync your settings" page in PC settings.
If you enable this policy setting, the "app settings" group won't be synced.
-Use the option "Allow users to turn app settings syncing on" so that syncing it turned off by default but not disabled.
+Use the option "Allow users to turn app settings syncing on" so that syncing it is turned off by default but not disabled.
If you don't set or disable this setting, syncing of the "app settings" group is on by default and configurable by the user.
@@ -162,8 +164,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -180,11 +183,11 @@ ADMX Info:
-Prevent the "passwords" group from syncing to and from this PC. This option turns off and disables the "passwords" group on the "sync your settings" page in PC settings.
+This policy seting prevents the "passwords" group from syncing to and from this PC. This option turns off and disables the "passwords" group on the "sync your settings" page in PC settings.
If you enable this policy setting, the "passwords" group won't be synced.
-Use the option "Allow users to turn passwords syncing on" so that syncing it turned off by default but not disabled.
+Use the option "Allow users to turn passwords syncing on" so that syncing it is turned off by default but not disabled.
If you don't set or disable this setting, syncing of the "passwords" group is on by default and configurable by the user.
@@ -210,8 +213,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -228,11 +232,11 @@ ADMX Info:
-Prevent the "desktop personalization" group from syncing to and from this PC. This option turns off and disables the "desktop personalization" group on the "sync your settings" page in PC settings.
+This policy setting prevents the "desktop personalization" group from syncing to and from this PC. This option turns off and disables the "desktop personalization" group on the "sync your settings" page in PC settings.
If you enable this policy setting, the "desktop personalization" group won't be synced.
-Use the option "Allow users to turn desktop personalization syncing on" so that syncing it turned off by default but not disabled.
+Use the option "Allow users to turn desktop personalization syncing on" so that syncing it is turned off by default but not disabled.
If you don't set or disable this setting, syncing of the "desktop personalization" group is on by default and configurable by the user.
@@ -258,8 +262,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -276,11 +281,11 @@ ADMX Info:
-Prevent the "personalize" group from syncing to and from this PC. This option turns off and disables the "personalize" group on the "sync your settings" page in PC settings.
+This policy setting prevents the "personalize" group from syncing to and from this PC. This option turns off and disables the "personalize" group on the "sync your settings" page in PC settings.
If you enable this policy setting, the "personalize" group won't be synced.
-Use the option "Allow users to turn personalize syncing on" so that syncing it turned off by default but not disabled.
+Use the option "Allow users to turn personalize syncing on" so that syncing it is turned off by default but not disabled.
If you don't set or disable this setting, syncing of the "personalize" group is on by default and configurable by the user.
@@ -306,8 +311,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -324,11 +330,11 @@ ADMX Info:
-Prevent syncing to and from this PC. This option turns off and disables the "sync your settings" switch on the "sync your settings" page in PC Settings.
+This policy setting prevents syncing to and from this PC. This option turns off and disables the "sync your settings" switch on the "sync your settings" page in PC Settings.
If you enable this policy setting, "sync your settings" will be turned off, and none of the "sync your setting" groups will be synced on this PC.
-Use the option "Allow users to turn syncing on" so that syncing it turned off by default but not disabled.
+Use the option "Allow users to turn syncing on" so that syncing it is turned off by default but not disabled.
If you don't set or disable this setting, "sync your settings" is on by default and configurable by the user.
@@ -354,8 +360,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -372,7 +379,7 @@ ADMX Info:
-Prevent the "Start layout" group from syncing to and from this PC. This option turns off and disables the "Start layout" group on the "sync your settings" page in PC settings.
+This policy setting prevents the "Start layout" group from syncing to and from this PC. This option turns off and disables the "Start layout" group on the "sync your settings" page in PC settings.
If you enable this policy setting, the "Start layout" group won't be synced.
@@ -402,8 +409,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -420,7 +428,7 @@ ADMX Info:
-Prevent syncing to and from this PC when on metered Internet connections. This option turns off and disables "sync your settings on metered connections" switch on the "sync your settings" page in PC Settings.
+This policy setting prevents syncing to and from this PC when on metered Internet connections. This option turns off and disables "sync your settings on metered connections" switch on the "sync your settings" page in PC Settings.
If you enable this policy setting, syncing on metered connections will be turned off, and no syncing will take place when this PC is on a metered connection.
@@ -448,8 +456,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -466,11 +475,11 @@ ADMX Info:
-Prevent the "Other Windows settings" group from syncing to and from this PC. This option turns off and disables the "Other Windows settings" group on the "sync your settings" page in PC settings.
+This policy setting prevents the "Other Windows settings" group from syncing to and from this PC. This option turns off and disables the "Other Windows settings" group on the "sync your settings" page in PC settings.
If you enable this policy setting, the "Other Windows settings" group won't be synced.
-Use the option "Allow users to turn other Windows settings syncing on" so that syncing it turned off by default but not disabled.
+Use the option "Allow users to turn other Windows settings syncing on" so that syncing it is turned off by default but not disabled.
If you don't set or disable this setting, syncing of the "Other Windows settings" group is on by default and configurable by the user.
@@ -491,3 +500,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-sharedfolders.md b/windows/client-management/mdm/policy-csp-admx-sharedfolders.md
index 08337cd9ac..a018d51a65 100644
--- a/windows/client-management/mdm/policy-csp-admx-sharedfolders.md
+++ b/windows/client-management/mdm/policy-csp-admx-sharedfolders.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_SharedFolders
-description: Policy CSP - ADMX_SharedFolders
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_SharedFolders.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/21/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_SharedFolders
@@ -44,8 +44,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -64,7 +65,7 @@ manager: dansimp
This policy setting determines whether the user can publish DFS roots in Active Directory Domain Services (AD DS).
-If you enable or do not configure this policy setting, users can use the "Publish in Active Directory" option to publish DFS roots as shared folders in AD DS .
+If you enable or don't configure this policy setting, users can use the "Publish in Active Directory" option to publish DFS roots as shared folders in AD DS .
If you disable this policy setting, users cannot publish DFS roots in AD DS and the "Publish in Active Directory" option is disabled.
@@ -94,8 +95,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -114,9 +116,9 @@ ADMX Info:
This policy setting determines whether the user can publish shared folders in Active Directory Domain Services (AD DS).
-If you enable or do not configure this policy setting, users can use the "Publish in Active Directory" option in the Shared Folders snap-in to publish shared folders in AD DS.
+If you enable or don't configure this policy setting, users can use the "Publish in Active Directory" option in the Shared Folders snap-in to publish shared folders in AD DS.
-If you disable this policy setting, users cannot publish shared folders in AD DS, and the "Publish in Active Directory" option is disabled.
+If you disable this policy setting, users can't publish shared folders in AD DS, and the "Publish in Active Directory" option is disabled.
> [!NOTE]
> The default is to allow shared folders to be published when this setting is not configured.
@@ -139,3 +141,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-sharing.md b/windows/client-management/mdm/policy-csp-admx-sharing.md
index 72af1e5fd1..77f8afb7f8 100644
--- a/windows/client-management/mdm/policy-csp-admx-sharing.md
+++ b/windows/client-management/mdm/policy-csp-admx-sharing.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_Sharing
-description: Policy CSP - ADMX_Sharing
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_Sharing.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/21/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_Sharing
@@ -41,8 +41,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -82,3 +83,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md b/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md
index d9a9efabdf..fa6a4ebe37 100644
--- a/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md
+++ b/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_ShellCommandPromptRegEditTools
-description: Policy CSP - ADMX_ShellCommandPromptRegEditTools
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_ShellCommandPromptRegEditTools.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/18/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_ShellCommandPromptRegEditTools
@@ -52,8 +52,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -70,13 +71,13 @@ manager: dansimp
-This policy setting prevents users from running the interactive command prompt, Cmd.exe.
+This policy setting prevents users from running the interactive command prompt `Cmd.exe`.
This policy setting also determines whether batch files (.cmd and .bat) can run on the computer.
-- If you enable this policy setting and the user tries to open a command window, the system displays a message explaining that a setting prevents the action. .
+If you enable this policy setting and the user tries to open a command window, the system displays a message explaining that a setting prevents the action. .
-- If you disable this policy setting or don't configure it, users can run Cmd.exe and batch files normally.
+If you disable this policy setting or don't configure it, users can run Cmd.exe and batch files normally.
> [!NOTE]
> Don't prevent the computer from running batch files if the computer uses logon, logoff, startup, or shutdown batch file scripts, or for users that use Remote Desktop Services.
@@ -105,8 +106,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -123,11 +125,11 @@ ADMX Info:
-This policy setting disables the Windows registry editor Regedit.exe.
+This policy setting disables the Windows registry editor `Regedit.exe`.
-- If you enable this policy setting and the user tries to start Regedit.exe, a message appears explaining that a policy setting prevents the action.
+If you enable this policy setting and the user tries to start `Regedit.exe`, a message appears explaining that a policy setting prevents the action.
-- If you disable this policy setting or don't configure it, users can run Regedit.exe normally.
+If you disable this policy setting or don't configure it, users can run `Regedit.exe` normally.
To prevent users from using other administrative tools, use the "Run only specified Windows applications" policy setting.
@@ -153,8 +155,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -173,11 +176,11 @@ ADMX Info:
This policy setting limits the Windows programs that users have permission to run on the computer.
-- If you enable this policy setting, users can only run programs that you add to the list of allowed applications.
+If you enable this policy setting, users can only run programs that you add to the list of allowed applications.
-- If you disable this policy setting or don't configure it, users can run all applications. This policy setting only prevents users from running programs that are started by the File Explorer process.
+If you disable this policy setting or don't configure it, users can run all applications. This policy setting only prevents users from running programs that are started by the File Explorer process.
-It doesn't prevent users from running programs such as Task Manager, which is started by the system process or by other processes. Also, if users have access to the command prompt (Cmd.exe), this policy setting doesn't prevent them from starting programs in the command window even though they would be prevented from doing so using File Explorer.
+It doesn't prevent users from running programs such as Task Manager, which is started by the system process or by other processes. Also, if users have access to the command prompt `Cmd.exe`, this policy setting doesn't prevent them from starting programs in the command window even though they would be prevented from doing so using File Explorer.
Non-Microsoft applications with Windows 2000 or later certification are required to comply with this policy setting.
@@ -205,8 +208,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -225,15 +229,15 @@ ADMX Info:
This policy setting prevents Windows from running the programs you specify in this policy setting.
-- If you enable this policy setting, users can't run programs that you add to the list of disallowed applications.
+If you enable this policy setting, users can't run programs that you add to the list of disallowed applications.
-- If you disable this policy setting or don't configure it, users can run any programs.
+If you disable this policy setting or don't configure it, users can run any programs.
This policy setting only prevents users from running programs that are started by the File Explorer process. It doesn't prevent users from running programs, such as Task Manager, which are started by the system process or by other processes. Also, if users have access to the command prompt (Cmd.exe), this policy setting doesn't prevent them from starting programs in the command window even though they would be prevented from doing so using File Explorer.
Non-Microsoft applications with Windows 2000 or later certification are required to comply with this policy setting.
-To create a list of allowed applications, click Show. In the Show Contents dialog box, in the Value column, type the application executable name (for example, Winword.exe, Poledit.exe, Powerpnt.exe).
+To create a list of allowed applications, click Show. In the Show Contents dialog box, in the Value column, type the application executable name (for example, Winword.exe, Poledit.exe, Powerpnt.exe).
@@ -251,3 +255,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-smartcard.md b/windows/client-management/mdm/policy-csp-admx-smartcard.md
index 089c628ab8..8145f4e15f 100644
--- a/windows/client-management/mdm/policy-csp-admx-smartcard.md
+++ b/windows/client-management/mdm/policy-csp-admx-smartcard.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_Smartcard
-description: Policy CSP - ADMX_Smartcard
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_Smartcard.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/23/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_Smartcard
@@ -87,8 +87,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -107,7 +108,7 @@ manager: dansimp
This policy setting lets you allow certificates without an Extended Key Usage (EKU) set to be used for signing in.
-In versions of Windows prior to Windows Vista, smart card certificates that are used for a sign in require an enhanced key usage (EKU) extension with a smart card logon object identifier. This policy setting can be used to modify that restriction.
+In versions of Windows, prior to Windows Vista, smart card certificates that are used for a sign-in require an enhanced key usage (EKU) extension with a smart card logon object identifier. This policy setting can be used to modify that restriction.
If you enable this policy setting, certificates with the following attributes can also be used to sign in on with a smart card:
@@ -139,8 +140,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -159,7 +161,7 @@ ADMX Info:
This policy setting lets you determine whether the integrated unblock feature will be available in the logon User Interface (UI).
-In order to use the integrated unblock feature, your smart card must support this feature. Check with your hardware manufacturer to see if your smart card supports this feature.
+In order to use the integrated unblock feature, your smart card must support this feature. Check with your hardware manufacturer to see if your smart card supports this feature.
If you enable this policy setting, the integrated unblock feature will be available.
@@ -187,8 +189,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -233,8 +236,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -251,9 +255,9 @@ ADMX Info:
-This policy setting permits those certificates to be displayed for a sign in which are either expired or not yet valid.
+This policy setting permits those certificates to be displayed for a sign-in, which are either expired or not yet valid.
-Under previous versions of Microsoft Windows, certificates were required to contain a valid time and not be expired. The certificate must still be accepted by the domain controller in order to be used. This setting only controls the displaying of the certificate on the client machine.
+Under previous versions of Microsoft Windows, certificates were required to contain a valid time and not be expired. The certificate must still be accepted by the domain controller in order to be used. This setting only controls displaying of the certificate on the client machine.
If you enable this policy setting, certificates will be listed on the sign-in screen regardless of whether they have an invalid time or their time validity has expired.
@@ -281,8 +285,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -327,8 +332,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -345,7 +351,11 @@ ADMX Info:
-This policy setting allows you to manage the cleanup behavior of root certificates. If you enable this policy setting, then root certificate cleanup will occur according to the option selected. If you disable or don't configure this setting then root certificate cleanup will occur on a sign out.
+This policy setting allows you to manage the cleanup behavior of root certificates.
+
+If you enable this policy setting, then root certificate cleanup will occur according to the option selected.
+
+If you disable or don't configure this setting then root certificate cleanup will occur on a sign out.
@@ -369,8 +379,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -392,7 +403,7 @@ This policy setting allows you to manage the root certificate propagation that o
If you enable or don't configure this policy setting then root certificate propagation will occur when you insert your smart card.
> [!NOTE]
-> For this policy setting to work the following policy setting must also be enabled: Turn on certificate propagation from smart card.
+> For this policy setting to work this policy setting must also be enabled: "Turn on certificate propagation from smart card".
If you disable this policy setting, then root certificates won't be propagated from the smart card.
@@ -418,8 +429,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -467,8 +479,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -485,7 +498,7 @@ ADMX Info:
-This policy setting allows you to control whether elliptic curve cryptography (ECC) certificates on a smart card can be used to sign in to a domain.
+This policy setting allows you to control whether elliptic curve cryptography (ECC) certificates on a smart card can be used to sign-in to a domain.
If you enable this policy setting, ECC certificates on a smart card can be used to sign in to a domain.
@@ -494,6 +507,7 @@ If you disable or don't configure this policy setting, ECC certificates on a sma
> [!NOTE]
> This policy setting only affects a user's ability to log on to a domain. ECC certificates on a smart card that are used for other applications, such as document signing, are not affected by this policy setting.
> If you use an ECDSA key to log on, you must also have an associated ECDH key to permit logons when you are not connected to the network.
+
@@ -516,8 +530,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -541,7 +556,7 @@ During the certificate renewal period, a user can have multiple valid logon cert
If there are two or more of the "same" certificate on a smart card and this policy is enabled, then the certificate that is used for a sign in on Windows 2000, Windows XP, and Windows 2003 Server will be shown, otherwise the certificate with the expiration time furthest in the future will be shown.
> [!NOTE]
-> This setting will be applied after the following policy: "Allow time invalid certificates"
+> This setting will be applied after this policy: "Allow time invalid certificates"
If you enable or don't configure this policy setting, filtering will take place.
@@ -569,8 +584,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -587,9 +603,9 @@ ADMX Info:
-This policy setting allows you to manage the reading of all certificates from the smart card for a sign in.
+This policy setting allows you to manage the reading of all certificates from the smart card for a sign-in.
-During a sign in, Windows will by default only read the default certificate from the smart card unless it supports retrieval of all certificates in a single call. This setting forces Windows to read all the certificates from the card. This setting can introduce a significant performance decrease in certain situations. Contact your smart card vendor to determine if your smart card and associated CSP supports the required behavior.
+During a sign-in, Windows will by default only read the default certificate from the smart card unless it supports retrieval of all certificates in a single call. This setting forces Windows to read all the certificates from the card. This setting can introduce a significant performance decrease in certain situations. Contact your smart card vendor to determine if your smart card and associated CSP supports the required behavior.
If you enable this setting, then Windows will attempt to read all certificates from the smart card regardless of the feature set of the CSP.
@@ -617,8 +633,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -640,7 +657,7 @@ This policy setting allows you to manage the displayed message when a smart card
If you enable this policy setting, the specified message will be displayed to the user when the smart card is blocked.
> [!NOTE]
-> The following policy setting must be enabled: Allow Integrated Unblock screen to be displayed at the time of logon.
+> The following policy setting must be enabled: "Allow Integrated Unblock screen to be displayed at the time of logon".
If you disable or don't configure this policy setting, the default message will be displayed to the user when the smart card is blocked, if the integrated unblock feature is enabled.
@@ -666,8 +683,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -686,7 +704,7 @@ ADMX Info:
This policy setting lets you reverse the subject name from how it's stored in the certificate when displaying it during a sign in.
-By default the user principal name (UPN) is displayed in addition to the common name to help users distinguish one certificate from another. For example, if the certificate subject was CN=User1, OU=Users, DN=example, DN=com and had an UPN of user1@example.com then "User1" will be displayed along with "user1@example.com." If the UPN isn't present, then the entire subject name will be displayed. This setting controls the appearance of that subject name and might need to be adjusted per organization.
+By default the User Principal Name (UPN) is displayed in addition to the common name to help users distinguish one certificate from another. For example, if the certificate subject was CN=User1, OU=Users, DN=example, DN=com and had an UPN of user1@example.com then "User1" will be displayed along with "user1@example.com." If the UPN isn't present, then the entire subject name will be displayed. This setting controls the appearance of that subject name and might need to be adjusted per organization.
If you enable this policy setting or don't configure this setting, then the subject name will be reversed.
@@ -714,8 +732,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -763,8 +782,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -812,8 +832,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -830,7 +851,7 @@ ADMX Info:
-This policy setting lets you determine whether an optional field will be displayed during a sign in and elevation that allows users to enter their user name or user name and domain, thereby associating a certificate with the users.
+This policy setting lets you determine whether an optional field will be displayed during a sign-in and elevation that allows users to enter their user name or user name and domain, thereby associating a certificate with the users.
If you enable this policy setting, then an optional field that allows a user to enter their user name or user name and domain will be displayed.
@@ -854,3 +875,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-snmp.md b/windows/client-management/mdm/policy-csp-admx-snmp.md
index 528ebac188..a65f75e734 100644
--- a/windows/client-management/mdm/policy-csp-admx-snmp.md
+++ b/windows/client-management/mdm/policy-csp-admx-snmp.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_Snmp
-description: Policy CSP - ADMX_Snmp
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_Snmp.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/24/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_Snmp
@@ -48,8 +48,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -74,13 +75,13 @@ A valid community is a community recognized by the SNMP service, while a communi
If you enable this policy setting, the SNMP agent only accepts requests from management systems within the communities it recognizes, and only SNMP Read operation is allowed for the community.
-If you disable or do not configure this policy setting, the SNMP service takes the Valid Communities configured on the local computer instead.
+If you disable or don't configure this policy setting, the SNMP service takes the Valid Communities configured on the local computer instead.
Best practice: For security purposes, it is recommended to restrict the HKLM\SOFTWARE\Policies\SNMP\Parameters\ValidCommunities key to allow only the local admin group full control.
> [!NOTE]
> - It is good practice to use a cryptic community name.
-> - This policy setting has no effect if the SNMP agent is not installed on the client computer.
+> - This policy setting has no effect if the SNMP agent isn't installed on the client computer.
Also, see the other two SNMP settings: "Specify permitted managers" and "Specify trap configuration".
@@ -106,8 +107,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -132,12 +134,12 @@ The manager is located on the host computer on the network. The manager's role i
If you enable this policy setting, the SNMP agent only accepts requests from the list of permitted managers that you configure using this setting.
-If you disable or do not configure this policy setting, SNMP service takes the permitted managers configured on the local computer instead.
+If you disable or don't configure this policy setting, SNMP service takes the permitted managers configured on the local computer instead.
Best practice: For security purposes, it is recommended to restrict the HKLM\SOFTWARE\Policies\SNMP\Parameters\PermittedManagers key to allow only the local admin group full control.
> [!NOTE]
-> This policy setting has no effect if the SNMP agent is not installed on the client computer.
+> This policy setting has no effect if the SNMP agent isn't installed on the client computer.
Also, see the other two SNMP policy settings: "Specify trap configuration" and "Specify Community Name".
@@ -163,8 +165,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -189,10 +192,10 @@ This policy setting allows you to configure the name of the hosts that receive t
If you enable this policy setting, the SNMP service sends trap messages to the hosts within the "public" community.
-If you disable or do not configure this policy setting, the SNMP service takes the trap configuration configured on the local computer instead.
+If you disable or don't configure this policy setting, the SNMP service takes the trap configuration configured on the local computer instead.
> [!NOTE]
-> This setting has no effect if the SNMP agent is not installed on the client computer.
+> This setting has no effect if the SNMP agent isn't installed on the client computer.
Also, see the other two SNMP settings: "Specify permitted managers" and "Specify Community Name".
@@ -214,3 +217,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-soundrec.md b/windows/client-management/mdm/policy-csp-admx-soundrec.md
index 1609eb9c33..dcc94a5737 100644
--- a/windows/client-management/mdm/policy-csp-admx-soundrec.md
+++ b/windows/client-management/mdm/policy-csp-admx-soundrec.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_SoundRec
-description: Policy CSP - ADMX_SoundRec
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_SoundRec.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/01/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_SoundRec
@@ -46,8 +46,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -64,11 +65,13 @@ manager: dansimp
-This policy specifies whether Sound Recorder can run. Sound Recorder is a feature of Microsoft Windows Vista that can be used to record sound from an audio input device where the recorded sound is encoded and saved as an audio file.
+This policy specifies whether Sound Recorder can run.
-If you enable this policy setting, Sound Recorder will not run.
+Sound Recorder is a feature of Microsoft Windows Vista that can be used to record sound from an audio input device where the recorded sound is encoded and saved as an audio file.
-If you disable or do not configure this policy setting, Sound Recorder can be run.
+If you enable this policy setting, Sound Recorder won't run.
+
+If you disable or don't configure this policy setting, Sound Recorder can run.
@@ -92,8 +95,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -110,11 +114,13 @@ ADMX Info:
-This policy specifies whether Sound Recorder can run. Sound Recorder is a feature of Microsoft Windows Vista that can be used to record sound from an audio input device where the recorded sound is encoded and saved as an audio file.
+This policy specifies whether Sound Recorder can run.
-If you enable this policy setting, Sound Recorder will not run.
+Sound Recorder is a feature of Microsoft Windows Vista that can be used to record sound from an audio input device where the recorded sound is encoded and saved as an audio file.
-If you disable or do not configure this policy setting, Sound Recorder can be run.
+If you enable this policy setting, Sound Recorder won't run.
+
+If you disable or don't configure this policy setting, Sound Recorder can be run.
@@ -131,3 +137,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-srmfci.md b/windows/client-management/mdm/policy-csp-admx-srmfci.md
index 325fd93379..b5f0f4d1cb 100644
--- a/windows/client-management/mdm/policy-csp-admx-srmfci.md
+++ b/windows/client-management/mdm/policy-csp-admx-srmfci.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_srmfci
-description: Policy CSP - ADMX_srmfci
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_srmfci.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/18/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_srmfci
@@ -46,8 +46,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -64,7 +65,7 @@ manager: dansimp
-This Group Policy Setting should be set on Windows clients to enable access-denied assistance for all file types.
+This group policy setting should be set on Windows clients to enable access-denied assistance for all file types.
@@ -88,8 +89,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -130,3 +132,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-startmenu.md b/windows/client-management/mdm/policy-csp-admx-startmenu.md
index f89c8f56d9..8c6e907ba3 100644
--- a/windows/client-management/mdm/policy-csp-admx-startmenu.md
+++ b/windows/client-management/mdm/policy-csp-admx-startmenu.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_StartMenu
-description: Policy CSP - ADMX_StartMenu
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_StartMenu.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 10/20/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_StartMenu
@@ -240,8 +240,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -286,8 +287,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -304,7 +306,7 @@ ADMX Info:
-Clear history of recently opened documents on exit.
+This policy setting clears history of recently opened documents on exit.
If you enable this setting, the system deletes shortcuts to recently used document files when the user signs out. As a result, the Recent Items menu on the Start menu is always empty when the user logs on. In addition, recently and frequently used items in the Jump Lists off of programs in the Start Menu and Taskbar will be cleared when the user signs out.
@@ -343,8 +345,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -387,8 +390,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -433,8 +437,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -479,8 +484,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -497,7 +503,7 @@ ADMX Info:
-This policy setting prevents the user from searching apps, files, settings (and the web if enabled) when the user searches from the Apps view.
+This policy setting prevents the user from searching apps, files and settings (and the web if enabled) when the user searches from the Apps view.
This policy setting is only applied when the Apps view is set as the default view for Start.
@@ -527,8 +533,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -582,8 +589,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -630,8 +638,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -681,8 +690,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -727,8 +737,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -745,7 +756,7 @@ ADMX Info:
-Disables personalized menus.
+This policy seting disables personalized menus.
Windows personalizes long menus by moving recently used items to the top of the menu and hiding items that haven't been used recently. Users can display the hidden items by clicking an arrow to extend the menu.
@@ -778,8 +789,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -829,8 +841,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -875,8 +888,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -925,8 +939,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -943,7 +958,7 @@ ADMX Info:
-Hides pop-up text on the Start menu and in the notification area.
+This policy setting hides pop-up text on the Start menu and in the notification area.
When you hold the cursor over an item on the Start menu or in the notification area, the system displays pop-up text providing additional information about the object.
@@ -973,8 +988,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1019,8 +1035,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1068,8 +1085,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1086,7 +1104,7 @@ ADMX Info:
-Removes items in the All Users profile from the Programs menu on the Start menu.
+This policy setting removes items in the All Users profile from the Programs menu on the Start menu.
By default, the Programs menu contains items from the All Users profile and items from the user's profile. If you enable this setting, only items in the user's profile appear in the Programs menu.
@@ -1114,8 +1132,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1132,7 +1151,7 @@ ADMX Info:
-Prevents users from adding the Favorites menu to the Start menu or classic Start menu.
+This policy setting prevents users from adding the Favorites menu to the Start menu or classic Start menu.
If you enable this setting, the Display Favorites item doesn't appear in the Advanced Start menu options box.
@@ -1167,8 +1186,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1220,8 +1240,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1264,8 +1285,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1312,8 +1334,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1362,8 +1385,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1413,8 +1437,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1465,8 +1490,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1511,8 +1537,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1529,7 +1556,7 @@ ADMX Info:
-Removes the Recent Items menu from the Start menu. Removes the Documents menu from the classic Start menu.
+This policy setting removes the Recent Items menu from the Start menu. Removes the Documents menu from the classic Start menu.
The Recent Items menu contains links to the non-program files that users have most recently opened. It appears so that users can easily reopen their documents.
@@ -1568,8 +1595,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1619,8 +1647,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1669,8 +1698,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1734,8 +1764,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1785,8 +1816,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1836,8 +1868,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1882,8 +1915,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1928,8 +1962,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1974,8 +2009,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2018,8 +2054,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2062,8 +2099,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2106,8 +2144,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2150,8 +2189,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2194,8 +2234,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2238,8 +2279,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2288,8 +2330,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2336,8 +2379,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2382,8 +2426,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2426,8 +2471,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2472,8 +2518,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2522,8 +2569,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2568,8 +2616,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2618,8 +2667,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2664,8 +2714,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2712,8 +2763,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2760,8 +2812,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2808,8 +2861,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2859,8 +2913,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2903,8 +2958,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2947,8 +3003,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2993,8 +3050,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3045,8 +3103,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3093,8 +3152,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3141,8 +3201,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3185,8 +3246,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3231,8 +3293,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3280,8 +3343,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3326,8 +3390,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3368,8 +3433,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3421,8 +3487,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3459,3 +3526,8 @@ ADMX Info:
+
+
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-systemrestore.md b/windows/client-management/mdm/policy-csp-admx-systemrestore.md
index b8c24f28ca..4ca5a3d3a1 100644
--- a/windows/client-management/mdm/policy-csp-admx-systemrestore.md
+++ b/windows/client-management/mdm/policy-csp-admx-systemrestore.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_SystemRestore
-description: Policy CSP - ADMX_SystemRestore
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_SystemRestore.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 11/13/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_SystemRestore
@@ -42,8 +42,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -60,9 +61,7 @@ manager: dansimp
-Allows you to disable System Restore configuration through System Protection.
-
-This policy setting allows you to turn off System Restore configuration through System Protection.
+This policy setting allows you to disable System Restore configuration through System Protection.
System Restore enables users, in the event of a problem, to restore their computers to a previous state without losing personal data files. The behavior of this policy setting depends on the "Turn off System Restore" policy setting.
@@ -90,3 +89,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-tabletshell.md b/windows/client-management/mdm/policy-csp-admx-tabletshell.md
index 89216a67b0..cfc57b2098 100644
--- a/windows/client-management/mdm/policy-csp-admx-tabletshell.md
+++ b/windows/client-management/mdm/policy-csp-admx-tabletshell.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_TabletShell
-description: Policy CSP - ADMX_TabletShell
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_TabletShell.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/23/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_TabletShell
@@ -46,8 +46,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -64,7 +65,7 @@ manager: dansimp
-Prevents start of InkBall game.
+This policy setting prevents start of InkBall game.
If you enable this policy, the InkBall game won't run.
@@ -93,8 +94,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -111,9 +113,9 @@ ADMX Info:
-Prevents printing to Journal Note Writer.
+This policy setting prevents printing to Journal Note Writer.
-If you enable this policy, the Journal Note Writer printer driver won't allow printing to it. It will remain displayed in the list of available printers, but attempts to print to it will fail.
+If you enable this policy, the Journal Note Writer printer driver won't allow printing to it. It will remain displayed in the list of available printers, but attempts to print it will fail.
If you disable this policy, you'll be able to use this feature to print to a Journal Note. If you don't configure this policy, users will be able to use this feature to print to a Journal Note.
@@ -136,3 +138,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-taskbar.md b/windows/client-management/mdm/policy-csp-admx-taskbar.md
index 515570e609..3436685cc9 100644
--- a/windows/client-management/mdm/policy-csp-admx-taskbar.md
+++ b/windows/client-management/mdm/policy-csp-admx-taskbar.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_Taskbar
-description: Policy CSP - ADMX_Taskbar
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_Taskbar.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 10/26/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_Taskbar
@@ -106,8 +106,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -132,7 +133,8 @@ If this setting is enabled, Notifications and Action Center isn't displayed in t
If you disable or don't configure this policy setting, Notification and Security and Maintenance will be displayed on the taskbar.
-A reboot is required for this policy setting to take effect.
+>[!NOTE]
+> A reboot is required for this policy setting to take effect.
@@ -155,8 +157,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -181,7 +184,8 @@ Enable this policy setting if a specific app or system component that uses ballo
If you disable or don’t configure this policy setting, all notifications will appear as toast notifications.
-A reboot is required for this policy setting to take effect.
+>[!NOTE]
+> A reboot is required for this policy setting to take effect.
@@ -204,8 +208,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -249,8 +254,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -294,8 +300,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -339,8 +346,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -384,8 +392,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -429,8 +438,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -474,8 +484,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -519,8 +530,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -565,8 +577,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -617,8 +630,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -663,8 +677,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -712,8 +727,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -759,8 +775,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -805,8 +822,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -850,8 +868,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -897,8 +916,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -942,8 +962,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -988,8 +1009,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1035,8 +1057,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1081,8 +1104,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1120,3 +1144,7 @@ ADMX Info:
+
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-tcpip.md b/windows/client-management/mdm/policy-csp-admx-tcpip.md
index 6a9bd7666d..7ef48341ef 100644
--- a/windows/client-management/mdm/policy-csp-admx-tcpip.md
+++ b/windows/client-management/mdm/policy-csp-admx-tcpip.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_tcpip
-description: Policy CSP - ADMX_tcpip
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_tcpip.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/23/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_tcpip
@@ -79,8 +79,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -124,8 +125,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -169,8 +171,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -193,11 +196,9 @@ If you disable or do not configure this policy setting, the local host setting i
If you enable this policy setting, you can configure 6to4 with one of the following settings:
-Policy Default State: 6to4 is turned off and connectivity with 6to4 will not be available.
-
-Policy Enabled State: If a global IPv4 address is present, the host will have a 6to4 interface. If no global IPv4 address is present, the host will not have a 6to4 interface.
-
-Policy Disabled State: 6to4 is turned off and connectivity with 6to4 will not be available.
+- Policy Default State: 6to4 is turned off and connectivity with 6to4 will not be available.
+- Policy Enabled State: If a global IPv4 address is present, the host will have a 6to4 interface. If no global IPv4 address is present, the host will not have a 6to4 interface.
+- Policy Disabled State: 6to4 is turned off and connectivity with 6to4 will not be available.
@@ -220,8 +221,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -244,11 +246,9 @@ If you disable or do not configure this policy setting, the local host settings
If you enable this policy setting, you can specify an IP-HTTPS server URL. You will be able to configure IP-HTTPS with one of the following settings:
-Policy Default State: The IP-HTTPS interface is used when there are no other connectivity options.
-
-Policy Enabled State: The IP-HTTPS interface is always present, even if the host has other connectivity options.
-
-Policy Disabled State: No IP-HTTPS interfaces are present on the host.
+- Policy Default State: The IP-HTTPS interface is used when there are no other connectivity options.
+- Policy Enabled State: The IP-HTTPS interface is always present, even if the host has other connectiv-ity options.
+- Policy Disabled State: No IP-HTTPS interfaces are present on the host.
@@ -271,8 +271,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -316,8 +317,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -361,8 +363,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -385,11 +388,9 @@ If you disable or do not configure this policy setting, the local host setting i
If you enable this policy setting, you can configure ISATAP with one of the following settings:
-Policy Default State: No ISATAP interfaces are present on the host.
-
-Policy Enabled State: If the ISATAP name is resolved successfully, the host will have ISATAP configured with a link-local address and an address for each prefix received from the ISATAP router through stateless address auto-configuration. If the ISATAP name is not resolved successfully, the host will have an ISATAP interface configured with a link-local address.
-
-Policy Disabled State: No ISATAP interfaces are present on the host.
+- Policy Default State: No ISATAP interfaces are present on the host.
+- Policy Enabled State: If the ISATAP name is resolved successfully, the host will have ISATAP configured with a link-local address and an address for each prefix received from the ISATAP router through stateless address auto-configuration. If the ISATAP name is not resolved successfully, the host will have an ISATAP interface configured with a link-local address.
+- Policy Disabled State: No ISATAP interfaces are present on the host.
@@ -412,8 +413,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -457,8 +459,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -504,8 +507,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -552,8 +556,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -597,8 +602,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -621,13 +627,10 @@ If you disable or do not configure this policy setting, the local host settings
If you enable this policy setting, you can configure Teredo with one of the following settings:
-Default: The default state is "Client."
-
-Disabled: No Teredo interfaces are present on the host.
-
-Client: The Teredo interface is present only when the host is not on a network that includes a domain controller.
-
-Enterprise Client: The Teredo interface is always present, even if the host is on a network that includes a domain controller.
+- Default: The default state is "Client."
+- Disabled: No Teredo interfaces are present on the host.
+- Client: The Teredo interface is present only when the host is not on a network that includes a domain controller.
+- Enterprise Client: The Teredo interface is always present, even if the host is on a network that includes a domain controller.
@@ -650,8 +653,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -692,3 +696,7 @@ ADMX Info:
>
+
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-terminalserver.md b/windows/client-management/mdm/policy-csp-admx-terminalserver.md
index 9dedd54d73..f4dd3f6be6 100644
--- a/windows/client-management/mdm/policy-csp-admx-terminalserver.md
+++ b/windows/client-management/mdm/policy-csp-admx-terminalserver.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_TerminalServer
-description: Policy CSP - ADMX_TerminalServer
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_TerminalServer.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/21/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_TerminalServer
@@ -309,8 +309,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -356,8 +357,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -403,8 +405,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -455,8 +458,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -480,8 +484,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -531,8 +536,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -551,7 +557,7 @@ ADMX Info:
This policy setting allows you to specify whether users can run Remote Desktop Protocol (.rdp) files from a publisher that signed the file with a valid certificate. A valid certificate is one that is issued by an authority recognized by the client, such as the issuers in the client's Third-Party Root Certification Authorities certificate store.
-This policy setting also controls whether the user can start an RDP session by using default .rdp settings (for example, when a user directly opens the Remote Desktop Connection [RDC] client without specifying a .rdp file).
+This policy setting also controls whether the user can start an RDP session by using default .rdp settings (for example, when a user directly opens the Remote Desktop Connection (RDC) client without specifying a .rdp file).
If you enable or don't configure this policy setting, users can run .rdp files that are signed with a valid certificate. Users can also start an RDP session with default .rdp settings by directly opening the RDC client. When a user starts an RDP session, the user is asked to confirm whether they want to connect.
@@ -583,8 +589,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -630,8 +637,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -677,8 +685,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -728,8 +737,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -777,8 +787,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -828,8 +839,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -879,8 +891,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -930,8 +943,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -981,8 +995,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1028,8 +1043,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1075,8 +1091,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1122,8 +1139,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1172,8 +1190,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1221,8 +1240,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1275,8 +1295,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1329,8 +1350,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1376,8 +1398,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1431,8 +1454,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1483,8 +1507,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1531,8 +1556,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1581,8 +1607,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1631,8 +1658,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1681,8 +1709,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1732,8 +1761,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1787,8 +1817,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1836,8 +1867,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1888,8 +1920,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1937,8 +1970,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1991,8 +2025,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2044,8 +2079,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2093,8 +2129,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2145,8 +2182,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2196,8 +2234,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2245,8 +2284,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2265,10 +2305,10 @@ ADMX Info:
This policy setting allows you to specify the type of Remote Desktop Services client access license (RDS CAL) that is required to connect to this RD Session Host server.
-You can use this policy setting to select one of three licensing modes: Per User, Per Device, and AAD Per User.
+You can use this policy setting to select one of three licensing modes: Per User, Per Device, and Azure Active Directory Per User.
- Per User licensing mode requires that each user account connecting to this RD Session Host server have an RDS Per User CAL issued from an RD Licensing server.
- Per Device licensing mode requires that each device connecting to this RD Session Host server have an RDS Per Device CAL issued from an RD Licensing server.
-- AAD Per User licensing mode requires that each user account connecting to this RD Session Host server have a service plan that supports RDS licenses assigned in AAD.
+- Azure AD Per User licensing mode requires that each user account connecting to this RD Session Host server have a service plan that supports RDS licenses assigned in Azure AD.
If you enable this policy setting, the Remote Desktop licensing mode that you specify is honored by the Remote Desktop license server and RD Session Host.
@@ -2297,8 +2337,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2351,8 +2392,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2398,8 +2440,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2445,8 +2488,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2497,8 +2541,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2544,8 +2589,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2597,8 +2643,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2649,8 +2696,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2699,8 +2747,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2747,8 +2796,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2793,8 +2843,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2839,8 +2890,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2889,8 +2941,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2941,8 +2994,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2991,8 +3045,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3045,8 +3100,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3097,8 +3153,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3149,8 +3206,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3198,8 +3256,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3246,8 +3305,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3269,9 +3329,7 @@ This policy setting allows you to specify whether the client will establish a co
- If you enable this policy setting, you must specify one of the following settings:
- Always connect, even if authentication fails: The client connects to the RD Session Host server even if the client can't authenticate the RD Session Host server.
-
- Warn me if authentication fails: The client attempts to authenticate the RD Session Host server. If the RD Session Host server can be authenticated, the client establishes a connection to the RD Session Host server. If the RD Session Host server can't be authenticated, the user is prompted to choose whether to connect to the RD Session Host server without authenticating the RD Session Host server.
-
- don't connect if authentication fails: The client establishes a connection to the RD Session Host server only if the RD Session Host server can be authenticated.
- If you disable or don't configure this policy setting, the authentication setting that is specified in Remote Desktop Connection or in the .rdp file determines whether the client establishes a connection to the RD Session Host server when the client can't authenticate the RD Session Host server.
@@ -3299,8 +3357,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3346,8 +3405,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3391,8 +3451,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3444,8 +3505,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3496,8 +3558,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3544,8 +3607,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3592,8 +3656,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3639,8 +3704,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3686,8 +3752,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3739,8 +3806,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3792,8 +3860,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3843,8 +3912,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3894,8 +3964,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3946,8 +4017,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3998,8 +4070,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4051,8 +4124,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4104,8 +4178,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4152,8 +4227,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4202,8 +4278,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4252,8 +4329,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4302,8 +4380,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4352,8 +4431,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4401,8 +4481,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4451,8 +4532,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4501,8 +4583,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4551,8 +4634,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4600,8 +4684,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4619,7 +4704,9 @@ ADMX Info:
This policy setting allows you to permit RDP redirection of other supported RemoteFX USB devices from this computer. Redirected RemoteFX USB devices won't be available for local usage on this computer.
+
If you enable this policy setting, you can choose to give the ability to redirect other supported RemoteFX USB devices over RDP to all users or only to users who are in the Administrators group on the computer.
+
If you disable or don't configure this policy setting, other supported RemoteFX USB devices aren't available for RDP redirection by using any user account. For this change to take effect, you must restart Windows.
@@ -4645,8 +4732,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4694,8 +4782,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4745,8 +4834,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4795,8 +4885,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4840,3 +4931,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-thumbnails.md b/windows/client-management/mdm/policy-csp-admx-thumbnails.md
index cad32638c6..b8a2fd7483 100644
--- a/windows/client-management/mdm/policy-csp-admx-thumbnails.md
+++ b/windows/client-management/mdm/policy-csp-admx-thumbnails.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_Thumbnails
-description: Policy CSP - ADMX_Thumbnails
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_Thumbnails.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/25/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_Thumbnails
@@ -48,8 +48,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -95,8 +96,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -142,8 +144,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -160,7 +163,7 @@ ADMX Info:
-Turns off the caching of thumbnails in hidden thumbs.db files.
+This policy setting turns off the caching of thumbnails in hidden thumbs.db files.
This policy setting allows you to configure File Explorer to cache thumbnails of items residing in network folders in hidden thumbs.db files.
@@ -184,3 +187,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-touchinput.md b/windows/client-management/mdm/policy-csp-admx-touchinput.md
index 4f7283a5a7..776951f78d 100644
--- a/windows/client-management/mdm/policy-csp-admx-touchinput.md
+++ b/windows/client-management/mdm/policy-csp-admx-touchinput.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_TouchInput
-description: Policy CSP - ADMX_TouchInput
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_TouchInput.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/23/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_TouchInput
@@ -52,8 +52,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -70,12 +71,16 @@ manager: dansimp
-Turn off Tablet PC touch input Turns off touch input, which allows the user to interact with their computer using their finger.
+This setting turns off Tablet PC touch input Turns off touch input, which allows the user to interact with their computer using their finger.
-- If you enable this setting, the user won't be able to produce input with touch. They won't be able to use touch input or touch gestures such as tap and double tap, the touch pointer, and other touch-specific features.
-- If you disable this setting, the user can produce input with touch, by using gestures, the touch pointer, and other-touch specific features.
+If you enable this setting, the user won't be able to produce input with touch. They won't be able to use touch input or touch gestures such as tap and double tap, the touch pointer, and other touch-specific features.
-If you don't configure this setting, touch input is on by default. Note: Changes to this setting won't take effect until the user signs out.
+If you disable this setting, the user can produce input with touch, by using gestures, the touch pointer, and other-touch specific features.
+
+If you don't configure this setting, touch input is on by default.
+
+>[!NOTE]
+> Changes to this setting won't take effect until the user signs out.
@@ -96,8 +101,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -114,12 +120,16 @@ ADMX Info:
-Turn off Tablet PC touch input Turns off touch input, which allows the user to interact with their computer using their finger.
+This setting turns off Tablet PC touch input Turns off touch input, which allows the user to interact with their computer using their finger.
-- If you enable this setting, the user won't be able to produce input with touch. They won't be able to use touch input or touch gestures such as tap and double tap, the touch pointer, and other touch-specific features.
-- If you disable this setting, the user can produce input with touch, by using gestures, the touch pointer, and other-touch specific features.
+If you enable this setting, the user won't be able to produce input with touch. They won't be able to use touch input or touch gestures such as tap and double tap, the touch pointer, and other touch-specific features.
-If you don't configure this setting, touch input is on by default. Note: Changes to this setting won't take effect until the user signs out.
+If you disable this setting, the user can produce input with touch, by using gestures, the touch pointer, and other-touch specific features.
+
+If you don't configure this setting, touch input is on by default.
+
+>[!NOTE]
+>Changes to this setting won't take effect until the user signs out.
@@ -143,8 +153,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -161,11 +172,11 @@ ADMX Info:
-Turn off Panning Turns off touch panning, which allows users pan inside windows by touch. On a compatible PC with a touch digitizer, by default users are able to scroll or pan inside a scrolling area by dragging up or down directly on the scrolling content.
+This setting turns off touch panning, which allows users pan inside windows by touch. On a compatible PC with a touch digitizer, by default users are able to scroll or pan inside a scrolling area by dragging up or down directly on the scrolling content.
-- If you enable this setting, the user won't be able to pan windows by touch.
+If you enable this setting, the user won't be able to pan windows by touch.
-- If you disable this setting, the user can pan windows by touch. If you don't configure this setting, Touch Panning is on by default.
+If you disable this setting, the user can pan windows by touch. If you don't configure this setting, Touch Panning is on by default.
> [!NOTE]
> Changes to this setting won't take effect until the user logs off.
@@ -190,8 +201,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -208,11 +220,11 @@ ADMX Info:
-Turn off Panning Turns off touch panning, which allows users pan inside windows by touch. On a compatible PC with a touch digitizer, by default users are able to scroll or pan inside a scrolling area by dragging up or down directly on the scrolling content.
+This setting turns off touch panning, which allows users pan inside windows by touch. On a compatible PC with a touch digitizer, by default users are able to scroll or pan inside a scrolling area by dragging up or down directly on the scrolling content.
-- If you enable this setting, the user won't be able to pan windows by touch.
+If you enable this setting, the user won't be able to pan windows by touch.
-- If you disable this setting, the user can pan windows by touch. If you don't configure this setting, Touch Panning is on by default.
+If you disable this setting, the user can pan windows by touch. If you don't configure this setting, Touch Panning is on by default.
> [!NOTE]
> Changes to this setting won't take effect until the user logs off.
@@ -233,3 +245,7 @@ ADMX Info:
+
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-tpm.md b/windows/client-management/mdm/policy-csp-admx-tpm.md
index cc8d6387aa..2e39f46e4f 100644
--- a/windows/client-management/mdm/policy-csp-admx-tpm.md
+++ b/windows/client-management/mdm/policy-csp-admx-tpm.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_TPM
-description: Policy CSP - ADMX_TPM
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_TPM.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/25/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_TPM
@@ -69,8 +69,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -114,8 +115,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -155,8 +157,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -202,8 +205,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -249,8 +253,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -303,8 +308,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -321,7 +327,7 @@ ADMX Info:
-This Policy enables Device Health Attestation reporting (DHA-report) on supported devices. It enables supported devices to send Device Health Attestation related information (device boot logs, PCR values, TPM certificate, etc.) to Device Health Attestation Service (DHA-Service) every time a device starts. Device Health Attestation Service validates the security state and health of the devices, and makes the findings accessible to enterprise administrators via a cloud based reporting portal. This policy is independent of DHA reports that are initiated by device manageability solutions (like MDM or SCCM), and won't interfere with their workflows.
+This Policy enables Device Health Attestation reporting (DHA-report) on supported devices. It enables supported devices to send Device Health Attestation related information (device boot logs, PCR values, TPM certificate, etc.) to Device Health Attestation Service (DHA-Service) every time a device starts. Device Health Attestation Service validates the security state and health of the devices, and makes the findings accessible to enterprise administrators via a cloud based reporting portal. This policy is independent of DHA reports that are initiated by device manageability solutions (like MDM or Configuration Manager), and won't interfere with their workflows.
@@ -344,8 +350,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -401,8 +408,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -460,8 +468,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -519,8 +528,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -555,3 +565,7 @@ ADMX Info:
+
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md b/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md
index 25e8620306..c5a2aabcc3 100644
--- a/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md
+++ b/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_UserExperienceVirtualization
-description: Policy CSP - ADMX_UserExperienceVirtualization
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_UserExperienceVirtualization.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/30/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_UserExperienceVirtualization
@@ -417,8 +417,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -444,7 +445,7 @@ If you enable this policy setting, the Calculator user settings continue to sync
If you disable this policy setting, Calculator user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -467,8 +468,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -499,7 +501,7 @@ With notifications enabled, UE-V users receive a message when the settings sync
If you disable this policy setting, the sync provider is used to synchronize settings between computers and the settings storage location.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -522,8 +524,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -551,7 +554,7 @@ If you enable this policy setting, the UE-V rollback state is copied to the sett
If you disable this policy setting, no UE-V rollback state is copied to the settings storage location.
-If you do not configure this policy, no UE-V rollback state is copied to the settings storage location.
+If you don't configure this policy, no UE-V rollback state is copied to the settings storage location.
@@ -573,8 +576,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -595,9 +599,9 @@ This policy setting specifies the text of the Contact IT URL hyperlink in the Co
If you enable this policy setting, the Company Settings Center displays the specified text in the link to the Contact IT URL.
-If you disable this policy setting, the Company Settings Center does not display an IT Contact link.
+If you disable this policy setting, the Company Settings Center doesn't display an IT Contact link.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -620,8 +624,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -642,9 +647,9 @@ This policy setting specifies the URL for the Contact IT link in the Company Set
If you enable this policy setting, the Company Settings Center Contact IT text links to the specified URL. The link can be of any standard protocol such as http or mailto.
-If you disable this policy setting, the Company Settings Center does not display an IT Contact link.
+If you disable this policy setting, the Company Settings Center doesn't display an IT Contact link.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -666,8 +671,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -689,20 +695,20 @@ This policy setting defines whether the User Experience Virtualization (UE-V) Ag
By default, the UE-V Agent synchronizes settings for Windows apps between the computer and the settings storage location.
-If you enable this policy setting, the UE-V Agent will not synchronize settings for Windows apps.
+If you enable this policy setting, the UE-V Agent won't synchronize settings for Windows apps.
If you disable this policy setting, the UE-V Agent will synchronize settings for Windows apps.
-If you do not configure this policy setting, any defined values are deleted.
+If you don't configure this policy setting, any defined values are deleted.
> [!NOTE]
-> If the user connects their Microsoft account for their computer then the UE-V Agent will not synchronize Windows apps. The Windows apps will default to whatever settings are configured in the Sync your settings configuration in Windows.
+> If the user connects their Microsoft account for their computer then the UE-V Agent won't synchronize Windows apps. The Windows apps will default to whatever settings are configured in the Sync your settings configuration in Windows.
ADMX Info:
-- GP Friendly name: *Do not synchronize Windows Apps*
+- GP Friendly name: *don't synchronize Windows Apps*
- GP name: *DisableWin8Sync*
- GP path: *Windows Components\Microsoft User Experience Virtualization*
- GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -719,8 +725,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -744,7 +751,7 @@ If you enable this policy setting, only the selected Windows settings synchroniz
If you disable this policy setting, all Windows Settings are excluded from the settings synchronization.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -767,8 +774,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -810,8 +818,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -835,7 +844,7 @@ If you enable this policy setting, Finance user settings continue to sync.
If you disable this policy setting, Finance user settings are excluded from synchronization.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -858,8 +867,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -882,7 +892,7 @@ With this setting enabled, the notification appears the first time that the UE-V
With this setting disabled, no notification appears.
-If you do not configure this policy setting, any defined values are deleted.
+If you don't configure this policy setting, any defined values are deleted.
@@ -905,8 +915,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -930,7 +941,7 @@ If you enable this policy setting, Games user settings continue to sync.
If you disable this policy setting, Games user settings are excluded from synchronization.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -953,8 +964,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -980,7 +992,7 @@ If you enable this policy setting, the Internet Explorer 8 user settings continu
If you disable this policy setting, Internet Explorer 8 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -1003,8 +1015,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1028,7 +1041,7 @@ If you enable this policy setting, the Internet Explorer 9 user settings continu
If you disable this policy setting, Internet Explorer 9 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -1052,8 +1065,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1077,7 +1091,7 @@ If you enable this policy setting, the Internet Explorer 10 user settings contin
If you disable this policy setting, Internet Explorer 10 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -1100,8 +1114,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1125,7 +1140,7 @@ If you enable this policy setting, the Internet Explorer 11 user settings contin
If you disable this policy setting, Internet Explorer 11 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -1148,8 +1163,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1174,7 +1190,7 @@ If you enable this policy setting, the user settings which are common between th
If you disable this policy setting, the user settings which are common between the versions of Internet Explorer are excluded from settings synchronization. If any version of the Internet Explorer settings are enabled this policy setting should not be disabled.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -1196,8 +1212,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1221,7 +1238,7 @@ If you enable this policy setting, Maps user settings continue to sync.
If you disable this policy setting, Maps user settings are excluded from synchronization.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -1244,8 +1261,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1263,11 +1281,11 @@ ADMX Info:
-This policy setting allows you to configure the UE-V Agent to write a warning event to the event log when a settings package file size reaches a defined threshold. By default the UE-V Agent does not report information about package file size.
+This policy setting allows you to configure the UE-V Agent to write a warning event to the event log when a settings package file size reaches a defined threshold. By default the UE-V Agent doesn't report information about package file size.
If you enable this policy setting, specify the threshold file size in bytes. When the settings package file exceeds this threshold the UE-V Agent will write a warning event to the event log.
-If you disable or do not configure this policy setting, no event is written to the event log to report settings package size.
+If you disable or don't configure this policy setting, no event is written to the event log to report settings package size.
@@ -1290,8 +1308,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1315,7 +1334,7 @@ If you enable this policy setting, Microsoft Access 2010 user settings continue
If you disable this policy setting, Microsoft Access 2010 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -1338,8 +1357,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1363,7 +1383,7 @@ If you enable this policy setting, the user settings which are common between th
If you disable this policy setting, the user settings which are common between the Microsoft Office Suite 2010 applications are excluded from the synchronization settings. If any of the Microsoft Office Suite 2010 applications are enabled, this policy setting should not be disabled
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -1386,8 +1406,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1411,7 +1432,7 @@ If you enable this policy setting, Microsoft Excel 2010 user settings continue t
If you disable this policy setting, Microsoft Excel 2010 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -1434,8 +1455,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1459,7 +1481,7 @@ If you enable this policy setting, Microsoft InfoPath 2010 user settings continu
If you disable this policy setting, Microsoft InfoPath 2010 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -1483,8 +1505,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1508,7 +1531,7 @@ If you enable this policy setting, Microsoft Lync 2010 user settings continue to
If you disable this policy setting, Microsoft Lync 2010 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -1531,8 +1554,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1556,7 +1580,7 @@ If you enable this policy setting, Microsoft OneNote 2010 user settings continue
If you disable this policy setting, Microsoft OneNote 2010 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -1578,8 +1602,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1603,7 +1628,7 @@ If you enable this policy setting, Microsoft Outlook 2010 user settings continue
If you disable this policy setting, Microsoft Outlook 2010 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -1626,8 +1651,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1651,7 +1677,7 @@ If you enable this policy setting, Microsoft PowerPoint 2010 user settings conti
If you disable this policy setting, Microsoft PowerPoint 2010 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -1675,8 +1701,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1700,7 +1727,7 @@ If you enable this policy setting, Microsoft Project 2010 user settings continue
If you disable this policy setting, Microsoft Project 2010 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -1723,8 +1750,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1748,7 +1776,7 @@ If you enable this policy setting, Microsoft Publisher 2010 user settings contin
If you disable this policy setting, Microsoft Publisher 2010 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -1772,8 +1800,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1797,7 +1826,7 @@ If you enable this policy setting, Microsoft SharePoint Designer 2010 user setti
If you disable this policy setting, Microsoft SharePoint Designer 2010 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -1820,8 +1849,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1845,7 +1875,7 @@ If you enable this policy setting, Microsoft SharePoint Workspace 2010 user sett
If you disable this policy setting, Microsoft SharePoint Workspace 2010 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -1869,8 +1899,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1894,7 +1925,7 @@ If you enable this policy setting, Microsoft Visio 2010 user settings continue t
If you disable this policy setting, Microsoft Visio 2010 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -1917,8 +1948,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1942,7 +1974,7 @@ If you enable this policy setting, Microsoft Word 2010 user settings continue to
If you disable this policy setting, Microsoft Word 2010 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -1965,8 +1997,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1990,7 +2023,7 @@ If you enable this policy setting, Microsoft Access 2013 user settings continue
If you disable this policy setting, Microsoft Access 2013 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -2012,8 +2045,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2035,9 +2069,9 @@ This policy setting configures the backup of certain user settings for Microsoft
If you enable this policy setting, certain user settings of Microsoft Access 2013 will continue to be backed up.
-If you disable this policy setting, certain user settings of Microsoft Access 2013 will not be backed up.
+If you disable this policy setting, certain user settings of Microsoft Access 2013 won't be backed up.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -2060,8 +2094,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2085,7 +2120,7 @@ If you enable this policy setting, the user settings which are common between th
If you disable this policy setting, the user settings which are common between the Microsoft Office Suite 2013 applications are excluded from the synchronization settings. If any of the Microsoft Office Suite 2013 applications are enabled, this policy setting should not be disabled.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -2108,8 +2143,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2128,13 +2164,14 @@ ADMX Info:
This policy setting configures the backup of certain user settings which are common between the Microsoft Office Suite 2013 applications.
+
Microsoft Office Suite 2013 has user settings which are common between applications and are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific common Microsoft Office Suite 2013 applications.
If you enable this policy setting, certain user settings which are common between the Microsoft Office Suite 2013 applications will continue to be backed up.
-If you disable this policy setting, certain user settings which are common between the Microsoft Office Suite 2013 applications will not be backed up.
+If you disable this policy setting, certain user settings which are common between the Microsoft Office Suite 2013 applications won't be backed up.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -2157,8 +2194,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2184,7 +2222,7 @@ If you enable this policy setting, Microsoft Excel 2013 user settings continue t
If you disable this policy setting, Microsoft Excel 2013 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -2206,8 +2244,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2229,9 +2268,9 @@ This policy setting configures the backup of certain user settings for Microsoft
If you enable this policy setting, certain user settings of Microsoft Excel 2013 will continue to be backed up.
-If you disable this policy setting, certain user settings of Microsoft Excel 2013 will not be backed up.
+If you disable this policy setting, certain user settings of Microsoft Excel 2013 won't be backed up.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -2254,8 +2293,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2279,7 +2319,7 @@ If you enable this policy setting, Microsoft InfoPath 2013 user settings continu
If you disable this policy setting, Microsoft InfoPath 2013 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -2302,8 +2342,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2325,9 +2366,9 @@ This policy setting configures the backup of certain user settings for Microsoft
If you enable this policy setting, certain user settings of Microsoft InfoPath 2013 will continue to be backed up.
-If you disable this policy setting, certain user settings of Microsoft InfoPath 2013 will not be backed up.
+If you disable this policy setting, certain user settings of Microsoft InfoPath 2013 won't be backed up.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -2351,8 +2392,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2376,7 +2418,7 @@ If you enable this policy setting, Microsoft Lync 2013 user settings continue to
If you disable this policy setting, Microsoft Lync 2013 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -2399,8 +2441,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2422,9 +2465,9 @@ This policy setting configures the backup of certain user settings for Microsoft
If you enable this policy setting, certain user settings of Microsoft Lync 2013 will continue to be backed up.
-If you disable this policy setting, certain user settings of Microsoft Lync 2013 will not be backed up.
+If you disable this policy setting, certain user settings of Microsoft Lync 2013 won't be backed up.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -2448,8 +2491,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2473,7 +2517,7 @@ If you enable this policy setting, OneDrive for Business 2013 user settings cont
If you disable this policy setting, OneDrive for Business 2013 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -2497,8 +2541,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2522,7 +2567,7 @@ If you enable this policy setting, Microsoft OneNote 2013 user settings continue
If you disable this policy setting, Microsoft OneNote 2013 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -2546,8 +2591,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2569,9 +2615,9 @@ This policy setting configures the backup of certain user settings for Microsoft
If you enable this policy setting, certain user settings of Microsoft OneNote 2013 will continue to be backed up.
-If you disable this policy setting, certain user settings of Microsoft OneNote 2013 will not be backed up.
+If you disable this policy setting, certain user settings of Microsoft OneNote 2013 won't be backed up.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -2595,8 +2641,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2620,7 +2667,7 @@ If you enable this policy setting, Microsoft Outlook 2013 user settings continue
If you disable this policy setting, Microsoft Outlook 2013 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -2643,8 +2690,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2666,9 +2714,9 @@ This policy setting configures the backup of certain user settings for Microsoft
If you enable this policy setting, certain user settings of Microsoft Outlook 2013 will continue to be backed up.
-If you disable this policy setting, certain user settings of Microsoft Outlook 2013 will not be backed up.
+If you disable this policy setting, certain user settings of Microsoft Outlook 2013 won't be backed up.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -2692,8 +2740,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2717,7 +2766,7 @@ If you enable this policy setting, Microsoft PowerPoint 2013 user settings conti
If you disable this policy setting, Microsoft PowerPoint 2013 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -2741,8 +2790,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2764,9 +2814,9 @@ This policy setting configures the backup of certain user settings for Microsoft
If you enable this policy setting, certain user settings of Microsoft PowerPoint 2013 will continue to be backed up.
-If you disable this policy setting, certain user settings of Microsoft PowerPoint 2013 will not be backed up.
+If you disable this policy setting, certain user settings of Microsoft PowerPoint 2013 won't be backed up.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -2790,8 +2840,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2815,7 +2866,7 @@ If you enable this policy setting, Microsoft Project 2013 user settings continue
If you disable this policy setting, Microsoft Project 2013 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -2838,8 +2889,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2861,9 +2913,9 @@ This policy setting configures the backup of certain user settings for Microsoft
If you enable this policy setting, certain user settings of Microsoft Project 2013 will continue to be backed up.
-If you disable this policy setting, certain user settings of Microsoft Project 2013 will not be backed up.
+If you disable this policy setting, certain user settings of Microsoft Project 2013 won't be backed up.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -2886,8 +2938,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2911,7 +2964,7 @@ If you enable this policy setting, Microsoft Publisher 2013 user settings contin
If you disable this policy setting, Microsoft Publisher 2013 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -2935,8 +2988,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2958,9 +3012,9 @@ This policy setting configures the backup of certain user settings for Microsoft
If you enable this policy setting, certain user settings of Microsoft Publisher 2013 will continue to be backed up.
-If you disable this policy setting, certain user settings of Microsoft Publisher 2013 will not be backed up.
+If you disable this policy setting, certain user settings of Microsoft Publisher 2013 won't be backed up.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -2984,8 +3038,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3009,7 +3064,7 @@ If you enable this policy setting, Microsoft SharePoint Designer 2013 user setti
If you disable this policy setting, Microsoft SharePoint Designer 2013 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -3033,8 +3088,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3056,9 +3112,9 @@ This policy setting configures the backup of certain user settings for Microsoft
If you enable this policy setting, certain user settings of Microsoft SharePoint Designer 2013 will continue to be backed up.
-If you disable this policy setting, certain user settings of Microsoft SharePoint Designer 2013 will not be backed up.
+If you disable this policy setting, certain user settings of Microsoft SharePoint Designer 2013 won't be backed up.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -3082,8 +3138,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3107,7 +3164,7 @@ If you enable this policy setting, Microsoft Office 2013 Upload Center user sett
If you disable this policy setting, Microsoft Office 2013 Upload Center user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -3130,8 +3187,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3155,7 +3213,7 @@ If you enable this policy setting, Microsoft Visio 2013 user settings continue t
If you disable this policy setting, Microsoft Visio 2013 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -3179,8 +3237,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3202,9 +3261,9 @@ This policy setting configures the backup of certain user settings for Microsoft
If you enable this policy setting, certain user settings of Microsoft Visio 2013 will continue to be backed up.
-If you disable this policy setting, certain user settings of Microsoft Visio 2013 will not be backed up.
+If you disable this policy setting, certain user settings of Microsoft Visio 2013 won't be backed up.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -3228,8 +3287,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3253,7 +3313,7 @@ If you enable this policy setting, Microsoft Word 2013 user settings continue to
If you disable this policy setting, Microsoft Word 2013 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -3276,8 +3336,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3299,9 +3360,9 @@ This policy setting configures the backup of certain user settings for Microsoft
If you enable this policy setting, certain user settings of Microsoft Word 2013 will continue to be backed up.
-If you disable this policy setting, certain user settings of Microsoft Word 2013 will not be backed up.
+If you disable this policy setting, certain user settings of Microsoft Word 2013 won't be backed up.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -3324,8 +3385,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3349,7 +3411,7 @@ If you enable this policy setting, Microsoft Access 2016 user settings continue
If you disable this policy setting, Microsoft Access 2016 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -3372,8 +3434,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3395,9 +3458,9 @@ This policy setting configures the backup of certain user settings for Microsoft
If you enable this policy setting, certain user settings of Microsoft Access 2016 will continue to be backed up.
-If you disable this policy setting, certain user settings of Microsoft Access 2016 will not be backed up.
+If you disable this policy setting, certain user settings of Microsoft Access 2016 won't be backed up.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -3421,8 +3484,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3446,7 +3510,7 @@ If you enable this policy setting, the user settings which are common between th
If you disable this policy setting, the user settings which are common between the Microsoft Office Suite 2016 applications are excluded from the synchronization settings. If any of the Microsoft Office Suite 2016 applications are enabled, this policy setting should not be disabled.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -3470,8 +3534,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3494,9 +3559,9 @@ Microsoft Office Suite 2016 has user settings which are common between applicati
If you enable this policy setting, certain user settings which are common between the Microsoft Office Suite 2016 applications will continue to be backed up.
-If you disable this policy setting, certain user settings which are common between the Microsoft Office Suite 2016 applications will not be backed up.
+If you disable this policy setting, certain user settings which are common between the Microsoft Office Suite 2016 applications won't be backed up.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -3520,8 +3585,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3545,7 +3611,7 @@ If you enable this policy setting, Microsoft Excel 2016 user settings continue t
If you disable this policy setting, Microsoft Excel 2016 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -3569,8 +3635,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3592,9 +3659,9 @@ This policy setting configures the backup of certain user settings for Microsoft
If you enable this policy setting, certain user settings of Microsoft Excel 2016 will continue to be backed up.
-If you disable this policy setting, certain user settings of Microsoft Excel 2016 will not be backed up.
+If you disable this policy setting, certain user settings of Microsoft Excel 2016 won't be backed up.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -3618,8 +3685,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3643,7 +3711,7 @@ If you enable this policy setting, Microsoft Lync 2016 user settings continue to
If you disable this policy setting, Microsoft Lync 2016 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -3667,8 +3735,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3690,9 +3759,9 @@ This policy setting configures the backup of certain user settings for Microsoft
If you enable this policy setting, certain user settings of Microsoft Lync 2016 will continue to be backed up.
-If you disable this policy setting, certain user settings of Microsoft Lync 2016 will not be backed up.
+If you disable this policy setting, certain user settings of Microsoft Lync 2016 won't be backed up.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -3716,8 +3785,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3741,7 +3811,7 @@ If you enable this policy setting, OneDrive for Business 2016 user settings cont
If you disable this policy setting, OneDrive for Business 2016 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -3765,8 +3835,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3790,7 +3861,7 @@ If you enable this policy setting, Microsoft OneNote 2016 user settings continue
If you disable this policy setting, Microsoft OneNote 2016 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -3813,8 +3884,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3836,9 +3908,9 @@ This policy setting configures the backup of certain user settings for Microsoft
If you enable this policy setting, certain user settings of Microsoft OneNote 2016 will continue to be backed up.
-If you disable this policy setting, certain user settings of Microsoft OneNote 2016 will not be backed up.
+If you disable this policy setting, certain user settings of Microsoft OneNote 2016 won't be backed up.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -3862,8 +3934,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3887,7 +3960,7 @@ If you enable this policy setting, Microsoft Outlook 2016 user settings continue
If you disable this policy setting, Microsoft Outlook 2016 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -3910,8 +3983,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3933,9 +4007,9 @@ This policy setting configures the backup of certain user settings for Microsoft
If you enable this policy setting, certain user settings of Microsoft Outlook 2016 will continue to be backed up.
-If you disable this policy setting, certain user settings of Microsoft Outlook 2016 will not be backed up.
+If you disable this policy setting, certain user settings of Microsoft Outlook 2016 won't be backed up.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -3959,8 +4033,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3984,7 +4059,7 @@ If you enable this policy setting, Microsoft PowerPoint 2016 user settings conti
If you disable this policy setting, Microsoft PowerPoint 2016 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -4007,8 +4082,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4030,9 +4106,9 @@ This policy setting configures the backup of certain user settings for Microsoft
If you enable this policy setting, certain user settings of Microsoft PowerPoint 2016 will continue to be backed up.
-If you disable this policy setting, certain user settings of Microsoft PowerPoint 2016 will not be backed up.
+If you disable this policy setting, certain user settings of Microsoft PowerPoint 2016 won't be backed up.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -4055,8 +4131,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4081,7 +4158,7 @@ If you enable this policy setting, Microsoft Project 2016 user settings continue
If you disable this policy setting, Microsoft Project 2016 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -4105,8 +4182,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4128,9 +4206,9 @@ This policy setting configures the backup of certain user settings for Microsoft
If you enable this policy setting, certain user settings of Microsoft Project 2016 will continue to be backed up.
-If you disable this policy setting, certain user settings of Microsoft Project 2016 will not be backed up.
+If you disable this policy setting, certain user settings of Microsoft Project 2016 won't be backed up.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -4153,8 +4231,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4178,7 +4257,7 @@ If you enable this policy setting, Microsoft Publisher 2016 user settings contin
If you disable this policy setting, Microsoft Publisher 2016 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -4202,8 +4281,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4225,9 +4305,9 @@ This policy setting configures the backup of certain user settings for Microsoft
If you enable this policy setting, certain user settings of Microsoft Publisher 2016 will continue to be backed up.
-If you disable this policy setting, certain user settings of Microsoft Publisher 2016 will not be backed up.
+If you disable this policy setting, certain user settings of Microsoft Publisher 2016 won't be backed up.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -4251,8 +4331,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4276,7 +4357,7 @@ If you enable this policy setting, Microsoft Office 2016 Upload Center user sett
If you disable this policy setting, Microsoft Office 2016 Upload Center user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -4300,8 +4381,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4325,7 +4407,7 @@ If you enable this policy setting, Microsoft Visio 2016 user settings continue t
If you disable this policy setting, Microsoft Visio 2016 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -4348,8 +4430,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4371,9 +4454,9 @@ This policy setting configures the backup of certain user settings for Microsoft
If you enable this policy setting, certain user settings of Microsoft Visio 2016 will continue to be backed up.
-If you disable this policy setting, certain user settings of Microsoft Visio 2016 will not be backed up.
+If you disable this policy setting, certain user settings of Microsoft Visio 2016 won't be backed up.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -4397,8 +4480,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4422,7 +4506,7 @@ If you enable this policy setting, Microsoft Word 2016 user settings continue to
If you disable this policy setting, Microsoft Word 2016 user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -4445,8 +4529,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4468,9 +4553,9 @@ This policy setting configures the backup of certain user settings for Microsoft
If you enable this policy setting, certain user settings of Microsoft Word 2016 will continue to be backed up.
-If you disable this policy setting, certain user settings of Microsoft Word 2016 will not be backed up.
+If you disable this policy setting, certain user settings of Microsoft Word 2016 won't be backed up.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -4494,8 +4579,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4519,7 +4605,7 @@ If you enable this policy setting, Microsoft Office 365 Access 2013 user setting
If you disable this policy setting, Microsoft Office 365 Access 2013 user settings are excluded from synchronization with UE-V.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -4543,8 +4629,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4568,7 +4655,7 @@ If you enable this policy setting, Microsoft Office 365 Access 2016 user setting
If you disable this policy setting, Microsoft Office 365 Access 2016 user settings are excluded from synchronization with UE-V.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -4592,8 +4679,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4617,7 +4705,7 @@ If you enable this policy setting, user settings which are common between the Mi
If you disable this policy setting, user settings which are common between the Microsoft Office Suite 2013 applications are excluded from synchronization with UE-V.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -4641,8 +4729,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4666,7 +4755,7 @@ If you enable this policy setting, user settings which are common between the Mi
If you disable this policy setting, user settings which are common between the Microsoft Office Suite 2016 applications are excluded from synchronization with UE-V.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -4690,8 +4779,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4715,7 +4805,7 @@ If you enable this policy setting, Microsoft Office 365 Excel 2013 user settings
If you disable this policy setting, Microsoft Office 365 Excel 2013 user settings are excluded from synchronization with UE-V.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -4739,8 +4829,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4764,7 +4855,7 @@ If you enable this policy setting, Microsoft Office 365 Excel 2016 user settings
If you disable this policy setting, Microsoft Office 365 Excel 2016 user settings are excluded from synchronization with UE-V.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -4788,8 +4879,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4813,7 +4905,7 @@ If you enable this policy setting, Microsoft Office 365 InfoPath 2013 user setti
If you disable this policy setting, Microsoft Office 365 InfoPath 2013 user settings are excluded from synchronization with UE-V.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -4836,8 +4928,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4861,7 +4954,7 @@ If you enable this policy setting, Microsoft Office 365 Lync 2013 user settings
If you disable this policy setting, Microsoft Office 365 Lync 2013 user settings are excluded from synchronization with UE-V.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -4885,8 +4978,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4910,7 +5004,7 @@ If you enable this policy setting, Microsoft Office 365 Lync 2016 user settings
If you disable this policy setting, Microsoft Office 365 Lync 2016 user settings are excluded from synchronization with UE-V.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -4934,8 +5028,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4959,7 +5054,7 @@ If you enable this policy setting, Microsoft Office 365 OneNote 2013 user settin
If you disable this policy setting, Microsoft Office 365 OneNote 2013 user settings are excluded from synchronization with UE-V.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -4983,8 +5078,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5008,7 +5104,7 @@ If you enable this policy setting, Microsoft Office 365 OneNote 2016 user settin
If you disable this policy setting, Microsoft Office 365 OneNote 2016 user settings are excluded from synchronization with UE-V.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -5032,8 +5128,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5057,7 +5154,7 @@ If you enable this policy setting, Microsoft Office 365 Outlook 2013 user settin
If you disable this policy setting, Microsoft Office 365 Outlook 2013 user settings are excluded from synchronization with UE-V.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -5081,8 +5178,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5106,7 +5204,7 @@ If you enable this policy setting, Microsoft Office 365 Outlook 2016 user settin
If you disable this policy setting, Microsoft Office 365 Outlook 2016 user settings are excluded from synchronization with UE-V.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -5130,8 +5228,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5155,7 +5254,7 @@ If you enable this policy setting, Microsoft Office 365 PowerPoint 2013 user set
If you disable this policy setting, Microsoft Office 365 PowerPoint 2013 user settings are excluded from synchronization with UE-V.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -5179,8 +5278,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5204,7 +5304,7 @@ If you enable this policy setting, Microsoft Office 365 PowerPoint 2016 user set
If you disable this policy setting, Microsoft Office 365 PowerPoint 2016 user settings are excluded from synchronization with UE-V.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -5228,8 +5328,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5253,7 +5354,7 @@ If you enable this policy setting, Microsoft Office 365 Project 2013 user settin
If you disable this policy setting, Microsoft Office 365 Project 2013 user settings are excluded from synchronization with UE-V.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -5277,8 +5378,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5302,7 +5404,7 @@ If you enable this policy setting, Microsoft Office 365 Project 2016 user settin
If you disable this policy setting, Microsoft Office 365 Project 2016 user settings are excluded from synchronization with UE-V.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -5326,8 +5428,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5351,7 +5454,7 @@ If you enable this policy setting, Microsoft Office 365 Publisher 2013 user sett
If you disable this policy setting, Microsoft Office 365 Publisher 2013 user settings are excluded from synchronization with UE-V.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -5375,8 +5478,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5400,7 +5504,7 @@ If you enable this policy setting, Microsoft Office 365 Publisher 2016 user sett
If you disable this policy setting, Microsoft Office 365 Publisher 2016 user settings are excluded from synchronization with UE-V.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -5423,8 +5527,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5448,7 +5553,7 @@ If you enable this policy setting, Microsoft Office 365 SharePoint Designer 2013
If you disable this policy setting, Microsoft Office 365 SharePoint Designer 2013 user settings are excluded from synchronization with UE-V.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -5472,8 +5577,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5497,7 +5603,7 @@ If you enable this policy setting, Microsoft Office 365 Visio 2013 user settings
If you disable this policy setting, Microsoft Office 365 Visio 2013 user settings are excluded from synchronization with UE-V.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -5520,8 +5626,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5545,7 +5652,7 @@ If you enable this policy setting, Microsoft Office 365 Visio 2016 user settings
If you disable this policy setting, Microsoft Office 365 Visio 2016 user settings are excluded from synchronization with UE-V.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -5569,8 +5676,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5594,7 +5702,7 @@ If you enable this policy setting, Microsoft Office 365 Word 2013 user settings
If you disable this policy setting, Microsoft Office 365 Word 2013 user settings are excluded from synchronization with UE-V.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -5618,8 +5726,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5643,7 +5752,7 @@ If you enable this policy setting, Microsoft Office 365 Word 2016 user settings
If you disable this policy setting, Microsoft Office 365 Word 2016 user settings are excluded from synchronization with UE-V.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -5667,8 +5776,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5692,7 +5802,7 @@ If you enable this policy setting, Music user settings continue to sync.
If you disable this policy setting, Music user settings are excluded from the synchronizing settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -5715,8 +5825,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5740,7 +5851,7 @@ If you enable this policy setting, News user settings continue to sync.
If you disable this policy setting, News user settings are excluded from synchronization.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -5764,8 +5875,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5789,7 +5901,7 @@ If you enable this policy setting, the Notepad user settings continue to synchro
If you disable this policy setting, Notepad user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -5813,8 +5925,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5838,7 +5951,7 @@ If you enable this policy setting, Reader user settings continue to sync.
If you disable this policy setting, Reader user settings are excluded from the synchronization.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -5863,8 +5976,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5886,7 +6000,7 @@ This policy setting configures the number of milliseconds that the computer wait
If you enable this policy setting, set the number of milliseconds that the system waits to retrieve settings.
-If you disable or do not configure this policy setting, the default value of 2000 milliseconds is used.
+If you disable or don't configure this policy setting, the default value of 2000 milliseconds is used.
@@ -5910,8 +6024,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5933,7 +6048,7 @@ This policy setting configures where the settings package files that contain use
If you enable this policy setting, the user settings are stored in the specified location.
-If you disable or do not configure this policy setting, the user settings are stored in the user’s home directory if configured for your environment.
+If you disable or don't configure this policy setting, the user settings are stored in the user’s home directory if configured for your environment.
@@ -5957,8 +6072,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5984,9 +6100,9 @@ If you specify a UNC path and leave the option to replace the default Microsoft
If you specify a UNC path and check the option to replace the default Microsoft templates, all of the default Microsoft templates installed by the UE-V Agent will be deleted from the computer and only the templates located in the settings template catalog will be used.
-If you disable this policy setting, the UE-V Agent will not use the custom settings location templates. If you disable this policy setting after it has been enabled, the UE-V Agent will not restore the default Microsoft templates.
+If you disable this policy setting, the UE-V Agent won't use the custom settings location templates. If you disable this policy setting after it has been enabled, the UE-V Agent won't restore the default Microsoft templates.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -6010,8 +6126,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -6035,7 +6152,7 @@ If you enable this policy setting, Sports user settings continue to sync.
If you disable this policy setting, Sports user settings are excluded from synchronization.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -6059,8 +6176,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -6102,8 +6220,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -6121,13 +6240,13 @@ ADMX Info:
-This policy setting defines whether the User Experience Virtualization (UE-V) Agent synchronizes settings over metered connections. By default, the UE-V Agent does not synchronize settings over a metered connection.
+This policy setting defines whether the User Experience Virtualization (UE-V) Agent synchronizes settings over metered connections. By default, the UE-V Agent doesn't synchronize settings over a metered connection.
With this setting enabled, the UE-V Agent synchronizes settings over a metered connection.
-With this setting disabled, the UE-V Agent does not synchronize settings over a metered connection.
+With this setting disabled, the UE-V Agent doesn't synchronize settings over a metered connection.
-If you do not configure this policy setting, any defined values are deleted.
+If you don't configure this policy setting, any defined values are deleted.
@@ -6151,8 +6270,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -6170,13 +6290,13 @@ ADMX Info:
-This policy setting defines whether the User Experience Virtualization (UE-V) Agent synchronizes settings over metered connections outside of the home provider network, for example when connected via a roaming connection. By default, the UE-V Agent does not synchronize settings over a metered connection that is roaming.
+This policy setting defines whether the User Experience Virtualization (UE-V) Agent synchronizes settings over metered connections outside of the home provider network, for example when connected via a roaming connection. By default, the UE-V Agent doesn't synchronize settings over a metered connection that is roaming.
With this setting enabled, the UE-V Agent synchronizes settings over a metered connection that is roaming.
-With this setting disabled, the UE-V Agent will not synchronize settings over a metered connection that is roaming.
+With this setting disabled, the UE-V Agent won't synchronize settings over a metered connection that is roaming.
-If you do not configure this policy setting, any defined values are deleted.
+If you don't configure this policy setting, any defined values are deleted.
@@ -6200,8 +6320,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -6225,7 +6346,7 @@ If you enable this policy setting, the sync provider pings the settings storage
If you disable this policy setting, the sync provider doesn’t ping the settings storage location before synchronizing settings packages.
-If you do not configure this policy, any defined values will be deleted.
+If you don't configure this policy, any defined values will be deleted.
@@ -6249,8 +6370,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -6273,7 +6395,7 @@ With this setting enabled, the settings of all Windows apps not expressly disabl
With this setting disabled, only the settings of the Windows apps set to synchronize in the Windows App List are synchronized.
-If you do not configure this policy setting, any defined values are deleted.
+If you don't configure this policy setting, any defined values are deleted.
@@ -6297,8 +6419,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -6322,7 +6445,7 @@ If you enable this policy setting, Travel user settings continue to sync.
If you disable this policy setting, Travel user settings are excluded from synchronization.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -6346,8 +6469,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -6366,9 +6490,9 @@ ADMX Info:
This policy setting enables the User Experience Virtualization (UE-V) tray icon. By default, an icon appears in the system tray that displays notifications for UE-V. This icon also provides a link to the UE-V Agent application, Company Settings Center. Users can open the Company Settings Center by right-clicking the icon and selecting Open or by double-clicking the icon. When this group policy setting is enabled, the UE-V tray icon is visible, the UE-V notifications display, and the Company Settings Center is accessible from the tray icon.
-With this setting disabled, the tray icon does not appear in the system tray, UE-V never displays notifications, and the user cannot access Company Settings Center from the system tray. The Company Settings Center remains accessible through the Control Panel and the Start menu or Start screen.
+With this setting disabled, the tray icon doesn't appear in the system tray, UE-V never displays notifications, and the user cannot access Company Settings Center from the system tray. The Company Settings Center remains accessible through the Control Panel and the Start menu or Start screen.
-If you do not configure this policy setting, any defined values are deleted.
+If you don't configure this policy setting, any defined values are deleted.
@@ -6391,8 +6515,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -6416,7 +6541,7 @@ If you enable this policy setting, Video user settings continue to sync.
If you disable this policy setting, Video user settings are excluded from synchronization.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -6440,8 +6565,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -6465,7 +6591,7 @@ If you enable this policy setting, Weather user settings continue to sync.
If you disable this policy setting, Weather user settings are excluded from synchronization.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -6489,8 +6615,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -6514,7 +6641,7 @@ If you enable this policy setting, the WordPad user settings continue to synchro
If you disable this policy setting, WordPad user settings are excluded from the synchronization settings.
-If you do not configure this policy setting, any defined values will be deleted.
+If you don't configure this policy setting, any defined values will be deleted.
@@ -6532,3 +6659,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-userprofiles.md b/windows/client-management/mdm/policy-csp-admx-userprofiles.md
index 01ff1725af..f6d9875e16 100644
--- a/windows/client-management/mdm/policy-csp-admx-userprofiles.md
+++ b/windows/client-management/mdm/policy-csp-admx-userprofiles.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_UserProfiles
-description: Policy CSP - ADMX_UserProfiles
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_UserProfiles.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 11/11/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_UserProfiles
@@ -63,8 +63,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -111,8 +112,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -159,8 +161,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -209,8 +212,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -260,8 +264,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -309,8 +314,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -358,8 +364,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -412,8 +419,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -435,7 +443,6 @@ This setting prevents users from managing the ability to allow apps to access th
If you enable this policy setting, sharing of user name, picture and domain information may be controlled by setting one of the following options:
- "Always on" - users won't be able to change this setting and the user's name and account picture will be shared with apps (not desktop apps). In addition apps (not desktop apps) that have the enterprise authentication capability will also be able to retrieve the user's UPN, SIP/URI, and DNS.
-
- "Always off" - users won't be able to change this setting and the user's name and account picture won't be shared with apps (not desktop apps). In addition apps (not desktop apps) that have the enterprise authentication capability won't be able to retrieve the user's UPN, SIP/URI, and DNS. Selecting this option may have a negative impact on certain enterprise software and/or line of business apps that depend on the domain information protected by this setting to connect with network resources.
If you don't configure or disable this policy the user will have full control over this setting and can turn it off and on. Selecting this option may have a negative impact on certain enterprise software and/or line of business apps that depend on the domain information protected by this setting to connect with network resources if users choose to turn off the setting.
@@ -455,3 +462,7 @@ ADMX Info:
+
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-w32time.md b/windows/client-management/mdm/policy-csp-admx-w32time.md
index 880375abd7..9ec5b2733d 100644
--- a/windows/client-management/mdm/policy-csp-admx-w32time.md
+++ b/windows/client-management/mdm/policy-csp-admx-w32time.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_W32Time
-description: Policy CSP - ADMX_W32Time
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_W32Time.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/28/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_W32Time
@@ -51,8 +51,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -173,8 +174,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -240,8 +242,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -288,8 +291,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -328,3 +332,6 @@ ADMX Info:
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-wcm.md b/windows/client-management/mdm/policy-csp-admx-wcm.md
index 7af1124e31..d396e0aaae 100644
--- a/windows/client-management/mdm/policy-csp-admx-wcm.md
+++ b/windows/client-management/mdm/policy-csp-admx-wcm.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_WCM
-description: Policy CSP - ADMX_WCM
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_WCM.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 10/22/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_WCM
@@ -48,8 +48,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -93,8 +94,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -119,9 +121,9 @@ If this policy setting is disabled, Windows will disconnect a computer from a ne
When soft disconnect is enabled:
-- When Windows decides that the computer should no longer be connected to a network, it waits for traffic to settle on that network. The existing TCP session will continue uninterrupted.
+- Windows decides that the computer should no longer be connected to a network, it waits for traffic to settle on that network. The existing TCP session will continue uninterrupted.
- Windows then checks the traffic level on the network periodically. If the traffic level is above a certain threshold, no further action is taken. The computer stays connected to the network and continues to use it. For example, if the network connection is currently being used to download files from the Internet, the files will continue to be downloaded using that network connection.
-- When the network traffic drops below this threshold, the computer will be disconnected from the network. Apps that keep a network connection active even when they’re not actively using it (for example, email apps) might lose their connection. If this connection loss happens, these apps should re-establish their connection over a different network.
+- Network traffic drops below this threshold, the computer will be disconnected from the network. Apps that keep a network connection active even when they’re not actively using it (for example, email apps) might lose their connection. If this connection loss happens, these apps should re-establish their connection over a different network.
This policy setting depends on other group policy settings. For example, if 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is disabled, Windows won't disconnect from any networks.
@@ -147,8 +149,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -193,3 +196,7 @@ ADMX Info:
+
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-wdi.md b/windows/client-management/mdm/policy-csp-admx-wdi.md
index a4a59c9cbd..b3a2aefd94 100644
--- a/windows/client-management/mdm/policy-csp-admx-wdi.md
+++ b/windows/client-management/mdm/policy-csp-admx-wdi.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_WDI
-description: Policy CSP - ADMX_WDI
-ms.author: dansimp
+description: Learn about Policy CSP - ADMX_WDI.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 11/09/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_WDI
@@ -46,8 +46,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -65,12 +66,15 @@ manager: dansimp
This policy setting determines the data retention limit for Diagnostic Policy Service (DPS) scenario data.
-- If you enable this policy setting, you must enter the maximum size of scenario data that should be retained in megabytes. Detailed troubleshooting data related to scenarios will be retained until this limit is reached.
-- If you disable or don't configure this policy setting, the DPS deletes scenario data once it exceeds 128 megabytes in size.
-No reboots or service restarts are required for this policy setting to take effect: changes take effect immediately.
-This policy setting will only take effect when the Diagnostic Policy Service is in the running state.
-When the service is stopped or disabled, diagnostic scenario data won't be deleted.
-The DPS can be configured with the Services snap-in to the Microsoft Management Console.
+
+If you enable this policy setting, you must enter the maximum size of scenario data that should be retained in megabytes. Detailed troubleshooting data related to scenarios will be retained until this limit is reached.
+
+If you disable or don't configure this policy setting, the DPS deletes scenario data once it exceeds 128 megabytes in size. No reboots or service restarts are required for this policy setting to take effect: changes take effect immediately.
+
+>[!NOTE]
+> This policy setting will only take effect when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenario data won't be deleted.
+>
+> The DPS can be configured with the Services snap-in to the Microsoft Management Console.
@@ -93,8 +97,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -113,11 +118,12 @@ ADMX Info:
This policy setting determines the execution level for Diagnostic Policy Service (DPS) scenarios.
-- If you enable this policy setting, you must select an execution level from the drop-down menu.
+If you enable this policy setting, you must select an execution level from the drop-down menu.
-If you select problem detection and troubleshooting only, the DPS will detect problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting and resolution, the DPS will attempt to automatically fix problems it detects or indicate to the user that assisted resolution is available.
+- If you select problem detection and troubleshooting only, the DPS will detect problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken.
+- If you select detection, troubleshooting and resolution, the DPS will attempt to automatically fix problems it detects or indicate to the user that assisted resolution is available.
-- If you disable this policy setting, Windows can't detect, troubleshoot, or resolve any problems that are handled by the DPS.
+If you disable this policy setting, Windows can't detect, troubleshoot, or resolve any problems that are handled by the DPS.
If you don't configure this policy setting, the DPS enables all scenarios for resolution by default, unless you configure separate scenario-specific policy settings. This policy setting takes precedence over any scenario-specific policy settings when it's enabled or disabled. Scenario-specific policy settings only take effect if this policy setting isn't configured. No reboots or service restarts are required for this policy setting to take effect: changes take effect immediately.
@@ -134,4 +140,8 @@ ADMX Info:
-
\ No newline at end of file
+
+
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-wincal.md b/windows/client-management/mdm/policy-csp-admx-wincal.md
index 25ce545184..410eda6d2b 100644
--- a/windows/client-management/mdm/policy-csp-admx-wincal.md
+++ b/windows/client-management/mdm/policy-csp-admx-wincal.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_WinCal
description: Policy CSP - ADMX_WinCal
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/28/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_WinCal
@@ -45,8 +45,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -65,9 +66,8 @@ manager: dansimp
Windows Calendar is a feature that allows users to manage appointments and tasks by creating personal calendars, publishing them, and subscribing to other users calendars.
-If you enable this setting, Windows Calendar will be turned off.
-
-If you disable or do not configure this setting, Windows Calendar will be turned on.
+- If you enable this setting, Windows Calendar will be turned off.
+- If you disable or do not configure this setting, Windows Calendar will be turned on.
The default is for Windows Calendar to be turned on.
@@ -94,8 +94,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -114,9 +115,8 @@ ADMX Info:
Windows Calendar is a feature that allows users to manage appointments and tasks by creating personal calendars, publishing them, and subscribing to other users calendars.
-If you enable this setting, Windows Calendar will be turned off.
-
-If you disable or do not configure this setting, Windows Calendar will be turned on.
+- If you enable this setting, Windows Calendar will be turned off.
+- If you disable or do not configure this setting, Windows Calendar will be turned on.
The default is for Windows Calendar to be turned on.
diff --git a/windows/client-management/mdm/policy-csp-admx-windowscolorsystem.md b/windows/client-management/mdm/policy-csp-admx-windowscolorsystem.md
index 807a4c84ff..c575e5f9a8 100644
--- a/windows/client-management/mdm/policy-csp-admx-windowscolorsystem.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowscolorsystem.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_WindowsColorSystem
description: Policy CSP - ADMX_WindowsColorSystem
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 10/27/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_WindowsColorSystem
@@ -46,8 +46,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -91,8 +92,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md b/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md
index 1922a73f28..8d93498e0d 100644
--- a/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_WindowsConnectNow
description: Policy CSP - ADMX_WindowsConnectNow
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/28/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_WindowsConnectNow
@@ -48,8 +48,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -68,9 +69,13 @@ manager: dansimp
This policy setting prohibits access to Windows Connect Now (WCN) wizards.
-If you enable this policy setting, the wizards are turned off and users have no access to any of the wizard tasks. All the configuration-related tasks, including "Set up a wireless router or access point" and "Add a wireless device" are disabled.
+- If you enable this policy setting, the wizards are turned off and users have no access to any of the wizard tasks.
-If you disable or don't configure this policy setting, users can access the wizard tasks. They are "Set up a wireless router or access point" and "Add a wireless device." The default for this policy setting allows users to access all WCN wizards.
+All the configuration-related tasks, including "Set up a wireless router or access point" and "Add a wireless device" are disabled.
+
+- If you disable or don't configure this policy setting, users can access the wizard tasks.
+
+They are "Set up a wireless router or access point" and "Add a wireless device." The default for this policy setting allows users to access all WCN wizards.
@@ -93,8 +98,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -113,9 +119,13 @@ ADMX Info:
This policy setting prohibits access to Windows Connect Now (WCN) wizards.
-If you enable this policy setting, the wizards are turned off and users have no access to any of the wizard tasks. All the configuration-related tasks, including "Set up a wireless router or access point" and "Add a wireless device" are disabled.
+- If you enable this policy setting, the wizards are turned off and users have no access to any of the wizard tasks.
-If you disable or don't configure this policy setting, users can access the wizard tasks. They are "Set up a wireless router or access point" and "Add a wireless device." The default for this policy setting allows users to access all WCN wizards.
+All the configuration-related tasks, including "Set up a wireless router or access point" and "Add a wireless device" are disabled.
+
+- If you disable or don't configure this policy setting, users can access the wizard tasks.
+
+They are "Set up a wireless router or access point" and "Add a wireless device." The default for this policy setting allows users to access all WCN wizards.
@@ -139,8 +149,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -161,9 +172,8 @@ This policy setting allows the configuration of wireless settings using Windows
More options are available to allow discovery and configuration over a specific medium.
-If you enable this policy setting, more choices are available to turn off the operations over a specific medium.
-
-If you disable this policy setting, operations are disabled over all media.
+- If you enable this policy setting, more choices are available to turn off the operations over a specific medium.
+- If you disable this policy setting, operations are disabled over all media.
If you don't configure this policy setting, operations are enabled over all media.
diff --git a/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md b/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md
index 8f4e9a4209..5dd0274b06 100644
--- a/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_WindowsExplorer
description: Policy CSP - ADMX_WindowsExplorer
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 10/29/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_WindowsExplorer
@@ -254,8 +254,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -304,8 +305,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -330,7 +332,6 @@ Enabling this policy will also turn off the preview pane and set the folder opti
If you disable or not configure this policy, the default File Explorer behavior is applied to the user.
-
@@ -353,8 +354,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -379,7 +381,6 @@ If you disable or do not configure this setting, the default behavior of not dis
-
ADMX Info:
- GP Friendly name: *Display confirmation dialog when deleting files*
@@ -399,8 +400,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -426,7 +428,6 @@ If you disable or do not configure this policy setting, no changes are made to t
-
ADMX Info:
- GP Friendly name: *Location where all default Library definition files for users/machines reside.*
@@ -446,8 +447,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -473,7 +475,6 @@ This disables access to user-defined properties, and properties stored in NTFS s
-
ADMX Info:
- GP Friendly name: *Disable binding directly to IPropertySetStorage without intermediate layers.*
@@ -493,8 +494,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -529,7 +531,6 @@ If you disable or do not configure this policy, all default Windows Libraries fe
-
ADMX Info:
- GP Friendly name: *Turn off Windows Libraries features that rely on indexed file data*
@@ -550,8 +551,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -599,8 +601,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -649,8 +652,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -669,9 +673,8 @@ ADMX Info:
This policy setting determines whether remote paths can be used for file shortcut (.lnk file) icons.
-If you enable this policy setting, file shortcut icons are allowed to be obtained from remote paths.
-
-If you disable or do not configure this policy setting, file shortcut icons that use remote paths are prevented from being displayed.
+- If you enable this policy setting, file shortcut icons are allowed to be obtained from remote paths.
+- If you disable or do not configure this policy setting, file shortcut icons that use remote paths are prevented from being displayed.
> [!NOTE]
> Allowing the use of remote paths in file shortcut icons can expose users’ computers to security risks.
@@ -699,8 +702,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -754,8 +758,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -802,8 +807,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -849,8 +855,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -869,9 +876,8 @@ ADMX Info:
This policy setting allows you to turn off the display of snippets in Content view mode.
-If you enable this policy setting, File Explorer will not display snippets in Content view mode.
-
-If you disable or do not configure this policy setting, File Explorer shows snippets in Content view mode by default.
+- If you enable this policy setting, File Explorer will not display snippets in Content view mode.
+- If you disable or do not configure this policy setting, File Explorer shows snippets in Content view mode by default.
@@ -895,8 +901,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -916,9 +923,8 @@ ADMX Info:
This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
-If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
-
-If you disable this policy setting, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
+- If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
+- If you disable this policy setting, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
If you do not configure this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
@@ -946,8 +952,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -967,9 +974,8 @@ ADMX Info:
This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
-If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
-
-If you disable this policy setting, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
+- If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
+- If you disable this policy setting, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
If you do not configure this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
@@ -997,8 +1003,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1048,8 +1055,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1099,8 +1107,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1150,8 +1159,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1201,8 +1211,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1252,8 +1263,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1303,8 +1315,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1354,8 +1367,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1405,8 +1419,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1454,8 +1469,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1503,8 +1519,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1552,8 +1569,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1601,8 +1619,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1650,8 +1669,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1699,8 +1719,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1749,8 +1770,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1799,8 +1821,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1848,8 +1871,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1897,8 +1921,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1945,8 +1970,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1991,8 +2017,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2037,8 +2064,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2086,8 +2114,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2135,8 +2164,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2183,8 +2213,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2227,8 +2258,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2273,8 +2305,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2324,8 +2357,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2375,8 +2409,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2399,13 +2434,10 @@ If you disable this setting or do not configure it, the "File name" field includ
This setting, and others in this folder, lets you remove new features added in Windows 2000 Professional, so that the Open dialog box looks like it did in Windows NT 4.0 and earlier. These policies only affect programs that use the standard Open dialog box provided to developers of Windows programs.
-To see an example of the standard Open dialog box, start WordPad and, on the File menu, click Open.
-
-
+To see an example of the standard Open dialog box, start WordPad and, on the **File** menu, click **Open**.
-
ADMX Info:
- GP Friendly name: *Hide the dropdown list of recent files*
@@ -2425,8 +2457,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2469,8 +2502,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2517,8 +2551,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2559,8 +2594,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2608,8 +2644,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2628,9 +2665,8 @@ ADMX Info:
This policy setting allows you to remove the Shared Documents folder from My Computer. When a Windows client is in a workgroup, a Shared Documents icon appears in the File Explorer Web view under "Other Places" and also under "Files Stored on This Computer" in My Computer. Using this policy setting, you can choose not to have these items displayed.
-If you enable this policy setting, the Shared Documents folder is not displayed in the Web view or in My Computer.
-
-If you disable or do not configure this policy setting, the Shared Documents folder is displayed in Web view and also in My Computer when the client is part of a workgroup.
+- If you enable this policy setting, the Shared Documents folder is not displayed in the Web view or in My Computer.
+- If you disable or do not configure this policy setting, the Shared Documents folder is displayed in Web view and also in My Computer when the client is part of a workgroup.
@@ -2654,8 +2690,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2674,7 +2711,7 @@ ADMX Info:
Prevents users from using File Explorer or Network Locations to map or disconnect network drives.
-If you enable this setting, the system removes the Map Network Drive and Disconnect Network Drive commands from the toolbar and Tools menus in File Explorer and Network Locations and from menus that appear when you right-click the File Explorer or Network Locations icons.
+If you enable this setting, the system removes the Map Network Drive and Disconnect Network Drive commands from the toolbar and Tools menus in File Explorer and Network Locations and from menus that appear when you right-click the **File Explorer** or **Network Locations** icons.
This setting does not prevent users from connecting to another computer by typing the name of a shared folder in the Run dialog box.
@@ -2705,8 +2742,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2749,8 +2787,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2769,7 +2808,7 @@ ADMX Info:
Removes the shortcut bar from the Open dialog box. This setting, and others in this folder, lets you remove new features added in Windows 2000 Professional, so that the Open dialog box looks like it did in Windows NT 4.0 and earlier. These policies only affect programs that use the standard Open dialog box provided to developers of Windows programs.
-To see an example of the standard Open dialog box, start WordPad and, on the File menu, click Open.
+To see an example of the standard Open dialog box, start WordPad and, on the **File** menu, click **Open**.
@@ -2793,8 +2832,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2839,8 +2879,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2889,8 +2930,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2935,8 +2977,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2981,8 +3024,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3027,8 +3071,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3074,8 +3119,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3118,8 +3164,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3169,8 +3216,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3217,8 +3265,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3267,8 +3316,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3297,7 +3347,7 @@ The valid items you may display in the Places Bar are:
The list of Common Shell Folders that may be specified:
-Desktop, Recent Places, Documents, Pictures, Music, Recently Changed, Attachments and Saved Searches.
+Desktop, Recent Places, Documents, Pictures, Music, Recently Changed, Attachments, and Saved Searches.
If you disable or do not configure this setting the default list of items will be displayed in the Places Bar.
@@ -3324,8 +3374,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3377,8 +3428,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3426,8 +3478,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3474,8 +3527,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3522,8 +3576,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3570,8 +3625,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3618,8 +3674,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3668,8 +3725,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3700,7 +3758,7 @@ If you disable or do not configure this policy setting, no custom Internet searc
-ADMX Info:
+ADMX Info: ]
- GP Friendly name: *Pin Internet search sites to the "Search again" links and the Start menu*
- GP name: *TryHarderPinnedOpenSearch*
- GP path: *Windows Components\File Explorer*
diff --git a/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md b/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md
index 477a03bb2f..e2b7d6b653 100644
--- a/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_WindowsMediaDRM
description: Policy CSP - ADMX_WindowsMediaDRM
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 08/13/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_WindowsMediaDRM
@@ -42,8 +42,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md b/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md
index c4325fa43a..15f9ca5c47 100644
--- a/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_WindowsMediaPlayer
description: Policy CSP - ADMX_WindowsMediaPlayer
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 10/09/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_WindowsMediaPlayer
@@ -102,8 +102,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -160,8 +161,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -217,8 +219,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -272,8 +275,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -296,6 +300,7 @@ If you enable this policy setting, the Privacy Options and Installation Options
This policy setting prevents the dialog boxes that allow users to select privacy, file types, and other desktop options from being displayed when the Player is first started. Some of the options can be configured by using other Windows Media Player group policies.
+
If you disable or don't configure this policy setting, the dialog boxes are displayed when the user starts the Player for the first time.
@@ -320,8 +325,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -366,8 +372,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -414,8 +421,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -462,8 +470,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -512,8 +521,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -560,8 +570,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -608,8 +619,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -654,8 +666,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -705,8 +718,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -753,8 +767,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -799,8 +814,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -845,8 +861,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -891,8 +908,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -937,8 +955,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -982,8 +1001,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1028,8 +1048,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1078,8 +1099,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md b/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md
index 1d922a36c6..902f22ebc8 100644
--- a/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_WindowsRemoteManagement
description: Policy CSP - ADMX_WindowsRemoteManagement
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/16/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_WindowsRemoteManagement
@@ -46,8 +46,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -67,7 +68,9 @@ manager: dansimp
This policy setting allows you to manage whether the Windows Remote Management (WinRM) service accepts Kerberos credentials over the network.
-If you enable this policy setting, the WinRM service does not accept Kerberos credentials over the network. If you disable or do not configure this policy setting, the WinRM service accepts Kerberos authentication from a remote client.
+If you enable this policy setting, the WinRM service does not accept Kerberos credentials over the network.
+
+If you disable or do not configure this policy setting, the WinRM service accepts Kerberos authentication from a remote client.
@@ -92,8 +95,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-admx-windowsstore.md b/windows/client-management/mdm/policy-csp-admx-windowsstore.md
index c1c177297f..3a56097a51 100644
--- a/windows/client-management/mdm/policy-csp-admx-windowsstore.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowsstore.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_WindowsStore
description: Policy CSP - ADMX_WindowsStore
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 10/26/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_WindowsStore
@@ -57,8 +57,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -105,8 +106,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -154,8 +156,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -203,8 +206,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -252,8 +256,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-admx-wininit.md b/windows/client-management/mdm/policy-csp-admx-wininit.md
index 452cf045a2..0f1c09fbca 100644
--- a/windows/client-management/mdm/policy-csp-admx-wininit.md
+++ b/windows/client-management/mdm/policy-csp-admx-wininit.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_WinInit
description: Policy CSP - ADMX_WinInit
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/29/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_WinInit
@@ -49,8 +49,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -96,8 +97,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -143,8 +145,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-admx-winlogon.md b/windows/client-management/mdm/policy-csp-admx-winlogon.md
index f21fb8b148..767e746db8 100644
--- a/windows/client-management/mdm/policy-csp-admx-winlogon.md
+++ b/windows/client-management/mdm/policy-csp-admx-winlogon.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_WinLogon
description: Policy CSP - ADMX_WinLogon
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 11/09/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_WinLogon
@@ -58,8 +58,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -108,8 +109,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -158,8 +160,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -208,8 +211,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -260,8 +264,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -284,7 +289,7 @@ This policy controls whether the signed-in user should be notified if the sign-i
If enabled, a notification popup will be displayed to the user when the user logs on with cached credentials.
-If disabled or not configured, no popup will be displayed to the user.
+If disabled or not configured, no pop up will be displayed to the user.
@@ -308,8 +313,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -327,7 +333,7 @@ ADMX Info:
-This policy setting controls whether or not software can simulate the Secure Attention Sequence (SAS).
+This policy setting controls whether the software can simulate the Secure Attention Sequence (SAS).
If you enable this policy setting, you have one of four options:
diff --git a/windows/client-management/mdm/policy-csp-admx-winsrv.md b/windows/client-management/mdm/policy-csp-admx-winsrv.md
index 1b02e8ef54..7d744cb320 100644
--- a/windows/client-management/mdm/policy-csp-admx-winsrv.md
+++ b/windows/client-management/mdm/policy-csp-admx-winsrv.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_Winsrv
description: Policy CSP - ADMX_Winsrv
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 02/25/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_Winsrv
@@ -43,8 +43,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-admx-wlansvc.md b/windows/client-management/mdm/policy-csp-admx-wlansvc.md
index 588277efab..146fa04b1b 100644
--- a/windows/client-management/mdm/policy-csp-admx-wlansvc.md
+++ b/windows/client-management/mdm/policy-csp-admx-wlansvc.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_wlansvc
description: Policy CSP - ADMX_wlansvc
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 10/27/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_wlansvc
@@ -49,8 +49,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -97,8 +98,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -143,8 +145,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-admx-wordwheel.md b/windows/client-management/mdm/policy-csp-admx-wordwheel.md
index 45948daa4a..b027226ee8 100644
--- a/windows/client-management/mdm/policy-csp-admx-wordwheel.md
+++ b/windows/client-management/mdm/policy-csp-admx-wordwheel.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_WordWheel
description: Policy CSP - ADMX_WordWheel
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: nimishasatapathy
+author: vinaypamnani-msft
ms.date: 09/22/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_WordWheel
@@ -43,8 +43,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md b/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md
index 2b291fdd5f..56d08ee87f 100644
--- a/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md
+++ b/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_WorkFoldersClient
description: Policy CSP - ADMX_WorkFoldersClient
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: nimishasatapathy
+author: vinaypamnani-msft
ms.date: 09/22/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_WorkFoldersClient
@@ -50,8 +50,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -75,6 +76,7 @@ This policy setting specifies whether Work Folders should be set up automaticall
This folder creation prevents users from choosing not to use Work Folders on the computer; it also prevents them from manually specifying the local folder in which Work Folders stores files. Work Folders will use the settings specified in the "Specify Work Folders settings" policy setting in User Configuration\Administrative Templates\Windows Components\WorkFolders. If the "Specify Work Folders settings" policy setting doesn't apply to a user, Work Folders isn't automatically set up.
- If you disable or don't configure this policy setting, Work Folders uses the "Force automatic setup" option of the "Specify Work Folders settings" policy setting to determine whether to automatically set up Work Folders for a given user.
+
@@ -98,8 +100,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -155,8 +158,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-admx-wpn.md b/windows/client-management/mdm/policy-csp-admx-wpn.md
index 3cfe80c0cc..6397e4e333 100644
--- a/windows/client-management/mdm/policy-csp-admx-wpn.md
+++ b/windows/client-management/mdm/policy-csp-admx-wpn.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_WPN
description: Policy CSP - ADMX_WPN
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 11/13/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_WPN
@@ -58,8 +58,9 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -107,8 +108,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -156,8 +158,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -205,8 +208,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -258,8 +262,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -307,8 +312,9 @@ ADMX Info:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|No|
-|Business|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-applicationdefaults.md b/windows/client-management/mdm/policy-csp-applicationdefaults.md
index 5cebcba3b5..db27b3a605 100644
--- a/windows/client-management/mdm/policy-csp-applicationdefaults.md
+++ b/windows/client-management/mdm/policy-csp-applicationdefaults.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ApplicationDefaults
description: Learn about various Policy configuration service providers (CSP) - ApplicationDefaults, including SyncML, for Windows 10.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ApplicationDefaults
@@ -42,6 +42,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -140,6 +141,7 @@ Here's the SyncMl example:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-applicationmanagement.md b/windows/client-management/mdm/policy-csp-applicationmanagement.md
index 1bddb1ae40..a9bd9d1f06 100644
--- a/windows/client-management/mdm/policy-csp-applicationmanagement.md
+++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ApplicationManagement
description: Learn about various Policy configuration service providers (CSP) - ApplicationManagement, including SyncML, for Windows 10.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 02/11/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ApplicationManagement
@@ -79,6 +79,7 @@ manager: dansimp
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -100,7 +101,6 @@ manager: dansimp
This policy setting controls whether the system can archive infrequently used apps.
- If you enable this policy setting, then the system will periodically check for and archive infrequently used apps.
-
- If you disable this policy setting, then the system won't archive any apps.
If you don't configure this policy setting (default), then the system will follow default behavior, which is to periodically check for and archive infrequently used apps, and the user will be able to configure this setting themselves.
@@ -135,6 +135,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -186,6 +187,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -237,6 +239,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -288,6 +291,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -341,6 +345,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -391,6 +396,7 @@ Most restricted value: 0
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -449,6 +455,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -497,6 +504,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -550,6 +558,7 @@ For this policy to work, the Windows apps need to declare in their manifest that
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -603,6 +612,7 @@ This setting supports a range of values between 0 and 1.
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -659,6 +669,7 @@ This setting supports a range of values between 0 and 1.
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -711,6 +722,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -761,6 +773,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -811,6 +824,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-appruntime.md b/windows/client-management/mdm/policy-csp-appruntime.md
index c8db68a7e0..ab3b3c38da 100644
--- a/windows/client-management/mdm/policy-csp-appruntime.md
+++ b/windows/client-management/mdm/policy-csp-appruntime.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - AppRuntime
description: Learn how the Policy CSP - AppRuntime setting controls whether Microsoft accounts are optional for Windows Store apps that require an account to sign in.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - AppRuntime
@@ -45,6 +45,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-appvirtualization.md b/windows/client-management/mdm/policy-csp-appvirtualization.md
index 24c9070487..9803e28948 100644
--- a/windows/client-management/mdm/policy-csp-appvirtualization.md
+++ b/windows/client-management/mdm/policy-csp-appvirtualization.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - AppVirtualization
description: Learn how the Policy CSP - AppVirtualization setting allows you to enable or disable Microsoft Application Virtualization (App-V) feature.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - AppVirtualization
@@ -126,6 +126,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -170,6 +171,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -187,7 +189,7 @@ ADMX Info:
-Enables Dynamic Virtualization of supported shell extensions, browser helper objects, and ActiveX controls.
+This policy enables Dynamic Virtualization of supported shell extensions, browser helper objects, and ActiveX controls.
@@ -213,6 +215,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -230,7 +233,7 @@ ADMX Info:
-Enables automatic cleanup of appv packages that were added after Windows10 anniversary release.
+Enables automatic cleanup of App-v packages that were added after Windows 10 anniversary release.
@@ -256,6 +259,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -273,7 +277,7 @@ ADMX Info:
-Enables scripts defined in the package manifest of configuration files that should run.
+This policy enables scripts defined in the package manifest of configuration files that should run.
@@ -299,6 +303,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -316,11 +321,10 @@ ADMX Info:
-Enables a UX to display to the user when a publishing refresh is performed on the client.
+This policy enables a UX to display to the user when a publishing refresh is performed on the client.
-
ADMX Info:
- GP Friendly name: *Enable Publishing Refresh UX*
@@ -342,6 +346,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -361,7 +366,7 @@ ADMX Info:
Reporting Server URL: Displays the URL of reporting server.
-Reporting Time: When the client data should be reported to the server. Acceptable range is 0~23, corresponding to the 24 hours in a day. A good practice is, don't set this time to a busy hour, for example, 9AM.
+Reporting Time: When the client data should be reported to the server. Acceptable range is 0 ~ 23, corresponding to the 24 hours in a day. A good practice is, don't set this time to a busy hour, for example, 9AM.
Delay reporting for the random minutes: The maximum minutes of random delay on top of the reporting time. For a busy system, the random delay will help reduce the server load.
@@ -395,6 +400,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -412,7 +418,8 @@ ADMX Info:
-Specifies the file paths relative to %userprofile% that don't roam with a user's profile. Example usage: /FILEEXCLUSIONLIST='desktop;my pictures'.
+
+This policy specifies the file paths relative to %userprofile% that do not roam with a user's profile. Example usage: /FILEEXCLUSIONLIST='desktop;my pictures'.
@@ -438,6 +445,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -455,7 +463,8 @@ ADMX Info:
-Specifies the registry paths that don't roam with a user profile. Example usage: /REGISTRYEXCLUSIONLIST=software\classes;software\clients.
+
+This policy specifies the registry paths that do not roam with a user profile. Example usage: /REGISTRYEXCLUSIONLIST=software\classes;software\clients.
@@ -481,6 +490,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -498,7 +508,7 @@ ADMX Info:
-Specifies how new packages should be loaded automatically by App-V on a specific computer.
+This policy specifies how new packages should be loaded automatically by App-V on a specific computer.
@@ -524,6 +534,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -567,6 +578,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -584,7 +596,9 @@ ADMX Info:
-Specifies the location where symbolic links are created to the current version of a per-user published package. Shortcuts, file type associations, etc. are created pointing to this path. If empty, symbolic links aren't used during publishing. Example: %localappdata%\Microsoft\AppV\Client\Integration.
+
+This policy specifies the location where symbolic links are created to the current version of a per-user published package. Shortcuts, file type associations, etc. are created pointing to this path. If empty, symbolic links are not used during publishing. Example: %localappdata%\Microsoft\AppV\Client\Integration.
+
@@ -610,6 +624,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -627,7 +642,8 @@ ADMX Info:
-Specifies the location where symbolic links are created to the current version of a globally published package. Shortcuts, file type associations, etc. are created pointing to this path. If empty, symbolic links aren't used during publishing. Example: %allusersprofile%\Microsoft\AppV\Client\Integration.
+
+This policy specifies the location where symbolic links are created to the current version of a globally published package. Shortcuts, file type associations, etc. are created pointing to this path. If empty, symbolic links are not used during publishing. Example: %allusersprofile%\Microsoft\AppV\Client\Integration.
@@ -653,6 +669,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -714,6 +731,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -775,6 +793,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -836,6 +855,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -897,6 +917,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -958,6 +979,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -975,7 +997,7 @@ ADMX Info:
-Specifies the path to a valid certificate in the certificate store.
+This policy specifies the path to a valid certificate in the certificate store.
@@ -1001,6 +1023,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1044,6 +1067,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1061,7 +1085,7 @@ ADMX Info:
-Specifies the CLSID for a compatible implementation of the IAppvPackageLocationProvider interface.
+This policy specifies the CLSID for a compatible implementation of the AppvPackageLocationProvider interface.
@@ -1087,6 +1111,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1104,7 +1129,7 @@ ADMX Info:
-Specifies directory where all new applications and updates will be installed.
+This policy specifies directory where all new applications and updates will be installed.
@@ -1130,6 +1155,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1147,7 +1173,7 @@ ADMX Info:
-Overrides source location for downloading package content.
+This policy overrides source location for downloading package content.
@@ -1173,6 +1199,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1190,7 +1217,7 @@ ADMX Info:
-Specifies the number of seconds between attempts to reestablish a dropped session.
+This policy specifies the number of seconds between attempts to reestablish a dropped session.
@@ -1216,6 +1243,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1233,7 +1261,7 @@ ADMX Info:
-Specifies the number of times to retry a dropped session.
+This policy specifies the number of times to retry a dropped session.
@@ -1259,6 +1287,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1276,7 +1305,8 @@ ADMX Info:
-Specifies that streamed package contents won't be saved to the local hard disk.
+
+This policy specifies that streamed package contents will be not be saved to the local hard disk.
@@ -1302,6 +1332,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1345,6 +1376,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1388,6 +1420,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1405,7 +1438,7 @@ ADMX Info:
-Specifies a list of process paths (may contain wildcards) which are candidates for using virtual components (shell extensions, browser helper objects, etc.). Only processes whose full path matches one of these items can use virtual components.
+This policy specifies a list of process paths (may contain wildcards) which are candidates for using virtual components (shell extensions, browser helper objects, etc.). Only processes whose full path matches one of these items can use virtual components.
diff --git a/windows/client-management/mdm/policy-csp-attachmentmanager.md b/windows/client-management/mdm/policy-csp-attachmentmanager.md
index b182ba287e..2878642c3e 100644
--- a/windows/client-management/mdm/policy-csp-attachmentmanager.md
+++ b/windows/client-management/mdm/policy-csp-attachmentmanager.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - AttachmentManager
description: Manage Windows marks file attachments with information about their zone of origin, such as restricted, internet, intranet, local.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - AttachmentManager
@@ -52,6 +52,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -70,6 +71,7 @@ manager: dansimp
+
This policy setting allows you to manage whether Windows marks file attachments with information about their zone of origin (such as restricted, Internet, intranet, local). This feature requires NTFS in order to function correctly, and will fail without notice on FAT32. If the zone information is not preserved, Windows can't make proper risk assessments.
If you enable this policy setting, Windows doesn't mark file attachments with their zone information.
@@ -102,6 +104,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -152,6 +155,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-audit.md b/windows/client-management/mdm/policy-csp-audit.md
index 1ac68b444f..f70ec5324f 100644
--- a/windows/client-management/mdm/policy-csp-audit.md
+++ b/windows/client-management/mdm/policy-csp-audit.md
@@ -1,11 +1,11 @@
---
title: Policy CSP - Audit
description: Learn how the Policy CSP - Audit setting causes an audit event to be generated when an account can't sign in to a computer because the account is locked out.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
---
@@ -209,6 +209,7 @@ ms.date: 09/27/2019
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -269,6 +270,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -292,6 +294,7 @@ This policy allows you to audit the group membership information in the user's s
When this setting is configured, one or more security audit events are generated for each successful sign in. Enable the Audit Logon setting under Advanced Audit Policy Configuration\System Audit Policies\Logon/Logoff. Multiple events are generated if the group membership information can't fit in a single security audit event.
Volume: Low on a client computer. Medium on a domain controller or a network server.
+
GP Info:
@@ -326,6 +329,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -385,6 +389,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -443,6 +448,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -500,6 +506,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -558,6 +565,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -585,6 +593,7 @@ The following events are included:
- Security identifiers (SIDs) were filtered and not allowed to sign in.
Volume: Low on a client computer. Medium on a domain controller or a network server.
+
GP Info:
@@ -619,6 +628,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -642,6 +652,7 @@ If you configure this policy setting, an audit event is generated for each IAS a
If you don't configure this policy settings, IAS and NAP user access requests aren't audited.
Volume: Medium or High on NPS and IAS server. No volume on other computers.
+
GP Info:
@@ -676,6 +687,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -739,6 +751,7 @@ The following values are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -796,6 +809,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -821,6 +835,7 @@ User claims are added to a sign-in token when claims are included with a user's
When this setting is configured, one or more security audit events are generated for each successful sign in. You must also enable the Audit Logon setting under Advanced Audit Policy Configuration\System Audit Policies\Logon/Logoff. Multiple events are generated if the user and device claims information can't fit in a single security audit event.
Volume: Low on a client computer. Medium on a domain controller or a network server.
+
GP Info:
@@ -855,6 +870,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -878,6 +894,7 @@ This policy setting allows you to audit events generated by validation tests on
Events in this subcategory occur only on the computer that is authoritative for those credentials. For domain accounts, the domain controller is authoritative. For local accounts, the local computer is authoritative.
Volume: High on domain controllers.
+
GP Info:
@@ -885,7 +902,7 @@ GP Info:
- GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Account Logon*
-
+]
The following are the supported values:
- 0 (default)—Off/None
- 1—Success
@@ -912,6 +929,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -936,6 +954,7 @@ If you configure this policy setting, an audit event is generated after a Kerber
If you don't configure this policy setting, no audit event is generated after a Kerberos authentication TGT request.
Volume: High on Kerberos Key Distribution Center servers.
+
GP Info:
@@ -970,6 +989,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1028,6 +1048,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1084,6 +1105,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1144,6 +1166,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1202,6 +1225,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1266,6 +1290,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1329,6 +1354,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1390,6 +1416,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1455,6 +1482,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1511,6 +1539,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1570,6 +1599,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1635,6 +1665,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1696,6 +1727,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1753,6 +1785,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1810,6 +1843,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1867,6 +1901,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1924,6 +1959,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1981,6 +2017,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2036,6 +2073,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2095,6 +2133,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2157,6 +2196,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2229,6 +2269,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2288,6 +2329,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2347,6 +2389,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2407,6 +2450,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2475,6 +2519,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2530,6 +2575,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2590,6 +2636,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2609,7 +2656,7 @@ The following are the supported values:
This policy setting allows you to audit attempts to access the kernel, which includes mutexes and semaphores.
-Only kernel objects with a matching system access control list (SACL) generate security audit events.
+Only kernel objects with a matching System Access Control List (SACL) generate security audit events.
> [!Note]
> The Audit: Audit the access of global system objects policy setting controls the default SACL of kernel objects.
@@ -2648,6 +2695,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2713,6 +2761,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2731,7 +2780,7 @@ The following are the supported values:
-This policy setting allows you to audit attempts to access registry objects. A security audit event is generated only for objects that have system access control lists (SACLs) specified, and only if the type of access requested, such as Read, Write, or Modify, and the account making the request match the settings in the SACL.
+This policy setting allows you to audit attempts to access registry objects. A security audit event is generated only for objects that have SACLs specified, and only if the type of access requested, such as Read, Write, or Modify, and the account making the request match the settings in the SACL.
If you configure this policy setting, an audit event is generated each time an account accesses a registry object with a matching SACL. Success audits record successful attempts and Failure audits record unsuccessful attempts.
If you don't configure this policy setting, no audit event is generated when an account accesses a registry object with a matching SACL.
@@ -2773,6 +2822,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2830,6 +2880,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2897,6 +2948,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2969,6 +3021,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3032,6 +3085,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3094,6 +3148,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3159,6 +3214,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3220,6 +3276,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3286,6 +3343,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3374,6 +3432,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3427,6 +3486,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3499,6 +3559,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3563,6 +3624,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3621,6 +3683,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3679,6 +3742,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3739,6 +3803,7 @@ The following are the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-authentication.md b/windows/client-management/mdm/policy-csp-authentication.md
index f1263416b4..b7a3091207 100644
--- a/windows/client-management/mdm/policy-csp-authentication.md
+++ b/windows/client-management/mdm/policy-csp-authentication.md
@@ -1,14 +1,14 @@
---
title: Policy CSP - Authentication
description: The Policy CSP - Authentication setting allows the Azure AD tenant administrators to enable self service password reset feature on the Windows sign-in screen.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.reviewer: bobgil
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - Authentication
@@ -65,6 +65,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -106,6 +107,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -124,7 +126,7 @@ The following list shows the supported values:
-Allows an EAP cert-based authentication for a single sign on (SSO) to access internal resources.
+Allows an EAP cert-based authentication for a Single Sign on (SSO) to access internal resources.
@@ -147,6 +149,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -190,6 +193,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -235,6 +239,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -288,6 +293,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -306,7 +312,7 @@ The following list shows the supported values:
-Specifies the list of domains that are allowed to be navigated to in AAD PIN reset and Web Sign-in Windows device scenarios where authentication is handled by AD FS or a third-party federated identity provider. Note this policy is required in federated environments as a mitigation to the vulnerability described in [CVE-2021-27092](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27092).
+Specifies the list of domains that are allowed to be navigated to in Azure Active Directory PIN reset and Web Sign-in Windows device scenarios where authentication is handled by AD FS or a third-party federated identity provider. Note this policy is required in federated environments as a mitigation to the vulnerability described in [CVE-2021-27092](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27092).
**Example**: If your organization's PIN reset or Web Sign-in authentication flow is expected to navigate to two domains, accounts.contoso.com and signin.contoso.com, the policy value should be "accounts.contoso.com;signin.contoso.com".
@@ -333,6 +339,7 @@ Specifies the list of domains that are allowed to be navigated to in AAD PIN res
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -382,6 +389,7 @@ Web Sign-in is only supported on Azure AD Joined PCs.
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -437,6 +445,7 @@ Value type is integer. Supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -492,6 +501,7 @@ Value type is integer. Supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-autoplay.md b/windows/client-management/mdm/policy-csp-autoplay.md
index 365d7cf732..cbccee0f6f 100644
--- a/windows/client-management/mdm/policy-csp-autoplay.md
+++ b/windows/client-management/mdm/policy-csp-autoplay.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - Autoplay
description: Learn how the Policy CSP - Autoplay setting disallows AutoPlay for MTP devices like cameras or phones.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - Autoplay
@@ -51,6 +51,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -76,6 +77,7 @@ If you enable this policy setting, AutoPlay isn't allowed for MTP devices like c
If you disable or don't configure this policy setting, AutoPlay is enabled for non-volume devices.
+
@@ -100,6 +102,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -158,6 +161,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -191,7 +195,8 @@ This policy setting disables Autoplay on other types of drives. You can't use th
If you disable or don't configure this policy setting, AutoPlay is enabled.
-Note: This policy setting appears in both the Computer Configuration and User Configuration folders. If the policy settings conflict, the policy setting in Computer Configuration takes precedence over the policy setting in User Configuration.
+> [!Note]
+> This policy setting appears in both the Computer Configuration and User Configuration folders. If the policy settings conflict, the policy setting in Computer Configuration takes precedence over the policy setting in User Configuration.
diff --git a/windows/client-management/mdm/policy-csp-bitlocker.md b/windows/client-management/mdm/policy-csp-bitlocker.md
index add5331983..7aa01b7d63 100644
--- a/windows/client-management/mdm/policy-csp-bitlocker.md
+++ b/windows/client-management/mdm/policy-csp-bitlocker.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - BitLocker
description: Use the Policy configuration service provider (CSP) - BitLocker to manage encryption of PCs and devices.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - BitLocker
@@ -42,6 +42,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -60,7 +61,7 @@ manager: dansimp
-Specifies the BitLocker Drive Encryption method and cipher strength.
+This policy specifies the BitLocker Drive Encryption method and cipher strength.
> [!NOTE]
> XTS-AES 128-bit and XTS-AES 256-bit values are supported only on Windows 10 for desktop.
diff --git a/windows/client-management/mdm/policy-csp-bits.md b/windows/client-management/mdm/policy-csp-bits.md
index 7b7b384396..639d2c8e86 100644
--- a/windows/client-management/mdm/policy-csp-bits.md
+++ b/windows/client-management/mdm/policy-csp-bits.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - BITS
-description: Use StartTime, EndTime and Transfer rate together to define the BITS bandwidth-throttling schedule and transfer rate.
-ms.author: dansimp
+description: Use StartTime, EndTime and Transfer rate together to define the BITS bandwidth-throttling schedule and transfer rate.
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - BITS
@@ -60,6 +60,7 @@ If BITS/BandwidthThrottlingStartTime or BITS/BandwidthThrottlingEndTime are NOT
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -93,7 +94,7 @@ If you disable or don't configure this policy setting, BITS uses all available u
> [!NOTE]
> You should base the limit on the speed of the network link, not the computer's network interface card (NIC). This policy setting doesn't affect peer caching transfers between peer computers (it does affect transfers from the origin server); the "Limit the maximum network bandwidth used for Peercaching" policy setting should be used for that purpose.
-Consider using this setting to prevent BITS transfers from competing for network bandwidth when the client computer has a fast network card (10Mbs), but is connected to the network via a slow link (56Kbs).
+Consider using this setting to prevent BITS transfers from competing for network bandwidth when the client computer has a fast network card (10Mbs), but is connected to the network via a slow link (56 Kbs).
@@ -127,6 +128,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -159,7 +161,7 @@ If you disable or don't configure this policy setting, BITS uses all available u
> [!NOTE]
> You should base the limit on the speed of the network link, not the computer's network interface card (NIC). This policy setting doesn't affect peer caching transfers between peer computers (it does affect transfers from the origin server); the "Limit the maximum network bandwidth used for Peercaching" policy setting should be used for that purpose.
-Consider using this setting to prevent BITS transfers from competing for network bandwidth when the client computer has a fast network card (10Mbs), but is connected to the network via a slow link (56Kbs).
+Consider using this setting to prevent BITS transfers from competing for network bandwidth when the client computer has a fast network card (10Mbs), but is connected to the network via a slow link (56 Kbs).
@@ -193,6 +195,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -223,7 +226,8 @@ BITS, by using the three policies together (BandwidthThrottlingStartTime, Bandwi
If you disable or don't configure this policy setting, BITS uses all available unused bandwidth.
> [!NOTE]
-> You should base the limit on the speed of the network link, not the computer's network interface card (NIC). This policy setting doesn't affect peer caching transfers between peer computers (it does affect transfers from the origin server); the "Limit the maximum network bandwidth used for Peercaching" policy setting should be used for that purpose.
+
+> You should base the limit on the speed of the network link, not the computer's Network Interface Card (NIC). This policy setting does not affect peer caching transfers between peer computers (it does affect transfers from the origin server); the "Limit the maximum network bandwidth used for Peercaching" policy setting should be used for that purpose.
Consider using this setting to prevent BITS transfers from competing for network bandwidth when the client computer has a fast network card (10Mbs), but is connected to the network via a slow link (56Kbs).
@@ -259,6 +263,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -319,6 +324,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -379,6 +385,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-bluetooth.md b/windows/client-management/mdm/policy-csp-bluetooth.md
index a27b8b0f61..0a044cfc57 100644
--- a/windows/client-management/mdm/policy-csp-bluetooth.md
+++ b/windows/client-management/mdm/policy-csp-bluetooth.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - Bluetooth
description: Learn how the Policy CSP - Bluetooth setting specifies whether the device can send out Bluetooth advertisements.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 02/12/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - Bluetooth
@@ -55,6 +55,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -73,7 +74,7 @@ manager: dansimp
-Specifies whether the device can send out Bluetooth advertisements.
+This policy specifies whether the device can send out Bluetooth advertisements.
If this policy isn't set or is deleted, the default value of 1 (Allow) is used.
@@ -100,6 +101,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -118,7 +120,7 @@ The following list shows the supported values:
-Specifies whether other Bluetooth-enabled devices can discover the device.
+This policy specifies whether other Bluetooth-enabled devices can discover the device.
If this policy isn't set or is deleted, the default value of 1 (Allow) is used.
@@ -145,6 +147,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -163,7 +166,7 @@ The following list shows the supported values:
-Specifies whether to allow specific bundled Bluetooth peripherals to automatically pair with the host device.
+This policy specifies whether to allow specific bundled Bluetooth peripherals to automatically pair with the host device.
@@ -186,6 +189,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -227,6 +231,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -265,6 +270,7 @@ If this policy isn't set or is deleted, the default local radio name is used.
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -301,6 +307,7 @@ The default value is an empty string. For more information, see [ServicesAllowed
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md
index 5deb121be6..6da1550f1d 100644
--- a/windows/client-management/mdm/policy-csp-browser.md
+++ b/windows/client-management/mdm/policy-csp-browser.md
@@ -4,11 +4,11 @@ description: Learn how to use the Policy CSP - Browser settings so you can confi
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
-ms.author: dansimp
+author: vinaypamnani-msft
+ms.author: vinpa
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
ms.localizationpriority: medium
---
@@ -205,6 +205,7 @@ ms.localizationpriority: medium
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -259,6 +260,7 @@ Most restricted value: 0
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -321,6 +323,7 @@ To verify AllowAutofill is set to 0 (not allowed):
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -373,6 +376,7 @@ Supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -435,6 +439,7 @@ To verify AllowCookies is set to 0 (not allowed):
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -487,6 +492,7 @@ Most restricted value: 0
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -548,6 +554,7 @@ To verify AllowDoNotTrack is set to 0 (not allowed):
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -600,6 +607,7 @@ Supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -652,6 +660,7 @@ Supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -707,6 +716,7 @@ Most restricted value: 1
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -767,6 +777,7 @@ Most restricted value: 0
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -819,6 +830,7 @@ Most restricted value: 0
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -875,6 +887,7 @@ Most restricted value: 0
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -936,6 +949,7 @@ To verify AllowPasswordManager is set to 0 (not allowed):
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -997,6 +1011,7 @@ To verify AllowPopups is set to 0 (not allowed):
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -1058,6 +1073,7 @@ Most restricted value: 0
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -1118,6 +1134,7 @@ Most restricted value: 0
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -1178,6 +1195,7 @@ Most restricted value: 0
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -1236,6 +1254,7 @@ Most restricted value: 0
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -1289,6 +1308,7 @@ Most restricted value: 0
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -1349,6 +1369,7 @@ Most restricted value: 0
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -1409,6 +1430,7 @@ To verify AllowSmartScreen is set to 0 (not allowed):
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -1468,6 +1490,7 @@ Most restricted value: 1
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -1527,6 +1550,7 @@ Supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -1582,6 +1606,7 @@ Most restricted value: 0
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -1645,6 +1670,7 @@ To verify whether browsing data is cleared on exit (ClearBrowsingDataOnExit is s
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -1703,6 +1729,7 @@ Most restricted value: 0
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -1763,6 +1790,7 @@ Supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -1827,6 +1855,7 @@ Supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -1894,6 +1923,7 @@ Supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -1956,6 +1986,7 @@ Supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -2028,6 +2059,7 @@ Supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -2089,6 +2121,7 @@ Most restricted value: 0
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -2148,6 +2181,7 @@ Most restricted value: 0
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -2200,6 +2234,7 @@ Most restricted value: 0
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -2253,6 +2288,7 @@ Supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -2289,6 +2325,7 @@ Supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -2354,6 +2391,7 @@ Supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -2408,6 +2446,7 @@ Most restricted value: 1
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -2460,6 +2499,7 @@ Most restricted value: 1
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -2518,6 +2558,7 @@ Most restricted value: 1
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -2571,6 +2612,7 @@ Most restricted value: 1
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -2624,6 +2666,7 @@ Most restricted value: 1
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -2675,6 +2718,7 @@ Most restricted value: 1
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -2727,6 +2771,7 @@ Most restricted value: 1
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -2785,6 +2830,7 @@ Supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -2837,6 +2883,7 @@ Most restricted value: 1
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -2898,6 +2945,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -2951,6 +2999,7 @@ Most restricted value: 0
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -3012,6 +3061,7 @@ Most restricted value: 1
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -3070,6 +3120,7 @@ Supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -3127,6 +3178,7 @@ Supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -3179,6 +3231,7 @@ Most restricted value: 0
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -3227,6 +3280,7 @@ Supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -3290,6 +3344,7 @@ To verify that favorites are in synchronized between Internet Explorer and Micro
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -3348,6 +3403,7 @@ Supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
diff --git a/windows/client-management/mdm/policy-csp-camera.md b/windows/client-management/mdm/policy-csp-camera.md
index 1a06b54ae0..ed98c5d85b 100644
--- a/windows/client-management/mdm/policy-csp-camera.md
+++ b/windows/client-management/mdm/policy-csp-camera.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - Camera
description: Learn how to use the Policy CSP - Camera setting so that you can configure it to disable or enable the camera.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - Camera
@@ -39,11 +39,11 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
-
diff --git a/windows/client-management/mdm/policy-csp-cellular.md b/windows/client-management/mdm/policy-csp-cellular.md
index 48876d706e..eb2180cddd 100644
--- a/windows/client-management/mdm/policy-csp-cellular.md
+++ b/windows/client-management/mdm/policy-csp-cellular.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - Cellular
description: Learn how to use the Policy CSP - Cellular setting so you can specify whether Windows apps can access cellular data.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - Cellular
@@ -57,6 +57,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -121,6 +122,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -164,6 +166,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -207,6 +210,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -250,6 +254,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-connectivity.md b/windows/client-management/mdm/policy-csp-connectivity.md
index c556897ebb..f4dc267b7a 100644
--- a/windows/client-management/mdm/policy-csp-connectivity.md
+++ b/windows/client-management/mdm/policy-csp-connectivity.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - Connectivity
description: Learn how to use the Policy CSP - Connectivity setting to allow the user to enable Bluetooth or restrict access.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
-ms.reviewer:
-manager: dansimp
+ms.reviewer:
+manager: aaroncz
---
# Policy CSP - Connectivity
@@ -84,6 +84,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -102,7 +103,7 @@ manager: dansimp
-Allows the user to enable Bluetooth or restrict access.
+This policy allows the user to enable Bluetooth or restrict access.
> [!NOTE]
> This value isn't supported in Windows 10.
@@ -115,9 +116,9 @@ Most restricted value is 0.
The following list shows the supported values:
-- 0 – Disallow Bluetooth. If the value is set to 0, the radio in the Bluetooth control panel will be grayed out and the user won't be able to turn on Bluetooth.
-- 1 – Reserved. If the value is set to 1, the radio in the Bluetooth control panel will be functional and the user will be able to turn on Bluetooth.
-- 2 (default) – Allow Bluetooth. If the value is set to 2, the radio in the Bluetooth control panel will be functional and the user will be able to turn on Bluetooth.
+- 0 – Disallow Bluetooth. If this is set to 0, the radio in the Bluetooth control panel will be grayed out and the user won't be able to turn on Bluetooth.
+- 1 – Reserved. If this is set to 1, the radio in the Bluetooth control panel will be functional and the user will be able to turn on Bluetooth.
+- 2 (default) – Allow Bluetooth. If this is set to 2, the radio in the Bluetooth control panel will be functional and the user will be able to turn on Bluetooth.
@@ -133,6 +134,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -151,7 +153,8 @@ The following list shows the supported values:
-Allows the cellular data channel on the device. Device reboot isn't required to enforce the policy.
+
+This policy allows the cellular data channel on the device. Device reboot isn't required to enforce the policy.
@@ -175,6 +178,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -237,6 +241,7 @@ To validate on devices, perform the following steps:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -258,7 +263,7 @@ To validate on devices, perform the following steps:
> [!NOTE]
> This policy requires reboot to take effect.
-Allows IT Admins the ability to disable the Connected Devices Platform (CDP) component. CDP enables discovery and connection to other devices (either proximally with BT/LAN or through the cloud) to support remote app launching, remote messaging, remote app sessions, and other cross-device experiences.
+This policy allows IT Admins the ability to disable the Connected Devices Platform (CDP) component. CDP enables discovery and connection to other devices (either proximally with BT/LAN or through the cloud) to support remote app launching, remote messaging, remote app sessions, and other cross-device experiences.
@@ -281,6 +286,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -301,7 +307,10 @@ The following list shows the supported values:
This policy allows IT admins to turn off the ability to Link a Phone with a PC to continue tasks, such as reading, email, and other tasks that require linking between Phone and PC.
-If you enable this policy setting, the Windows device will be able to enroll in Phone-PC linking functionality and participate in 'Continue on PC experiences'. If you disable this policy setting, the Windows device isn't allowed to be linked to phones, will remove itself from the device list of any linked Phones, and can't participate in 'Continue on PC experiences'.
+If you enable this policy setting, the Windows device will be able to enroll in Phone-PC linking functionality and participate in 'Continue on PC experiences'.
+
+If you disable this policy setting, the Windows device isn't allowed to be linked to phones, will remove itself from the device list of any linked Phones, and can't participate in 'Continue on PC experiences'.
+
If you don't configure this policy setting, the default behavior depends on the Windows edition. Changes to this policy take effect on reboot.
@@ -321,7 +330,8 @@ This setting supports a range of values between 0 and 1.
Validation:
-If the Connectivity/AllowPhonePCLinking policy is configured to value 0, the add a phone button in the Phones section in settings will be grayed out and clicking it won't launch the window for a user to enter their phone number.
+
+If the Connectivity/AllowPhonePCLinking policy is configured to value 0, add a phone button in the Phones section in settings will be grayed out and clicking it will not launch the window for a user to enter their phone number.
Device that has previously opt-in to MMX will also stop showing on the device list.
@@ -339,6 +349,7 @@ Device that has previously opt-in to MMX will also stop showing on the device li
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|No|No|
|Education|No|No|
@@ -387,6 +398,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -430,6 +442,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -448,7 +461,7 @@ The following list shows the supported values:
-Prevents the device from connecting to VPN when the device roams over cellular networks.
+This policy prevents the device from connecting to VPN when the device roams over cellular networks.
Most restricted value is 0.
@@ -473,6 +486,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -527,6 +541,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -579,6 +594,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -631,6 +647,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -675,6 +692,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -721,6 +739,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -739,7 +758,7 @@ ADMX Info:
-Determines whether a user can install and configure the Network Bridge.
+This policy determines whether a user can install and configure the Network Bridge.
Important: This setting is location aware. It only applies when a computer is connected to the same DNS domain network it was connected to when the setting was refreshed on that computer. If a computer is connected to a DNS domain network other than the one it was connected to when the setting was refreshed, this setting doesn't apply.
diff --git a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
index e66ffbee8b..da457db759 100644
--- a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
+++ b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
@@ -1,14 +1,14 @@
---
title: Policy CSP - ControlPolicyConflict
description: Use the Policy CSP - ControlPolicyConflict setting to control which policy is used whenever both the MDM policy and its equivalent Group Policy are set on the device.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ControlPolicyConflict
@@ -32,12 +32,21 @@ manager: dansimp
**ControlPolicyConflict/MDMWinsOverGP**
+> [!NOTE]
+> This setting doesn't apply to the following types of group policies:
+>
+> - If they don't map to an MDM policy. For example, firewall policies and account lockout policies.
+> - If they aren't defined by an ADMX. For example, Password policy - minimum password age.
+> - If they're in the Windows Update category.
+> - If they have list entries. For example, the Microsoft Edge CookiesAllowedForUrls policy.
+
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -61,7 +70,8 @@ This policy allows the IT admin to control which policy will be used whenever bo
> [!NOTE]
> MDMWinsOverGP only applies to policies in Policy CSP. MDM policies win over Group Policies where applicable; not all Group Policies are available via MDM or CSP. It does not apply to other MDM settings with equivalent GP settings that are defined in other CSPs.
-This policy is used to ensure that MDM policy wins over GP when policy is configured on MDM channel. The default value is 0. The MDM policies in Policy CSP will behave as described if this policy value is set 1.
+This policy is used to ensure that MDM policy wins over GP when policy is configured on MDM channel.
+The default value is 0. The MDM policies in Policy CSP will behave as described if this policy value is set 1.
> [!NOTE]
> This policy doesn't support the Delete command and doesn’t support setting the value to 0 again after it was previously set to 1. Windows 10 version 1809 will support using the Delete command to set the value to 0 again, if it was previously set to 1.
@@ -71,7 +81,8 @@ The following list shows the supported values:
- 0 (default)
- 1 - The MDM policy is used and the GP policy is blocked.
-The policy should be set at every sync to ensure the device removes any settings that conflict with MDM just as it does on the first set of the policy. This activation ensures that:
+The policy should be set at every sync to ensure the device removes any settings that conflict with MDM just as it does on the very first set of the policy.
+This ensures that:
- GP settings that correspond to MDM applied settings aren't conflicting
- The current Policy Manager policies are refreshed from what MDM has set
diff --git a/windows/client-management/mdm/policy-csp-credentialproviders.md b/windows/client-management/mdm/policy-csp-credentialproviders.md
index 21357c48c3..28f4edb5ec 100644
--- a/windows/client-management/mdm/policy-csp-credentialproviders.md
+++ b/windows/client-management/mdm/policy-csp-credentialproviders.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - CredentialProviders
description: Learn how to use the policy CSP for credential provider so you can control whether a domain user can sign in using a convenience PIN.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - CredentialProviders
@@ -51,6 +51,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -104,6 +105,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -128,7 +130,8 @@ If you enable this policy setting, a domain user can't set up or sign in with a
If you disable or don't configure this policy setting, a domain user can set up and use a picture password.
-Note that the user's domain password will be cached in the system vault when using this feature.
+> [!NOTE]
+> The user's domain password will be cached in the system vault when using this feature.
@@ -154,6 +157,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -180,8 +184,8 @@ The Autopilot Reset feature allows admin to reset devices to a known good manage
The following list shows the supported values:
-- 0 - Enable the visibility of the credentials for Autopilot Reset
-- 1 - Disable visibility of the credentials for Autopilot Reset
+0 - Enable the visibility of the credentials for Autopilot Reset
+1 - Disable visibility of the credentials for Autopilot Reset
@@ -191,3 +195,6 @@ The following list shows the supported values:
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
diff --git a/windows/client-management/mdm/policy-csp-credentialsdelegation.md b/windows/client-management/mdm/policy-csp-credentialsdelegation.md
index da8c5cd222..4236a94376 100644
--- a/windows/client-management/mdm/policy-csp-credentialsdelegation.md
+++ b/windows/client-management/mdm/policy-csp-credentialsdelegation.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - CredentialsDelegation
description: Learn how to use the Policy CSP - CredentialsDelegation setting so that remote host can allow delegation of non-exportable credentials.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - CredentialsDelegation
@@ -45,6 +45,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -63,7 +64,7 @@ manager: dansimp
-Remote host allows delegation of non-exportable credentials
+Remote host allows delegation of non-exportable credentials.
When credential delegation is being used, devices provide an exportable version of credentials to the remote host. This version exposes users to the risk of credential theft from attackers on the remote host.
@@ -89,3 +90,6 @@ ADMX Info:
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
diff --git a/windows/client-management/mdm/policy-csp-credentialsui.md b/windows/client-management/mdm/policy-csp-credentialsui.md
index f242322253..fd869a6c75 100644
--- a/windows/client-management/mdm/policy-csp-credentialsui.md
+++ b/windows/client-management/mdm/policy-csp-credentialsui.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - CredentialsUI
description: Learn how to use the Policy CSP - CredentialsUI setting to configure the display of the password reveal button in password entry user experiences.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - CredentialsUI
@@ -47,6 +47,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -74,7 +75,7 @@ If you disable or don't configure this policy setting, the password reveal butto
By default, the password reveal button is displayed after a user types a password in the password entry text box. To display the password, click the password reveal button.
-The policy applies to all Windows components and applications that use the Windows system controls, including Internet Explorer.
+This policy applies to all Windows components and applications that use the Windows system controls, including Internet Explorer.
@@ -100,6 +101,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -142,3 +144,6 @@ ADMX Info:
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
diff --git a/windows/client-management/mdm/policy-csp-cryptography.md b/windows/client-management/mdm/policy-csp-cryptography.md
index 0e746278c6..1eb727623a 100644
--- a/windows/client-management/mdm/policy-csp-cryptography.md
+++ b/windows/client-management/mdm/policy-csp-cryptography.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - Cryptography
description: Learn how to use the Policy CSP - Cryptography setting to allow or disallow the Federal Information Processing Standard (FIPS) policy.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - Cryptography
@@ -42,6 +42,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -60,7 +61,7 @@ manager: dansimp
-Allows or disallows the Federal Information Processing Standard (FIPS) policy.
+This policy setting allows or disallows the Federal Information Processing Standard (FIPS) policy.
@@ -72,8 +73,8 @@ ADMX Info:
The following list shows the supported values:
-- 0 (default) – Not allowed.
-- 1– Allowed.
+0 (default) – Not allowed.
+1– Allowed.
@@ -94,6 +95,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -112,7 +114,7 @@ The following list shows the supported values:
-Lists the Cryptographic Cipher Algorithms allowed for SSL connections. Format is a semicolon delimited list. Last write win.
+This policy setting lists the Cryptographic Cipher Algorithms allowed for SSL connections. Format is a semicolon delimited list. Last write win.
@@ -134,3 +136,6 @@ Lists the Cryptographic Cipher Algorithms allowed for SSL connections. Format is
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
diff --git a/windows/client-management/mdm/policy-csp-dataprotection.md b/windows/client-management/mdm/policy-csp-dataprotection.md
index 6b464729c7..9bb4559320 100644
--- a/windows/client-management/mdm/policy-csp-dataprotection.md
+++ b/windows/client-management/mdm/policy-csp-dataprotection.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - DataProtection
description: Use the Policy CSP - DataProtection setting to block direct memory access (DMA) for all hot pluggable PCI downstream ports until a user logs into Windows.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - DataProtection
@@ -42,6 +42,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -60,7 +61,9 @@ manager: dansimp
-This policy setting allows you to block direct memory access (DMA) for all hot pluggable PCI downstream ports until a user logs into Windows. Once a user logs in, Windows will enumerate the PCI devices connected to the host plug PCI ports. Every time the user locks the machine, DMA will be blocked on hot plug PCI ports with no children devices until the user logs in again. Devices which were already enumerated when the machine was unlocked will continue to function until unplugged. This policy setting is only enforced when [BitLocker Device Encryption](/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10#bitlocker-device-encryption) is enabled.
+This policy setting allows you to block direct memory access (DMA) for all hot pluggable PCI downstream ports until a user logs into Windows.
+
+Once a user logs in, Windows will enumerate the PCI devices connected to the host plug PCI ports. Every time the user locks the machine, DMA will be blocked on hot plug PCI ports with no children devices until the user logs in again. Devices which were already enumerated when the machine was unlocked will continue to function until unplugged. This policy setting is only enforced when [BitLocker Device Encryption](/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10#bitlocker-device-encryption) is enabled.
Most restricted value is 0.
@@ -85,6 +88,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -118,4 +122,8 @@ Setting used by Windows 8.1 Selective Wipe.
-
\ No newline at end of file
+
+
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
diff --git a/windows/client-management/mdm/policy-csp-datausage.md b/windows/client-management/mdm/policy-csp-datausage.md
index 73b7408f51..0950d10f87 100644
--- a/windows/client-management/mdm/policy-csp-datausage.md
+++ b/windows/client-management/mdm/policy-csp-datausage.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - DataUsage
-description: Learn how to use the Policy CSP - DataUsage setting to configure the cost of 4G connections on the local machine.
-ms.author: dansimp
+description: Learn how to use the Policy CSP - DataUsage setting to configure the cost of 4G connections on the local machine.
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - DataUsage
@@ -60,6 +60,7 @@ This policy is deprecated in Windows 10, version 1809.
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -83,9 +84,7 @@ This policy setting configures the cost of 4G connections on the local machine.
If this policy setting is enabled, a drop-down list box presenting possible cost values will be active. Selecting one of the following values from the list will set the cost of all 4G connections on the local machine:
- Unrestricted: Use of this connection is unlimited and not restricted by usage charges and capacity constraints.
-
- Fixed: Use of this connection is not restricted by usage charges and capacity constraints up to a certain data limit.
-
- Variable: This connection is costed on a per byte basis.
If this policy setting is disabled or is not configured, the cost of 4G connections is Fixed by default.
@@ -108,3 +107,6 @@ ADMX Info:
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md
index 3cd97e7de1..6c42ebfde5 100644
--- a/windows/client-management/mdm/policy-csp-defender.md
+++ b/windows/client-management/mdm/policy-csp-defender.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - Defender
description: Learn how to use the Policy CSP - Defender setting so you can allow or disallow scanning of archives.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 05/12/2022
ms.reviewer:
-manager: dansimp
+manager: aaroncz
ms.collection: highpri
---
@@ -160,6 +160,7 @@ ms.collection: highpri
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -213,6 +214,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -266,6 +268,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -287,7 +290,6 @@ The following list shows the supported values:
> [!NOTE]
> This policy is only enforced in Windows 10 for desktop.
-
To best protect your PC, Windows Defender will send information to Microsoft about any problems it finds. Microsoft will analyze that information, learn more about problems affecting you and other customers, and offer improved solutions.
@@ -320,6 +322,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -341,7 +344,6 @@ The following list shows the supported values:
> [!NOTE]
> This policy is only enforced in Windows 10 for desktop.
-
Allows or disallows scanning of email.
@@ -373,6 +375,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -394,7 +397,6 @@ The following list shows the supported values:
> [!NOTE]
> This policy is only enforced in Windows 10 for desktop.
-
Allows or disallows a full scan of mapped network drives.
@@ -426,6 +428,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -447,7 +450,6 @@ The following list shows the supported values:
> [!NOTE]
> This policy is only enforced in Windows 10 for desktop.
-
Allows or disallows a full scan of removable drives. During a quick scan, removable drives may still be scanned.
@@ -479,6 +481,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -499,7 +502,6 @@ The following list shows the supported values:
> [!NOTE]
> This policy is only enforced in Windows 10 for desktop.
-
Allows or disallows Windows Defender IOAVP Protection functionality.
@@ -532,6 +534,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -553,7 +556,6 @@ The following list shows the supported values:
> [!NOTE]
> This policy is only enforced in Windows 10 for desktop.
-
Allows or disallows Windows Defender On Access Protection functionality.
@@ -588,6 +590,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -609,7 +612,6 @@ The following list shows the supported values:
> [!NOTE]
> This policy is only enforced in Windows 10 for desktop.
-
Allows or disallows Windows Defender real-time Monitoring functionality.
@@ -641,6 +643,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -662,7 +665,6 @@ The following list shows the supported values:
> [!NOTE]
> This policy is only enforced in Windows 10 for desktop.
-
Allows or disallows a scanning of network files.
@@ -694,6 +696,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -715,7 +718,6 @@ The following list shows the supported values:
> [!NOTE]
> This policy is only enforced in Windows 10 for desktop.
-
Allows or disallows Windows Defender Script Scanning functionality.
@@ -739,6 +741,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -760,7 +763,6 @@ The following list shows the supported values:
> [!NOTE]
> This policy is only enforced in Windows 10 for desktop.
-
Allows or disallows user access to the Windows Defender UI. I disallowed, all Windows Defender notifications will also be suppressed.
@@ -792,6 +794,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -813,8 +816,7 @@ The following list shows the supported values:
> [!NOTE]
> This policy is only enforced in Windows 10 for desktop.
-
-This policy setting allows you to prevent Attack Surface reduction rules from matching on files under the paths specified or for the fully qualified resources specified. Paths should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of a path or a fully qualified resource name. As an example, a path might be defined as: "c:\Windows" to exclude all files in this directory. A fully qualified resource name might be defined as: "C:\Windows\App.exe"..
+This policy setting allows you to prevent Attack Surface reduction rules from matching on files under the paths specified or for the fully qualified resources specified. Paths should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of a path or a fully qualified resource name. As an example, a path might be defined as: "c:\Windows" to exclude all files in this directory. A fully qualified resource name might be defined as: "C:\Windows\App.exe".
Value type is string.
@@ -841,6 +843,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -862,7 +865,6 @@ ADMX Info:
> [!NOTE]
> This policy is only enforced in Windows 10 for desktop.
-
This policy setting enables setting the state (Block/Audit/Off) for each attack surface reduction (ASR) rule. Each ASR rule listed can be set to one of the following states (Block/Audit/Off). The ASR rule ID and state should be added under the Options for this setting. Each entry must be listed as a name value pair. The name defines a valid ASR rule ID, while the value contains the status ID indicating the status of the rule.
For more information about ASR rule ID and status ID, see [Enable Attack Surface Reduction](/windows/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction).
@@ -892,6 +894,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -912,11 +915,9 @@ ADMX Info:
> [!NOTE]
> This policy is only enforced in Windows 10 for desktop.
-
Represents the average CPU load factor for the Windows Defender scan (in percent).
-
The default value is 50.
@@ -946,6 +947,7 @@ Valid values: 0–100
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1011,6 +1013,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1032,7 +1035,6 @@ ADMX Info:
> [!NOTE]
> This policy is only enforced in Windows 10 for desktop.
-
This policy setting determines how aggressive Microsoft Defender Antivirus will be in blocking and scanning suspicious files. Value type is integer.
If this setting is on, Microsoft Defender Antivirus will be more aggressive when identifying suspicious files to block and scan; otherwise, it will be less aggressive and therefore block and scan with less frequency.
@@ -1074,6 +1076,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1127,6 +1130,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1173,6 +1177,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1219,6 +1224,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1239,11 +1245,9 @@ ADMX Info:
> [!NOTE]
> This policy is only enforced in Windows 10 for desktop.
-
Time period (in days) that quarantine items will be stored on the system.
-
The default value is 0, which keeps items in quarantine, and doesn't automatically remove them.
@@ -1273,6 +1277,7 @@ Valid values: 0–90
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1336,6 +1341,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1399,6 +1405,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1453,6 +1460,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1475,7 +1483,7 @@ This policy setting allows you to enable or disable low CPU priority for schedul
If you enable this setting, low CPU priority will be used during scheduled scans.
-If you disable or don't configure this setting, not changes will be made to CPU priority for scheduled scans.
+If you disable or don't configure this setting, no changes will be made to CPU priority for scheduled scans.
Supported values:
@@ -1514,6 +1522,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1574,6 +1583,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1594,7 +1604,6 @@ The following list shows the supported values:
> [!NOTE]
> This policy is only enforced in Windows 10 for desktop.
-
Allows an administrator to specify a list of file type extensions to ignore during a scan. Each file type in the list must be separated by a **|**. For example, "lib|obj".
@@ -1621,6 +1630,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1642,7 +1652,6 @@ ADMX Info:
> [!NOTE]
> This policy is only enforced in Windows 10 for desktop.
-
Allows an administrator to specify a list of directory paths to ignore during a scan. Each path in the list must be separated by a **|**. For example, "C:\\Example|C:\\Example1".
@@ -1668,6 +1677,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1689,13 +1699,11 @@ ADMX Info:
> [!NOTE]
> This policy is only enforced in Windows 10 for desktop.
-
Allows an administrator to specify a list of files opened by processes to ignore during a scan.
> [!IMPORTANT]
> The process itself is not excluded from the scan, but can be by using the **Defender/ExcludedPaths** policy to exclude its path.
-
Each file type must be separated by a **|**. For example, "C:\\Example.exe|C:\\Example1.exe".
@@ -1721,6 +1729,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1779,6 +1788,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1800,7 +1810,6 @@ The following list shows the supported values:
> [!NOTE]
> This policy is only enforced in Windows 10 for desktop.
-
Controls which sets of files should be monitored.
> [!NOTE]
@@ -1837,6 +1846,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1858,7 +1868,6 @@ The following list shows the supported values:
> [!NOTE]
> This policy is only enforced in Windows 10 for desktop.
-
Selects whether to perform a quick scan or full scan.
@@ -1891,6 +1900,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1911,12 +1921,8 @@ The following list shows the supported values:
> [!NOTE]
> This policy is only enforced in Windows 10 for desktop.
-
-Selects the time of day that the Windows Defender quick scan should run.
-
-> [!NOTE]
-> The scan type will depends on what scan type is selected in the **Defender/ScanParameter** setting.
+Selects the time of day that the Windows Defender quick scan should run. The Windows Defender quick scan runs daily if a time is specified.
@@ -1951,6 +1957,7 @@ Valid values: 0–1380
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1972,7 +1979,6 @@ Valid values: 0–1380
> [!NOTE]
> This policy is only enforced in Windows 10 for desktop.
-
Selects the day that the Windows Defender scan should run.
> [!NOTE]
@@ -2015,6 +2021,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2036,14 +2043,11 @@ The following list shows the supported values:
> [!NOTE]
> This policy is only enforced in Windows 10 for desktop.
-
Selects the time of day that the Windows Defender scan should run.
> [!NOTE]
> The scan type will depends on what scan type is selected in the **Defender/ScanParameter** setting.
-
-
For example, a value of 0=12:00AM, a value of 60=1:00AM, a value of 120=2:00, and so on, up to a value of 1380=11:00PM.
The default value is 120.
@@ -2075,6 +2079,7 @@ Valid values: 0–1380.
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2095,7 +2100,7 @@ Valid values: 0–1380.
This policy setting allows you to define the security intelligence location for VDI-configured computers.
-If you disable or don't configure this setting, security intelligence will be referred from the default local source.
+If you disable or don't configure this setting, security intelligence will be referred from the default local source.
@@ -2126,6 +2131,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2193,6 +2199,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2255,6 +2262,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2276,10 +2284,8 @@ ADMX Info:
> [!NOTE]
> This policy is only enforced in Windows 10 for desktop.
-
Specifies the interval (in hours) that will be used to check for signatures, so instead of using the ScheduleDay and ScheduleTime the check for new signatures will be set according to the interval.
-
A value of 0 means no check for new signatures, a value of 1 means to check every hour, a value of 2 means to check every two hours, and so on, up to a value of 24, which means to check every day.
The default value is 8.
@@ -2313,6 +2319,7 @@ Valid values: 0–24.
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2334,8 +2341,7 @@ Valid values: 0–24.
> [!NOTE]
> This policy is only enforced in Windows 10 for desktop.
-
-Checks for the user consent level in Windows Defender to send data. If the required consent has already been granted, Windows Defender submits them. If not, (and if the user has specified never to ask), the UI is launched to ask for user consent (when **Defender/AllowCloudProtection** is allowed) before sending data.
+Checks for the user consent level in Windows Defender to send data. If the required consent has already been granted, Windows Defender submits them. If not (and if the user has specified never to ask), the UI is launched to ask for user consent (when **Defender/AllowCloudProtection** is allowed) before sending data.
@@ -2369,6 +2375,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2389,7 +2396,6 @@ The following list shows the supported values:
> [!NOTE]
> This policy is only enforced in Windows 10 for desktop.
-
Allows an administrator to specify any valid threat severity levels and the corresponding default action ID to take.
@@ -2427,3 +2433,7 @@ ADMX Info:
+
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
diff --git a/windows/client-management/mdm/policy-csp-deliveryoptimization.md b/windows/client-management/mdm/policy-csp-deliveryoptimization.md
index ba4c441b84..f272b05108 100644
--- a/windows/client-management/mdm/policy-csp-deliveryoptimization.md
+++ b/windows/client-management/mdm/policy-csp-deliveryoptimization.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - DeliveryOptimization
description: Learn how to use the Policy CSP - DeliveryOptimization setting to configure one or more Microsoft Connected Cache servers to be used by Delivery Optimization.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 06/09/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - DeliveryOptimization
@@ -21,8 +21,6 @@ manager: dansimp
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
@@ -133,6 +131,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -182,6 +181,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -236,6 +236,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -291,6 +292,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -354,6 +356,7 @@ When DHCP Option ID Force (2) is set, the client will query DHCP Option ID 235 a
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -399,6 +402,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -455,6 +459,7 @@ Supported values: 0 - one month (in seconds)
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -509,6 +514,7 @@ Supported values: 0 - one month (in seconds)
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -566,6 +572,7 @@ The following list shows the supported values as number of seconds:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -623,6 +630,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -673,6 +681,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -691,7 +700,7 @@ ADMX Info:
-Set this policy to restrict peer selection to a specific source. Available options are: 1 = AD Site, 2 = Authenticated domain SID, 3 = DHCP Option ID, 4 = DNS Suffix, 5 = AAD.
+Set this policy to restrict peer selection to a specific source. Available options are: 1 = Active Directory Site, 2 = Authenticated domain SID, 3 = DHCP Option ID, 4 = DNS Suffix, 5 = Azure Active Directory.
When set, the Group ID will be assigned automatically from the selected source.
@@ -716,11 +725,11 @@ ADMX Info:
The following list shows the supported values:
-- 1 - AD site
+- 1 - Active Directory site
- 2 - Authenticated domain SID
- 3 - DHCP user option
- 4 - DNS suffix
-- 5 - AAD
+- 5 - Azure Active Directory
@@ -736,6 +745,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -781,6 +791,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -804,7 +815,7 @@ ADMX Info:
Specifies the maximum time in seconds that each file is held in the Delivery Optimization cache after downloading successfully. The value 0 (zero) means "unlimited"; Delivery Optimization will hold the files in the cache longer and make the files available for uploads to other devices, as long as the cache size hasn't exceeded. The value 0 is new in Windows 10, version 1607.
-The default value is 259200 seconds (3 days).
+The default value is 259200 seconds (three days).
@@ -829,6 +840,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -901,6 +913,7 @@ This policy is deprecated. Use [DOMaxForegroundDownloadBandwidth](#deliveryoptim
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -965,6 +978,7 @@ This policy is deprecated because it only applies to uploads to Internet peers (
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1014,6 +1028,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1062,6 +1077,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1114,6 +1130,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1163,6 +1180,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1212,6 +1230,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1261,6 +1280,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1312,6 +1332,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1370,6 +1391,7 @@ This policy is deprecated. Use [DOPercentageMaxForegroundBandwidth](#deliveryopt
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1415,6 +1437,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1467,6 +1490,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1519,6 +1543,7 @@ This policy allows an IT Admin to define the following details:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1564,3 +1589,7 @@ This policy allows an IT Admin to define the following details:
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
+
diff --git a/windows/client-management/mdm/policy-csp-desktop.md b/windows/client-management/mdm/policy-csp-desktop.md
index aa850f28a4..6e4f8b2502 100644
--- a/windows/client-management/mdm/policy-csp-desktop.md
+++ b/windows/client-management/mdm/policy-csp-desktop.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - Desktop
description: Learn how to use the Policy CSP - Desktop setting to prevent users from changing the path to their profile folders.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - Desktop
@@ -44,6 +44,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -62,7 +63,7 @@ manager: dansimp
-Prevents users from changing the path to their profile folders.
+This policy setting prevents users from changing the path to their profile folders.
By default, a user can change the location of their individual profile folders like Documents, Music etc. by typing a new path in the Locations tab of the folder's Properties dialog box.
@@ -86,3 +87,6 @@ ADMX Info:
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-deviceguard.md b/windows/client-management/mdm/policy-csp-deviceguard.md
index 9a718888b1..d34fce4b14 100644
--- a/windows/client-management/mdm/policy-csp-deviceguard.md
+++ b/windows/client-management/mdm/policy-csp-deviceguard.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - DeviceGuard
description: Learn how to use the Policy CSP - DeviceGuard setting to allow the IT admin to configure the launch of System Guard.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - DeviceGuard
@@ -47,6 +47,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -107,6 +108,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -125,7 +127,7 @@ ADMX Info:
-Turns on virtualization based security(VBS) at the next reboot. virtualization based security uses the Windows Hypervisor to provide support for security services. Value type is integer.
+Turns on virtualization based security(VBS) at the next reboot. Virtualization based security uses the Windows Hypervisor to provide support for security services. Value type is integer.
@@ -156,6 +158,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -207,6 +210,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -224,7 +228,7 @@ The following list shows the supported values:
-Specifies the platform security level at the next reboot. Value type is integer.
+This setting specifies the platform security level at the next reboot. Value type is integer.
@@ -248,4 +252,8 @@ The following list shows the supported values:
-
\ No newline at end of file
+
+
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md b/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md
index 7a2f5f914a..b412a147d6 100644
--- a/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md
+++ b/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - DeviceHealthMonitoring
description: Learn how the Policy CSP - DeviceHealthMonitoring setting is used as an opt-in health monitoring connection between the device and Microsoft.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - DeviceHealthMonitoring
@@ -45,6 +45,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -69,8 +70,8 @@ DeviceHealthMonitoring is an opt-in health monitoring connection between the dev
The following list shows the supported values:
-- 1—The DeviceHealthMonitoring connection is enabled.
-- 0 (default)—The DeviceHealthMonitoring connection is disabled.
+- 1 -The DeviceHealthMonitoring connection is enabled.
+- 0 - (default)—The DeviceHealthMonitoring connection is disabled.
@@ -92,6 +93,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -138,6 +140,7 @@ IT Pros don't need to set this policy. Instead, Microsoft Intune is expected to
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -156,9 +159,12 @@ IT Pros don't need to set this policy. Instead, Microsoft Intune is expected to
-This policy is applicable only if the [AllowDeviceHealthMonitoring](#devicehealthmonitoring-allowdevicehealthmonitoring) policy has been set to 1 (Enabled) on the device.
+This policy is applicable only if the [AllowDeviceHealthMonitoring](#devicehealthmonitoring-allowdevicehealthmonitoring) policy has been set to 1 (Enabled) on the device.
+
The value of this policy constrains the DeviceHealthMonitoring connection to certain destinations in order to support regional and sovereign cloud scenarios.
-In most cases, an IT Pro doesn't need to define this policy. Instead, it's expected that this value is dynamically managed by Microsoft Intune to align with the region or cloud to which the device's tenant is already linked. Only configure this policy manually if explicitly instructed to do so by a Microsoft device monitoring service.
+In most cases, an IT Pro doesn't need to define this policy. Instead, it's expected that this value is dynamically managed by Microsoft Intune to align with the region or cloud to which the device's tenant is already linked.
+
+Configure this policy manually only when explicitly instructed to do so by a Microsoft device monitoring service.
@@ -178,3 +184,6 @@ In most cases, an IT Pro doesn't need to define this policy. Instead, it's expec
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-deviceinstallation.md b/windows/client-management/mdm/policy-csp-deviceinstallation.md
index 0cc81579bc..9ba8e12f78 100644
--- a/windows/client-management/mdm/policy-csp-deviceinstallation.md
+++ b/windows/client-management/mdm/policy-csp-deviceinstallation.md
@@ -1,14 +1,14 @@
---
title: Policy CSP - DeviceInstallation
ms.reviewer:
-manager: dansimp
+manager: aaroncz
description: Use the Policy CSP - DeviceInstallation setting to specify a list of Plug and Play hardware IDs and compatible IDs for devices that Windows is allowed to install.
-ms.author: dansimp
+ms.author: vinpa
ms.date: 09/27/2019
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
---
@@ -69,6 +69,7 @@ ms.localizationpriority: medium
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -93,10 +94,12 @@ This policy setting allows you to specify a list of plug-and-play hardware IDs a
> This policy setting is intended to be used only when the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting is enabled, however it may also be used with the "Prevent installation of devices not described by other policy settings" policy setting for legacy policy definitions.
When this policy setting is enabled together with the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting, Windows is allowed to install or update any device whose Plug and Play hardware ID or compatible ID appears in the list you create, unless another policy setting at the same or higher layer in the hierarchy specifically prevents that installation, such as the following policy settings:
-- Prevent installation of devices that match these device IDs
-- Prevent installation of devices that match any of these device instance IDs
+
+- Prevent installation of devices that match these device IDs.
+- Prevent installation of devices that match any of these device instance IDs.
If the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting isn't enabled with this policy setting, then any other policy settings specifically preventing installation will take precedence.
+
> [!NOTE]
> The "Prevent installation of devices not described by other policy settings" policy setting has been replaced by the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting for supported target Windows 10 versions. It's recommended that you use the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting when possible.
@@ -171,6 +174,7 @@ To verify that the policy is applied, check C:\windows\INF\setupapi.dev.log and
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -195,7 +199,8 @@ This policy setting allows you to specify a list of Plug and Play device instanc
> This policy setting is intended to be used only when the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting is enabled, however it may also be used with the "Prevent installation of devices not described by other policy settings" policy setting for legacy policy definitions.
When this policy setting is enabled together with the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting, Windows is allowed to install or update any device whose Plug and Play device instance ID appears in the list you create, unless another policy setting at the same or higher layer in the hierarchy specifically prevents that installation, such as the following policy settings:
-- Prevent installation of devices that match any of these device instance IDs
+
+- Prevent installation of devices that match any of these device instance IDs.
If the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting isn't enabled with this policy setting, then any other policy settings specifically preventing installation will take precedence.
@@ -208,7 +213,6 @@ If you enable this policy setting on a remote desktop server, the policy setting
If you disable or don't configure this policy setting, and no other policy setting describes the device, the "Prevent installation of devices not described by other policy settings" policy setting determines whether the device can be installed.
-
Peripherals can be specified by their [device instance ID](/windows-hardware/drivers/install/device-instance-ids). Test the configuration prior to rolling it out to ensure it allows the devices expected. Ideally test various instances of the hardware. For example, test multiple USB keys rather than only one.
@@ -270,6 +274,7 @@ To verify the policy is applied, check C:\windows\INF\setupapi.dev.log and see i
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -381,6 +386,7 @@ To verify that the policy is applied, check C:\windows\INF\setupapi.dev.log and
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -404,6 +410,7 @@ This policy setting will change the evaluation order in which Allow and Prevent
Device instance IDs > Device IDs > Device setup class > Removable devices
**Device instance IDs**
+
- Prevent installation of devices using drivers that match these device instance IDs.
- Allow installation of devices using drivers that match these device instance IDs.
@@ -459,13 +466,13 @@ ADMX Info:
To verify that the policy is applied, check C:\windows\INF\setupapi.dev.log and see if the following details are listed near the end of the log:
-
```txt
>>> [Device Installation Restrictions Policy Check]
>>> Section start 2018/11/15 12:26:41.659
<<< Section end 2018/11/15 12:26:41.751
<<< [Exit status: SUCCESS]
```
+
You can also change the evaluation order of device installation policy settings by using a custom profile in Intune.
:::image type="content" source="images/edit-row.png" alt-text="This image is an edit row image.":::
@@ -486,6 +493,7 @@ You can also change the evaluation order of device installation policy settings
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -543,6 +551,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -636,6 +645,7 @@ You can also block installation by using a custom profile in Intune.
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -734,6 +744,7 @@ For example, this custom profile blocks installation and usage of USB devices wi
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -811,6 +822,7 @@ For example, this custom profile prevents installation of devices with matching
To prevent installation of devices with matching device instance IDs by using custom profile in Intune:
+
1. Locate the device instance ID.
2. Replace `&` in the device instance IDs with `&`.
For example:
@@ -839,6 +851,7 @@ with
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -929,3 +942,7 @@ To verify the policy is applied, check C:\windows\INF\setupapi.dev.log and see i
+
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
diff --git a/windows/client-management/mdm/policy-csp-devicelock.md b/windows/client-management/mdm/policy-csp-devicelock.md
index 398e28de31..96b7ecf2c1 100644
--- a/windows/client-management/mdm/policy-csp-devicelock.md
+++ b/windows/client-management/mdm/policy-csp-devicelock.md
@@ -1,21 +1,19 @@
---
title: Policy CSP - DeviceLock
description: Learn how to use the Policy CSP - DeviceLock setting to specify whether the user must input a PIN or password when the device resumes from an idle state.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 05/16/2022
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - DeviceLock
-
-
@@ -73,7 +71,7 @@ manager: dansimp
> [!Important]
-> The DeviceLock CSP utilizes the [Exchange ActiveSync Policy Engine](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn282287(v=ws.11)). When password length and complexity rules are applied, all the local user and administrator accounts are marked to change their password at the next sign in to ensure complexity requirements are met. For additional information, see [Password length and complexity supported by account types](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn282287(v=ws.11)#password-length-and-complexity-supported-by-account-types).
+> The DeviceLock CSP utilizes the [Exchange ActiveSync Policy Engine](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn282287(v=ws.11)). When password length and complexity rules are applied, all the local user and administrator accounts are marked to change their password at the next sign in to ensure complexity requirements are met. For more information, see [Password length and complexity supported by account types](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn282287(v=ws.11)#password-length-and-complexity-supported-by-account-types).
**DeviceLock/AllowIdleReturnWithoutPassword**
@@ -84,6 +82,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|No|No|
|Education|No|No|
@@ -131,6 +130,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -154,7 +154,6 @@ Specifies whether PINs or passwords such as "1111" or "1234" are allowed. For th
> [!NOTE]
> This policy must be wrapped in an Atomic command.
-
For more information about this policy, see [Exchange ActiveSync Policy Engine Overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn282287(v=ws.11)).
@@ -178,6 +177,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -219,6 +219,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -273,6 +274,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -355,6 +357,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -405,6 +408,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -455,6 +459,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -495,6 +500,7 @@ Value type is a string, which is the full image filepath and filename.
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -549,6 +555,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -599,6 +606,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -672,6 +680,7 @@ For more information about this policy, see [Exchange ActiveSync Policy Engine O
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -748,6 +757,7 @@ The following example shows how to set the minimum password length to 4 characte
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -792,6 +802,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -810,7 +821,7 @@ GP Info:
-Disables the lock screen camera toggle switch in PC Settings and prevents a camera from being invoked on the lock screen.
+Disables the lock screen camera toggle-switch in PC Settings and prevents a camera from being invoked on the lock screen.
By default, users can enable invocation of an available camera on the lock screen.
@@ -845,6 +856,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -863,7 +875,7 @@ ADMX Info:
-Disables the lock screen slide show settings in PC Settings and prevents a slide show from playing on the lock screen.
+Disables the lock screen slideshow settings in PC Settings and prevents a slide show from playing on the lock screen.
By default, users can enable a slide show that will run after they lock the machine.
@@ -892,3 +904,7 @@ ADMX Info:
+
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-display.md b/windows/client-management/mdm/policy-csp-display.md
index f3f60dd44f..601c24c077 100644
--- a/windows/client-management/mdm/policy-csp-display.md
+++ b/windows/client-management/mdm/policy-csp-display.md
@@ -1,21 +1,19 @@
---
title: Policy CSP - Display
description: Learn how to use the Policy CSP - Display setting to disable Per-Process System DPI for a semicolon-separated list of applications.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - Display
-
-
@@ -51,6 +49,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -94,6 +93,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -157,6 +157,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -200,6 +201,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -226,7 +228,7 @@ If you enable this policy setting, GDI DPI Scaling is turned off for all applica
If you disable or don't configure this policy setting, GDI DPI Scaling might still be turned on for legacy applications.
-If GDI DPI Scaling is configured to both turn off and turn on an application, the application will be turned off.
+If GDI DPI Scaling is configured to both turn-off and turn-on an application, the application will be turned off.
@@ -258,6 +260,7 @@ To validate on Desktop, do the following tasks:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -284,7 +287,7 @@ If you enable this policy setting, GDI DPI Scaling is turned on for all legacy a
If you disable or don't configure this policy setting, GDI DPI Scaling won't be enabled for an application except when an application is enabled by using ApplicationCompatibility database, ApplicationCompatibility UI System (Enhanced) setting, or an application manifest.
-If GDI DPI Scaling is configured to both turn off and turn on an application, the application will be turned off.
+If GDI DPI Scaling is configured to both turn-off and turn-on an application, the application will be turned off.
@@ -299,8 +302,8 @@ ADMX Info:
To validate on Desktop, do the following tasks:
-1. Configure the setting for an app, which uses GDI.
-2. Run the app and observe crisp text.
+1. Configure the setting for an app, which uses GDI.
+2. Run the app and observe crisp text.
@@ -310,3 +313,6 @@ To validate on Desktop, do the following tasks:
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-dmaguard.md b/windows/client-management/mdm/policy-csp-dmaguard.md
index 1258127e5e..1188039966 100644
--- a/windows/client-management/mdm/policy-csp-dmaguard.md
+++ b/windows/client-management/mdm/policy-csp-dmaguard.md
@@ -1,20 +1,19 @@
---
title: Policy CSP - DmaGuard
description: Learn how to use the Policy CSP - DmaGuard setting to provide more security against external DMA capable devices.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - DmaGuard
-
@@ -38,6 +37,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -56,20 +56,20 @@ manager: dansimp
-This policy is intended to provide more security against external DMA capable devices. It allows for more control over the enumeration of external DMA capable devices incompatible with [DMA Remapping](/windows-hardware/drivers/pci/enabling-dma-remapping-for-device-drivers)/device memory isolation and sandboxing.
+This policy is intended to provide more security against external DMA capable devices. It allows for more control over the enumeration of external DMA capable devices that are incompatible with [DMA Remapping](/windows-hardware/drivers/pci/enabling-dma-remapping-for-device-drivers), device memory isolation and sandboxing.
-Device memory sandboxing allows the OS to use the I/O Memory Management Unit (IOMMU) of a device to block unallowed I/O, or memory access, by the peripheral. In other words, the OS assigns a certain memory range to the peripheral. If the peripheral attempts to read/write to memory outside of the assigned range, the OS blocks it.
+Device memory sandboxing allows the OS to use the I/O Memory Management Unit (IOMMU) of a device to block unallowed I/O, or memory access by the peripheral. In other words, the OS assigns a certain memory range to the peripheral. If the peripheral attempts to read/write to memory outside of the assigned range, the OS blocks it.
This policy only takes effect when Kernel DMA Protection is supported and enabled by the system firmware. Kernel DMA Protection is a platform feature that can't be controlled via policy or by end user. It has to be supported by the system at the time of manufacturing. To check if the system supports Kernel DMA Protection, check the Kernel DMA Protection field in the Summary page of MSINFO32.exe.
> [!NOTE]
> This policy does not apply to 1394/Firewire, PCMCIA, CardBus, or ExpressCard devices.
-Supported values:
+The following are the supported values:
0 - Block all (Most restrictive): Devices with DMA remapping compatible drivers will be allowed to enumerate at any time. Devices with DMA remapping incompatible drivers will never be allowed to start and perform DMA at any time.
-1 - Only after log in/screen unlock (Default): Devices with DMA remapping compatible drivers will be allowed to enumerate at any time. Devices with DMA remapping incompatible drivers will only be enumerated after the user unlocks the screen
+1 - Only after log in/screen unlock (Default): Devices with DMA remapping compatible drivers will be allowed to enumerate at any time. Devices with DMA remapping incompatible drivers will only be enumerated after the user unlocks the screen.
2 - Allow all (Least restrictive): All external DMA capable PCIe devices will be enumerated at any time
@@ -94,6 +94,8 @@ ADMX Info:
+
+## Related topics
-
\ No newline at end of file
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-eap.md b/windows/client-management/mdm/policy-csp-eap.md
index 4a50535a07..9b16db9fd4 100644
--- a/windows/client-management/mdm/policy-csp-eap.md
+++ b/windows/client-management/mdm/policy-csp-eap.md
@@ -1,20 +1,19 @@
---
title: Policy CSP - EAP
-description: Learn how to use the Policy CSP - Education setting to control graphing functionality in the Windows Calculator app.
-ms.author: dansimp
+description: Learn how to use the Policy CSP - Education setting to control graphing functionality in the Windows Calculator app.
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - EAP
-
@@ -38,6 +37,7 @@ manager: dansimp
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -56,7 +56,7 @@ manager: dansimp
-This policy setting is added in Windows 10, version 21H1. Allow or disallow use of TLS 1.3 during EAP client authentication.
+Added in Windows 10, version 21H1. This policy setting allows or disallows use of TLS 1.3 during EAP client authentication.
@@ -69,8 +69,8 @@ ADMX Info:
The following list shows the supported values:
-- 0 – Use of TLS version 1.3 is not allowed for authentication.
+- 0 – Use of TLS version 1.3 is not allowed for authentication.
- 1 (default) – Use of TLS version 1.3 is allowed for authentication.
@@ -81,3 +81,6 @@ The following list shows the supported values:
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-education.md b/windows/client-management/mdm/policy-csp-education.md
index f846573eda..1fd25bb275 100644
--- a/windows/client-management/mdm/policy-csp-education.md
+++ b/windows/client-management/mdm/policy-csp-education.md
@@ -1,20 +1,19 @@
---
title: Policy CSP - Education
-description: Learn how to use the Policy CSP - Education setting to control the graphing functionality in the Windows Calculator app.
-ms.author: dansimp
+description: Learn how to use the Policy CSP - Education setting to control the graphing functionality in the Windows Calculator app.
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - Education
-
@@ -35,7 +34,6 @@ manager: dansimp
-
@@ -47,11 +45,11 @@ manager: dansimp
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
-
@@ -65,7 +63,7 @@ manager: dansimp
-This policy setting allows you to control whether graphing functionality is available in the Windows Calculator app. If you disable this policy setting, graphing functionality won't be accessible in the Windows Calculator app. If you enable or don't configure this policy setting, you'll be able to access graphing functionality.
+This policy setting allows you to control, whether graphing functionality is available in the Windows Calculator app. If you disable this policy setting, graphing functionality won't be accessible in the Windows Calculator app. If you enable or don't configure this policy setting, you'll be able to access graphing functionality.
ADMX Info:
@@ -93,11 +91,11 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
-
@@ -129,6 +127,7 @@ The policy value is expected to be the name (network host name) of an installed
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -178,11 +177,11 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
-
@@ -205,6 +204,8 @@ The policy value is expected to be a `````` separated list of printer na
-
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md
index fb0a5f37eb..2c125b1d1f 100644
--- a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md
+++ b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md
@@ -1,21 +1,19 @@
---
title: Policy CSP - EnterpriseCloudPrint
description: Use the Policy CSP - EnterpriseCloudPrint setting to define the maximum number of printers that should be queried from a discovery end point.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - EnterpriseCloudPrint
-
-
@@ -42,7 +40,6 @@ manager: dansimp
-
@@ -54,6 +51,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -71,11 +69,11 @@ manager: dansimp
-Specifies the authentication endpoint for acquiring OAuth tokens. This policy must target ./User, otherwise it fails.
+Specifies the authentication endpoint for acquiring OAuth tokens. This policy must target ./User, otherwise it fails.
-The datatype is a string.
+Supported datatype is string.
-The default value is an empty string. Otherwise, the value should contain the URL of an endpoint. For example, "https://azuretenant.contoso.com/adfs".
+The default value is an empty string. Otherwise, the value should contain the URL of an endpoint. For example, ```https://azuretenant.contoso.com/adfs```.
@@ -91,6 +89,7 @@ The default value is an empty string. Otherwise, the value should contain the UR
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -110,7 +109,7 @@ The default value is an empty string. Otherwise, the value should contain the UR
Specifies the GUID of a client application authorized to retrieve OAuth tokens from the OAuthAuthority. This policy must target ./User, otherwise it fails.
-The datatype is a string.
+Supported datatype is string.
The default value is an empty string. Otherwise, the value should contain a GUID. For example, "E1CF1107-FF90-4228-93BF-26052DD2C714".
@@ -128,6 +127,7 @@ The default value is an empty string. Otherwise, the value should contain a GUID
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -147,7 +147,7 @@ The default value is an empty string. Otherwise, the value should contain a GUID
Specifies the per-user resource URL for which access is requested by the enterprise cloud print client during OAuth authentication. This policy must target ./User, otherwise it fails.
-The datatype is a string.
+Supported datatype is string.
The default value is an empty string. Otherwise, the value should contain a URL. For example, "http://MicrosoftEnterpriseCloudPrint/CloudPrint".
@@ -165,6 +165,7 @@ The default value is an empty string. Otherwise, the value should contain a URL.
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -184,9 +185,9 @@ The default value is an empty string. Otherwise, the value should contain a URL.
Specifies the per-user end point for discovering cloud printers. This policy must target ./User, otherwise it fails.
-The datatype is a string.
+Supported datatype is string.
-The default value is an empty string. Otherwise, the value should contain the URL of an endpoint. For example, "https://cloudprinterdiscovery.contoso.com".
+The default value is an empty string. Otherwise, the value should contain the URL of an endpoint. For example, ```https://cloudprinterdiscovery.contoso.com```.
@@ -202,6 +203,7 @@ The default value is an empty string. Otherwise, the value should contain the UR
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -221,7 +223,7 @@ The default value is an empty string. Otherwise, the value should contain the UR
Defines the maximum number of printers that should be queried from a discovery end point. This policy must target ./User, otherwise it fails.
-The datatype is an integer.
+Supported datatype is integer.
@@ -237,6 +239,7 @@ The datatype is an integer.
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -256,9 +259,9 @@ The datatype is an integer.
Specifies the per-user resource URL for which access is requested by the Mopria discovery client during OAuth authentication. This policy must target ./User, otherwise it fails.
-The datatype is a string.
+Supported datatype is string.
-The default value is an empty string. Otherwise, the value should contain a URL. For example, "http://MopriaDiscoveryService/CloudPrint".
+The default value is an empty string. Otherwise, the value should contain a URL. For example, ```http://MopriaDiscoveryService/CloudPrint```.
@@ -267,3 +270,6 @@ The default value is an empty string. Otherwise, the value should contain a URL.
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-errorreporting.md b/windows/client-management/mdm/policy-csp-errorreporting.md
index 37d4c94e64..f387a56a6e 100644
--- a/windows/client-management/mdm/policy-csp-errorreporting.md
+++ b/windows/client-management/mdm/policy-csp-errorreporting.md
@@ -1,25 +1,25 @@
---
title: Policy CSP - ErrorReporting
description: Learn how to use the Policy CSP - ErrorReporting setting to determine the consent behavior of Windows Error Reporting for specific event types.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ErrorReporting
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -44,7 +44,6 @@ manager: dansimp
-
@@ -56,6 +55,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -83,7 +83,7 @@ If you enable this policy setting, you can add specific event types to a list by
- 2 (Send parameters): Windows Error Reporting automatically sends the minimum data required to check for an existing solution, and Windows prompts the user for consent to send any extra data requested by Microsoft.
-- 3 (Send parameters and safe extra data): Windows Error Reporting automatically sends the minimum data required to check for an existing solution, and data which Windows has determined (within a high probability) doesn't contain personally identifiable data, and prompts the user for consent to send any extra data requested by Microsoft.
+- 3 (Send parameters and safe extra data): Windows Error Reporting automatically sends the minimum data required to check for an existing solution, and data which Windows has determined (within a high probability) doesn't contain personally identifiable data, and prompts the user for consent, to send any extra data requested by Microsoft.
- 4 (Send all data): Any data requested by Microsoft is sent automatically.
@@ -112,6 +112,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -129,7 +130,7 @@ ADMX Info:
-This policy setting turns off Windows Error Reporting, so that reports aren't collected or sent to either Microsoft or internal servers within your organization when software unexpectedly stops working or fails.
+This policy setting turns off Windows Error Reporting, so that reports aren't collected or sent to either Microsoft or internal servers within your organization, when software unexpectedly stops working or fails.
If you enable this policy setting, Windows Error Reporting doesn't send any problem information to Microsoft. Additionally, solution information isn't available in Security and Maintenance in Control Panel.
@@ -158,6 +159,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -175,7 +177,7 @@ ADMX Info:
-This policy setting controls whether users are shown an error dialog box that lets them report an error.
+This policy setting controls, whether users are shown an error dialog box that lets them report an error.
If you enable this policy setting, users are notified in a dialog box that an error has occurred, and can display more details about the error. If the Configure Error Reporting policy setting is also enabled, the user can also report the error.
@@ -208,6 +210,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -225,7 +228,7 @@ ADMX Info:
-This policy setting controls whether extra data in support of error reports can be sent to Microsoft automatically.
+This policy setting controls, whether extra data in support of error reports can be sent to Microsoft automatically.
If you enable this policy setting, any extra data requests from Microsoft in response to a Windows Error Reporting report are automatically declined, without notification to the user.
@@ -254,6 +257,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -293,3 +297,6 @@ ADMX Info:
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-eventlogservice.md b/windows/client-management/mdm/policy-csp-eventlogservice.md
index ced6ab68a9..3212b6504e 100644
--- a/windows/client-management/mdm/policy-csp-eventlogservice.md
+++ b/windows/client-management/mdm/policy-csp-eventlogservice.md
@@ -1,21 +1,19 @@
---
title: Policy CSP - EventLogService
description: Learn how to use the Policy CSP - EventLogService setting to control Event Log behavior when the log file reaches its maximum size.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - EventLogService
-
-
@@ -36,7 +34,6 @@ manager: dansimp
-
@@ -48,6 +45,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -65,13 +63,14 @@ manager: dansimp
-This policy setting controls Event Log behavior when the log file reaches its maximum size.
+This policy setting controls Event Log behavior, when the log file reaches its maximum size.
If you enable this policy setting and a log file reaches its maximum size, new events aren't written to the log and are lost.
If you disable or don't configure this policy setting and a log file reaches its maximum size, new events overwrite old events.
-Note: Old events may or may not be retained according to the "Backup log automatically when full" policy setting.
+> [!NOTE]
+> Old events may or may not be retained according to the "Backup log automatically when full" policy setting.
@@ -96,6 +95,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -117,7 +117,7 @@ This policy setting specifies the maximum size of the log file in kilobytes.
If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2,147,483,647 kilobytes) in kilobyte increments.
-If you disable or don't configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog and it defaults to 20 megabytes.
+If you disable or don't configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog, and it defaults to 20 megabytes.
@@ -142,6 +142,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -163,7 +164,7 @@ This policy setting specifies the maximum size of the log file in kilobytes.
If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2,147,483,647 kilobytes) in kilobyte increments.
-If you disable or don't configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog and it defaults to 20 megabytes.
+If you disable or don't configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog, and it defaults to 20 megabytes.
@@ -188,6 +189,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -209,7 +211,7 @@ This policy setting specifies the maximum size of the log file in kilobytes.
If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2,147,483,647 kilobytes) in kilobyte increments.
-If you disable or don't configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog and it defaults to 20 megabytes.
+If you disable or don't configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog, and it defaults to 20 megabytes.
@@ -227,3 +229,6 @@ ADMX Info:
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md
index b115b5df8c..80986cd431 100644
--- a/windows/client-management/mdm/policy-csp-experience.md
+++ b/windows/client-management/mdm/policy-csp-experience.md
@@ -1,21 +1,19 @@
---
title: Policy CSP - Experience
description: Learn how to use the Policy CSP - Experience setting to allow history of clipboard items to be stored in memory.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 11/02/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - Experience
-
-
@@ -99,7 +97,6 @@ manager: dansimp
-
@@ -111,6 +108,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -130,7 +128,7 @@ manager: dansimp
Allows history of clipboard items to be stored in memory.
-Value type is integer. Supported values:
+Supported value type is integer. Supported values are:
- 0 - Not allowed
- 1 - Allowed (default)
@@ -172,6 +170,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -205,8 +204,8 @@ ADMX Info:
The following list shows the supported values:
-- 0 – Not allowed.
-- 1 (default) – Allowed.
+- 0 – Not allowed
+- 1 (default) – Allowed
@@ -222,6 +221,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -249,8 +249,8 @@ Most restricted value is 0.
The following list shows the supported values:
-- 0 – Not allowed.
-- 1 (default) – Allowed.
+- 0 – Not allowed
+- 1 (default) – Allowed
@@ -266,6 +266,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -287,7 +288,7 @@ This policy turns on Find My Device.
When Find My Device is on, the device and its location are registered in the cloud so that the device can be located when the user initiates a Find command from account.microsoft.com. In Windows 10, version 1709 devices that are compatible with active digitizers, enabling Find My Device will also allow the user to view the last location of use of their active digitizer on their device; this location is stored locally on the user's device after each use of their active digitizer.
-When Find My Device is off, the device and its location aren't registered and the Find My Device feature won't work. In Windows 10, version 1709 the user won't be able to view the location of the last use of their active digitizer on their device.
+When Find My Device is off, the device and its location aren't registered, and the Find My Device feature won't work. In Windows 10, version 1709 the user won't be able to view the location of the last use of their active digitizer on their device.
@@ -301,8 +302,8 @@ ADMX Info:
The following list shows the supported values:
-- 0 – Not allowed.
-- 1 (default) – Allowed.
+- 0 – Not allowed
+- 1 (default) – Allowed
@@ -318,6 +319,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -335,20 +337,19 @@ The following list shows the supported values:
-Specifies whether to allow the user to delete the workplace account using the workplace control panel. If the device is Azure Active Directory joined and MDM enrolled (for example, auto-enrolled), then disabling the MDM unenrollment has no effect.
+Specifies whether to allow the user to delete the workplace account using the workplace control panel. If the device is Azure Active Directory-joined and MDM enrolled (for example, auto-enrolled), then disabling the MDM unenrollment has no effect.
> [!NOTE]
> The MDM server can always remotely delete the account.
-
Most restricted value is 0.
The following list shows the supported values:
-- 0 – Not allowed.
-- 1 (default) – Allowed.
+- 0 – Not allowed
+- 1 (default) – Allowed
@@ -377,6 +378,7 @@ This policy is deprecated.
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -423,6 +425,7 @@ This policy is deprecated.
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -459,6 +462,7 @@ Describes what values are supported in by this policy and meaning of each value
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -499,6 +503,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -522,7 +527,7 @@ This policy allows you to prevent Windows from using diagnostic data to provide
Diagnostic data can include browser, app and feature usage, depending on the "Diagnostic and usage data" setting value.
> [!NOTE]
-> This setting doesn't control Cortana cutomized experiences because there are separate policies to configure it.
+> This setting doesn't control Cortana customized experiences because there are separate policies to configure it.
Most restricted value is 0.
@@ -538,8 +543,8 @@ ADMX Info:
The following list shows the supported values:
-- 0 – Not allowed.
-- 1 (default) – Allowed.
+- 0 – Not allowed
+- 1 (default) – Allowed
@@ -555,6 +560,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -575,7 +581,6 @@ The following list shows the supported values:
> [!NOTE]
> This policy is only available for Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education.
-
Specifies whether to allow app and content suggestions from third-party software publishers in Windows spotlight features like lock screen spotlight, suggested apps in the Start menu, and Windows tips. Users may still see suggestions for Microsoft features, apps, and services.
@@ -607,6 +612,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -627,7 +633,6 @@ The following list shows the supported values:
> [!NOTE]
> Prior to Windows 10, version 1803, this policy had User scope.
-
This policy allows IT admins to turn on experiences that are typically for consumers only, such as Start suggestions, Membership notifications, Post-OOBE app install and redirect tiles.
Most restricted value is 0.
@@ -644,8 +649,8 @@ ADMX Info:
The following list shows the supported values:
-- 0 – Not allowed.
-- 1 – Allowed.
+- 0 – Not allowed
+- 1 – Allowed
@@ -661,6 +666,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -681,8 +687,7 @@ The following list shows the supported values:
> [!NOTE]
> This policy is only available for Windows 10 Enterprise and Windows 10 Education.
-
-Specifies whether to turn off all Windows spotlight features at once. If you enable this policy setting, Windows spotlight on lock screen, Windows Tips, Microsoft consumer features and other related features will be turned off. You should enable this policy setting if your goal is to minimize network traffic from target devices. If you disable or don't configure this policy setting, Windows spotlight features are allowed and may be controlled individually using their corresponding policy settings.
+Specifies whether to turn off all Windows spotlight features at once. If you enable this policy setting, Windows spotlight on lock screen, Windows Tips, Microsoft consumer features, and other related features will be turned off. You should enable this policy setting, if your goal is to minimize network traffic from target devices. If you disable or don't configure this policy setting, Windows spotlight features are allowed and may be controlled individually using their corresponding policy settings.
Most restricted value is 0.
@@ -698,8 +703,8 @@ ADMX Info:
The following list shows the supported values:
-- 0 – Not allowed.
-- 1 (default) – Allowed.
+- 0 – Not allowed
+- 1 (default) – Allowed
@@ -715,6 +720,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -749,8 +755,8 @@ ADMX Info:
The following list shows the supported values:
-- 0 – Not allowed.
-- 1 (default) – Allowed.
+- 0 – Not allowed
+- 1 (default) – Allowed
@@ -766,6 +772,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -801,8 +808,8 @@ ADMX Info:
The following list shows the supported values:
-- 0 - Not allowed.
-- 1 - Allowed.
+- 0 - Not allowed
+- 1 - Allowed
@@ -818,6 +825,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -836,7 +844,7 @@ The following list shows the supported values:
-This policy setting lets you turn off the Windows spotlight Windows welcome experience feature.
+This policy setting lets you turn off the Windows spotlight, and Windows welcome experience feature.
The Windows welcome experience feature introduces onboard users to Windows; for example, launching Microsoft Edge with a webpage that highlights new features. If you enable this policy, the Windows welcome experience will no longer be displayed when there are updates and changes to Windows and its apps. If you disable or don't configure this policy, the Windows welcome experience will be launched to inform onboard users about what's new, changed, and suggested.
Most restricted value is 0.
@@ -853,8 +861,8 @@ ADMX Info:
The following list shows the supported values:
-- 0 – Not allowed.
-- 1 (default) – Allowed.
+- 0 – Not allowed
+- 1 (default) – Allowed
@@ -870,6 +878,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -901,8 +910,8 @@ ADMX Info:
The following list shows the supported values:
-- 0 – Disabled.
-- 1 (default) – Enabled.
+- 0 – Disabled
+- 1 (default) – Enabled
@@ -916,9 +925,10 @@ The following list shows the supported values:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
-|Home|No|Yes|
+|Home|No|No|
|Pro|No|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
+|Business|No|Yes|
|Enterprise|No|Yes|
|Education|No|Yes|
@@ -937,7 +947,7 @@ This policy setting allows you to configure the Chat icon on the taskbar.
-The values for this policy are 0, 1, 2, and 3. This policy defaults to 0 if not enabled.
+The values for this policy are 0, 1, 2, and 3. This policy defaults to 0, if not enabled.
- 0 - Not Configured: The Chat icon will be configured according to the defaults for your Windows edition.
- 1 - Show: The Chat icon will be displayed on the taskbar by default. Users can show or hide it in Settings.
@@ -961,6 +971,7 @@ The values for this policy are 0, 1, 2, and 3. This policy defaults to 0 if not
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -979,10 +990,9 @@ The values for this policy are 0, 1, 2, and 3. This policy defaults to 0 if not
> [!NOTE]
-> This policy is only available for Windows 10 Enterprise and Windows 10 Education.
+> This policy is only available for Windows 10 Enterprise, and Windows 10 Education.
-
-Allows IT admins to specify whether spotlight should be used on the user's lock screen. If your organization doesn't have an Enterprise spotlight content service, then this policy will behave the same as a setting of 1.
+Allows IT admins to specify, whether spotlight should be used on the user's lock screen. If your organization doesn't have an Enterprise spotlight content service, then this policy will behave the same as a setting of 1.
@@ -1012,6 +1022,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1047,8 +1058,8 @@ ADMX Info:
The following list shows the supported values:
-- 0 (default) – Disabled.
-- 1 – Enabled.
+- 0 (default) – Disabled
+- 1 – Enabled
@@ -1064,6 +1075,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1116,6 +1128,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1153,7 +1166,6 @@ Supported values:
- 0 (default) - Allowed/turned on. The "browser" group synchronizes automatically between users' devices and lets users make changes.
- 2 - Prevented/turned off. The "browser" group doesn't use the _Sync your Settings_ option.
-
_**Sync the browser settings automatically**_
Set both **DoNotSyncBrowserSettings** and **PreventUsersFromTurningOnBrowserSyncing** to 0 (Allowed/turned on).
@@ -1190,6 +1202,7 @@ _**Turn syncing off by default but don’t disable**_
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1251,7 +1264,7 @@ _**Prevent syncing of browser settings and let users turn on syncing**_
Validation procedure:
1. Select **More > Settings**.
-1. See if the setting is enabled or disabled based on your selection.
+1. See, if the setting is enabled or disabled based on your selection.
@@ -1267,6 +1280,7 @@ Validation procedure:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1291,7 +1305,7 @@ If you enable this policy setting, the lock option is shown in the User Tile men
If you disable this policy setting, the lock option is never shown in the User Tile menu.
-If you don't configure this policy setting, the lock option is shown in the User Tile menu. Users can choose if they want to show the lock in the user tile menu from the Power Options control panel.
+If you don't configure this policy setting, the lock option is shown in the User Tile menu. Users can choose, if they want to show the lock in the user tile menu from the Power Options control panel.
@@ -1317,5 +1331,8 @@ Supported values:
-
+
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-exploitguard.md b/windows/client-management/mdm/policy-csp-exploitguard.md
index 549a130038..c187c4bbef 100644
--- a/windows/client-management/mdm/policy-csp-exploitguard.md
+++ b/windows/client-management/mdm/policy-csp-exploitguard.md
@@ -1,21 +1,19 @@
---
title: Policy CSP - ExploitGuard
description: Use the Policy CSP - ExploitGuard setting to push out the desired system configuration and application mitigation options to all the devices in the organization.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ExploitGuard
-
-
@@ -27,7 +25,6 @@ manager: dansimp
-
@@ -39,6 +36,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -101,4 +99,8 @@ Here is an example:
-
\ No newline at end of file
+
+
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-feeds.md b/windows/client-management/mdm/policy-csp-feeds.md
index b6ae2e95c6..281f12f579 100644
--- a/windows/client-management/mdm/policy-csp-feeds.md
+++ b/windows/client-management/mdm/policy-csp-feeds.md
@@ -1,20 +1,19 @@
---
title: Policy CSP - Feeds
description: Use the Policy CSP - Feeds setting policy specifies whether news and interests is allowed on the device.
-ms.author: v-nsatapathy
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: nimishasatapathy
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/17/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - Feeds
-
@@ -26,7 +25,6 @@ manager: dansimp
-
@@ -38,6 +36,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -55,7 +54,7 @@ manager: dansimp
-This policy setting specifies whether news and interests is allowed on the device.
+This policy setting specifies, whether news and interests is allowed on the device.
The values for this policy are 1 and 0. This policy defaults to 1.
@@ -77,3 +76,6 @@ ADMX Info:
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-fileexplorer.md b/windows/client-management/mdm/policy-csp-fileexplorer.md
index ae91c0694e..5f49f1d40e 100644
--- a/windows/client-management/mdm/policy-csp-fileexplorer.md
+++ b/windows/client-management/mdm/policy-csp-fileexplorer.md
@@ -1,25 +1,25 @@
---
title: Policy CSP - FileExplorer
description: Use the Policy CSP - FileExplorer setting so you can allow certain legacy plug-in applications to function without terminating Explorer.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - FileExplorer
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -48,7 +48,6 @@ manager: dansimp
-
@@ -60,6 +59,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -111,6 +111,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -162,6 +163,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -204,6 +206,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -245,6 +248,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -300,6 +304,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -347,3 +352,7 @@ ADMX Info:
+
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-games.md b/windows/client-management/mdm/policy-csp-games.md
index 8f26e60ff4..16a07d2e71 100644
--- a/windows/client-management/mdm/policy-csp-games.md
+++ b/windows/client-management/mdm/policy-csp-games.md
@@ -1,21 +1,19 @@
---
title: Policy CSP - Games
description: Learn to use the Policy CSP - Games setting so that you can specify whether advanced gaming services can be used.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - Games
-
-
@@ -27,7 +25,6 @@ manager: dansimp
-
@@ -39,6 +36,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -56,7 +54,9 @@ manager: dansimp
-Added in Windows 10, version 1709. Specifies whether advanced gaming services can be used. These services may send data to Microsoft or publishers of games that use these services. Value type is integer.
+Added in Windows 10, version 1709. Specifies whether advanced gaming services can be used. These services may send data to Microsoft or publishers of games that use these services.
+
+Supported value type is integer.
@@ -72,3 +72,6 @@ The following list shows the supported values:
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-handwriting.md b/windows/client-management/mdm/policy-csp-handwriting.md
index c2b205ad92..3146be4db8 100644
--- a/windows/client-management/mdm/policy-csp-handwriting.md
+++ b/windows/client-management/mdm/policy-csp-handwriting.md
@@ -1,21 +1,19 @@
---
title: Policy CSP - Handwriting
description: Use the Policy CSP - Handwriting setting to allow an enterprise to configure the default mode for the handwriting panel.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - Handwriting
-
-
@@ -27,7 +25,6 @@ manager: dansimp
-
@@ -39,6 +36,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -60,9 +58,9 @@ This policy allows an enterprise to configure the default mode for the handwriti
The handwriting panel has two modes - floats near the text box, or docked to the bottom of the screen. The default configuration is the one floating near text box. If you want the panel to be fixed or docked, use this policy to fix it to the bottom of the screen.
-In floating mode, the content is hidden behind a flying-in panel and results in end-user dissatisfaction. The end-user will need to drag the flying-in panel to see the rest of the content. In the fixed mode, the flying-in panel is fixed to the bottom of the screen and doesn't require any user interaction.
+In floating mode, the content is hidden behind a flying-in panel and results in end-user dissatisfaction. The end-user will need to drag the flying-in panel, to see the rest of the content. In the fixed mode, the flying-in panel is fixed to the bottom of the screen and doesn't require any user interaction.
-The docked mode is especially useful in Kiosk mode where you don't expect the end-user to drag the flying-in panel out of the way.
+The docked mode is especially useful in Kiosk mode, where you don't expect the end-user to drag the flying-in panel out of the way.
@@ -85,3 +83,7 @@ The following list shows the supported values:
+
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-humanpresence.md b/windows/client-management/mdm/policy-csp-humanpresence.md
index 9ce283864c..df30b8f920 100644
--- a/windows/client-management/mdm/policy-csp-humanpresence.md
+++ b/windows/client-management/mdm/policy-csp-humanpresence.md
@@ -1,21 +1,19 @@
---
title: Policy CSP - HumanPresence
description: Use the Policy CSP - HumanPresence setting allows wake on approach and lock on leave that can be managed from MDM.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - HumanPresence
-
-
@@ -33,7 +31,6 @@ manager: dansimp
-
@@ -45,6 +42,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|No|Yes|
|Education|No|Yes|
@@ -62,7 +60,7 @@ manager: dansimp
-This policy specifies whether the device can lock when a human presence sensor detects a human.
+This policy specifies, whether the device can lock when a human presence sensor detects a human.
@@ -79,7 +77,7 @@ The following list shows the supported values:
- 2 = ForcedOff
- 1 = ForcedOn
- 0 = DefaultToUserChoice
-- Defaults to 0.
+- Defaults to 0
@@ -94,6 +92,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|No|Yes|
|Education|No|Yes|
@@ -111,7 +110,7 @@ The following list shows the supported values:
-This policy specifies whether the device can lock when a human presence sensor detects a human.
+This policy specifies, whether the device can lock when a human presence sensor detects a human.
@@ -128,7 +127,7 @@ The following list shows the supported values:
- 2 = ForcedOff
- 1 = ForcedOn
- 0 = DefaultToUserChoice
-- Defaults to 0.
+- Defaults to 0
@@ -143,6 +142,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|No|Yes|
|Education|No|Yes|
@@ -160,7 +160,7 @@ The following list shows the supported values:
-This policy specifies at what distance the sensor wakes up when it sees a human in seconds.
+This policy specifies, at what distance the sensor wakes up when it sees a human in seconds.
@@ -172,7 +172,7 @@ ADMX Info:
-Integer value that specifies whether the device can lock when a human presence sensor detects a human.
+Integer value that specifies, whether the device can lock when a human presence sensor detects a human.
The following list shows the supported values:
@@ -188,3 +188,6 @@ The following list shows the supported values:
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-internetexplorer.md b/windows/client-management/mdm/policy-csp-internetexplorer.md
index a4b2b54bee..c92b313661 100644
--- a/windows/client-management/mdm/policy-csp-internetexplorer.md
+++ b/windows/client-management/mdm/policy-csp-internetexplorer.md
@@ -1,20 +1,18 @@
---
title: Policy CSP - InternetExplorer
description: Use the Policy CSP - InternetExplorer setting to add a specific list of search providers to the user's default list of search providers.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - InternetExplorer
-
-
@@ -215,6 +213,12 @@ manager: dansimp
@@ -803,11 +810,11 @@ manager: dansimp
> [!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -820,6 +827,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -840,9 +848,12 @@ manager: dansimp
This policy setting allows you to add a specific list of search providers to the user's default list of search providers. Normally, search providers can be added from third-party toolbars or in Setup. The user can also add a search provider from the provider's website.
-If you enable this policy setting, the user can add and remove search providers, but only from the set of search providers specified in the list of policy keys for search providers (found under [HKCU or HKLM\Software\policies\Microsoft\Internet Explorer\SearchScopes]). Note: This list can be created from a custom administrative template file. For information about creating this custom administrative template file, see the Internet Explorer documentation on search providers.
+If you enable this policy setting, the user can add and remove search providers, but only from the set of search providers specified in the list of policy keys for search providers (found under [HKCU or HKLM\Software\policies\Microsoft\Internet Explorer\SearchScopes]).
-If you disable or do not configure this policy setting, the user can configure their list of search providers unless another policy setting restricts such configuration.
+> [!NOTE]
+> This list can be created from a custom administrative template file. For information about creating this custom administrative template file, see the Internet Explorer documentation on search providers.
+
+If you disable or do not configure this policy setting, the user can configure their list of search providers, unless another policy setting restricts such configuration.
@@ -867,6 +878,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -885,7 +897,7 @@ ADMX Info:
-This policy setting controls the ActiveX Filtering feature for websites that are running ActiveX controls. The user can choose to turn off ActiveX Filtering for specific websites so that ActiveX controls can run properly.
+This policy setting controls the ActiveX Filtering feature for websites that are running ActiveX controls. The user can choose to turn off ActiveX Filtering for specific websites, so that ActiveX controls can run properly.
If you enable this policy setting, ActiveX Filtering is enabled by default for the user. The user cannot turn off ActiveX Filtering, although they may add per-site exceptions.
@@ -914,6 +926,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -938,11 +951,11 @@ This list can be used with the 'Deny all add-ons unless specifically allowed in
If you enable this policy setting, you can enter a list of add-ons to be allowed or denied by Internet Explorer. For each entry that you add to the list, enter the following information:
-Name of the Value - the CLSID (class identifier) for the add-on you wish to add to the list. The CLSID should be in brackets for example, ‘{000000000-0000-0000-0000-0000000000000}'. The CLSID for an add-on can be obtained by reading the OBJECT tag from a Web page on which the add-on is referenced.
+- Name of the Value - the CLSID (class identifier) for the add-on you wish to add to the list. The CLSID should be in brackets for example, ‘{000000000-0000-0000-0000-0000000000000}'. The CLSID for an add-on can be obtained by reading the OBJECT tag from a Web page on which the add-on is referenced.
-Value - A number indicating whether Internet Explorer should deny or allow the add-on to be loaded. To specify that an add-on should be denied enter a 0 (zero) into this field. To specify that an add-on should be allowed, enter a 1 (one) into this field. To specify that an add-on should be allowed and also permit the user to manage the add-on through Add-on Manager, enter a 2 (two) into this field.
+- Value - A number indicating whether Internet Explorer should deny or allow the add-on to be loaded. To specify that an add-on should be denied, enter a 0 (zero) into this field. To specify that an add-on should be allowed, enter a 1 (one) into this field. To specify that an add-on should be allowed and also permit the user to manage the add-on through Add-on Manager, enter a 2 (two) into this field.
-If you disable this policy setting, the list is deleted. The 'Deny all add-ons unless specifically allowed in the Add-on List' policy setting will still determine whether add-ons not in this list are assumed to be denied.
+If you disable this policy setting, the list is deleted. The 'Deny all add-ons unless specifically allowed in the Add-on List' policy setting will determine, whether add-ons not in this list are assumed to be denied.
@@ -967,6 +980,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -988,7 +1002,7 @@ This AutoComplete feature can remember and suggest User names and passwords on F
If you enable this setting, the user cannot change "User name and passwords on forms" or "prompt me to save passwords". The Auto Complete feature for User names and passwords on Forms will be turned on. You have to decide whether to select "prompt me to save passwords".
-If you disable this setting the user cannot change "User name and passwords on forms" or "prompt me to save passwords". The Auto Complete feature for User names and passwords on Forms is turned off. The user also cannot opt to be prompted to save passwords.
+If you disable this setting, the user cannot change "User name and passwords on forms" or "prompt me to save passwords". The Auto Complete feature for User names and passwords on Forms is turned off. The user also cannot opt to be prompted to save passwords.
If you do not configure this setting, the user has the freedom of turning on Auto complete for User name and passwords on forms and the option of prompting to save passwords. To display this option, the users open the Internet Options dialog box, click the Contents Tab and click the Settings button.
@@ -1015,6 +1029,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1033,7 +1048,7 @@ ADMX Info:
-This policy setting allows you to turn on the certificate address mismatch security warning. When this policy setting is turned on, the user is warned when visiting Secure HTTP (HTTPS) websites that present certificates issued for a different website address. This warning helps prevent spoofing attacks.
+This policy setting allows you to turn on the certificate address mismatch security warning. When this policy setting is turned on, the user is warned, when visiting Secure HTTP (HTTPS) websites that present certificates issued for a different website address. This warning helps prevent spoofing attacks.
If you enable this policy setting, the certificate address mismatch warning always appears.
@@ -1062,6 +1077,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1113,6 +1129,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1162,6 +1179,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1180,7 +1198,7 @@ ADMX Info:
-This policy setting allows Internet Explorer to provide enhanced suggestions as the user types in the Address bar. To provide enhanced suggestions, the user's keystrokes are sent to Microsoft through Microsoft services.
+This policy setting allows Internet Explorer to provide enhanced suggestions, as the user types in the Address bar. To provide enhanced suggestions, the user's keystrokes are sent to Microsoft through Microsoft services.
If you enable this policy setting, users receive enhanced suggestions while typing in the Address bar. In addition, users cannot change the Suggestions setting on the Settings charm.
@@ -1222,6 +1240,7 @@ Supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1240,7 +1259,7 @@ Supported values:
-This policy setting lets you decide whether users can turn on Enterprise Mode for websites with compatibility issues. Optionally, this policy also lets you specify where to get reports (through post messages) about the websites for which users turn on Enterprise Mode using the Tools menu.
+This policy setting lets you decide whether users can turn on Enterprise Mode for websites with compatibility issues. Optionally, this policy also lets you specify where to get reports (through post messages) about the websites for which users turn on Enterprise Mode, using the Tools menu.
If you turn this setting on, users can see and use the Enterprise Mode option from the Tools menu. If you turn this setting on, but don't specify a report location, Enterprise Mode will still be available to your users, but you won't get any reports.
@@ -1269,6 +1288,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1316,6 +1336,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1333,7 +1354,7 @@ ADMX Info:
-This policy setting allows you to block an insecure fallback to SSL 3.0. When this policy is enabled, Internet Explorer will attempt to connect to sites using SSL 3.0 or below when TLS 1.0 or greater fails.
+This policy setting allows you to block an insecure fallback to SSL 3.0. When this policy is enabled, Internet Explorer will attempt to connect to sites using SSL 3.0 or below, when TLS 1.0 or greater fails.
We recommend that you do not allow insecure fallback in order to prevent a man-in-the-middle attack.
@@ -1364,6 +1385,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1411,6 +1433,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1429,7 +1452,7 @@ ADMX Info:
-This policy setting controls how Internet Explorer displays local intranet content. Intranet content is defined as any webpage that belongs to the local intranet security zone.
+This policy setting controls, how Internet Explorer displays local intranet content. Intranet content is defined as any webpage that belongs to the local intranet security zone.
If you enable this policy setting, Internet Explorer uses the current user agent string for local intranet content. Additionally, all local intranet Standards Mode pages appear in the Standards Mode available with the latest version of Internet Explorer. The user cannot change this behavior through the Compatibility View Settings dialog box.
@@ -1460,6 +1483,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1478,7 +1502,7 @@ ADMX Info:
-This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.
+This template policy setting allows you to configure policy settings in this zone consistent with a selected security level. For example, Low, Medium Low, Medium, or High.
If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.
@@ -1486,9 +1510,11 @@ If you disable this template policy setting, no security level is configured.
If you do not configure this template policy setting, no security level is configured.
-Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.
+> [!NOTE]
+> Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.
-Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
+> [!NOTE]
+> It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
@@ -1513,6 +1539,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1531,7 +1558,7 @@ ADMX Info:
-This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.
+This template policy setting allows you to configure policy settings in this zone, consistent with a selected security level. For example, Low, Medium Low, Medium, or High.
If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.
@@ -1539,9 +1566,11 @@ If you disable this template policy setting, no security level is configured.
If you do not configure this template policy setting, no security level is configured.
-Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.
+> [!NOTE]
+> Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.
-Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
+> [!NOTE]
+> It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
@@ -1566,6 +1595,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1584,7 +1614,7 @@ ADMX Info:
-This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.
+This template policy setting allows you to configure policy settings in this zone consistent with a selected security level. For example, Low, Medium Low, Medium, or High.
If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.
@@ -1592,9 +1622,11 @@ If you disable this template policy setting, no security level is configured.
If you do not configure this template policy setting, no security level is configured.
-Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.
+> [!NOTE]
+> Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.
-Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
+> [!NOTE]
+> It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
@@ -1619,6 +1651,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1637,7 +1670,7 @@ ADMX Info:
-This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.
+This template policy setting allows you to configure policy settings in this zone consistent with a selected security level. For example, Low, Medium Low, Medium, or High.
If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.
@@ -1645,9 +1678,11 @@ If you disable this template policy setting, no security level is configured.
If you do not configure this template policy setting, no security level is configured.
-Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.
+> [!NOTE]
+> Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.
-Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
+> [!NOTE]
+> It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
@@ -1672,6 +1707,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1690,7 +1726,7 @@ ADMX Info:
-This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.
+This template policy setting allows you to configure policy settings in this zone consistent with a selected security level. For example, Low, Medium Low, Medium, or High.
If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.
@@ -1698,9 +1734,11 @@ If you disable this template policy setting, no security level is configured.
If you do not configure this template policy setting, no security level is configured.
-Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.
+> [!NOTE]
+> Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.
-Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
+> [!NOTE]
+> It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
@@ -1725,6 +1763,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1743,7 +1782,7 @@ ADMX Info:
-This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.
+This template policy setting allows you to configure policy settings in this zone consistent with a selected security level. For example, Low, Medium Low, Medium, or High.
If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.
@@ -1751,9 +1790,11 @@ If you disable this template policy setting, no security level is configured.
If you do not configure this template policy setting, no security level is configured.
-Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.
+> [!NOTE]
+> Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.
-Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
+> [!NOTE]
+> It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
@@ -1778,6 +1819,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1796,7 +1838,7 @@ ADMX Info:
-This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.
+This template policy setting allows you to configure policy settings in this zone consistent with a selected security level. For example, Low, Medium Low, Medium, or High.
If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.
@@ -1804,9 +1846,11 @@ If you disable this template policy setting, no security level is configured.
If you do not configure this template policy setting, no security level is configured.
-Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.
+> [!NOTE]
+> Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.
-Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
+> [!NOTE]
+> It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
@@ -1831,6 +1875,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1878,6 +1923,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1936,6 +1982,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1956,13 +2003,19 @@ ADMX Info:
This policy setting allows you to manage a list of sites that you want to associate with a particular security zone. These zone numbers have associated security settings that apply to all of the sites in the zone.
-Internet Explorer has 4 security zones, numbered 1-4, and these are used by this policy setting to associate sites to zones. They are: (1) Intranet zone, (2) Trusted Sites zone, (3) Internet zone, and (4) Restricted Sites zone. Security settings can be set for each of these zones through other policy settings, and their default settings are: Trusted Sites zone (Medium template), Intranet zone (Medium-Low template), Internet zone (Medium-high template), and Restricted Sites zone (High template). (The Local Machine zone and its locked down equivalent have special security settings that protect your local computer.)
+Internet Explorer has 4 security zones, numbered 1-4, and these are used by this policy setting to associate sites to zones. They are:
+1. Intranet zone
+1. Trusted Sites zone
+1. Internet zone
+1. Restricted Sites zone
-If you enable this policy setting, you can enter a list of sites and their related zone numbers. The association of a site with a zone will ensure that the security settings for the specified zone are applied to the site. For each entry that you add to the list, enter the following information:
+Security settings can be set for each of these zones through other policy settings, and their default settings are: Trusted Sites zone (Medium template), Intranet zone (Medium-Low template), Internet zone (Medium-high template), and Restricted Sites zone (High template). (The Local Machine zone and its locked down equivalent have special security settings that protect your local computer.)
-Valuename – A host for an intranet site, or a fully qualified domain name for other sites. The valuename may also include a specific protocol. For example, if you enter `` as the valuename, other protocols are not affected. If you enter just `www.contoso.com,` then all protocols are affected for that site, including http, https, ftp, and so on. The site may also be expressed as an IP address (e.g., 127.0.0.1) or range (e.g., 127.0.0.1-10). To avoid creating conflicting policies, do not include additional characters after the domain such as trailing slashes or URL path. For example, policy settings for `www.contoso.com` and `www.contoso.com/mail` would be treated as the same policy setting by Internet Explorer, and would therefore be in conflict.
+If you enable this policy setting, you can enter a list of sites and their related zone numbers. The association of a site with a zone will ensure that the security settings for the specified zone are applied to the site. For each entry that you add to the list, enter the following information:
-Value - A number indicating the zone with which this site should be associated for security settings. The Internet Explorer zones described above are 1-4.
+- Valuename – A host for an intranet site, or a fully qualified domain name for other sites. The valuename may also include a specific protocol. For example, if you enter `` as the valuename, other protocols are not affected. If you enter just `www.contoso.com,` then all protocols are affected for that site, including http, https, ftp, and so on. The site may also be expressed as an IP address (e.g., 127.0.0.1) or range (e.g., 127.0.0.1-10). To avoid creating conflicting policies, do not include additional characters after the domain such as trailing slashes or URL path. For example, policy settings for `www.contoso.com` and `www.contoso.com/mail` would be treated as the same policy setting by Internet Explorer, and would therefore be in conflict.
+
+- Value - A number indicating the zone with which this site should be associated for security settings. The Internet Explorer zones described above are 1-4.
If you disable or do not configure this policy, users may choose their own site-to-zone assignments.
@@ -2019,6 +2072,7 @@ Value and index pairs in the SyncML example:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2068,6 +2122,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2086,7 +2141,7 @@ ADMX Info:
-This policy setting controls the Suggested Sites feature, which recommends websites based on the user’s browsing activity. Suggested Sites reports a user’s browsing history to Microsoft to suggest sites that the user might want to visit.
+This policy setting controls the Suggested Sites feature, which recommends websites based on the user’s browsing activity. Suggested Sites reports a user’s browsing history to Microsoft, to suggest sites that the user might want to visit.
If you enable this policy setting, the user is not prompted to enable Suggested Sites. The user’s browsing history is sent to Microsoft to produce suggestions.
@@ -2117,6 +2172,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2135,7 +2191,7 @@ ADMX Info:
-This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.
+This template policy setting allows you to configure policy settings in this zone consistent with a selected security level. For example, Low, Medium Low, Medium, or High.
If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.
@@ -2143,9 +2199,11 @@ If you disable this template policy setting, no security level is configured.
If you do not configure this template policy setting, no security level is configured.
-Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.
+> [!NOTE]
+> Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.
-Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
+> [!NOTE]
+> It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
@@ -2170,6 +2228,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2188,7 +2247,7 @@ ADMX Info:
-This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.
+This template policy setting allows you to configure policy settings in this zone consistent with a selected security level. For example, Low, Medium Low, Medium, or High.
If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.
@@ -2196,9 +2255,11 @@ If you disable this template policy setting, no security level is configured.
If you do not configure this template policy setting, no security level is configured.
-Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.
+> [!NOTE]
+> Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.
-Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
+> [!NOTE]
+> It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
@@ -2223,6 +2284,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2241,7 +2303,7 @@ ADMX Info:
-This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.
+This template policy setting allows you to configure policy settings in this zone consistent with a selected security level. For example, Low, Medium Low, Medium, or High.
If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.
@@ -2249,9 +2311,11 @@ If you disable this template policy setting, no security level is configured.
If you do not configure this template policy setting, no security level is configured.
-Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.
+> [!NOTE]
+> Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.
-Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
+> [!NOTE]
+> It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
@@ -2276,6 +2340,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2325,6 +2390,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2343,7 +2409,7 @@ ADMX Info:
-This policy setting allows you to manage whether Internet Explorer checks for digital signatures (which identifies the publisher of signed software and verifies it hasn't been modified or tampered with) on user computers before downloading executable programs.
+This policy setting allows you to manage whether Internet Explorer checks for digital signatures (which identifies the publisher of signed software, and verifies it hasn't been modified or tampered with) on user computers before downloading executable programs.
If you enable this policy setting, Internet Explorer will check the digital signatures of executable programs and display their identities before downloading them to user computers.
@@ -2373,6 +2439,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2396,21 +2463,21 @@ Enables you to configure up to three versions of Microsoft Edge to open a redire
If both the Windows Update for the next version of Microsoft Edge* and Microsoft Edge Stable channel are installed, the following behaviors occur:
- If you enable this policy, you can configure redirected sites to open in up to three of the following channels where:
- 1 = Microsoft Edge Stable
- 2 = Microsoft Edge Beta version 77 or later
- 3 = Microsoft Edge Dev version 77 or later
- 4 = Microsoft Edge Canary version 77 or later
+ - 1 = Microsoft Edge Stable
+ - 2 = Microsoft Edge Beta version 77 or later
+ - 3 = Microsoft Edge Dev version 77 or later
+ - 4 = Microsoft Edge Canary version 77 or later
- If you disable or do not configure this policy, Microsoft Edge Stable channel is used. This is the default behavior.
If the Windows Update for the next version of Microsoft Edge* or Microsoft Edge Stable channel are not installed, the following behaviors occur:
- If you enable this policy, you can configure redirected sites to open in up to three of the following channels where:
- 0 = Microsoft Edge version 45 or earlier
- 1 = Microsoft Edge Stable
- 2 = Microsoft Edge Beta version 77 or later
- 3 = Microsoft Edge Dev version 77 or later
- 4 = Microsoft Edge Canary version 77 or later
+ - 0 = Microsoft Edge version 45 or earlier
+ - 1 = Microsoft Edge Stable
+ - 2 = Microsoft Edge Beta version 77 or later
+ - 3 = Microsoft Edge Dev version 77 or later
+ - 4 = Microsoft Edge Canary version 77 or later
- If you disable or do not configure this policy, Microsoft Edge version 45 or earlier is automatically used. This is the default behavior.
@@ -2642,6 +2709,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2662,7 +2730,7 @@ ADMX Info:
Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files received through a Web server.
-This policy setting determines whether Internet Explorer requires that all file-type information provided by Web servers be consistent. For example, if the MIME type of a file is text/plain but the MIME sniff indicates that the file is really an executable file, Internet Explorer renames the file by saving it in the Internet Explorer cache and changing its extension.
+This policy setting determines, whether Internet Explorer requires that all file-type information provided by Web servers be consistent. For example, if the MIME type of a file is text/plain, but the MIME sniff indicates that the file is really an executable file, then Internet Explorer renames the file by saving it in the Internet Explorer cache and changing its extension.
If you enable this policy setting, Internet Explorer requires consistent MIME data for all received files.
@@ -2693,6 +2761,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2713,7 +2782,7 @@ ADMX Info:
This setting determines whether IE automatically downloads updated versions of Microsoft’s VersionList.XML. IE uses this file to determine whether an ActiveX control should be stopped from loading.
> [!Caution]
-> If you enable this setting, IE stops downloading updated versions of VersionList.XML. Turning off this automatic download breaks the [out-of-date ActiveX control blocking feature](/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking) by not letting the version list update with newly outdated controls, potentially compromising the security of your computer.
+> If you enable this setting, IE stops downloading updated versions of VersionList.XML. Turning off this automatic download, breaks the [out-of-date ActiveX control blocking feature](/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking) by not letting the version list update with newly outdated controls, potentially compromising the security of your computer.
If you disable or do not configure this setting, IE continues to download updated versions of VersionList.XML.
@@ -2751,6 +2820,7 @@ Supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2800,6 +2870,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2847,6 +2918,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2894,6 +2966,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2952,6 +3025,7 @@ Supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2970,7 +3044,10 @@ Supported values:
-This setting specifies the number of days that Internet Explorer tracks views of pages in the History List. To access the Temporary Internet Files and History Settings dialog box, from the Menu bar, on the Tools menu, click Internet Options, click the General tab, and then click Settings under Browsing history.
+This setting specifies the number of days that Internet Explorer tracks views of pages in the History List. To access the Temporary Internet Files and History Settings dialog box, do the following:
+
+1. From the Menu bar, on the Tools menu, click Internet Options.
+1. Click the General tab, and then click Settings under Browsing history.
If you enable this policy setting, a user cannot set the number of days that Internet Explorer tracks views of the pages in the History List. You must specify the number of days that Internet Explorer tracks views of pages in the History List. Users can not delete browsing history.
@@ -2999,6 +3076,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3046,6 +3124,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3095,6 +3174,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3146,6 +3226,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3193,6 +3274,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3217,7 +3299,8 @@ If you enable this policy setting, the browser negotiates or does not negotiate
If you disable or do not configure this policy setting, the user can select which encryption method the browser supports.
-Note: SSL 2.0 is off by default and is no longer supported starting with Windows 10 Version 1607. SSL 2.0 is an outdated security protocol, and enabling SSL 2.0 impairs the performance and functionality of TLS 1.0.
+> [!NOTE]
+> SSL 2.0 is off by default and is no longer supported starting with Windows 10 Version 1607. SSL 2.0 is an outdated security protocol, and enabling SSL 2.0 impairs the performance and functionality of TLS 1.0.
@@ -3242,6 +3325,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3300,6 +3384,7 @@ Supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3318,7 +3403,7 @@ Supported values:
-This policy setting prevents Internet Explorer from running the First Run wizard the first time a user starts the browser after installing Internet Explorer or Windows.
+This policy setting prevents Internet Explorer from running the First Run wizard, the first time a user starts the browser after installing Internet Explorer or Windows.
If you enable this policy setting, you must make one of the following choices:
- Skip the First Run wizard, and go directly to the user's home page.
@@ -3326,7 +3411,7 @@ If you enable this policy setting, you must make one of the following choices:
Starting with Windows 8, the "Welcome to Internet Explorer" webpage is not available. The user's home page will display regardless of which option is chosen.
-If you disable or do not configure this policy setting, Internet Explorer may run the First Run wizard the first time the browser is started after installation.
+If you disable or do not configure this policy setting, Internet Explorer may run the First Run wizard, the first time the browser is started after installation.
@@ -3351,6 +3436,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3402,6 +3488,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3462,6 +3549,7 @@ Supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3506,6 +3594,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3578,6 +3667,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3625,6 +3715,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3676,6 +3767,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3694,13 +3786,14 @@ ADMX Info:
-This policy setting determines whether Internet Explorer 11 uses 64-bit processes (for greater security) or 32-bit processes (for greater compatibility) when running in Enhanced Protected Mode on 64-bit versions of Windows.
+This policy setting determines whether Internet Explorer 11 uses 64-bit processes (for greater security) or 32-bit processes (for greater compatibility), when running in Enhanced Protected Mode on 64-bit versions of Windows.
-Important: Some ActiveX controls and toolbars may not be available when 64-bit processes are used.
+> [!IMPORTANT]
+> Some ActiveX controls and toolbars may not be available when 64-bit processes are used.
-If you enable this policy setting, Internet Explorer 11 will use 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows.
+If you enable this policy setting, Internet Explorer 11 will use 64-bit tab processes, when running in Enhanced Protected Mode on 64-bit versions of Windows.
-If you disable this policy setting, Internet Explorer 11 will use 32-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows.
+If you disable this policy setting, Internet Explorer 11 will use 32-bit tab processes, when running in Enhanced Protected Mode on 64-bit versions of Windows.
If you don't configure this policy setting, users can turn this feature on or off using Internet Explorer settings. This feature is turned off by default.
@@ -3727,6 +3820,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3774,6 +3868,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3821,6 +3916,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3845,7 +3941,8 @@ If you enable this policy setting, you can specify which default home pages shou
If you disable or do not configure this policy setting, the user can add secondary home pages.
-Note: If the “Disable Changing Home Page Settings” policy is enabled, the user cannot add secondary home pages.
+> [!NOTE]
+> If the “Disable Changing Home Page Settings” policy is enabled, the user cannot add secondary home pages.
@@ -3870,6 +3967,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3917,6 +4015,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3936,7 +4035,7 @@ ADMX Info:
Prevents Internet Explorer from checking whether a new version of the browser is available.
-If you enable this policy, it prevents Internet Explorer from checking to see whether it is the latest available browser version and notifying users if a new version is available.
+If you enable this policy, it prevents Internet Explorer from checking to see whether it is the latest available browser version and notifies users if a new version is available.
If you disable this policy or do not configure it, Internet Explorer checks every 30 days by default, and then notifies users if a new version is available.
@@ -3965,6 +4064,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4025,6 +4125,7 @@ Supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4076,6 +4177,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4101,7 +4203,8 @@ If you disable this policy or do not configure it, users can add Web sites to or
This policy prevents users from changing site management settings for security zones established by the administrator.
-Note: The "Disable the Security page" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), which removes the Security tab from the interface, takes precedence over this policy. If it is enabled, this policy is ignored.
+> [!NOTE]
+> The "Disable the Security page" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), which removes the Security tab from the interface, takes precedence over this policy. If it is enabled, this policy is ignored.
Also, see the "Security zones: Use only machine settings" policy.
@@ -4128,6 +4231,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4153,7 +4257,8 @@ If you disable this policy or do not configure it, users can change the settings
This policy prevents users from changing security zone settings established by the administrator.
-Note: The "Disable the Security page" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), which removes the Security tab from Internet Explorer in Control Panel, takes precedence over this policy. If it is enabled, this policy is ignored.
+> [!NOTE]
+> The "Disable the Security page" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), which removes the Security tab from Internet Explorer in Control Panel, takes precedence over this policy. If it is enabled, this policy is ignored.
Also, see the "Security zones: Use only machine settings" policy.
@@ -4180,6 +4285,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4229,6 +4335,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4251,9 +4358,9 @@ This policy setting allows you to manage a list of domains on which Internet Exp
If you enable this policy setting, you can enter a custom list of domains for which outdated ActiveX controls won't be blocked in Internet Explorer. Each domain entry must be formatted like one of the following:
-1. "domain.name.TLD". For example, if you want to include *.contoso.com/*, use "contoso.com"
-2. "hostname". For example, if you want to include http://example, use "example"
-3. "file:///path/filename.htm". For example, use "file:///C:/Users/contoso/Desktop/index.htm"
+1. "domain.name.TLD". For example, if you want to include *.contoso.com/*, use "contoso.com".
+2. "hostname". For example, if you want to include http://example, use "example".
+3. "file:///path/filename.htm". For example, use "file:///C:/Users/contoso/Desktop/index.htm".
If you disable or don't configure this policy setting, the list is deleted and Internet Explorer continues to block specific outdated ActiveX controls on all domains in the Internet Zone.
@@ -4282,6 +4389,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4310,13 +4418,13 @@ This policy setting lets admins enable extended Microsoft Edge Internet Explorer
The following list shows the supported values:
-- 0 (default) - Disabled.
-- 1 - Enabled.
+- 0 (default) - Disabled
+- 1 - Enabled
ADMX Info:
-- GP Friendly name: *Allows enterprises to provide their users with a single-browser experience*
+- GP Friendly name: *Enable extended hot keys in Internet Explorer mode*
- GP name: *EnableExtendedIEModeHotkeys*
- GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management*
- GP ADMX file name: *inetres.admx*
@@ -4325,8 +4433,9 @@ ADMX Info:
+
-**InternetExplorer/IncludeAllLocalSites**
+**InternetExplorer/EnableGlobalWindowListInIEMode**
@@ -4334,6 +4443,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4352,11 +4462,119 @@ ADMX Info:
-This policy setting controls whether local sites which are not explicitly mapped into any Security Zone are forced into the local Intranet security zone.
+This setting allows Internet Explorer mode to use the global window list that enables sharing state with other applications.
+The setting will take effect only when Internet Explorer 11 is disabled as a standalone browser.
+
+- If you enable this policy, Internet Explorer mode will use the global window list.
+
+- If you disable or don’t configure this policy, Internet Explorer mode will continue to maintain a separate window list.
+
+
+
+The following list shows the supported values:
+
+- 0 (default) - Disabled
+- 1 - Enabled
+
+
+
+ADMX Info:
+- GP Friendly name: *Enable global window list in Internet Explorer mode*
+- GP name: *EnableGlobalWindowListInIEMode*
+- GP path: *Windows Components/Internet Explorer/Main*
+- GP ADMX file name: *inetres.admx*
+
+
+
+
+
+
+
+**InternetExplorer/HideInternetExplorer11RetirementNotification**
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|No|
+|Windows SE|No|No|
+|Business|Yes|No|
+|Enterprise|Yes|No|
+|Education|Yes|No|
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+> * Device
+
+
+
+
+
+This policy setting allows you to manage whether the notification bar reminder that Internet Explorer is being retired is displayed. By default, the Notification bar is displayed in Internet Explorer 11.
+
+- If you enable this policy setting, the notification bar will not be displayed in Internet Explorer 11.
+
+- If you disable, or do not configure, this policy setting, the notification bar will be displayed in Internet Explorer 11.
+
+
+
+The following list shows the supported values:
+
+- 0 (default) - Disabled
+- 1 - Enabled
+
+
+
+ADMX Info:
+- GP Friendly name: *Hide Internet Explorer 11 retirement notification*
+- GP name: *DisableIEAppDeprecationNotification*
+- GP path: *Windows Components/Internet Explorer/Main*
+- GP ADMX file name: *inetres.admx*
+
+
+
+
+
+
+**InternetExplorer/IncludeAllLocalSites**
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+> * Device
+
+
+
+
+
+This policy setting controls, whether local sites which are not explicitly mapped into any Security Zone are forced into the local Intranet security zone.
If you enable this policy setting, local sites which are not explicitly mapped into a zone are considered to be in the Intranet Zone.
-If you disable this policy setting, local sites which are not explicitly mapped into a zone will not be considered to be in the Intranet Zone (so would typically be in the Internet Zone).
+If you disable this policy setting, local sites which are not explicitly mapped into a zone will not be considered in the Intranet Zone (so would typically be in the Internet Zone).
If you do not configure this policy setting, users choose whether to force local sites into the Intranet Zone.
@@ -4383,6 +4601,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4401,7 +4620,7 @@ ADMX Info:
-This policy setting controls whether URLs representing UNCs are mapped into the local Intranet security zone.
+This policy setting controls, whether URLs representing UNCs are mapped into the local Intranet security zone.
If you enable this policy setting, all network paths are mapped into the Intranet Zone.
@@ -4432,6 +4651,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4450,7 +4670,7 @@ ADMX Info:
-This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).
+This policy setting allows you to manage, whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).
If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.
@@ -4481,6 +4701,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4499,7 +4720,7 @@ ADMX Info:
-This policy setting manages whether users will be automatically prompted for ActiveX control installations.
+This policy setting manages, whether users will be automatically prompted for ActiveX control installations.
If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.
@@ -4530,6 +4751,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4548,7 +4770,7 @@ ADMX Info:
-This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.
+This policy setting determines, whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.
If you enable this setting, users will receive a file download dialog for automatic download attempts.
@@ -4577,6 +4799,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4595,11 +4818,11 @@ ADMX Info:
-This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste) in a specified region.
+This policy setting allows you to manage, whether scripts can perform a clipboard operation (for example, cut, copy, and paste) in a specified region.
If you enable this policy setting, a script can perform a clipboard operation.
-If you select Prompt in the drop-down box, users are queried as to whether to perform clipboard operations.
+If you select Prompt in the drop-down box, users are queried, whether to perform clipboard operations.
If you disable this policy setting, a script cannot perform a clipboard operation.
@@ -4628,6 +4851,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4646,7 +4870,7 @@ ADMX Info:
-This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.
+This policy setting allows you to manage, whether users can drag files or copy and paste files from a source within the zone.
If you enable this policy setting, users can drag files or copy and paste files from this zone automatically. If you select Prompt in the drop-down box, users are queried to choose whether to drag or copy files from this zone.
@@ -4677,6 +4901,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4695,7 +4920,7 @@ ADMX Info:
-This policy setting allows you to manage whether pages of the zone may download HTML fonts.
+This policy setting allows you to manage, whether pages of the zone may download HTML fonts.
If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.
@@ -4726,6 +4951,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4744,11 +4970,11 @@ ADMX Info:
-This policy setting allows you to manage whether Web sites from less privileged zones, such as Restricted Sites, can navigate into this zone.
+This policy setting allows you to manage, whether Web sites from less privileged zones, such as Restricted Sites, can navigate into this zone.
-If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.
+If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.
-If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
+If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone, as set by Protection from Zone Elevation feature control.
If you do not configure this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone.
@@ -4775,6 +5001,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4824,6 +5051,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4842,9 +5070,9 @@ ADMX Info:
-This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
+This policy setting allows you to manage, whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
-If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.
+If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine, whether to execute unsigned managed components.
If you disable this policy setting, Internet Explorer will not execute unsigned managed components.
@@ -4873,6 +5101,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4891,7 +5120,7 @@ ADMX Info:
-This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.
+This policy setting controls, whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.
If you enable this policy setting, the user is prompted before ActiveX controls can run from websites in this zone. The user can choose to allow the control to run from the current site or from all sites.
@@ -4920,6 +5149,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4938,7 +5168,7 @@ ADMX Info:
-This policy setting controls whether or not the user is allowed to run the TDC ActiveX control on websites.
+This policy setting controls, whether or not the user is allowed to run the TDC ActiveX control on websites.
If you enable this policy setting, the TDC ActiveX control will not run from websites in this zone.
@@ -4967,6 +5197,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5016,6 +5247,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5034,7 +5266,7 @@ ADMX Info:
-This policy setting determines whether a page can control embedded WebBrowser controls via script.
+This policy setting determines, whether a page can control embedded WebBrowser controls via script.
If you enable this policy setting, script access to the WebBrowser control is allowed.
@@ -5065,6 +5297,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5083,7 +5316,7 @@ ADMX Info:
-This policy setting allows you to manage whether the user can run scriptlets.
+This policy setting allows you to manage, whether the user can run scriptlets.
If you enable this policy setting, the user can run scriptlets.
@@ -5114,6 +5347,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5132,7 +5366,7 @@ ADMX Info:
-This policy setting controls whether Windows Defender SmartScreen scans pages in this zone for malicious content.
+This policy setting controls, whether Windows Defender SmartScreen scans pages in this zone for malicious content.
If you enable this policy setting, Windows Defender SmartScreen scans pages in this zone for malicious content.
@@ -5140,7 +5374,8 @@ If you disable this policy setting, Windows Defender SmartScreen does not scan p
If you do not configure this policy setting, the user can choose whether Windows Defender SmartScreen scans pages in this zone for malicious content.
-Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
+> [!NOTE]
+> In Internet Explorer 7, this policy setting controls whether Phishing Filter, scans pages in this zone for malicious content.
@@ -5165,6 +5400,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5183,7 +5419,7 @@ ADMX Info:
-This policy setting allows you to manage whether script is allowed to update the status bar within the zone.
+This policy setting allows you to manage, whether script is allowed to update the status bar within the zone.
If you enable this policy setting, script is allowed to update the status bar.
@@ -5212,6 +5448,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5230,7 +5467,7 @@ ADMX Info:
-This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.
+This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored, if this policy setting is appropriately configured.
If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
@@ -5261,6 +5498,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5279,7 +5517,7 @@ ADMX Info:
-This policy setting allows you to manage whether VBScript can be run on pages from the specified zone in Internet Explorer.
+This policy setting allows you to manage, whether VBScript can be run on pages from the specified zone in Internet Explorer.
If you selected Enable in the drop-down box, VBScript can run without user intervention.
@@ -5312,6 +5550,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5332,11 +5571,11 @@ ADMX Info:
This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they're safe to load on pages.
-If you enable this policy setting, Internet Explorer won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control.
+If you enable this policy setting, Internet Explorer won't check with your antimalware program, to see if it's safe to create an instance of the ActiveX control.
-If you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control.
+If you disable this policy setting, Internet Explorer always checks with your antimalware program, to see if it's safe to create an instance of the ActiveX control.
-If you don't configure this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer Security settings.
+If you don't configure this policy setting, Internet Explorer always checks with your antimalware program, to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer Security settings.
@@ -5361,6 +5600,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5379,13 +5619,13 @@ ADMX Info:
-This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.
+This policy setting allows you to manage, whether users may download signed ActiveX controls from a page in the zone.
If you enable this policy, users can download signed controls without user intervention. If you select Prompt in the drop-down box, users are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded.
If you disable the policy setting, signed controls cannot be downloaded.
-If you do not configure this policy setting, users are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded.
+If you do not configure this policy setting, users are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded.
@@ -5410,6 +5650,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5428,7 +5669,7 @@ ADMX Info:
-This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an untrusted zone.
+This policy setting allows you to manage, whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an untrusted zone.
If you enable this policy setting, users can run unsigned controls without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to allow the unsigned control to run.
@@ -5459,6 +5700,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5506,6 +5748,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5524,15 +5767,15 @@ ADMX Info:
-This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.
+This policy setting allows you to set options for dragging content from one domain to a different domain, when the source and destination are in different windows.
-If you enable this policy setting and click Enable, users can drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change this setting.
+If you enable this policy setting and click Enable, users can drag content from one domain to a different domain, when the source and destination are in different windows. Users cannot change this setting.
-If you enable this policy setting and click Disable, users cannot drag content from one domain to a different domain when both the source and destination are in different windows. Users cannot change this setting.
+If you enable this policy setting and click Disable, users cannot drag content from one domain to a different domain, when both the source and destination are in different windows. Users cannot change this setting.
-In Internet Explorer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination are in different windows. Users can change this setting in the Internet Options dialog.
+In Internet Explorer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain, when the source and destination are in different windows. Users can change this setting in the Internet Options dialog.
-In Internet Explorer 9 and earlier versions, if you disable this policy or do not configure it, users can drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change this setting.
+In Internet Explorer 9 and earlier versions, if you disable this policy or do not configure it, users can drag content from one domain to a different domain, when the source and destination are in different windows. Users cannot change this setting.
@@ -5557,6 +5800,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5575,15 +5819,15 @@ ADMX Info:
-This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.
+This policy setting allows you to set options for dragging content from one domain to a different domain, when the source and destination are in the same window.
-If you enable this policy setting and click Enable, users can drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting.
+If you enable this policy setting and click Enable, users can drag content from one domain to a different domain, when the source and destination are in the same window. Users cannot change this setting.
-If you enable this policy setting and click Disable, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting in the Internet Options dialog.
+If you enable this policy setting and click Disable, users cannot drag content from one domain to a different domain, when the source and destination are in the same window. Users cannot change this setting in the Internet Options dialog.
-In Internet Explorer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users can change this setting in the Internet Options dialog.
+In Internet Explorer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain, when the source and destination are in the same window. Users can change this setting in the Internet Options dialog.
-In Internet Explorer 9 and earlier versions, if you disable this policy setting or do not configure it, users can drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting in the Internet Options dialog.
+In Internet Explorer 9 and earlier versions, if you disable this policy setting or do not configure it, users can drag content from one domain to a different domain, when the source and destination are in the same window. Users cannot change this setting in the Internet Options dialog.
@@ -5608,6 +5852,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5657,6 +5902,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5675,7 +5921,7 @@ ADMX Info:
-This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.
+This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities, by reducing the locations that Internet Explorer can write to in the registry and the file system.
If you enable this policy setting, Protected Mode is turned on. The user cannot turn off Protected Mode.
@@ -5706,6 +5952,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5724,7 +5971,7 @@ ADMX Info:
-This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent, some information may be unintentionally revealed to the server. For instance, files sent from the user's desktop may contain the user name as a part of the path.
+This policy setting controls whether or not local path information is sent, when the user is uploading a file via an HTML form. If the local path information is sent, some information may be unintentionally revealed to the server. For instance, files sent from the user's desktop may contain the user name as a part of the path.
If you enable this policy setting, path information is sent when the user is uploading a file via an HTML form.
@@ -5755,6 +6002,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5805,7 +6053,8 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
-|Business|||
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5828,6 +6077,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5852,7 +6102,7 @@ If you enable this policy setting, you can choose options from the drop-down box
Low Safety enables applets to perform all operations.
-Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.
+Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer), and user-controlled file I/O.
High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.
@@ -5883,6 +6133,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5901,9 +6152,9 @@ ADMX Info:
-This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.
+This policy setting allows you to manage, whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.
-If you enable this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone.
+If you enable this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone, without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone.
If you disable this policy setting, users are prevented from running applications and downloading files from IFRAMEs on the pages in this zone.
@@ -5932,6 +6183,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -5954,11 +6206,11 @@ This policy setting allows you to manage settings for logon options.
If you enable this policy setting, you can choose from the following logon options.
-Anonymous logon to disable HTTP authentication and use the guest account only for the Common Internet File System (CIFS) protocol.
+Anonymous logon to disable HTTP authentication, and use the guest account only for the Common Internet File System (CIFS) protocol.
Prompt for user name and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder of the session.
-Automatic logon only in Intranet zone to query users for user IDs and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session.
+Automatic logon, only in Intranet zone to query users for user IDs and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session.
Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not supported by the server, the user is queried to provide the user name and password.
@@ -5989,6 +6241,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -6007,13 +6260,13 @@ ADMX Info:
-This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.
+This policy setting allows you to manage the opening of windows and frames, and access of applications across different domains.
-If you enable this policy setting, users can open windows and frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains.
+If you enable this policy setting, users can open windows and frames from other domains, and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains.
If you disable this policy setting, users cannot open windows and frames to access applications from different domains.
-If you do not configure this policy setting, users can open windows and frames from other domains and access applications from other domains.
+If you do not configure this policy setting, users can open windows and frames from other domains, and access applications from other domains.
@@ -6038,6 +6291,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -6056,9 +6310,9 @@ ADMX Info:
-This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
+This policy setting allows you to manage, whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
-If you enable this policy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute signed managed components.
+If you enable this policy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine, whether to execute signed managed components.
If you disable this policy setting, Internet Explorer will not execute signed managed components.
@@ -6087,6 +6341,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -6105,7 +6360,7 @@ ADMX Info:
-This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer, for example).
+This policy setting controls, whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer, for example).
If you enable this policy setting and set the drop-down box to Enable, these files open without a security warning. If you set the drop-down box to Prompt, a security warning appears before the files open.
@@ -6136,6 +6391,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -6154,7 +6410,7 @@ ADMX Info:
-This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.
+This policy setting allows you to manage, whether unwanted pop-up windows appear. Pop-up windows that are opened, when the end user clicks a link are not blocked.
If you enable this policy setting, most unwanted pop-up windows are prevented from appearing.
@@ -6185,6 +6441,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -6203,13 +6460,13 @@ ADMX Info:
-This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).
+This policy setting allows you to manage, whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).
If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.
If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
-If you do not configure this policy setting, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.
+If you do not configure this policy setting, users are queried to choose, whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.
@@ -6234,6 +6491,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -6252,7 +6510,7 @@ ADMX Info:
-This policy setting manages whether users will be automatically prompted for ActiveX control installations.
+This policy setting manages, whether users will be automatically prompted for ActiveX control installations.
If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.
@@ -6283,6 +6541,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -6301,7 +6560,7 @@ ADMX Info:
-This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.
+This policy setting determines, whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.
If you enable this setting, users will receive a file download dialog for automatic download attempts.
@@ -6330,6 +6589,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -6348,7 +6608,7 @@ ADMX Info:
-This policy setting allows you to manage whether pages of the zone may download HTML fonts.
+This policy setting allows you to manage, whether pages of the zone may download HTML fonts.
If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.
@@ -6379,6 +6639,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -6397,11 +6658,11 @@ ADMX Info:
-This policy setting allows you to manage whether Web sites from less privileged zones, such as Restricted Sites, can navigate into this zone.
+This policy setting allows you to manage, whether Web sites from less privileged zones, such as Restricted Sites, can navigate into this zone.
-If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.
+If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.
-If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
+If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone, as set by Protection from Zone Elevation feature control.
If you do not configure this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone.
@@ -6428,6 +6689,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -6446,9 +6708,9 @@ ADMX Info:
-This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
+This policy setting allows you to manage, whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag, and managed executables referenced from a link.
-If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.
+If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine, whether to execute unsigned managed components.
If you disable this policy setting, Internet Explorer will not execute unsigned managed components.
@@ -6477,6 +6739,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -6495,7 +6758,7 @@ ADMX Info:
-This policy setting allows you to manage whether the user can run scriptlets.
+This policy setting allows you to manage, whether the user can run scriptlets.
If you enable this policy setting, the user can run scriptlets.
@@ -6526,6 +6789,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -6544,7 +6808,7 @@ ADMX Info:
-This policy setting controls whether Windows Defender SmartScreen scans pages in this zone for malicious content.
+This policy setting controls, whether Windows Defender SmartScreen scans pages in this zone for malicious content.
If you enable this policy setting, Windows Defender SmartScreen scans pages in this zone for malicious content.
@@ -6552,7 +6816,8 @@ If you disable this policy setting, Windows Defender SmartScreen does not scan p
If you do not configure this policy setting, the user can choose whether Windows Defender SmartScreen scans pages in this zone for malicious content.
-Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
+> [!NOTE]
+> In Internet Explorer 7, this policy setting controls whether Phishing Filter, scans pages in this zone for malicious content.
@@ -6577,6 +6842,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -6595,7 +6861,7 @@ ADMX Info:
-This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.
+This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored, if this policy setting is appropriately configured.
If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
@@ -6626,6 +6892,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -6644,13 +6911,13 @@ ADMX Info:
-This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they're safe to load on pages.
+This policy setting determines, whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they're safe to load on pages.
If you enable this policy setting, Internet Explorer won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control.
-If you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control.
+If you disable this policy setting, Internet Explorer always checks with your antimalware program, to see if it's safe to create an instance of the ActiveX control.
-If you don't configure this policy setting, Internet Explorer won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer Security settings.
+If you don't configure this policy setting, Internet Explorer won't check with your antimalware program, to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer Security settings.
@@ -6675,6 +6942,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -6726,6 +6994,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -6750,7 +7019,7 @@ If you enable this policy setting, you can choose options from the drop-down box
Low Safety enables applets to perform all operations.
-Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.
+Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer), and user-controlled file I/O.
High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.
@@ -6781,6 +7050,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -6799,13 +7069,13 @@ ADMX Info:
-This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.
+This policy setting allows you to manage the opening of windows and frames, and access of applications across different domains.
-If you enable this policy setting, users can open windows and frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains.
+If you enable this policy setting, users can open windows and frames from other domains, and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains.
If you disable this policy setting, users cannot open windows and frames to access applications from different domains.
-If you do not configure this policy setting, users can open windows and frames from other domains and access applications from other domains.
+If you do not configure this policy setting, users can open windows and frames from other domains, and access applications from other domains.
@@ -6830,6 +7100,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -6851,7 +7122,7 @@ ADMX Info:
This policy setting prevents intranet sites from being opened in any browser except Internet Explorer.
> [!NOTE]
-> If the [InternetExplorer/SendSitesNotInEnterpriseSiteListToEdg](#internetexplorer-policies)e policy is not enabled, then this policy has no effect.
+> If the [InternetExplorer/SendSitesNotInEnterpriseSiteListToEdge](#internetexplorer-policies) policy is not enabled, then this policy has no effect.
If you enable this policy, all intranet sites are opened in Internet Explorer 11. The only exceptions are sites listed in your Enterprise Mode Site List.
If you disable or do not configure this policy, all intranet sites are automatically opened in Microsoft Edge.
@@ -6905,6 +7176,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -6923,7 +7195,7 @@ ADMX Info:
-This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).
+This policy setting allows you to manage, whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).
If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.
@@ -6954,6 +7226,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -6972,7 +7245,7 @@ ADMX Info:
-This policy setting manages whether users will be automatically prompted for ActiveX control installations.
+This policy setting manages, whether users will be automatically prompted for ActiveX control installations.
If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.
@@ -7003,6 +7276,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -7021,7 +7295,7 @@ ADMX Info:
-This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.
+This policy setting determines, whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.
If you enable this setting, users will receive a file download dialog for automatic download attempts.
@@ -7050,6 +7324,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -7068,7 +7343,7 @@ ADMX Info:
-This policy setting allows you to manage whether pages of the zone may download HTML fonts.
+This policy setting allows you to manage, whether pages of the zone may download HTML fonts.
If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.
@@ -7099,6 +7374,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -7117,13 +7393,13 @@ ADMX Info:
-This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone.
+This policy setting allows you to manage, whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone.
If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.
-If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
+If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone, as set by Protection from Zone Elevation feature control.
-If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
+If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be in this zone, as set by Protection from Zone Elevation feature control.
@@ -7148,6 +7424,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -7166,9 +7443,9 @@ ADMX Info:
-This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
+This policy setting allows you to manage, whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
-If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.
+If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine, whether to execute unsigned managed components.
If you disable this policy setting, Internet Explorer will not execute unsigned managed components.
@@ -7197,6 +7474,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -7215,7 +7493,7 @@ ADMX Info:
-This policy setting allows you to manage whether the user can run scriptlets.
+This policy setting allows you to manage, whether the user can run scriptlets.
If you enable this policy setting, the user can run scriptlets.
@@ -7246,6 +7524,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -7264,7 +7543,7 @@ ADMX Info:
-This policy setting controls whether Windows Defender SmartScreen scans pages in this zone for malicious content.
+This policy setting controls, whether Windows Defender SmartScreen scans pages in this zone for malicious content.
If you enable this policy setting, Windows Defender SmartScreen scans pages in this zone for malicious content.
@@ -7272,7 +7551,8 @@ If you disable this policy setting, Windows Defender SmartScreen does not scan p
If you do not configure this policy setting, the user can choose whether Windows Defender SmartScreen scans pages in this zone for malicious content.
-Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
+> [!NOTE]
+> In Internet Explorer 7, this policy setting controls whether Phishing Filter, scans pages in this zone for malicious content.
@@ -7297,6 +7577,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -7315,7 +7596,7 @@ ADMX Info:
-This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.
+This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored, if this policy setting is appropriately configured.
If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
@@ -7346,6 +7627,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -7364,13 +7646,13 @@ ADMX Info:
-This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they're safe to load on pages.
+This policy setting determines, whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they're safe to load on pages.
-If you enable this policy setting, Internet Explorer won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control.
+If you enable this policy setting, Internet Explorer won't check with your antimalware program, to see if it's safe to create an instance of the ActiveX control.
-If you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control.
+If you disable this policy setting, Internet Explorer always checks with your antimalware program, to see if it's safe to create an instance of the ActiveX control.
-If you don't configure this policy setting, Internet Explorer won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer Security settings.
+If you don't configure this policy setting, Internet Explorer won't check with your antimalware program, to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer Security settings.
@@ -7395,6 +7677,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -7446,6 +7729,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -7470,7 +7754,7 @@ If you enable this policy setting, you can choose options from the drop-down box
Low Safety enables applets to perform all operations.
-Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.
+Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer), and user-controlled file I/O.
High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.
@@ -7501,6 +7785,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -7519,13 +7804,13 @@ ADMX Info:
-This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.
+This policy setting allows you to manage the opening of windows and frames, and access of applications across different domains.
-If you enable this policy setting, users can open windows and frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains.
+If you enable this policy setting, users can open windows and frames from other domains, and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains.
If you disable this policy setting, users cannot open windows and frames to access applications from different domains.
-If you do not configure this policy setting, users can open windows and frames from other domains and access applications from other domains.
+If you do not configure this policy setting, users can open windows and frames from other domains, and access applications from other domains.
@@ -7550,6 +7835,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -7568,7 +7854,7 @@ ADMX Info:
-This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).
+This policy setting allows you to manage, whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).
If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.
@@ -7599,6 +7885,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -7617,7 +7904,7 @@ ADMX Info:
-This policy setting manages whether users will be automatically prompted for ActiveX control installations.
+This policy setting manages, whether users will be automatically prompted for ActiveX control installations.
If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.
@@ -7648,6 +7935,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -7666,7 +7954,7 @@ ADMX Info:
-This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.
+This policy setting determines, whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.
If you enable this setting, users will receive a file download dialog for automatic download attempts.
@@ -7695,6 +7983,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -7713,7 +8002,7 @@ ADMX Info:
-This policy setting allows you to manage whether pages of the zone may download HTML fonts.
+This policy setting allows you to manage, whether pages of the zone may download HTML fonts.
If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.
@@ -7744,6 +8033,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -7762,13 +8052,13 @@ ADMX Info:
-This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone.
+This policy setting allows you to manage, whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone.
If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.
-If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
+If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone, as set by Protection from Zone Elevation feature control.
-If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
+If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be in this zone, as set by Protection from Zone Elevation feature control.
@@ -7793,6 +8083,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -7811,9 +8102,9 @@ ADMX Info:
-This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
+This policy setting allows you to manage whether, .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
-If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.
+If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine, whether to execute unsigned managed components.
If you disable this policy setting, Internet Explorer will not execute unsigned managed components.
@@ -7842,6 +8133,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -7860,7 +8152,7 @@ ADMX Info:
-This policy setting allows you to manage whether the user can run scriptlets.
+This policy setting allows you to manage, whether the user can run scriptlets.
If you enable this policy setting, the user can run scriptlets.
@@ -7891,6 +8183,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -7909,7 +8202,7 @@ ADMX Info:
-This policy setting controls whether Windows Defender SmartScreen scans pages in this zone for malicious content.
+This policy setting controls, whether Windows Defender SmartScreen scans pages in this zone for malicious content.
If you enable this policy setting, Windows Defender SmartScreen scans pages in this zone for malicious content.
@@ -7917,7 +8210,8 @@ If you disable this policy setting, Windows Defender SmartScreen does not scan p
If you do not configure this policy setting, the user can choose whether Windows Defender SmartScreen scans pages in this zone for malicious content.
-Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
+> [!NOTE]
+> In Internet Explorer 7, this policy setting controls whether Phishing Filter, scans pages in this zone for malicious content.
@@ -7942,6 +8236,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -7960,7 +8255,7 @@ ADMX Info:
-This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.
+This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored, if this policy setting is appropriately configured.
If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
@@ -7991,6 +8286,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -8042,6 +8338,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -8066,7 +8363,7 @@ If you enable this policy setting, you can choose options from the drop-down box
Low Safety enables applets to perform all operations.
-Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.
+Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer), and user-controlled file I/O.
High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.
@@ -8097,6 +8394,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -8115,13 +8413,13 @@ ADMX Info:
-This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.
+This policy setting allows you to manage the opening of windows and frames, and access of applications across different domains.
-If you enable this policy setting, users can open windows and frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains.
+If you enable this policy setting, users can open windows and frames from other domains, and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains.
If you disable this policy setting, users cannot open windows and frames to access applications from different domains.
-If you do not configure this policy setting, users can open windows and frames from other domains and access applications from other domains.
+If you do not configure this policy setting, users can open windows and frames from other domains, and access applications from other domains.
@@ -8146,6 +8444,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -8170,7 +8469,7 @@ If you enable this policy setting, you can choose options from the drop-down box
Low Safety enables applets to perform all operations.
-Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.
+Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer), and user-controlled file I/O.
High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.
@@ -8201,6 +8500,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -8219,13 +8519,13 @@ ADMX Info:
-This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).
+This policy setting allows you to manage, whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).
If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.
If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
-If you do not configure this policy setting, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.
+If you do not configure this policy setting, users are queried to choose, whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.
@@ -8250,6 +8550,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -8268,7 +8569,7 @@ ADMX Info:
-This policy setting manages whether users will be automatically prompted for ActiveX control installations.
+This policy setting manages, whether users will be automatically prompted for ActiveX control installations.
If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.
@@ -8299,6 +8600,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -8317,7 +8619,7 @@ ADMX Info:
-This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.
+This policy setting determines, whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.
If you enable this setting, users will receive a file download dialog for automatic download attempts.
@@ -8346,6 +8648,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -8364,7 +8667,7 @@ ADMX Info:
-This policy setting allows you to manage whether pages of the zone may download HTML fonts.
+This policy setting allows you to manage, whether pages of the zone may download HTML fonts.
If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.
@@ -8395,6 +8698,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -8413,13 +8717,13 @@ ADMX Info:
-This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone.
+This policy setting allows you to manage, whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone.
If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.
-If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
+If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone, as set by Protection from Zone Elevation feature control.
-If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
+If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone, as set by Protection from Zone Elevation feature control.
@@ -8444,6 +8748,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -8462,9 +8767,9 @@ ADMX Info:
-This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
+This policy setting allows you to manage, whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
-If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.
+If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine, whether to execute unsigned managed components.
If you disable this policy setting, Internet Explorer will not execute unsigned managed components.
@@ -8493,6 +8798,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -8511,7 +8817,7 @@ ADMX Info:
-This policy setting allows you to manage whether the user can run scriptlets.
+This policy setting allows you to manage, whether the user can run scriptlets.
If you enable this policy setting, the user can run scriptlets.
@@ -8542,6 +8848,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -8560,7 +8867,7 @@ ADMX Info:
-This policy setting controls whether Windows Defender SmartScreen scans pages in this zone for malicious content.
+This policy setting controls, whether Windows Defender SmartScreen scans pages in this zone for malicious content.
If you enable this policy setting, Windows Defender SmartScreen scans pages in this zone for malicious content.
@@ -8568,7 +8875,8 @@ If you disable this policy setting, Windows Defender SmartScreen does not scan p
If you do not configure this policy setting, the user can choose whether Windows Defender SmartScreen scans pages in this zone for malicious content.
-Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
+> [!NOTE]
+> In Internet Explorer 7, this policy setting controls whether Phishing Filter, scans pages in this zone for malicious content.
@@ -8593,6 +8901,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -8611,7 +8920,7 @@ ADMX Info:
-This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.
+This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored, if this policy setting is appropriately configured.
If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
@@ -8642,6 +8951,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -8693,6 +9003,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -8711,13 +9022,13 @@ ADMX Info:
-This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.
+This policy setting allows you to manage the opening of windows and frames, and access of applications across different domains.
-If you enable this policy setting, users can open windows and frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains.
+If you enable this policy setting, users can open windows and frames from other domains, and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains.
If you disable this policy setting, users cannot open windows and frames to access applications from different domains.
-If you do not configure this policy setting, users can open windows and frames from other domains and access applications from other domains.
+If you do not configure this policy setting, users can open windows and frames from other domains, and access applications from other domains.
@@ -8742,6 +9053,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -8760,7 +9072,7 @@ ADMX Info:
-This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).
+This policy setting allows you to manage, whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).
If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.
@@ -8791,6 +9103,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -8809,7 +9122,7 @@ ADMX Info:
-This policy setting manages whether users will be automatically prompted for ActiveX control installations.
+This policy setting manages, whether users will be automatically prompted for ActiveX control installations.
If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.
@@ -8840,6 +9153,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -8858,7 +9172,7 @@ ADMX Info:
-This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.
+This policy setting determines, whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.
If you enable this setting, users will receive a file download dialog for automatic download attempts.
@@ -8887,6 +9201,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -8905,7 +9220,7 @@ ADMX Info:
-This policy setting allows you to manage whether pages of the zone may download HTML fonts.
+This policy setting allows you to manage, whether pages of the zone may download HTML fonts.
If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.
@@ -8936,6 +9251,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -8954,13 +9270,13 @@ ADMX Info:
-This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone.
+This policy setting allows you to manage, whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone.
If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.
-If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
+If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone, as set by Protection from Zone Elevation feature control.
-If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
+If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone, as set by Protection from Zone Elevation feature control.
@@ -8985,6 +9301,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -9003,9 +9320,9 @@ ADMX Info:
-This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
+This policy setting allows you to manage, whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
-If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.
+If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine, whether to execute unsigned managed components.
If you disable this policy setting, Internet Explorer will not execute unsigned managed components.
@@ -9034,6 +9351,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -9052,7 +9370,7 @@ ADMX Info:
-This policy setting allows you to manage whether the user can run scriptlets.
+This policy setting allows you to manage, whether the user can run scriptlets.
If you enable this policy setting, the user can run scriptlets.
@@ -9083,6 +9401,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -9101,7 +9420,7 @@ ADMX Info:
-This policy setting controls whether Windows Defender SmartScreen scans pages in this zone for malicious content.
+This policy setting controls, whether Windows Defender SmartScreen scans pages in this zone for malicious content.
If you enable this policy setting, Windows Defender SmartScreen scans pages in this zone for malicious content.
@@ -9109,7 +9428,8 @@ If you disable this policy setting, Windows Defender SmartScreen does not scan p
If you do not configure this policy setting, the user can choose whether Windows Defender SmartScreen scans pages in this zone for malicious content.
-Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
+> [!NOTE]
+> In Internet Explorer 7, this policy setting controls whether Phishing Filter, scans pages in this zone for malicious content.
@@ -9134,6 +9454,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -9152,7 +9473,7 @@ ADMX Info:
-This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.
+This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored, if this policy setting is appropriately configured.
If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
@@ -9183,6 +9504,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -9234,6 +9556,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -9258,7 +9581,7 @@ If you enable this policy setting, you can choose options from the drop-down box
Low Safety enables applets to perform all operations.
-Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.
+Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer), and user-controlled file I/O.
High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.
@@ -9289,6 +9612,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -9307,13 +9631,13 @@ ADMX Info:
-This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.
+This policy setting allows you to manage the opening of windows and frames, and access of applications across different domains.
-If you enable this policy setting, users can open windows and frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains.
+If you enable this policy setting, users can open windows and frames from other domains, and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains.
If you disable this policy setting, users cannot open windows and frames to access applications from different domains.
-If you do not configure this policy setting, users can open windows and frames from other domains and access applications from other domains.
+If you do not configure this policy setting, users can open windows and frames from other domains, and access applications from other domains.
@@ -9338,6 +9662,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -9356,7 +9681,7 @@ ADMX Info:
-This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).
+This policy setting allows you to manage, whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).
If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.
@@ -9387,6 +9712,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -9405,7 +9731,7 @@ ADMX Info:
-This policy setting manages whether users will be automatically prompted for ActiveX control installations.
+This policy setting manages, whether users will be automatically prompted for ActiveX control installations.
If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.
@@ -9436,6 +9762,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -9454,7 +9781,7 @@ ADMX Info:
-This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.
+This policy setting determines, whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.
If you enable this setting, users will receive a file download dialog for automatic download attempts.
@@ -9483,6 +9810,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -9501,7 +9829,7 @@ ADMX Info:
-This policy setting allows you to manage whether pages of the zone may download HTML fonts.
+This policy setting allows you to manage, whether pages of the zone may download HTML fonts.
If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.
@@ -9532,6 +9860,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -9550,13 +9879,13 @@ ADMX Info:
-This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone.
+This policy setting allows you to manage, whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone.
If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.
-If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
+If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone, as set by Protection from Zone Elevation feature control.
-If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
+If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone, as set by Protection from Zone Elevation feature control.
@@ -9581,6 +9910,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -9599,9 +9929,9 @@ ADMX Info:
-This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
+This policy setting allows you to manage, whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
-If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.
+If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine, whether to execute unsigned managed components.
If you disable this policy setting, Internet Explorer will not execute unsigned managed components.
@@ -9630,6 +9960,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -9648,7 +9979,7 @@ ADMX Info:
-This policy setting allows you to manage whether the user can run scriptlets.
+This policy setting allows you to manage, whether the user can run scriptlets.
If you enable this policy setting, the user can run scriptlets.
@@ -9679,6 +10010,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -9697,7 +10029,7 @@ ADMX Info:
-This policy setting controls whether Windows Defender SmartScreen scans pages in this zone for malicious content.
+This policy setting controls, whether Windows Defender SmartScreen scans pages in this zone for malicious content.
If you enable this policy setting, Windows Defender SmartScreen scans pages in this zone for malicious content.
@@ -9705,7 +10037,8 @@ If you disable this policy setting, Windows Defender SmartScreen does not scan p
If you do not configure this policy setting, the user can choose whether Windows Defender SmartScreen scans pages in this zone for malicious content.
-Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
+> [!NOTE]
+> In Internet Explorer 7, this policy setting controls whether Phishing Filter, scans pages in this zone for malicious content.
@@ -9730,6 +10063,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -9748,7 +10082,7 @@ ADMX Info:
-This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.
+This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored, if this policy setting is appropriately configured.
If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
@@ -9779,6 +10113,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -9797,7 +10132,7 @@ ADMX Info:
-This policy setting allows you to manage ActiveX controls not marked as safe.
+This policy setting allows you to manage, ActiveX controls not marked as safe.
If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option.
@@ -9830,6 +10165,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -9854,7 +10190,7 @@ If you enable this policy setting, you can choose options from the drop-down box
Low Safety enables applets to perform all operations.
-Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.
+Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer), and user-controlled file I/O.
High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.
@@ -9885,6 +10221,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -9903,9 +10240,9 @@ ADMX Info:
-This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.
+This policy setting allows you to manage the opening of windows and frames, and access of applications across different domains.
-If you enable this policy setting, users can open additional windows and frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow additional windows and frames to access applications from other domains.
+If you enable this policy setting, users can open additional windows and frames from other domains, and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow additional windows and frames to access applications from other domains.
If you disable this policy setting, users cannot open other windows and frames from other domains or access applications from different domains.
@@ -9934,6 +10271,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -9952,7 +10290,7 @@ ADMX Info:
-This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).
+This policy setting allows you to manage, whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).
If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.
@@ -9983,6 +10321,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -10001,7 +10340,7 @@ ADMX Info:
-This policy setting manages whether users will be automatically prompted for ActiveX control installations.
+This policy setting manages, whether users will be automatically prompted for ActiveX control installations.
If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.
@@ -10032,6 +10371,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -10050,7 +10390,7 @@ ADMX Info:
-This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.
+This policy setting determines, whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.
If you enable this setting, users will receive a file download dialog for automatic download attempts.
@@ -10079,6 +10419,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -10097,7 +10438,7 @@ ADMX Info:
-This policy setting allows you to manage whether pages of the zone may download HTML fonts.
+This policy setting allows you to manage, whether pages of the zone may download HTML fonts.
If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.
@@ -10128,6 +10469,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -10150,9 +10492,9 @@ This policy setting allows you to manage whether Web sites from less privileged
If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.
-If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
+If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone, as set by Protection from Zone Elevation feature control.
-If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
+If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone, as set by Protection from Zone Elevation feature control.
@@ -10177,6 +10519,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -10195,9 +10538,9 @@ ADMX Info:
-This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
+This policy setting allows you to manage, whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
-If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.
+If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine, whether to execute unsigned managed components.
If you disable this policy setting, Internet Explorer will not execute unsigned managed components.
@@ -10226,6 +10569,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -10244,7 +10588,7 @@ ADMX Info:
-This policy setting allows you to manage whether the user can run scriptlets.
+This policy setting allows you to manage, whether the user can run scriptlets.
If you enable this policy setting, the user can run scriptlets.
@@ -10275,6 +10619,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -10293,7 +10638,7 @@ ADMX Info:
-This policy setting controls whether Windows Defender SmartScreen scans pages in this zone for malicious content.
+This policy setting controls whether, Windows Defender SmartScreen scans pages in this zone for malicious content.
If you enable this policy setting, Windows Defender SmartScreen scans pages in this zone for malicious content.
@@ -10301,7 +10646,8 @@ If you disable this policy setting, Windows Defender SmartScreen does not scan p
If you do not configure this policy setting, the user can choose whether Windows Defender SmartScreen scans pages in this zone for malicious content.
-Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
+> [!NOTE]
+> In Internet Explorer 7, this policy setting controls whether Phishing Filter, scans pages in this zone for malicious content.
@@ -10326,6 +10672,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -10344,7 +10691,7 @@ ADMX Info:
-This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.
+This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored, if this policy setting is appropriately configured.
If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
@@ -10375,6 +10722,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -10426,6 +10774,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -10450,7 +10799,7 @@ If you enable this policy setting, you can choose options from the drop-down box
Low Safety enables applets to perform all operations.
-Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.
+Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer), and user-controlled file I/O.
High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.
@@ -10481,6 +10830,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -10499,13 +10849,13 @@ ADMX Info:
-This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.
+This policy setting allows you to manage the opening of windows and frames, and access of applications across different domains.
-If you enable this policy setting, users can open windows and frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains.
+If you enable this policy setting, users can open windows and frames from other domains, and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains.
If you disable this policy setting, users cannot open windows and frames to access applications from different domains.
-If you do not configure this policy setting, users can open windows and frames from other domains and access applications from other domains.
+If you do not configure this policy setting, users can open windows and frames from other domains, and access applications from other domains.
@@ -10530,6 +10880,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -10579,6 +10930,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -10597,7 +10949,7 @@ ADMX Info:
-This policy setting determines whether Internet Explorer MIME sniffing will prevent promotion of a file of one type to a more dangerous file type.
+This policy setting determines, whether Internet Explorer MIME sniffing will prevent promotion of a file of one type to a more dangerous file type.
If you enable this policy setting, MIME sniffing will never promote a file of one type to a more dangerous file type.
@@ -10628,6 +10980,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -10646,7 +10999,7 @@ ADMX Info:
-This policy setting allows you to specify what is displayed when the user opens a new tab.
+This policy setting allows you to specify, what is displayed when the user opens a new tab.
If you enable this policy setting, you can choose which page to display when the user opens a new tab: blank page (about:blank), the first home page, the new tab page or the new tab page with my news feed.
@@ -10689,6 +11042,7 @@ Supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -10707,7 +11061,7 @@ Supported values:
-This policy setting allows you to manage whether the Notification bar is displayed for Internet Explorer processes when file or code installs are restricted. By default, the Notification bar is displayed for Internet Explorer processes.
+This policy setting allows you to manage, whether the Notification bar is displayed for Internet Explorer processes when file or code installs are restricted. By default, the Notification bar is displayed for Internet Explorer processes.
If you enable this policy setting, the Notification bar will be displayed for Internet Explorer Processes.
@@ -10738,6 +11092,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -10785,6 +11140,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -10832,6 +11188,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -10850,7 +11207,7 @@ ADMX Info:
-Internet Explorer places restrictions on each Web page it opens. The restrictions are dependent upon the location of the Web page (Internet, Intranet, Local Machine zone, etc.). Web pages on the local computer have the fewest security restrictions and reside in the Local Machine zone, making the Local Machine security zone a prime target for malicious users. Zone Elevation also disables JavaScript navigation if there is no security context.
+Internet Explorer places restrictions on each Web page it opens. The restrictions are dependent upon the location of the Web page (Internet, Intranet, Local Machine zone, etc.). Web pages on the local computer have the fewest security restrictions and reside in the Local Machine zone, making the Local Machine security zone a prime target for malicious users. Zone Elevation also disables JavaScript navigation, if there is no security context.
If you enable this policy setting, any zone can be protected from zone elevation by Internet Explorer processes.
@@ -10881,6 +11238,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -10901,9 +11259,9 @@ ADMX Info:
This policy setting allows you to stop users from seeing the "Run this time" button and from running specific outdated ActiveX controls in Internet Explorer.
-If you enable this policy setting, users won't see the "Run this time" button on the warning message that appears when Internet Explorer blocks an outdated ActiveX control.
+If you enable this policy setting, users won't see the "Run this time" button on the warning message that appears, when Internet Explorer blocks an outdated ActiveX control.
-If you disable or don't configure this policy setting, users will see the "Run this time" button on the warning message that appears when Internet Explorer blocks an outdated ActiveX control. Clicking this button lets the user run the outdated ActiveX control once.
+If you disable or don't configure this policy setting, users will see the "Run this time" button on the warning message that appears, when Internet Explorer blocks an outdated ActiveX control. Clicking this button lets the user run the outdated ActiveX control once.
For more information, see "Outdated ActiveX Controls" in the Internet Explorer TechNet library.
@@ -10921,6 +11279,60 @@ ADMX Info:
+
+**InternetExplorer/ResetZoomForDialogInIEMode**
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+> * Device
+
+
+
+
+
+This policy setting lets admins reset zoom to default for HTML dialogs in Internet Explorer mode.
+
+- If you enable this policy, the zoom of an HTML dialog in Internet Explorer mode will not get propagated from its parent page.
+
+- If you disable, or don't configure this policy, the zoom of an HTML dialog in Internet Explorer mode will be set based on the zoom of it's parent page.
+
+
+
+The following list shows the supported values:
+
+- 0 (default) - Disabled
+- 1 - Enabled
+
+
+
+ADMX Info:
+- GP Friendly name: *Reset zoom to default for HTML dialogs in Internet Explorer mode*
+- GP name: *ResetZoomForDialogInIEMode*
+- GP path: *Windows Components/Internet Explorer/Main*
+- GP ADMX file name: *inetres.admx*
+
+
+
+
+
+
**InternetExplorer/RestrictActiveXInstallInternetExplorerProcesses**
@@ -10930,6 +11342,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -10979,6 +11392,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -11028,6 +11442,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -11046,7 +11461,7 @@ ADMX Info:
-This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).
+This policy setting allows you to manage, whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).
If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.
@@ -11077,6 +11492,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -11095,7 +11511,7 @@ ADMX Info:
-This policy setting allows you to manage whether script code on pages in the zone is run.
+This policy setting allows you to manage, whether script code on pages in the zone is run.
If you enable this policy setting, script code on pages in the zone can run automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow script code on pages in the zone to run.
@@ -11126,6 +11542,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -11144,7 +11561,7 @@ ADMX Info:
-This policy setting manages whether users will be automatically prompted for ActiveX control installations.
+This policy setting manages, whether users will be automatically prompted for ActiveX control installations.
If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.
@@ -11175,6 +11592,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -11193,7 +11611,7 @@ ADMX Info:
-This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.
+This policy setting determines, whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.
If you enable this setting, users will receive a file download dialog for automatic download attempts.
@@ -11222,6 +11640,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -11271,6 +11690,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -11289,7 +11709,7 @@ ADMX Info:
-This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste) in a specified region.
+This policy setting allows you to manage, whether scripts can perform a clipboard operation (for example, cut, copy, and paste) in a specified region.
If you enable this policy setting, a script can perform a clipboard operation.
@@ -11322,6 +11742,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -11340,7 +11761,7 @@ ADMX Info:
-This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.
+This policy setting allows you to manage, whether users can drag files or copy and paste files from a source within the zone.
If you enable this policy setting, users can drag files or copy and paste files from this zone automatically. If you select Prompt in the drop-down box, users are queried to choose whether to drag or copy files from this zone.
@@ -11371,6 +11792,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -11389,7 +11811,7 @@ ADMX Info:
-This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download, not the zone from which the file is delivered.
+This policy setting allows you to manage, whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download, not the zone from which the file is delivered.
If you enable this policy setting, files can be downloaded from the zone.
@@ -11420,6 +11842,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -11438,7 +11861,7 @@ ADMX Info:
-This policy setting allows you to manage whether pages of the zone may download HTML fonts.
+This policy setting allows you to manage, whether pages of the zone may download HTML fonts.
If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.
@@ -11469,6 +11892,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -11487,13 +11911,13 @@ ADMX Info:
-This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone.
+This policy setting allows you to manage, whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone.
If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.
-If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
+If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone, as set by Protection from Zone Elevation feature control.
-If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
+If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone, as set by Protection from Zone Elevation feature control.
@@ -11518,6 +11942,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -11567,6 +11992,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -11585,7 +12011,7 @@ ADMX Info:
-This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.
+This policy setting allows you to manage, whether a user's browser can be redirected to another Web page, if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.
If you enable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected to another Web page.
@@ -11616,6 +12042,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -11634,9 +12061,9 @@ ADMX Info:
-This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
+This policy setting allows you to manage, whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
-If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.
+If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine, whether to execute unsigned managed components.
If you disable this policy setting, Internet Explorer will not execute unsigned managed components.
@@ -11665,6 +12092,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -11685,7 +12113,7 @@ ADMX Info:
This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.
-If you enable this policy setting, the user is prompted before ActiveX controls can run from websites in this zone. The user can choose to allow the control to run from the current site or from all sites.
+If you enable this policy setting, the user is prompted before ActiveX controls can run from websites in this zone. The user can choose to allow the control, to run from the current site or from all sites.
If you disable this policy setting, the user does not see the per-site ActiveX prompt, and ActiveX controls can run from all sites in this zone.
@@ -11712,6 +12140,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -11730,7 +12159,7 @@ ADMX Info:
-This policy setting controls whether or not the user is allowed to run the TDC ActiveX control on websites.
+This policy setting controls, whether or not the user is allowed to run the TDC ActiveX control on websites.
If you enable this policy setting, the TDC ActiveX control will not run from websites in this zone.
@@ -11759,6 +12188,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -11777,13 +12207,13 @@ ADMX Info:
-This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.
+This policy setting allows you to manage restrictions on script-initiated pop-up windows, and windows that include the title and status bars.
If you enable this policy setting, Windows Restrictions security will not apply in this zone. The security zone runs without the added layer of security provided by this feature.
-If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process.
+If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows, and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone, as dictated by the Scripted Windows Security Restrictions feature control setting for the process.
-If you do not configure this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process.
+If you do not configure this policy setting, the possible harmful actions contained in script-initiated pop-up windows, and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone<> as dictated by the Scripted Windows Security Restrictions feature control setting for the process.
@@ -11808,6 +12238,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -11826,7 +12257,7 @@ ADMX Info:
-This policy setting determines whether a page can control embedded WebBrowser controls via script.
+This policy setting determines, whether a page can control embedded WebBrowser controls via script.
If you enable this policy setting, script access to the WebBrowser control is allowed.
@@ -11857,6 +12288,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -11875,7 +12307,7 @@ ADMX Info:
-This policy setting allows you to manage whether the user can run scriptlets.
+This policy setting allows you to manage, whether the user can run scriptlets.
If you enable this policy setting, the user can run scriptlets.
@@ -11906,6 +12338,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -11924,7 +12357,7 @@ ADMX Info:
-This policy setting controls whether Windows Defender SmartScreen scans pages in this zone for malicious content.
+This policy setting controls, whether Windows Defender SmartScreen scans pages in this zone for malicious content.
If you enable this policy setting, Windows Defender SmartScreen scans pages in this zone for malicious content.
@@ -11932,7 +12365,8 @@ If you disable this policy setting, Windows Defender SmartScreen does not scan p
If you do not configure this policy setting, the user can choose whether Windows Defender SmartScreen scans pages in this zone for malicious content.
-Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
+> [!NOTE]
+> In Internet Explorer 7, this policy setting controls whether Phishing Filter, scans pages in this zone for malicious content.
@@ -11957,6 +12391,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -11975,7 +12410,7 @@ ADMX Info:
-This policy setting allows you to manage whether script is allowed to update the status bar within the zone.
+This policy setting allows you to manage, whether script is allowed to update the status bar within the zone.
If you enable this policy setting, script is allowed to update the status bar.
@@ -12004,6 +12439,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -12022,7 +12458,7 @@ ADMX Info:
-This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.
+This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored, if this policy setting is appropriately configured.
If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
@@ -12053,6 +12489,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -12071,7 +12508,7 @@ ADMX Info:
-This policy setting allows you to manage whether VBScript can be run on pages from the specified zone in Internet Explorer.
+This policy setting allows you to manage, whether VBScript can be run on pages from the specified zone in Internet Explorer.
If you selected Enable in the drop-down box, VBScript can run without user intervention.
@@ -12104,6 +12541,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -12122,13 +12560,13 @@ ADMX Info:
-This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they're safe to load on pages.
+This policy setting determines, whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they're safe to load on pages.
-If you enable this policy setting, Internet Explorer won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control.
+If you enable this policy setting, Internet Explorer won't check with your antimalware program, to see if it's safe to create an instance of the ActiveX control.
-If you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control.
+If you disable this policy setting, Internet Explorer always checks with your antimalware program, to see if it's safe to create an instance of the ActiveX control.
-If you don't configure this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer Security settings.
+If you don't configure this policy setting, Internet Explorer always checks with your antimalware program, to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer Security settings.
@@ -12153,6 +12591,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -12171,7 +12610,7 @@ ADMX Info:
-This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.
+This policy setting allows you to manage, whether users may download signed ActiveX controls from a page in the zone.
If you enable this policy, users can download signed controls without user intervention. If you select Prompt in the drop-down box, users are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded.
@@ -12202,6 +12641,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -12220,7 +12660,7 @@ ADMX Info:
-This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an untrusted zone.
+This policy setting allows you to manage, whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an untrusted zone.
If you enable this policy setting, users can run unsigned controls without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to allow the unsigned control to run.
@@ -12251,6 +12691,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -12269,7 +12710,7 @@ ADMX Info:
-This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.
+This policy controls, whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.
If you enable this policy setting, the XSS Filter is turned on for sites in this zone, and the XSS Filter attempts to block cross-site script injections.
@@ -12298,6 +12739,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -12316,15 +12758,15 @@ ADMX Info:
-This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.
+This policy setting allows you to set options for dragging content from one domain to a different domain, when the source and destination are in different windows.
-If you enable this policy setting and click Enable, users can drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change this setting.
+If you enable this policy setting and click Enable, users can drag content from one domain to a different domain, when the source and destination are in different windows. Users cannot change this setting.
-If you enable this policy setting and click Disable, users cannot drag content from one domain to a different domain when both the source and destination are in different windows. Users cannot change this setting.
+If you enable this policy setting and click Disable, users cannot drag content from one domain to a different domain, when both the source and destination are in different windows. Users cannot change this setting.
-In Internet Explorer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination are in different windows. Users can change this setting in the Internet Options dialog.
+In Internet Explorer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain, when the source and destination are in different windows. Users can change this setting in the Internet Options dialog.
-In Internet Explorer 9 and earlier versions, if you disable this policy or do not configure it, users can drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change this setting.
+In Internet Explorer 9 and earlier versions, if you disable this policy or do not configure it, users can drag content from one domain to a different domain, when the source and destination are in different windows. Users cannot change this setting.
@@ -12349,6 +12791,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -12367,15 +12810,15 @@ ADMX Info:
-This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.
+This policy setting allows you to set options for dragging content from one domain to a different domain, when the source and destination are in the same window.
-If you enable this policy setting and click Enable, users can drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting.
+If you enable this policy setting and click Enable, users can drag content from one domain to a different domain, when the source and destination are in the same window. Users cannot change this setting.
-If you enable this policy setting and click Disable, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting in the Internet Options dialog.
+If you enable this policy setting and click Disable, users cannot drag content from one domain to a different domain, when the source and destination are in the same window. Users cannot change this setting in the Internet Options dialog.
-In Internet Explorer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users can change this setting in the Internet Options dialog.
+In Internet Explorer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain, when the source and destination are in the same window. Users can change this setting in the Internet Options dialog.
-In Internet Explorer 9 and earlier versions, if you disable this policy setting or do not configure it, users can drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting in the Internet Options dialog.
+In Internet Explorer 9 and earlier versions, if you disable this policy setting or do not configure it, users can drag content from one domain to a different domain, when the source and destination are in the same window. Users cannot change this setting in the Internet Options dialog.
@@ -12400,6 +12843,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -12449,6 +12893,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -12467,13 +12912,13 @@ ADMX Info:
-This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent, some information may be unintentionally revealed to the server. For instance, files sent from the user's desktop may contain the user name as a part of the path.
+This policy setting controls, whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent, some information may be unintentionally revealed to the server. For instance, files sent from the user's desktop may contain the user name as a part of the path.
If you enable this policy setting, path information is sent when the user is uploading a file via an HTML form.
If you disable this policy setting, path information is removed when the user is uploading a file via an HTML form.
-If you do not configure this policy setting, the user can choose whether path information is sent when he or she is uploading a file via an HTML form. By default, path information is sent.
+If you do not configure this policy setting, the user can choose whether path information is sent, when he or she is uploading a file via an HTML form. By default, path information is sent.
@@ -12498,6 +12943,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -12549,6 +12995,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -12573,7 +13020,7 @@ If you enable this policy setting, you can choose options from the drop-down box
Low Safety enables applets to perform all operations.
-Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.
+Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer), and user-controlled file I/O.
High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.
@@ -12604,6 +13051,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -12622,7 +13070,7 @@ ADMX Info:
-This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.
+This policy setting allows you to manage, whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.
If you enable this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone.
@@ -12653,6 +13101,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -12675,7 +13124,7 @@ This policy setting allows you to manage settings for logon options.
If you enable this policy setting, you can choose from the following logon options.
-Anonymous logon to disable HTTP authentication and use the guest account only for the Common Internet File System (CIFS) protocol.
+Anonymous logon to disable HTTP authentication, and use the guest account only for the Common Internet File System (CIFS) protocol.
Prompt for user name and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder of the session.
@@ -12710,6 +13159,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -12728,9 +13178,9 @@ ADMX Info:
-This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.
+This policy setting allows you to manage the opening of windows and frames, and access of applications across different domains.
-If you enable this policy setting, users can open additional windows and frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow additional windows and frames to access applications from other domains.
+If you enable this policy setting, users can open additional windows and frames from other domains, and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow additional windows and frames to access applications from other domains.
If you disable this policy setting, users cannot open other windows and frames from other domains or access applications from different domains.
@@ -12759,6 +13209,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -12777,7 +13228,7 @@ ADMX Info:
-This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.
+This policy setting allows you to manage, whether ActiveX controls and plug-ins can be run on pages from the specified zone.
If you enable this policy setting, controls and plug-ins can run without user intervention.
@@ -12810,6 +13261,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -12828,9 +13280,9 @@ ADMX Info:
-This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
+This policy setting allows you to manage, whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
-If you enable this policy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute signed managed components.
+If you enable this policy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine, whether to execute signed managed components.
If you disable this policy setting, Internet Explorer will not execute signed managed components.
@@ -12859,6 +13311,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -12877,7 +13330,7 @@ ADMX Info:
-This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.
+This policy setting allows you to manage, whether an ActiveX control marked safe for scripting can interact with a script.
If you enable this policy setting, script interaction can occur automatically without user intervention.
@@ -12910,6 +13363,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -12928,7 +13382,7 @@ ADMX Info:
-This policy setting allows you to manage whether applets are exposed to scripts within the zone.
+This policy setting allows you to manage, whether applets are exposed to scripts within the zone.
If you enable this policy setting, scripts can access applets automatically without user intervention.
@@ -12961,6 +13415,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -12979,7 +13434,7 @@ ADMX Info:
-This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer, for example).
+This policy setting controls, whether or not the "Open File - Security Warning" message appears, when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer, for example).
If you enable this policy setting and set the drop-down box to Enable, these files open without a security warning. If you set the drop-down box to Prompt, a security warning appears before the files open.
@@ -13010,6 +13465,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -13059,6 +13515,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -13077,7 +13534,7 @@ ADMX Info:
-This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.
+This policy setting allows you to manage, whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.
If you enable this policy setting, most unwanted pop-up windows are prevented from appearing.
@@ -13108,6 +13565,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -13126,13 +13584,13 @@ ADMX Info:
-Internet Explorer allows scripts to programmatically open, resize, and reposition windows of various types. The Window Restrictions security feature restricts popup windows and prohibits scripts from displaying windows in which the title and status bars are not visible to the user or obfuscate other Windows' title and status bars.
+Internet Explorer allows scripts to programmatically open, resize, and reposition windows of various types. The Window Restrictions security feature restricts pop-up windows, and prohibits scripts from displaying windows in which the title and status bars are not visible to the user or obfuscate other Windows' title and status bars.
-If you enable this policy setting, popup windows and other restrictions apply for File Explorer and Internet Explorer processes.
+If you enable this policy setting, pop-up windows and other restrictions apply for File Explorer and Internet Explorer processes.
-If you disable this policy setting, scripts can continue to create popup windows and windows that obfuscate other windows.
+If you disable this policy setting, scripts can continue to create pop-up windows and windows that obfuscate other windows.
-If you do not configure this policy setting, popup windows and other restrictions apply for File Explorer and Internet Explorer processes.
+If you do not configure this policy setting, pop-up windows and other restrictions apply for File Explorer and Internet Explorer processes.
@@ -13157,6 +13615,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -13177,7 +13636,10 @@ ADMX Info:
This policy setting allows you to restrict the search providers that appear in the Search box in Internet Explorer to those defined in the list of policy keys for search providers (found under [HKCU or HKLM\Software\policies\Microsoft\Internet Explorer\SearchScopes]). Normally, search providers can be added from third-party toolbars or in Setup, but the user can also add them from a search provider's website.
-If you enable this policy setting, the user cannot configure the list of search providers on his or her computer, and any default providers installed do not appear (including providers installed from other applications). The only providers that appear are those in the list of policy keys for search providers. Note: This list can be created through a custom administrative template file. For information about creating this custom administrative template file, see the Internet Explorer documentation on search providers.
+If you enable this policy setting, the user cannot configure the list of search providers on his or her computer, and any default providers installed do not appear (including providers installed from other applications). The only providers that appear are those in the list of policy keys for search providers.
+
+> [!NOTE]
+> This list can be created through a custom administrative template file. For information about creating this custom administrative template file, see the Internet Explorer documentation on search providers.
If you disable or do not configure this policy setting, the user can configure his or her list of search providers.
@@ -13204,6 +13666,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -13254,6 +13717,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -13272,7 +13736,7 @@ ADMX Info:
-This setting lets you decide whether to open all sites not included in the Enterprise Mode Site List in Microsoft Edge. If you use this setting, you must also turn on the [InternetExplorer/AllowEnterpriseModeSiteList ](#internetexplorer-policies) policy setting and you must include at least one site in the Enterprise Mode Site List.
+This setting lets you decide, whether to open all sites not included in the Enterprise Mode Site List in Microsoft Edge. If you use this setting, you must also turn on the [InternetExplorer/AllowEnterpriseModeSiteList ](#internetexplorer-policies) policy setting, and you must include at least one site in the Enterprise Mode Site List.
If you enable this setting, it automatically opens all sites not included in the Enterprise Mode Site List in Microsoft Edge.
@@ -13324,6 +13788,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -13371,6 +13836,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -13389,7 +13855,7 @@ ADMX Info:
-This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).
+This policy setting allows you to manage, whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).
If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.
@@ -13420,6 +13886,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -13438,7 +13905,7 @@ ADMX Info:
-This policy setting manages whether users will be automatically prompted for ActiveX control installations.
+This policy setting manages, whether users will be automatically prompted for ActiveX control installations.
If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.
@@ -13469,6 +13936,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -13487,7 +13955,7 @@ ADMX Info:
-This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.
+This policy setting determines, whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.
If you enable this setting, users will receive a file download dialog for automatic download attempts.
@@ -13516,6 +13984,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -13534,7 +14003,7 @@ ADMX Info:
-This policy setting allows you to manage whether pages of the zone may download HTML fonts.
+This policy setting allows you to manage, whether pages of the zone may download HTML fonts.
If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.
@@ -13565,6 +14034,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -13583,11 +14053,11 @@ ADMX Info:
-This policy setting allows you to manage whether Web sites from less privileged zones, such as Restricted Sites, can navigate into this zone.
+This policy setting allows you to manage, whether Web sites from less privileged zones, such as Restricted Sites, can navigate into this zone.
-If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.
+If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.
-If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
+If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone, as set by Protection from Zone Elevation feature control.
If you do not configure this policy setting, a warning is issued to the user that potentially risky navigation is about to occur.
@@ -13614,6 +14084,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -13632,9 +14103,9 @@ ADMX Info:
-This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
+This policy setting allows you to manage, whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
-If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.
+If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine, whether to execute unsigned managed components.
If you disable this policy setting, Internet Explorer will not execute unsigned managed components.
@@ -13663,6 +14134,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -13681,7 +14153,7 @@ ADMX Info:
-This policy setting allows you to manage whether the user can run scriptlets.
+This policy setting allows you to manage, whether the user can run scriptlets.
If you enable this policy setting, the user can run scriptlets.
@@ -13712,6 +14184,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -13730,7 +14203,7 @@ ADMX Info:
-This policy setting controls whether Windows Defender SmartScreen scans pages in this zone for malicious content.
+This policy setting controls, whether Windows Defender SmartScreen scans pages in this zone for malicious content.
If you enable this policy setting, Windows Defender SmartScreen scans pages in this zone for malicious content.
@@ -13738,7 +14211,8 @@ If you disable this policy setting, Windows Defender SmartScreen does not scan p
If you do not configure this policy setting, the user can choose whether Windows Defender SmartScreen scans pages in this zone for malicious content.
-Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
+> [!NOTE]
+> In Internet Explorer 7, this policy setting controls whether Phishing Filter, scans pages in this zone for malicious content.
@@ -13763,6 +14237,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -13781,7 +14256,7 @@ ADMX Info:
-This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.
+This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored, if this policy setting is appropriately configured.
If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
@@ -13812,6 +14287,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -13830,13 +14306,13 @@ ADMX Info:
-This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they're safe to load on pages.
+This policy setting determines, whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they're safe to load on pages.
-If you enable this policy setting, Internet Explorer won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control.
+If you enable this policy setting, Internet Explorer won't check with your antimalware program, to see if it's safe to create an instance of the ActiveX control.
-If you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control.
+If you disable this policy setting, Internet Explorer always checks with your antimalware program, to see if it's safe to create an instance of the ActiveX control.
-If you don't configure this policy setting, Internet Explorer won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer Security settings.
+If you don't configure this policy setting, Internet Explorer won't check with your antimalware program, to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer Security settings.
@@ -13861,6 +14337,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -13912,6 +14389,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -13936,7 +14414,7 @@ If you enable this policy setting, you can choose options from the drop-down box
Low Safety enables applets to perform all operations.
-Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.
+Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer), and user-controlled file I/O.
High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.
@@ -13967,6 +14445,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -13985,13 +14464,13 @@ ADMX Info:
-This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.
+This policy setting allows you to manage the opening of windows and frames, and access of applications across different domains.
-If you enable this policy setting, users can open windows and frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains.
+If you enable this policy setting, users can open windows and frames from other domains, and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains.
If you disable this policy setting, users cannot open windows and frames to access applications from different domains.
-If you do not configure this policy setting, users can open windows and frames from other domains and access applications from other domains.
+If you do not configure this policy setting, users can open windows and frames from other domains, and access applications from other domains.
@@ -14007,3 +14486,7 @@ ADMX Info:
+
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
diff --git a/windows/client-management/mdm/policy-csp-kerberos.md b/windows/client-management/mdm/policy-csp-kerberos.md
index f8ed8cecde..0e1fdaeb77 100644
--- a/windows/client-management/mdm/policy-csp-kerberos.md
+++ b/windows/client-management/mdm/policy-csp-kerberos.md
@@ -1,20 +1,19 @@
---
title: Policy CSP - Kerberos
description: Define the list of trusting forests that the Kerberos client searches when attempting to resolve two-part service principal names (SPNs).
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - Kerberos
-
@@ -54,7 +53,6 @@ manager: dansimp
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
@@ -66,6 +64,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -112,6 +111,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -138,8 +138,8 @@ This policy allows retrieving the cloud Kerberos ticket during the sign in.
Valid values:
-0 (default) - Disabled.
-1 - Enabled.
+0 (default) - Disabled
+1 - Enabled
@@ -164,6 +164,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -181,7 +182,7 @@ ADMX Info:
-This policy setting controls whether a device will request claims and compound authentication for Dynamic Access Control and Kerberos armoring using Kerberos authentication with domains that support these features.
+This policy setting controls whether a device will request claims and compound authentication for Dynamic Access Control and Kerberos armoring, using Kerberos authentication with domains that support these features.
If you enable this policy setting, the client computers will request claims, provide information required to create compounded authentication and armor Kerberos messages in domains that support claims and compound authentication for Dynamic Access Control and Kerberos armoring.
If you disable or don't configure this policy setting, the client devices won't request claims, provide information required to create compounded authentication and armor Kerberos messages. Services hosted on the device won't be able to retrieve claims for clients using Kerberos protocol transition.
@@ -209,6 +210,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -263,6 +265,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -280,9 +283,10 @@ ADMX Info:
-This policy setting controls whether a computer requires that Kerberos message exchanges be armored when communicating with a domain controller.
+This policy setting controls whether a computer requires that Kerberos message exchanges being armored when communicating with a domain controller.
-Warning: When a domain doesn't support Kerberos armoring by enabling "Support Dynamic Access Control and Kerberos armoring", then all authentication for all its users will fail from computers with this policy setting enabled.
+> [!WARNING]
+> When a domain doesn't support Kerberos armoring by enabling "Support Dynamic Access Control and Kerberos armoring", then all authentication for all its users will fail from computers with this policy setting enabled.
If you enable this policy setting, the client computers in the domain enforce the use of Kerberos armoring in only authentication service (AS) and ticket-granting service (TGS) message exchanges with the domain controllers.
@@ -314,6 +318,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -335,7 +340,7 @@ This policy setting controls the Kerberos client's behavior in validating the KD
If you enable this policy setting, the Kerberos client requires that the KDC's X.509 certificate contains the KDC key purpose object identifier in the Extended Key Usage (EKU) extensions, and that the KDC's X.509 certificate contains a dNSName subjectAltName (SAN) extension that matches the DNS name of the domain. If the computer is joined to a domain, the Kerberos client requires that the KDC's X.509 certificate must be signed by a Certificate Authority (CA) in the NTAuth store. If the computer isn't joined to a domain, the Kerberos client allows the root CA certificate on the smart card to be used in the path validation of the KDC's X.509 certificate.
-If you disable or don't configure this policy setting, the Kerberos client requires only that the KDC certificate contain the Server Authentication purpose object identifier in the EKU extensions that can be issued to any server.
+If you disable or don't configure this policy setting, the Kerberos client requires only the KDC certificate that contains the Server Authentication purpose object identifier in the EKU extensions that can be issued to any server.
@@ -360,6 +365,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -386,7 +392,7 @@ If you enable this policy setting, the Kerberos client or server uses the config
If you disable or don't configure this policy setting, the Kerberos client or server uses the locally configured value or the default value.
> [!NOTE]
-> This policy setting configures the existing MaxTokenSize registry value in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters, which was added in Windows XP and Windows Server 2003, with a default value of 12,000 bytes. Beginning with Windows 8 the default is 48,000 bytes. Due to HTTP's base64 encoding of authentication context tokens, it's not advised to set this value more than 48,000 bytes.
+> This policy setting configures the existing MaxTokenSize registry value in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters, which was added in Windows XP and Windows Server 2003, with a default value of 12,000 bytes. Beginning with Windows 8, the default is 48,000 bytes. Due to HTTP's base64 encoding of authentication context tokens, it's not advised to set this value more than 48,000 bytes.
@@ -411,6 +417,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -428,9 +435,9 @@ ADMX Info:
-Adds a list of domains that an Azure Active Directory joined device can attempt to contact when it can't resolve a UPN to a principal.
+Adds a list of domains that an Azure Active Directory-joined device can attempt to contact when it can't resolve a UPN to a principal.
-Devices joined to Azure Active Directory in a hybrid environment need to interact with Active Directory Domain Controllers, but they lack the built-in ability to find a Domain Controller that a domain-joined device has. This limitation can cause failures when such a device needs to resolve an Azure Active Directory UPN into an Active Directory Principal. You can use this policy to avoid those failures.
+Devices joined to Azure Active Directory in a hybrid environment need to interact with Active Directory Domain Controllers, but they lack the built-in ability to find a Domain Controller that a domain-joined device has. This limitation can cause failures, when such a device needs to resolve an Azure Active Directory UPN into an Active Directory Principal. You can use this policy to avoid those failures.
@@ -447,3 +454,6 @@ Devices joined to Azure Active Directory in a hybrid environment need to interac
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-kioskbrowser.md b/windows/client-management/mdm/policy-csp-kioskbrowser.md
index ec353dc9aa..e1456fa569 100644
--- a/windows/client-management/mdm/policy-csp-kioskbrowser.md
+++ b/windows/client-management/mdm/policy-csp-kioskbrowser.md
@@ -1,21 +1,19 @@
---
title: Policy CSP - KioskBrowser
description: Use the Policy CSP - KioskBrowser setting to configure URLs kiosk browsers are allowed to navigate to, which are a subset of the blocked URLs.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - KioskBrowser
-
-
These policies currently only apply to Kiosk Browser app. Kiosk Browser is a Microsoft Store app, added in Windows 10 version 1803, that provides IT a way to customize the end user's browsing experience to fulfill kiosk, signage, and shared device scenarios. Application developers can also create their own kiosk browser and read these policies using [NamedPolicy.GetPolicyFromPath(String, String) Method](/uwp/api/windows.management.policies.namedpolicy.getpolicyfrompath#Windows_Management_Policies_NamedPolicy_GetPolicyFromPath_System_String_System_String_).
@@ -60,6 +58,7 @@ These policies currently only apply to Kiosk Browser app. Kiosk Browser is a Mic
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -96,6 +95,7 @@ List of exceptions to the blocked website URLs (with wildcard support). This pol
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -132,6 +132,7 @@ List of blocked website URLs (with wildcard support). This policy is used to con
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -168,6 +169,7 @@ Configures the default URL kiosk browsers to navigate on launch and restart.
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -201,6 +203,7 @@ Shows the Kiosk Browser's end session button. When the policy is enabled, the Ki
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -237,6 +240,7 @@ Enable/disable kiosk browser's home button.
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -273,6 +277,7 @@ Enable/disable kiosk browser's navigation buttons (forward/back).
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -290,7 +295,7 @@ Enable/disable kiosk browser's navigation buttons (forward/back).
-Amount of time in minutes the session is idle until the kiosk browser restarts in a fresh state.
+Amount of time in minutes, the session is idle until the kiosk browser restarts in a fresh state.
The value is an int 1-1440 that specifies the number of minutes the session is idle until the kiosk browser restarts in a fresh state. The default value is empty, which means there's no idle timeout within the kiosk browser.
@@ -301,4 +306,8 @@ The value is an int 1-1440 that specifies the number of minutes the session is i
-
\ No newline at end of file
+
+
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-lanmanworkstation.md b/windows/client-management/mdm/policy-csp-lanmanworkstation.md
index abd1293e59..15b727545c 100644
--- a/windows/client-management/mdm/policy-csp-lanmanworkstation.md
+++ b/windows/client-management/mdm/policy-csp-lanmanworkstation.md
@@ -1,21 +1,19 @@
---
title: Policy CSP - LanmanWorkstation
description: Use the Policy CSP - LanmanWorkstation setting to determine if the SMB client will allow insecure guest sign ins to an SMB server.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - LanmanWorkstation
-
-
@@ -27,7 +25,6 @@ manager: dansimp
-
@@ -39,6 +36,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -56,13 +54,13 @@ manager: dansimp
-This policy setting determines if the SMB client will allow insecure guest sign ins to an SMB server.
+This policy setting determines, if the SMB client will allow insecure guest sign in to an SMB server.
-If you enable this policy setting or if you don't configure this policy setting, the SMB client will allow insecure guest sign ins.
+If you enable this policy setting or if you don't configure this policy setting, the SMB client will allow insecure guest sign in.
-If you disable this policy setting, the SMB client will reject insecure guest sign ins.
+If you disable this policy setting, the SMB client will reject insecure guest sign in.
-Insecure guest sign ins are used by file servers to allow unauthenticated access to shared folders. While uncommon in an enterprise environment, insecure guest sign ins are frequently used by consumer Network Attached Storage (NAS) appliances acting as file servers. Windows file servers require authentication and don't use insecure guest sign ins by default. Since insecure guest sign ins are unauthenticated, important security features such as SMB Signing and SMB Encryption are disabled. As a result, clients that allow insecure guest sign ins are vulnerable to various man-in-the-middle attacks that can result in data loss, data corruption, and exposure to malware. Additionally, any data written to a file server using an insecure guest sign in is potentially accessible to anyone on the network. Microsoft recommends disabling insecure guest sign ins and configuring file servers to require authenticated access.
+Insecure guest sign in are used by file servers to allow unauthenticated access to shared folders. While uncommon in an enterprise environment, insecure guest sign in are frequently used by consumer Network Attached Storage (NAS) appliances acting as file servers. Windows file servers require authentication, and don't use insecure guest sign in by default. Since insecure guest sign in are unauthenticated, important security features such as SMB Signing and SMB Encryption are disabled. As a result, clients that allow insecure guest sign in are vulnerable to various man-in-the-middle attacks that can result in data loss, data corruption, and exposure to malware. Additionally, any data written to a file server using an insecure guest sign in is potentially accessible to anyone on the network. Microsoft recommends disabling insecure guest sign in and configuring file servers to require authenticated access.
@@ -82,3 +80,6 @@ This setting supports a range of values between 0 and 1.
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-licensing.md b/windows/client-management/mdm/policy-csp-licensing.md
index 430b7af709..af74d4384d 100644
--- a/windows/client-management/mdm/policy-csp-licensing.md
+++ b/windows/client-management/mdm/policy-csp-licensing.md
@@ -1,21 +1,19 @@
---
title: Policy CSP - Licensing
description: Use the Policy CSP - Licensing setting to enable or disable Windows license reactivation on managed devices.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - Licensing
-
-
@@ -30,7 +28,6 @@ manager: dansimp
-
@@ -42,6 +39,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -90,6 +88,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -121,8 +120,8 @@ ADMX Info:
The following list shows the supported values:
-- 0 (default) – Disabled.
-- 1 – Enabled.
+- 0 (default) – Disabled
+- 1 – Enabled
@@ -131,3 +130,6 @@ The following list shows the supported values:
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
index affd8a51ea..21dfa77d35 100644
--- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
+++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - LocalPoliciesSecurityOptions
description: These settings prevent users from adding new Microsoft accounts on a specific computer using LocalPoliciesSecurityOptions.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 12/16/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - LocalPoliciesSecurityOptions
@@ -182,6 +182,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -201,13 +202,15 @@ manager: dansimp
This policy setting prevents users from adding new Microsoft accounts on this computer.
-If you select the "Users cannot add Microsoft accounts" option, users won't be able to create new Microsoft accounts on this computer, switch a local account to a Microsoft account, or connect a domain account to a Microsoft account. This option is the preferred option if you need to limit the use of Microsoft accounts in your enterprise.
+If you select the "Users cannot add Microsoft accounts" option, users won't be able to create new Microsoft accounts on this computer. Switch a local account to a Microsoft account, or connect a domain account to a Microsoft account. This option is the preferred option if you need to limit the use of Microsoft accounts in your enterprise.
If you select the "Users cannot add or log on with Microsoft accounts" option, existing Microsoft account users won't be able to sign in to Windows. Selecting this option might make it impossible for an existing administrator on this computer to sign in and manage the system.
If you disable or don't configure this policy (recommended), users will be able to use Microsoft accounts with Windows.
-Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+This policy supports the following:
+- Supported value type is integer.
+- Supported operations are Add, Get, Replace, and Delete.
@@ -236,6 +239,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -255,7 +259,9 @@ The following list shows the supported values:
This setting allows the administrator to enable the local Administrator account.
-Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+This policy supports the following:
+- Supported value type is integer.
+- Supported operations are Add, Get, Replace, and Delete.
@@ -283,6 +289,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -302,7 +309,9 @@ The following list shows the supported values:
This setting allows the administrator to enable the guest Administrator account.
-Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+This policy supports the following:
+- Supported value type is integer.
+- Supported operations are Add, Get, Replace, and Delete.
@@ -331,6 +340,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -352,16 +362,19 @@ Accounts: Limit local account use of blank passwords to console logon only
This security setting determines whether local accounts that aren't password protected can be used to sign in from locations other than the physical computer console. If enabled, local accounts that aren't password protected will only be able to sign in at the computer's keyboard.
-Default: Enabled.
+Default: Enabled
> [!WARNING]
> Computers that aren't in physically secure locations should always enforce strong password policies for all local user accounts. Otherwise, anyone with physical access to the computer can sign in by using a user account that doesn't have a password. This is especially important for portable computers.
-If you apply this security policy to the Everyone group, no one will be able to sign in through Remote Desktop Services.
+>
+> If you apply this security policy to the Everyone group, no one will be able to sign in through Remote Desktop Services.
-This setting doesn't affect sign ins that use domain accounts.
-It's possible for applications that use remote interactive sign ins to bypass this setting.
+This setting doesn't affect sign in that use domain accounts.
+It's possible for applications that use remote interactive sign in to bypass this setting.
-Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+This policy supports the following:
+- Supported value type is integer.
+- Supported operations are Add, Get, Replace, and Delete.
@@ -372,8 +385,8 @@ GP Info:
Valid values:
-- 0 - disabled - local accounts that aren't password protected can be used to sign in from locations other than the physical computer console
-- 1 - enabled - local accounts that aren't password protected will only be able to sign in at the computer's keyboard
+- 0 - disabled - local accounts that aren't password protected can be used to sign in from locations other than the physical computer console.
+- 1 - enabled - local accounts that aren't password protected will only be able to sign in at the computer's keyboard.
@@ -389,6 +402,7 @@ Valid values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -410,9 +424,11 @@ Accounts: Rename administrator account
This security setting determines whether a different account name is associated with the security identifier (SID) for the account Administrator. Renaming the well-known Administrator account makes it slightly more difficult for unauthorized persons to guess this privileged user name and password combination.
-Default: Administrator.
+Default: Administrator
-Value type is string. Supported operations are Add, Get, Replace, and Delete.
+This policy supports the following:
+- Supported value type is string.
+- Supported operations are Add, Get, Replace, and Delete.
@@ -434,6 +450,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -455,9 +472,11 @@ Accounts: Rename guest account
This security setting determines whether a different account name is associated with the security identifier (SID) for the account "Guest." Renaming the well-known Guest account makes it slightly more difficult for unauthorized persons to guess this user name and password combination.
-Default: Guest.
+Default: Guest
-Value type is string. Supported operations are Add, Get, Replace, and Delete.
+This policy supports the following:
+- Supported value type is string.
+- Supported operations are Add, Get, Replace, and Delete.
@@ -479,6 +498,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -496,10 +516,11 @@ GP Info:
-Devices: Allow undock without having to sign in.
+Devices: Allow undock without having to sign in
This security setting determines whether a portable computer can be undocked without having to sign in. If this policy is enabled, sign in isn't required and an external hardware eject button can be used to undock the computer. If disabled, a user must sign in and have the Remove computer from docking station privilege to undock the computer.
-Default: Enabled.
+
+Default: Enabled
> [!CAUTION]
> Disabling this policy may tempt users to try and physically remove the laptop from its docking station using methods other than the external hardware eject button. Since this may cause damage to the hardware, this setting, in general, should only be disabled on laptop configurations that are physically securable.
@@ -524,6 +545,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -545,8 +567,8 @@ Devices: Allowed to format and eject removable media
This security setting determines who is allowed to format and eject removable NTFS media. This capability can be given to:
-- Administrators
-- Administrators and Interactive Users
+- Administrators.
+- Administrators and Interactive Users.
Default: This policy isn't defined, and only Administrators have this ability.
@@ -570,6 +592,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -591,7 +614,7 @@ Devices: Prevent users from installing printer drivers when connecting to shared
For a computer to print to a shared printer, the driver for that shared printer must be installed on the local computer. This security setting determines who is allowed to install a printer driver as part of connecting to a shared printer. If this setting is enabled, only Administrators can install a printer driver as part of connecting to a shared printer. If this setting is disabled, any user can install a printer driver as part of connecting to a shared printer.
-Default on servers: Enabled.
+Default on servers: Enabled
Default on workstations: Disabled
>[!NOTE]
@@ -617,6 +640,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -662,6 +686,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -679,10 +704,11 @@ GP Info:
-Interactive Logon: Display user information when the session is locked
+Interactive Logon: Display user information when the session is locked
-
-Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+This policy supports the following:
+- Supported value type is integer.
+- Supported operations are Add, Get, Replace, and Delete.
@@ -693,9 +719,9 @@ GP Info:
Valid values:
-- 1 - User display name, domain and user names
-- 2 - User display name only
-- 3 - Don't display user information
+- 1 - User display name, domain and user names.
+- 2 - User display name only.
+- 3 - Don't display user information.
@@ -711,6 +737,7 @@ Valid values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -731,13 +758,16 @@ Valid values:
Interactive logon: Don't display last signed-in
This security setting determines whether the Windows sign-in screen will show the username of the last person who signed in on this PC.
+
If this policy is enabled, the username won't be shown.
If this policy is disabled, the username will be shown.
-Default: Disabled.
+Default: Disabled
-Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+This policy supports the following:
+- Supported value type is integer.
+- Supported operations are Add, Get, Replace, and Delete.
@@ -748,8 +778,8 @@ GP Info:
Valid values:
-- 0 - disabled (username will be shown)
-- 1 - enabled (username won't be shown)
+- 0 - disabled (username will be shown).
+- 1 - enabled (username won't be shown).
@@ -765,6 +795,7 @@ Valid values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -790,9 +821,11 @@ If this policy is enabled, the username won't be shown.
If this policy is disabled, the username will be shown.
-Default: Disabled.
+Default: Disabled
-Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+This policy supports the following:
+- Supported value type is integer.
+- Supported operations are Add, Get, Replace, and Delete.
@@ -803,8 +836,8 @@ GP Info:
Valid values:
-- 0 - disabled (username will be shown)
-- 1 - enabled (username won't be shown)
+- 0 - disabled (username will be shown).
+- 1 - enabled (username won't be shown).
@@ -820,6 +853,7 @@ Valid values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -845,10 +879,12 @@ If this policy is enabled on a computer, a user isn't required to press CTRL+ALT
If this policy is disabled, any user is required to press CTRL+ALT+DEL before logging on to Windows.
-Default on domain-computers: Enabled: At least Windows 8/Disabled: Windows 7 or earlier.
-Default on stand-alone computers: Enabled.
+Default on domain-computers: Enabled: At least Windows 8 / Disabled: Windows 7 or earlier.
+Default on stand-alone computers: Enabled
-Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+This policy supports the following:
+- Supported value type is integer.
+- Supported operations are Add, Get, Replace, and Delete.
@@ -859,8 +895,8 @@ GP Info:
Valid values:
-- 0 - disabled
-- 1 - enabled (a user isn't required to press CTRL+ALT+DEL to sign in)
+- 0 - disabled.
+- 1 - enabled (a user isn't required to press CTRL+ALT+DEL to sign in).
@@ -876,6 +912,7 @@ Valid values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -893,13 +930,15 @@ Valid values:
-Interactive logon: Machine inactivity limit.
+Interactive logon: Machine inactivity limit
Windows notices inactivity of a sign-in session, and if the amount of inactive time exceeds the inactivity limit, then the screen saver will run, locking the session.
-Default: not enforced.
+Default: Not enforced
-Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+This policy supports the following:
+- Supported value type is integer.
+- Supported operations are Add, Get, Replace, and Delete.
@@ -925,6 +964,7 @@ Valid values: From 0 to 599940, where the value is the amount of inactivity time
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -946,11 +986,13 @@ Interactive logon: Message text for users attempting to sign in
This security setting specifies a text message that is displayed to users when they sign in.
-This text is often used for legal reasons, for example, to warn users about the ramifications of misusing company information or to warn them that their actions may be audited.
+This text is often used for legal reasons. For example, to warn users about the ramifications of misusing company information or to warn them that their actions may be audited.
-Default: No message.
+Default: No message
-Value type is string. Supported operations are Add, Get, Replace, and Delete.
+This policy supports the following:
+- Supported value type is string.
+- Supported operations are Add, Get, Replace, and Delete.
@@ -972,6 +1014,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -993,9 +1036,11 @@ Interactive logon: Message title for users attempting to sign in
This security setting allows the specification of a title to appear in the title bar of the window that contains the Interactive logon: Message text for users attempting to sign in.
-Default: No message.
+Default: No message
-Value type is string. Supported operations are Add, Get, Replace, and Delete.
+This policy supports the following:
+- Supported value type is string.
+- Supported operations are Add, Get, Replace, and Delete.
@@ -1017,6 +1062,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1040,16 +1086,16 @@ This security setting determines what happens when the smart card for a logged-o
The options are:
- No Action
- Lock Workstation
- Force Logoff
- Disconnect if a Remote Desktop Services session
+- No Action
+- Lock Workstation
+- Force Logoff
+- Disconnect if a Remote Desktop Services session
If you click Lock Workstation in the Properties dialog box for this policy, the workstation is locked when the smart card is removed, allowing users to leave the area, take their smart card with them, and still maintain a protected session.
If you click Force Logoff in the Properties dialog box for this policy, the user is automatically signed off when the smart card is removed.
-If you click Disconnect if a Remote Desktop Services session, removal of the smart card disconnects the session without logging off the user. This policy allows the user to insert the smart card and resume the session later, or at another smart card reader-equipped computer, without having to sign in again. If the session is local, this policy functions identically to Lock Workstation.
+If you click Disconnect on a Remote Desktop Services session, removal of the smart card disconnects the session without logging off the user. This policy allows the user to insert the smart card and resume the session later, or at another smart card reader-equipped computer, without having to sign in again. If the session is local, this policy functions identically to Lock Workstation.
> [!NOTE]
> Remote Desktop Services was called Terminal Services in previous versions of Windows Server.
@@ -1077,6 +1123,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1096,14 +1143,14 @@ GP Info:
Microsoft network client: Digitally sign communications (always)
-This security setting determines whether packet signing is required by the SMB client component. The server message block (SMB) protocol provides the basis for Microsoft file and print sharing and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. This policy setting determines whether SMB packet signing must be negotiated before further communication with an SMB server is permitted.
+This security setting determines whether packet signing is required by the SMB client component. The server message block (SMB) protocol provides the basis for Microsoft file, print sharing, and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. This policy setting determines whether SMB packet signing must be negotiated before further communication with an SMB server is permitted.
If this setting is enabled, the Microsoft network client won't communicate with a Microsoft network server unless that server agrees to perform SMB packet signing. If this policy is disabled, SMB packet signing is negotiated between the client and server.
-Default: Disabled.
+Default: Disabled
> [!Note]
-> All Windows operating systems support both a client-side SMB component and a server-side SMB component.Enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings:
+> All Windows operating systems support both a client-side SMB component and a server-side SMB component. Enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings:
> - Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing.
> - Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled.
> - Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing.
@@ -1131,6 +1178,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1152,11 +1200,11 @@ Microsoft network client: Digitally sign communications (if server agrees)
This security setting determines whether the SMB client attempts to negotiate SMB packet signing.
-The server message block (SMB) protocol provides the basis for Microsoft file and print sharing and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. This policy setting determines whether the SMB client component attempts to negotiate SMB packet signing when it connects to an SMB server.
+The server message block (SMB) protocol provides the basis for Microsoft file, print sharing, and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. This policy setting determines whether the SMB client component attempts to negotiate SMB packet signing when it connects to an SMB server.
If this setting is enabled, the Microsoft network client will ask the server to perform SMB packet signing upon session setup. If packet signing has been enabled on the server, packet signing will be negotiated. If this policy is disabled, the SMB client will never negotiate SMB packet signing.
-Default: Enabled.
+Default: Enabled
> [!Note]
> All Windows operating systems support both a client-side SMB component and a server-side SMB component. Enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings:
@@ -1189,6 +1237,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1212,7 +1261,7 @@ If this security setting is enabled, the Server Message Block (SMB) redirector i
Sending unencrypted passwords is a security risk.
-Default: Disabled.
+Default: Disabled
@@ -1234,6 +1283,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1294,6 +1344,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1315,9 +1366,9 @@ Microsoft network server: Digitally sign communications (always)
This security setting determines whether packet signing is required by the SMB server component.
-The server message block (SMB) protocol provides the basis for Microsoft file and print sharing and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. This policy setting determines whether SMB packet signing must be negotiated before further communication with an SMB client is permitted.
+The server message block (SMB) protocol provides the basis for Microsoft file, print sharing, and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. This policy setting determines whether SMB packet signing must be negotiated before further communication with an SMB client is permitted.
-If this setting is enabled, the Microsoft network server won't communicate with a Microsoft network client unless that client agrees to perform SMB packet signing. If this setting is disabled, SMB packet signing is negotiated between the client and server.
+If this setting is enabled, the Microsoft network server won't communicate with a Microsoft network client, unless that client agrees to perform SMB packet signing. If this setting is disabled, SMB packet signing is negotiated between the client and server.
Default: Disabled for member servers. Enabled for domain controllers.
@@ -1352,6 +1403,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1373,7 +1425,7 @@ Microsoft network server: Digitally sign communications (if client agrees)
This security setting determines whether the SMB server will negotiate SMB packet signing with clients that request it.
-The server message block (SMB) protocol provides the basis for Microsoft file and print sharing and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. This policy setting determines whether the SMB server will negotiate SMB packet signing when an SMB client requests it.
+The server message block (SMB) protocol provides the basis for Microsoft file, print sharing, and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. This policy setting determines whether the SMB server will negotiate SMB packet signing when an SMB client requests it.
If this setting is enabled, the Microsoft network server will negotiate SMB packet signing as requested by the client. That is, if packet signing has been enabled on the client, packet signing will be negotiated. If this policy is disabled, the SMB client will never negotiate SMB packet signing.
@@ -1410,6 +1462,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1438,8 +1491,8 @@ This security option allows more restrictions to be placed on anonymous connecti
Enabled: Don't allow enumeration of SAM accounts. This option replaces Everyone with Authenticated Users in the security permissions for resources.
Disabled: No extra restrictions. Rely on default permissions.
-Default on workstations: Enabled.
-Default on server: Enabled.
+Default on workstations: Enabled
+Default on server: Enabled
> [!IMPORTANT]
> This policy has no impact on domain controllers.
@@ -1464,6 +1517,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1487,7 +1541,7 @@ This security setting determines whether anonymous enumeration of SAM accounts a
Windows allows anonymous users to perform certain activities, such as enumerating the names of domain accounts and network shares. This feature is convenient, for example, when an administrator wants to grant access to users in a trusted domain that doesn't maintain a reciprocal trust. If you don't want to allow anonymous enumeration of SAM accounts and shares, then enable this policy.
-Default: Disabled.
+Default: Disabled
@@ -1509,6 +1563,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1530,9 +1585,9 @@ Network access: Restrict anonymous access to Named Pipes and Shares
When enabled, this security setting restricts anonymous access to shares and pipes to the settings for:
-Network access: Named pipes that can be accessed anonymously
-Network access: Shares that can be accessed anonymously
-Default: Enabled.
+- Network access: Named pipes that can be accessed anonymously.
+- Network access: Shares that can be accessed anonymously.
+- Default: Enabled.
@@ -1554,6 +1609,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1599,6 +1655,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1631,8 +1688,8 @@ GP Info:
Valid values:
-- 0 - Disabled
-- 1 - Enabled (Allow Local System to use computer identity for NTLM.)
+- 0 - Disabled.
+- 1 - Enabled (Allow Local System to use computer identity for NTLM).
@@ -1648,6 +1705,7 @@ Valid values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1669,8 +1727,9 @@ Network security: Allow PKU2U authentication requests to this computer to use on
This policy will be turned off by default on domain joined machines. This disablement would prevent online identities from authenticating to the domain joined machine.
-
-Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+This policy supports the following:
+- Supported value type is integer.
+- Supported operations are Add, Get, Replace, and Delete.
@@ -1681,8 +1740,8 @@ GP Info:
Valid values:
-- 0 - disabled
-- 1 - enabled (allow PKU2U authentication requests to this computer to use online identities.)
+- 0 - disabled.
+- 1 - enabled (allow PKU2U authentication requests to this computer to use online identities).
@@ -1698,6 +1757,7 @@ Valid values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1719,9 +1779,8 @@ Network security: Don't store LAN Manager hash value on next password change
This security setting determines if, at the next password change, the LAN Manager (LM) hash value for the new password is stored. The LM hash is relatively weak and prone to attack, as compared with the cryptographically stronger Windows NT hash. Since the LM hash is stored on the local computer in the security database, the passwords can be compromised if the security database is attacked.
-
-Default on Windows Vista and above: Enabled
-Default on Windows XP: Disabled.
+- Default on Windows Vista and above: Enabled
+- Default on Windows XP: Disabled
@@ -1743,6 +1802,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1762,27 +1822,27 @@ GP Info:
Network security LAN Manager authentication level
-This security setting determines which challenge/response authentication protocol is used for network logons. This choice affects the level of authentication protocol used by clients, the level of session security negotiated, and the level of authentication accepted by servers as follows:
+This security setting determines which challenge/response authentication protocol is used for network logon. This choice affects the level of authentication protocol used by clients, the level of session security negotiated, and the level of authentication accepted by servers as follows:
-Send LM and NTLM responses: Clients use LM and NTLM authentication and never use NTLMv2 session security; domain controllers accept LM, NTLM, and NTLMv2 authentication.
+- Send LM and NTLM responses: Clients use LM and NTLM authentication and never use NTLMv2 session security; domain controllers accept LM, NTLM, and NTLMv2 authentication.
-Send LM and NTLM - use NTLMv2 session security if negotiated: Clients use LM and NTLM authentication and use NTLMv2 session security if the server supports it; domain controllers accept LM, NTLM, and NTLMv2 authentication.
+- Send LM and NTLM - use NTLMv2 session security if negotiated: Clients use LM and NTLM authentication and use NTLMv2 session security if the server supports it; domain controllers accept LM, NTLM, and NTLMv2 authentication.
-Send NTLM response only: Clients use NTLM authentication only and use NTLMv2 session security if the server supports it; domain controllers accept LM, NTLM, and NTLMv2 authentication.
+- Send NTLM response only: Clients use NTLM authentication only and use NTLMv2 session security if the server supports it; domain controllers accept LM, NTLM, and NTLMv2 authentication.
-Send NTLMv2 response only: Clients use NTLMv2 authentication only and use NTLMv2 session security if the server supports it; domain controllers accept LM, NTLM, and NTLMv2 authentication.
+- Send NTLMv2 response only: Clients use NTLMv2 authentication only and use NTLMv2 session security if the server supports it; domain controllers accept LM, NTLM, and NTLMv2 authentication.
-Send NTLMv2 response only\refuse LM: Clients use NTLMv2 authentication only and use NTLMv2 session security if the server supports it; domain controllers refuse LM (accept only NTLM and NTLMv2 authentication).
+- Send NTLMv2 response only\refuse LM: Clients use NTLMv2 authentication only and use NTLMv2 session security if the server supports it; domain controllers refuse LM (accept only NTLM and NTLMv2 authentication).
-Send NTLMv2 response only\refuse LM and NTLM: Clients use NTLMv2 authentication only and use NTLMv2 session security if the server supports it; domain controllers refuse LM and NTLM (accept only NTLMv2 authentication).
+- Send NTLMv2 response only\refuse LM and NTLM: Clients use NTLMv2 authentication only and use NTLMv2 session security if the server supports it; domain controllers refuse LM and NTLM (accept only NTLMv2 authentication).
-Default:
+- Default:
-windows XP: send LM and NTLM responses
+- windows XP: send LM and NTLM responses.
-Windows Server 2003: Send NTLM response only
+- Windows Server 2003: Send NTLM response only.
-Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2: Send NTLMv2 response only
+Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2: Send NTLMv2 response only.
@@ -1804,6 +1864,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1828,11 +1889,11 @@ This security setting allows a client device to require the negotiation of 128-b
- Require NTLMv2 session security: The connection will fail if message integrity isn't negotiated.
- Require 128-bit encryption: The connection will fail if strong encryption (128-bit) isn't negotiated.
-Default:
+- Default:
-Windows XP, Windows Vista, Windows Server 2003, and Windows Server 2008: No requirements.
+- Windows XP, Windows Vista, Windows Server 2003, and Windows Server 2008: No requirements.
-Windows 7 and Windows Server 2008 R2: Require 128-bit encryption.
+- Windows 7 and Windows Server 2008 R2: Require 128-bit encryption.
@@ -1854,6 +1915,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1875,14 +1937,15 @@ Network security: Minimum session security for NTLM SSP based (including secure
This security setting allows a server to require the negotiation of 128-bit encryption and/or NTLMv2 session security. These values are dependent on the LAN Manager Authentication Level security setting value. The options are:
-Require NTLMv2 session security: The connection will fail if message integrity isn't negotiated.
-Require 128-bit encryption. The connection will fail if strong encryption (128-bit) isn't negotiated.
+- Require NTLMv2 session security: The connection will fail if message integrity isn't negotiated.
-Default:
+- Require 128-bit encryption. The connection will fail if strong encryption (128-bit) isn't negotiated.
-Windows XP, Windows Vista, Windows Server 2003, and Windows Server 2008: No requirements.
+- Default:
-Windows 7 and Windows Server 2008 R2: Require 128-bit encryption
+- Windows XP, Windows Vista, Windows Server 2003, and Windows Server 2008: No requirements.
+
+- Windows 7 and Windows Server 2008 R2: Require 128-bit encryption.
@@ -1904,6 +1967,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1923,13 +1987,13 @@ GP Info:
Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication
-This policy setting allows you to create an exception list of remote servers to which clients are allowed to use NTLM authentication if the "Network Security: Restrict NTLM: Outgoing NTLM traffic to remote servers" policy setting is configured.
+This policy setting allows you to create an exception list of remote servers to which clients are allowed to use NTLM authentication, if the "Network Security: Restrict NTLM: Outgoing NTLM traffic to remote servers" policy setting is configured.
If you configure this policy setting, you can define a list of remote servers to which clients are allowed to use NTLM authentication.
If you don't configure this policy setting, no exceptions will be applied.
-The naming format for servers on this exception list is the fully qualified domain name (FQDN) or NetBIOS server name used by the application, listed one per line. To ensure exceptions the name used by all applications needs to be in the list, and to ensure an exception is accurate, the server name should be listed in both naming formats. A single asterisk (*) can be used anywhere in the string as a wildcard character.
+The naming format for servers on this exception list is the fully qualified domain name (FQDN) or NetBIOS server name used by the application, listed one per line. To ensure exceptions, the name used by all applications needs to be in the list, and to ensure an exception is accurate, the server name should be listed in both naming formats. A single asterisk (*) can be used anywhere in the string as a wildcard character.
@@ -1960,6 +2024,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2021,6 +2086,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2082,6 +2148,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2143,6 +2210,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2168,10 +2236,12 @@ When this policy is enabled, the Shut Down command is available on the Windows l
When this policy is disabled, the option to shut down the computer doesn't appear on the Windows logon screen. In this case, users must be able to sign in to the computer successfully and have the Shut down the system user right before they can perform a system shutdown.
-Default on workstations: Enabled.
-Default on servers: Disabled.
+- Default on workstations: Enabled.
+- Default on servers: Disabled.
-Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+This policy supports the following:
+- Supported value type is integer.
+- Supported operations are Add, Get, Replace, and Delete.
@@ -2182,8 +2252,8 @@ GP Info:
Valid values:
-- 0 - disabled
-- 1 - enabled (allow system to be shut down without having to sign in)
+- 0 - disabled.
+- 1 - enabled (allow system to be shut down without having to sign in).
@@ -2199,6 +2269,7 @@ Valid values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2224,7 +2295,7 @@ Virtual memory support uses a system pagefile to swap pages of memory to disk wh
When this policy is enabled, it causes the system pagefile to be cleared upon clean shutdown. If you enable this security option, the hibernation file (hiberfil.sys) is also zeroed out when hibernation is disabled.
-Default: Disabled.
+Default: Disabled
@@ -2246,6 +2317,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2273,7 +2345,9 @@ Disabled: (Default)
The secure desktop can be disabled only by the user of the interactive desktop or by disabling the "User Account Control: Switch to the secure desktop when prompting for elevation" policy setting.
-Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+This policy supports the following:
+- Supported value type is integer.
+- Supported operations are Add, Get, Replace, and Delete.
@@ -2284,8 +2358,8 @@ GP Info:
Valid values:
-- 0 - disabled
-- 1 - enabled (allow UIAccess applications to prompt for elevation without using the secure desktop)
+- 0 - disabled.
+- 1 - enabled (allow UIAccess applications to prompt for elevation without using the secure desktop).
@@ -2301,6 +2375,7 @@ Valid values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2340,7 +2415,9 @@ The options are:
- 5 - Prompt for consent for non-Windows binaries: (Default) When an operation for a non-Microsoft application requires elevation of privilege, the user is prompted on the secure desktop to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege.
-Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+This policy supports the following:
+- Supported value type is integer.
+- Supported operations are Add, Get, Replace, and Delete.
@@ -2362,6 +2439,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2380,9 +2458,12 @@ GP Info:
User Account Control: Behavior of the elevation prompt for standard users
+
This policy setting controls the behavior of the elevation prompt for standard users.
-Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+This policy supports the following:
+- Supported value type is integer.
+- Supported operations are Add, Get, Replace, and Delete.
@@ -2394,9 +2475,9 @@ GP Info:
The following list shows the supported values:
-- 0 - Automatically deny elevation requests: When an operation requires elevation of privilege, a configurable access denied error message is displayed. An enterprise that is running desktops as standard user may choose this setting to reduce help desk calls.
+- 0 - Automatically deny elevation requests: When an operation requires elevation of privilege, a configurable access denied error message is displayed. An enterprise that is running desktops as standard user, may choose this setting to reduce help desk calls.
- 1 - Prompt for credentials on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a different user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
-- 3 (Default) - Prompt for credentials: When an operation requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
+- 3 (Default) - Prompt for credentials: When an operation requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
@@ -2412,6 +2493,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2435,9 +2517,9 @@ This policy setting controls the behavior of application installation detection
The options are:
-Enabled: (Default) When an application installation package is detected that requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
+- Enabled: (Default) When an application installation package is detected that requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
-Disabled: Application installation packages aren't detected and prompted for elevation. Enterprises that are running standard user desktops and use delegated installation technologies such as Group Policy Software Installation or Systems Management Server (SMS) should disable this policy setting. In this case, installer detection is unnecessary.
+- Disabled: Application installation packages aren't detected and prompted for elevation. Enterprises that are running standard user desktops and use delegated installation technologies such as Group Policy Software Installation or Systems Management Server (SMS) should disable this policy setting. In this case, installer detection is unnecessary.
@@ -2459,6 +2541,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2478,13 +2561,15 @@ GP Info:
User Account Control: Only elevate executable files that are signed and validated
-This policy setting enforces public key infrastructure (PKI) signature checks for any interactive applications that request elevation of privilege. Enterprise administrators can control which applications are allowed to run by adding certificates to the Trusted Publishers certificate store on local computers.
+This policy setting enforces public key infrastructure (PKI) signature checks for any interactive applications that request elevation of privilege. Enterprise administrators can control which applications are allowed to run, by adding certificates to the Trusted Publishers certificate store on local computers.
The options are:
- 0 - Disabled: (Default) Doesn't enforce PKI certification path validation before a given executable file is permitted to run.
- 1 - Enabled: Enforces the PKI certification path validation for a given executable file before it's permitted to run.
-Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+This policy supports the following:
+- Supported value type is integer.
+- Supported operations are Add, Get, Replace, and Delete.
@@ -2506,6 +2591,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2525,7 +2611,7 @@ GP Info:
User Account Control: Only elevate UIAccess applications that are installed in secure locations
-This policy setting controls whether applications that request to run with a User Interface Accessibility (UIAccess) integrity level must reside in a secure location in the file system. Secure locations are limited to the following locations:
+This policy setting controls, whether applications that request to run with a User Interface Accessibility (UIAccess) integrity level must reside in a secure location in the file system. Secure locations are limited to the following locations:
- .\Program Files\, including subfolders
- .\Windows\system32\
@@ -2538,7 +2624,9 @@ The options are:
- 0 - Disabled: An application runs with UIAccess integrity even if it doesn't reside in a secure location in the file system.
- 1 - Enabled: (Default) If an application resides in a secure location in the file system, it runs only with UIAccess integrity.
-Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+This policy supports the following:
+- Supported value type is integer.
+- Supported operations are Add, Get, Replace, and Delete.
@@ -2560,6 +2648,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2587,10 +2676,11 @@ The options are:
> [!NOTE]
> If this policy setting is disabled, Windows Security notifies you that the overall security of the operating system has been reduced.
-- 1 - Enabled: (Default) Admin Approval Mode is enabled. This policy must be enabled and related UAC policy settings must also be set appropriately to allow the built-in Administrator account and all other users who are members of the Administrators group to run in Admin Approval Mode.
+- 1 - Enabled: (Default) Admin Approval Mode is enabled. This policy must be enabled and related UAC policy settings must also be set appropriately, to allow the built-in Administrator account and all other users who are members of the Administrators group to run in Admin Approval Mode.
-
-Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+This policy supports the following:
+- Supported value type is integer.
+- Supported operations are Add, Get, Replace, and Delete.
@@ -2612,6 +2702,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2637,7 +2728,9 @@ The options are:
- 0 - Disabled: All elevation requests go to the interactive user's desktop. Prompt behavior policy settings for administrators and standard users are used.
- 1 - Enabled: (Default) All elevation requests go to the secure desktop regardless of prompt behavior policy settings for administrators and standard users.
-Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+This policy supports the following:
+- Supported value type is integer.
+- Supported operations are Add, Get, Replace, and Delete.
@@ -2659,6 +2752,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2706,6 +2800,7 @@ GP Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2727,7 +2822,9 @@ User Account Control: Virtualize file and registry write failures to per-user lo
This policy setting controls whether application write failures are redirected to defined registry and file system locations. This policy setting mitigates applications that run as administrator and write run-time application data to %ProgramFiles%, %Windir%, %Windir%\system32, or HKLM\Software.
-Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+This policy supports the following:
+- Supported value type is integer.
+- Supported operations are Add, Get, Replace, and Delete.
@@ -2746,5 +2843,8 @@ The following list shows the supported values:
-
+
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
diff --git a/windows/client-management/mdm/policy-csp-localusersandgroups.md b/windows/client-management/mdm/policy-csp-localusersandgroups.md
index fb1249a953..c2c636a46f 100644
--- a/windows/client-management/mdm/policy-csp-localusersandgroups.md
+++ b/windows/client-management/mdm/policy-csp-localusersandgroups.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - LocalUsersAndGroups
description: Policy CSP - LocalUsersAndGroups
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 10/14/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - LocalUsersAndGroups
@@ -25,7 +25,6 @@ manager: dansimp
-
@@ -37,11 +36,11 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
-
@@ -58,7 +57,7 @@ manager: dansimp
This policy setting allows IT admins to add, remove, or replace members of local groups on a managed device.
> [!NOTE]
-> The [RestrictedGroups/ConfigureGroupMembership](./policy-csp-restrictedgroups.md#restrictedgroups-configuregroupmembership) policy setting also allows you to configure members (users or AAD groups) to a Windows 10 local group. However, it allows only for a full replace of the existing groups with the new members and does not allow selective add or remove.
+> The [RestrictedGroups/ConfigureGroupMembership](./policy-csp-restrictedgroups.md#restrictedgroups-configuregroupmembership) policy setting also allows you to configure members (users or Azure Active Directory groups) to a Windows 10 local group. However, it allows only for a full replace of the existing groups with the new members and does not allow selective add or remove.
>
> Starting from Windows 10, version 20H2, it is recommended to use the LocalUsersandGroups policy instead of the RestrictedGroups policy. Applying both the policies to the same device is unsupported and may yield unpredictable results.
@@ -86,7 +85,7 @@ where:
> [!NOTE]
> When specifying member names of the user accounts, you must use following format – AzureAD\userUPN. For example, "AzureAD\user1@contoso.com" or "AzureAD\user2@contoso.co.uk".
For adding Azure AD groups, you need to specify the Azure AD Group SID. Azure AD group names are not supported with this policy.
-for more information, see [LookupAccountNameA function](/windows/win32/api/winbase/nf-winbase-lookupaccountnamea).
+For more information, see [LookupAccountNameA function](/windows/win32/api/winbase/nf-winbase-lookupaccountnamea).
See [Use custom settings for Windows 10 devices in Intune](/mem/intune/configuration/custom-settings-windows-10) for information on how to create custom profiles.
@@ -94,7 +93,7 @@ See [Use custom settings for Windows 10 devices in Intune](/mem/intune/configura
> - `` and `` can use an Azure AD SID or the user's name. For adding or removing Azure AD groups using this policy, you must use the group's SID. Azure AD group SIDs can be obtained using [Graph](/graph/api/resources/group?view=graph-rest-1.0&preserve-view=true#json-representation) API for Groups. The SID is present in the `securityIdentifier` attribute.
> - When specifying a SID in the `` or ``, member SIDs are added without attempting to resolve them. Therefore, be very careful when specifying a SID to ensure it is correct.
> - `` is not valid for the R (Restrict) action and will be ignored if present.
-> - The list in the XML is processed in the given order except for the R actions, which get processed last to ensure they win. It also means that if a group is present multiple times with different add/remove values, all of them will be processed in the order they are present.
+> - The list in the XML is processed in the given order except for the R actions, which get processed last to ensure they win. It also means that, if a group is present multiple times with different add/remove values, all of them will be processed in the order they are present.
@@ -103,9 +102,9 @@ See [Use custom settings for Windows 10 devices in Intune](/mem/intune/configura
**Examples**
-Example 1: AAD focused.
+Example 1: Azure Active Directory focused.
-The following example updates the built-in administrators group with AAD account "bob@contoso.com" and an Azure AD group with the SID **S-1-12-1-111111111-22222222222-3333333333-4444444444** on an AAD-joined machine.
+The following example updates the built-in administrators group with Azure AD account "bob@contoso.com" and an Azure AD group with the SID **S-1-12-1-111111111-22222222222-3333333333-4444444444** on an AAD-joined machine.
```xml
@@ -117,10 +116,10 @@ The following example updates the built-in administrators group with AAD account
```
-Example 2: Replace / Restrict the built-in administrators group with an AAD user account.
+Example 2: Replace / Restrict the built-in administrators group with an Azure AD user account.
> [!NOTE]
-> When using ‘R’ replace option to configure the built-in ‘Administrators’ group, it is required to always specify the administrator as a member + any other custom members. This is because the built-in administrator must always be a member of the administrators group.
+> When using ‘R’ replace option to configure the built-in ‘Administrators’ group. It is required to always specify the administrator as a member + any other custom members. This is because the built-in administrator must always be a member of the administrators group.
Example:
```xml
@@ -132,9 +131,10 @@ Example:
```
+
Example 3: Update action for adding and removing group members on a hybrid joined machine.
-The following example shows how you can update a local group (**Administrators**)—add an AD domain group as a member using its name (**Contoso\ITAdmins**), add a AAD group by its SID (**S-1-12-1-111111111-22222222222-3333333333-4444444444**), and remove a local account (**Guest**) if it exists.
+The following example shows how you can update a local group (**Administrators**)—add an AD domain group as a member using its name (**Contoso\ITAdmins**), add a Azure Active Directory group by its SID (**S-1-12-1-111111111-22222222222-3333333333-4444444444**), and remove a local account (**Guest**) if it exists.
```xml
@@ -147,7 +147,6 @@ The following example shows how you can update a local group (**Administrators**
```
-
@@ -157,7 +156,7 @@ The following example shows how you can update a local group (**Administrators**
> [!NOTE]
>
-> When AAD group SID’s are added to local groups, during AAD account logon privileges are evaluated only for the following well-known groups on a Windows 10 device:
+> When Azure Active Directory group SID’s are added to local groups, Azure AD account logon privileges are evaluated only for the following well-known groups on a Windows 10 device:
>
> - Administrators
> - Users
@@ -296,5 +295,8 @@ To troubleshoot Name/SID lookup APIs:
```
-
+
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
diff --git a/windows/client-management/mdm/policy-csp-lockdown.md b/windows/client-management/mdm/policy-csp-lockdown.md
index 90a9dc1bf5..7b338795e8 100644
--- a/windows/client-management/mdm/policy-csp-lockdown.md
+++ b/windows/client-management/mdm/policy-csp-lockdown.md
@@ -1,20 +1,19 @@
---
title: Policy CSP - LockDown
description: Use the Policy CSP - LockDown setting to allow the user to invoke any system user interface by swiping in from any screen edge using touch.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - LockDown
-
@@ -26,7 +25,6 @@ manager: dansimp
-
@@ -38,6 +36,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -57,7 +56,7 @@ manager: dansimp
Allows the user to invoke any system user interface by swiping in from any screen edge using touch.
-The easiest way to verify the policy is to restart the explorer process or to reboot after the policy is applied. And then try to swipe from the right edge of the screen. The desired result is for Action Center to not be invoked by the swipe. You can also enter tablet mode and attempt to swipe from the top of the screen to rearrange. That will also be disabled.
+The easiest way to verify the policy is to restart the explorer process or to reboot after the policy is applied, and then try to swipe from the right edge of the screen. The desired result is for Action Center to not be invoked by the swipe. You can also enter tablet mode and attempt to swipe from the top of the screen to rearrange, that will also be disabled.
@@ -80,3 +79,6 @@ The following list shows the supported values:
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-maps.md b/windows/client-management/mdm/policy-csp-maps.md
index c2cb4d83fd..d62a84d748 100644
--- a/windows/client-management/mdm/policy-csp-maps.md
+++ b/windows/client-management/mdm/policy-csp-maps.md
@@ -1,21 +1,19 @@
---
title: Policy CSP - Maps
description: Use the Policy CSP - Maps setting to allow the download and update of map data over metered connections.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - Maps
-
-
@@ -30,7 +28,6 @@ manager: dansimp
-
@@ -42,6 +39,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -85,6 +83,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -128,3 +127,6 @@ The following list shows the supported values:
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-memorydump.md b/windows/client-management/mdm/policy-csp-memorydump.md
index eea0f98401..37bcafe0e4 100644
--- a/windows/client-management/mdm/policy-csp-memorydump.md
+++ b/windows/client-management/mdm/policy-csp-memorydump.md
@@ -1,21 +1,19 @@
---
title: Policy CSP - MemoryDump
description: Use the Policy CSP
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - MemoryDump
-
-
@@ -30,7 +28,6 @@ manager: dansimp
-
@@ -42,6 +39,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -82,6 +80,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -115,3 +114,6 @@ The following list shows the supported values:
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-messaging.md b/windows/client-management/mdm/policy-csp-messaging.md
index 7c01fe7a99..ea92d4a966 100644
--- a/windows/client-management/mdm/policy-csp-messaging.md
+++ b/windows/client-management/mdm/policy-csp-messaging.md
@@ -1,21 +1,19 @@
---
title: Policy CSP - Messaging
description: Enable, and disable, text message backup and restore as well as Messaging Everywhere by using the Policy CSP for messaging.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - Messaging
-
-
@@ -27,7 +25,6 @@ manager: dansimp
-
@@ -39,6 +36,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -80,3 +78,6 @@ The following list shows the supported values:
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
diff --git a/windows/client-management/mdm/policy-csp-mixedreality.md b/windows/client-management/mdm/policy-csp-mixedreality.md
index 02d6f53ac3..e49f9c7be8 100644
--- a/windows/client-management/mdm/policy-csp-mixedreality.md
+++ b/windows/client-management/mdm/policy-csp-mixedreality.md
@@ -1,14 +1,14 @@
---
title: Policy CSP - MixedReality
description: Policy CSP - MixedReality
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - MixedReality
@@ -22,6 +22,12 @@ manager: dansimp
@@ -68,18 +92,85 @@ Steps to use this policy correctly:
1. The URI value should be entered in OMA-URI text box as ./Vendor/MSFT/Policy/Config/MixedReality/AADGroupMembershipCacheValidityInDays
1. The value can be between min / max allowed.
1. Enroll HoloLens devices and verify both configurations get applied to the device.
-1. Let Azure AD user 1 sign-in when internet is available. Once the user signs-in and Azure AD group membership is confirmed successfully, cache will be created.
+1. Let Azure AD user 1 sign-in, when internet is available. Once the user signs-in and Azure AD group membership is confirmed successfully, cache will be created.
1. Now Azure AD user 1 can take HoloLens offline and use it for kiosk mode as long as policy value allows for X number of days.
1. Steps 4 and 5 can be repeated for any other Azure AD user N. The key point is that any Azure AD user must sign-in to device using Internet at least once. Then we can determine that they're a member of Azure AD group to which Kiosk configuration is targeted.
> [!NOTE]
-> Until step 4 is performed for a Azure AD user will experience failure behavior mentioned similar to “disconnected” environments.
+> Until step 4 is performed for a Azure AD, user will experience failure behavior mentioned similar to “disconnected” environments.
-**MixedReality/AutoLogonUser**
+**MixedReality/AllowCaptivePortalBeforeSignIn**
+
+
+
+|Windows Edition|Supported|
+|--- |--- |
+|HoloLens (first gen) Development Edition|No|
+|HoloLens (first gen) Commercial Suite|No|
+|HoloLens 2|Yes|
+
+> [!NOTE]
+> This feature is currently only available in [HoloLens Insider](/hololens/hololens-insider) builds.
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+This new feature is an opt-in policy that IT Admins can enable to help with the setup of new devices in new areas or new users. When this policy is turned on it allows a captive portal on the sign-in screen, which allows a user to enter credentials to connect to the Wi-Fi access point. If enabled, sign in will implement similar logic as OOBE to display captive portal if necessary.
+
+MixedReality/AllowCaptivePortalBeforeSignIn
+
+The OMA-URI of new policy: `./Device/Vendor/MSFT/Policy/Config/MixedReality/AllowCaptivePortalBeforeSignIn`
+
+Bool value
+
+
+
+
+
+
+**MixedReality/AllowLaunchUriInSingleAppKiosk**
+
+
+
+|Windows Edition|Supported|
+|--- |--- |
+|HoloLens (first gen) Development Edition|No|
+|HoloLens (first gen) Commercial Suite|No|
+|HoloLens 2|Yes|
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+This can be enabled to allow for other apps to be launched with in a single app Kiosk, which may be useful, for example, if you want to launch the Settings app to calibrate your device or change your Wi-fi.
+
+By default, launching applications via Launcher API (Launcher Class (Windows.System) - Windows UWP applications) is disabled in single app kiosk mode. To enable applications to launch in single app kiosk mode on HoloLens devices, set the policy value to true.
+
+The OMA-URI of policy: `./Device/Vendor/MSFT/Policy/Config/MixedReality/AllowLaunchUriInSingleAppKiosk`
+
+Bool value
+
+
+
+
+
+
+**MixedReality/AutoLogonUser**
@@ -90,23 +181,23 @@ Steps to use this policy correctly:
|HoloLens 2|Yes|
-This new AutoLogonUser policy controls whether a user will be automatically signed in. Some customers want to set up devices that are tied to an identity but don't want any sign-in experience. Imagine picking up a device and using remote assist immediately. Or have a benefit of being able to rapidly distribute HoloLens devices and enable their end users to speed up sign in.
+This new AutoLogonUser policy controls whether a user will be automatically signed in. Some customers want to set up devices that are tied to an identity but don't want any sign-in experience. Imagine picking up a device and using remote assist immediately. Or have a benefit of being able to rapidly distribute HoloLens devices and enable their end users to speed up sign-in.
When the policy is set to a non-empty value, it specifies the email address of the auto log-on user. The specified user must sign in to the device at least once to enable autologon.
The OMA-URI of new policy `./Device/Vendor/MSFT/Policy/Config/MixedReality/AutoLogonUser`
-String value
+Supported value is String.
- User with the same email address will have autologon enabled.
-On a device where this policy is configured, the user specified in the policy will need to sign in at least once. Subsequent reboots of the device after the first sign in will have the specified user automatically signed in. Only a single autologon user is supported. Once enabled, the automatically signed-in user won't be able to sign out manually. To sign in as a different user, the policy must first be disabled.
+On a device where this policy is configured, the user specified in the policy will need to sign in at least once. Subsequent reboots of the device after the first sign-in will have the specified user automatically signed in. Only a single autologon user is supported. Once enabled, the automatically signed-in user won't be able to sign out manually. To sign in as a different user, the policy must first be disabled.
> [!NOTE]
>
> - Some events such as major OS updates may require the specified user to logon to the device again to resume auto-logon behavior.
-> - Auto-logon is only supported for MSA and AAD users.
+> - Auto-logon is only supported for Microsoft account and Azure Active Directory users.
@@ -121,7 +212,7 @@ On a device where this policy is configured, the user specified in the policy wi
-This policy setting controls for how many days Azure AD group membership cache is allowed to be used for Assigned Access configurations targeting Azure AD groups for signed in user. Once this policy setting is set, only then cache is used, otherwise not. In order for this policy setting to take effect, user must sign out and sign in with Internet available at least once before the cache can be used for subsequent "disconnected" sessions.
+This policy setting controls, for how many days Azure AD group membership cache is allowed to be used for the Assigned Access configurations, targeting Azure AD groups for signed in user. Once this policy setting is set, only then cache is used, otherwise not. In order for this policy setting to take effect, user must sign out and sign in with Internet available at least once before the cache can be used for subsequent "disconnected" sessions.
@@ -129,7 +220,7 @@ This policy setting controls for how many days Azure AD group membership cache i
-- Integer value
+Supported value is Integer.
Supported values are 0-60. The default value is 0 (day) and maximum value is 60 (days).
@@ -169,7 +260,7 @@ This policy setting controls if pressing the brightness button changes the brigh
-- Boolean value
+Supported values is Boolean.
The following list shows the supported values:
@@ -204,7 +295,7 @@ The following list shows the supported values:
-This policy controls the behavior of moving platform feature on Hololens 2, that is, whether it's turned off / on or it can be toggled by a user. It should only be used by customers who intend to use Hololens 2 in moving environments with low dynamic motion. For background information, see [HoloLens 2 Moving Platform Mode | Microsoft Docs](/hololens/hololens2-moving-platform#:~:text=Why%20Moving%20Platform%20Mode%20is%20Necessary%20HoloLens%20needs%2csimilar%20pieces%20of%20information%20from%20two%20separate%20sources:).
+This policy controls the behavior of moving platform feature on HoloLens 2, that is, whether it's turned off / on, or it can be toggled by a user. It should only be used by customers who intend to use HoloLens 2 in moving environments with low dynamic motion. For background information, see [HoloLens 2 Moving Platform Mode | Microsoft Docs](/hololens/hololens2-moving-platform#:~:text=Why%20Moving%20Platform%20Mode%20is%20Necessary%20HoloLens%20needs%2csimilar%20pieces%20of%20information%20from%20two%20separate%20sources:).
@@ -212,7 +303,7 @@ This policy controls the behavior of moving platform feature on Hololens 2, that
-- Integer value
+Supported value is Integer.
- 0 (Default) - Last set user's preference. Initial state is OFF and after that user's preference is persisted across reboots and is used to initialize the system.
- 1 Force off - Moving platform is disabled and can't be changed by user.
@@ -222,6 +313,107 @@ This policy controls the behavior of moving platform feature on Hololens 2, that
+
+**MixedReality/ConfigureNtpClient**
+
+
+
+|Windows Edition|Supported|
+|--- |--- |
+|HoloLens (first gen) Development Edition|No|
+|HoloLens (first gen) Commercial Suite|No|
+|HoloLens 2|Yes|
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+
+> [!NOTE]
+> This feature is currently only available in [HoloLens Insider](/hololens/hololens-insider) builds.
+
+You may want to configure a different time server for your device fleet. IT admins can use thi policy to configure certain aspects of NTP client with following policies. In the Settings app, the Time/Language page will show the time server after a time sync has occurred. E.g. `time.windows.com` or another if another value is configured via MDM policy.
+
+This policy setting specifies a set of parameters for controlling the Windows NTP Client. Refer to [Policy CSP - ADMX_W32Time - Windows Client Management](/windows/client-management/mdm/policy-csp-admx-w32time#admx-w32time-policy-configure-ntpclient) for supported configuration parameters.
+
+> [!NOTE]
+> This feature requires enabling[NtpClientEnabled](#mixedreality-ntpclientenabled) as well.
+
+- OMA-URI: `./Device/Vendor/MSFT/Policy/Config/MixedReality/ConfigureNtpClient`
+
+> [!NOTE]
+> Reboot is required for these policies to take effect.
+
+
+
+
+
+
+
+
+- Data Type: String
+- Value:
+
+```
+
+```
+
+
+
+
+
+
+**MixedReality/DisallowNetworkConnectivityPassivePolling**
+
+
+
+|Windows Edition|Supported|
+|--- |--- |
+|HoloLens (first gen) Development Edition|No|
+|HoloLens (first gen) Commercial Suite|No|
+|HoloLens 2|Yes|
+
+
+
+> [!NOTE]
+> This feature is currently only available in [HoloLens Insider](/hololens/hololens-insider) builds.
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+Windows Network Connectivity Status Indicator may get false positive Internet capable signal from passive polling. That may result in unexpected Wi-Fi adapter reset when device connects to an intranet only access point. Enabling this policy would avoid unexpected network interruptions caused by false positive NCSI passive polling.
+
+The OMA-URI of new policy: `./Device/Vendor/MSFT/Policy/Config/MixedReality/DisallowNetworkConnectivityPassivePolling`
+
+- Bool value
+
+
+
+
+
+
**MixedReality/FallbackDiagnostics**
@@ -246,7 +438,7 @@ This policy controls the behavior of moving platform feature on Hololens 2, that
-This policy setting controls when and if diagnostic logs can be collected using specific button combination on HoloLens.
+This policy setting controls, when and if diagnostic logs can be collected using specific button combination on HoloLens.
@@ -254,13 +446,13 @@ This policy setting controls when and if diagnostic logs can be collected using
-- Integer value
+Supporting value is Integer.
The following list shows the supported values:
-- 0 - Disabled
-- 1 - Enabled for device owners
-- 2 - Enabled for all (Default)
+- 0 - Disabled.
+- 1 - Enabled for device owners.
+- 2 - Enabled for all (Default).
@@ -298,17 +490,57 @@ This policy configures behavior of HUP to determine, which algorithm to use for
-- Boolean value
+Supporting value is Boolean.
The following list shows the supported values:
-- 0 - Feature – Default feature based / SLAM-based tracker (Default)
-- 1 - Constellation – LR constellation based tracker
+- 0 - Feature – Default feature based / SLAM-based tracker (Default).
+- 1 - Constellation – LR constellation based tracker.
+
+**MixedReality/ManualDownDirectionDisabled**
+
+
+
+|Windows Edition|Supported|
+|--- |--- |
+|HoloLens (first gen) Development Edition|No|
+|HoloLens (first gen) Commercial Suite|No|
+|HoloLens 2|Yes|
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+
+This policy controls whether the user can change down direction manually or not. If no down direction is set by the user, then an automatically calculated down direction is used by the system. This policy has no dependency on ConfigureMovingPlatform policy and they can be set independently.
+
+The OMA-URI of new policy: `./Device/Vendor/MSFT/Policy/Config/MixedReality/ManualDownDirectionDisabled`
+
+
+
+
+
+Supported values:
+
+- **False (Default)** - User can manually change down direction if they desire, otherwise down direction will be determined automatically based on the measured gravity vector.
+- **True** - User can’t manually change down direction and down direction will be always determined automatically based on the measured gravity vector.
+
+
+
**MixedReality/MicrophoneDisabled**
@@ -341,7 +573,7 @@ This policy setting controls whether microphone on HoloLens 2 is disabled or not
-- Boolean value
+Supporting value is Boolean.
The following list shows the supported values:
@@ -349,6 +581,120 @@ The following list shows the supported values:
- 1 - True
+
+
+**MixedReality/NtpClientEnabled**
+
+
+
+|Windows Edition|Supported|
+|--- |--- |
+|HoloLens (first gen) Development Edition|No|
+|HoloLens (first gen) Commercial Suite|No|
+|HoloLens 2|Yes|
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+> [!NOTE]
+> This feature is currently only available in [HoloLens Insider](/hololens/hololens-insider) builds.
+
+This policy setting specifies whether the Windows NTP Client is enabled.
+
+- OMA-URI: `./Device/Vendor/MSFT/Policy/Config/MixedReality/NtpClientEnabled`
+
+
+
+
+
+
+- Data Type: String
+- Value ``
+
+
+
+
+
+
+
+**MixedReality/SkipCalibrationDuringSetup**
+
+
+
+|Windows Edition|Supported|
+|--- |--- |
+|HoloLens (first gen) Development Edition|No|
+|HoloLens (first gen) Commercial Suite|No|
+|HoloLens 2|Yes|
+
+
+
+> [!NOTE]
+> This feature is currently only available in [HoloLens Insider](/hololens/hololens-insider) builds.
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+Skips the calibration experience on HoloLens 2 devices when setting up a new user in the Out of Box Experience (OOBE) or when adding a new user to the device. The user will still be able to calibrate their device from the Settings app.
+
+The OMA-URI of new policy: `./Device/Vendor/MSFT/Policy/Config/MixedReality/SkipCalibrationDuringSetup`
+
+- Bool value
+
+
+
+
+
+
+
+**MixedReality/SkipTrainingDuringSetup**
+
+
+
+|Windows Edition|Supported|
+|--- |--- |
+|HoloLens (first gen) Development Edition|No|
+|HoloLens (first gen) Commercial Suite|No|
+|HoloLens 2|Yes|
+
+
+
+> [!NOTE]
+> This feature is currently only available in [HoloLens Insider](/hololens/hololens-insider) builds.
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+On HoloLens 2 devices, skips the training experience of interactions with the humming bird and start menu training when setting up a new user in the Out of Box Experience (OOBE) or when adding a new user to the device. The user will still be able to learn these movement controls from the Tips app.
+
+The OMA-URI of new policy: `./Device/Vendor/MSFT/Policy/Config/MixedReality/SkipTrainingDuringSetup`
+
+- Bool value
+
+
+
@@ -384,7 +730,7 @@ This policy setting controls if pressing the volume button changes the volume or
-- Boolean value
+Supporting value is Boolean.
The following list shows the supported values:
@@ -419,7 +765,7 @@ The following list shows the supported values:
-This policy controls whether a visitor user will be automatically logged in. Visitor users can only be created and logged in if an Assigned Access profile has been created targeting visitor users. A visitor user will only be automatically logged in if no other user has logged in on the device before.
+This policy controls whether a visitor user will be automatically logged in. Visitor users can only be created and logged in, if an Assigned Access profile has been created targeting visitor users. A visitor user will only be automatically logged in, if no other user has logged in on the device before.
@@ -427,7 +773,7 @@ This policy controls whether a visitor user will be automatically logged in. Vis
-- Boolean value
+Supported value is Boolean.
The following list shows the supported values:
@@ -439,3 +785,7 @@ The following list shows the supported values:
+
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
diff --git a/windows/client-management/mdm/policy-csp-mssecurityguide.md b/windows/client-management/mdm/policy-csp-mssecurityguide.md
index 812c96e877..d2b17be697 100644
--- a/windows/client-management/mdm/policy-csp-mssecurityguide.md
+++ b/windows/client-management/mdm/policy-csp-mssecurityguide.md
@@ -1,21 +1,20 @@
---
title: Policy CSP - MSSecurityGuide
description: Learn how Policy CSP - MSSecurityGuide, an ADMX-backed policy, requires a special SyncML format to enable or disable.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - MSSecurityGuide
-
@@ -43,11 +42,11 @@ manager: dansimp
> [!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -60,6 +59,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -99,6 +99,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -139,6 +140,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -179,6 +181,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -219,6 +222,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -258,6 +262,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -287,6 +292,8 @@ ADMX Info:
-
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-msslegacy.md b/windows/client-management/mdm/policy-csp-msslegacy.md
index 6f71a563e4..d6d732e4cf 100644
--- a/windows/client-management/mdm/policy-csp-msslegacy.md
+++ b/windows/client-management/mdm/policy-csp-msslegacy.md
@@ -1,20 +1,19 @@
---
title: Policy CSP - MSSLegacy
-description: Learn how Policy CSP - MSSLegacy, an ADMX-backed policy, requires a special SyncML format to enable or disable.
-ms.author: dansimp
+description: Learn how Policy CSP - MSSLegacy, an ADMX-backed policy, requires a special SyncML format to enable or disable.
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - MSSLegacy
-
@@ -36,11 +35,11 @@ manager: dansimp
> [!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -53,6 +52,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -92,6 +92,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -132,6 +133,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -171,6 +173,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -201,6 +204,8 @@ ADMX Info:
-
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-multitasking.md b/windows/client-management/mdm/policy-csp-multitasking.md
index 1bd998b15e..0329b17188 100644
--- a/windows/client-management/mdm/policy-csp-multitasking.md
+++ b/windows/client-management/mdm/policy-csp-multitasking.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - Multitasking
description: Policy CSP - Multitasking
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 10/30/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - Multitasking
@@ -25,7 +25,6 @@ manager: dansimp
-
@@ -37,6 +36,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -66,11 +66,11 @@ This policy only applies to the Alt+Tab switcher. When the policy isn't enabled,
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -96,3 +96,6 @@ The following list shows the supported values:
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-networkisolation.md b/windows/client-management/mdm/policy-csp-networkisolation.md
index 9dbb409924..d2d4a901b0 100644
--- a/windows/client-management/mdm/policy-csp-networkisolation.md
+++ b/windows/client-management/mdm/policy-csp-networkisolation.md
@@ -1,21 +1,19 @@
---
title: Policy CSP - NetworkIsolation
description: Learn how Policy CSP - NetworkIsolation contains a list of Enterprise resource domains hosted in the cloud that need to be protected.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - NetworkIsolation
-
-
@@ -48,7 +46,6 @@ manager: dansimp
-
@@ -60,6 +57,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -102,6 +100,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -157,6 +156,7 @@ fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -174,7 +174,7 @@ fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
-Integer value that tells the client to accept the configured list and not to use heuristics to attempt to find other subnets.
+Integer value that tells the client to accept the configured list and not to use heuristics to attempt and find other subnets.
@@ -198,6 +198,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -240,6 +241,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -257,11 +259,10 @@ ADMX Info:
-This list is the list of domains that comprise the boundaries of the enterprise. Data from one of these domains that is sent to a device will be considered enterprise data and protected. These locations will be considered a safe destination for enterprise data to be shared to. This list is a comma-separated list of domains, for example "contoso.sharepoint.com, Fabrikam.com".
+This is a list of domains that comprise the boundaries of the enterprise. Data from one of these domains that is sent to a device will be considered enterprise data and protected. These locations will be considered a safe destination for enterprise data to be shared to. This list is a comma-separated list of domains, for example "contoso.sharepoint.com, Fabrikam.com".
> [!NOTE]
> The client requires domain name to be canonical, otherwise the setting will be rejected by the client.
-
Here are the steps to create canonical domain names:
@@ -283,6 +284,7 @@ Here are the steps to create canonical domain names:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -325,6 +327,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -366,6 +369,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -399,4 +403,8 @@ ADMX Info:
-
\ No newline at end of file
+
+
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-networklistmanager.md b/windows/client-management/mdm/policy-csp-networklistmanager.md
index 1e7e152515..bd33a1ddfa 100644
--- a/windows/client-management/mdm/policy-csp-networklistmanager.md
+++ b/windows/client-management/mdm/policy-csp-networklistmanager.md
@@ -1,20 +1,19 @@
---
title: Policy CSP - NetworkListManager
description: Policy CSP - NetworkListManager is a setting creates a new MDM policy. This setting allows admins to configure a list of URIs of HTTPS endpoints that are considered secure.
-ms.author: v-nsatapathy
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: nimishasatapathy
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 12/16/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - NetworkListManager
-
@@ -29,7 +28,6 @@ manager: dansimp
-
@@ -41,6 +39,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -84,6 +83,7 @@ When entering a list of TLS endpoints in Microsoft Endpoint Manager, you must fo
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -107,3 +107,6 @@ This policy setting provides the string that is to be used to name a network. Th
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-newsandinterests.md b/windows/client-management/mdm/policy-csp-newsandinterests.md
index cb70df917f..59566c1026 100644
--- a/windows/client-management/mdm/policy-csp-newsandinterests.md
+++ b/windows/client-management/mdm/policy-csp-newsandinterests.md
@@ -1,21 +1,19 @@
---
title: Policy CSP - NewsAndInterests
description: Learn how Policy CSP - NewsandInterests contains a list of news and interests.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - NewsAndInterests
-
-
@@ -26,8 +24,6 @@ manager: dansimp
NewsAndInterests/AllowNewsAndInterests
-
-
@@ -38,10 +34,11 @@ manager: dansimp
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|Yes|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+|Pro|No|Yes|
+|Windows SE|No|Yes|
+|Business|No|Yes|
+|Enterprise|No|Yes|
+|Education|No|Yes|
@@ -65,7 +62,7 @@ This policy specifies whether to allow the entire widgets experience, including
The following are the supported values:
-- 1 - Default - Allowed
+- 1 - Default - Allowed.
- 0 - Not allowed.
@@ -82,5 +79,8 @@ ADMX Info:
+
-
\ No newline at end of file
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
diff --git a/windows/client-management/mdm/policy-csp-notifications.md b/windows/client-management/mdm/policy-csp-notifications.md
index 20823757ce..32ddde9d1a 100644
--- a/windows/client-management/mdm/policy-csp-notifications.md
+++ b/windows/client-management/mdm/policy-csp-notifications.md
@@ -1,21 +1,19 @@
---
title: Policy CSP - Notifications
description: Block applications from using the network to send tile, badge, toast, and raw notifications for Policy CSP - Notifications.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - Notifications
-
-
@@ -48,6 +46,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -71,7 +70,7 @@ If you enable this policy setting, applications and system features won't be abl
If you enable this policy setting, notifications can still be raised by applications running on the machine via local API calls from within the application.
-If you disable or don't configure this policy setting, the client computer will connect to WNS at user sign in and applications will be allowed to use periodic (polling) notifications.
+If you disable or don't configure this policy setting, the client computer will connect to WNS at user sign in, and applications will be allowed to use periodic (polling) notifications.
No reboots or service restarts are required for this policy setting to take effect.
@@ -93,9 +92,9 @@ This setting supports a range of values between 0 and 1.
Validation:
-1. Enable policy
-2. Reboot machine
-3. Ensure that you can't receive a notification from Facebook app while FB app isn't running
+1. Enable policy.
+2. Reboot machine.
+3. Ensure that you can't receive a notification from Facebook app while FB app isn't running.
@@ -111,6 +110,7 @@ Validation:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -130,7 +130,7 @@ Validation:
Boolean value that turns off notification mirroring.
-For each user signed in to the device, if you enable this policy (set value to 1) the app and system notifications received by this user on this device won't get mirrored to other devices of the same signed-in user. If you disable or don't configure this policy (set value to 0), the notifications received by this user on this device will be mirrored to other devices of the same signed-in user. This feature can be turned off by apps that don't want to participate in Notification Mirroring. This feature can also be turned off by the user in the Cortana setting page.
+For each user signed in to the device, if you enable this policy (set value to 1), the app and system notifications received by this user on this device won't get mirrored to other devices of the same signed-in user. If you disable or don't configure this policy (set value to 0), the notifications received by this user on this device will be mirrored to other devices of the same signed-in user. This feature can be turned off by apps that don't want to participate in Notification Mirroring. This feature can also be turned off by the user in the Cortana setting page.
No reboot or service restart is required for this policy to take effect.
@@ -163,6 +163,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -203,9 +204,9 @@ This setting supports a range of values between 0 and 1.
Validation:
-1. Enable policy
-2. Reboot machine
-3. Ensure that all tiles are default (no live tile content showing, like no weather forecast on the Weather tile)
+1. Enable policy.
+2. Reboot machine.
+3. Ensure that all tiles are default (no live tile content showing, like no weather forecast on the Weather tile).
@@ -265,7 +266,8 @@ This policy setting determines which Windows Notification Service endpoint will
If you disable or don't configure this setting, the push notifications will connect to the default endpoint of client.wns.windows.com.
-Note: Ensure the proper WNS FQDNs, VIPs, IPs and Ports are also allowlisted from your firewall settings.
+> [!NOTE]
+> Ensure the proper WNS FQDNs, VIPs, IPs and Ports are also allowlisted from your firewall settings.
@@ -285,3 +287,7 @@ If the policy isn't specified, we'll default our connection to client.wns.window
+
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-power.md b/windows/client-management/mdm/policy-csp-power.md
index 30eb1c679f..117535d8e7 100644
--- a/windows/client-management/mdm/policy-csp-power.md
+++ b/windows/client-management/mdm/policy-csp-power.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - Power
description: Learn how the Policy CSP - Power setting manages whether or not Windows is allowed to use standby states when putting the computer in a sleep state.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - Power
@@ -93,11 +93,11 @@ manager: dansimp
> [!TIP]
-> Some of these are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> Some of these are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -176,6 +176,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -222,6 +223,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -268,6 +270,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -318,6 +321,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -341,7 +345,7 @@ If you enable this policy setting, you must provide a value, in seconds, indicat
If you disable or don't configure this policy setting, users control this setting.
-If the user has configured a slide show to run on the lock screen when the machine is locked, this slide show can prevent the display from turning off. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
+If the user has configured a slide show to run on the lock screen when the machine is locked, this slide show can prevent the display from turning off. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
@@ -366,6 +370,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -422,6 +427,7 @@ Supported values: 0-100. The default is 70.
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -477,6 +483,7 @@ Supported values: 0-100. The default is 70.
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -500,7 +507,7 @@ If you enable this policy setting, you must provide a value, in seconds, indicat
If you disable or don't configure this policy setting, users control this setting.
-If the user has configured a slide show to run on the lock screen when the machine is locked, this slide show can prevent the sleep transition from occurring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
+If the user has configured a slide show to run on the lock screen when the machine is locked, this slide show can prevent the sleep transition from occurring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
@@ -525,6 +532,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -548,11 +556,10 @@ If you enable this policy setting, you must provide a value, in seconds, indicat
If you disable or don't configure this policy setting, users control this setting.
-If the user has configured a slide show to run on the lock screen when the machine is locked, this slide show can prevent the sleep transition from occurring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
+If the user has configured a slide show to run on the lock screen when the machine is locked, this slide show can prevent the sleep transition from occurring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
-
ADMX Info:
- GP Friendly name: *Specify the system hibernate timeout (plugged in)*
@@ -574,6 +581,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -620,6 +628,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -666,6 +675,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -727,6 +737,7 @@ The following are the supported lid close switch actions (on battery):
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -788,6 +799,7 @@ The following are the supported lid close switch actions (plugged in):
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -849,6 +861,7 @@ The following are the supported Power button actions (on battery):
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -910,6 +923,7 @@ The following are the supported Power button actions (plugged in):
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -971,6 +985,7 @@ The following are the supported Sleep button actions (on battery):
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1032,6 +1047,7 @@ The following are the supported Sleep button actions (plugged in):
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1080,6 +1096,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1103,7 +1120,7 @@ If you enable this policy setting, you must provide a value, in seconds, indicat
If you disable or don't configure this policy setting, users control this setting.
-If the user has configured a slide show to run on the lock screen when the machine is locked, this slide show can prevent the sleep transition from occurring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
+If the user has configured a slide show to run on the lock screen when the machine is locked, this slide show can prevent the sleep transition from occurring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
@@ -1128,6 +1145,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1163,8 +1181,8 @@ ADMX Info:
The following are the supported values for Hybrid sleep (on battery):
-- 0 - no hibernation file for sleep (default)
-- 1 - hybrid sleep
+- 0 - no hibernation file for sleep (default).
+- 1 - hybrid sleep.
@@ -1186,6 +1204,7 @@ The following are the supported values for Hybrid sleep (on battery):
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1221,8 +1240,8 @@ ADMX Info:
The following are the supported values for Hybrid sleep (plugged in):
-- 0 - no hibernation file for sleep (default)
-- 1 - hybrid sleep
+- 0 - no hibernation file for sleep (default).
+- 1 - hybrid sleep.
@@ -1244,6 +1263,7 @@ The following are the supported values for Hybrid sleep (plugged in):
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1302,6 +1322,7 @@ Default value for unattended sleep timeout (on battery):
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1353,3 +1374,6 @@ Default value for unattended sleep timeout (plugged in):
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
diff --git a/windows/client-management/mdm/policy-csp-printers.md b/windows/client-management/mdm/policy-csp-printers.md
index 48b7f7722b..bcce2e1390 100644
--- a/windows/client-management/mdm/policy-csp-printers.md
+++ b/windows/client-management/mdm/policy-csp-printers.md
@@ -1,21 +1,20 @@
---
title: Policy CSP - Printers
-description: Use this policy setting to control the client Point and Print behavior, including security prompts for Windows Vista computers.
-ms.author: dansimp
+description: Use this policy setting to control the client Point and Print behavior, including security prompts for Windows Vista computers.
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - Printers
-
@@ -46,11 +45,11 @@ manager: dansimp
> [!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -105,7 +104,8 @@ manager: dansimp
This policy implements the print portion of the Device Control requirements.
-These requirements include restricting printing to USB connected printers that match a list of approved USB Vid/Pid combinations or to corporate connected printers while either directly connected to the corporate network or when using a VPN connection to the corporate network.
+These requirements include restricting printing to USB connected printers that match a list of approved USB Vid/Pid combinations or to corporate connected printers, while either directly connected to the corporate network or when using a VPN connection to the corporate network.
+
This policy will contain the comma-separated list of approved USB Vid&Pid combinations that the print spooler will allow to print when Device Control is enabled.
The format of this setting is `/[,/]`
@@ -176,7 +176,8 @@ ADMX Info:
This policy implements the print portion of the Device Control requirements.
-These requirements include restricting printing to USB connected printers that match a list of approved USB Vid/Pid combinations or to corporate connected printers while either directly connected to the corporate network or when using a VPN connection to the corporate network.
+These requirements include restricting printing to USB connected printers that match a list of approved USB Vid/Pid combinations or to corporate connected printers, while either directly connected to the corporate network or when using a VPN connection to the corporate network.
+
This policy will contain the comma separated list of approved USB Vid&Pid combinations that the print spooler will allow to print when Device Control is enabled.
The format of this setting is `/[,/]`
@@ -244,7 +245,8 @@ ADMX Info:
This policy implements the print portion of the Device Control requirements.
-These requirements include restricting printing to USB connected printers that match a list of approved USB Vid/Pid combinations or to corporate connected printers while either directly connected to the corporate network or when using a VPN connection to the corporate network.
+These requirements include restricting printing to USB connected printers that match a list of approved USB Vid/Pid combinations or to corporate connected printers, while either directly connected to the corporate network or when using a VPN connection to the corporate network.
+
This policy will control whether the print spooler will attempt to restrict printing as part of Device Control.
The default value of the policy will be Unconfigured.
@@ -253,7 +255,6 @@ If the policy value is either Unconfigured or Disabled, the print spooler won't
If the policy value is Enabled, the print spooler will restrict local printing to USB devices in the Approved Device list.
-
@@ -320,7 +321,8 @@ ADMX Info:
This policy implements the print portion of the Device Control requirements.
-These requirements include restricting printing to USB connected printers that match a list of approved USB Vid/Pid combinations or to corporate connected printers while either directly connected to the corporate network or when using a VPN connection to the corporate network.
+These requirements include restricting printing to USB connected printers that match a list of approved USB Vid/Pid combinations or to corporate connected printers, while either directly connected to the corporate network or when using a VPN connection to the corporate network.
+
This policy will control whether the print spooler will attempt to restrict printing as part of Device Control.
The default value of the policy will be Unconfigured.
@@ -329,7 +331,6 @@ If the policy value is either Unconfigured or Disabled, the print spooler won't
If the policy value is Enabled, the print spooler will restrict local printing to USB devices in the Approved Device list.
-
@@ -353,6 +354,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -382,9 +384,9 @@ If you don't configure this policy setting:
- Windows Vista client computers can point and print to any server.
-- Windows Vista computers will show a warning and an elevated command prompt when users create a printer connection to any server using Point and Print.
+- Windows Vista computers will show a warning and an elevated command prompt, when users create a printer connection to any server using Point and Print.
-- Windows Vista computers will show a warning and an elevated command prompt when an existing printer connection driver needs to be updated.
+- Windows Vista computers will show a warning and an elevated command prompt, when an existing printer connection driver needs to be updated.
- Windows Server 2003 and Windows XP client computers can create a printer connection to any server in their forest using Point and Print.
@@ -392,9 +394,9 @@ If you disable this policy setting:
- Windows Vista client computers can create a printer connection to any server using Point and Print.
-- Windows Vista computers won't show a warning or an elevated command prompt when users create a printer connection to any server using Point and Print.
+- Windows Vista computers won't show a warning or an elevated command prompt, when users create a printer connection to any server using Point and Print.
-- Windows Vista computers won't show a warning or an elevated command prompt when an existing printer connection driver needs to be updated.
+- Windows Vista computers won't show a warning or an elevated command prompt, when an existing printer connection driver needs to be updated.
- Windows Server 2003 and Windows XP client computers can create a printer connection to any server using Point and Print.
@@ -436,6 +438,7 @@ Data type: String Value:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -465,9 +468,9 @@ If you don't configure this policy setting:
- Windows Vista client computers can point and print to any server.
-- Windows Vista computers will show a warning and an elevated command prompt when users create a printer connection to any server using Point and Print.
+- Windows Vista computers will show a warning and an elevated command prompt, when users create a printer connection to any server using Point and Print.
-- Windows Vista computers will show a warning and an elevated command prompt when an existing printer connection driver needs to be updated.
+- Windows Vista computers will show a warning and an elevated command prompt, when an existing printer connection driver needs to be updated.
- Windows Server 2003 and Windows XP client computers can create a printer connection to any server in their forest using Point and Print.
@@ -475,9 +478,9 @@ If you disable this policy setting:
- Windows Vista client computers can create a printer connection to any server using Point and Print.
-- Windows Vista computers won't show a warning or an elevated command prompt when users create a printer connection to any server using Point and Print.
+- Windows Vista computers won't show a warning or an elevated command prompt, when users create a printer connection to any server using Point and Print.
-- Windows Vista computers won't show a warning or an elevated command prompt when an existing printer connection driver needs to be updated.
+- Windows Vista computers won't show a warning or an elevated command prompt, when an existing printer connection driver needs to be updated.
- Windows Server 2003 and Windows XP client computers can create a printer connection to any server using Point and Print.
@@ -505,6 +508,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -524,11 +528,12 @@ ADMX Info:
Determines whether the computer's shared printers can be published in Active Directory.
-If you enable this setting or don't configure it, users can use the "List in directory" option in the Printer's Properties' Sharing tab to publish shared printers in Active Directory.
+If you enable this setting or don't configure it, users can use the "List in directory" option in the Printer's Properties' on the Sharing tab, to publish shared printers in Active Directory.
If you disable this setting, this computer's shared printers can't be published in Active Directory, and the "List in directory" option isn't available.
-Note: This setting takes priority over the setting "Automatically publish new printers in the Active Directory".
+> [!NOTE]
+> This setting takes priority over the setting "Automatically publish new printers in the Active Directory".
@@ -545,3 +550,6 @@ ADMX Info:
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-privacy.md b/windows/client-management/mdm/policy-csp-privacy.md
index 0bcba72d88..eef582a24e 100644
--- a/windows/client-management/mdm/policy-csp-privacy.md
+++ b/windows/client-management/mdm/policy-csp-privacy.md
@@ -1,21 +1,20 @@
---
title: Policy CSP - Privacy
description: Learn how the Policy CSP - Privacy setting allows or disallows the automatic acceptance of the pairing and privacy user consent dialog when launching apps.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - Privacy
-
@@ -306,6 +305,7 @@ manager: dansimp
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -328,7 +328,6 @@ Allows or disallows the automatic acceptance of the pairing and privacy user con
> [!NOTE]
> There were issues reported with the previous release of this policy and a fix was added in Windows 10, version 1709.
-
Most restricted value is 0.
@@ -352,6 +351,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -402,6 +402,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -419,7 +420,7 @@ The following list shows the supported values:
-Updated in Windows 10, version 1809. This policy specifies whether users on the device have the option to enable online speech recognition. When enabled, users can use their voice for dictation and to talk to Cortana and other apps that use Microsoft cloud-based speech recognition. Microsoft will use voice input to help improve our speech services. If the policy value is set to 0, online speech recognition will be disabled and users cannot enable online speech recognition via settings. If policy value is set to 1 or is not configured, control is deferred to users.
+Updated in Windows 10, version 1809. This policy specifies whether users on the device have the option to enable online speech recognition. When enabled, users can use their voice for dictation, and talk to Cortana and other apps that use Microsoft cloud-based speech recognition. Microsoft will use voice input to help improve our speech services. If the policy value is set to 0, online speech recognition will be disabled and users cannot enable online speech recognition via settings. If policy value is set to 1 or is not configured, control is deferred to users.
Most restricted value is 0.
@@ -452,6 +453,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -503,6 +505,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -523,7 +526,8 @@ The following list shows the supported values:
Enabling this policy prevents the privacy experience from launching during user logon for new and upgraded users.
-Value type is integer.
+Supported value type is integer.
+
- 0 (default) - Allow the "choose privacy settings for your device" screen for a new user during their first logon or when an existing user logs in for the first time after an upgrade.
- 1 - Do not allow the "choose privacy settings for your device" screen when a new user logs in or an existing user logs in for the first time after an upgrade.
@@ -560,6 +564,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -591,7 +596,7 @@ ADMX Info:
The following list shows the supported values:
-- 0 – Disabled. Apps/OS can't publish the activities and roaming is disabled. (not published to the cloud).
+- 0 – Disabled. Apps/OS can't publish the activities and roaming is disabled (not published to the cloud).
- 1 – (default) Enabled. Apps/OS can publish the activities and will be roamed across device graph.
@@ -608,6 +613,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -627,7 +633,6 @@ The following list shows the supported values:
Specifies whether Windows apps can access account information.
-
Most restricted value is 2.
@@ -661,6 +666,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -703,6 +709,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -745,6 +752,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -787,6 +795,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|No|No|
|Education|No|No|
@@ -809,7 +818,7 @@ ADMX Info:
Specifies whether Windows apps can access the movement of the user's head, hands, motion controllers, and other tracked objects, while the apps are running in the background.
-Value type is integer.
+Supported value type is integer.
@@ -842,6 +851,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|No|No|
|Education|No|No|
@@ -864,7 +874,7 @@ The following list shows the supported values:
List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to the user's movements while the apps are running in the background. This setting overrides the default LetAppsAccessBackgroundSpatialPerception policy setting for the specified apps.
-Value type is chr.
+Supported value type is chr.
@@ -892,6 +902,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|No|No|
|Education|No|No|
@@ -914,7 +925,7 @@ ADMX Info:
List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to the user's movements while the apps are running in the background. This setting overrides the default LetAppsAccessBackgroundSpatialPerception policy setting for the specified apps.
-Value type is chr.
+Supported value type is chr.
@@ -942,6 +953,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|No|No|
|Education|No|No|
@@ -965,7 +977,7 @@ ADMX Info:
List of semi-colon delimited Package Family Names of Windows Store Apps.
The user is able to control the user movements privacy setting for the listed apps. This setting overrides the default LetAppsAccessBackgroundSpatialPerception policy setting for the specified apps.
-Value type is chr.
+Supported value type is chr.
@@ -993,6 +1005,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1012,7 +1025,6 @@ ADMX Info:
Specifies whether Windows apps can access the calendar.
-
Most restricted value is 2.
@@ -1046,6 +1058,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1088,6 +1101,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1130,6 +1144,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1172,6 +1187,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1191,7 +1207,6 @@ ADMX Info:
Specifies whether Windows apps can access call history.
-
Most restricted value is 2.
@@ -1225,6 +1240,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1267,6 +1283,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1309,6 +1326,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1351,6 +1369,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1370,7 +1389,6 @@ ADMX Info:
Specifies whether Windows apps can access the camera.
-
Most restricted value is 2.
@@ -1404,6 +1422,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1446,6 +1465,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1488,6 +1508,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1530,6 +1551,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1549,7 +1571,6 @@ ADMX Info:
Specifies whether Windows apps can access contacts.
-
Most restricted value is 2.
@@ -1583,6 +1604,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1625,6 +1647,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1667,6 +1690,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1709,6 +1733,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1728,7 +1753,6 @@ ADMX Info:
Specifies whether Windows apps can access email.
-
Most restricted value is 2.
@@ -1762,6 +1786,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1804,6 +1829,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1846,6 +1872,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1888,6 +1915,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1921,6 +1949,7 @@ This policy setting specifies whether Windows apps can access the eye tracker.
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1954,6 +1983,7 @@ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1987,6 +2017,7 @@ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2020,6 +2051,7 @@ List of semi-colon delimited Package Family Names of Windows Store Apps. The use
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2039,7 +2071,6 @@ List of semi-colon delimited Package Family Names of Windows Store Apps. The use
Specifies whether Windows apps can access location.
-
Most restricted value is 2.
@@ -2073,6 +2104,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2115,6 +2147,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2157,6 +2190,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2199,6 +2233,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2218,7 +2253,6 @@ ADMX Info:
Specifies whether Windows apps can read or send messages (text or MMS).
-
Most restricted value is 2.
@@ -2252,6 +2286,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2294,6 +2329,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2336,6 +2372,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2378,6 +2415,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2397,7 +2435,6 @@ ADMX Info:
Specifies whether Windows apps can access the microphone.
-
Most restricted value is 2.
@@ -2431,6 +2468,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2473,6 +2511,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2515,6 +2554,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2557,6 +2597,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2576,7 +2617,6 @@ ADMX Info:
Specifies whether Windows apps can access motion data.
-
Most restricted value is 2.
@@ -2610,6 +2650,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2652,6 +2693,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2694,6 +2736,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2736,6 +2779,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2755,7 +2799,6 @@ ADMX Info:
Specifies whether Windows apps can access notifications.
-
Most restricted value is 2.
@@ -2789,6 +2832,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2831,6 +2875,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2873,6 +2918,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2915,6 +2961,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2934,7 +2981,6 @@ ADMX Info:
Specifies whether Windows apps can make phone calls.
-
Most restricted value is 2.
@@ -2968,6 +3014,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3010,6 +3057,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3052,6 +3100,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3094,6 +3143,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3113,7 +3163,6 @@ ADMX Info:
Specifies whether Windows apps have access to control radios.
-
Most restricted value is 2.
@@ -3147,6 +3196,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3189,6 +3239,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3231,6 +3282,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3273,6 +3325,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3315,6 +3368,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3357,6 +3411,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3399,6 +3454,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3441,6 +3497,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3460,7 +3517,6 @@ ADMX Info:
Specifies whether Windows apps can access trusted devices.
-
Most restricted value is 2.
@@ -3494,6 +3550,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3536,6 +3593,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3578,6 +3636,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3620,6 +3679,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3670,6 +3730,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3720,6 +3781,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3739,7 +3801,6 @@ The following list shows the supported values:
Force allow, force deny or give user control of apps that can get diagnostic information about other running apps.
-
Most restricted value is 2.
@@ -3773,6 +3834,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3815,6 +3877,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3857,6 +3920,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3899,6 +3963,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3918,8 +3983,8 @@ ADMX Info:
Specifies whether Windows apps can run in the background.
-
Most restricted value is 2.
+
> [!WARNING]
> Be careful when determining which apps should have their background activity disabled. Communication apps normally update tiles and notifications through background processes. Turning off background activity for these types of apps could cause text message, email, and voicemail notifications to not function. This could also cause background email syncing to not function properly.
@@ -3954,6 +4019,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3996,6 +4062,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4013,7 +4080,7 @@ ADMX Info:
-List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied the ability to run in the background. This setting overrides the default LetAppsRunInBackground policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied the ability, to run in the background. This setting overrides the default LetAppsRunInBackground policy setting for the specified apps.
@@ -4038,6 +4105,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4080,6 +4148,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4099,7 +4168,6 @@ ADMX Info:
Specifies whether Windows apps can sync with devices.
-
Most restricted value is 2.
@@ -4133,6 +4201,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4175,6 +4244,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4217,6 +4287,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4259,6 +4330,7 @@ ADMX Info:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4276,7 +4348,7 @@ ADMX Info:
-Allows It Admins to enable publishing of user activities to the activity feed.
+Allows IT Admins to enable publishing of user activities to the activity feed.
@@ -4307,6 +4379,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -4340,3 +4413,6 @@ ADMX Info:
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-remoteassistance.md b/windows/client-management/mdm/policy-csp-remoteassistance.md
index 64c53af12c..eb47527466 100644
--- a/windows/client-management/mdm/policy-csp-remoteassistance.md
+++ b/windows/client-management/mdm/policy-csp-remoteassistance.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - RemoteAssistance
description: Learn how the Policy CSP - RemoteAssistance setting allows you to specify a custom message to display.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - RemoteAssistance
@@ -52,6 +52,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -71,9 +72,9 @@ manager: dansimp
This policy setting lets you customize warning messages.
-The "Display warning message before sharing control" policy setting allows you to specify a custom message to display before users share control of their computers.
+The "Display warning message before sharing control" policy setting allows you to specify a custom message, to display before users share control of their computers.
-The "Display warning message before connecting" policy setting allows you to specify a custom message to display before users allow a connection to their computers.
+The "Display warning message before connecting" policy setting allows you to specify a custom message, to display before users allow a connection to their computers.
If you enable this policy setting, the warning message you specify overrides the default message that is seen by the novice.
@@ -104,6 +105,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -152,6 +154,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -181,7 +184,7 @@ If you enable this policy setting, you have two ways to allow helpers to provide
The "Maximum ticket time" policy setting sets a limit on the amount of time that a Remote Assistance invitation created by using email or file transfer can remain open.
-The "Select the method for sending email invitations" setting specifies which email standard to use to send Remote Assistance invitations. Depending on your email program, you can use either the Mailto standard (the invitation recipient connects through an Internet link) or the SMAPI (Simple MAPI) standard (the invitation is attached to your email message). This policy setting isn't available in Windows Vista since SMAPI is the only method supported.
+The "Select the method for sending email invitations" setting specifies which email standard to use, to send Remote Assistance invitations. Depending on your email program, you can use either the Mailto standard (the invitation recipient connects through an Internet link) or the SMAPI (Simple MAPI) standard (the invitation is attached to your email message). This policy setting isn't available in Windows Vista, since SMAPI is the only method supported.
If you enable this policy setting, you should also enable appropriate firewall exceptions to allow Remote Assistance communications.
@@ -208,6 +211,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -246,23 +250,24 @@ If you enable this policy setting, you should also enable firewall exceptions to
Windows Vista and later
Enable the Remote Assistance exception for the domain profile. The exception must contain:
-Port 135:TCP
-%WINDIR%\System32\msra.exe
-%WINDIR%\System32\raserver.exe
+
+- Port 135:TCP
+- %WINDIR%\System32\msra.exe
+- %WINDIR%\System32\raserver.exe
Windows XP with Service Pack 2 (SP2) and Windows XP Professional x64 Edition with Service Pack 1 (SP1)
-Port 135:TCP
-%WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe
-%WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe
-%WINDIR%\System32\Sessmgr.exe
+- Port 135:TCP
+- %WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe
+- %WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe
+- %WINDIR%\System32\Sessmgr.exe
For computers running Windows Server 2003 with Service Pack 1 (SP1)
-Port 135:TCP
-%WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe
-%WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe
-Allow Remote Desktop Exception
+- Port 135:TCP
+- %WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe
+- %WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe
+- Allow Remote Desktop Exception
@@ -278,3 +283,7 @@ ADMX Info:
+
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-remotedesktop.md b/windows/client-management/mdm/policy-csp-remotedesktop.md
index 7d2559655b..85588a127d 100644
--- a/windows/client-management/mdm/policy-csp-remotedesktop.md
+++ b/windows/client-management/mdm/policy-csp-remotedesktop.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - RemoteDesktop
description: Learn how the Policy CSP - RemoteDesktop setting allows you to specify a custom message to display.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - RemoteDesktop
@@ -41,6 +41,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -59,7 +60,7 @@ manager: dansimp
-This policy allows administrators to enable automatic subscription for the Microsoft Remote Desktop client. If you define this policy, the specified URL is used by the client to silently subscribe the logged on user and retrieve the remote resources assigned to them. To automatically subscribe to Azure Virtual Desktop in the Azure Public cloud, set the URL to `https://rdweb.wvd.microsoft.com/api/arm/feeddiscovery`.
+This policy allows administrators to enable automatic subscription for the Microsoft Remote Desktop client. If you define this policy, the specified URL is used by the client to subscribe the logged on user and retrieve the remote resources assigned to them. To automatically subscribe to Azure Virtual Desktop in the Azure Public cloud, set the URL to `https://rdweb.wvd.microsoft.com/api/arm/feeddiscovery`.
@@ -76,6 +77,7 @@ This policy allows administrators to enable automatic subscription for the Micro
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -93,7 +95,7 @@ This policy allows administrators to enable automatic subscription for the Micro
-This policy allows the user to load the DPAPI cred key from their user profile and decrypt any previously encrypted DPAPI data in the user profile or encrypt any new DPAPI data. This policy is needed when using FSLogix user profiles from Azure AD-joined VMs.
+This policy allows the user to load the DPAPI cred key from their user profile, and decrypt any previously encrypted DPAPI data in the user profile or encrypt any new DPAPI data. This policy is needed when using FSLogix user profiles from Azure AD-joined VMs.
@@ -111,3 +113,7 @@ The following list shows the supported values:
+
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-remotedesktopservices.md b/windows/client-management/mdm/policy-csp-remotedesktopservices.md
index 6519b2d40c..5d03cb7066 100644
--- a/windows/client-management/mdm/policy-csp-remotedesktopservices.md
+++ b/windows/client-management/mdm/policy-csp-remotedesktopservices.md
@@ -1,21 +1,19 @@
---
title: Policy CSP - RemoteDesktopServices
description: Learn how the Policy CSP - RemoteDesktopServices setting allows you to configure remote access to computers by using Remote Desktop Services.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - RemoteDesktopServices
-
-
@@ -35,6 +33,9 @@ manager: dansimp
RemoteDesktopServices/DoNotAllowPasswordSaving
@@ -43,11 +44,11 @@ manager: dansimp
> [!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -60,6 +61,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -85,7 +87,8 @@ If you disable this policy setting, users can't connect remotely to the target c
If you don't configure this policy setting, Remote Desktop Services uses the Remote Desktop setting on the target computer to determine whether the remote connection is allowed. This setting is found on the Remote tab in the System properties sheet. By default, remote connections aren't allowed.
-Note: You can limit which clients are able to connect remotely by using Remote Desktop Services by configuring the policy setting at Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security\Require user authentication for remote connections by using Network Level Authentication.
+> [!NOTE]
+> You can limit which clients are able to connect remotely by using Remote Desktop Services by configuring the policy setting at Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security\Require user authentication for remote connections by using Network Level Authentication.
You can limit the number of users who can connect simultaneously by configuring the policy setting at Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections\Limit number of connections, or by configuring the policy setting Maximum Connections by using the Remote Desktop Session Host WMI Provider.
@@ -112,6 +115,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -129,7 +133,7 @@ ADMX Info:
-Specifies whether to require the use of a specific encryption level to secure communications between client computers and RD Session Host servers during Remote Desktop Protocol (RDP) connections. This policy only applies when you're using native RDP encryption. However, native RDP encryption (as opposed to SSL encryption) isn't recommended. This policy doesn't apply to SSL encryption.
+Specifies whether it requires the use of a specific encryption level to secure communications between client computers and RD Session Host servers during Remote Desktop Protocol (RDP) connections. This policy only applies when you're using native RDP encryption. However, native RDP encryption (as opposed to SSL encryption) isn't recommended. This policy doesn't apply to SSL encryption.
If you enable this policy setting, all communications between clients and RD Session Host servers during remote connections must use the encryption method specified in this setting. By default, the encryption level is set to High. The following encryption methods are available:
@@ -141,9 +145,8 @@ If you enable this policy setting, all communications between clients and RD Ses
If you disable or don't configure this setting, the encryption level to be used for remote connections to RD Session Host servers isn't enforced through Group Policy.
-Important
-
-FIPS compliance can be configured through the System cryptography. Use FIPS compliant algorithms for encryption, hashing, and signing settings in Group Policy (under Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options.) The FIPS compliant setting encrypts and decrypts data sent from the client to the server and from the server to the client, with the Federal Information Processing Standard (FIPS) 140 encryption algorithms, by using Microsoft cryptographic modules. Use this encryption level when communications between clients and RD Session Host servers requires the highest level of encryption.
+> [!IMPORTANT]
+> FIPS compliance can be configured through the System cryptography. Use FIPS compliant algorithms for encryption, hashing, and signing settings in Group Policy (under Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options.) The FIPS compliant setting encrypts and decrypts data sent from the client to the server and from the server to the client, with the Federal Information Processing Standard (FIPS) 140 encryption algorithms, by using Microsoft cryptographic modules. Use this encryption level, when communications between clients and RD Session Host servers requires the highest level of encryption.
@@ -168,6 +171,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -218,6 +222,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -255,6 +260,56 @@ ADMX Info:
+
+**RemoteDesktopServices/DoNotAllowWebAuthnRedirection**
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+This policy setting lets you control the redirection of web authentication (WebAuthn) requests from a Remote Desktop session to the local device. This redirection enables users to authenticate to resources inside the Remote Desktop session using their local authenticator (e.g., Windows Hello for Business, security key, or other).
+
+By default, Remote Desktop allows redirection of WebAuthn requests.
+
+If you enable this policy setting, users can’t use their local authenticator inside the Remote Desktop session.
+
+If you disable or do not configure this policy setting, users can use local authenticators inside the Remote Desktop session.
+
+If you don't configure this policy setting, users can use local authenticators inside the Remote Desktop session.
+
+
+
+ADMX Info:
+- GP Friendly name: *Do not allow WebAuthn redirection*
+- GP name: *TS_WEBAUTHN*
+- GP path: *Windows Components/Remote Desktop Services/Remote Desktop Session Host/Device and Resource Redirection*
+- GP ADMX file name: *terminalserver.admx*
+
+
+
+
+
+
**RemoteDesktopServices/PromptForPasswordUponConnection**
@@ -264,6 +319,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -316,6 +372,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -343,7 +400,8 @@ If the status is set to Disabled, Remote Desktop Services always requests securi
If the status is set to Not Configured, unsecured communication is allowed.
-Note: The RPC interface is used for administering and configuring Remote Desktop Services.
+> [!NOTE]
+> The RPC interface is used for administering and configuring Remote Desktop Services.
@@ -360,3 +418,6 @@ ADMX Info:
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
diff --git a/windows/client-management/mdm/policy-csp-remotemanagement.md b/windows/client-management/mdm/policy-csp-remotemanagement.md
index a0059027d9..ff88b2a36d 100644
--- a/windows/client-management/mdm/policy-csp-remotemanagement.md
+++ b/windows/client-management/mdm/policy-csp-remotemanagement.md
@@ -1,21 +1,19 @@
---
title: Policy CSP - RemoteManagement
description: Learn how the Policy CSP - RemoteManagement setting allows you to manage whether the Windows Remote Management (WinRM) client uses Basic authentication.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - RemoteManagement
-
-
@@ -70,11 +68,11 @@ manager: dansimp
> [!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -87,6 +85,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -133,6 +132,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -179,6 +179,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -225,6 +226,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -271,6 +273,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -330,6 +333,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -376,6 +380,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -422,6 +427,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -468,6 +474,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -514,6 +521,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -560,6 +568,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -579,7 +588,7 @@ ADMX Info:
This policy setting allows you to manage whether the Windows Remote Management (WinRM) service won't allow RunAs credentials to be stored for any plug-ins.
-If you enable this policy setting, the WinRM service won't allow the RunAsUser or RunAsPassword configuration values to be set for any plug-ins. If a plug-in has already set the RunAsUser and RunAsPassword configuration values, the RunAsPassword configuration value will be erased from the credential store on this computer.
+If you enable this policy setting, the WinRM service won't allow the RunAsUser or RunAsPassword configuration values to be set for any plug-ins. If a plug-in has already set the RunAsUser and RunAsPassword configuration values, the RunAsPassword configuration value will be erased from the credential store on this computer.
If you disable or don't configure this policy setting, the WinRM service will allow the RunAsUser and RunAsPassword configuration values to be set for plug-ins and the RunAsPassword value will be stored securely.
@@ -608,6 +617,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -660,6 +670,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -677,9 +688,9 @@ ADMX Info:
-This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses the list specified in TrustedHostsList to determine if the destination host is a trusted entity.
+This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses the list specified in TrustedHostsList to determine, if the destination host is a trusted entity.
-If you enable this policy setting, the WinRM client uses the list specified in TrustedHostsList to determine if the destination host is a trusted entity. The WinRM client uses this list when HTTPS or Kerberos is used to authenticate the identity of the host.
+If you enable this policy setting, the WinRM client uses the list specified in TrustedHostsList to determine, if the destination host is a trusted entity. The WinRM client uses this list when HTTPS or Kerberos is used to authenticate the identity of the host.
If you disable or don't configure this policy setting and the WinRM client needs to use the list of trusted hosts, you must configure the list of trusted hosts locally on each computer.
@@ -706,6 +717,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -756,6 +768,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -798,3 +811,6 @@ ADMX Info:
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md
index c2235cdbb4..8708f25937 100644
--- a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md
+++ b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md
@@ -1,20 +1,19 @@
---
title: Policy CSP - RemoteProcedureCall
description: The Policy CSP - RemoteProcedureCall setting controls whether RPC clients authenticate when the call they're making contains authentication information.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - RemoteProcedureCall
-
@@ -30,11 +29,11 @@ manager: dansimp
> [!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -47,6 +46,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -64,15 +64,16 @@ manager: dansimp
-This policy setting controls whether RPC clients authenticate with the Endpoint Mapper Service when the call they're making contains authentication information. The Endpoint Mapper Service on computers running Windows NT4 (all service packs) can't process authentication information supplied in this manner.
+This policy setting controls whether RPC clients authenticate with the Endpoint Mapper Service, when the call they're making contains authentication information. The Endpoint Mapper Service on computers running Windows NT4 (all service packs) can't process authentication information supplied in this manner.
If you disable this policy setting, RPC clients won't authenticate to the Endpoint Mapper Service, but they'll be able to communicate with the Endpoint Mapper Service on Windows NT4 Server.
-If you enable this policy setting, RPC clients will authenticate to the Endpoint Mapper Service for calls that contain authentication information. Clients making such calls won't be able to communicate with the Windows NT4 Server Endpoint Mapper Service.
+If you enable this policy setting, RPC clients will authenticate to the Endpoint Mapper Service for calls that contain authentication information. Clients making such calls won't be able to communicate with the Windows NT4 Server Endpoint Mapper Service.
-If you don't configure this policy setting, it remains disabled. RPC clients won't authenticate to the Endpoint Mapper Service, but they'll be able to communicate with the Windows NT4 Server Endpoint Mapper Service.
+If you don't configure this policy setting, it remains disabled. RPC clients won't authenticate to the Endpoint Mapper Service, but they'll be able to communicate with the Windows NT4 Server Endpoint Mapper Service.
-Note: This policy won't be applied until the system is rebooted.
+> [!NOTE]
+> This policy won't be applied until the system is rebooted.
@@ -97,6 +98,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -114,13 +116,13 @@ ADMX Info:
-This policy setting controls how the RPC server runtime handles unauthenticated RPC clients connecting to RPC servers.
+This policy setting controls, how the RPC server runtime handles unauthenticated RPC clients connecting to RPC servers.
-This policy setting impacts all RPC applications. In a domain environment, this policy setting should be used with caution as it can impact a wide range of functionality including group policy processing itself. Reverting a change to this policy setting can require manual intervention on each affected machine. This policy setting should never be applied to a domain controller.
+This policy setting impacts all RPC applications. In a domain environment, this policy setting should be used with caution as it can impact a wide range of functionality including group policy processing itself. Reverting a change to this policy setting can require manual intervention on each affected machine. This policy setting should never be applied to a domain controller.
If you disable this policy setting, the RPC server runtime uses the value of "Authenticated" on Windows Client, and the value of "None" on Windows Server versions that support this policy setting.
-If you don't configure this policy setting, it remains disabled. The RPC server runtime will behave as though it was enabled with the value of "Authenticated" used for Windows Client and the value of "None" used for Server SKUs that support this policy setting.
+If you don't configure this policy setting, it remains disabled. The RPC server runtime will behave as though it was enabled with the value of "Authenticated" used for Windows Client, and the value of "None" used for Server SKUs that support this policy setting.
If you enable this policy setting, it directs the RPC server runtime to restrict unauthenticated RPC clients connecting to RPC servers running on a machine. A client will be considered an authenticated client if it uses a named pipe to communicate with the server or if it uses RPC Security. RPC Interfaces that have requested to be accessible by unauthenticated clients may be exempt from this restriction, depending on the selected value for this policy setting.
@@ -128,7 +130,7 @@ If you enable this policy setting, it directs the RPC server runtime to restrict
- "Authenticated" allows only authenticated RPC Clients (per the definition above) to connect to RPC Servers running on the machine on which the policy setting is applied. Exemptions are granted to interfaces that have requested them.
-- "Authenticated without exceptions" allows only authenticated RPC Clients (per the definition above) to connect to RPC Servers running on the machine on which the policy setting is applied. No exceptions are allowed.
+- "Authenticated without exceptions" allows only authenticated RPC Clients (per the definition above) to connect to RPC Servers running on the machine on which the policy setting is applied. No exceptions are allowed.
> [!NOTE]
> This policy setting won't be applied until the system is rebooted.
@@ -148,3 +150,6 @@ ADMX Info:
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-remoteshell.md b/windows/client-management/mdm/policy-csp-remoteshell.md
index 25abffed2e..53820c929c 100644
--- a/windows/client-management/mdm/policy-csp-remoteshell.md
+++ b/windows/client-management/mdm/policy-csp-remoteshell.md
@@ -1,20 +1,19 @@
---
title: Policy CSP - RemoteShell
description: Learn details about the Policy CSP - RemoteShell setting so that you can configure access to remote shells.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - RemoteShell
-
@@ -45,11 +44,11 @@ manager: dansimp
> [!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -62,6 +61,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -108,6 +108,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -127,7 +128,7 @@ ADMX Info:
This policy setting configures the maximum number of users able to concurrently perform remote shell operations on the system.
-The value can be any number from 1 to 100.
+The value can be any number from 1 to 100.
If you enable this policy setting, the new shell connections are rejected if they exceed the specified limit.
@@ -156,6 +157,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -173,7 +175,7 @@ ADMX Info:
-This policy setting configures the maximum time in milliseconds remote shell will stay open without any user activity until it is automatically deleted.
+This policy setting configures the maximum time in milliseconds, and remote shell will stay open without any user activity until it is automatically deleted.
Any value from 0 to 0x7FFFFFFF can be set. A minimum of 60000 milliseconds (1 minute) is used for smaller values.
@@ -204,6 +206,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -252,6 +255,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -273,7 +277,7 @@ This policy setting configures the maximum number of processes a remote shell is
If you enable this policy setting, you can specify any number from 0 to 0x7FFFFFFF to set the maximum number of process per shell. Zero (0) means unlimited number of processes.
-If you disable or do not configure this policy setting, the limit is five processes per shell.
+If you disable or do not configure this policy setting, the limit is five processes per shell.
@@ -298,6 +302,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -315,7 +320,7 @@ ADMX Info:
-This policy setting configures the maximum number of concurrent shells any user can remotely open on the same system.
+This policy setting configures the maximum number of concurrent shells and any user can remotely open on the same system.
Any number from 0 to 0x7FFFFFFF can be set, where 0 means unlimited number of shells.
@@ -346,6 +351,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -380,3 +386,6 @@ ADMX Info:
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-restrictedgroups.md b/windows/client-management/mdm/policy-csp-restrictedgroups.md
index 4c77b145dc..4e4e6b8876 100644
--- a/windows/client-management/mdm/policy-csp-restrictedgroups.md
+++ b/windows/client-management/mdm/policy-csp-restrictedgroups.md
@@ -1,21 +1,21 @@
---
title: Policy CSP - RestrictedGroups
description: Learn how the Policy CSP - RestrictedGroups setting allows an administrator to define the members that are part of a security-sensitive (restricted) group.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 04/07/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - RestrictedGroups
> [!IMPORTANT]
-> Starting from Windows 10, version 20H2, it is recommended to use the [LocalUsersandGroups](policy-csp-localusersandgroups.md) policy instead of the RestrictedGroups policy to configure members (users or AAD groups) to a Windows 10 local group. Applying both the policies to the same device is unsupported and may yield unpredictable results.
+> Starting from Windows 10, version 20H2, it is recommended to use the [LocalUsersandGroups](policy-csp-localusersandgroups.md) policy instead of the RestrictedGroups policy, to configure members (users or Azure Active Directory groups) to a Windows 10 local group. Applying both the policies to the same device is unsupported and may yield unpredictable results.
@@ -41,6 +41,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -60,7 +61,7 @@ manager: dansimp
This security setting allows an administrator to define the members that are part of a security-sensitive (restricted) group. When a Restricted Groups policy is enforced, any current member of a restricted group that is not on the Members list is removed, except for the built-in administrator in the built-in Administrators group. Any user on the Members list who is not currently a member of the restricted group is added. An empty Members list means that the restricted group has no members. The membership configuration is based on SIDS, therefore renaming these built-in groups does not affect retention of this special membership.
-For example, you can create a Restricted Groups policy to allow only specified users, Alice and John, to be members of the Backup Operators group. When this policy is refreshed, only Alice and John will remain as members of the Backup Operators group and all other members will be removed.
+For example, you can create a Restricted Groups policy to allow only specified users. Alice and John, to be members of the Backup Operators group. When this policy is refreshed, only Alice and John will remain as members of the Backup Operators group, and all other members will be removed.
> [!CAUTION]
> Attempting to remove the built-in administrator from the Administrators group will result in failure with the following error:
@@ -69,7 +70,7 @@ For example, you can create a Restricted Groups policy to allow only specified u
> |----------|----------|----------|----------|
> | 0x55b (Hex) 1371 (Dec) |ERROR_SPECIAL_ACCOUNT|Cannot perform this operation on built-in accounts.| winerror.h |
-Starting in Windows 10, version 1809, you can use this schema for retrieval and application of the RestrictedGroups/ConfigureGroupMembership policy. A minimum occurrence of zero members when applying the policy implies clearing the access group and should be used with caution.
+Starting in Windows 10, version 1809, you can use this schema for retrieval and application of the RestrictedGroups/ConfigureGroupMembership policy. A minimum occurrence of zero members when applying the policy implies clearing the access group, and should be used with caution.
```xml
@@ -152,7 +153,7 @@ The following table describes how this policy setting behaves in different Windo
| ------------------ | --------------- |
|Windows 10, version 1803 | Added this policy setting. XML accepts group and member only by name. Supports configuring the administrators group using the group name. Expects member name to be in the account name format. |
| Windows 10, version 1809 Windows 10, version 1903 Windows 10, version 1909 | Supports configuring any local group. `` accepts only name. `` accepts a name or an SID. This is useful when you want to ensure a certain local group always has a well-known SID as member. |
-| Windows 10, version 2004 | Behaves as described in this topic. Accepts name or SID for group and members and translates as appropriate. |
+| Windows 10, version 2004 | Behaves as described in this topic. Accepts name or SID for group and members and translates as appropriate.|
@@ -160,3 +161,7 @@ The following table describes how this policy setting behaves in different Windo
+
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-search.md b/windows/client-management/mdm/policy-csp-search.md
index 68fdb085a9..60777e520f 100644
--- a/windows/client-management/mdm/policy-csp-search.md
+++ b/windows/client-management/mdm/policy-csp-search.md
@@ -1,19 +1,20 @@
---
title: Policy CSP - Search
description: Learn how the Policy CSP - Search setting allows search and Cortana to search cloud sources like OneDrive and SharePoint.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 02/12/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - Search
+
@@ -56,9 +57,6 @@ manager: dansimp
@@ -82,6 +80,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -99,7 +98,7 @@ manager: dansimp
-Allow search and Cortana to search cloud sources like OneDrive and SharePoint. This policy allows corporate administrators to control whether employees can turn off/on the search of these cloud sources. The default policy value is to allow employees access to the setting that controls search of cloud sources.
+Allow Search and Cortana to search cloud sources like OneDrive and SharePoint. This policy allows corporate administrators to control whether employees can turn off/on the search of these cloud sources. The default policy value is to allow employees access to the setting that controls search of cloud sources.
@@ -131,6 +130,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -162,7 +162,7 @@ ADMX Info:
-This value is a simple boolean value, default false, that can be set by MDM policy to allow the Cortana Page in OOBE when logged in with an AAD account.
+This value is a simple boolean value, default false, that can be set by MDM policy to allow the Cortana Page in OOBE when logged in with an Azure Active Directory account.
@@ -179,6 +179,7 @@ This value is a simple boolean value, default false, that can be set by MDM poli
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -233,6 +234,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -252,9 +254,9 @@ The following list shows the supported values:
Allows or disallows the indexing of items. This switch is for the Windows Search Indexer, which controls whether it will index items that are encrypted, such as the Windows Information Protection (WIP) protected files.
-When the policy is enabled, WIP protected items are indexed and the metadata about them are stored in an unencrypted location. The metadata includes things like file path and date modified.
+When the policy is enabled, WIP protected items are indexed and the metadata about them are stored in an unencrypted location. The metadata includes file path and date modified.
-When the policy is disabled, the WIP protected items aren't indexed and don't show up in the results in Cortana or file explorer. There may also be a performance impact on photos and Groove apps if there are many WIP-protected media files on the device.
+When the policy is disabled, the WIP protected items aren't indexed and don't show up in the results in Cortana or file explorer. There may also be a performance impact on photos and Groove apps, if there are many WIP-protected media files on the device.
Most restricted value is 0.
@@ -287,6 +289,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -337,6 +340,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -359,7 +363,6 @@ This policy controls whether search highlights are shown in the search box or in
- If you enable this policy setting, then this setting turns on search highlights in the search box or in the search home.
- If you disable this policy setting, then this setting turns off search highlights in the search box or in the search home.
-
ADMX Info:
@@ -371,11 +374,13 @@ ADMX Info:
The following list shows the supported values in Windows 10:
-- Not Configured/ Enabled (default) – Enabling or not configuring this setting turns on search highlights in the taskbar search box and in search home.
+
+- Not Configured/ Enabled (default) – Enabling or not configuring this setting turns on search highlights in the taskbar search box and in search home.
- Disabled – Disabling this setting turns off search highlights in the taskbar search box and in search home.
The following list shows the supported values in Windows 11:
+
- Not Configured/ Enabled (default) – Enabling or not configuring this setting turns on search highlights in the start menu search box and in search home.
- Disabled – Disabling this setting turns off search highlights in the start menu search box and in search home.
@@ -405,6 +410,7 @@ This policy has been deprecated.
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -424,7 +430,6 @@ This policy has been deprecated.
Allows the use of diacritics.
-
Most restricted value is 0.
@@ -456,6 +461,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -473,7 +479,7 @@ The following list shows the supported values:
-Allow Windows indexer. Value type is integer.
+Allow Windows indexer. Supported value type is integer.
@@ -489,6 +495,7 @@ Allow Windows indexer. Value type is integer.
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -508,7 +515,6 @@ Allow Windows indexer. Value type is integer.
Specifies whether to always use automatic language detection when indexing content and properties.
-
Most restricted value is 0.
@@ -540,6 +546,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -588,6 +595,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -631,57 +639,6 @@ The following list shows the supported values:
-
-**Search/DisableSearch**
-
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|No|Yes|
-|Business|No|Yes|
-|Enterprise|No|Yes|
-|Education|No|Yes|
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-This policy setting completely disables Search UI and all its entry points such as keyboard shortcuts and touch-pad gestures.
-
-It removes the Search button from the Taskbar and the corresponding option in the Settings. It also disables type-to-search in the Start menu and removes the Start menu's search box.
-
-
-
-ADMX Info:
-
-- GP Friendly name: *Fully disable Search UI*
-- GP name: *DisableSearch*
-- GP path: *Windows Components/Search*
-- GP ADMX file name: *Search.admx*
-
-
-
-The following list shows the supported values:
-
-- 0 (default) – Do not disable search.
-- 1 – Disable search.
-
-
-
-
-
-
**Search/DoNotUseWebResults**
@@ -691,6 +648,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -712,9 +670,9 @@ Don't search the web or display web results in Search, or show search highlights
This policy setting allows you to control whether or not Search can perform queries on the web, if web results are displayed in Search, and if search highlights are shown in the search box and in search home.
-- If you enable this policy setting, queries won't be performed on the web, web results won't be displayed when a user performs a query in Search, and search highlights won't be shown in the search box and in search home.
+- If you enable this policy setting, queries won't be performed on the web. Web results won't be displayed when a user performs a query in Search, and search highlights won't be shown in the search box and in search home.
-- If you disable this policy setting, queries will be performed on the web, web results will be displayed when a user performs a query in Search, and search highlights will be shown in the search box and in search home.
+- If you disable this policy setting, queries will be performed on the web. Web results will be displayed when a user performs a query in Search, and search highlights will be shown in the search box and in search home.
@@ -728,8 +686,8 @@ ADMX Info:
The following list shows the supported values:
-- 0 - Not allowed. Queries won't be performed on the web, web results won't be displayed when a user performs a query in Search, and search highlights won't be shown in the search box and in search home.
-- 1 (default) - Allowed. Queries will be performed on the web, web results will be displayed when a user performs a query in Search, and search highlights will be shown in the search box and in search home.
+- 0 - Not allowed. Queries won't be performed on the web. Web results won't be displayed when a user performs a query in Search, and search highlights won't be shown in the search box and in search home.
+- 1 (default) - Allowed. Queries will be performed on the web. Web results will be displayed when a user performs a query in Search, and search highlights will be shown in the search box and in search home.
@@ -745,6 +703,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -764,7 +723,7 @@ The following list shows the supported values:
Enabling this policy prevents indexing from continuing after less than the specified amount of hard drive space is left on the same drive as the index location. Select between 0 and 1.
-Enable this policy if computers in your environment have limited hard drive space.
+Enable this policy, if computers in your environment have limited hard drive space.
When this policy is disabled or not configured, Windows Desktop Search automatically manages your index size.
@@ -797,6 +756,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -814,7 +774,7 @@ The following list shows the supported values:
-If enabled, clients will be unable to query this computer's index remotely. Thus, when they are browsing network shares that are stored on this computer, they will not search them using the index. If disabled, client search requests will use this computer's index.
+If enabled, clients will be unable to query this computer's index remotely. Thus, when they're browsing network shares that are stored on this computer, they won't search them using the index. If disabled, client search requests will use this computer's index..
@@ -839,3 +799,6 @@ The following list shows the supported values:
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-security.md b/windows/client-management/mdm/policy-csp-security.md
index dcf870fbf8..dced08216c 100644
--- a/windows/client-management/mdm/policy-csp-security.md
+++ b/windows/client-management/mdm/policy-csp-security.md
@@ -1,20 +1,19 @@
---
title: Policy CSP - Security
description: Learn how the Policy CSP - Security setting can specify whether to allow the runtime configuration agent to install provisioning packages.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - Security
-
@@ -53,7 +52,6 @@ manager: dansimp
-
@@ -65,6 +63,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -127,6 +126,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -167,6 +167,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|||
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -185,7 +186,7 @@ The following list shows the supported values:
-Admin access is required. The prompt will appear on first admin logon after a reboot when the TPM is in a non-ready state that can be remediated with a TPM Clear. The prompt will have a description of what clearing the TPM does and that it requires a reboot. The user can dismiss it, but it will appear on next admin logon after restart.
+Admin access is required. The prompt will appear on first admin logon after a reboot, when the TPM is in a non-ready state that can be remediated with a TPM Clear. The prompt will have a description of what clearing the TPM does and that it requires a reboot. The user can dismiss it, but it will appear on next admin logon after restart.
@@ -200,7 +201,7 @@ ADMX Info:
The following list shows the supported values:
- 0 (default) – Won't force recovery from a non-ready TPM state.
-- 1 – Will prompt to clear the TPM if the TPM is in a non-ready state (or reduced functionality) which can be remediated with a TPM Clear.
+- 1 – Will prompt to clear the TPM, if the TPM is in a non-ready state (or reduced functionality) which can be remediated with a TPM Clear.
@@ -216,6 +217,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -242,9 +244,9 @@ Configures the use of passwords for Windows features.
The following list shows the supported values:
-- 0 -Disallow passwords (Asymmetric credentials will be promoted to replace passwords on Windows features)
-- 1- Allow passwords (Passwords continue to be allowed to be used for Windows features)
-- 2- Default (Feature defaults as per SKU and device capabilities. Windows 10 S devices will exhibit "Disallow passwords" default, and all other devices will default to "Allow passwords")
+- 0 -Disallow passwords (Asymmetric credentials will be promoted to replace passwords on Windows features).
+- 1- Allow passwords (Passwords continue to be allowed to be used for Windows features).
+- 2- Default (Feature defaults as per SKU and device capabilities. Windows 10 S devices will exhibit "Disallow passwords" default, and all other devices will default to "Allow passwords").
@@ -260,6 +262,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -303,6 +306,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -324,9 +328,10 @@ The following list shows the supported values:
This policy controls the Admin Authentication requirement in RecoveryEnvironment.
Supported values:
-- 0 - Default: Keep using default(current) behavior
-- 1 - RequireAuthentication: Admin Authentication is always required for components in RecoveryEnvironment
-- 2 - NoRequireAuthentication: Admin Authentication isn't required for components in RecoveryEnvironment
+
+- 0 - Default: Keep using default(current) behavior.
+- 1 - RequireAuthentication: Admin Authentication is always required for components in RecoveryEnvironment.
+- 2 - NoRequireAuthentication: Admin Authentication isn't required for components in RecoveryEnvironment.
@@ -374,6 +379,7 @@ If the MDM policy is set to "NoRequireAuthentication" (2)
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -393,7 +399,6 @@ If the MDM policy is set to "NoRequireAuthentication" (2)
Allows enterprise to turn on internal storage encryption.
-
Most restricted value is 1.
> [!IMPORTANT]
@@ -420,6 +425,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -460,6 +466,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -477,8 +484,7 @@ The following list shows the supported values:
-Specifies whether to retrieve and post TCG Boot logs, and get or cache an encrypted or signed Health Attestation Report from the Microsoft Health Attestation Service (HAS) when a device boots or reboots.
-
+Specifies whether to retrieve and post TCG Boot logs, and get or cache an encrypted or signed Health Attestation Report from the Microsoft Health Attestation Service (HAS), when a device boots or reboots.
Setting this policy to 1 (Required):
@@ -488,7 +494,6 @@ Setting this policy to 1 (Required):
> [!NOTE]
> We recommend that this policy is set to Required after MDM enrollment.
-
Most restricted value is 1.
@@ -504,3 +509,7 @@ The following list shows the supported values:
+
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-servicecontrolmanager.md b/windows/client-management/mdm/policy-csp-servicecontrolmanager.md
index 118dd3a3a7..20f852795a 100644
--- a/windows/client-management/mdm/policy-csp-servicecontrolmanager.md
+++ b/windows/client-management/mdm/policy-csp-servicecontrolmanager.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - ServiceControlManager
description: Learn how the Policy CSP - ServiceControlManager setting enables process mitigation options on svchost.exe processes.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -12,8 +12,6 @@ ms.date: 09/27/2019
# Policy CSP - ServiceControlManager
-
-
@@ -25,7 +23,6 @@ ms.date: 09/27/2019
-
@@ -37,6 +34,7 @@ ms.date: 09/27/2019
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -67,11 +65,11 @@ If you disable or do not configure this policy setting, the stricter security se
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -96,3 +94,7 @@ Supported values:
+
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-settings.md b/windows/client-management/mdm/policy-csp-settings.md
index 1b0e0f8bc4..37e5e21450 100644
--- a/windows/client-management/mdm/policy-csp-settings.md
+++ b/windows/client-management/mdm/policy-csp-settings.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - Settings
description: Learn how to use the Policy CSP - Settings setting so that you can allow the user to change Auto Play settings.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - Settings
@@ -64,7 +64,6 @@ manager: dansimp
-
@@ -76,6 +75,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -120,6 +120,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -163,6 +164,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -249,7 +251,7 @@ This policy disables edit device name option on Settings.
-Describes what values are supported in by this policy and meaning of each value, default value.
+Describes what values are supported in/by this policy and meaning of each value, and default value.
@@ -265,6 +267,7 @@ Describes what values are supported in by this policy and meaning of each value,
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -306,6 +309,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -350,6 +354,7 @@ ADMX Info:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -391,6 +396,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -432,6 +438,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -473,6 +480,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -513,6 +521,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -554,6 +563,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -594,6 +604,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -611,7 +622,7 @@ The following list shows the supported values:
-Allows IT Admins to configure the default setting for showing more calendars (besides the default calendar for the locale) in the taskbar clock and calendar flyout. Other supported calendars are: Simplified or Traditional Chinese lunar calendar. Turning on one of these calendars will display Chinese lunar dates below the default calendar for the locale. Select "Don't show additional calendars" to prevent showing other calendars besides the default calendar for the locale.
+Allows IT Admins to configure the default setting for showing more calendars (besides the default calendar for the locale) in the taskbar clock and calendar flyout. Other supported calendars are: Simplified or Traditional Chinese lunar calendar. Turning on one of these calendars will display Chinese lunar dates below the default calendar for the locale. Select "Don't show additional calendars" to prevent showing other calendars besides the default calendar for the locale.
@@ -644,6 +655,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -664,21 +676,21 @@ The following list shows the supported values:
Allows IT Admins to either:
-- Prevent specific pages in the System Settings app from being visible or accessible
+- Prevent specific pages in the System Settings app from being visible or accessible.
OR
-- To do so for all pages except the pages you enter
+- To do so for all pages except the pages you enter.
The mode will be specified by the policy string beginning with either the string `showonly:` or `hide:`. Pages are identified by a shortened version of their already published URIs, which is the URI minus the "ms-settings:" prefix.
-For example, if the URI for a settings page is "ms-settings:bluetooth", the page identifier used in the policy will be just "bluetooth". Multiple page identifiers are separated by semicolons. For more information on the URI reference scheme used for the various pages of the System Settings app, see [ms-settings: URI scheme reference](/windows/uwp/launch-resume/launch-settings-app#ms-settings-uri-scheme-reference).
+For example, if the URI for a settings page is "ms-settings:bluetooth", the page identifier used in the policy will be just "bluetooth". Multiple page identifiers are separated by semicolons. For more information on the URI reference scheme used for the various pages of the System Settings app, see [ms-settings: URI scheme reference](/windows/uwp/launch-resume/launch-settings-app#ms-settings-uri-scheme-reference).
The following example shows a policy that allows access only to the **about** and **bluetooth** pages, which have URI "ms-settings:about" and "ms-settings:bluetooth" respectively:
`showonly:about;bluetooth`
-If the policy isn't specified, then the behavior is that no pages are affected. If the policy string is formatted incorrectly, then it's ignored (that is, treated as not set). It's ignored to prevent the machine from becoming unserviceable if data corruption occurs. If a page is already hidden for another reason, then it stays hidden, even if the page is in a `showonly:` list.
+If the policy isn't specified, then the behavior is that no pages are affected. If the policy string is formatted incorrectly, then it's ignored (that is, treated as not set). It's ignored to prevent the machine from becoming unserviceable, if data corruption occurs. If a page is already hidden for another reason, then it stays hidden, even if the page is in a `showonly:` list.
The format of the PageVisibilityList value is as follows:
@@ -721,3 +733,6 @@ To validate on Desktop, use the following steps:
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-smartscreen.md b/windows/client-management/mdm/policy-csp-smartscreen.md
index 5da64f872e..11d6e32c39 100644
--- a/windows/client-management/mdm/policy-csp-smartscreen.md
+++ b/windows/client-management/mdm/policy-csp-smartscreen.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - SmartScreen
description: Use the Policy CSP - SmartScreen setting to allow IT Admins to control whether users are allowed to install apps from places other than the Store.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - SmartScreen
@@ -44,6 +44,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -95,6 +96,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -143,6 +145,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-speech.md b/windows/client-management/mdm/policy-csp-speech.md
index fe81410adf..b97360b3f1 100644
--- a/windows/client-management/mdm/policy-csp-speech.md
+++ b/windows/client-management/mdm/policy-csp-speech.md
@@ -1,20 +1,19 @@
---
title: Policy CSP - Speech
description: Learn how the Policy CSP - Speech setting specifies whether the device will receive updates to the speech recognition and speech synthesis models.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - Speech
-
@@ -26,7 +25,6 @@ manager: dansimp
-
@@ -38,6 +36,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -79,3 +78,6 @@ The following list shows the supported values:
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-start.md b/windows/client-management/mdm/policy-csp-start.md
index f760f05bc0..e794d81f7b 100644
--- a/windows/client-management/mdm/policy-csp-start.md
+++ b/windows/client-management/mdm/policy-csp-start.md
@@ -1,20 +1,19 @@
---
title: Policy CSP - Start
description: Use the Policy CSP - Start setting to control the visibility of the Documents shortcut on the Start menu.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - Start
-
@@ -119,18 +118,19 @@ manager: dansimp
-
**Start/AllowPinnedFolderDocuments**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -156,7 +156,7 @@ The following list shows the supported values:
- 0 – The shortcut is hidden and disables the setting in the Settings app.
- 1 – The shortcut is visible and disables the setting in the Settings app.
-- 65535 (default) - there's no enforced configuration and the setting can be changed by the user.
+- 65535 (default) - There's no enforced configuration, and the setting can be changed by the user.
@@ -167,11 +167,13 @@ The following list shows the supported values:
**Start/AllowPinnedFolderDownloads**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -197,7 +199,7 @@ The following list shows the supported values:
- 0 – The shortcut is hidden and disables the setting in the Settings app.
- 1 – The shortcut is visible and disables the setting in the Settings app.
-- 65535 (default) - there's no enforced configuration and the setting can be changed by the user.
+- 65535 (default) - There's no enforced configuration, and the setting can be changed by the user.
@@ -208,11 +210,13 @@ The following list shows the supported values:
**Start/AllowPinnedFolderFileExplorer**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -238,7 +242,7 @@ The following list shows the supported values:
- 0 – The shortcut is hidden and disables the setting in the Settings app.
- 1 – The shortcut is visible and disables the setting in the Settings app.
-- 65535 (default) - there's no enforced configuration and the setting can be changed by the user.
+- 65535 (default) - There's no enforced configuration, and the setting can be changed by the user.
@@ -249,11 +253,13 @@ The following list shows the supported values:
**Start/AllowPinnedFolderHomeGroup**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -279,7 +285,7 @@ The following list shows the supported values:
- 0 – The shortcut is hidden and disables the setting in the Settings app.
- 1 – The shortcut is visible and disables the setting in the Settings app.
-- 65535 (default) - there's no enforced configuration and the setting can be changed by the user.
+- 65535 (default) - There's no enforced configuration, and the setting can be changed by the user.
@@ -290,11 +296,13 @@ The following list shows the supported values:
**Start/AllowPinnedFolderMusic**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -320,7 +328,7 @@ The following list shows the supported values:
- 0 – The shortcut is hidden and disables the setting in the Settings app.
- 1 – The shortcut is visible and disables the setting in the Settings app.
-- 65535 (default) - there's no enforced configuration and the setting can be changed by the user.
+- 65535 (default) - There's no enforced configuration, and the setting can be changed by the user.
@@ -331,11 +339,13 @@ The following list shows the supported values:
**Start/AllowPinnedFolderNetwork**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -361,7 +371,7 @@ The following list shows the supported values:
- 0 – The shortcut is hidden and disables the setting in the Settings app.
- 1 – The shortcut is visible and disables the setting in the Settings app.
-- 65535 (default) - there's no enforced configuration and the setting can be changed by the user.
+- 65535 (default) - There's no enforced configuration, and the setting can be changed by the user.
@@ -372,11 +382,13 @@ The following list shows the supported values:
**Start/AllowPinnedFolderPersonalFolder**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -402,7 +414,7 @@ The following list shows the supported values:
- 0 – The shortcut is hidden and disables the setting in the Settings app.
- 1 – The shortcut is visible and disables the setting in the Settings app.
-- 65535 (default) - there's no enforced configuration and the setting can be changed by the user.
+- 65535 (default) - There's no enforced configuration, and the setting can be changed by the user.
@@ -413,11 +425,13 @@ The following list shows the supported values:
**Start/AllowPinnedFolderPictures**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -443,7 +457,7 @@ The following list shows the supported values:
- 0 – The shortcut is hidden and disables the setting in the Settings app.
- 1 – The shortcut is visible and disables the setting in the Settings app.
-- 65535 (default) - there's no enforced configuration and the setting can be changed by the user.
+- 65535 (default) - There's no enforced configuration, and the setting can be changed by the user.
@@ -454,11 +468,13 @@ The following list shows the supported values:
**Start/AllowPinnedFolderSettings**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -484,7 +500,7 @@ The following list shows the supported values:
- 0 – The shortcut is hidden and disables the setting in the Settings app.
- 1 – The shortcut is visible and disables the setting in the Settings app.
-- 65535 (default) - there's no enforced configuration and the setting can be changed by the user.
+- 65535 (default) - There's no enforced configuration, and the setting can be changed by the user.
@@ -495,11 +511,13 @@ The following list shows the supported values:
**Start/AllowPinnedFolderVideos**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -525,7 +543,7 @@ The following list shows the supported values:
- 0 – The shortcut is hidden and disables the setting in the Settings app.
- 1 – The shortcut is visible and disables the setting in the Settings app.
-- 65535 (default) - there's no enforced configuration and the setting can be changed by the user.
+- 65535 (default) - There's no enforced configuration, and the setting can be changed by the user.
@@ -597,11 +615,13 @@ This string policy will take a JSON file (expected name LayoutModification.json)
**Start/DisableContextMenus**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -652,11 +672,13 @@ The following list shows the supported values:
**Start/ForceStartSize**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -678,7 +700,6 @@ The following list shows the supported values:
Forces the start screen size.
-
If there's policy configuration conflict, the latest configuration request is applied to the device.
@@ -698,11 +719,13 @@ The following list shows the supported values:
**Start/HideAppList**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -729,10 +752,9 @@ Allows IT Admins to configure Start by collapsing or removing the all apps list.
> [!Note]
> There were issues reported with the previous release of this policy and a fix was added in Windows 10, version 1709.
-
To validate on Desktop, do the following steps:
-- 1 - Enable policy and restart explorer.exe
+- 1 - Enable policy and restart explorer.exe.
- 2a - If set to '1': Verify that the all apps list is collapsed, and that the Settings toggle isn't grayed out.
- 2b - If set to '2': Verify that the all apps list is collapsed, and that the Settings toggle is grayed out.
- 2c - If set to '3': Verify that there's no way of opening the all apps list from Start, and that the Settings toggle is grayed out.
@@ -755,11 +777,13 @@ The following list shows the supported values:
**Start/HideChangeAccountSettings**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -802,11 +826,13 @@ To validate on Desktop, do the following steps:
**Start/HideFrequentlyUsedApps**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -844,8 +870,8 @@ To validate on Desktop, do the following steps:
1. Enable "Show most used apps" in the Settings app.
2. Use some apps to get them into the most used group in Start.
3. Enable policy.
-4. Restart explorer.exe
-5. Check that "Show most used apps" Settings toggle is grayed out.
+4. Restart explorer.exe.
+5. Check that "Show most used apps" Settings toggle is grayed out.
6. Check that most used apps don't appear in Start.
@@ -857,11 +883,13 @@ To validate on Desktop, do the following steps:
**Start/HideHibernate**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -881,7 +909,6 @@ To validate on Desktop, do the following steps:
Allows IT Admins to configure Start by hiding "Hibernate" from appearing in the Power button.
-
> [!NOTE]
> This policy can only be verified on laptops as "Hibernate" doesn't appear on regular PC's.
@@ -908,11 +935,13 @@ To validate on Laptop, do the following steps:
**Start/HideLock**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -955,11 +984,13 @@ To validate on Desktop, do the following steps:
**Start/HidePeopleBar**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -979,7 +1010,7 @@ To validate on Desktop, do the following steps:
Enabling this policy removes the people icon from the taskbar and the corresponding settings toggle. It also prevents users from pinning people to the taskbar.
-Value type is integer.
+Supported value type is integer.
@@ -1005,11 +1036,13 @@ The following list shows the supported values:
**Start/HidePowerButton**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1055,11 +1088,13 @@ To validate on Desktop, do the following steps:
**Start/HideRecentJumplists**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1098,7 +1133,7 @@ To validate on Desktop, do the following steps:
3. Right click the pinned photos app and verify that a jump list of recently opened items pops up.
4. Toggle "Show recently opened items in Jump Lists on Start of the taskbar" in Settings to clear jump lists.
5. Enable policy.
-6. Restart explorer.exe
+6. Restart explorer.exe.
7. Check that Settings toggle is grayed out.
8. Repeat Step 2.
9. Right Click pinned photos app and verify that there's no jump list of recent items.
@@ -1112,11 +1147,13 @@ To validate on Desktop, do the following steps:
**Start/HideRecentlyAddedApps**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1162,7 +1199,7 @@ To validate on Desktop, do the following steps:
1. Enable "Show recently added apps" in the Settings app.
2. Check if there are recently added apps in Start (if not, install some).
3. Enable policy.
-4. Restart explorer.exe
+4. Restart explorer.exe.
5. Check that "Show recently added apps" Settings toggle is grayed out.
6. Check that recently added apps don't appear in Start.
@@ -1175,11 +1212,13 @@ To validate on Desktop, do the following steps:
**Start/HideRestart**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1222,11 +1261,13 @@ To validate on Desktop, do the following steps:
**Start/HideShutDown**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1269,11 +1310,13 @@ To validate on Desktop, do the following steps:
**Start/HideSignOut**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1316,11 +1359,13 @@ To validate on Desktop, do the following steps:
**Start/HideSleep**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1363,11 +1408,13 @@ To validate on Desktop, do the following steps:
**Start/HideSwitchAccount**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1410,11 +1457,13 @@ To validate on Desktop, do the following steps:
**Start/HideUserTile**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1461,11 +1510,13 @@ To validate on Desktop, do the following steps:
**Start/ImportEdgeAssets**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1497,16 +1548,16 @@ Here's more SKU support information:
This policy imports Edge assets (for example, .png/.jpg files) for secondary tiles into its local app data path, which allows the StartLayout policy to pin Edge secondary tiles as weblink that ties to the image asset files.
> [!IMPORTANT]
-> Please note that the import happens only when StartLayout policy is changed. So it is better to always change ImportEdgeAssets policy at the same time as StartLayout policy whenever there are Edge secondary tiles to be pinned from StartLayout policy.
+> Please note that the import happens only when StartLayout policy is changed. So it is better to always change ImportEdgeAssets policy at the same time as StartLayout policy, whenever there are Edge secondary tiles to be pinned from StartLayout policy.
-The value set for this policy is an XML string containing Edge assets. For an example XML string, see [Add image for secondary Microsoft Edge tiles](/windows/configuration/start-secondary-tiles).
+The value set for this policy is an XML string containing Edge assets. For an example XML string, see [Add image for secondary Microsoft Edge tiles](/windows/configuration/start-secondary-tiles).
To validate on Desktop, do the following steps:
1. Set policy with an XML for Edge assets.
-2. Set StartLayout policy to anything so that it would trigger the Edge assets import.
+2. Set StartLayout policy to anything so that would trigger the Edge assets import.
3. Sign out/in.
4. Verify that all Edge assets defined in XML show up in %LOCALAPPDATA%\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState path.
@@ -1519,11 +1570,13 @@ To validate on Desktop, do the following steps:
**Start/NoPinningToTaskbar**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1541,7 +1594,7 @@ To validate on Desktop, do the following steps:
-Allows IT Admins to configure the taskbar by disabling pinning and unpinning apps on the taskbar.
+Allows IT Admins to configure the taskbar by disabling, pinning, and unpinning apps on the taskbar.
@@ -1565,7 +1618,6 @@ To validate on Desktop, do the following steps:
-
**Start/ShowOrHideMostUsedApps**
@@ -1622,9 +1674,9 @@ To validate on Desktop, do the following steps:
The following list shows the supported values:
-- 1 - Force showing of Most Used Apps in Start Menu, user can't change in Settings
-- 0 - Force hiding of Most Used Apps in Start Menu, user can't change in Settings
-- Not set - User can use Settings to hide or show Most Used Apps in Start Menu
+- 1 - Force showing of Most Used Apps in Start Menu, user can't change in Settings.
+- 0 - Force hiding of Most Used Apps in Start Menu, user can't change in Settings.
+- Not set - User can use Settings to hide or show Most Used Apps in Start Menu.
On clean install, the user setting defaults to "hide".
@@ -1638,11 +1690,13 @@ On clean install, the user setting defaults to "hide".
**Start/StartLayout**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -1672,7 +1726,7 @@ Here's more SKU support information:
|Windows 10, version 1607 and later |Enterprise, Education, Business |
|Windows 10, version 1709 and later |Enterprise, Education, Business, Pro, ProEducation, S, ProWorkstation |
-Allows you to override the default Start layout and prevents the user from changing it. If both user and device policies are set, the user policy will be used. Apps pinned to the taskbar can also be changed with this policy
+Allows you to override the default Start layout and prevents the user from changing it. If both user and device policies are set, the user policy will be used. Apps pinned to the taskbar can also be changed with this policy.
For more information on how to customize the Start layout, see [Customize and export Start layout](/windows/configuration/customize-and-export-start-layout) and [Configure Windows 10 taskbar](/windows/configuration/configure-windows-10-taskbar).
@@ -1689,3 +1743,7 @@ ADMX Info:
+
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-storage.md b/windows/client-management/mdm/policy-csp-storage.md
index 383f6aedfb..d0117fde5d 100644
--- a/windows/client-management/mdm/policy-csp-storage.md
+++ b/windows/client-management/mdm/policy-csp-storage.md
@@ -1,20 +1,19 @@
---
title: Policy CSP - Storage
description: Learn to use the Policy CSP - Storage settings to automatically clean some of the user’s files to free up disk space.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 03/25/2022
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - Storage
-
@@ -65,18 +64,19 @@ manager: dansimp
-
**Storage/AllowDiskHealthModelUpdates**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -96,7 +96,7 @@ manager: dansimp
Allows disk health model updates.
-Value type is integer.
+Supported value type is integer.
@@ -122,16 +122,19 @@ The following list shows the supported values:
**Storage/AllowStorageSenseGlobal**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|||
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
-Note: Versions prior to version 1903 don't support group policy.
+> [!NOTE]
+> Versions prior to version 1903 don't support group policy.
@@ -146,7 +149,7 @@ Note: Versions prior to version 1903 don't support group policy.
-Storage Sense can automatically clean some of the user’s files to free up disk space. By default, Storage Sense is automatically turned on when the machine runs into low disk space and is set to run whenever the machine runs into storage pressure. This cadence can be changed in Storage settings or set with the Storage/ConfigStorageSenseGlobalCadence group policy.
+Storage Sense can automatically clean some of the user’s files to free up disk space. By default, Storage Sense is automatically turned on when the machine runs into low disk space, and it is set to run whenever the machine runs into storage pressure. This cadence can be changed in Storage settings or set with the Storage/ConfigStorageSenseGlobalCadence group policy.
If you enable this policy setting without setting a cadence, Storage Sense is turned on for the machine with the default cadence of "during low free disk space." Users can't disable Storage Sense, but they can adjust the cadence (unless you also configure the Storage/ConfigStorageSenseGlobalCadence group policy).
@@ -179,16 +182,19 @@ ADMX Info:
**Storage/AllowStorageSenseTemporaryFilesCleanup**
+Versions prior to version 1903 don't support group policy.
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|||
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
-Note: Versions prior to version 1903 don't support group policy.
+> [!NOTE]
+> Versions prior to version 1903 don't support group policy.
@@ -239,16 +245,19 @@ ADMX Info:
**Storage/ConfigStorageSenseCloudContentDehydrationThreshold**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|||
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
-Note: Versions prior to version 1903 don't support group policy.
+> [!NOTE]
+> Versions prior to version 1903 don't support group policy.
@@ -299,16 +308,19 @@ ADMX Info:
**Storage/ConfigStorageSenseDownloadsCleanupThreshold**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|||
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
-Note: Versions prior to version 1903 don't support group policy.
+> [!NOTE]
+> Versions prior to version 1903 don't support group policy.
@@ -359,16 +371,19 @@ ADMX Info:
**Storage/ConfigStorageSenseGlobalCadence**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|||
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
-Note: Versions prior to version 1903 don't support group policy.
+> [!NOTE]
+> Versions prior to version 1903 don't support group policy.
@@ -425,16 +440,19 @@ ADMX Info:
**Storage/ConfigStorageSenseRecycleBinCleanupThreshold**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|||
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
-Note: Versions prior to version 1903 don't support group policy.
+> [!NOTE]
+> Versions prior to version 1903 don't support group policy.
@@ -485,11 +503,13 @@ ADMX Info:
**Storage/EnhancedStorageDevices**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -509,17 +529,17 @@ ADMX Info:
This policy setting configures whether or not Windows will activate an Enhanced Storage device.
-If you enable this policy setting, Windows won't activate unactivated Enhanced Storage devices.
+If you enable this policy setting, Windows won't activate un-activated Enhanced Storage devices.
-If you disable or don't configure this policy setting, Windows will activate unactivated Enhanced Storage devices.
+If you disable or don't configure this policy setting, Windows will activate un-activated Enhanced Storage devices.
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -537,11 +557,13 @@ ADMX Info:
**Storage/RemovableDiskDenyWriteAccess**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -564,7 +586,7 @@ If you enable this policy setting, write access is denied to this removable stor
> [!Note]
> To require that users write data to BitLocker-protected storage, enable the policy setting "Deny write access to drives not protected by BitLocker," which is located in "Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives."
-Supported values:
+Supported values for this policy are:
- 0 - Disable
- 1 - Enable
@@ -597,11 +619,13 @@ See [Use custom settings for Windows 10 devices in Intune](/intune/custom-settin
**Storage/WPDDevicesDenyReadAccessPerDevice**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -621,16 +645,16 @@ See [Use custom settings for Windows 10 devices in Intune](/intune/custom-settin
This policy will do the enforcement over the following protocols that are used by most portable devices, for example, mobile/IOS/Android:
-- Picture Transfer Protocol (PTP) over USB, IP, and Bluetooth
-- Media Transfer Protocol (MTP) over USB, IP, and Bluetooth
-- Mass Storage Class (MSC) over USB
+- Picture Transfer Protocol (PTP) over USB, IP, and Bluetooth.
+- Media Transfer Protocol (MTP) over USB, IP, and Bluetooth.
+- Mass Storage Class (MSC) over USB.
To enable this policy, the minimum OS requirement is Windows 10, version 1809 and [KB5003217 (OS Build 17763.1971)](https://support.microsoft.com/en-us/topic/may-20-2021-kb5003217-os-build-17763-1971-preview-08687c95-0740-421b-a205-54aa2c716b46).
If enabled, this policy will block end-user from Read access on any Windows Portal devices, for example, mobile/iOS/Android.
>[!NOTE]
-> WPD policy is not a reliable policy for removable storage - admin can not use WPD policy to block removable storage, for example, if an end-user is using an USB thumb drive under a WPD policy, the policy may block PTP/MTP/etc, but end-user can still browser the USB via explorer.
+> WPD policy is not a reliable policy for removable storage - admin can not use WPD policy to block removable storage. For example, if an end-user is using an USB thumb drive under a WPD policy, the policy may block PTP/MTP/etc, but end-user can still browse the USB via explorer.
Supported values for this policy are:
- Not configured
@@ -659,11 +683,13 @@ ADMX Info:
**Storage/WPDDevicesDenyReadAccessPerUser**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -683,16 +709,16 @@ ADMX Info:
This policy will do the enforcement over the following protocols that are used by most portable devices, for example, mobile/IOS/Android:
-- Picture Transfer Protocol (PTP) over USB, IP, and Bluetooth
-- Media Transfer Protocol (MTP) over USB, IP, and Bluetooth
-- Mass Storage Class (MSC) over USB
+- Picture Transfer Protocol (PTP) over USB, IP, and Bluetooth.
+- Media Transfer Protocol (MTP) over USB, IP, and Bluetooth.
+- Mass Storage Class (MSC) over USB.
To enable this policy, the minimum OS requirement is Windows 10, version 1809 and [KB5003217 (OS Build 17763.1971)](https://support.microsoft.com/en-us/topic/may-20-2021-kb5003217-os-build-17763-1971-preview-08687c95-0740-421b-a205-54aa2c716b46).
If enabled, this policy will block end-user from Read access on any Windows Portal devices, for example, mobile/iOS/Android.
>[!NOTE]
-> WPD policy is not a reliable policy for removable storage - admin can not use WPD policy to block removable storage, e.g. if an end-user is using an USB thumb drive under a WPD policy, the policy may block PTP/MTP/etc, but end-user can still browser the USB via explorer.
+> WPD policy is not a reliable policy for removable storage - admin can not use WPD policy to block removable storage. For example, if an end-user is using an USB thumb drive under a WPD policy, the policy may block PTP/MTP/etc, but end-user can still browse the USB via explorer.
Supported values for this policy are:
- Not configured
@@ -721,11 +747,13 @@ ADMX Info:
**Storage/WPDDevicesDenyWriteAccessPerDevice**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -745,16 +773,16 @@ ADMX Info:
This policy will do the enforcement over the following protocols that are used by most portable devices, for example, mobile/IOS/Android:
-- Picture Transfer Protocol (PTP) over USB, IP, and Bluetooth
-- Media Transfer Protocol (MTP) over USB, IP, and Bluetooth
-- Mass Storage Class (MSC) over USB
+- Picture Transfer Protocol (PTP) over USB, IP, and Bluetooth.
+- Media Transfer Protocol (MTP) over USB, IP, and Bluetooth.
+- Mass Storage Class (MSC) over USB.
To enable this policy, the minimum OS requirement is Windows 10, version 1809 and [KB5003217 (OS Build 17763.1971)](https://support.microsoft.com/en-us/topic/may-20-2021-kb5003217-os-build-17763-1971-preview-08687c95-0740-421b-a205-54aa2c716b46).
If enabled, this policy will block end-user from Write access on any Windows Portal devices, for example, mobile/iOS/Android.
>[!NOTE]
-> WPD policy is not a reliable policy for removable storage - admin can not use WPD policy to block removable storage, e.g. if an end-user is using an USB thumb drive under a WPD policy, the policy may block PTP/MTP/etc, but end-user can still browser the USB via explorer.
+> WPD policy is not a reliable policy for removable storage - admin can not use WPD policy to block removable storage. For example, if an end-user is using an USB thumb drive under a WPD policy, the policy may block PTP/MTP/etc, but end-user can still browse the USB via explorer.
Supported values for this policy are:
- Not configured
@@ -783,11 +811,13 @@ ADMX Info:
**Storage/WPDDevicesDenyWriteAccessPerUser**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -807,16 +837,16 @@ ADMX Info:
This policy will do the enforcement over the following protocols that are used by most portable devices, for example, mobile/IOS/Android:
-- Picture Transfer Protocol (PTP) over USB, IP, and Bluetooth
-- Media Transfer Protocol (MTP) over USB, IP, and Bluetooth
-- Mass Storage Class (MSC) over USB
+- Picture Transfer Protocol (PTP) over USB, IP, and Bluetooth.
+- Media Transfer Protocol (MTP) over USB, IP, and Bluetooth.
+- Mass Storage Class (MSC) over USB.
To enable this policy, the minimum OS requirement is Windows 10, version 1809 and [KB5003217 (OS Build 17763.1971)](https://support.microsoft.com/en-us/topic/may-20-2021-kb5003217-os-build-17763-1971-preview-08687c95-0740-421b-a205-54aa2c716b46).
If enabled, this policy will block end-user from Write access on any Windows Portal devices, for example, mobile/iOS/Android.
>[!NOTE]
-> WPD policy is not a reliable policy for removable storage - admin can not use WPD policy to block removable storage, e.g. if an end-user is using an USB thumb drive under a WPD policy, the policy may block PTP/MTP/etc, but end-user can still browser the USB via explorer.
+> WPD policy is not a reliable policy for removable storage - admin can not use WPD policy to block removable storage. For example, if an end-user is using an USB thumb drive under a WPD policy, the policy may block PTP/MTP/etc, but end-user can still browse the USB via explorer.
Supported values for this policy are:
- Not configured
@@ -846,16 +876,19 @@ ADMX Info:
**StorageHealthMonitor/DisableStorageHealthMonitor**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
-Note: Versions prior to 21H2 will not support this policy
+> [!NOTE]
+> Versions prior to 21H2 will not support this policy
@@ -872,15 +905,15 @@ Note: Versions prior to 21H2 will not support this policy
Allows disable of Storage Health Monitor.
-Value type is integer.
+Supported value type is integer.
The following list shows the supported values:
-- 0 - Storage Health Monitor is Enabled
-- 1 - Storage Health Monitor is Disabled
+- 0 - Storage Health Monitor is Enabled.
+- 1 - Storage Health Monitor is Disabled.
@@ -889,3 +922,7 @@ The following list shows the supported values:
+
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md
index a2830db2e2..4e5c11cbed 100644
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@@ -1,21 +1,19 @@
---
title: Policy CSP - System
description: Learn policy settings that determine whether users can access the Insider build controls in the advanced options for Windows Update.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 08/26/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - System
-
-
@@ -118,11 +116,13 @@ manager: dansimp
**System/AllowBuildPreview**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -171,11 +171,13 @@ The following list shows the supported values:
**System/AllowCommercialDataPipeline**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -192,12 +194,12 @@ The following list shows the supported values:
-This policy setting configures an Azure Active Directory joined device so that Microsoft is the processor of the Windows diagnostic data collected from the device, subject to the [Product Terms](https://www.microsoft.com/licensing/terms/productoffering).
+This policy setting configures an Azure Active Directory-joined device, so that Microsoft is the processor of the Windows diagnostic data collected from the device, subject to the [Product Terms](https://www.microsoft.com/licensing/terms/productoffering).
To enable this behavior, you must complete two steps:
- 1. Enable this policy setting
- 2. Join an Azure Active Directory account to the device
+ 1. Enable this policy setting.
+ 2. Join an Azure Active Directory account to the device.
Windows diagnostic data is collected when the Allow Telemetry policy setting is set to 1 – **Required (Basic)** or above.
@@ -244,11 +246,11 @@ This policy setting, in combination with the Allow Telemetry and Configure the C
To enable this behavior, you must complete three steps:
- 1. Enable this policy setting
- 2. Set **AllowTelemetry** to 1 – **Required (Basic)** or above
- 3. Set the Configure the Commercial ID setting for your Desktop Analytics workspace
+ 1. Enable this policy setting.
+ 2. Set **AllowTelemetry** to 1 – **Required (Basic)** or above.
+ 3. Set the Configure the Commercial ID setting for your Desktop Analytics workspace.
-This setting has no effect on devices unless they're properly enrolled in Desktop Analytics.
+This setting has no effect on devices, unless they're properly enrolled in Desktop Analytics.
When these policies are configured, Windows diagnostic data collected from the device will be subject to Microsoft processor commitments.
@@ -268,11 +270,13 @@ The following list shows the supported values:
**System/AllowDeviceNameInDiagnosticData**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -289,7 +293,7 @@ The following list shows the supported values:
-This policy allows the device name to be sent to Microsoft as part of Windows diagnostic data. If you disable or don't configure this policy setting, then device name won't be sent to Microsoft as part of Windows diagnostic data.
+This policy allows the device name to be sent to Microsoft as part of Windows diagnostic data. If you disable or don't configure this policy setting, then device name won't be sent to Microsoft as part of Windows diagnostic data.
@@ -322,11 +326,13 @@ The following list shows the supported values:
**System/AllowEmbeddedMode**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -363,11 +369,13 @@ The following list shows the supported values:
**System/AllowExperimentation**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -389,7 +397,6 @@ The following list shows the supported values:
This policy setting determines the level that Microsoft can experiment with the product to study user preferences or device behavior.
-
Most restricted value is 0.
@@ -409,11 +416,13 @@ The following list shows the supported values:
**System/AllowFontProviders**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -451,8 +460,8 @@ ADMX Info:
The following list shows the supported values:
-- 0 - false - No traffic to fs.microsoft.com and only locally installed fonts are available.
-- 1 - true (default) - There may be network traffic to fs.microsoft.com and downloadable fonts are available to apps that support them.
+- 0 - false - No traffic to fs.microsoft.com, and only locally installed fonts are available.
+- 1 - true (default) - There may be network traffic to fs.microsoft.com, and downloadable fonts are available to apps that support them.
@@ -469,11 +478,13 @@ To verify if System/AllowFontProviders is set to true:
**System/AllowLocation**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -492,7 +503,6 @@ To verify if System/AllowFontProviders is set to true:
Specifies whether to allow app access to the Location service.
-
Most restricted value is 0.
While the policy is set to 0 (Force Location Off) or 2 (Force Location On), any Location service call from an app would trigger the value set by this policy.
@@ -527,11 +537,11 @@ The following list shows the supported values:
-This policy setting configures an Azure Active Directory joined device so that Microsoft is the processor of the Windows diagnostic data.
+This policy setting configures an Azure Active Directory-joined device so that Microsoft is the processor of the Windows diagnostic data.
For customers who enroll into the Microsoft Managed Desktop service, this policy will be enabled by default to allow Microsoft to process data for operational and analytic needs. For more information, see [Privacy and personal data](/microsoft-365/managed-desktop/service-description/privacy-personal-data).
-This setting has no effect on devices unless they're properly enrolled in Microsoft Managed Desktop.
+This setting has no effect on devices, unless they're properly enrolled in Microsoft Managed Desktop.
When these policies are configured, Windows diagnostic data collected from the device will be subject to Microsoft processor commitments.
@@ -546,11 +556,13 @@ If you disable this policy setting, devices may not appear in Microsoft Managed
**System/AllowStorageCard**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -575,7 +587,7 @@ Most restricted value is 0.
The following list shows the supported values:
-- 0 – SD card use isn't allowed and USB drives are disabled. This setting doesn't prevent programmatic access to the storage card.
+- 0 – SD card use isn't allowed, and USB drives are disabled. This setting doesn't prevent programmatic access to the storage card.
- 1 (default) – Allow a storage card.
@@ -587,11 +599,13 @@ The following list shows the supported values:
**System/AllowTelemetry**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -618,7 +632,6 @@ The following list shows the supported values for Windows 8.1:
- 1 – Allowed, except for Secondary Data Requests.
- 2 (default) – Allowed.
-
In Windows 10, you can configure this policy setting to decide what level of diagnostic data to send to Microsoft.
The following list shows the supported values for Windows 10 version 1809 and older, choose the value that is applicable to your OS version (older OS values are displayed in the brackets):
@@ -657,11 +670,13 @@ ADMX Info:
**System/AllowUpdateComplianceProcessing**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -683,9 +698,9 @@ This policy setting, in combination with the Allow Telemetry and Configure the C
To enable this behavior, you must complete three steps:
- 1. Enable this policy setting
- 2. Set **AllowTelemetry** to 1 – **Required (Basic)** or above
- 3. Set the Configure the Commercial ID setting for your Update Compliance workspace
+ 1. Enable this policy setting.
+ 2. Set **AllowTelemetry** to 1 – **Required (Basic)** or above.
+ 3. Set the Configure the Commercial ID setting for your Update Compliance workspace.
When these policies are configured, Windows diagnostic data collected from the device will be subject to Microsoft processor commitments.
@@ -716,11 +731,13 @@ The following list shows the supported values:
**System/AllowUserToResetPhone**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -761,13 +778,13 @@ The following list shows the supported values:
-This policy setting configures an Azure Active Directory joined device so that Microsoft is the processor of the Windows diagnostic data collected from the device, subject to the [Product Terms](https://www.microsoft.com/licensing/terms/productoffering).
+This policy setting configures an Azure Active Directory-joined device so that Microsoft is the processor of the Windows diagnostic data collected from the device, subject to the [Product Terms](https://www.microsoft.com/licensing/terms/productoffering).
To enable this behavior, you must complete three steps:
- 1. Enable this policy setting
- 2. Set **AllowTelemetry** to 1 – **Required (Basic)** or above
- 3. Join an Azure Active Directory account to the device
+ 1. Enable this policy setting.
+ 2. Set **AllowTelemetry** to 1 – **Required (Basic)** or above.
+ 3. Join an Azure Active Directory account to the device.
When these policies are configured, Windows diagnostic data collected from the device will be subject to Microsoft processor commitments.
@@ -788,11 +805,13 @@ The following list shows the supported values:
**System/BootStartDriverInitialization**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -815,19 +834,19 @@ This policy setting allows you to specify which boot-start drivers are initializ
- Bad, but required for boot: The driver has been identified as malware, but the computer can't successfully boot without loading this driver.
- Unknown: This driver hasn't been attested to by your malware detection application and hasn't been classified by the Early Launch Antimalware boot-start driver.
-If you enable this policy setting, you'll be able to choose which boot-start drivers to initialize the next time the computer is started.
+If you enable this policy setting, you'll be able to choose which boot-start drivers to initialize next time the computer is started.
-If you disable or don't configure this policy setting, the boot start drivers determined to be Good, Unknown or Bad but Boot Critical are initialized and the initialization of drivers determined to be Bad is skipped.
+If you disable or don't configure this policy setting, the boot start drivers determined to be Good, Unknown, or Bad, but Boot Critical are initialized and the initialization of drivers determined to be Bad is skipped.
If your malware detection application doesn't include an Early Launch Antimalware boot-start driver or if your Early Launch Antimalware boot-start driver has been disabled, this setting has no effect and all boot-start drivers are initialized.
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -845,11 +864,13 @@ ADMX Info:
**System/ConfigureMicrosoft365UploadEndpoint**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -872,7 +893,7 @@ If your organization is participating in the program and has been instructed to
The value for this setting will be provided by Microsoft as part of the onboarding process for the program.
-Value type is string.
+Supported value type is string.
ADMX Info:
@@ -900,11 +921,13 @@ ADMX Info:
**System/ConfigureTelemetryOptInChangeNotification**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -922,8 +945,9 @@ ADMX Info:
This policy setting determines whether a device shows notifications about telemetry levels to people on first sign in or when changes occur in Settings.
-If you set this policy setting to "Disable telemetry change notifications", telemetry level notifications stop appearing.
-If you set this policy setting to "Enable telemetry change notifications" or don't configure this policy setting, telemetry notifications appear at first sign in and when changes occur in Settings.
+
+- If you set this policy setting to "Disable telemetry change notifications", telemetry level notifications stop appearing.
+- If you set this policy setting to "Enable telemetry change notifications" or don't configure this policy setting, telemetry notifications appear at first sign in and when changes occur in Settings.
@@ -948,11 +972,13 @@ The following list shows the supported values:
**System/ConfigureTelemetryOptInSettingsUx**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1001,11 +1027,13 @@ The following list shows the supported values:
**System/DisableDeviceDelete**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1023,8 +1051,9 @@ The following list shows the supported values:
This policy setting controls whether the Delete diagnostic data button is enabled in Diagnostic & Feedback Settings page.
-If you enable this policy setting, the Delete diagnostic data button will be disabled in Settings page, preventing the deletion of diagnostic data collected by Microsoft from the device.
-If you disable or don't configure this policy setting, the Delete diagnostic data button will be enabled in Settings page, which allows people to erase all diagnostic data collected by Microsoft from that device.
+
+- If you enable this policy setting, the Delete diagnostic data button will be disabled in Settings page, preventing the deletion of diagnostic data collected by Microsoft from the device.
+- If you disable or don't configure this policy setting, the Delete diagnostic data button will be enabled in Settings page, which allows people to erase all diagnostic data collected by Microsoft from that device.
@@ -1053,11 +1082,13 @@ ADMX Info:
**System/DisableDiagnosticDataViewer**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1075,8 +1106,9 @@ ADMX Info:
This policy setting controls whether users can enable and launch the Diagnostic Data Viewer from the Diagnostic & Feedback Settings page.
-If you enable this policy setting, the Diagnostic Data Viewer won't be enabled in Settings page, and it will prevent the viewer from showing diagnostic data collected by Microsoft from the device.
-If you disable or don't configure this policy setting, the Diagnostic Data Viewer will be enabled in Settings page.
+
+- If you enable this policy setting, the Diagnostic Data Viewer won't be enabled in Settings page, and it will prevent the viewer from showing diagnostic data collected by Microsoft from the device.
+- If you disable or don't configure this policy setting, the Diagnostic Data Viewer will be enabled in Settings page.
@@ -1105,11 +1137,13 @@ ADMX Info:
**System/DisableEnterpriseAuthProxy**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1126,7 +1160,7 @@ ADMX Info:
-This policy setting blocks the Connected User Experience and Telemetry service from automatically using an authenticated proxy to send data back to Microsoft on Windows 10. If you disable or don't configure this policy setting, the Connected User Experience and Telemetry service will automatically use an authenticated proxy to send data back to Microsoft. Enabling this policy will block the Connected User Experience and Telemetry service from automatically using an authenticated proxy.
+This policy setting blocks the Connected User Experience and Telemetry service from automatically using an authenticated proxy, to send data back to Microsoft on Windows 10. If you disable or don't configure this policy setting, the Connected User Experience and Telemetry service will automatically use an authenticated proxy, to send data back to Microsoft. Enabling this policy will block the Connected User Experience and Telemetry service from automatically using an authenticated proxy.
@@ -1146,11 +1180,13 @@ ADMX Info:
**System/DisableOneDriveFileSync**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1209,11 +1245,13 @@ To validate on Desktop, do the following steps:
**System/DisableSystemRestore**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1236,19 +1274,19 @@ This policy setting allows you to turn off System Restore.
System Restore enables users, in case of a problem, to restore their computers to a previous state without losing personal data files. By default, System Restore is turned on for the boot volume.
-If you enable this policy setting, System Restore is turned off, and the System Restore Wizard can't be accessed. The option to configure System Restore or create a restore point through System Protection is also disabled.
+If you enable this policy setting, System Restore is turned off, then System Restore Wizard can't be accessed. The option to configure System Restore or create a restore point through System Protection is also disabled.
-If you disable or don't configure this policy setting, users can perform System Restore and configure System Restore settings through System Protection.
+If you disable or don't configure this policy setting, users can perform System Restore, and configure System Restore settings through System Protection.
Also, see the "Turn off System Restore configuration" policy setting. If the "Turn off System Restore" policy setting is disabled or not configured, the "Turn off System Restore configuration" policy setting is used to determine whether the option to configure System Restore is available.
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1266,11 +1304,13 @@ ADMX Info:
**System/FeedbackHubAlwaysSaveDiagnosticsLocally**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1305,11 +1345,13 @@ The following list shows the supported values:
**System/LimitDiagnosticLogCollection**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1326,7 +1368,7 @@ The following list shows the supported values:
-This policy setting specifies whether diagnostic log data can be collected when more information is needed to troubleshoot a problem. It's sent only if we have permission to collect optional diagnostic data, and only if the device meets the criteria for more data collection.
+This policy setting specifies whether diagnostic log data can be collected when more information is needed to troubleshoot a problem. It's sent only if we have permission to collect optional diagnostic data, and only if the device meets the criteria for more data collection.
If you disable or don't configure this policy setting, we may occasionally collect advanced diagnostic data if the user has opted to send optional diagnostic data.
@@ -1354,11 +1396,13 @@ The following list shows the supported values:
**System/LimitDumpCollection**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1375,7 +1419,7 @@ The following list shows the supported values:
-This policy setting limits the type of dumps that can be collected when more information is needed to troubleshoot a problem. These dumps aren't sent unless we have permission to collect optional diagnostic data.
+This policy setting limits the type of dumps that can be collected when more information is needed to troubleshoot a problem. These dumps aren't sent unless we have permission to collect optional diagnostic data.
With this policy setting being enabled, Windows Error Reporting is limited to sending kernel mini dumps and user mode triage dumps only.
@@ -1404,11 +1448,13 @@ The following list shows the supported values:
**System/LimitEnhancedDiagnosticDataWindowsAnalytics**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1438,9 +1484,8 @@ To enable this behavior, you must complete two steps:
> [!NOTE]
> **Enhanced** is no longer an option for Windows Holographic, version 21H1.
- - For Windows 10 version 19H1 and later: set **AllowTelemetry** to Optional (Full)
+ - For Windows 10 version 19H1 and later: set **AllowTelemetry** to Optional (Full).
-
When you configure these policy settings, a basic level of diagnostic data plus other events that are required for Windows Analytics are sent to Microsoft. These events are documented here: Windows 10, version 1709 enhanced telemetry events and fields used by Windows Analytics.
Enabling enhanced diagnostic data in the Allow Telemetry policy in combination with not configuring this policy will also send the required events for Windows Analytics, plus enhanced level telemetry data. This setting has no effect on computers configured to send Required (Basic) or Optional (Full) diagnostic data to Microsoft.
@@ -1465,11 +1510,13 @@ ADMX Info:
**System/TelemetryProxy**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1508,11 +1555,13 @@ ADMX Info:
**System/TurnOffFileHistory**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1560,3 +1609,7 @@ The following list shows the supported values:
+
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-systemservices.md b/windows/client-management/mdm/policy-csp-systemservices.md
index c979583ff0..dda3779328 100644
--- a/windows/client-management/mdm/policy-csp-systemservices.md
+++ b/windows/client-management/mdm/policy-csp-systemservices.md
@@ -1,21 +1,19 @@
---
title: Policy CSP - SystemServices
description: Learn how to use the Policy CSP - SystemServices setting to determine whether the service's start type is Automatic(2), Manual(3), Disabled(4).
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - SystemServices
-
-
@@ -49,11 +47,13 @@ manager: dansimp
**SystemServices/ConfigureHomeGroupListenerServiceStartupMode**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -71,7 +71,9 @@ manager: dansimp
-This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.
+This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4).
+
+Default: Manual.
@@ -88,11 +90,13 @@ GP Info:
**SystemServices/ConfigureHomeGroupProviderServiceStartupMode**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -110,7 +114,9 @@ GP Info:
-This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.
+This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4).
+
+Default: Manual.
@@ -127,11 +133,13 @@ GP Info:
**SystemServices/ConfigureXboxAccessoryManagementServiceStartupMode**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -149,7 +157,9 @@ GP Info:
-This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.
+This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4).
+
+Default: Manual.
@@ -166,11 +176,13 @@ GP Info:
**SystemServices/ConfigureXboxLiveAuthManagerServiceStartupMode**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -188,7 +200,9 @@ GP Info:
-This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.
+This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4).
+
+Default: Manual.
@@ -205,11 +219,13 @@ GP Info:
**SystemServices/ConfigureXboxLiveGameSaveServiceStartupMode**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -227,7 +243,9 @@ GP Info:
-This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.
+This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4).
+
+Default: Manual.
@@ -244,11 +262,13 @@ GP Info:
**SystemServices/ConfigureXboxLiveNetworkingServiceStartupMode**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -266,7 +286,9 @@ GP Info:
-This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.
+This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4).
+
+Default: Manual.
@@ -281,3 +303,6 @@ GP Info:
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-taskmanager.md b/windows/client-management/mdm/policy-csp-taskmanager.md
index 1cae440c6c..359565b3aa 100644
--- a/windows/client-management/mdm/policy-csp-taskmanager.md
+++ b/windows/client-management/mdm/policy-csp-taskmanager.md
@@ -1,20 +1,19 @@
---
title: Policy CSP - TaskManager
description: Learn how to use the Policy CSP - TaskManager setting to determine whether non-administrators can use Task Manager to end tasks.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - TaskManager
-
@@ -26,18 +25,19 @@ manager: dansimp
-
**TaskManager/AllowEndTask**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -57,9 +57,11 @@ manager: dansimp
This setting determines whether non-administrators can use Task Manager to end tasks.
-Value type is integer. Supported values:
+Supported value type is integer.
+
+Supported values:
- 0 - Disabled. EndTask functionality is blocked in TaskManager.
-- 1 - Enabled (default). Users can perform EndTask in TaskManager.
+- 1 - Enabled (default). Users can perform EndTask in TaskManager.
@@ -70,13 +72,15 @@ Value type is integer. Supported values:
**Validation procedure:**
-When this policy is set to 1 - users CAN execute 'End task' on processes in TaskManager
-When the policy is set to 0 - users CANNOT execute 'End task' on processes in TaskManager
+- When this policy is set to 1 - users CAN execute 'End task' on processes in TaskManager.
+- When the policy is set to 0 - users CANNOT execute 'End task' on processes in TaskManager.
-
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
diff --git a/windows/client-management/mdm/policy-csp-taskscheduler.md b/windows/client-management/mdm/policy-csp-taskscheduler.md
index 983bd29762..f6493ca356 100644
--- a/windows/client-management/mdm/policy-csp-taskscheduler.md
+++ b/windows/client-management/mdm/policy-csp-taskscheduler.md
@@ -1,21 +1,19 @@
---
title: Policy CSP - TaskScheduler
description: Learn how to use the Policy CSP - TaskScheduler setting to determine whether the specific task is enabled (1) or disabled (0).
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - TaskScheduler
-
-
@@ -34,11 +32,13 @@ manager: dansimp
**TaskScheduler/EnableXboxGameSaveTask**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -64,3 +64,6 @@ This setting determines whether the specific task is enabled (1) or disabled (0)
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-textinput.md b/windows/client-management/mdm/policy-csp-textinput.md
index f65160e893..f2976b8893 100644
--- a/windows/client-management/mdm/policy-csp-textinput.md
+++ b/windows/client-management/mdm/policy-csp-textinput.md
@@ -1,21 +1,19 @@
---
title: Policy CSP - TextInput
description: The Policy CSP - TextInput setting allows the user to turn on and off the logging for incorrect conversion and saving auto-tuning result to a file.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 03/03/2022
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - TextInput
-
-
@@ -137,11 +135,13 @@ Placeholder only. Do not use in production environment.
**TextInput/AllowIMELogging**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -162,8 +162,7 @@ Placeholder only. Do not use in production environment.
> [!NOTE]
> The policy is only enforced in Windows 10 for desktop.
-
-Allows the user to turn on and off the logging for incorrect conversion and saving auto-tuning result to a file and history-based predictive input.
+Allows the user to turn on and off the logging for incorrect conversion, and saving auto-tuning result to a file and history-based predictive input.
Most restricted value is 0.
@@ -171,8 +170,8 @@ Most restricted value is 0.
The following list shows the supported values:
-- 0 – Not allowed.
-- 1 (default) – Allowed.
+- 0 – Not allowed.
+- 1 (default) – Allowed.
@@ -183,11 +182,13 @@ The following list shows the supported values:
**TextInput/AllowIMENetworkAccess**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -227,11 +228,13 @@ The following list shows the supported values:
**TextInput/AllowInputPanel**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -252,7 +255,6 @@ The following list shows the supported values:
> [!NOTE]
> The policy is only enforced in Windows 10 for desktop.
-
Allows the IT admin to disable the touch/handwriting keyboard on Windows.
Most restricted value is 0.
@@ -273,11 +275,13 @@ The following list shows the supported values:
**TextInput/AllowJapaneseIMESurrogatePairCharacters**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -298,10 +302,8 @@ The following list shows the supported values:
> [!NOTE]
> The policy is only enforced in Windows 10 for desktop.
-
Allows the Japanese IME surrogate pair characters.
-
Most restricted value is 0.
@@ -320,11 +322,13 @@ The following list shows the supported values:
**TextInput/AllowJapaneseIVSCharacters**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -345,7 +349,6 @@ The following list shows the supported values:
> [!NOTE]
> The policy is only enforced in Windows 10 for desktop.
-
Allows Japanese Ideographic Variation Sequence (IVS) characters.
Most restricted value is 0.
@@ -366,11 +369,13 @@ The following list shows the supported values:
**TextInput/AllowJapaneseNonPublishingStandardGlyph**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -391,7 +396,6 @@ The following list shows the supported values:
> [!NOTE]
> The policy is only enforced in Windows 10 for desktop.
-
Allows the Japanese non-publishing standard glyph.
Most restricted value is 0.
@@ -412,11 +416,13 @@ The following list shows the supported values:
**TextInput/AllowJapaneseUserDictionary**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -437,7 +443,6 @@ The following list shows the supported values:
> [!NOTE]
> The policy is only enforced in Windows 10 for desktop.
-
Allows the Japanese user dictionary.
Most restricted value is 0.
@@ -458,11 +463,13 @@ The following list shows the supported values:
**TextInput/AllowKeyboardTextSuggestions**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -524,11 +531,13 @@ This policy has been deprecated.
**TextInput/AllowLanguageFeaturesUninstall**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -549,8 +558,7 @@ This policy has been deprecated.
> [!NOTE]
> The policy is only enforced in Windows 10 for desktop.
-
-Allows the uninstall of language features, such as spell checkers, on a device.
+Allows the uninstall of language features, such as spell checkers on a device.
Most restricted value is 0.
@@ -578,11 +586,13 @@ The following list shows the supported values:
**TextInput/AllowLinguisticDataCollection**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -623,11 +633,13 @@ This setting supports a range of values between 0 and 1.
**TextInput/AllowTextInputSuggestionUpdate**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -668,11 +680,13 @@ The following list shows the supported values:
**TextInput/ConfigureJapaneseIMEVersion**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -713,11 +727,13 @@ The following list shows the supported values:
**TextInput/ConfigureSimplifiedChineseIMEVersion**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -758,11 +774,13 @@ The following list shows the supported values:
**TextInput/ConfigureTraditionalChineseIMEVersion**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -783,6 +801,7 @@ The following list shows the supported values:
> [!NOTE]
> - This policy is enforced only in Windows 10 for desktop.
> - This policy requires reboot to take effect.
+
Allows IT admins to configure Microsoft Traditional Chinese IME version in the desktop.
@@ -802,11 +821,13 @@ The following list shows the supported values:
**TextInput/EnableTouchKeyboardAutoInvokeInDesktopMode**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -848,11 +869,13 @@ The following list shows the supported values:
**TextInput/ExcludeJapaneseIMEExceptJIS0208**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -873,7 +896,6 @@ The following list shows the supported values:
> [!NOTE]
> The policy is only enforced in Windows 10 for desktop.
-
Allows the users to restrict character code range of conversion by setting the character filter.
@@ -892,11 +914,13 @@ The following list shows the supported values:
**TextInput/ExcludeJapaneseIMEExceptJIS0208andEUDC**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -917,7 +941,6 @@ The following list shows the supported values:
> [!NOTE]
> The policy is only enforced in Windows 10 for desktop.
-
Allows the users to restrict character code range of conversion by setting the character filter.
@@ -936,11 +959,13 @@ The following list shows the supported values:
**TextInput/ExcludeJapaneseIMEExceptShiftJIS**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -961,7 +986,6 @@ The following list shows the supported values:
> [!NOTE]
> The policy is only enforced in Windows 10 for desktop.
-
Allows the users to restrict character code range of conversion by setting the character filter.
@@ -980,11 +1004,13 @@ The following list shows the supported values:
**TextInput/ForceTouchKeyboardDockedState**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1021,11 +1047,13 @@ The following list shows the supported values:
**TextInput/TouchKeyboardDictationButtonAvailability**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1062,11 +1090,13 @@ The following list shows the supported values:
**TextInput/TouchKeyboardEmojiButtonAvailability**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1103,11 +1133,13 @@ The following list shows the supported values:
**TextInput/TouchKeyboardFullModeAvailability**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1131,7 +1163,7 @@ Specifies whether the full keyboard mode is enabled or disabled for the touch ke
The following list shows the supported values:
-- 0 (default) - The OS determines when it's most appropriate to be available.
+- 0 (default) - The OS determines, when it's most appropriate to be available.
- 1 - Full keyboard is always available.
- 2 - Full keyboard is always disabled.
@@ -1144,11 +1176,13 @@ The following list shows the supported values:
**TextInput/TouchKeyboardHandwritingModeAvailability**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1172,7 +1206,7 @@ Specifies whether the handwriting input panel is enabled or disabled. When this
The following list shows the supported values:
-- 0 (default) - The OS determines when it's most appropriate to be available.
+- 0 (default) - The OS determines, when it's most appropriate to be available.
- 1 - Handwriting input panel is always available.
- 2 - Handwriting input panel is always disabled.
@@ -1185,11 +1219,13 @@ The following list shows the supported values:
**TextInput/TouchKeyboardNarrowModeAvailability**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1213,7 +1249,7 @@ Specifies whether the narrow keyboard mode is enabled or disabled for the touch
The following list shows the supported values:
-- 0 (default) - The OS determines when it's most appropriate to be available.
+- 0 (default) - The OS determines, when it's most appropriate to be available.
- 1 - Narrow keyboard is always available.
- 2 - Narrow keyboard is always disabled.
@@ -1226,11 +1262,13 @@ The following list shows the supported values:
**TextInput/TouchKeyboardSplitModeAvailability**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1254,7 +1292,7 @@ Specifies whether the split keyboard mode is enabled or disabled for the touch k
The following list shows the supported values:
-- 0 (default) - The OS determines when it's most appropriate to be available.
+- 0 (default) - The OS determines, when it's most appropriate to be available.
- 1 - Split keyboard is always available.
- 2 - Split keyboard is always disabled.
@@ -1267,11 +1305,13 @@ The following list shows the supported values:
**TextInput/TouchKeyboardWideModeAvailability**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1295,7 +1335,7 @@ Specifies whether the wide keyboard mode is enabled or disabled for the touch ke
The following list shows the supported values:
-- 0 (default) - The OS determines when it's most appropriate to be available.
+- 0 (default) - The OS determines, when it's most appropriate to be available.
- 1 - Wide keyboard is always available.
- 2 - Wide keyboard is always disabled.
@@ -1305,3 +1345,6 @@ The following list shows the supported values:
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-timelanguagesettings.md b/windows/client-management/mdm/policy-csp-timelanguagesettings.md
index 09a8420d64..610c3a4580 100644
--- a/windows/client-management/mdm/policy-csp-timelanguagesettings.md
+++ b/windows/client-management/mdm/policy-csp-timelanguagesettings.md
@@ -1,21 +1,19 @@
---
title: Policy CSP - TimeLanguageSettings
description: Learn to use the Policy CSP - TimeLanguageSettings setting to specify the time zone to be applied to the device.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/28/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - TimeLanguageSettings
-
-
@@ -43,11 +41,13 @@ manager: dansimp
**TimeLanguageSettings/BlockCleanupOfUnusedPreinstalledLangPacks**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -97,11 +97,13 @@ ADMX Info:
**TimeLanguageSettings/ConfigureTimeZone**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -141,11 +143,13 @@ Specifies the time zone to be applied to the device. This policy name is the sta
**TimeLanguageSettings/MachineUILanguageOverwrite**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -195,11 +199,13 @@ ADMX Info:
**TimeLanguageSettings/RestrictLanguagePacksAndFeaturesInstall**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -237,3 +243,6 @@ If you disable or don't configure this policy setting, there's no language featu
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-troubleshooting.md b/windows/client-management/mdm/policy-csp-troubleshooting.md
index b19352d765..44b6119a56 100644
--- a/windows/client-management/mdm/policy-csp-troubleshooting.md
+++ b/windows/client-management/mdm/policy-csp-troubleshooting.md
@@ -1,19 +1,17 @@
---
title: Policy CSP - Troubleshooting
description: The Policy CSP - Troubleshooting setting allows IT admins to configure how to apply recommended troubleshooting for known problems on the devices in their domains.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: MariciaAlforque
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
---
# Policy CSP - Troubleshooting
-
-
@@ -32,11 +30,13 @@ ms.date: 09/27/2019
**Troubleshooting/AllowRecommendations**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -54,7 +54,7 @@ ms.date: 09/27/2019
-This policy setting allows IT admins to configure how to apply recommended troubleshooting for known problems on the devices in their domains or IT environments.
+This policy setting allows IT admins to configure, how to apply recommended troubleshooting for known problems on the devices in their domains or IT environments.
@@ -98,3 +98,6 @@ By default, this policy isn't configured and the SKU based defaults are used for
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md
index 9985a58d5c..e056057f7a 100644
--- a/windows/client-management/mdm/policy-csp-update.md
+++ b/windows/client-management/mdm/policy-csp-update.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - Update
description: The Policy CSP - Update allows the IT admin, when used with Update/ActiveHoursStart, to manage a range of active hours where update reboots aren't scheduled.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
-ms.date: 03/18/2022
+ms.date: 06/15/2022
ms.reviewer:
-manager: dansimp
+manager: aaroncz
ms.collection: highpri
---
@@ -138,6 +138,9 @@ ms.collection: highpri
Update/PauseDeferrals
@@ -241,11 +244,13 @@ ms.collection: highpri
**Update/ActiveHoursEnd**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -263,10 +268,10 @@ ms.collection: highpri
-Allows the IT admin (when used with **Update/ActiveHoursStart**) to manage a range of active hours where update reboots aren't scheduled. This value sets the end time. there's a 12-hour maximum from start time.
+Allows the IT admin (when used with **Update/ActiveHoursStart**) to manage a range of active hours where update reboots aren't scheduled. This value sets the end time. There's a 12-hour maximum from start time.
> [!NOTE]
-> The default maximum difference from start time has been increased to 18 in Windows 10, version 1703. In this version of Windows 10, the maximum range of active hours can now be configured. See **Update/ActiveHoursMaxRange** below for more information.
+> The default maximum difference from start time has been increased to 18 in Windows 10, version 1703. In this version of Windows 10, the maximum range of active hours can now be configured. See **Update/ActiveHoursMaxRange** below for more information.
Supported values are 0-23, where 0 is 12 AM, 1 is 1 AM, etc.
@@ -290,11 +295,13 @@ ADMX Info:
**Update/ActiveHoursMaxRange**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -336,11 +343,13 @@ ADMX Info:
**Update/ActiveHoursStart**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -361,7 +370,7 @@ ADMX Info:
Allows the IT admin (when used with **Update/ActiveHoursEnd**) to manage a range of hours where update reboots aren't scheduled. This value sets the start time. There's a 12-hour maximum from end time.
> [!NOTE]
-> The default maximum difference from end time has been increased to 18 in Windows 10, version 1703. In this version of Windows 10, the maximum range of active hours can now be configured. See **Update/ActiveHoursMaxRange** above for more information.
+> The default maximum difference from end time has been increased to 18 in Windows 10, version 1703. In this version of Windows 10, the maximum range of active hours can now be configured. See **Update/ActiveHoursMaxRange** above for more information.
Supported values are 0-23, where 0 is 12 AM, 1 is 1 AM, etc.
@@ -385,11 +394,13 @@ ADMX Info:
**Update/AllowAutoUpdate**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -437,7 +448,6 @@ The following list shows the supported values:
> [!IMPORTANT]
> This option should be used only for systems under regulatory compliance, as you won't get security updates as well.
-
@@ -447,11 +457,13 @@ The following list shows the supported values:
**Update/AllowAutoWindowsUpdateDownloadOverMeteredNetwork**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -469,7 +481,7 @@ The following list shows the supported values:
-Option to download updates automatically over metered connections (off by default). Value type is integer.
+Option to download updates automatically over metered connections (off by default). The supported value type is integer.
A significant number of devices primarily use cellular data and don't have Wi-Fi access, which leads to a lower number of devices getting updates. Since a large number of devices have large data plans or unlimited data, this policy can unblock devices from getting updates.
@@ -499,11 +511,13 @@ The following list shows the supported values:
**Update/AllowMUUpdateService**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -556,11 +570,13 @@ $MUSM.RemoveService("7971f918-a847-4430-9279-4a52d1efe18d")
**Update/AllowNonMicrosoftSignedUpdate**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -582,7 +598,7 @@ Allows the IT admin to manage whether Automatic Updates accepts updates signed b
Supported operations are Get and Replace.
-This policy is specific to desktop and local publishing via WSUS for third-party updates (binaries and updates not hosted on Microsoft Update) and allows IT to manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found on an intranet Microsoft update service location.
+This policy is specific to desktop and local publishing via WSUS for third-party updates (binaries and updates not hosted on Microsoft Update). This policy allows IT to manage whether Automatic Updates accepts updates signed by entities other than Microsoft, when the update is found on an intranet Microsoft update service location.
@@ -600,11 +616,13 @@ The following list shows the supported values:
**Update/AllowUpdateService**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -624,7 +642,7 @@ The following list shows the supported values:
Specifies whether the device could use Microsoft Update, Windows Server Update Services (WSUS), or Microsoft Store.
-Even when Windows Update is configured to receive updates from an intranet update service, it will periodically retrieve information from the public Windows Update service to enable future connections to Windows Update, and other services like Microsoft Update or the Microsoft Store
+Even when Windows Update is configured to receive updates from an intranet update service. It will periodically retrieve information from the public Windows Update service to enable future connections to Windows Update, and other services like Microsoft Update or the Microsoft Store.
Enabling this policy will disable that functionality, and may cause connection to public services such as the Microsoft Store to stop working.
@@ -655,11 +673,13 @@ The following list shows the supported values:
**Update/AutoRestartDeadlinePeriodInDays**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -679,9 +699,9 @@ The following list shows the supported values:
For Quality Updates, this policy specifies the deadline in days before automatically executing a scheduled restart outside of active hours. The deadline can be set between 2 and 30 days from the time the restart is scheduled.
-The system will reboot on or after the specified deadline. The reboot is prioritized over any configured Active Hours and any existing system and user busy checks.
+The system will reboot on or after the specified deadline. The reboot is prioritized over any configured Active Hours and any existing system, and user busy checks.
-Value type is integer. Default is seven days.
+Supported value type is integer. Default is seven days.
Supported values range: 2-30.
@@ -692,7 +712,8 @@ If you enable this policy, a restart will automatically occur the specified numb
If you disable or don't configure this policy, the PC will restart according to the default schedule.
If any of the following two policies are enabled, this policy has no effect:
-1. No autorestart with signed-in users for scheduled automatic updates installations.
+
+1. No autorestart with signed-in users for the scheduled automatic updates installations.
2. Always automatically restart at scheduled time.
@@ -713,11 +734,13 @@ ADMX Info:
**Update/AutoRestartDeadlinePeriodInDaysForFeatureUpdates**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -737,9 +760,9 @@ ADMX Info:
For Feature Updates, this policy specifies the deadline in days before automatically executing a scheduled restart outside of active hours. The deadline can be set between 2 and 30 days from the time the restart is scheduled.
-The system will reboot on or after the specified deadline. The reboot is prioritized over any configured Active Hours and any existing system and user busy checks.
+The system will reboot on or after the specified deadline. The reboot is prioritized over any configured Active Hours and any existing system, and user busy checks.
-Value type is integer. Default is 7 days.
+Supported value type is integer. Default is 7 days.
Supported values range: 2-30.
@@ -750,7 +773,8 @@ If you enable this policy, a restart will automatically occur the specified numb
If you disable or don't configure this policy, the PC will restart according to the default schedule.
If any of the following two policies are enabled, this policy has no effect:
-1. No autorestart with logged on users for scheduled automatic updates installations.
+
+1. No autorestart with logged on users for the scheduled automatic updates installations.
2. Always automatically restart at scheduled time.
@@ -771,11 +795,13 @@ ADMX Info:
**Update/AutoRestartNotificationSchedule**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -819,11 +845,13 @@ Supported values are 15, 30, 60, 120, and 240 (minutes).
**Update/AutoRestartRequiredNotificationDismissal**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -868,11 +896,13 @@ The following list shows the supported values:
**Update/AutomaticMaintenanceWakeUp**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -898,6 +928,7 @@ This policy setting allows you to configure if Automatic Maintenance should make
If you enable this policy setting, Automatic Maintenance attempts to set OS wake policy and make a wake request for the daily scheduled time, if necessary.
If you disable or don't configure this policy setting, the wake setting as specified in Security and Maintenance/Automatic Maintenance Control Panel applies.
+
ADMX Info:
@@ -926,11 +957,13 @@ Supported values:
**Update/BranchReadinessLevel**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -966,7 +999,7 @@ The following list shows the supported values:
- 2 {0x2} - Windows Insider build - Fast (added in Windows 10, version 1709)
- 4 {0x4} - Windows Insider build - Slow (added in Windows 10, version 1709)
- 8 {0x8} - Release Windows Insider build (added in Windows 10, version 1709)
-- 16 {0x10} - (default) General Availability Channel (Targeted). Device gets all applicable feature updates from General Availability Channel (Targeted).
+- 16 {0x10} - (default) General Availability Channel (Targeted). Device gets all applicable feature updates from General Availability Channel (Targeted)
- 32 {0x20} - General Availability Channel. Device gets feature updates from General Availability Channel. (*Only applicable to releases prior to 1903, for all releases 1903 and after the General Availability Channel and General Availability Channel (Targeted) into a single General Availability Channel with a value of 16)
@@ -978,11 +1011,13 @@ The following list shows the supported values:
**Update/ConfigureDeadlineForFeatureUpdates**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1030,11 +1065,13 @@ Default value is 7.
**Update/ConfigureDeadlineForQualityUpdates**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1082,11 +1119,13 @@ Default value is 7.
**Update/ConfigureDeadlineGracePeriod**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1104,7 +1143,7 @@ Default value is 7.
-When used with [Update/ConfigureDeadlineForQualityUpdates](#update-configuredeadlineforqualityupdates),allows the admin to specify a minimum number of days until restarts occur automatically for quality updates. Setting the grace period might extend the effective deadline set by the deadline policy. If [Update/ConfigureDeadlineForQualityUpdates](#update-configuredeadlineforqualityupdates) is configured but this policy isn't, then the default value of 2 will be used.
+When used with [Update/ConfigureDeadlineForQualityUpdates](#update-configuredeadlineforqualityupdates) allows the admin to specify a minimum number of days until restarts occur automatically for quality updates. Setting the grace period might extend the effective deadline set by the deadline policy. If [Update/ConfigureDeadlineForQualityUpdates](#update-configuredeadlineforqualityupdates) is configured but this policy isn't, then the default value of 2 will be used.
@@ -1117,7 +1156,7 @@ ADMX Info:
-Supports a numeric value from 0-7, which indicates the minimum number of days a device will wait before it restarts automatically after installing a required quality update.
+Supports a numeric value from 0-7, which indicates the minimum number of days a device will wait before it restarts automatically, after installing a required quality update.
Default value is 2.
@@ -1135,11 +1174,13 @@ Default value is 2.
**Update/ConfigureDeadlineGracePeriodForFeatureUpdates**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1158,7 +1199,7 @@ Default value is 2.
-When used with [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates), allows the admin to specify a minimum number of days until restarts occur automatically for feature updates. Setting the grace period may extend the effective deadline set by the deadline policy. If [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates) is configured but this policy isn't, then the value from [Update/ConfigureDeadlineGracePeriod](#update-configuredeadlinegraceperiod) will be used; if that policy is also not configured, then the default value of 2 will be used.
+When used with [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates) allows the admin to specify a minimum number of days until restarts occur automatically for feature updates. Setting the grace period may extend the effective deadline set by the deadline policy. If [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates) is configured but this policy isn't, then the value from [Update/ConfigureDeadlineGracePeriod](#update-configuredeadlinegraceperiod) will be used; if that policy is also not configured, then the default value of 2 will be used.
@@ -1171,7 +1212,7 @@ ADMX Info:
-Supports a numeric value from 0-7, which indicates the minimum number of days a device will wait before it restarts automatically after installing a required feature update.
+Supports a numeric value from 0-7, which indicates the minimum number of days a device will wait before it restarts automatically, after installing a required feature update.
Default value is 2.
@@ -1189,11 +1230,13 @@ Default value is 2.
**Update/ConfigureDeadlineNoAutoReboot**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1245,11 +1288,13 @@ Supported values:
**Update/ConfigureFeatureUpdateUninstallPeriod**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1267,7 +1312,11 @@ Supported values:
-Enable IT admin to configure feature update uninstall period. Values range 2 - 60 days. Default is 10 days.
+Enable IT admin to configure feature update uninstall period.
+
+Values range 2 - 60 days.
+
+Default is 10 days.
@@ -1278,11 +1327,13 @@ Enable IT admin to configure feature update uninstall period. Values range 2 - 6
**Update/DeferFeatureUpdatesPeriodInDays**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1326,11 +1377,13 @@ ADMX Info:
**Update/DeferQualityUpdatesPeriodInDays**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1370,11 +1423,13 @@ ADMX Info:
**Update/DeferUpdatePeriod**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1395,7 +1450,6 @@ ADMX Info:
> [!NOTE]
> Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use DeferUpdatePeriod for Windows 10, version 1511 devices.
-
Allows IT Admins to specify update delays for up to four weeks.
Supported values are 0-4, which refers to the number of weeks to defer updates.
@@ -1448,11 +1502,13 @@ ADMX Info:
**Update/DeferUpgradePeriod**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1473,7 +1529,6 @@ ADMX Info:
> [!NOTE]
> Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use DeferUpgradePeriod for Windows 10, version 1511 devices.
-
Allows IT Admins to specify other upgrade delays for up to eight months.
Supported values are 0-8, which refers to the number of months to defer upgrades.
@@ -1498,11 +1553,13 @@ ADMX Info:
**Update/DetectionFrequency**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1540,11 +1597,13 @@ ADMX Info:
**Update/DisableDualScan**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1562,13 +1621,14 @@ ADMX Info:
-Don't allow update deferral policies to cause scans against Windows Update. If this policy isn't enabled, then configuring deferral policies will result in the client unexpectedly scanning Windows update. With the policy enabled, those scans are prevented, and users can configure deferral policies as much as they like.
+Don't allow update deferral policies to cause scans against Windows Update. If this policy isn't enabled, then configuring deferral policies will result in the client unexpectedly scanning Windows update. With the policy enabled, those scans are prevented, and users can configure deferral policies as much as they like.
For more information about dual scan, see [Demystifying "Dual Scan"](/archive/blogs/wsus/demystifying-dual-scan) and [Improving Dual Scan on 1607](/archive/blogs/wsus/improving-dual-scan-on-1607).
This setting is the same as the Group Policy in **Windows Components** > **Windows Update**: "Do not allow update deferral policies to cause scans against Windows Update."
-Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+- Supported value type is integer.
+- Supported operations are Add, Get, Replace, and Delete.
@@ -1594,11 +1654,13 @@ The following list shows the supported values:
**Update/DisableWUfBSafeguards**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1629,7 +1691,7 @@ IT admins can, if necessary, opt devices out of safeguard protections using this
>
> The disable safeguards policy will revert to "Not Configured" on a device after moving to a new Windows 10 version, even if previously enabled. This ensures the admin is consciously disabling Microsoft's default protection from known issues for each new feature update.
>
-> Disabling safeguards doesn't guarantee your device will be able to successfully update. The update may still fail on the device and will likely result in a bad experience post upgrade as you're bypassing the protection given by Microsoft pertaining to known issues.
+> Disabling safeguards doesn't guarantee your device will be able to successfully update. The update may still fail on the device and will likely result in a bad experience post upgrade, as you're bypassing the protection given by Microsoft pertaining to known issues.
@@ -1655,11 +1717,13 @@ The following list shows the supported values:
**Update/DoNotEnforceEnterpriseTLSCertPinningForUpdateDetection**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1693,8 +1757,8 @@ ADMX Info:
The following list shows the supported values:
-- 0 (default) - Enforce certificate pinning
-- 1 - Don't enforce certificate pinning
+- 0 (default) - Enforce certificate pinning.
+- 1 - Don't enforce certificate pinning.
@@ -1705,11 +1769,13 @@ The following list shows the supported values:
**Update/EngagedRestartDeadline**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1729,23 +1795,25 @@ The following list shows the supported values:
For Quality Updates, this policy specifies the deadline in days before automatically scheduling and executing a pending restart outside of active hours. The deadline can be set between 2 and 30 days from the time the restart becomes pending. If configured, the pending restart will transition from Autorestart to Engaged restart (pending user schedule) to be executed automatically, within the specified period.
-The system will reboot on or after the specified deadline. The reboot is prioritized over any configured Active Hours and any existing system and user busy checks.
+The system will reboot on or after the specified deadline. The reboot is prioritized over any configured Active Hours and any existing system, and user busy checks.
> [!NOTE]
> If Update/EngagedDeadline is the only policy set (Update/EngagedRestartTransitionSchedule and Update/EngagedRestartSnoozeSchedule aren't set), the behavior goes from reboot required -> engaged behavior -> forced reboot after deadline is reached with a 3-day snooze period.
-Value type is integer. Default is 14.
+Supporting value type is integer.
+
+Default is 14.
Supported value range: 2 - 30.
-If no deadline is specified or deadline is set to 0, the restart won't be automatically executed and will remain Engaged restart (for example, pending user scheduling).
+If no deadline is specified or deadline is set to 0, the restart won't be automatically executed, and will remain Engaged restart (for example, pending user scheduling).
If you disable or don't configure this policy, the default behaviors will be used.
If any of the following policies are configured, this policy has no effect:
-1. No autorestart with logged on users for scheduled automatic updates installations
-2. Always automatically restart at scheduled time
-3. Specify deadline before autorestart for update installation
+1. No autorestart with logged on users for scheduled automatic updates installations.
+2. Always automatically restart at scheduled time.
+3. Specify deadline before autorestart for update installation.
@@ -1765,11 +1833,13 @@ ADMX Info:
**Update/EngagedRestartDeadlineForFeatureUpdates**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1789,7 +1859,9 @@ ADMX Info:
For Feature Updates, this policy specifies the deadline in days before automatically scheduling and executing a pending restart outside of active hours. The deadline can be set between 2 and 30 days from the time the restart becomes pending. If configured, the pending restart will transition from Auto-restart to Engaged restart (pending user schedule) to be executed automatically, within the specified period.
-Value type is integer. Default is 14.
+Supported value type is integer.
+
+Default is 14.
Supported value range: 2-30.
@@ -1798,9 +1870,9 @@ If no deadline is specified or deadline is set to 0, the restart won't be automa
If you disable or don't configure this policy, the default behaviors will be used.
If any of the following policies are configured, this policy has no effect:
-1. No autorestart with logged on users for scheduled automatic updates installations
-2. Always automatically restart at scheduled time
-3. Specify deadline before autorestart for update installation
+1. No autorestart with logged on users for scheduled automatic updates installations.
+2. Always automatically restart at scheduled time.
+3. Specify deadline before autorestart for update installation.
@@ -1820,11 +1892,13 @@ ADMX Info:
**Update/EngagedRestartSnoozeSchedule**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1844,16 +1918,18 @@ ADMX Info:
For Quality Updates, this policy specifies the number of days a user can snooze Engaged restart reminder notifications. The snooze period can be set between 1-3 days.
-Value type is integer. Default is three days.
+Supported value type is integer.
+
+Default is three days.
Supported value range: 1-3.
If you disable or don't configure this policy, the default behaviors will be used.
If any of the following policies are configured, this policy has no effect:
-1. No autorestart with logged on users for scheduled automatic updates installations
-2. Always automatically restart at scheduled time
-3. Specify deadline before autorestart for update installation
+1. No autorestart with logged on users for scheduled automatic updates installations.
+2. Always automatically restart at scheduled time.
+3. Specify deadline before autorestart for update installation.
@@ -1873,11 +1949,13 @@ ADMX Info:
**Update/EngagedRestartSnoozeScheduleForFeatureUpdates**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1897,16 +1975,18 @@ ADMX Info:
For Feature Updates, this policy specifies the number of days a user can snooze Engaged restart reminder notifications. The snooze period can be set between 1-3 days.
-Value type is integer. Default is three days.
+Supported value type is integer.
+
+Default is three days.
Supported value range: 1-3.
If you disable or don't configure this policy, the default behaviors will be used.
If any of the following policies are configured, this policy has no effect:
-1. No autorestart with logged on users for scheduled automatic updates installations
-2. Always automatically restart at scheduled time
-3. Specify deadline before autorestart for update installation
+1. No autorestart with logged on users for scheduled automatic updates installations.
+2. Always automatically restart at scheduled time.
+3. Specify deadline before autorestart for update installation.
@@ -1926,11 +2006,13 @@ ADMX Info:
**Update/EngagedRestartTransitionSchedule**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1950,16 +2032,18 @@ ADMX Info:
For Quality Updates, this policy specifies the timing before transitioning from Auto restarts scheduled outside of active hours to Engaged restart, which requires the user to schedule. The period can be set between 2 and 30 days from the time the restart becomes pending.
-Value type is integer. Default value is 7 days.
+Supported value type is integer.
+
+Default value is 7 days.
Supported value range: 2 - 30.
If you disable or don't configure this policy, the default behaviors will be used.
If any of the following policies are configured, this policy has no effect:
-1. No autorestart with logged on users for scheduled automatic updates installations
-2. Always automatically restart at scheduled time
-3. Specify deadline before autorestart for update installation
+1. No autorestart with logged on users for scheduled automatic updates installations.
+2. Always automatically restart at scheduled time.
+3. Specify deadline before autorestart for update installation.
@@ -1979,11 +2063,13 @@ ADMX Info:
**Update/EngagedRestartTransitionScheduleForFeatureUpdates**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2003,16 +2089,18 @@ ADMX Info:
For Feature Updates, this policy specifies the timing before transitioning from Auto restarts scheduled_outside of active hours to Engaged restart, which requires the user to schedule. The period can be set between 2 and 30 days from the time the restart becomes pending.
-Value type is integer. Default value is seven days.
+Supported value type is integer.
+
+Default value is seven days.
Supported value range: 2-30.
If you disable or don't configure this policy, the default behaviors will be used.
If any of the following policies are configured, this policy has no effect:
-1. No autorestart with logged on users for scheduled automatic updates installations
-2. Always automatically restart at scheduled time
-3. Specify deadline before autorestart for update installation
+1. No autorestart with logged on users for scheduled automatic updates installations.
+2. Always automatically restart at scheduled time.
+3. Specify deadline before autorestart for update installation.
@@ -2032,11 +2120,13 @@ ADMX Info:
**Update/ExcludeWUDriversInQualityUpdate**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2081,11 +2171,13 @@ The following list shows the supported values:
**Update/FillEmptyContentUrls**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2103,10 +2195,10 @@ The following list shows the supported values:
-Allows Windows Update Agent to determine the download URL when it's missing from the metadata. This scenario will occur when intranet update service stores the metadata files but the download contents are stored in the ISV file cache (specified as the alternate download URL).
+Allows Windows Update Agent to determine the download URL when it's missing from the metadata. This scenario will occur when intranet update service stores the metadata files but the download contents are stored in the ISV file cache (specified as the alternate download URL).
> [!NOTE]
-> This setting should only be used in combination with an alternate download URL and configured to use ISV file cache. This setting is used when the intranet update service doesn't provide download URLs in the update metadata for files which are available on the alternate download server.
+> This setting should only be used in combination with an alternate download URL and configured to use ISV file cache. This setting is used when the intranet update service doesn't provide download URLs in the update metadata for files which are available on the alternate download server.
@@ -2133,11 +2225,13 @@ The following list shows the supported values:
**Update/IgnoreMOAppDownloadLimit**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2186,11 +2280,13 @@ To validate this policy:
**Update/IgnoreMOUpdateDownloadLimit**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2239,11 +2335,13 @@ To validate this policy:
**Update/ManagePreviewBuilds**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2261,7 +2359,9 @@ To validate this policy:
-Used to manage Windows 10 Insider Preview builds. Value type is integer.
+Used to manage Windows 10 Insider Preview builds.
+
+Supported value type is integer.
@@ -2276,9 +2376,9 @@ ADMX Info:
The following list shows the supported values:
-- 0 - Disable Preview builds
-- 1 - Disable Preview builds once the next release is public
-- 2 - Enable Preview builds
+- 0 - Disable Preview builds.
+- 1 - Disable Preview builds once the next release is public.
+- 2 - Enable Preview builds.
@@ -2286,14 +2386,65 @@ The following list shows the supported values:
-**Update/PauseDeferrals**
+**Update/NoUpdateNotificationDuringActiveHours**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+This policy can be used in conjunction with Update/ActiveHoursStart and Update/ActiveHoursEnd policies to ensure that the end user sees no update notifications during active hours until deadline is reached. Note - if no active hour period is configured then this will apply to the intelligent active hours window calculated on the device.
+
+Supported value type is a boolean.
+
+0 (Default) This configuration will provide the default behavior (notifications may display during active hours)
+1: This setting will prevent notifications from displaying during active hours.
+
+
+
+ADMX Info:
+- GP Friendly name: *Display options for update notifications*
+- GP name: *NoUpdateNotificationDuringActiveHours*
+- GP element: *NoUpdateNotificationDuringActiveHours*
+- GP path: *Windows Components\WindowsUpdate\Manage end user experience*
+- GP ADMX file name: *WindowsUpdate.admx*
+
+
+
+
+
+
+
+**Update/PauseDeferrals**
+
+
+The table below shows the applicability of Windows:
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2314,10 +2465,8 @@ The following list shows the supported values:
> [!NOTE]
> Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use PauseDeferrals for Windows 10, version 1511 devices.
-
Allows IT Admins to pause updates and upgrades for up to five weeks. Paused deferrals will be reset after five weeks.
-
If the "Specify intranet Microsoft update service location" policy is enabled, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
If the "Allow Telemetry" policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
@@ -2345,11 +2494,13 @@ The following list shows the supported values:
**Update/PauseFeatureUpdates**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2368,7 +2519,7 @@ The following list shows the supported values:
-Allows IT Admins to pause feature updates for up to 35 days. We recomment that you use the *Update/PauseFeatureUpdatesStartTime* policy if you're running Windows 10, version 1703 or later.
+Allows IT Admins to pause feature updates for up to 35 days. We recommend that you use the *Update/PauseFeatureUpdatesStartTime* policy, if you're running Windows 10, version 1703 or later.
@@ -2395,11 +2546,13 @@ The following list shows the supported values:
**Update/PauseFeatureUpdatesStartTime**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2419,7 +2572,8 @@ The following list shows the supported values:
Specifies the date and time when the IT admin wants to start pausing the Feature Updates. When this policy is configured, Feature Updates will be paused for 35 days from the specified start date.
-Value type is string (yyyy-mm-dd, ex. 2018-10-28). Supported operations are Add, Get, Delete, and Replace.
+- Supported value type is string (yyyy-mm-dd, ex. 2018-10-28).
+- Supported operations are Add, Get, Delete, and Replace.
@@ -2439,11 +2593,13 @@ ADMX Info:
**Update/PauseQualityUpdates**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2488,11 +2644,13 @@ The following list shows the supported values:
**Update/PauseQualityUpdatesStartTime**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2512,7 +2670,8 @@ The following list shows the supported values:
Specifies the date and time when the IT admin wants to start pausing the Quality Updates. When this policy is configured, Quality Updates will be paused for 35 days from the specified start date.
-Value type is string (yyyy-mm-dd, ex. 2018-10-28). Supported operations are Add, Get, Delete, and Replace.
+- Supported value type is string (yyyy-mm-dd, ex. 2018-10-28).
+- Supported operations are Add, Get, Delete, and Replace.
@@ -2543,11 +2702,13 @@ This policy is deprecated. Use [Update/RequireUpdateApproval](#update-requireupd
**Update/ProductVersion**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2580,7 +2741,7 @@ ADMX Info:
-Value type is a string containing a Windows product, for example, "Windows 11" or "11" or "Windows 10".
+Supported value type is a string containing a Windows product. For example, "Windows 11" or "11" or "Windows 10".
@@ -2593,7 +2754,7 @@ By using this Windows Update for Business policy to upgrade devices to a new pro
1. The applicable Windows license was purchased through volume licensing, or
-2. That you're authorized to bind your organization and are accepting on its behalf the relevant Microsoft Software License Terms to be found here: (https://www.microsoft.com/Useterms).
+2. You're authorized to bind your organization and are accepting on its behalf the relevant Microsoft Software License Terms to be found here: (https://www.microsoft.com/Useterms).
@@ -2601,11 +2762,13 @@ By using this Windows Update for Business policy to upgrade devices to a new pro
**Update/RequireDeferUpgrade**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -2626,7 +2789,6 @@ By using this Windows Update for Business policy to upgrade devices to a new pro
> [!NOTE]
> Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use RequireDeferUpgrade for Windows 10, version 1511 devices.
-
Allows the IT admin to set a device to General Availability Channel train.
@@ -2652,11 +2814,13 @@ The following list shows the supported values:
**Update/RequireUpdateApproval**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|No|
+|Windows SE|No|No|
|Business|Yes|No|
|Enterprise|Yes|No|
|Education|Yes|No|
@@ -2677,7 +2841,6 @@ The following list shows the supported values:
> [!NOTE]
> If you previously used the **Update/PhoneUpdateRestrictions** policy in previous versions of Windows, it has been deprecated. Please use this policy instead.
-
Allows the IT admin to restrict the updates that are installed on a device to only those on an update approval list. It enables IT to accept the End User License Agreement (EULA) associated with the approved update on behalf of the end user. EULAs are approved once an update is approved.
Supported operations are Get and Replace.
@@ -2698,11 +2861,13 @@ The following list shows the supported values:
**Update/ScheduleImminentRestartWarning**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2746,11 +2911,13 @@ Supported values are 15, 30, or 60 (minutes).
**Update/ScheduleRestartWarning**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2769,8 +2936,7 @@ Supported values are 15, 30, or 60 (minutes).
> [!NOTE]
-> This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education
-
+> This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education.
Allows the IT Admin to specify the period for autorestart warning reminder notifications.
@@ -2798,11 +2964,13 @@ Supported values are 2, 4, 8, 12, or 24 (hours).
**Update/ScheduledInstallDay**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2822,7 +2990,7 @@ Supported values are 2, 4, 8, 12, or 24 (hours).
Enables the IT admin to schedule the day of the update installation.
-The data type is an integer.
+Supported data type is an integer.
Supported operations are Add, Delete, Get, and Replace.
@@ -2857,11 +3025,13 @@ The following list shows the supported values:
**Update/ScheduledInstallEveryWeek**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2879,11 +3049,14 @@ The following list shows the supported values:
-Enables the IT admin to schedule the update installation on every week. Value type is integer. Supported values:
-
-
0 - no update in the schedule
-
1 - update is scheduled every week
-
+Enables the IT admin to schedule the update installation on every week.
+
+Supported Value type is integer.
+
+Supported values:
+- 0 - no update in the schedule.
+- 1 - update is scheduled every week.
+
@@ -2903,11 +3076,13 @@ ADMX Info:
**Update/ScheduledInstallFirstWeek**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2925,11 +3100,14 @@ ADMX Info:
-Enables the IT admin to schedule the update installation on the first week of the month. Value type is integer. Supported values:
-
-
0 - no update in the schedule
-
1 - update is scheduled every first week of the month
-
+Enables the IT admin to schedule the update installation on the first week of the month.
+
+Supported value type is integer.
+
+Supported values:
+- 0 - no update in the schedule.
+- 1 - update is scheduled every first week of the month.
+
@@ -2949,11 +3127,13 @@ ADMX Info:
**Update/ScheduledInstallFourthWeek**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -2971,11 +3151,14 @@ ADMX Info:
-Enables the IT admin to schedule the update installation on the fourth week of the month. Value type is integer. Supported values:
-
-
0 - no update in the schedule
-
1 - update is scheduled every fourth week of the month
-
+Enables the IT admin to schedule the update installation on the fourth week of the month.
+
+Supported value type is integer.
+
+Supported values:
+- 0 - no update in the schedule.
+- 1 - update is scheduled every fourth week of the month.
+
@@ -2995,11 +3178,13 @@ ADMX Info:
**Update/ScheduledInstallSecondWeek**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3017,11 +3202,15 @@ ADMX Info:
-Enables the IT admin to schedule the update installation on the second week of the month. Value type is integer. Supported values:
-
-
0 - no update in the schedule
-
1 - update is scheduled every second week of the month
-
+Enables the IT admin to schedule the update installation on the second week of the month.
+
+Supported vlue type is integer.
+
+Supported values:
+
+- 0 - no update in the schedule.
+- 1 - update is scheduled every second week of the month.
+
@@ -3041,11 +3230,13 @@ ADMX Info:
**Update/ScheduledInstallThirdWeek**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3063,11 +3254,14 @@ ADMX Info:
-Enables the IT admin to schedule the update installation on the third week of the month. Value type is integer. Supported values:
-
-
0 - no update in the schedule
-
1 - update is scheduled every third week of the month
-
+Enables the IT admin to schedule the update installation on the third week of the month.
+
+Supported value type is integer.
+
+Supported values:
+- 0 - no update in the schedule.
+- 1 - update is scheduled every third week of the month.
+
@@ -3087,11 +3281,13 @@ ADMX Info:
**Update/ScheduledInstallTime**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3109,13 +3305,9 @@ ADMX Info:
-> [!NOTE]
-> This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education
+Enables the IT admin to schedule the time of the update installation. Note that there is a window of approximately 30 minutes to allow for higher success rates of installation.
-
-Enables the IT admin to schedule the time of the update installation.
-
-The data type is an integer.
+The supported data type is an integer.
Supported operations are Add, Delete, Get, and Replace.
@@ -3141,11 +3333,13 @@ ADMX Info:
**Update/SetAutoRestartNotificationDisable**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3190,11 +3384,13 @@ The following list shows the supported values:
**Update/SetDisablePauseUXAccess**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3214,7 +3410,11 @@ The following list shows the supported values:
This policy allows the IT admin to disable the "Pause Updates" feature. When this policy is enabled, the user can't access the "Pause updates" feature.
-Value type is integer. Default is 0. Supported values 0, 1.
+Supported value type is integer.
+
+Default is 0.
+
+Supported values 0, 1.
@@ -3231,11 +3431,13 @@ ADMX Info:
**Update/SetDisableUXWUAccess**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3255,7 +3457,11 @@ ADMX Info:
This policy allows the IT admin to remove access to scan Windows Update. When this policy is enabled, the user can't access the Windows Update scan, download, and install features.
-Value type is integer. Default is 0. Supported values 0, 1.
+Supported value type is integer.
+
+Default is 0.
+
+Supported values 0, 1.
@@ -3272,11 +3478,13 @@ ADMX Info:
**Update/SetEDURestart**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3296,7 +3504,7 @@ ADMX Info:
For devices in a cart, this policy skips all restart checks to ensure that the reboot will happen at ScheduledInstallTime.
-When you set this policy along with Update/ActiveHoursStart, Update/ActiveHoursEnd, and ShareCartPC, it will defer all the update processes (scan, download, install, and reboot) to a time after Active Hours. After a buffer period after ActiveHoursEnd, the device will wake up several times to complete the processes. All processes are blocked before ActiveHoursStart.
+When you set this policy along with Update/ActiveHoursStart, Update/ActiveHoursEnd, and ShareCartPC, it will defer all the update processes (scan, download, install, and reboot) to a time after Active Hours. After a buffer period, after ActiveHoursEnd, the device will wake up several times to complete the processes. All processes are blocked before ActiveHoursStart.
@@ -3319,14 +3527,16 @@ The following list shows the supported values:
-**Update/SetPolicyDrivenUpdateSourceForDriver**
+**Update/SetPolicyDrivenUpdateSourceForDriverUpdates**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3347,9 +3557,9 @@ The following list shows the supported values:
Configure this policy to specify whether to receive Windows Driver Updates from Windows Update endpoint, managed by Windows Update for Business policies, or through your configured Windows Server Update Service (WSUS) server.
If you configure this policy, also configure the scan source policies for other update types:
-- SetPolicyDrivenUpdateSourceForFeature
-- SetPolicyDrivenUpdateSourceForQuality
-- SetPolicyDrivenUpdateSourceForOther
+- SetPolicyDrivenUpdateSourceForFeatureUpdates
+- SetPolicyDrivenUpdateSourceForQualityUpdates
+- SetPolicyDrivenUpdateSourceForOtherUpdates
>[!NOTE]
>If you have not properly configured Update/UpdateServiceUrl correctly to point to your WSUS server, this policy will have no effect.
@@ -3366,8 +3576,8 @@ ADMX Info:
The following list shows the supported values:
-- 0: (Default) Detect, download, and deploy Driver from Windows Update
-- 1: Enabled, Detect, download, and deploy Driver from Windows Server Update Server (WSUS)
+- 0: (Default) Detect, download, and deploy Drivers from Windows Update.
+- 1: Enabled, Detect, download, and deploy Drivers from Windows Server Update Server (WSUS).
@@ -3375,14 +3585,16 @@ The following list shows the supported values:
-**Update/SetPolicyDrivenUpdateSourceForFeature**
+**Update/SetPolicyDrivenUpdateSourceForFeatureUpdates**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3400,12 +3612,12 @@ The following list shows the supported values:
-Configure this policy to specify whether to receive Windows Driver Updates from Windows Update endpoint, managed by Windows Update for Business policies, or through your configured Windows Server Update Service (WSUS) server.
+Configure this policy to specify whether to receive Windows Feature Updates from Windows Update endpoint, managed by Windows Update for Business policies, or through your configured Windows Server Update Service (WSUS) server.
If you configure this policy, also configure the scan source policies for other update types:
-- SetPolicyDrivenUpdateSourceForQuality
-- SetPolicyDrivenUpdateSourceForDriver
-- SetPolicyDrivenUpdateSourceForOther
+- SetPolicyDrivenUpdateSourceForQualityUpdates
+- SetPolicyDrivenUpdateSourceForDriverUpdates
+- SetPolicyDrivenUpdateSourceForOtherUpdates
>[!NOTE]
>If you have not properly configured Update/UpdateServiceUrl correctly to point to your WSUS server, this policy will have no effect.
@@ -3422,8 +3634,8 @@ ADMX Info:
The following list shows the supported values:
-- 0: (Default) Detect, download, and deploy Feature from Windows Update
-- 1: Enabled, Detect, download, and deploy Feature from Windows Server Update Server (WSUS)
+- 0: (Default) Detect, download, and deploy Feature Updates from Windows Update.
+- 1: Enabled, Detect, download, and deploy Feature Updates from Windows Server Update Server (WSUS).
@@ -3431,14 +3643,16 @@ The following list shows the supported values:
-**Update/SetPolicyDrivenUpdateSourceForOther**
+**Update/SetPolicyDrivenUpdateSourceForOtherUpdates**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3456,12 +3670,12 @@ The following list shows the supported values:
-Configure this policy to specify whether to receive Windows Driver Updates from Windows Update endpoint, managed by Windows Update for Business policies, or through your configured Windows Server Update Service (WSUS) server.
+Configure this policy to specify whether to receive Other Updates from Windows Update endpoint, managed by Windows Update for Business policies, or through your configured Windows Server Update Service (WSUS) server.
If you configure this policy, also configure the scan source policies for other update types:
-- SetPolicyDrivenUpdateSourceForFeature
-- SetPolicyDrivenUpdateSourceForQuality
-- SetPolicyDrivenUpdateSourceForDriver
+- SetPolicyDrivenUpdateSourceForFeatureUpdates
+- SetPolicyDrivenUpdateSourceForQualityUpdates
+- SetPolicyDrivenUpdateSourceForDriverUpdates
>[!NOTE]
>If you have not properly configured Update/UpdateServiceUrl correctly to point to your WSUS server, this policy will have no effect.
@@ -3478,8 +3692,8 @@ ADMX Info:
The following list shows the supported values:
-- 0: (Default) Detect, download, and deploy Other from Windows Update
-- 1: Enabled, Detect, download, and deploy Other from Windows Server Update Server (WSUS)
+- 0: (Default) Detect, download, and deploy Other updates from Windows Update.
+- 1: Enabled, Detect, download, and deploy Other updates from Windows Server Update Server (WSUS).
@@ -3487,14 +3701,16 @@ The following list shows the supported values:
-**Update/SetPolicyDrivenUpdateSourceForQuality**
+**Update/SetPolicyDrivenUpdateSourceForQualityUpdates**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3512,12 +3728,12 @@ The following list shows the supported values:
-Configure this policy to specify whether to receive Windows Driver Updates from Windows Update endpoint, managed by Windows Update for Business policies, or through your configured Windows Server Update Service (WSUS) server.
+Configure this policy to specify whether to receive Windows Quality Updates from Windows Update endpoint, managed by Windows Update for Business policies, or through your configured Windows Server Update Service (WSUS) server.
If you configure this policy, also configure the scan source policies for other update types:
-- SetPolicyDrivenUpdateSourceForFeature
-- SetPolicyDrivenUpdateSourceForDriver
-- SetPolicyDrivenUpdateSourceForOther
+- SetPolicyDrivenUpdateSourceForFeatureUpdates
+- SetPolicyDrivenUpdateSourceForDriverUpdates
+- SetPolicyDrivenUpdateSourceForOtherUpdates
>[!NOTE]
>If you have not properly configured Update/UpdateServiceUrl correctly to point to your WSUS server, this policy will have no effect.
@@ -3534,8 +3750,8 @@ ADMX Info:
The following list shows the supported values:
-- 0: (Default) Detect, download, and deploy Quality from Windows Update
-- 1: Enabled, Detect, download, and deploy Quality from Windows Server Update Server (WSUS)
+- 0: (Default) Detect, download, and deploy Quality Updates from Windows Update.
+- 1: Enabled, Detect, download, and deploy Quality Updates from Windows Server Update Server (WSUS).
@@ -3546,11 +3762,13 @@ The following list shows the supported values:
**Update/SetProxyBehaviorForUpdateDetection**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3587,6 +3805,7 @@ The following list shows the supported values:
- 0 (default) - Allow system proxy only for HTTP scans.
- 1 - Allow user proxy to be used as a fallback if detection using system proxy fails.
+
> [!NOTE]
> Configuring this policy setting to 1 exposes your environment to potential security risk and makes scans unsecure.
@@ -3599,11 +3818,13 @@ The following list shows the supported values:
**Update/TargetReleaseVersion**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3622,6 +3843,7 @@ The following list shows the supported values:
Available in Windows 10, version 1803 and later. Enables IT administrators to specify which version they would like their device(s) to move to and/or stay on until they reach end of service or reconfigure the policy. For details about different Windows 10 versions, see [Windows 10 release information](/windows/release-health/release-information/).
+
ADMX Info:
@@ -3633,7 +3855,7 @@ ADMX Info:
-Value type is a string containing Windows 10 version number. For example, 1809, 1903.
+Supported value type is a string containing Windows 10 version number. For example, 1809, 1903.
@@ -3649,11 +3871,13 @@ Value type is a string containing Windows 10 version number. For example, 1809,
**Update/UpdateNotificationLevel**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3675,9 +3899,9 @@ Display options for update notifications. This policy allows you to define what
Options:
-- 0 (default) - Use the default Windows Update notifications
-- 1 - Turn off all notifications, excluding restart warnings
-- 2 - Turn off all notifications, including restart warnings
+- 0 (default) - Use the default Windows Update notifications.
+- 1 - Turn off all notifications, excluding restart warnings.
+- 2 - Turn off all notifications, including restart warnings.
> [!IMPORTANT]
> If you choose not to get update notifications and also define other Group policies so that devices aren't automatically getting updates, neither you nor device users will be aware of critical security, quality, or feature updates, and your devices may be at risk.
@@ -3708,11 +3932,13 @@ ADMX Info:
**Update/UpdateServiceUrl**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3782,11 +4008,13 @@ Example
**Update/UpdateServiceUrlAlternate**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -3808,9 +4036,9 @@ Specifies an alternate intranet server to host updates from Microsoft Update. Yo
This setting lets you specify a server on your network to function as an internal update service. The Automatic Updates client will search this service for updates that apply to the computers on your network.
-To use this setting, you must set two server name values: the server from which the Automatic Updates client detects and downloads updates, and the server to which updated workstations upload statistics. You can set both values to be the same server. An optional server name value can be specified to configure Windows Update agent, and download updates from an alternate download server instead of WSUS Server.
+To use this setting, you must set two server name values: the server from which the Automatic Updates client detects and downloads updates, and the server to which updated workstations upload statistics. You can set both values to be the same server. An optional server name value can be specified to configure Windows Update agent, and download updates from an alternate download server instead of WSUS Server.
-Value type is string and the default value is an empty string, "". If the setting isn't configured, and if Automatic Updates isn't disabled by policy or user preference, the Automatic Updates client connects directly to the Windows Update site on the Internet.
+Supported value type is string and the default value is an empty string, "". If the setting isn't configured, and if Automatic Updates isn't disabled by policy or user preference, the Automatic Updates client connects directly to the Windows Update site on the Internet.
> [!NOTE]
> If the "Configure Automatic Updates" Group Policy is disabled, then this policy has no effect.
@@ -3831,3 +4059,7 @@ ADMX Info:
+
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
diff --git a/windows/client-management/mdm/policy-csp-userrights.md b/windows/client-management/mdm/policy-csp-userrights.md
index 3d13322718..628076c675 100644
--- a/windows/client-management/mdm/policy-csp-userrights.md
+++ b/windows/client-management/mdm/policy-csp-userrights.md
@@ -1,20 +1,19 @@
---
title: Policy CSP - UserRights
description: Learn how user rights are assigned for user accounts or groups, and how the name of the policy defines the user right in question.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 11/24/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - UserRights
-
User rights are assigned for user accounts or groups. The name of the policy defines the user right in question, and the values are always users or groups. Values can be represented as SIDs or strings. For reference, see [Well-Known SID Structures](/openspecs/windows_protocols/ms-dtyp/81d92bba-d22b-4a8c-908a-554ab29148ab).
@@ -77,7 +76,7 @@ Here are examples of data fields. The encoded 0xF000 is the standard delimiter/s
> [!NOTE]
> `` is the entity encoding of 0xF000.
-For example, the following syntax grants user rights to Authenticated Users and Replicator user groups:
+For example, the following syntax grants user rights to Authenticated Users and Replicator user groups.:
```xml
@@ -197,11 +196,13 @@ For example, the following syntax grants user rights to a specific user or group
**UserRights/AccessCredentialManagerAsTrustedCaller**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -236,11 +237,13 @@ GP Info:
**UserRights/AccessFromNetwork**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -259,6 +262,7 @@ GP Info:
This user right determines which users and groups are allowed to connect to the computer over the network. Remote Desktop Services isn't affected by this user right.
+
> [!NOTE]
> Remote Desktop Services was called Terminal Services in previous versions of Windows Server.
@@ -277,11 +281,13 @@ GP Info:
**UserRights/ActAsPartOfTheOperatingSystem**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -300,6 +306,7 @@ GP Info:
This user right allows a process to impersonate any user without authentication. The process can therefore gain access to the same local resources as that user. Processes that require this privilege should use the LocalSystem account, which already includes this privilege, rather than using a separate user account with this privilege specially assigned.
+
> [!CAUTION]
> Assigning this user right can be a security risk. Assign this user right to trusted users only.
@@ -318,11 +325,13 @@ GP Info:
**UserRights/AllowLocalLogOn**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -341,6 +350,7 @@ GP Info:
This user right determines which users can sign in to the computer.
+
> [!NOTE]
> Modifying this setting might affect compatibility with clients, services, and applications. For compatibility information about this setting, see [Allow log on locally](https://go.microsoft.com/fwlink/?LinkId=24268 ) at the Microsoft website.
@@ -359,11 +369,13 @@ GP Info:
**UserRights/BackupFilesAndDirectories**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -382,6 +394,7 @@ GP Info:
This user right determines which users can bypass file, directory, registry, and other persistent objects permissions when backing up files and directories. Specifically, this user right is similar to granting the following permissions to the user or group in question on all files and folders on the system: Traverse Folder/Execute File, Read.
+
> [!CAUTION]
> Assigning this user right can be a security risk. Since users with this user right can read any registry settings and files, assign this user right to trusted users only.
@@ -400,11 +413,13 @@ GP Info:
**UserRights/ChangeSystemTime**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -423,8 +438,9 @@ GP Info:
This user right determines which users and groups can change the time and date on the internal clock of the computer. Users that are assigned this user right can affect the appearance of event logs. If the system time is changed, events that are logged will reflect this new time, not the actual time that the events occurred.
+
> [!CAUTION]
-> Configuring user rights replaces existing users or groups previously assigned those user rights. The system requires that Local Service account (SID S-1-5-19) always has the ChangeSystemTime right. Therefore, Local Service must always be specified in addition to any other accounts being configured in this policy.
+> Configuring user rights replaces existing users or groups previously assigned to those user rights. The system requires that Local Service account (SID S-1-5-19) always has the ChangeSystemTime right. Therefore, Local Service must always be specified in addition to any other accounts being configured in this policy.
>
> Not including the Local Service account will result in failure with the following error:
>
@@ -447,11 +463,13 @@ GP Info:
**UserRights/CreateGlobalObjects**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -470,6 +488,7 @@ GP Info:
This security setting determines whether users can create global objects that are available to all sessions. Users can still create objects that are specific to their own session if they don't have this user right. Users who can create global objects could affect processes that run under other users' sessions, which could lead to application failure or data corruption.
+
> [!CAUTION]
> Assigning this user right can be a security risk. Assign this user right to trusted users only.
@@ -488,11 +507,13 @@ GP Info:
**UserRights/CreatePageFile**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -527,11 +548,13 @@ GP Info:
**UserRights/CreatePermanentSharedObjects**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -566,11 +589,13 @@ GP Info:
**UserRights/CreateSymbolicLinks**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -589,8 +614,10 @@ GP Info:
This user right determines if the user can create a symbolic link from the computer they're signed in to.
+
> [!CAUTION]
> This privilege should be given to trusted users only. Symbolic links can expose security vulnerabilities in applications that aren't designed to handle them.
+
> [!NOTE]
> This setting can be used in conjunction with a symlink filesystem setting that can be manipulated with the command line utility to control the kinds of symlinks that are allowed on the machine. Type 'fsutil behavior set symlinkevaluation /?' at the command line to get more information about fsutil and symbolic links.
@@ -609,11 +636,13 @@ GP Info:
**UserRights/CreateToken**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -632,6 +661,7 @@ GP Info:
This user right determines which accounts can be used by processes to create a token that can then be used to get access to any local resources when the process uses an internal application programming interface (API) to create an access token. This user right is used internally by the operating system. Unless it's necessary, don't assign this user right to a user, group, or process other than Local System.
+
> [!CAUTION]
> Assigning this user right can be a security risk. Don't assign this user right to any user, group, or process that you don't want to take over the system.
@@ -650,11 +680,13 @@ GP Info:
**UserRights/DebugPrograms**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -673,6 +705,7 @@ GP Info:
This user right determines which users can attach a debugger to any process or to the kernel. Developers who are debugging their own applications don't need to be assigned this user right. Developers who are debugging new system components will need this user right to be able to do so. This user right provides complete access to sensitive and critical operating system components.
+
> [!CAUTION]
> Assigning this user right can be a security risk. Assign this user right to trusted users only.
@@ -691,11 +724,13 @@ GP Info:
**UserRights/DenyAccessFromNetwork**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -713,7 +748,7 @@ GP Info:
-This user right determines which users are prevented from accessing a computer over the network. This policy setting supersedes the Access this computer from the network policy setting if a user account is subject to both policies.
+This user right determines which users are prevented from accessing a computer over the network. This policy setting supersedes the Access to this computer from the network policy setting if a user account is subject to both policies.
@@ -730,11 +765,13 @@ GP Info:
**UserRights/DenyLocalLogOn**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -772,11 +809,13 @@ GP Info:
**UserRights/DenyRemoteDesktopServicesLogOn**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -811,11 +850,13 @@ GP Info:
**UserRights/EnableDelegation**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -834,6 +875,7 @@ GP Info:
This user right determines which users can set the Trusted for Delegation setting on a user or computer object. The user or object that is granted this privilege must have write access to the account control flags on the user or computer object. A server process running on a computer (or under a user context) that is trusted for delegation can access resources on another computer using delegated credentials of a client, as long as the client account doesn't have the Account can't be delegated account control flag set.
+
> [!CAUTION]
> Misuse of this user right, or of the Trusted for Delegation setting, could make the network vulnerable to sophisticated attacks using Trojan horse programs that impersonate incoming clients and use their credentials to gain access to network resources.
@@ -852,11 +894,13 @@ GP Info:
**UserRights/GenerateSecurityAudits**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -891,11 +935,13 @@ GP Info:
**UserRights/ImpersonateClient**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -914,14 +960,19 @@ GP Info:
Assigning this user right to a user allows programs running on behalf of that user to impersonate a client. Requiring this user right for this kind of impersonation prevents an unauthorized user from convincing a client to connect (for example, by remote procedure call (RPC) or named pipes) to a service that they have created and then impersonating that client, which can elevate the unauthorized user's permissions to administrative or system levels.
+
> [!CAUTION]
> Assigning this user right can be a security risk. Assign this user right to trusted users only.
+
> [!NOTE]
> By default, services that are started by the Service Control Manager have the built-in Service group added to their access tokens. Component Object Model (COM) servers that are started by the COM infrastructure and that are configured to run under a specific account also have the Service group added to their access tokens. As a result, these services get this user right when they are started. In addition, a user can also impersonate an access token if any of the following conditions exist.
-1) The access token that is being impersonated is for this user.
-2) The user, in this sign-in session, created the access token by signing in to the network with explicit credentials.
-3) The requested level is less than Impersonate, such as Anonymous or Identify.
+
+1. The access token that is being impersonated is for this user.
+1. The user, in this sign-in session, created the access token by signing in to the network with explicit credentials.
+1. The requested level is less than Impersonate, such as Anonymous or Identify.
+
Because of these factors, users don't usually need this user right.
+
> [!WARNING]
> If you enable this setting, programs that previously had the Impersonate privilege might lose it, and they might not run.
@@ -940,11 +991,13 @@ GP Info:
**UserRights/IncreaseSchedulingPriority**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -984,11 +1037,13 @@ GP Info:
**UserRights/LoadUnloadDeviceDrivers**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1007,6 +1062,7 @@ GP Info:
This user right determines which users can dynamically load and unload device drivers or other code in to kernel mode. This user right doesn't apply to Plug and Play device drivers. It's recommended that you don't assign this privilege to other users.
+
> [!CAUTION]
> Assigning this user right can be a security risk. Don't assign this user right to any user, group, or process that you don't want to take over the system.
@@ -1025,11 +1081,13 @@ GP Info:
**UserRights/LockMemory**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1064,11 +1122,13 @@ GP Info:
**UserRights/ManageAuditingAndSecurityLog**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1103,11 +1163,13 @@ GP Info:
**UserRights/ManageVolume**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1125,7 +1187,7 @@ GP Info:
-This user right determines which users and groups can run maintenance tasks on a volume, such as remote defragmentation. Use caution when assigning this user right. Users with this user right can explore disks and extend files in to memory that contains other data. When the extended files are opened, the user might be able to read and modify the acquired data.
+This user right determines which users and groups can run maintenance tasks on a volume, such as remote de-fragmentation. Use caution when assigning this user right. Users with this user right can explore disks and extend files in to memory that contains other data. When the extended files are opened, the user might be able to read and modify the acquired data.
@@ -1142,11 +1204,13 @@ GP Info:
**UserRights/ModifyFirmwareEnvironment**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1165,6 +1229,7 @@ GP Info:
This user right determines who can modify firmware environment values. Firmware environment variables are settings stored in the nonvolatile RAM of non-x86-based computers. The effect of the setting depends on the processor. On x86-based computers, the only firmware environment value that can be modified by assigning this user right is the Last Known Good Configuration setting, which should be modified only by the system. On Itanium-based computers, boot information is stored in nonvolatile RAM. Users must be assigned this user right to run bootcfg.exe and to change the Default Operating System setting on Startup and Recovery in System Properties. On all computers, this user right is required to install or upgrade Windows.
+
> [!NOTE]
> This security setting doesn't affect who can modify the system environment variables and user environment variables that are displayed on the Advanced tab of System Properties.
@@ -1183,11 +1248,13 @@ GP Info:
**UserRights/ModifyObjectLabel**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1222,11 +1289,13 @@ GP Info:
**UserRights/ProfileSingleProcess**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1261,11 +1330,13 @@ GP Info:
**UserRights/RemoteShutdown**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1300,11 +1371,13 @@ GP Info:
**UserRights/RestoreFilesAndDirectories**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1323,6 +1396,7 @@ GP Info:
This user right determines which users can bypass file, directory, registry, and other persistent objects permissions when restoring backed up files and directories, and it determines which users can set any valid security principal as the owner of an object. Specifically, this user right is similar to granting the following permissions to the user or group in question on all files and folders on the system: Traverse Folder/Execute File, Write.
+
> [!CAUTION]
> Assigning this user right can be a security risk. Since users with this user right can overwrite registry settings, hide data, and gain ownership of system objects, assign this user right to trusted users only.
@@ -1341,11 +1415,13 @@ GP Info:
**UserRights/TakeOwnership**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1364,6 +1440,7 @@ GP Info:
This user right determines which users can take ownership of any securable object in the system, including Active Directory objects, files and folders, printers, registry keys, processes, and threads.
+
> [!CAUTION]
> Assigning this user right can be a security risk. Since owners of objects have full control of them, assign this user right to trusted users only.
@@ -1378,3 +1455,7 @@ GP Info:
+
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md b/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md
index 2ca5d714a9..1647ce615c 100644
--- a/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md
+++ b/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - VirtualizationBasedTechnology
description: Learn to use the Policy CSP - VirtualizationBasedTechnology setting to control the state of Hypervisor-protected Code Integrity (HVCI) on devices.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: alekyaj
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 11/25/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - VirtualizationBasedTechnology
@@ -28,18 +28,19 @@ manager: dansimp
-
**VirtualizationBasedTechnology/HypervisorEnforcedCodeIntegrity**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -57,7 +58,7 @@ manager: dansimp
-Allows the IT admin to control the state of Hypervisor-protected Code Integrity (HVCI) on devices. HVCI is a feature within Virtualization Based Security, and is frequently referred to as Memory integrity. Learn more [here](/windows-hardware/design/device-experiences/oem-vbs).
+Allows the IT admin to control the state of Hypervisor-Protected Code Integrity (HVCI) on devices. HVCI is a feature within Virtualization Based Security, and is frequently referred to as Memory integrity. Learn more [here](/windows-hardware/design/device-experiences/oem-vbs).
>[!NOTE]
>After the policy is pushed, a system reboot will be required to change the state of HVCI.
@@ -66,9 +67,9 @@ Allows the IT admin to control the state of Hypervisor-protected Code Integrity
The following are the supported values:
-- 0: (Disabled) Turns off Hypervisor-Protected Code Integrity remotely if configured previously without UEFI Lock
-- 1: (Enabled with UEFI lock) Turns on Hypervisor-Protected Code Integrity with UEFI lock
-- 2: (Enabled without lock) Turns on Hypervisor-Protected Code Integrity without UEFI lock
+- 0: (Disabled) Turns off Hypervisor-Protected Code Integrity remotely if configured previously without UEFI Lock.
+- 1: (Enabled with UEFI lock) Turns on Hypervisor-Protected Code Integrity with UEFI lock.
+- 2: (Enabled without lock) Turns on Hypervisor-Protected Code Integrity without UEFI lock.
@@ -84,11 +85,13 @@ The following are the supported values:
**VirtualizationBasedTechnology/RequireUEFIMemoryAttributesTable**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -106,7 +109,7 @@ The following are the supported values:
-Allows the IT admin to control the state of Hypervisor-protected Code Integrity (HVCI) on devices. HVCI is a feature within Virtualization Based Security, and is frequently referred to as Memory integrity. Learn more [here](/windows-hardware/design/device-experiences/oem-vbs).
+Allows the IT admin to control the state of Hypervisor-Protected Code Integrity (HVCI) on devices. HVCI is a feature within Virtualization Based Security, and is frequently referred to as Memory integrity. Learn more [here](/windows-hardware/design/device-experiences/oem-vbs).
>[!NOTE]
>After the policy is pushed, a system reboot will be required to change the state of HVCI.
@@ -116,8 +119,8 @@ Allows the IT admin to control the state of Hypervisor-protected Code Integrity
The following are the supported values:
-- 0: (Disabled) Do not require UEFI Memory Attributes Table
-- 1: (Enabled) Require UEFI Memory Attributes Table
+- 0: (Disabled) Do not require UEFI Memory Attributes Table.
+- 1: (Enabled) Require UEFI Memory Attributes Table.
@@ -131,3 +134,6 @@ The following are the supported values:
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-wifi.md b/windows/client-management/mdm/policy-csp-wifi.md
index 0f2a4df17d..8d71416429 100644
--- a/windows/client-management/mdm/policy-csp-wifi.md
+++ b/windows/client-management/mdm/policy-csp-wifi.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - Wifi
description: Learn how the Policy CSP - Wifi setting allows or disallows the device to automatically connect to Wi-Fi hotspots.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - Wifi
@@ -69,6 +69,7 @@ This policy has been deprecated.
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -119,6 +120,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -169,6 +171,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -214,6 +217,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -256,6 +260,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -296,6 +301,7 @@ The following list shows the supported values:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-windowsautopilot.md b/windows/client-management/mdm/policy-csp-windowsautopilot.md
index 1dc3fde74d..80be71fb1a 100644
--- a/windows/client-management/mdm/policy-csp-windowsautopilot.md
+++ b/windows/client-management/mdm/policy-csp-windowsautopilot.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - WindowsAutoPilot
description: Learn to use the Policy CSP - WindowsAutoPilot setting to enable or disable Autopilot Agility feature.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: alekyaj
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 11/25/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - WindowsAutoPilot
@@ -39,6 +39,7 @@ manager: dansimp
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -72,3 +73,6 @@ This policy enables Windows Autopilot to be kept up-to-date during the out-of-bo
+
+## Related topics
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md b/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md
index dd72a9ae8b..8ebc7d88fe 100644
--- a/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md
+++ b/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md
@@ -1,21 +1,19 @@
---
title: Policy CSP - WindowsConnectionManager
description: The Policy CSP - WindowsConnectionManager setting prevents computers from connecting to a domain-based network and a non-domain-based network simultaneously.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - WindowsConnectionManager
-
-
@@ -34,11 +32,13 @@ manager: dansimp
**WindowsConnectionManager/ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -60,23 +60,25 @@ This policy setting prevents computers from connecting to both a domain-based ne
If this policy setting is enabled, the computer responds to automatic and manual network connection attempts based on the following circumstances:
-Automatic connection attempts
+Automatic connection attempts:
+
- When the computer is already connected to a domain-based network, all automatic connection attempts to non-domain networks are blocked.
- When the computer is already connected to a non-domain-based network, automatic connection attempts to domain-based networks are blocked.
-Manual connection attempts
-- When the computer is already connected to either a non-domain-based network or a domain-based network over media other than Ethernet, and a user attempts to create a manual connection to another network in violation of this policy setting, the existing network connection is disconnected and the manual connection is allowed.
-- When the computer is already connected to either a non-domain-based network or a domain-based network over Ethernet, and a user attempts to create a manual connection to another network in violation of this policy setting, the existing Ethernet connection is maintained and the manual connection attempt is blocked.
+Manual connection attempts:
+
+- When the computer is already connected to either a non-domain-based network or a domain-based network over media other than Ethernet, and a user attempts to create a manual connection to another network in violation of this policy setting, then an existing network connection is disconnected and the manual connection is allowed.
+- When the computer is already connected to either a non-domain-based network or a domain-based network over Ethernet, and a user attempts to create a manual connection to another network in violation of this policy setting, then an existing Ethernet connection is maintained and the manual connection attempt is blocked.
If this policy setting isn't configured or is disabled, computers are allowed to connect simultaneously to both domain and non-domain networks.
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -89,6 +91,8 @@ ADMX Info:
-
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
index f7a519d956..874ba7b1ce 100644
--- a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
+++ b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
@@ -1,23 +1,23 @@
---
title: Policy CSP - WindowsDefenderSecurityCenter
-description: Learn how to use the Policy CSP - WindowsDefenderSecurityCenter setting to display the Account protection area in Windows Defender Security Center.
-ms.author: dansimp
+description: Learn how to use the Policy CSP - WindowsDefenderSecurityCenter setting to display the Account protection area in Windows Defender Security Center.
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - WindowsDefenderSecurityCenter
-
+
## WindowsDefenderSecurityCenter policies
@@ -89,18 +89,19 @@ manager: dansimp
-
**WindowsDefenderSecurityCenter/CompanyName**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -120,10 +121,12 @@ manager: dansimp
The company name that is displayed to the users. CompanyName is required for both EnableCustomizedToasts and EnableInAppCustomization. If you disable or don't configure this setting, or don't have EnableCustomizedToasts or EnableInAppCustomization enabled, then devices won't display the contact options.
-Value type is string. Supported operations are Add, Get, Replace and Delete.
+- Supported value type is string.
+- Supported operations are Add, Get, Replace and Delete.
+
ADMX Info:
- GP Friendly name: *Specify contact company name*
- GP name: *EnterpriseCustomization_CompanyName*
@@ -140,11 +143,13 @@ ADMX Info:
**WindowsDefenderSecurityCenter/DisableAccountProtectionUI**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -188,11 +193,13 @@ Valid values:
**WindowsDefenderSecurityCenter/DisableAppBrowserUI**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -212,7 +219,8 @@ Valid values:
Use this policy setting if you want to disable the display of the app and browser protection area in Windows Defender Security Center. If you disable or don't configure this setting, Windows Defender Security Center will display this area.
-Value type is integer. Supported operations are Add, Get, Replace and Delete.
+- Supported value type is integer.
+- Supported operations are Add, Get, Replace and Delete.
@@ -238,11 +246,13 @@ The following list shows the supported values:
**WindowsDefenderSecurityCenter/DisableClearTpmButton**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -262,14 +272,9 @@ The following list shows the supported values:
Disable the Clear TPM button in Windows Security.
-Enabled:
-The Clear TPM button will be unavailable for use.
-
-Disabled:
-The Clear TPM button will be available for use on supported systems.
-
-Not configured:
-Same as Disabled.
+- Enabled: The Clear TPM button will be unavailable for use.
+- Disabled: The Clear TPM button will be available for use on supported systems.
+- Not configured: Same as Disabled.
Supported values:
@@ -302,11 +307,13 @@ ADMX Info:
**WindowsDefenderSecurityCenter/DisableDeviceSecurityUI**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -350,11 +357,13 @@ Valid values:
**WindowsDefenderSecurityCenter/DisableEnhancedNotifications**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -377,7 +386,8 @@ Use this policy if you want Windows Defender Security Center to only display not
> [!NOTE]
> If Suppress notification is enabled then users won't see critical or non-critical messages.
-Value type is integer. Supported operations are Add, Get, Replace and Delete.
+- Supported value type is integer.
+- Supported operations are Add, Get, Replace and Delete.
@@ -403,11 +413,13 @@ The following list shows the supported values:
**WindowsDefenderSecurityCenter/DisableFamilyUI**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -427,7 +439,8 @@ The following list shows the supported values:
Use this policy setting if you want to disable the display of the family options area in Windows Defender Security Center. If you disable or don't configure this setting, Windows Defender Security Center will display this area.
-Value type is integer. Supported operations are Add, Get, Replace and Delete.
+- Supported value type is integer.
+- Supported operations are Add, Get, Replace and Delete.
@@ -453,11 +466,13 @@ The following list shows the supported values:
**WindowsDefenderSecurityCenter/DisableHealthUI**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -477,7 +492,8 @@ The following list shows the supported values:
Use this policy setting if you want to disable the display of the device performance and health area in Windows Defender Security Center. If you disable or don't configure this setting, Windows Defender Security Center will display this area.
-Value type is integer. Supported operations are Add, Get, Replace and Delete.
+- Supported value type is integer.
+- Supported operations are Add, Get, Replace and Delete.
@@ -503,11 +519,13 @@ The following list shows the supported values:
**WindowsDefenderSecurityCenter/DisableNetworkUI**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -527,7 +545,8 @@ The following list shows the supported values:
Use this policy setting if you want to disable the display of the firewall and network protection area in Windows Defender Security Center. If you disable or don't configure this setting, Windows Defender Security Center will display this area.
-Value type is integer. Supported operations are Add, Get, Replace and Delete.
+- Supported value type is integer.
+- Supported operations are Add, Get, Replace and Delete.
@@ -553,11 +572,13 @@ The following list shows the supported values:
**WindowsDefenderSecurityCenter/DisableNotifications**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -577,7 +598,8 @@ The following list shows the supported values:
Use this policy setting if you want to disable the display of Windows Defender Security Center notifications. If you disable or don't configure this setting, Windows Defender Security Center notifications will display on devices.
-Value type is integer. Supported operations are Add, Get, Replace and Delete.
+- Supported value type is integer.
+- Supported operations are Add, Get, Replace and Delete.
@@ -603,11 +625,13 @@ The following list shows the supported values:
**WindowsDefenderSecurityCenter/DisableTpmFirmwareUpdateWarning**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -627,14 +651,9 @@ The following list shows the supported values:
Hide the recommendation to update TPM Firmware when a vulnerable firmware is detected.
-Enabled:
-Users won't be shown a recommendation to update their TPM Firmware.
-
-Disabled:
-Users will see a recommendation to update their TPM Firmware if Windows Security detects the system contains a TPM with vulnerable firmware.
-
-Not configured:
-Same as Disabled.
+- Enabled: Users won't be shown a recommendation to update their TPM Firmware.
+- Disabled: Users will see a recommendation to update their TPM Firmware if Windows Security detects the system contains a TPM with vulnerable firmware.
+- Not configured: Same as Disabled.
Supported values:
@@ -667,11 +686,13 @@ ADMX Info:
**WindowsDefenderSecurityCenter/DisableVirusUI**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -691,7 +712,8 @@ ADMX Info:
Use this policy setting if you want to disable the display of the virus and threat protection area in Windows Defender Security Center. If you disable or don't configure this setting, Windows Defender Security Center will display this area.
-Value type is integer. Supported operations are Add, Get, Replace and Delete.
+- Supported value type is integer.
+- Supported operations are Add, Get, Replace and Delete.
@@ -717,11 +739,13 @@ The following list shows the supported values:
**WindowsDefenderSecurityCenter/DisallowExploitProtectionOverride**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -741,7 +765,8 @@ The following list shows the supported values:
Prevent users from making changes to the exploit protection settings area in the Windows Defender Security Center. If you disable or don't configure this setting, local users can make changes in the exploit protection settings area.
-Value type is integer. Supported operations are Add, Get, Replace and Delete.
+- Supported value type is integer.
+- Supported operations are Add, Get, Replace and Delete.
@@ -767,11 +792,13 @@ The following list shows the supported values:
**WindowsDefenderSecurityCenter/Email**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -789,9 +816,10 @@ The following list shows the supported values:
-The email address that is displayed to users. The default mail application is used to initiate email actions. If you disable or don't configure this setting, or don't have EnableCustomizedToasts or EnableInAppCustomization enabled, then devices won't display contact options.
+The email address that is displayed to users. The default mail application is used to initiate email actions. If you disable or don't configure this setting, or don't have EnableCustomizedToasts or EnableInAppCustomization enabled, then devices won't display contact options.
-Value type is string. Supported operations are Add, Get, Replace and Delete.
+- Supported value type is string.
+- Supported operations are Add, Get, Replace and Delete.
@@ -811,11 +839,13 @@ ADMX Info:
**WindowsDefenderSecurityCenter/EnableCustomizedToasts**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -835,7 +865,8 @@ ADMX Info:
Enable this policy to display your company name and contact options in the notifications. If you disable or don't configure this setting, or don't provide CompanyName and a minimum of one contact method (Phone using Skype, Email, Help portal URL) Windows Defender Security Center will display a default notification text.
-Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+- Supported value type is integer.
+- Supported operations are Add, Get, Replace, and Delete.
@@ -861,11 +892,13 @@ The following list shows the supported values:
**WindowsDefenderSecurityCenter/EnableInAppCustomization**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -885,7 +918,8 @@ The following list shows the supported values:
Enable this policy to have your company name and contact options displayed in a contact card fly out in Windows Defender Security Center. If you disable or don't configure this setting, or don't provide CompanyName and a minimum of one contact method (Phone using Skype, Email, Help portal URL) Windows Defender Security Center won't display the contact card fly out notification.
-Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+- Support value type is integer.
+- Supported operations are Add, Get, Replace, and Delete.
@@ -911,11 +945,13 @@ The following list shows the supported values:
**WindowsDefenderSecurityCenter/HideRansomwareDataRecovery**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -959,11 +995,13 @@ Valid values:
**WindowsDefenderSecurityCenter/HideSecureBoot**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1007,11 +1045,13 @@ Valid values:
**WindowsDefenderSecurityCenter/HideTPMTroubleshooting**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1055,11 +1095,13 @@ Valid values:
**WindowsDefenderSecurityCenter/HideWindowsSecurityNotificationAreaControl**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1081,14 +1123,9 @@ This policy setting hides the Windows Security notification area control.
The user needs to either sign out and sign in or reboot the computer for this setting to take effect.
-Enabled:
-Windows Security notification area control will be hidden.
-
-Disabled:
-Windows Security notification area control will be shown.
-
-Not configured:
-Same as Disabled.
+- Enabled: Windows Security notification area control will be hidden.
+- Disabled: Windows Security notification area control will be shown.
+- Not configured: Same as Disabled.
Supported values:
@@ -1121,11 +1158,13 @@ ADMX Info:
**WindowsDefenderSecurityCenter/Phone**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1143,9 +1182,10 @@ ADMX Info:
-The phone number or Skype ID that is displayed to users. Skype is used to initiate the call. If you disable or don't configure this setting, or don't have EnableCustomizedToasts or EnableInAppCustomization enabled, then devices won't display contact options.
+The phone number or Skype ID that is displayed to users. Skype is used to initiate the call. If you disable or don't configure this setting, or don't have EnableCustomizedToasts or EnableInAppCustomization enabled, then devices won't display contact options.
-Value type is string. Supported operations are Add, Get, Replace, and Delete.
+- Supported value type is string.
+- Supported operations are Add, Get, Replace, and Delete.
@@ -1165,11 +1205,13 @@ ADMX Info:
**WindowsDefenderSecurityCenter/URL**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -1189,7 +1231,8 @@ ADMX Info:
The help portal URL that is displayed to users. The default browser is used to initiate this action. If you disable or don't configure this setting, or don't have EnableCustomizedToasts or EnableInAppCustomization enabled, then the device won't display contact options.
-Value type is string. Supported operations are Add, Get, Replace, and Delete.
+- Supported value type is string.
+- Supported operations are Add, Get, Replace, and Delete.
@@ -1205,3 +1248,7 @@ ADMX Info:
+
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md
index 6daf010d04..6879085541 100644
--- a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md
+++ b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md
@@ -1,20 +1,19 @@
---
title: Policy CSP - WindowsInkWorkspace
description: Learn to use the Policy CSP - WindowsInkWorkspace setting to specify whether to allow the user to access the ink workspace.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - WindowsInkWorkspace
-
@@ -29,18 +28,19 @@ manager: dansimp
-
**WindowsInkWorkspace/AllowSuggestedAppsInWindowsInkWorkspace**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -84,11 +84,13 @@ The following list shows the supported values:
**WindowsInkWorkspace/AllowWindowsInkWorkspace**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -119,7 +121,7 @@ ADMX Info:
-Value type is int. The following list shows the supported values:
+Supported value type is int. The following list shows the supported values:
- 0 - access to ink workspace is disabled. The feature is turned off.
- 1 - ink workspace is enabled (feature is turned on), but the user cannot access it above the lock screen.
@@ -131,3 +133,6 @@ Value type is int. The following list shows the supported values:
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-windowslogon.md b/windows/client-management/mdm/policy-csp-windowslogon.md
index 4998d7eaf9..bb762016fc 100644
--- a/windows/client-management/mdm/policy-csp-windowslogon.md
+++ b/windows/client-management/mdm/policy-csp-windowslogon.md
@@ -1,21 +1,19 @@
---
title: Policy CSP - WindowsLogon
description: Use the Policy CSP - WindowsLogon setting to control whether a device automatically signs in and locks the last interactive user after the system restarts.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - WindowsLogon
-
-
@@ -52,18 +50,19 @@ manager: dansimp
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
**WindowsLogon/AllowAutomaticRestartSignOn**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -120,11 +119,13 @@ ADMX Info:
**WindowsLogon/ConfigAutomaticRestartSignOn**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -181,11 +182,13 @@ ADMX Info:
**WindowsLogon/DisableLockScreenAppNotifications**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -227,11 +230,13 @@ ADMX Info:
**WindowsLogon/DontDisplayNetworkSelectionUI**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -298,11 +303,13 @@ ADMX Info:
**WindowsLogon/EnableFirstLogonAnimation**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -359,11 +366,13 @@ Supported values:
**WindowsLogon/EnumerateLocalUsersOnDomainJoinedComputers**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -405,11 +414,13 @@ ADMX Info:
**WindowsLogon/HideFastUserSwitching**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -457,3 +468,6 @@ To validate on Desktop, do the following steps:
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-windowspowershell.md b/windows/client-management/mdm/policy-csp-windowspowershell.md
index 13e24a3f5d..e03c8cee0e 100644
--- a/windows/client-management/mdm/policy-csp-windowspowershell.md
+++ b/windows/client-management/mdm/policy-csp-windowspowershell.md
@@ -1,21 +1,19 @@
---
title: Policy CSP - WindowsPowerShell
description: Use the Policy CSP - WindowsPowerShell setting to enable logging of all PowerShell script input to the Microsoft-Windows-PowerShell/Operational event log.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - WindowsPowerShell
-
-
@@ -34,11 +32,13 @@ manager: dansimp
**WindowsPowerShell/TurnOnPowerShellScriptBlockLogging**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -57,19 +57,18 @@ manager: dansimp
-This policy setting enables logging of all PowerShell script input to the Microsoft-Windows-PowerShell/Operational event log. If you enable this policy setting,
-Windows PowerShell will log the processing of commands, script blocks, functions, and scripts - whether invoked interactively, or through automation.
+This policy setting enables logging of all PowerShell script input to the Microsoft-Windows-PowerShell/Operational event log. If you enable this policy setting, Windows PowerShell will log the processing of commands, script blocks, functions, and scripts - whether invoked interactively, or through automation.
If you disable this policy setting, logging of PowerShell script input is disabled.
-If you enable the Script Block Invocation Logging, PowerShell additionally logs events when invocation of a command, script block, function, or script
-starts or stops. Enabling Invocation Logging generates a high volume of event logs.
+If you enable the Script Block Invocation Logging, PowerShell additionally logs events when invocation of a command, script block, function, or script starts or stops. Enabling Invocation Logging generates a high volume of event logs.
-Note: This policy setting exists under both Computer Configuration and User Configuration in the Group Policy Editor. The Computer Configuration policy setting takes precedence over the User Configuration policy setting.
+> [!NOTE]
+> This policy setting exists under both Computer Configuration and User Configuration in the Group Policy Editor. The Computer Configuration policy setting takes precedence over the User Configuration policy setting.
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
@@ -86,6 +85,8 @@ ADMX Info:
-
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-windowssandbox.md b/windows/client-management/mdm/policy-csp-windowssandbox.md
index 02edfd6f6e..b66b784a64 100644
--- a/windows/client-management/mdm/policy-csp-windowssandbox.md
+++ b/windows/client-management/mdm/policy-csp-windowssandbox.md
@@ -1,11 +1,11 @@
---
title: Policy CSP - WindowsSandbox
description: Policy CSP - WindowsSandbox
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 10/14/2020
---
@@ -39,7 +39,6 @@ ms.date: 10/14/2020
-
@@ -48,11 +47,13 @@ ms.date: 10/14/2020
Available in the latest Windows 10 insider preview build.
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -118,11 +119,13 @@ The following are the supported values:
Available in the latest Windows 10 insider preview build.
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -142,7 +145,7 @@ Available in the latest Windows 10 insider preview build.
This policy setting allows the IT admin to enable or disable sharing of the host clipboard with the sandbox.
-If this policy isn't configured, end-users get the default behavior (clipboard redirection enabled.
+If this policy isn't configured, end-users get the default behavior (clipboard redirection enabled).
If clipboard sharing is disabled, a user won't be able to enable clipboard sharing from their own configuration file.
@@ -185,11 +188,13 @@ The following are the supported values:
Available in the latest Windows 10 insider preview build.
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -250,11 +255,13 @@ The following are the supported values:
Available in the latest Windows 10 insider preview build.
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -272,7 +279,7 @@ Available in the latest Windows 10 insider preview build.
-This policy setting allows the IT admin to enable or disable printer sharing from the host into the Sandbox.
+This policy setting allows the IT admin to enable or disable printer sharing from the host into the Sandbox.
If this policy isn't configured, end-users get the default behavior (printer sharing disabled).
@@ -316,11 +323,13 @@ The following are the supported values:
Available in the latest Windows 10 insider preview build.
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -385,11 +394,13 @@ The following are the supported values:
Available in the latest Windows 10 insider preview build.
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -448,3 +459,7 @@ The following are the supported values:
+
+## Related topics
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-wirelessdisplay.md b/windows/client-management/mdm/policy-csp-wirelessdisplay.md
index ac5e6d69fd..f3891cb68f 100644
--- a/windows/client-management/mdm/policy-csp-wirelessdisplay.md
+++ b/windows/client-management/mdm/policy-csp-wirelessdisplay.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - WirelessDisplay
description: Use the Policy CSP - WirelessDisplay setting to turn off the Wireless Display multicast DNS service advertisement from a Wireless Display receiver.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - WirelessDisplay
@@ -56,11 +56,13 @@ manager: dansimp
**WirelessDisplay/AllowMdnsAdvertisement**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -96,11 +98,13 @@ The following list shows the supported values:
**WirelessDisplay/AllowMdnsDiscovery**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -136,11 +140,13 @@ The following list shows the supported values:
**WirelessDisplay/AllowMovementDetectionOnInfrastructure**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -183,11 +189,13 @@ The following list shows the supported values:
**WirelessDisplay/AllowProjectionFromPC**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -223,11 +231,13 @@ The following list shows the supported values:
**WirelessDisplay/AllowProjectionFromPCOverInfrastructure**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -263,11 +273,13 @@ The following list shows the supported values:
**WirelessDisplay/AllowProjectionToPC**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -289,7 +301,7 @@ Allow or disallow turning off the projection to a PC.
If you set it to 0 (zero), your PC isn't discoverable and you can't project to it. If you set it to 1, your PC is discoverable and you can project to it above the lock screen. The user has an option to turn it always on or always off except for manual launch. In PCs that support Miracast, after the policy is applied you can verify the setting from the user interface in **Settings** > **System** > **Projecting to this PC**.
-Value type is integer.
+Supported value type is integer.
@@ -315,11 +327,13 @@ The following list shows the supported values:
**WirelessDisplay/AllowProjectionToPCOverInfrastructure**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -355,11 +369,13 @@ The following list shows the supported values:
**WirelessDisplay/AllowUserInputFromWirelessDisplayReceiver**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -395,11 +411,13 @@ The following list shows the supported values:
**WirelessDisplay/RequirePinForPairing**
+The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -421,7 +439,7 @@ Allow or disallow requirement for a PIN for pairing.
If you turn on this policy, the pairing ceremony for new devices will always require a PIN. If you turn off this policy or don't configure it, a PIN isn't required for pairing. In PCs that support Miracast, after the policy is applied you can verify the setting from the user interface in **Settings** > **System** > **Projecting to this PC**.
-Value type is integer.
+Supported value type is integer.
@@ -444,3 +462,7 @@ The following list shows the supported values:
+CSP Article:
+
+## Related topics
+[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-ddf-file.md b/windows/client-management/mdm/policy-ddf-file.md
index 4294786148..16bce236f5 100644
--- a/windows/client-management/mdm/policy-ddf-file.md
+++ b/windows/client-management/mdm/policy-ddf-file.md
@@ -1,14 +1,13 @@
---
title: Policy DDF file
description: Learn about the OMA DM device description framework (DDF) for the Policy configuration service provider.
-ms.assetid: D90791B5-A772-4AF8-B058-5D566865AF8D
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 10/28/2020
---
diff --git a/windows/client-management/mdm/provisioning-csp.md b/windows/client-management/mdm/provisioning-csp.md
index 70d22a6a7b..5b0882d135 100644
--- a/windows/client-management/mdm/provisioning-csp.md
+++ b/windows/client-management/mdm/provisioning-csp.md
@@ -1,14 +1,13 @@
---
title: Provisioning CSP
description: The Provisioning configuration service provider is used for bulk user enrollment to an MDM service.
-ms.assetid: 5D6C17BE-727A-4AFA-9F30-B34C1EA1D2AE
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
@@ -20,6 +19,7 @@ The table below shows the applicability of Windows:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/push-notification-windows-mdm.md b/windows/client-management/mdm/push-notification-windows-mdm.md
index 43c7d7baf5..5f5f318d06 100644
--- a/windows/client-management/mdm/push-notification-windows-mdm.md
+++ b/windows/client-management/mdm/push-notification-windows-mdm.md
@@ -1,17 +1,16 @@
---
title: Push notification support for device management
description: The DMClient CSP supports the ability to configure push-initiated device management sessions.
-MS-HAID:
-- 'p\_phdevicemgmt.push\_notification\_support\_for\_device\_management'
-- 'p\_phDeviceMgmt.push\_notification\_windows\_mdm'
-ms.assetid: 9031C4FE-212A-4481-A1B0-4C3190B388AE
+MS-HAID:
+ - 'p\_phdevicemgmt.push\_notification\_support\_for\_device\_management'
+ - 'p\_phDeviceMgmt.push\_notification\_windows\_mdm'
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/22/2017
---
diff --git a/windows/client-management/mdm/pxlogical-csp.md b/windows/client-management/mdm/pxlogical-csp.md
index 6401374804..78bb60896b 100644
--- a/windows/client-management/mdm/pxlogical-csp.md
+++ b/windows/client-management/mdm/pxlogical-csp.md
@@ -1,14 +1,13 @@
---
title: PXLOGICAL configuration service provider
description: The PXLOGICAL configuration service provider is used to add, remove, or modify WAP logical and physical proxies by using WAP or the standard Windows techniques.
-ms.assetid: b5fc84d4-aa32-4edd-95f1-a6a9c0feb459
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
@@ -44,9 +43,9 @@ PXLOGICAL
-------TO-NAPID
```
-
The following example shows the PXLOGICAL configuration service provider management object in tree format as used by OMA Client Provisioning for updating the bootstrapping of the device. The OMA DM protocol isn't supported by this configuration service provider.
+
```console
PXLOGICAL
--PROXY-ID
diff --git a/windows/client-management/mdm/reboot-csp.md b/windows/client-management/mdm/reboot-csp.md
index 7403425b15..50bb03819f 100644
--- a/windows/client-management/mdm/reboot-csp.md
+++ b/windows/client-management/mdm/reboot-csp.md
@@ -1,14 +1,13 @@
---
title: Reboot CSP
description: Learn how the Reboot configuration service provider (CSP) is used to configure reboot settings.
-ms.assetid: 4E3F1225-BBAD-40F5-A1AB-FF221B6BAF48
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
@@ -20,6 +19,7 @@ The table below shows the applicability of Windows:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/reboot-ddf-file.md b/windows/client-management/mdm/reboot-ddf-file.md
index 186190cbec..3628eaf7e4 100644
--- a/windows/client-management/mdm/reboot-ddf-file.md
+++ b/windows/client-management/mdm/reboot-ddf-file.md
@@ -1,14 +1,13 @@
---
title: Reboot DDF file
description: This topic shows the OMA DM device description framework (DDF) for the Reboot configuration service provider. DDF files are used only with OMA DM provisioning XML.
-ms.assetid: ABBD850C-E744-462C-88E7-CA3F43D80DB1
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/reclaim-seat-from-user.md b/windows/client-management/mdm/reclaim-seat-from-user.md
index 89bfa7164d..bdd37fcbbe 100644
--- a/windows/client-management/mdm/reclaim-seat-from-user.md
+++ b/windows/client-management/mdm/reclaim-seat-from-user.md
@@ -1,14 +1,13 @@
---
title: Reclaim seat from user
description: The Reclaim seat from user operation returns reclaimed seats for a user in the Microsoft Store for Business.
-ms.assetid: E2C3C899-D0AD-469A-A319-31A420472A4C
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 05/05/2020
---
diff --git a/windows/client-management/mdm/register-your-free-azure-active-directory-subscription.md b/windows/client-management/mdm/register-your-free-azure-active-directory-subscription.md
index 0d32ea3135..c73053417b 100644
--- a/windows/client-management/mdm/register-your-free-azure-active-directory-subscription.md
+++ b/windows/client-management/mdm/register-your-free-azure-active-directory-subscription.md
@@ -1,14 +1,13 @@
---
title: Register your free Azure Active Directory subscription
description: Paid subscribers to Office 365, Microsoft Dynamics CRM Online, Enterprise Mobility Suite, or other Microsoft services, have a free subscription to Azure AD.
-ms.assetid: 97DCD303-BB11-4AFF-84FE-B7F14CDF64F7
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/remotefind-csp.md b/windows/client-management/mdm/remotefind-csp.md
index 83a95ac493..96140781af 100644
--- a/windows/client-management/mdm/remotefind-csp.md
+++ b/windows/client-management/mdm/remotefind-csp.md
@@ -1,14 +1,13 @@
---
title: RemoteFind CSP
description: The RemoteFind configuration service provider retrieves the location information for a particular device.
-ms.assetid: 2EB02824-65BF-4B40-A338-672D219AF5A0
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
@@ -20,6 +19,7 @@ The table below shows the applicability of Windows:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -189,13 +189,3 @@ Supported operation is Get.
## Related topics
[Configuration service provider reference](configuration-service-provider-reference.md)
-
-
-
-
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/remotefind-ddf-file.md b/windows/client-management/mdm/remotefind-ddf-file.md
index 3886bb405d..e92498a5f3 100644
--- a/windows/client-management/mdm/remotefind-ddf-file.md
+++ b/windows/client-management/mdm/remotefind-ddf-file.md
@@ -1,14 +1,13 @@
---
title: RemoteFind DDF file
description: This topic shows the OMA DM device description framework (DDF) for the RemoteFind configuration service provider. DDF files are used only with OMA DM provisioning XML.
-ms.assetid: 5864CBB8-2030-459E-BCF6-9ACB69206FEA
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/remotering-csp.md b/windows/client-management/mdm/remotering-csp.md
new file mode 100644
index 0000000000..441f69fe60
--- /dev/null
+++ b/windows/client-management/mdm/remotering-csp.md
@@ -0,0 +1,64 @@
+---
+title: RemoteRing CSP
+description: The RemoteRing CSP can be used to remotely trigger a device to produce an audible ringing sound regardless of the volume that's set on the device.
+ms.reviewer:
+manager: aaroncz
+ms.author: vinpa
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: vinaypamnani-msft
+ms.date: 06/26/2017
+---
+
+# RemoteRing CSP
+
+
+You can use the RemoteRing configuration service provider to remotely trigger a device to produce an audible ringing sound, regardless of the volume that is set on the device.
+
+The following DDF format shows the RemoteRing configuration service provider in tree format.
+```
+./User/Vendor/MSFT
+RemoteRing
+----Ring
+
+
+./Device/Vendor/MSFT
+Root
+
+
+./User/Vendor/MSFT
+./Device/Vendor/MSFT
+RemoteRing
+----Ring
+```
+**Ring**
+Required. The node accepts requests to ring the device.
+
+The supported operation is Exec.
+
+## Examples
+
+
+The following sample shows how to initiate a remote ring on the device.
+
+```xml
+
+ 5
+
+
+ ./Vendor/MSFT/RemoteRing/Ring
+
+
+
+```
+
+
+
+
+
+
+
+
+
+
diff --git a/windows/client-management/mdm/remotewipe-csp.md b/windows/client-management/mdm/remotewipe-csp.md
index 0771489578..07413835c9 100644
--- a/windows/client-management/mdm/remotewipe-csp.md
+++ b/windows/client-management/mdm/remotewipe-csp.md
@@ -1,14 +1,13 @@
---
title: RemoteWipe CSP
description: Learn how the RemoteWipe configuration service provider (CSP) can be used by mobile operators DM server or enterprise management server to remotely wipe a device.
-ms.assetid: 6e89bd37-7680-4940-8a67-11ed062ffb70
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 08/13/2018
---
@@ -20,13 +19,15 @@ The table below shows the applicability of Windows:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
-The RemoteWipe configuration service provider can be used by mobile operators DM server or enterprise management server to remotely wipe a device. The RemoteWipe configuration service provider can make the data stored in memory and hard disks difficult to recover if the device is remotely wiped after being lost or stolen.
+The RemoteWipe configuration service provider can be used by mobile operators DM server or enterprise management server to remotely reset a device. The RemoteWipe configuration service provider can make the data stored in memory and hard disks difficult to recover if the device is remotely reset after being lost or stolen.
The following example shows the RemoteWipe configuration service provider management object in tree format as used by both OMA DM and OMA Client Provisioning. Enterprise IT Professionals can update these settings by using the Exchange Server.
+
```
./Vendor/MSFT
RemoteWipe
@@ -39,15 +40,16 @@ RemoteWipe
--------LastError
--------Status
```
+
**doWipe**
-Specifies that a remote wipe of the device should be performed. The return status code indicates whether the device accepted the Exec command.
+Exec on this node starts a remote reset of the device. A remote reset is equivalent to running "Reset this PC > Remove everything" from the Settings app, with **Clean Data** set to No and **Delete Files** set to Yes. The return status code indicates whether the device accepted the Exec command. If a doWipe reset is started and then interrupted, the PC will attempt to roll-back to the pre-reset state. If the PC can't be rolled-back, the recovery environment will take no additional actions and the PC could be in an unusable state and Windows will have to be reinstalled.
When used with OMA Client Provisioning, a dummy value of "1" should be included for this element.
Supported operation is Exec.
**doWipePersistProvisionedData**
-Specifies that provisioning data should be backed up to a persistent location, and then a remote wipe of the device should be performed.
+Exec on this node specifies that provisioning packages in the `%SystemDrive%\ProgramData\Microsoft\Provisioning` folder will be retained and then applied to the OS after the reset.
When used with OMA Client Provisioning, a dummy value of "1" should be included for this element.
@@ -56,14 +58,14 @@ Supported operation is Exec.
The information that was backed up will be restored and applied to the device when it resumes. The return status code shows whether the device accepted the Exec command.
**doWipeProtected**
-Added in Windows 10, version 1703. Exec on this node performs a remote wipe on the device and fully clean the internal drive. In some device configurations, this command may leave the device unable to boot. The return status code indicates whether the device accepted the Exec command.
+Added in Windows 10, version 1703. Exec on this node performs a remote reset on the device and also fully cleans the internal drive. Drives that are cleaned with doWipeProtected aren't expected to meet industry or government standards for data cleaning. In some device configurations, this command may leave the device unable to boot. The return status code indicates whether the device accepted the Exec command, but not whether the reset was successful.
-The doWipeProtected is functionally similar to doWipe. But unlike doWipe, which can be easily circumvented by simply power cycling the device, doWipeProtected will keep trying to reset the device until it’s done.
+The doWipeProtected is functionally similar to doWipe. But unlike doWipe, which can be easily circumvented by simply power cycling the device, if a reset that uses doWipeProtected is interrupted, upon restart it will clean the PC's disk partitions. Because doWipeProtected will clean the partitions in case of failure or interruption, use doWipeProtected in lost/stolen device scenarios.
Supported operation is Exec.
**doWipePersistUserData**
-Added in Windows 10, version 1709. Exec on this node will perform a remote reset on the device, and persist user accounts and data. The return status code shows whether the device accepted the Exec command.
+Added in Windows 10, version 1709. Exec on this node will perform a remote reset on the device, and persist user accounts and data. This setting is equivalent to selecting "Reset this PC > Keep my files" when manually starting a reset from the Settings app. The return status code shows whether the device accepted the Exec command.
**AutomaticRedeployment**
Added in Windows 10, version 1809. Node for the Autopilot Reset operation.
diff --git a/windows/client-management/mdm/remotewipe-ddf-file.md b/windows/client-management/mdm/remotewipe-ddf-file.md
index f7982ce49b..290767b7a1 100644
--- a/windows/client-management/mdm/remotewipe-ddf-file.md
+++ b/windows/client-management/mdm/remotewipe-ddf-file.md
@@ -1,14 +1,13 @@
---
title: RemoteWipe DDF file
description: Learn about the OMA DM device description framework (DDF) for the RemoteWipe configuration service provider.
-ms.assetid: 10ec4fb7-f911-4d0c-9a8f-e96bf5faea0c
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 08/13/2018
---
diff --git a/windows/client-management/mdm/reporting-csp.md b/windows/client-management/mdm/reporting-csp.md
index fd6c701600..79814579cb 100644
--- a/windows/client-management/mdm/reporting-csp.md
+++ b/windows/client-management/mdm/reporting-csp.md
@@ -1,14 +1,13 @@
---
title: Reporting CSP
description: The Reporting configuration service provider is used to retrieve Windows Information Protection (formerly known as Enterprise Data Protection) and security auditing logs.
-ms.assetid: 148441A6-D9E1-43D8-ADEE-FB62E85A39F7
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
@@ -20,6 +19,7 @@ The table below shows the applicability of Windows:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -87,7 +87,7 @@ Specifies the ending time for retrieving logs.
- Supported operations are Get and Replace.
**Type**
-Added in Windows 10, version 1703. Specifies the type of logs to retrieve. You can use this policy to retrieve the WIP learning logs.
+Added in Windows 10, version 1703. Specifies the type of logs to retrieve. You can use this policy to retrieve the Windows Information Protection learning logs.
- Value type is integer.
- Supported operations are Get and Replace.
diff --git a/windows/client-management/mdm/reporting-ddf-file.md b/windows/client-management/mdm/reporting-ddf-file.md
index 74600efb89..a18c3cb3b6 100644
--- a/windows/client-management/mdm/reporting-ddf-file.md
+++ b/windows/client-management/mdm/reporting-ddf-file.md
@@ -1,14 +1,13 @@
---
title: Reporting DDF file
description: View the OMA DM device description framework (DDF) for the Reporting configuration service provider.
-ms.assetid: 7A5B79DB-9571-4F7C-ABED-D79CD08C1E35
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/rest-api-reference-windows-store-for-business.md b/windows/client-management/mdm/rest-api-reference-windows-store-for-business.md
index db7f1cc835..3dc28440bd 100644
--- a/windows/client-management/mdm/rest-api-reference-windows-store-for-business.md
+++ b/windows/client-management/mdm/rest-api-reference-windows-store-for-business.md
@@ -1,17 +1,16 @@
---
title: REST API reference for Microsoft Store for Business
description: Learn how the REST API reference for Microsoft Store for Business includes available operations and data structures.
-MS-HAID:
-- 'p\_phdevicemgmt.business\_store\_portal\_management\_rest\_api\_reference'
-- 'p\_phDeviceMgmt.rest\_api\_reference\_windows\_store\_for\_Business'
-ms.assetid: 8C48A879-525A-471F-B0FD-506E743A7D2F
+MS-HAID:
+ - 'p\_phdevicemgmt.business\_store\_portal\_management\_rest\_api\_reference'
+ - 'p\_phDeviceMgmt.rest\_api\_reference\_windows\_store\_for\_Business'
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/18/2017
---
diff --git a/windows/client-management/mdm/rootcacertificates-csp.md b/windows/client-management/mdm/rootcacertificates-csp.md
index 5d51a77945..0ff47616c0 100644
--- a/windows/client-management/mdm/rootcacertificates-csp.md
+++ b/windows/client-management/mdm/rootcacertificates-csp.md
@@ -1,14 +1,13 @@
---
title: RootCATrustedCertificates CSP
description: Learn how the RootCATrustedCertificates configuration service provider (CSP) enables the enterprise to set the Root Certificate Authority (CA) certificates.
-ms.assetid: F2F25DEB-9DB3-40FB-BC3C-B816CE470D61
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 03/06/2018
---
@@ -20,6 +19,7 @@ The table below shows the applicability of Windows:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/rootcacertificates-ddf-file.md b/windows/client-management/mdm/rootcacertificates-ddf-file.md
index 6d3114481c..67f5c3a6d7 100644
--- a/windows/client-management/mdm/rootcacertificates-ddf-file.md
+++ b/windows/client-management/mdm/rootcacertificates-ddf-file.md
@@ -1,14 +1,13 @@
---
title: RootCATrustedCertificates DDF file
description: Learn about the OMA DM device description framework (DDF) for the RootCACertificates configuration service provider (CSP).
-ms.assetid: 06D8787B-D3E1-4D4B-8A21-8045A8F85C1C
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 03/07/2018
---
diff --git a/windows/client-management/mdm/secureassessment-csp.md b/windows/client-management/mdm/secureassessment-csp.md
index ca841ad032..2f16f647de 100644
--- a/windows/client-management/mdm/secureassessment-csp.md
+++ b/windows/client-management/mdm/secureassessment-csp.md
@@ -1,14 +1,13 @@
---
title: SecureAssessment CSP
description: Learn how the SecureAssessment configuration service provider (CSP) is used to provide configuration information for the secure assessment browser.
-ms.assetid: 6808BE4B-961E-4638-BF15-FD7841D1C00A
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
@@ -20,6 +19,7 @@ The table below shows the applicability of Windows:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -47,7 +47,7 @@ The supported operations are Add, Delete, Get, and Replace.
The user name of the test taking account.
- To specify a domain account, use domain\\user.
-- To specify an AAD account, use username@tenant.com.
+- To specify an Azure Active Directory account, use username@tenant.com.
- To specify a local account, use the username.
The supported operations are Add, Delete, Get, and Replace.
diff --git a/windows/client-management/mdm/secureassessment-ddf-file.md b/windows/client-management/mdm/secureassessment-ddf-file.md
index 4aff84bd1d..67118163ea 100644
--- a/windows/client-management/mdm/secureassessment-ddf-file.md
+++ b/windows/client-management/mdm/secureassessment-ddf-file.md
@@ -1,14 +1,13 @@
---
title: SecureAssessment DDF file
description: View the OMA DM device description framework (DDF) for the SecureAssessment configuration service provider. DDF files are used only with OMA DM provisioning XML
-ms.assetid: 68D17F2A-FAEA-4608-8727-DBEC1D7BE48A
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
---
@@ -84,7 +83,7 @@ The XML below is the current version for this CSP.
- The user name of the test taking account. To specify a domain account, use domain\user. To specify an AAD account, use username@tenant.com. To specify a local account, use the username.
+ The user name of the test taking account. To specify a domain account, use domain\user. To specify an Azure Active Directory account, use username@tenant.com. To specify a local account, use the username.
diff --git a/windows/client-management/mdm/securitypolicy-csp.md b/windows/client-management/mdm/securitypolicy-csp.md
index b9b7d48b42..a3f9722270 100644
--- a/windows/client-management/mdm/securitypolicy-csp.md
+++ b/windows/client-management/mdm/securitypolicy-csp.md
@@ -1,14 +1,13 @@
---
title: SecurityPolicy CSP
description: The SecurityPolicy CSP is used to configure security policy settings for WAP push, OMA DM, Service Indication (SI), Service Loading (SL), and MMS.
-ms.assetid: 6014f8fe-f91b-49f3-a357-bdf625545bc9
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
@@ -20,6 +19,7 @@ The table below shows the applicability of Windows:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/server-requirements-windows-mdm.md b/windows/client-management/mdm/server-requirements-windows-mdm.md
index 76c6a97981..1f89f971a0 100644
--- a/windows/client-management/mdm/server-requirements-windows-mdm.md
+++ b/windows/client-management/mdm/server-requirements-windows-mdm.md
@@ -1,17 +1,16 @@
---
title: Server requirements for using OMA DM to manage Windows devices
description: Learn about the general server requirements for using OMA DM to manage Windows devices, including the supported versions of OMA DM.
-MS-HAID:
-- 'p\_phDeviceMgmt.server\_requirements\_for\_oma\_dm'
-- 'p\_phDeviceMgmt.server\_requirements\_windows\_mdm'
-ms.assetid: 5b90b631-62a6-4949-b53a-01275fd304b2
+MS-HAID:
+ - 'p\_phDeviceMgmt.server\_requirements\_for\_oma\_dm'
+ - 'p\_phDeviceMgmt.server\_requirements\_windows\_mdm'
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/sharedpc-csp.md b/windows/client-management/mdm/sharedpc-csp.md
index c3018f398a..1e4509043f 100644
--- a/windows/client-management/mdm/sharedpc-csp.md
+++ b/windows/client-management/mdm/sharedpc-csp.md
@@ -1,14 +1,13 @@
---
title: SharedPC CSP
description: Learn how the SharedPC configuration service provider is used to configure settings for Shared PC usage.
-ms.assetid: 31273166-1A1E-4F96-B176-CB42ECB80957
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 01/16/2019
---
@@ -20,6 +19,7 @@ The table below shows the applicability of Windows:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -230,13 +230,3 @@ The default in the SharedPC provisioning package is 1024.
## Related topics
[Configuration service provider reference](configuration-service-provider-reference.md)
-
-
-
-
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/sharedpc-ddf-file.md b/windows/client-management/mdm/sharedpc-ddf-file.md
index 81facaf312..1eb414317a 100644
--- a/windows/client-management/mdm/sharedpc-ddf-file.md
+++ b/windows/client-management/mdm/sharedpc-ddf-file.md
@@ -1,14 +1,13 @@
---
title: SharedPC DDF file
description: Learn how the OMA DM device description framework (DDF) for the SharedPC configuration service provider (CSP).
-ms.assetid: 70234197-07D4-478E-97BB-F6C651C0B970
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/storage-csp.md b/windows/client-management/mdm/storage-csp.md
index 65bbfb02c9..03f3fe6afa 100644
--- a/windows/client-management/mdm/storage-csp.md
+++ b/windows/client-management/mdm/storage-csp.md
@@ -1,14 +1,13 @@
---
title: Storage CSP
description: Learn how the Storage enterprise configuration service provider (CSP) is used to configure the storage card settings.
-ms.assetid: b19bdb54-53ed-42ce-a5a1-269379013f57
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/storage-ddf-file.md b/windows/client-management/mdm/storage-ddf-file.md
index 83acf0f5a6..4d2a9283a7 100644
--- a/windows/client-management/mdm/storage-ddf-file.md
+++ b/windows/client-management/mdm/storage-ddf-file.md
@@ -1,14 +1,13 @@
---
title: Storage DDF file
description: Learn about the OMA DM device description framework (DDF) for the Storage configuration service provider (CSP).
-ms.assetid: 247062A3-4DFB-4B14-A3D1-68D02C27703C
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/structure-of-oma-dm-provisioning-files.md b/windows/client-management/mdm/structure-of-oma-dm-provisioning-files.md
index 5c0940030d..d34d3c1746 100644
--- a/windows/client-management/mdm/structure-of-oma-dm-provisioning-files.md
+++ b/windows/client-management/mdm/structure-of-oma-dm-provisioning-files.md
@@ -1,14 +1,13 @@
---
title: Structure of OMA DM provisioning files
description: Learn about the structure of OMA DM provisioning files, for example how each message is composed of a header, specified by the SyncHdr element, and a message body.
-ms.assetid: 7bd3ef57-c76c-459b-b63f-c5a333ddc2bc
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/supl-csp.md b/windows/client-management/mdm/supl-csp.md
index 001e41698e..802b366a55 100644
--- a/windows/client-management/mdm/supl-csp.md
+++ b/windows/client-management/mdm/supl-csp.md
@@ -1,23 +1,25 @@
---
title: SUPL CSP
description: Learn how the SUPL configuration service provider (CSP) is used to configure the location client.
-ms.assetid: afad0120-1126-4fc5-8e7a-64b9f2a5eae1
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/12/2019
---
# SUPL CSP
+The SUPL configuration service provider is used to configure the location client, as shown in the following:
+
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -40,7 +42,7 @@ The SUPL configuration service provider is used to configure the location client
- Address of the server—a mobile positioning center for non-trusted mode.
- The positioning method used by the MPC for non-trusted mode.
-The SUPL or V2 UPL connection will be reconfigured every time the device is rebooted, a new UICC is inserted, or new settings are provisioned by using OMA Client Provisioning, OMA DM, or test tools. When the device is in roaming mode, it reverts to Mobile Station Standalone mode, in which only the built–in Microsoft location components are used.
+The SUPL or V2 UPL connection will be reconfigured every time the device is rebooted. A new UICC is inserted, or new settings are provisioned by using OMA Client Provisioning, OMA DM, or test tools. When the device is in roaming mode, it reverts to Mobile Station Standalone mode, in which only the built–in Microsoft location components are used.
The following example shows the SUPL configuration service provider management object in tree format as used by OMA DM and OMA Client Provisioning.
@@ -91,7 +93,7 @@ Optional. Specifies the address of the Home SUPL Location Platform (H-SLP) serve
If this value isn't specified, the device infers the H-SLP address from the IMSI as defined in the SUPL standard. To use automatic generation of the H-SLP address based on the IMSI, the MNC length must be set correctly on the UICC. Generally, this value is 2 or 3.
-For OMA DM, if the format for this node is incorrect the entry will be ignored and an error will be returned, but the configuration service provider will continue processing the rest of the parameters.
+For OMA DM, if the format for this node is incorrect the entry will be ignored and an error will be returned. But the configuration service provider will continue processing the rest of the parameters.
**Version**
Optional. Determines the major version of the SUPL protocol to use. For SUPL 1.0.0, set this value to 1. For SUPL 2.0.0, set this value to 2. The default is 1. Refer to FullVersion to define the minor version and the service indicator.
@@ -104,7 +106,7 @@ Required. List all of the MCC and MNC pairs owned by the mobile operator. This l
This value is a string with the format `(X1, Y1)(X2, Y2)…(Xn, Yn)`, in which `X` is an MCC and `Y` is an MNC.
-For OMA DM, if the format for this node is incorrect the entry will be ignored and an error will be returned, but the configuration service provider will continue processing the rest of the parameters.
+For OMA DM, if the format for this node is incorrect then an entry will be ignored and an error will be returned, but the configuration service provider will continue processing the rest of the parameters.
**HighAccPositioningMethod**
Optional. Specifies the positioning method that the SUPL client will use for mobile originated position requests. The value can be one of the following integers:
@@ -118,14 +120,12 @@ Optional. Specifies the positioning method that the SUPL client will use for mob
|4|OTDOA|
|5|AFLT|
-
The default is 0. The default method in Windows devices provides high-quality assisted GNSS positioning for mobile originated position requests without loading the mobile operator’s network or location services.
> [!IMPORTANT]
> The Mobile Station Assisted, OTDOA, and AFLT positioning methods must only be configured for test purposes.
-
-For OMA DM, if the format for this node is incorrect the entry will be ignored and an error will be returned, but the configuration service provider will continue processing the rest of the parameters.
+For OMA DM, if the format for this node is incorrect then an entry will be ignored and an error will be returned, but the configuration service provider will continue processing the rest of the parameters.
**LocMasterSwitchDependencyNII**
Optional. Boolean. Specifies whether the location toggle on the **location** screen in **Settings** is also used to manage SUPL network-initiated (NI) requests for location. If the value is set to 0, the NI behavior is independent from the current location toggle setting. If the value is set to 1, the NI behavior follows the current location toggle setting. The default value is 1.
@@ -153,12 +153,12 @@ However, if `privacyOverride` is set in the message, the location will be return
When the location toggle is set to Off and this value is set to 0, the location toggle doesn't prevent SUPL network-initiated requests from working.
-For OMA DM, if the format for this node is incorrect the entry will be ignored and an error will be returned, but the configuration service provider will continue processing the rest of the parameters.
+For OMA DM, if the format for this node is incorrect then an entry will be ignored and an error will be returned, but the configuration service provider will continue processing the rest of the parameters.
**NIDefaultTimeout**
-Optional. Time in seconds that the network-initiated location request is displayed to the user, while awaiting a response and before doing the default action. The default is 30 seconds. A value between 20 and 60 seconds is recommended.
+Optional. Time in seconds. It defines that the network-initiated location request is displayed to the user, while awaiting a response and before doing the default action. The default is 30 seconds. A value between 20 and 60 seconds is recommended.
-This value manages the settings for both SUPL and v2 UPL. If a device is configured for both SUPL and V2 UPL and these values differ, the SUPL setting will always be used.
+This value manages the settings for SUPL and v2 UPL. If a device is configured for both SUPL and V2 UPL, then these values will differ, and the SUPL setting will always be used.
**ServerAccessInterval**
Optional. Integer. Defines the minimum interval of time in seconds between mobile originated requests sent to the server to prevent overloading the mobile operator's network. The default value is 60.
@@ -221,10 +221,10 @@ Added in Windows 10, version 1809. The base 64 encoded blob of the H-SLP root ce
Required for V2 UPL for CDMA. Specifies the account settings for user plane location and IS-801 for CDMA. Only one account is supported at a given time.
**MPC**
-Optional. The address of the mobile positioning center (MPC), in the format *ipAddress*: *portNumber*. For non-trusted mode of operation, this parameter is mandatory and the PDE parameter must be empty.
+Optional. Specifies the address of the mobile positioning center (MPC), in the format *ipAddress*: *portNumber*. For non-trusted mode of operation, this parameter is mandatory and the PDE parameter must be empty.
**PDE**
-Optional. The address of the Position Determination Entity (PDE), in the format *ipAddress*: *portNumber*. For non-trusted mode of operation, this parameter must be empty.
+Optional. Specifies the address of the Position Determination Entity (PDE), in the format *ipAddress*: *portNumber*. For non-trusted mode of operation, this parameter must be empty.
**PositioningMethod\_MR**
Optional. Specifies the positioning method that the SUPL client will use for mobile originated position requests. The value can be one of the following integers:
@@ -243,12 +243,12 @@ The default is 0. The default method provides high-quality assisted GNSS positio
> The Mobile Station Assisted and AFLT positioning methods must only be configured for test purposes.
-For OMA DM, if the format for this node is incorrect the entry will be ignored and an error will be returned, but the configuration service provider will continue processing the rest of the parameters.
+For OMA DM, if the format for this node is incorrect then an entry will be ignored and an error will be returned, but the configuration service provider will continue processing the rest of the parameters.
**LocMasterSwitchDependencyNII**
Optional. Boolean. Specifies whether the location toggle on the **location** screen in **Settings** is also used to manage network-initiated requests for location. If the value is set to 0, the NI behavior is independent from the current location toggle setting. If the value is set to 1, the NI behavior follows the current location toggle setting. For CDMA devices, this value must be set to 1. The default value is 1.
-This value manages the settings for both SUPL and v2 UPL. If a device is configured for both SUPL and V2 UPL and these values differ, the SUPL setting will always be used.
+This value manages the settings for both SUPL and v2 UPL. If a device is configured for both SUPL and V2 UPL, then these values will differ, and the SUPL setting will always be used.
|Location toggle setting|LocMasterSwitchDependencyNII setting|NI request processing allowed|
|--- |--- |--- |
@@ -271,22 +271,21 @@ However, if `privacyOverride` is set in the message, the location will be return
When the location toggle is set to Off and this value is set to 0, the location toggle doesn't prevent SUPL network-initiated requests from working.
-For OMA DM, if the format for this node is incorrect the entry will be ignored and an error will be returned, but the configuration service provider will continue processing the rest of the parameters.
+For OMA DM, if the format for this node is incorrect then an entry will be ignored and an error will be returned, but the configuration service provider will continue processing the rest of the parameters.
**ApplicationTypeIndicator\_MR**
Required. This value must always be set to `00000011`.
**NIDefaultTimeout**
-Optional. Time in seconds that the network-initiated location request is displayed to the user, while awaiting a response and before doing the default action. The default is 30 seconds. A value between 20 and 60 seconds is recommended.
+Optional. Time in seconds. It defines that the network-initiated location request is displayed to the user, while awaiting a response and before doing the default action. The default is 30 seconds. A value between 20 and 60 seconds is recommended.
-This value manages the settings for both SUPL and v2 UPL. If a device is configured for both SUPL and V2 UPL and these values differ, the SUPL setting will always be used.
+This value manages the settings for both SUPL and v2 UPL. If a device is configured for both SUPL and V2 UPL, then these values will differ, and the SUPL setting will always be used.
**ServerAccessInterval**
Optional. Integer. Defines the minimum interval of time in seconds between mobile originated requests sent to the server to prevent overloading the mobile operator's network. The default value is 60.
## Unsupported Nodes
-
The following optional nodes aren't supported on Windows devices.
- ProviderID
diff --git a/windows/client-management/mdm/supl-ddf-file.md b/windows/client-management/mdm/supl-ddf-file.md
index dec54b3f0a..62a7531702 100644
--- a/windows/client-management/mdm/supl-ddf-file.md
+++ b/windows/client-management/mdm/supl-ddf-file.md
@@ -1,14 +1,13 @@
---
title: SUPL DDF file
description: This topic shows the OMA DM device description framework (DDF) for the SUPL configuration service provider.
-ms.assetid: 514B7854-80DC-4ED9-9805-F5276BF38034
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/03/2020
---
diff --git a/windows/client-management/mdm/surfacehub-csp.md b/windows/client-management/mdm/surfacehub-csp.md
index 5b8229bb45..a7ea49f35d 100644
--- a/windows/client-management/mdm/surfacehub-csp.md
+++ b/windows/client-management/mdm/surfacehub-csp.md
@@ -1,14 +1,13 @@
---
title: SurfaceHub CSP
description: The SurfaceHub configuration service provider (CSP) is used to configure Microsoft Surface Hub settings. This CSP was added in Windows 10, version 1511.
-ms.assetid: 36FBBC32-AD6A-41F1-86BF-B384891AA693
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 07/28/2017
---
@@ -509,7 +508,7 @@ If this setting is true, the device account will be used for proxy authenticatio
**Properties/ProxyServers**
-Added in KB4499162 for Windows 10, version 1703. Specifies FQDNs of proxy servers to provide device account credentials to before any user interaction (if AllowAutoProxyAuth is enabled). This FQDN is a semi-colon separated list of server names, without any extra prefixes (for example, https://).
+Added in KB4499162 for Windows 10, version 1703. Specifies hostnames of proxy servers to automatically provide device account credentials to before any user interaction (if AllowAutoProxyAuth is enabled). This is a semi-colon separated list of server names (FQDN), without any extra prefixes (for example, https://).
- The data type is string.
- Supported operation is Get and Replace.
@@ -548,4 +547,8 @@ GUID identifying the Microsoft Operations Management Suite workspace ID to colle
Primary key for authenticating with the workspace.
- The data type is string.
-- Supported operation is Get and Replace. The Get operation is allowed, but it will always return an empty string.
\ No newline at end of file
+- Supported operation is Get and Replace. The Get operation is allowed, but it will always return an empty string.
+
+## Related topics
+
+[Configuration service provider reference](configuration-service-provider-reference.md)
diff --git a/windows/client-management/mdm/surfacehub-ddf-file.md b/windows/client-management/mdm/surfacehub-ddf-file.md
index 70ed2fa2a4..3f66986007 100644
--- a/windows/client-management/mdm/surfacehub-ddf-file.md
+++ b/windows/client-management/mdm/surfacehub-ddf-file.md
@@ -1,14 +1,13 @@
---
title: SurfaceHub DDF file
description: This topic shows the OMA DM device description framework (DDF) for the SurfaceHub configuration service provider. This CSP was added in Windows 10, version 1511.
-ms.assetid: D34DA1C2-09A2-4BA3-BE99-AC483C278436
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/tenantlockdown-csp.md b/windows/client-management/mdm/tenantlockdown-csp.md
index 61939e6c29..c271871ce1 100644
--- a/windows/client-management/mdm/tenantlockdown-csp.md
+++ b/windows/client-management/mdm/tenantlockdown-csp.md
@@ -1,14 +1,14 @@
---
title: TenantLockdown CSP
description: To lock a device to a tenant to prevent accidental or intentional resets or wipes, use the TenantLockdown configuration service provider.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 08/13/2018
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# TenantLockdown CSP
@@ -19,6 +19,7 @@ The table below shows the applicability of Windows:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/tenantlockdown-ddf.md b/windows/client-management/mdm/tenantlockdown-ddf.md
index e85778cb28..12dc9f5348 100644
--- a/windows/client-management/mdm/tenantlockdown-ddf.md
+++ b/windows/client-management/mdm/tenantlockdown-ddf.md
@@ -1,14 +1,14 @@
---
title: TenantLockdown DDF file
description: XML file containing the device description framework for the TenantLockdown configuration service provider (CSP).
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 08/13/2018
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# TenantLockdown DDF file
diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml
index 33c45dd2be..859cfd31fa 100644
--- a/windows/client-management/mdm/toc.yml
+++ b/windows/client-management/mdm/toc.yml
@@ -1,969 +1,979 @@
items:
-- name: Mobile device management
- href: index.md
- items:
- - name: What's new in MDM enrollment and management
- href: new-in-windows-mdm-enrollment-management.md
- items:
- - name: Change history for MDM documentation
- href: change-history-for-mdm-documentation.md
- - name: Mobile device enrollment
- href: mobile-device-enrollment.md
- items:
- - name: MDM enrollment of Windows devices
- href: mdm-enrollment-of-windows-devices.md
- items:
- - name: "Azure AD and Microsoft Intune: Automatic MDM enrollment in the new Portal"
- href: azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md
- - name: Enroll a Windows 10 device automatically using Group Policy
- href: enroll-a-windows-10-device-automatically-using-group-policy.md
- - name: Federated authentication device enrollment
- href: federated-authentication-device-enrollment.md
- - name: Certificate authentication device enrollment
- href: certificate-authentication-device-enrollment.md
- - name: On-premises authentication device enrollment
- href: on-premise-authentication-device-enrollment.md
- - name: Understanding ADMX policies
- href: understanding-admx-backed-policies.md
- - name: Enable ADMX policies in MDM
- href: enable-admx-backed-policies-in-mdm.md
- - name: Win32 and Desktop Bridge app policy configuration
- href: win32-and-centennial-app-policy-configuration.md
- - name: Implement server-side support for mobile application management on Windows
- href: implement-server-side-mobile-application-management.md
- - name: Diagnose MDM failures in Windows 10
- href: diagnose-mdm-failures-in-windows-10.md
- - name: Deploy and configure App-V apps using MDM
- href: appv-deploy-and-config.md
- - name: Azure Active Directory integration with MDM
- href: azure-active-directory-integration-with-mdm.md
- items:
- - name: Add an Azure AD tenant and Azure AD subscription
- href: add-an-azure-ad-tenant-and-azure-ad-subscription.md
- - name: Register your free Azure Active Directory subscription
- href: register-your-free-azure-active-directory-subscription.md
- - name: Enterprise app management
- href: enterprise-app-management.md
- - name: Mobile device management (MDM) for device updates
- href: device-update-management.md
- - name: Bulk enrollment
- href: bulk-enrollment-using-windows-provisioning-tool.md
- - name: Secured-Core PC Configuration Lock
- href: config-lock.md
- - name: Management tool for the Microsoft Store for Business
- href: management-tool-for-windows-store-for-business.md
- items:
- - name: REST API reference for Microsoft Store for Business
- href: rest-api-reference-windows-store-for-business.md
- items:
- - name: Data structures for Microsoft Store for Business
- href: data-structures-windows-store-for-business.md
- - name: Get Inventory
- href: get-inventory.md
- - name: Get product details
- href: get-product-details.md
- - name: Get localized product details
- href: get-localized-product-details.md
- - name: Get offline license
- href: get-offline-license.md
- - name: Get product packages
- href: get-product-packages.md
- - name: Get product package
- href: get-product-package.md
- - name: Get seats
- href: get-seats.md
- - name: Get seat
- href: get-seat.md
- - name: Assign seats
- href: assign-seats.md
- - name: Reclaim seat from user
- href: reclaim-seat-from-user.md
- - name: Bulk assign and reclaim seats from users
- href: bulk-assign-and-reclaim-seats-from-user.md
- - name: Get seats assigned to a user
- href: get-seats-assigned-to-a-user.md
- - name: Certificate renewal
- href: certificate-renewal-windows-mdm.md
- - name: Disconnecting from the management infrastructure (unenrollment)
- href: disconnecting-from-mdm-unenrollment.md
- - name: Enterprise settings, policies, and app management
- href: windows-mdm-enterprise-settings.md
- - name: Push notification support for device management
- href: push-notification-windows-mdm.md
- - name: OMA DM protocol support
- href: oma-dm-protocol-support.md
- - name: Structure of OMA DM provisioning files
- href: structure-of-oma-dm-provisioning-files.md
- - name: Server requirements for OMA DM
- href: server-requirements-windows-mdm.md
- - name: DMProcessConfigXMLFiltered
- href: dmprocessconfigxmlfiltered.md
- - name: Using PowerShell scripting with the WMI Bridge Provider
- href: using-powershell-scripting-with-the-wmi-bridge-provider.md
- - name: WMI providers supported in Windows 10
- href: wmi-providers-supported-in-windows.md
- - name: Configuration service provider reference
- href: configuration-service-provider-reference.md
- items:
- - name: AccountManagement CSP
- href: accountmanagement-csp.md
- items:
- - name: AccountManagement DDF file
- href: accountmanagement-ddf.md
- - name: Accounts CSP
- href: accounts-csp.md
- items:
- - name: Accounts DDF file
- href: accounts-ddf-file.md
- - name: ActiveSync CSP
- href: activesync-csp.md
- items:
- - name: ActiveSync DDF file
- href: activesync-ddf-file.md
- - name: AllJoynManagement CSP
- href: alljoynmanagement-csp.md
- items:
- - name: AllJoynManagement DDF
- href: alljoynmanagement-ddf.md
- - name: APPLICATION CSP
- href: application-csp.md
- - name: ApplicationControl CSP
- href: applicationcontrol-csp.md
- items:
- - name: ApplicationControl DDF file
- href: applicationcontrol-csp-ddf.md
- - name: AppLocker CSP
- href: applocker-csp.md
- items:
- - name: AppLocker DDF file
- href: applocker-ddf-file.md
- - name: AppLocker XSD
- href: applocker-xsd.md
- - name: AssignedAccess CSP
- href: assignedaccess-csp.md
- items:
- - name: AssignedAccess DDF file
- href: assignedaccess-ddf.md
- - name: BitLocker CSP
- href: bitlocker-csp.md
- items:
- - name: BitLocker DDF file
- href: bitlocker-ddf-file.md
- - name: CellularSettings CSP
- href: cellularsettings-csp.md
- - name: CertificateStore CSP
- href: certificatestore-csp.md
- items:
- - name: CertificateStore DDF file
- href: certificatestore-ddf-file.md
- - name: CleanPC CSP
- href: cleanpc-csp.md
- items:
- - name: CleanPC DDF
- href: cleanpc-ddf.md
- - name: ClientCertificateInstall CSP
- href: clientcertificateinstall-csp.md
- items:
- - name: ClientCertificateInstall DDF file
- href: clientcertificateinstall-ddf-file.md
- - name: CM_CellularEntries CSP
- href: cm-cellularentries-csp.md
- - name: CMPolicy CSP
- href: cmpolicy-csp.md
- - name: CMPolicyEnterprise CSP
- href: cmpolicyenterprise-csp.md
- items:
- - name: CMPolicyEnterprise DDF file
- href: cmpolicyenterprise-ddf-file.md
- - name: CustomDeviceUI CSP
- href: customdeviceui-csp.md
- items:
- - name: CustomDeviceUI DDF file
- href: customdeviceui-ddf.md
- - name: Defender CSP
- href: defender-csp.md
- items:
- - name: Defender DDF file
- href: defender-ddf.md
- - name: DevDetail CSP
- href: devdetail-csp.md
- items:
- - name: DevDetail DDF file
- href: devdetail-ddf-file.md
- - name: DeveloperSetup CSP
- href: developersetup-csp.md
- items:
- - name: DeveloperSetup DDF
- href: developersetup-ddf.md
- - name: DeviceLock CSP
- href: devicelock-csp.md
- items:
- - name: DeviceLock DDF file
- href: devicelock-ddf-file.md
- - name: DeviceManageability CSP
- href: devicemanageability-csp.md
- items:
- - name: DeviceManageability DDF
- href: devicemanageability-ddf.md
- - name: DeviceStatus CSP
- href: devicestatus-csp.md
- items:
- - name: DeviceStatus DDF
- href: devicestatus-ddf.md
- - name: DevInfo CSP
- href: devinfo-csp.md
- items:
- - name: DevInfo DDF file
- href: devinfo-ddf-file.md
- - name: DiagnosticLog CSP
- href: diagnosticlog-csp.md
- items:
- - name: DiagnosticLog DDF file
- href: diagnosticlog-ddf.md
- - name: DMAcc CSP
- href: dmacc-csp.md
- items:
- - name: DMAcc DDF file
- href: dmacc-ddf-file.md
- - name: DMClient CSP
- href: dmclient-csp.md
- items:
- - name: DMClient DDF file
- href: dmclient-ddf-file.md
- - name: DMSessionActions CSP
- href: dmsessionactions-csp.md
- items:
- - name: DMSessionActions DDF file
- href: dmsessionactions-ddf.md
- - name: DynamicManagement CSP
- href: dynamicmanagement-csp.md
- items:
- - name: DynamicManagement DDF file
- href: dynamicmanagement-ddf.md
- - name: EMAIL2 CSP
- href: email2-csp.md
- items:
- - name: EMAIL2 DDF file
- href: email2-ddf-file.md
- - name: EnrollmentStatusTracking CSP
- href: enrollmentstatustracking-csp.md
- items:
- - name: EnrollmentStatusTracking DDF file
- href: enrollmentstatustracking-csp-ddf.md
- - name: EnterpriseAPN CSP
- href: enterpriseapn-csp.md
- items:
- - name: EnterpriseAPN DDF
- href: enterpriseapn-ddf.md
- - name: EnterpriseAppVManagement CSP
- href: enterpriseappvmanagement-csp.md
- items:
- - name: EnterpriseAppVManagement DDF file
- href: enterpriseappvmanagement-ddf.md
- - name: EnterpriseDataProtection CSP
- href: enterprisedataprotection-csp.md
- items:
- - name: EnterpriseDataProtection DDF file
- href: enterprisedataprotection-ddf-file.md
- - name: EnterpriseDesktopAppManagement CSP
- href: enterprisedesktopappmanagement-csp.md
- items:
- - name: EnterpriseDesktopAppManagement DDF
- href: enterprisedesktopappmanagement-ddf-file.md
- - name: EnterpriseDesktopAppManagement XSD
- href: enterprisedesktopappmanagement2-xsd.md
- - name: EnterpriseModernAppManagement CSP
- href: enterprisemodernappmanagement-csp.md
- items:
- - name: EnterpriseModernAppManagement DDF
- href: enterprisemodernappmanagement-ddf.md
- - name: EnterpriseModernAppManagement XSD
- href: enterprisemodernappmanagement-xsd.md
- - name: eUICCs CSP
- href: euiccs-csp.md
- items:
- - name: eUICCs DDF file
- href: euiccs-ddf-file.md
- - name: Firewall CSP
- href: firewall-csp.md
- items:
- - name: Firewall DDF file
- href: firewall-ddf-file.md
- - name: HealthAttestation CSP
- href: healthattestation-csp.md
- items:
- - name: HealthAttestation DDF
- href: healthattestation-ddf.md
- - name: MultiSIM CSP
- href: multisim-csp.md
- items:
- - name: MultiSIM DDF file
- href: multisim-ddf.md
- - name: NAP CSP
- href: nap-csp.md
- - name: NAPDEF CSP
- href: napdef-csp.md
- - name: NetworkProxy CSP
- href: networkproxy-csp.md
- items:
- - name: NetworkProxy DDF file
- href: networkproxy-ddf.md
- - name: NetworkQoSPolicy CSP
- href: networkqospolicy-csp.md
- items:
- - name: NetworkQoSPolicy DDF file
- href: networkqospolicy-ddf.md
- - name: NodeCache CSP
- href: nodecache-csp.md
- items:
- - name: NodeCache DDF file
- href: nodecache-ddf-file.md
- - name: Office CSP
- href: office-csp.md
- items:
- - name: Office DDF
- href: office-ddf.md
- - name: PassportForWork CSP
- href: passportforwork-csp.md
- items:
- - name: PassportForWork DDF file
- href: passportforwork-ddf.md
- - name: Personalization CSP
- href: personalization-csp.md
- items:
- - name: Personalization DDF file
- href: personalization-ddf.md
- - name: Policy CSP
- href: policy-configuration-service-provider.md
- items:
- - name: Policy CSP DDF file
- href: policy-ddf-file.md
- - name: Policies in Policy CSP supported by Group Policy
- href: policies-in-policy-csp-supported-by-group-policy.md
- - name: ADMX policies in Policy CSP
- href: policies-in-policy-csp-admx-backed.md
- - name: Policies in Policy CSP supported by HoloLens 2
- href: policies-in-policy-csp-supported-by-hololens2.md
- - name: Policies in Policy CSP supported by HoloLens (1st gen) Commercial Suite
- href: policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md
- - name: Policies in Policy CSP supported by HoloLens (1st gen) Development Edition
- href: policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md
- - name: Policies in Policy CSP supported by Windows 10 IoT Enterprise
- href: ./configuration-service-provider-reference.md
- - name: Policies in Policy CSP supported by Windows 10 IoT Core
- href: policies-in-policy-csp-supported-by-iot-core.md
- - name: Policies in Policy CSP supported by Microsoft Surface Hub
- href: policies-in-policy-csp-supported-by-surface-hub.md
- - name: Policy CSPs that can be set using Exchange Active Sync (EAS)
- href: policies-in-policy-csp-that-can-be-set-using-eas.md
- - name: AboveLock
- href: policy-csp-abovelock.md
- - name: Accounts
- href: policy-csp-accounts.md
- - name: ActiveXControls
- href: policy-csp-activexcontrols.md
- - name: ADMX_ActiveXInstallService
- href: policy-csp-admx-activexinstallservice.md
- - name: ADMX_AddRemovePrograms
- href: policy-csp-admx-addremoveprograms.md
- - name: ADMX_AdmPwd
- href: policy-csp-admx-admpwd.md
- - name: ADMX_AppCompat
- href: policy-csp-admx-appcompat.md
- - name: ADMX_AppxPackageManager
- href: policy-csp-admx-appxpackagemanager.md
- - name: ADMX_AppXRuntime
- href: policy-csp-admx-appxruntime.md
- - name: ADMX_AttachmentManager
- href: policy-csp-admx-attachmentmanager.md
- - name: ADMX_AuditSettings
- href: policy-csp-admx-auditsettings.md
- - name: ADMX_Bits
- href: policy-csp-admx-bits.md
- - name: ADMX_CipherSuiteOrder
- href: policy-csp-admx-ciphersuiteorder.md
- - name: ADMX_COM
- href: policy-csp-admx-com.md
- - name: ADMX_ControlPanel
- href: policy-csp-admx-controlpanel.md
- - name: ADMX_ControlPanelDisplay
- href: policy-csp-admx-controlpaneldisplay.md
- - name: ADMX_Cpls
- href: policy-csp-admx-cpls.md
- - name: ADMX_CredentialProviders
- href: policy-csp-admx-credentialproviders.md
- - name: ADMX_CredSsp
- href: policy-csp-admx-credssp.md
- - name: ADMX_CredUI
- href: policy-csp-admx-credui.md
- - name: ADMX_CtrlAltDel
- href: policy-csp-admx-ctrlaltdel.md
- - name: ADMX_DataCollection
- href: policy-csp-admx-datacollection.md
- - name: ADMX_DCOM
- href: policy-csp-admx-dcom.md
- - name: ADMX_Desktop
- href: policy-csp-admx-desktop.md
- - name: ADMX_DeviceCompat
- href: policy-csp-admx-devicecompat.md
- - name: ADMX_DeviceGuard
- href: policy-csp-admx-deviceguard.md
- - name: ADMX_DeviceInstallation
- href: policy-csp-admx-deviceinstallation.md
- - name: ADMX_DeviceSetup
- href: policy-csp-admx-devicesetup.md
- - name: ADMX_DFS
- href: policy-csp-admx-dfs.md
- - name: ADMX_DigitalLocker
- href: policy-csp-admx-digitallocker.md
- - name: ADMX_DiskDiagnostic
- href: policy-csp-admx-diskdiagnostic.md
- - name: ADMX_DistributedLinkTracking
- href: policy-csp-admx-distributedlinktracking.md
- - name: ADMX_DnsClient
- href: policy-csp-admx-dnsclient.md
- - name: ADMX_DWM
- href: policy-csp-admx-dwm.md
- - name: ADMX_EAIME
- href: policy-csp-admx-eaime.md
- - name: ADMX_EncryptFilesonMove
- href: policy-csp-admx-encryptfilesonmove.md
- - name: ADMX_EventLogging
- href: policy-csp-admx-eventlogging.md
- - name: ADMX_EnhancedStorage
- href: policy-csp-admx-enhancedstorage.md
- - name: ADMX_ErrorReporting
- href: policy-csp-admx-errorreporting.md
- - name: ADMX_EventForwarding
- href: policy-csp-admx-eventforwarding.md
- - name: ADMX_EventLog
- href: policy-csp-admx-eventlog.md
- - name: ADMX_EventViewer
- href: policy-csp-admx-eventviewer.md
- - name: ADMX_Explorer
- href: policy-csp-admx-explorer.md
- - name: ADMX_ExternalBoot
- href: policy-csp-admx-externalboot.md
- - name: ADMX_FileRecovery
- href: policy-csp-admx-filerecovery.md
- - name: ADMX_FileRevocation
- href: policy-csp-admx-filerevocation.md
- - name: ADMX_FileServerVSSProvider
- href: policy-csp-admx-fileservervssprovider.md
- - name: ADMX_FileSys
- href: policy-csp-admx-filesys.md
- - name: ADMX_FolderRedirection
- href: policy-csp-admx-folderredirection.md
- - name: ADMX_FramePanes
- href: policy-csp-admx-framepanes.md
- - name: ADMX_FTHSVC
- href: policy-csp-admx-fthsvc.md
- - name: ADMX_Globalization
- href: policy-csp-admx-globalization.md
- - name: ADMX_GroupPolicy
- href: policy-csp-admx-grouppolicy.md
- - name: ADMX_Help
- href: policy-csp-admx-help.md
- - name: ADMX_HelpAndSupport
- href: policy-csp-admx-helpandsupport.md
- - name: ADMX_HotSpotAuth
- href: policy-csp-admx-hotspotauth.md
- - name: ADMX_ICM
- href: policy-csp-admx-icm.md
- - name: ADMX_IIS
- href: policy-csp-admx-iis.md
- - name: ADMX_iSCSI
- href: policy-csp-admx-iscsi.md
- - name: ADMX_kdc
- href: policy-csp-admx-kdc.md
- - name: ADMX_Kerberos
- href: policy-csp-admx-kerberos.md
- - name: ADMX_LanmanServer
- href: policy-csp-admx-lanmanserver.md
- - name: ADMX_LanmanWorkstation
- href: policy-csp-admx-lanmanworkstation.md
- - name: ADMX_LeakDiagnostic
- href: policy-csp-admx-leakdiagnostic.md
- - name: ADMX_LinkLayerTopologyDiscovery
- href: policy-csp-admx-linklayertopologydiscovery.md
- - name: ADMX_LocationProviderAdm
- href: policy-csp-admx-locationprovideradm.md
- - name: ADMX_Logon
- href: policy-csp-admx-logon.md
- - name: ADMX_MicrosoftDefenderAntivirus
- href: policy-csp-admx-microsoftdefenderantivirus.md
- - name: ADMX_MMC
- href: policy-csp-admx-mmc.md
- - name: ADMX_MMCSnapins
- href: policy-csp-admx-mmcsnapins.md
- - name: ADMX_MobilePCMobilityCenter
- href: policy-csp-admx-mobilepcmobilitycenter.md
- - name: ADMX_MobilePCPresentationSettings
- href: policy-csp-admx-mobilepcpresentationsettings.md
- - name: ADMX_MSAPolicy
- href: policy-csp-admx-msapolicy.md
- - name: ADMX_msched
- href: policy-csp-admx-msched.md
- - name: ADMX_MSDT
- href: policy-csp-admx-msdt.md
- - name: ADMX_MSI
- href: policy-csp-admx-msi.md
- - name: ADMX_MsiFileRecovery
- href: policy-csp-admx-msifilerecovery.md
- - name: ADMX_nca
- href: policy-csp-admx-nca.md
- - name: ADMX_NCSI
- href: policy-csp-admx-ncsi.md
- - name: ADMX_Netlogon
- href: policy-csp-admx-netlogon.md
- - name: ADMX_NetworkConnections
- href: policy-csp-admx-networkconnections.md
- - name: ADMX_OfflineFiles
- href: policy-csp-admx-offlinefiles.md
- - name: ADMX_pca
- href: policy-csp-admx-pca.md
- - name: ADMX_PeerToPeerCaching
- href: policy-csp-admx-peertopeercaching.md
- - name: ADMX_PenTraining
- href: policy-csp-admx-pentraining.md
- - name: ADMX_PerformanceDiagnostics
- href: policy-csp-admx-performancediagnostics.md
- - name: ADMX_Power
- href: policy-csp-admx-power.md
- - name: ADMX_PowerShellExecutionPolicy
- href: policy-csp-admx-powershellexecutionpolicy.md
- - name: ADMX_PreviousVersions
- href: policy-csp-admx-previousversions.md
- - name: ADMX_Printing
- href: policy-csp-admx-printing.md
- - name: ADMX_Printing2
- href: policy-csp-admx-printing2.md
- - name: ADMX_Programs
- href: policy-csp-admx-programs.md
- - name: ADMX_Reliability
- href: policy-csp-admx-reliability.md
- - name: ADMX_RemoteAssistance
- href: policy-csp-admx-remoteassistance.md
- - name: ADMX_RemovableStorage
- href: policy-csp-admx-removablestorage.md
- - name: ADMX_RPC
- href: policy-csp-admx-rpc.md
- - name: ADMX_Scripts
- href: policy-csp-admx-scripts.md
- - name: ADMX_sdiageng
- href: policy-csp-admx-sdiageng.md
- - name: ADMX_sdiagschd
- href: policy-csp-admx-sdiagschd.md
- - name: ADMX_Securitycenter
- href: policy-csp-admx-securitycenter.md
- - name: ADMX_Sensors
- href: policy-csp-admx-sensors.md
- - name: ADMX_ServerManager
- href: policy-csp-admx-servermanager.md
- - name: ADMX_Servicing
- href: policy-csp-admx-servicing.md
- - name: ADMX_SettingSync
- href: policy-csp-admx-settingsync.md
- - name: ADMX_SharedFolders
- href: policy-csp-admx-sharedfolders.md
- - name: ADMX_Sharing
- href: policy-csp-admx-sharing.md
- - name: ADMX_ShellCommandPromptRegEditTools
- href: policy-csp-admx-shellcommandpromptregedittools.md
- - name: ADMX_Smartcard
- href: policy-csp-admx-smartcard.md
- - name: ADMX_Snmp
- href: policy-csp-admx-snmp.md
- - name: ADMX_StartMenu
- href: policy-csp-admx-startmenu.md
- - name: ADMX_SystemRestore
- href: policy-csp-admx-systemrestore.md
- - name: ADMX_TabletShell
- href: policy-csp-admx-tabletshell.md
- - name: ADMX_Taskbar
- href: policy-csp-admx-taskbar.md
- - name: ADMX_tcpip
- href: policy-csp-admx-tcpip.md
- - name: ADMX_TerminalServer
- href: policy-csp-admx-terminalserver.md
- - name: ADMX_Thumbnails
- href: policy-csp-admx-thumbnails.md
- - name: ADMX_TouchInput
- href: policy-csp-admx-touchinput.md
- - name: ADMX_TPM
- href: policy-csp-admx-tpm.md
- - name: ADMX_UserExperienceVirtualization
- href: policy-csp-admx-userexperiencevirtualization.md
- - name: ADMX_UserProfiles
- href: policy-csp-admx-userprofiles.md
- - name: ADMX_W32Time
- href: policy-csp-admx-w32time.md
- - name: ADMX_WCM
- href: policy-csp-admx-wcm.md
- - name: ADMX_WDI
- href: policy-csp-admx-wdi.md
- - name: ADMX_WinCal
- href: policy-csp-admx-wincal.md
- - name: ADMX_WindowsConnectNow
- href: policy-csp-admx-windowsconnectnow.md
- - name: ADMX_WindowsExplorer
- href: policy-csp-admx-windowsexplorer.md
- - name: ADMX_WindowsMediaDRM
- href: policy-csp-admx-windowsmediadrm.md
- - name: ADMX_WindowsMediaPlayer
- href: policy-csp-admx-windowsmediaplayer.md
- - name: ADMX_WindowsRemoteManagement
- href: policy-csp-admx-windowsremotemanagement.md
- - name: ADMX_WindowsStore
- href: policy-csp-admx-windowsstore.md
- - name: ADMX_WinInit
- href: policy-csp-admx-wininit.md
- - name: ADMX_WinLogon
- href: policy-csp-admx-winlogon.md
- - name: ADMX-Winsrv
- href: policy-csp-admx-winsrv.md
- - name: ADMX_wlansvc
- href: policy-csp-admx-wlansvc.md
- - name: ADMX_WordWheel
- href: policy-csp-admx-wordwheel.md
- - name: ADMX_WorkFoldersClient
- href: policy-csp-admx-workfoldersclient.md
- - name: ADMX_WPN
- href: policy-csp-admx-wpn.md
- - name: ApplicationDefaults
- href: policy-csp-applicationdefaults.md
- - name: ApplicationManagement
- href: policy-csp-applicationmanagement.md
- - name: AppRuntime
- href: policy-csp-appruntime.md
- - name: AppVirtualization
- href: policy-csp-appvirtualization.md
- - name: AttachmentManager
- href: policy-csp-attachmentmanager.md
- - name: Audit
- href: policy-csp-audit.md
- - name: Authentication
- href: policy-csp-authentication.md
- - name: Autoplay
- href: policy-csp-autoplay.md
- - name: BitLocker
- href: policy-csp-bitlocker.md
- - name: BITS
- href: policy-csp-bits.md
- - name: Bluetooth
- href: policy-csp-bluetooth.md
- - name: Browser
- href: policy-csp-browser.md
- - name: Camera
- href: policy-csp-camera.md
- - name: Cellular
- href: policy-csp-cellular.md
- - name: Connectivity
- href: policy-csp-connectivity.md
- - name: ControlPolicyConflict
- href: policy-csp-controlpolicyconflict.md
- - name: CredentialsDelegation
- href: policy-csp-credentialsdelegation.md
- - name: CredentialProviders
- href: policy-csp-credentialproviders.md
- - name: CredentialsUI
- href: policy-csp-credentialsui.md
- - name: Cryptography
- href: policy-csp-cryptography.md
- - name: DataProtection
- href: policy-csp-dataprotection.md
- - name: DataUsage
- href: policy-csp-datausage.md
- - name: Defender
- href: policy-csp-defender.md
- - name: DeliveryOptimization
- href: policy-csp-deliveryoptimization.md
- - name: Desktop
- href: policy-csp-desktop.md
- - name: DeviceGuard
- href: policy-csp-deviceguard.md
- - name: DeviceHealthMonitoring
- href: policy-csp-devicehealthmonitoring.md
- - name: DeviceInstallation
- href: policy-csp-deviceinstallation.md
- - name: DeviceLock
- href: policy-csp-devicelock.md
- - name: Display
- href: policy-csp-display.md
- - name: DmaGuard
- href: policy-csp-dmaguard.md
- - name: EAP
- href: policy-csp-eap.md
- - name: Education
- href: policy-csp-education.md
- - name: EnterpriseCloudPrint
- href: policy-csp-enterprisecloudprint.md
- - name: ErrorReporting
- href: policy-csp-errorreporting.md
- - name: EventLogService
- href: policy-csp-eventlogservice.md
- - name: Experience
- href: policy-csp-experience.md
- - name: ExploitGuard
- href: policy-csp-exploitguard.md
- - name: Feeds
- href: policy-csp-feeds.md
- - name: FileExplorer
- href: policy-csp-fileexplorer.md
- - name: Games
- href: policy-csp-games.md
- - name: Handwriting
- href: policy-csp-handwriting.md
- - name: HumanPresence
- href: policy-csp-humanpresence.md
- - name: InternetExplorer
- href: policy-csp-internetexplorer.md
- - name: Kerberos
- href: policy-csp-kerberos.md
- - name: KioskBrowser
- href: policy-csp-kioskbrowser.md
- - name: LanmanWorkstation
- href: policy-csp-lanmanworkstation.md
- - name: Licensing
- href: policy-csp-licensing.md
- - name: LocalPoliciesSecurityOptions
- href: policy-csp-localpoliciessecurityoptions.md
- - name: LocalUsersAndGroups
- href: policy-csp-localusersandgroups.md
- - name: LockDown
- href: policy-csp-lockdown.md
- - name: Maps
- href: policy-csp-maps.md
- - name: MemoryDump
- href: policy-csp-memorydump.md
- - name: Messaging
- href: policy-csp-messaging.md
- - name: MixedReality
- href: policy-csp-mixedreality.md
- - name: MSSecurityGuide
- href: policy-csp-mssecurityguide.md
- - name: MSSLegacy
- href: policy-csp-msslegacy.md
- - name: Multitasking
- href: policy-csp-multitasking.md
- - name: NetworkIsolation
- href: policy-csp-networkisolation.md
- - name: NetworkListManager
- href: policy-csp-networklistmanager.md
- - name: NewsAndInterests
- href: policy-csp-newsandinterests.md
- - name: Notifications
- href: policy-csp-notifications.md
- - name: Power
- href: policy-csp-power.md
- - name: Printers
- href: policy-csp-printers.md
- - name: Privacy
- href: policy-csp-privacy.md
- - name: RemoteAssistance
- href: policy-csp-remoteassistance.md
- - name: RemoteDesktop
- href: policy-csp-remotedesktop.md
- - name: RemoteDesktopServices
- href: policy-csp-remotedesktopservices.md
- - name: RemoteManagement
- href: policy-csp-remotemanagement.md
- - name: RemoteProcedureCall
- href: policy-csp-remoteprocedurecall.md
- - name: RemoteShell
- href: policy-csp-remoteshell.md
- - name: RestrictedGroups
- href: policy-csp-restrictedgroups.md
- - name: Search
- href: policy-csp-search.md
- - name: Security
- href: policy-csp-security.md
- - name: ServiceControlManager
- href: policy-csp-servicecontrolmanager.md
- - name: Settings
- href: policy-csp-settings.md
- - name: Speech
- href: policy-csp-speech.md
- - name: Start
- href: policy-csp-start.md
- - name: Storage
- href: policy-csp-storage.md
- - name: System
- href: policy-csp-system.md
- - name: SystemServices
- href: policy-csp-systemservices.md
- - name: TaskManager
- href: policy-csp-taskmanager.md
- - name: TaskScheduler
- href: policy-csp-taskscheduler.md
- - name: TextInput
- href: policy-csp-textinput.md
- - name: TimeLanguageSettings
- href: policy-csp-timelanguagesettings.md
- - name: Troubleshooting
- href: policy-csp-troubleshooting.md
- - name: Update
- href: policy-csp-update.md
- - name: UserRights
- href: policy-csp-userrights.md
- - name: VirtualizationBasedTechnology
- href: policy-csp-virtualizationbasedtechnology.md
- - name: Wifi
- href: policy-csp-wifi.md
- - name: WindowsAutoPilot
- href: policy-csp-windowsautopilot.md
- - name: WindowsConnectionManager
- href: policy-csp-windowsconnectionmanager.md
- - name: WindowsDefenderSecurityCenter
- href: policy-csp-windowsdefendersecuritycenter.md
- - name: WindowsDefenderSmartScreen
- href: policy-csp-smartscreen.md
- - name: WindowsInkWorkspace
- href: policy-csp-windowsinkworkspace.md
- - name: WindowsLogon
- href: policy-csp-windowslogon.md
- - name: WindowsPowerShell
- href: policy-csp-windowspowershell.md
- - name: WindowsSandbox
- href: policy-csp-windowssandbox.md
- - name: WirelessDisplay
- href: policy-csp-wirelessdisplay.md
- - name: Provisioning CSP
- href: provisioning-csp.md
- - name: PXLOGICAL CSP
- href: pxlogical-csp.md
- - name: Reboot CSP
- href: reboot-csp.md
- items:
- - name: Reboot DDF file
- href: reboot-ddf-file.md
- - name: RemoteFind CSP
- href: remotefind-csp.md
- items:
- - name: RemoteFind DDF file
- href: remotefind-ddf-file.md
- - name: RemoteWipe CSP
- href: remotewipe-csp.md
- items:
- - name: RemoteWipe DDF file
- href: remotewipe-ddf-file.md
- - name: Reporting CSP
- href: reporting-csp.md
- items:
- - name: Reporting DDF file
- href: reporting-ddf-file.md
- - name: RootCATrustedCertificates CSP
- href: rootcacertificates-csp.md
- items:
- - name: RootCATrustedCertificates DDF file
- href: rootcacertificates-ddf-file.md
- - name: SecureAssessment CSP
- href: secureassessment-csp.md
- items:
- - name: SecureAssessment DDF file
- href: secureassessment-ddf-file.md
- - name: SecurityPolicy CSP
- href: securitypolicy-csp.md
- - name: SharedPC CSP
- href: sharedpc-csp.md
- items:
- - name: SharedPC DDF file
- href: sharedpc-ddf-file.md
- - name: Storage CSP
- href: storage-csp.md
- items:
- - name: Storage DDF file
- href: storage-ddf-file.md
- - name: SUPL CSP
- href: supl-csp.md
- items:
- - name: SUPL DDF file
- href: supl-ddf-file.md
- - name: SurfaceHub CSP
- href: surfacehub-csp.md
- items:
- - name: SurfaceHub DDF file
- href: surfacehub-ddf-file.md
- - name: TenantLockdown CSP
- href: tenantlockdown-csp.md
- items:
- - name: TenantLockdown DDF file
- href: tenantlockdown-ddf.md
- - name: TPMPolicy CSP
- href: tpmpolicy-csp.md
- items:
- - name: TPMPolicy DDF file
- href: tpmpolicy-ddf-file.md
- - name: UEFI CSP
- href: uefi-csp.md
- items:
- - name: UEFI DDF file
- href: uefi-ddf.md
- - name: UnifiedWriteFilter CSP
- href: unifiedwritefilter-csp.md
- items:
- - name: UnifiedWriteFilter DDF file
- href: unifiedwritefilter-ddf.md
- - name: Update CSP
- href: update-csp.md
- items:
- - name: Update DDF file
- href: update-ddf-file.md
- - name: VPN CSP
- href: vpn-csp.md
- items:
- - name: VPN DDF file
- href: vpn-ddf-file.md
- - name: VPNv2 CSP
- href: vpnv2-csp.md
- items:
- - name: VPNv2 DDF file
- href: vpnv2-ddf-file.md
- - name: ProfileXML XSD
- href: vpnv2-profile-xsd.md
- - name: EAP configuration
- href: eap-configuration.md
- - name: w4 APPLICATION CSP
- href: w4-application-csp.md
- - name: w7 APPLICATION CSP
- href: w7-application-csp.md
- - name: WiFi CSP
- href: wifi-csp.md
- items:
- - name: WiFi DDF file
- href: wifi-ddf-file.md
- - name: Win32AppInventory CSP
- href: win32appinventory-csp.md
- items:
- - name: Win32AppInventory DDF file
- href: win32appinventory-ddf-file.md
- - name: Win32CompatibilityAppraiser CSP
- href: win32compatibilityappraiser-csp.md
- items:
- - name: Win32CompatibilityAppraiser DDF file
- href: win32compatibilityappraiser-ddf.md
- - name: WindowsAdvancedThreatProtection CSP
- href: windowsadvancedthreatprotection-csp.md
- items:
- - name: WindowsAdvancedThreatProtection DDF file
- href: windowsadvancedthreatprotection-ddf.md
- - name: WindowsAutopilot CSP
- href: windowsautopilot-csp.md
- items:
- - name: WindowsAutopilot DDF file
- href: windowsautopilot-ddf-file.md
- - name: WindowsDefenderApplicationGuard CSP
- href: windowsdefenderapplicationguard-csp.md
- items:
- - name: WindowsDefenderApplicationGuard DDF file
- href: windowsdefenderapplicationguard-ddf-file.md
- - name: WindowsLicensing CSP
- href: windowslicensing-csp.md
- items:
- - name: WindowsLicensing DDF file
- href: windowslicensing-ddf-file.md
- - name: WiredNetwork CSP
- href: wirednetwork-csp.md
- items:
- - name: WiredNetwork DDF file
- href: wirednetwork-ddf-file.md
+ - name: Mobile Device Management
+ href: index.yml
+ items:
+ - name: Overview
+ items:
+ - name: MDM overview
+ href: mdm-overview.md
+ - name: What's new in MDM enrollment and management
+ href: new-in-windows-mdm-enrollment-management.md
+ - name: Change history for MDM documentation
+ href: change-history-for-mdm-documentation.md
+ - name: Azure Active Directory integration with MDM
+ href: azure-active-directory-integration-with-mdm.md
+ items:
+ - name: Add an Azure AD tenant and Azure AD subscription
+ href: add-an-azure-ad-tenant-and-azure-ad-subscription.md
+ - name: Register your free Azure Active Directory subscription
+ href: register-your-free-azure-active-directory-subscription.md
+ - name: Device enrollment
+ href: mobile-device-enrollment.md
+ items:
+ - name: MDM enrollment of Windows devices
+ href: mdm-enrollment-of-windows-devices.md
+ - name: "Azure AD and Microsoft Intune: Automatic MDM enrollment"
+ href: azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md
+ - name: Enroll a Windows 10 device automatically using Group Policy
+ href: enroll-a-windows-10-device-automatically-using-group-policy.md
+ - name: Bulk enrollment
+ href: bulk-enrollment-using-windows-provisioning-tool.md
+ - name: Federated authentication device enrollment
+ href: federated-authentication-device-enrollment.md
+ - name: Certificate authentication device enrollment
+ href: certificate-authentication-device-enrollment.md
+ - name: On-premises authentication device enrollment
+ href: on-premise-authentication-device-enrollment.md
+ - name: Disconnecting a device from MDM (unenrollment)
+ href: disconnecting-from-mdm-unenrollment.md
+ - name: Understanding ADMX policies
+ href: understanding-admx-backed-policies.md
+ items:
+ - name: Enable ADMX policies in MDM
+ href: enable-admx-backed-policies-in-mdm.md
+ - name: Win32 and Desktop Bridge app policy configuration
+ href: win32-and-centennial-app-policy-configuration.md
+ - name: Enterprise settings, policies, and app management
+ href: windows-mdm-enterprise-settings.md
+ items:
+ - name: Enterprise app management
+ href: enterprise-app-management.md
+ items:
+ - name: Deploy and configure App-V apps using MDM
+ href: appv-deploy-and-config.md
+ - name: Management tool for the Microsoft Store for Business
+ href: management-tool-for-windows-store-for-business.md
+ - name: REST API reference for Microsoft Store for Business
+ href: rest-api-reference-windows-store-for-business.md
+ items:
+ - name: Data structures for Microsoft Store for Business
+ href: data-structures-windows-store-for-business.md
+ - name: Get Inventory
+ href: get-inventory.md
+ - name: Get product details
+ href: get-product-details.md
+ - name: Get localized product details
+ href: get-localized-product-details.md
+ - name: Get offline license
+ href: get-offline-license.md
+ - name: Get product packages
+ href: get-product-packages.md
+ - name: Get product package
+ href: get-product-package.md
+ - name: Get seats
+ href: get-seats.md
+ - name: Get seat
+ href: get-seat.md
+ - name: Assign seats
+ href: assign-seats.md
+ - name: Reclaim seat from user
+ href: reclaim-seat-from-user.md
+ - name: Bulk assign and reclaim seats from users
+ href: bulk-assign-and-reclaim-seats-from-user.md
+ - name: Get seats assigned to a user
+ href: get-seats-assigned-to-a-user.md
+ - name: Mobile device management (MDM) for device updates
+ href: device-update-management.md
+ - name: Secured-Core PC Configuration Lock
+ href: config-lock.md
+ - name: Certificate renewal
+ href: certificate-renewal-windows-mdm.md
+ - name: Using PowerShell scripting with the WMI Bridge Provider
+ href: using-powershell-scripting-with-the-wmi-bridge-provider.md
+ - name: WMI providers supported in Windows 10
+ href: wmi-providers-supported-in-windows.md
+ - name: Diagnose MDM failures in Windows 10
+ href: diagnose-mdm-failures-in-windows-10.md
+ - name: Push notification support for device management
+ href: push-notification-windows-mdm.md
+ - name: MAM support for device management
+ href: implement-server-side-mobile-application-management.md
+ - name: OMA DM protocol support
+ href: oma-dm-protocol-support.md
+ items:
+ - name: Structure of OMA DM provisioning files
+ href: structure-of-oma-dm-provisioning-files.md
+ - name: Server requirements for OMA DM
+ href: server-requirements-windows-mdm.md
+ - name: DMProcessConfigXMLFiltered
+ href: dmprocessconfigxmlfiltered.md
+ - name: Configuration service provider reference
+ href: configuration-service-provider-reference.md
+ items:
+ - name: AccountManagement CSP
+ href: accountmanagement-csp.md
+ items:
+ - name: AccountManagement DDF file
+ href: accountmanagement-ddf.md
+ - name: Accounts CSP
+ href: accounts-csp.md
+ items:
+ - name: Accounts DDF file
+ href: accounts-ddf-file.md
+ - name: ActiveSync CSP
+ href: activesync-csp.md
+ items:
+ - name: ActiveSync DDF file
+ href: activesync-ddf-file.md
+ - name: AllJoynManagement CSP
+ href: alljoynmanagement-csp.md
+ items:
+ - name: AllJoynManagement DDF
+ href: alljoynmanagement-ddf.md
+ - name: APPLICATION CSP
+ href: application-csp.md
+ - name: ApplicationControl CSP
+ href: applicationcontrol-csp.md
+ items:
+ - name: ApplicationControl DDF file
+ href: applicationcontrol-csp-ddf.md
+ - name: AppLocker CSP
+ href: applocker-csp.md
+ items:
+ - name: AppLocker DDF file
+ href: applocker-ddf-file.md
+ - name: AppLocker XSD
+ href: applocker-xsd.md
+ - name: AssignedAccess CSP
+ href: assignedaccess-csp.md
+ items:
+ - name: AssignedAccess DDF file
+ href: assignedaccess-ddf.md
+ - name: BitLocker CSP
+ href: bitlocker-csp.md
+ items:
+ - name: BitLocker DDF file
+ href: bitlocker-ddf-file.md
+ - name: CellularSettings CSP
+ href: cellularsettings-csp.md
+ - name: CertificateStore CSP
+ href: certificatestore-csp.md
+ items:
+ - name: CertificateStore DDF file
+ href: certificatestore-ddf-file.md
+ - name: CleanPC CSP
+ href: cleanpc-csp.md
+ items:
+ - name: CleanPC DDF
+ href: cleanpc-ddf.md
+ - name: ClientCertificateInstall CSP
+ href: clientcertificateinstall-csp.md
+ items:
+ - name: ClientCertificateInstall DDF file
+ href: clientcertificateinstall-ddf-file.md
+ - name: CM_CellularEntries CSP
+ href: cm-cellularentries-csp.md
+ - name: CMPolicy CSP
+ href: cmpolicy-csp.md
+ - name: CMPolicyEnterprise CSP
+ href: cmpolicyenterprise-csp.md
+ items:
+ - name: CMPolicyEnterprise DDF file
+ href: cmpolicyenterprise-ddf-file.md
+ - name: CustomDeviceUI CSP
+ href: customdeviceui-csp.md
+ items:
+ - name: CustomDeviceUI DDF file
+ href: customdeviceui-ddf.md
+ - name: Defender CSP
+ href: defender-csp.md
+ items:
+ - name: Defender DDF file
+ href: defender-ddf.md
+ - name: DevDetail CSP
+ href: devdetail-csp.md
+ items:
+ - name: DevDetail DDF file
+ href: devdetail-ddf-file.md
+ - name: DeveloperSetup CSP
+ href: developersetup-csp.md
+ items:
+ - name: DeveloperSetup DDF
+ href: developersetup-ddf.md
+ - name: DeviceLock CSP
+ href: devicelock-csp.md
+ items:
+ - name: DeviceLock DDF file
+ href: devicelock-ddf-file.md
+ - name: DeviceManageability CSP
+ href: devicemanageability-csp.md
+ items:
+ - name: DeviceManageability DDF
+ href: devicemanageability-ddf.md
+ - name: DeviceStatus CSP
+ href: devicestatus-csp.md
+ items:
+ - name: DeviceStatus DDF
+ href: devicestatus-ddf.md
+ - name: DevInfo CSP
+ href: devinfo-csp.md
+ items:
+ - name: DevInfo DDF file
+ href: devinfo-ddf-file.md
+ - name: DiagnosticLog CSP
+ href: diagnosticlog-csp.md
+ items:
+ - name: DiagnosticLog DDF file
+ href: diagnosticlog-ddf.md
+ - name: DMAcc CSP
+ href: dmacc-csp.md
+ items:
+ - name: DMAcc DDF file
+ href: dmacc-ddf-file.md
+ - name: DMClient CSP
+ href: dmclient-csp.md
+ items:
+ - name: DMClient DDF file
+ href: dmclient-ddf-file.md
+ - name: DMSessionActions CSP
+ href: dmsessionactions-csp.md
+ items:
+ - name: DMSessionActions DDF file
+ href: dmsessionactions-ddf.md
+ - name: DynamicManagement CSP
+ href: dynamicmanagement-csp.md
+ items:
+ - name: DynamicManagement DDF file
+ href: dynamicmanagement-ddf.md
+ - name: EMAIL2 CSP
+ href: email2-csp.md
+ items:
+ - name: EMAIL2 DDF file
+ href: email2-ddf-file.md
+ - name: EnrollmentStatusTracking CSP
+ href: enrollmentstatustracking-csp.md
+ items:
+ - name: EnrollmentStatusTracking DDF file
+ href: enrollmentstatustracking-csp-ddf.md
+ - name: EnterpriseAPN CSP
+ href: enterpriseapn-csp.md
+ items:
+ - name: EnterpriseAPN DDF
+ href: enterpriseapn-ddf.md
+ - name: EnterpriseAppVManagement CSP
+ href: enterpriseappvmanagement-csp.md
+ items:
+ - name: EnterpriseAppVManagement DDF file
+ href: enterpriseappvmanagement-ddf.md
+ - name: EnterpriseDataProtection CSP
+ href: enterprisedataprotection-csp.md
+ items:
+ - name: EnterpriseDataProtection DDF file
+ href: enterprisedataprotection-ddf-file.md
+ - name: EnterpriseDesktopAppManagement CSP
+ href: enterprisedesktopappmanagement-csp.md
+ items:
+ - name: EnterpriseDesktopAppManagement DDF
+ href: enterprisedesktopappmanagement-ddf-file.md
+ - name: EnterpriseDesktopAppManagement XSD
+ href: enterprisedesktopappmanagement2-xsd.md
+ - name: EnterpriseModernAppManagement CSP
+ href: enterprisemodernappmanagement-csp.md
+ items:
+ - name: EnterpriseModernAppManagement DDF
+ href: enterprisemodernappmanagement-ddf.md
+ - name: EnterpriseModernAppManagement XSD
+ href: enterprisemodernappmanagement-xsd.md
+ - name: eUICCs CSP
+ href: euiccs-csp.md
+ items:
+ - name: eUICCs DDF file
+ href: euiccs-ddf-file.md
+ - name: Firewall CSP
+ href: firewall-csp.md
+ items:
+ - name: Firewall DDF file
+ href: firewall-ddf-file.md
+ - name: HealthAttestation CSP
+ href: healthattestation-csp.md
+ items:
+ - name: HealthAttestation DDF
+ href: healthattestation-ddf.md
+ - name: MultiSIM CSP
+ href: multisim-csp.md
+ items:
+ - name: MultiSIM DDF file
+ href: multisim-ddf.md
+ - name: NAP CSP
+ href: nap-csp.md
+ - name: NAPDEF CSP
+ href: napdef-csp.md
+ - name: NetworkProxy CSP
+ href: networkproxy-csp.md
+ items:
+ - name: NetworkProxy DDF file
+ href: networkproxy-ddf.md
+ - name: NetworkQoSPolicy CSP
+ href: networkqospolicy-csp.md
+ items:
+ - name: NetworkQoSPolicy DDF file
+ href: networkqospolicy-ddf.md
+ - name: NodeCache CSP
+ href: nodecache-csp.md
+ items:
+ - name: NodeCache DDF file
+ href: nodecache-ddf-file.md
+ - name: Office CSP
+ href: office-csp.md
+ items:
+ - name: Office DDF
+ href: office-ddf.md
+ - name: PassportForWork CSP
+ href: passportforwork-csp.md
+ items:
+ - name: PassportForWork DDF file
+ href: passportforwork-ddf.md
+ - name: Personalization CSP
+ href: personalization-csp.md
+ items:
+ - name: Personalization DDF file
+ href: personalization-ddf.md
+ - name: Policy CSP
+ href: policy-configuration-service-provider.md
+ items:
+ - name: Policy CSP DDF file
+ href: policy-ddf-file.md
+ - name: Policies in Policy CSP supported by Group Policy
+ href: policies-in-policy-csp-supported-by-group-policy.md
+ - name: ADMX policies in Policy CSP
+ href: policies-in-policy-csp-admx-backed.md
+ - name: Policies in Policy CSP supported by HoloLens 2
+ href: policies-in-policy-csp-supported-by-hololens2.md
+ - name: Policies in Policy CSP supported by HoloLens (1st gen) Commercial Suite
+ href: policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md
+ - name: Policies in Policy CSP supported by HoloLens (1st gen) Development Edition
+ href: policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md
+ - name: Policies in Policy CSP supported by Windows 10 IoT Enterprise
+ href: ./configuration-service-provider-reference.md
+ - name: Policies in Policy CSP supported by Windows 10 IoT Core
+ href: policies-in-policy-csp-supported-by-iot-core.md
+ - name: Policies in Policy CSP supported by Microsoft Surface Hub
+ href: policies-in-policy-csp-supported-by-surface-hub.md
+ - name: Policy CSPs that can be set using Exchange Active Sync (EAS)
+ href: policies-in-policy-csp-that-can-be-set-using-eas.md
+ - name: AboveLock
+ href: policy-csp-abovelock.md
+ - name: Accounts
+ href: policy-csp-accounts.md
+ - name: ActiveXControls
+ href: policy-csp-activexcontrols.md
+ - name: ADMX_ActiveXInstallService
+ href: policy-csp-admx-activexinstallservice.md
+ - name: ADMX_AddRemovePrograms
+ href: policy-csp-admx-addremoveprograms.md
+ - name: ADMX_AdmPwd
+ href: policy-csp-admx-admpwd.md
+ - name: ADMX_AppCompat
+ href: policy-csp-admx-appcompat.md
+ - name: ADMX_AppxPackageManager
+ href: policy-csp-admx-appxpackagemanager.md
+ - name: ADMX_AppXRuntime
+ href: policy-csp-admx-appxruntime.md
+ - name: ADMX_AttachmentManager
+ href: policy-csp-admx-attachmentmanager.md
+ - name: ADMX_AuditSettings
+ href: policy-csp-admx-auditsettings.md
+ - name: ADMX_Bits
+ href: policy-csp-admx-bits.md
+ - name: ADMX_CipherSuiteOrder
+ href: policy-csp-admx-ciphersuiteorder.md
+ - name: ADMX_COM
+ href: policy-csp-admx-com.md
+ - name: ADMX_ControlPanel
+ href: policy-csp-admx-controlpanel.md
+ - name: ADMX_ControlPanelDisplay
+ href: policy-csp-admx-controlpaneldisplay.md
+ - name: ADMX_Cpls
+ href: policy-csp-admx-cpls.md
+ - name: ADMX_CredentialProviders
+ href: policy-csp-admx-credentialproviders.md
+ - name: ADMX_CredSsp
+ href: policy-csp-admx-credssp.md
+ - name: ADMX_CredUI
+ href: policy-csp-admx-credui.md
+ - name: ADMX_CtrlAltDel
+ href: policy-csp-admx-ctrlaltdel.md
+ - name: ADMX_DataCollection
+ href: policy-csp-admx-datacollection.md
+ - name: ADMX_DCOM
+ href: policy-csp-admx-dcom.md
+ - name: ADMX_Desktop
+ href: policy-csp-admx-desktop.md
+ - name: ADMX_DeviceCompat
+ href: policy-csp-admx-devicecompat.md
+ - name: ADMX_DeviceGuard
+ href: policy-csp-admx-deviceguard.md
+ - name: ADMX_DeviceInstallation
+ href: policy-csp-admx-deviceinstallation.md
+ - name: ADMX_DeviceSetup
+ href: policy-csp-admx-devicesetup.md
+ - name: ADMX_DFS
+ href: policy-csp-admx-dfs.md
+ - name: ADMX_DigitalLocker
+ href: policy-csp-admx-digitallocker.md
+ - name: ADMX_DiskDiagnostic
+ href: policy-csp-admx-diskdiagnostic.md
+ - name: ADMX_DistributedLinkTracking
+ href: policy-csp-admx-distributedlinktracking.md
+ - name: ADMX_DnsClient
+ href: policy-csp-admx-dnsclient.md
+ - name: ADMX_DWM
+ href: policy-csp-admx-dwm.md
+ - name: ADMX_EAIME
+ href: policy-csp-admx-eaime.md
+ - name: ADMX_EncryptFilesonMove
+ href: policy-csp-admx-encryptfilesonmove.md
+ - name: ADMX_EventLogging
+ href: policy-csp-admx-eventlogging.md
+ - name: ADMX_EnhancedStorage
+ href: policy-csp-admx-enhancedstorage.md
+ - name: ADMX_ErrorReporting
+ href: policy-csp-admx-errorreporting.md
+ - name: ADMX_EventForwarding
+ href: policy-csp-admx-eventforwarding.md
+ - name: ADMX_EventLog
+ href: policy-csp-admx-eventlog.md
+ - name: ADMX_EventViewer
+ href: policy-csp-admx-eventviewer.md
+ - name: ADMX_Explorer
+ href: policy-csp-admx-explorer.md
+ - name: ADMX_ExternalBoot
+ href: policy-csp-admx-externalboot.md
+ - name: ADMX_FileRecovery
+ href: policy-csp-admx-filerecovery.md
+ - name: ADMX_FileRevocation
+ href: policy-csp-admx-filerevocation.md
+ - name: ADMX_FileServerVSSProvider
+ href: policy-csp-admx-fileservervssprovider.md
+ - name: ADMX_FileSys
+ href: policy-csp-admx-filesys.md
+ - name: ADMX_FolderRedirection
+ href: policy-csp-admx-folderredirection.md
+ - name: ADMX_FramePanes
+ href: policy-csp-admx-framepanes.md
+ - name: ADMX_FTHSVC
+ href: policy-csp-admx-fthsvc.md
+ - name: ADMX_Globalization
+ href: policy-csp-admx-globalization.md
+ - name: ADMX_GroupPolicy
+ href: policy-csp-admx-grouppolicy.md
+ - name: ADMX_Help
+ href: policy-csp-admx-help.md
+ - name: ADMX_HelpAndSupport
+ href: policy-csp-admx-helpandsupport.md
+ - name: ADMX_HotSpotAuth
+ href: policy-csp-admx-hotspotauth.md
+ - name: ADMX_ICM
+ href: policy-csp-admx-icm.md
+ - name: ADMX_IIS
+ href: policy-csp-admx-iis.md
+ - name: ADMX_iSCSI
+ href: policy-csp-admx-iscsi.md
+ - name: ADMX_kdc
+ href: policy-csp-admx-kdc.md
+ - name: ADMX_Kerberos
+ href: policy-csp-admx-kerberos.md
+ - name: ADMX_LanmanServer
+ href: policy-csp-admx-lanmanserver.md
+ - name: ADMX_LanmanWorkstation
+ href: policy-csp-admx-lanmanworkstation.md
+ - name: ADMX_LeakDiagnostic
+ href: policy-csp-admx-leakdiagnostic.md
+ - name: ADMX_LinkLayerTopologyDiscovery
+ href: policy-csp-admx-linklayertopologydiscovery.md
+ - name: ADMX_LocationProviderAdm
+ href: policy-csp-admx-locationprovideradm.md
+ - name: ADMX_Logon
+ href: policy-csp-admx-logon.md
+ - name: ADMX_MicrosoftDefenderAntivirus
+ href: policy-csp-admx-microsoftdefenderantivirus.md
+ - name: ADMX_MMC
+ href: policy-csp-admx-mmc.md
+ - name: ADMX_MMCSnapins
+ href: policy-csp-admx-mmcsnapins.md
+ - name: ADMX_MobilePCMobilityCenter
+ href: policy-csp-admx-mobilepcmobilitycenter.md
+ - name: ADMX_MobilePCPresentationSettings
+ href: policy-csp-admx-mobilepcpresentationsettings.md
+ - name: ADMX_MSAPolicy
+ href: policy-csp-admx-msapolicy.md
+ - name: ADMX_msched
+ href: policy-csp-admx-msched.md
+ - name: ADMX_MSDT
+ href: policy-csp-admx-msdt.md
+ - name: ADMX_MSI
+ href: policy-csp-admx-msi.md
+ - name: ADMX_MsiFileRecovery
+ href: policy-csp-admx-msifilerecovery.md
+ - name: ADMX_nca
+ href: policy-csp-admx-nca.md
+ - name: ADMX_NCSI
+ href: policy-csp-admx-ncsi.md
+ - name: ADMX_Netlogon
+ href: policy-csp-admx-netlogon.md
+ - name: ADMX_NetworkConnections
+ href: policy-csp-admx-networkconnections.md
+ - name: ADMX_OfflineFiles
+ href: policy-csp-admx-offlinefiles.md
+ - name: ADMX_pca
+ href: policy-csp-admx-pca.md
+ - name: ADMX_PeerToPeerCaching
+ href: policy-csp-admx-peertopeercaching.md
+ - name: ADMX_PenTraining
+ href: policy-csp-admx-pentraining.md
+ - name: ADMX_PerformanceDiagnostics
+ href: policy-csp-admx-performancediagnostics.md
+ - name: ADMX_Power
+ href: policy-csp-admx-power.md
+ - name: ADMX_PowerShellExecutionPolicy
+ href: policy-csp-admx-powershellexecutionpolicy.md
+ - name: ADMX_PreviousVersions
+ href: policy-csp-admx-previousversions.md
+ - name: ADMX_Printing
+ href: policy-csp-admx-printing.md
+ - name: ADMX_Printing2
+ href: policy-csp-admx-printing2.md
+ - name: ADMX_Programs
+ href: policy-csp-admx-programs.md
+ - name: ADMX_Reliability
+ href: policy-csp-admx-reliability.md
+ - name: ADMX_RemoteAssistance
+ href: policy-csp-admx-remoteassistance.md
+ - name: ADMX_RemovableStorage
+ href: policy-csp-admx-removablestorage.md
+ - name: ADMX_RPC
+ href: policy-csp-admx-rpc.md
+ - name: ADMX_Scripts
+ href: policy-csp-admx-scripts.md
+ - name: ADMX_sdiageng
+ href: policy-csp-admx-sdiageng.md
+ - name: ADMX_sdiagschd
+ href: policy-csp-admx-sdiagschd.md
+ - name: ADMX_Securitycenter
+ href: policy-csp-admx-securitycenter.md
+ - name: ADMX_Sensors
+ href: policy-csp-admx-sensors.md
+ - name: ADMX_ServerManager
+ href: policy-csp-admx-servermanager.md
+ - name: ADMX_Servicing
+ href: policy-csp-admx-servicing.md
+ - name: ADMX_SettingSync
+ href: policy-csp-admx-settingsync.md
+ - name: ADMX_SharedFolders
+ href: policy-csp-admx-sharedfolders.md
+ - name: ADMX_Sharing
+ href: policy-csp-admx-sharing.md
+ - name: ADMX_ShellCommandPromptRegEditTools
+ href: policy-csp-admx-shellcommandpromptregedittools.md
+ - name: ADMX_Smartcard
+ href: policy-csp-admx-smartcard.md
+ - name: ADMX_Snmp
+ href: policy-csp-admx-snmp.md
+ - name: ADMX_StartMenu
+ href: policy-csp-admx-startmenu.md
+ - name: ADMX_SystemRestore
+ href: policy-csp-admx-systemrestore.md
+ - name: ADMX_TabletShell
+ href: policy-csp-admx-tabletshell.md
+ - name: ADMX_Taskbar
+ href: policy-csp-admx-taskbar.md
+ - name: ADMX_tcpip
+ href: policy-csp-admx-tcpip.md
+ - name: ADMX_TerminalServer
+ href: policy-csp-admx-terminalserver.md
+ - name: ADMX_Thumbnails
+ href: policy-csp-admx-thumbnails.md
+ - name: ADMX_TouchInput
+ href: policy-csp-admx-touchinput.md
+ - name: ADMX_TPM
+ href: policy-csp-admx-tpm.md
+ - name: ADMX_UserExperienceVirtualization
+ href: policy-csp-admx-userexperiencevirtualization.md
+ - name: ADMX_UserProfiles
+ href: policy-csp-admx-userprofiles.md
+ - name: ADMX_W32Time
+ href: policy-csp-admx-w32time.md
+ - name: ADMX_WCM
+ href: policy-csp-admx-wcm.md
+ - name: ADMX_WDI
+ href: policy-csp-admx-wdi.md
+ - name: ADMX_WinCal
+ href: policy-csp-admx-wincal.md
+ - name: ADMX_WindowsConnectNow
+ href: policy-csp-admx-windowsconnectnow.md
+ - name: ADMX_WindowsExplorer
+ href: policy-csp-admx-windowsexplorer.md
+ - name: ADMX_WindowsMediaDRM
+ href: policy-csp-admx-windowsmediadrm.md
+ - name: ADMX_WindowsMediaPlayer
+ href: policy-csp-admx-windowsmediaplayer.md
+ - name: ADMX_WindowsRemoteManagement
+ href: policy-csp-admx-windowsremotemanagement.md
+ - name: ADMX_WindowsStore
+ href: policy-csp-admx-windowsstore.md
+ - name: ADMX_WinInit
+ href: policy-csp-admx-wininit.md
+ - name: ADMX_WinLogon
+ href: policy-csp-admx-winlogon.md
+ - name: ADMX-Winsrv
+ href: policy-csp-admx-winsrv.md
+ - name: ADMX_wlansvc
+ href: policy-csp-admx-wlansvc.md
+ - name: ADMX_WordWheel
+ href: policy-csp-admx-wordwheel.md
+ - name: ADMX_WorkFoldersClient
+ href: policy-csp-admx-workfoldersclient.md
+ - name: ADMX_WPN
+ href: policy-csp-admx-wpn.md
+ - name: ApplicationDefaults
+ href: policy-csp-applicationdefaults.md
+ - name: ApplicationManagement
+ href: policy-csp-applicationmanagement.md
+ - name: AppRuntime
+ href: policy-csp-appruntime.md
+ - name: AppVirtualization
+ href: policy-csp-appvirtualization.md
+ - name: AttachmentManager
+ href: policy-csp-attachmentmanager.md
+ - name: Audit
+ href: policy-csp-audit.md
+ - name: Authentication
+ href: policy-csp-authentication.md
+ - name: Autoplay
+ href: policy-csp-autoplay.md
+ - name: BitLocker
+ href: policy-csp-bitlocker.md
+ - name: BITS
+ href: policy-csp-bits.md
+ - name: Bluetooth
+ href: policy-csp-bluetooth.md
+ - name: Browser
+ href: policy-csp-browser.md
+ - name: Camera
+ href: policy-csp-camera.md
+ - name: Cellular
+ href: policy-csp-cellular.md
+ - name: Connectivity
+ href: policy-csp-connectivity.md
+ - name: ControlPolicyConflict
+ href: policy-csp-controlpolicyconflict.md
+ - name: CredentialsDelegation
+ href: policy-csp-credentialsdelegation.md
+ - name: CredentialProviders
+ href: policy-csp-credentialproviders.md
+ - name: CredentialsUI
+ href: policy-csp-credentialsui.md
+ - name: Cryptography
+ href: policy-csp-cryptography.md
+ - name: DataProtection
+ href: policy-csp-dataprotection.md
+ - name: DataUsage
+ href: policy-csp-datausage.md
+ - name: Defender
+ href: policy-csp-defender.md
+ - name: DeliveryOptimization
+ href: policy-csp-deliveryoptimization.md
+ - name: Desktop
+ href: policy-csp-desktop.md
+ - name: DeviceGuard
+ href: policy-csp-deviceguard.md
+ - name: DeviceHealthMonitoring
+ href: policy-csp-devicehealthmonitoring.md
+ - name: DeviceInstallation
+ href: policy-csp-deviceinstallation.md
+ - name: DeviceLock
+ href: policy-csp-devicelock.md
+ - name: Display
+ href: policy-csp-display.md
+ - name: DmaGuard
+ href: policy-csp-dmaguard.md
+ - name: EAP
+ href: policy-csp-eap.md
+ - name: Education
+ href: policy-csp-education.md
+ - name: EnterpriseCloudPrint
+ href: policy-csp-enterprisecloudprint.md
+ - name: ErrorReporting
+ href: policy-csp-errorreporting.md
+ - name: EventLogService
+ href: policy-csp-eventlogservice.md
+ - name: Experience
+ href: policy-csp-experience.md
+ - name: ExploitGuard
+ href: policy-csp-exploitguard.md
+ - name: Feeds
+ href: policy-csp-feeds.md
+ - name: FileExplorer
+ href: policy-csp-fileexplorer.md
+ - name: Games
+ href: policy-csp-games.md
+ - name: Handwriting
+ href: policy-csp-handwriting.md
+ - name: HumanPresence
+ href: policy-csp-humanpresence.md
+ - name: InternetExplorer
+ href: policy-csp-internetexplorer.md
+ - name: Kerberos
+ href: policy-csp-kerberos.md
+ - name: KioskBrowser
+ href: policy-csp-kioskbrowser.md
+ - name: LanmanWorkstation
+ href: policy-csp-lanmanworkstation.md
+ - name: Licensing
+ href: policy-csp-licensing.md
+ - name: LocalPoliciesSecurityOptions
+ href: policy-csp-localpoliciessecurityoptions.md
+ - name: LocalUsersAndGroups
+ href: policy-csp-localusersandgroups.md
+ - name: LockDown
+ href: policy-csp-lockdown.md
+ - name: Maps
+ href: policy-csp-maps.md
+ - name: MemoryDump
+ href: policy-csp-memorydump.md
+ - name: Messaging
+ href: policy-csp-messaging.md
+ - name: MixedReality
+ href: policy-csp-mixedreality.md
+ - name: MSSecurityGuide
+ href: policy-csp-mssecurityguide.md
+ - name: MSSLegacy
+ href: policy-csp-msslegacy.md
+ - name: Multitasking
+ href: policy-csp-multitasking.md
+ - name: NetworkIsolation
+ href: policy-csp-networkisolation.md
+ - name: NetworkListManager
+ href: policy-csp-networklistmanager.md
+ - name: NewsAndInterests
+ href: policy-csp-newsandinterests.md
+ - name: Notifications
+ href: policy-csp-notifications.md
+ - name: Power
+ href: policy-csp-power.md
+ - name: Printers
+ href: policy-csp-printers.md
+ - name: Privacy
+ href: policy-csp-privacy.md
+ - name: RemoteAssistance
+ href: policy-csp-remoteassistance.md
+ - name: RemoteDesktop
+ href: policy-csp-remotedesktop.md
+ - name: RemoteDesktopServices
+ href: policy-csp-remotedesktopservices.md
+ - name: RemoteManagement
+ href: policy-csp-remotemanagement.md
+ - name: RemoteProcedureCall
+ href: policy-csp-remoteprocedurecall.md
+ - name: RemoteShell
+ href: policy-csp-remoteshell.md
+ - name: RestrictedGroups
+ href: policy-csp-restrictedgroups.md
+ - name: Search
+ href: policy-csp-search.md
+ - name: Security
+ href: policy-csp-security.md
+ - name: ServiceControlManager
+ href: policy-csp-servicecontrolmanager.md
+ - name: Settings
+ href: policy-csp-settings.md
+ - name: Speech
+ href: policy-csp-speech.md
+ - name: Start
+ href: policy-csp-start.md
+ - name: Storage
+ href: policy-csp-storage.md
+ - name: System
+ href: policy-csp-system.md
+ - name: SystemServices
+ href: policy-csp-systemservices.md
+ - name: TaskManager
+ href: policy-csp-taskmanager.md
+ - name: TaskScheduler
+ href: policy-csp-taskscheduler.md
+ - name: TextInput
+ href: policy-csp-textinput.md
+ - name: TimeLanguageSettings
+ href: policy-csp-timelanguagesettings.md
+ - name: Troubleshooting
+ href: policy-csp-troubleshooting.md
+ - name: Update
+ href: policy-csp-update.md
+ - name: UserRights
+ href: policy-csp-userrights.md
+ - name: VirtualizationBasedTechnology
+ href: policy-csp-virtualizationbasedtechnology.md
+ - name: Wifi
+ href: policy-csp-wifi.md
+ - name: WindowsAutoPilot
+ href: policy-csp-windowsautopilot.md
+ - name: WindowsConnectionManager
+ href: policy-csp-windowsconnectionmanager.md
+ - name: WindowsDefenderSecurityCenter
+ href: policy-csp-windowsdefendersecuritycenter.md
+ - name: WindowsDefenderSmartScreen
+ href: policy-csp-smartscreen.md
+ - name: WindowsInkWorkspace
+ href: policy-csp-windowsinkworkspace.md
+ - name: WindowsLogon
+ href: policy-csp-windowslogon.md
+ - name: WindowsPowerShell
+ href: policy-csp-windowspowershell.md
+ - name: WindowsSandbox
+ href: policy-csp-windowssandbox.md
+ - name: WirelessDisplay
+ href: policy-csp-wirelessdisplay.md
+ - name: Provisioning CSP
+ href: provisioning-csp.md
+ - name: PXLOGICAL CSP
+ href: pxlogical-csp.md
+ - name: Reboot CSP
+ href: reboot-csp.md
+ items:
+ - name: Reboot DDF file
+ href: reboot-ddf-file.md
+ - name: RemoteFind CSP
+ href: remotefind-csp.md
+ items:
+ - name: RemoteFind DDF file
+ href: remotefind-ddf-file.md
+ - name: RemoteWipe CSP
+ href: remotewipe-csp.md
+ items:
+ - name: RemoteWipe DDF file
+ href: remotewipe-ddf-file.md
+ - name: Reporting CSP
+ href: reporting-csp.md
+ items:
+ - name: Reporting DDF file
+ href: reporting-ddf-file.md
+ - name: RootCATrustedCertificates CSP
+ href: rootcacertificates-csp.md
+ items:
+ - name: RootCATrustedCertificates DDF file
+ href: rootcacertificates-ddf-file.md
+ - name: SecureAssessment CSP
+ href: secureassessment-csp.md
+ items:
+ - name: SecureAssessment DDF file
+ href: secureassessment-ddf-file.md
+ - name: SecurityPolicy CSP
+ href: securitypolicy-csp.md
+ - name: SharedPC CSP
+ href: sharedpc-csp.md
+ items:
+ - name: SharedPC DDF file
+ href: sharedpc-ddf-file.md
+ - name: Storage CSP
+ href: storage-csp.md
+ items:
+ - name: Storage DDF file
+ href: storage-ddf-file.md
+ - name: SUPL CSP
+ href: supl-csp.md
+ items:
+ - name: SUPL DDF file
+ href: supl-ddf-file.md
+ - name: SurfaceHub CSP
+ href: surfacehub-csp.md
+ items:
+ - name: SurfaceHub DDF file
+ href: surfacehub-ddf-file.md
+ - name: TenantLockdown CSP
+ href: tenantlockdown-csp.md
+ items:
+ - name: TenantLockdown DDF file
+ href: tenantlockdown-ddf.md
+ - name: TPMPolicy CSP
+ href: tpmpolicy-csp.md
+ items:
+ - name: TPMPolicy DDF file
+ href: tpmpolicy-ddf-file.md
+ - name: UEFI CSP
+ href: uefi-csp.md
+ items:
+ - name: UEFI DDF file
+ href: uefi-ddf.md
+ - name: UnifiedWriteFilter CSP
+ href: unifiedwritefilter-csp.md
+ items:
+ - name: UnifiedWriteFilter DDF file
+ href: unifiedwritefilter-ddf.md
+ - name: UniversalPrint CSP
+ href: universalprint-csp.md
+ items:
+ - name: UniversalPrint DDF file
+ href: universalprint-ddf-file.md
+ - name: Update CSP
+ href: update-csp.md
+ items:
+ - name: Update DDF file
+ href: update-ddf-file.md
+ - name: VPN CSP
+ href: vpn-csp.md
+ items:
+ - name: VPN DDF file
+ href: vpn-ddf-file.md
+ - name: VPNv2 CSP
+ href: vpnv2-csp.md
+ items:
+ - name: VPNv2 DDF file
+ href: vpnv2-ddf-file.md
+ - name: ProfileXML XSD
+ href: vpnv2-profile-xsd.md
+ - name: EAP configuration
+ href: eap-configuration.md
+ - name: w4 APPLICATION CSP
+ href: w4-application-csp.md
+ - name: w7 APPLICATION CSP
+ href: w7-application-csp.md
+ - name: WiFi CSP
+ href: wifi-csp.md
+ items:
+ - name: WiFi DDF file
+ href: wifi-ddf-file.md
+ - name: Win32AppInventory CSP
+ href: win32appinventory-csp.md
+ items:
+ - name: Win32AppInventory DDF file
+ href: win32appinventory-ddf-file.md
+ - name: Win32CompatibilityAppraiser CSP
+ href: win32compatibilityappraiser-csp.md
+ items:
+ - name: Win32CompatibilityAppraiser DDF file
+ href: win32compatibilityappraiser-ddf.md
+ - name: WindowsAdvancedThreatProtection CSP
+ href: windowsadvancedthreatprotection-csp.md
+ items:
+ - name: WindowsAdvancedThreatProtection DDF file
+ href: windowsadvancedthreatprotection-ddf.md
+ - name: WindowsAutopilot CSP
+ href: windowsautopilot-csp.md
+ items:
+ - name: WindowsAutopilot DDF file
+ href: windowsautopilot-ddf-file.md
+ - name: WindowsDefenderApplicationGuard CSP
+ href: windowsdefenderapplicationguard-csp.md
+ items:
+ - name: WindowsDefenderApplicationGuard DDF file
+ href: windowsdefenderapplicationguard-ddf-file.md
+ - name: WindowsLicensing CSP
+ href: windowslicensing-csp.md
+ items:
+ - name: WindowsLicensing DDF file
+ href: windowslicensing-ddf-file.md
+ - name: WiredNetwork CSP
+ href: wirednetwork-csp.md
+ items:
+ - name: WiredNetwork DDF file
+ href: wirednetwork-ddf-file.md
diff --git a/windows/client-management/mdm/tpmpolicy-csp.md b/windows/client-management/mdm/tpmpolicy-csp.md
index c4aa932cc0..14bb56f7ca 100644
--- a/windows/client-management/mdm/tpmpolicy-csp.md
+++ b/windows/client-management/mdm/tpmpolicy-csp.md
@@ -1,30 +1,31 @@
---
title: TPMPolicy CSP
description: The TPMPolicy configuration service provider (CSP) provides a mechanism to enable zero-exhaust configuration on a Windows device for TPM software components.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 11/01/2017
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# TPMPolicy CSP
The table below shows the applicability of Windows:
+The TPMPolicy Configuration Service Provider (CSP) provides a mechanism to enable zero exhaust configuration on a Windows device for TPM software components. Zero exhaust is defined as no network traffic (diagnostic data or otherwise, such as downloading background images, Windows Updates, and so on.) from Windows and inbox applications to public IP addresses unless directly intended by the user. This allows the enterprise admin to configure devices where no network communication is initiated by the system without explicit approval.
+
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
-The TPMPolicy configuration service provider (CSP) provides a mechanism to enable zero-exhaust configuration on a Windows device for TPM software components. Zero exhaust is defined as no network traffic (diagnostic data or otherwise, such as downloading background images, Windows Updates, and so on) from Windows and inbox applications to public IP addresses, unless directly intended by the user. This definition allows the enterprise admin to configure devices where no network communication is initiated by the system without explicit approval.
-
The TPMPolicy CSP was added in Windows 10, version 1703, and later.
The following example shows the TPMPolicy configuration service provider in tree format.
diff --git a/windows/client-management/mdm/tpmpolicy-ddf-file.md b/windows/client-management/mdm/tpmpolicy-ddf-file.md
index 5cd81b56b7..42f7a373d5 100644
--- a/windows/client-management/mdm/tpmpolicy-ddf-file.md
+++ b/windows/client-management/mdm/tpmpolicy-ddf-file.md
@@ -1,14 +1,14 @@
---
title: TPMPolicy DDF file
description: Learn about the OMA DM device description framework (DDF) for the TPMPolicy configuration service provider (CSP).
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# TPMPolicy DDF file
diff --git a/windows/client-management/mdm/uefi-csp.md b/windows/client-management/mdm/uefi-csp.md
index 174bdb6025..b1fd8cdde4 100644
--- a/windows/client-management/mdm/uefi-csp.md
+++ b/windows/client-management/mdm/uefi-csp.md
@@ -1,29 +1,31 @@
---
title: UEFI CSP
description: The Uefi CSP interfaces to UEFI's Device Firmware Configuration Interface (DFCI) to make BIOS configuration changes.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 10/02/2018
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# UEFI CSP
The table below shows the applicability of Windows:
+The UEFI Configuration Service Provider (CSP) interfaces to UEFI's Device Firmware Configuration Interface (DFCI) to make BIOS configuration changes. This CSP was added in Windows 10, version 1809.
+
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
-The UEFI configuration service provider (CSP) interfaces to UEFI's Device Firmware Configuration Interface (DFCI) to make BIOS configuration changes. This CSP was added in Windows 10, version 1809c, and later.
> [!NOTE]
> The UEFI CSP version published in Windows 10, version 1803 is replaced with this one (version 1809).
diff --git a/windows/client-management/mdm/uefi-ddf.md b/windows/client-management/mdm/uefi-ddf.md
index 0124a0a281..51dec0bdd7 100644
--- a/windows/client-management/mdm/uefi-ddf.md
+++ b/windows/client-management/mdm/uefi-ddf.md
@@ -1,14 +1,14 @@
---
title: UEFI DDF file
description: Learn about the OMA DM device description framework (DDF) for the Uefi configuration service provider (CSP).
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 10/02/2018
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# UEFI DDF file
diff --git a/windows/client-management/mdm/understanding-admx-backed-policies.md b/windows/client-management/mdm/understanding-admx-backed-policies.md
index da5516f990..c21a7a2573 100644
--- a/windows/client-management/mdm/understanding-admx-backed-policies.md
+++ b/windows/client-management/mdm/understanding-admx-backed-policies.md
@@ -1,14 +1,14 @@
---
title: Understanding ADMX policies
description: In Windows 10, you can use ADMX policies for Windows 10 mobile device management (MDM) across Windows 10 devices.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 03/23/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Understanding ADMX policies
diff --git a/windows/client-management/mdm/unifiedwritefilter-csp.md b/windows/client-management/mdm/unifiedwritefilter-csp.md
index 255dde3d19..6e9a7e9322 100644
--- a/windows/client-management/mdm/unifiedwritefilter-csp.md
+++ b/windows/client-management/mdm/unifiedwritefilter-csp.md
@@ -1,14 +1,13 @@
---
title: UnifiedWriteFilter CSP
description: The UnifiedWriteFilter (UWF) configuration service provider allows you to remotely manage the UWF. Understand how it helps protect physical storage media.
-ms.assetid: F4716AC6-0AA5-4A67-AECE-E0F200BA95EB
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
@@ -20,6 +19,7 @@ The table below shows the applicability of Windows:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/unifiedwritefilter-ddf.md b/windows/client-management/mdm/unifiedwritefilter-ddf.md
index f91c0ba659..f6cfcd2307 100644
--- a/windows/client-management/mdm/unifiedwritefilter-ddf.md
+++ b/windows/client-management/mdm/unifiedwritefilter-ddf.md
@@ -1,14 +1,13 @@
---
title: UnifiedWriteFilter DDF File
description: UnifiedWriteFilter DDF File
-ms.assetid: 23A7316E-A298-43F7-9407-A65155C8CEA6
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/universalprint-csp.md b/windows/client-management/mdm/universalprint-csp.md
new file mode 100644
index 0000000000..bb4cae4a7b
--- /dev/null
+++ b/windows/client-management/mdm/universalprint-csp.md
@@ -0,0 +1,110 @@
+---
+title: UniversalPrint CSP
+description: Learn how the UniversalPrint configuration service provider (CSP) is used to install printers on Windows client devices.
+ms.author: vinpa
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: vinaypamnani-msft
+ms.date: 06/02/2022
+ms.reviewer: jimwu
+manager: aaroncz
+---
+
+# UniversalPrint CSP
+
+The table below shows the applicability of Windows:
+
+|Edition|Windows 11|Windows 10|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Windows SE|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+The UniversalPrint configuration service provider (CSP) is used to add Universal Print-compatible printers to Windows client endpoints. Universal Print is a cloud-based printing solution that runs entirely in Microsoft Azure. It doesn't require any on-premises infrastructure. For more specific information, go to [What is Universal Print](/universal-print/fundamentals/universal-print-whatis).
+
+This CSP was added in Windows 11 and in Windows 10 21H2 July 2022 update [KB5015807](https://support.microsoft.com/topic/july-12-2022-kb5015807-os-builds-19042-1826-19043-1826-and-19044-1826-8c8ea8fe-ec83-467d-86fb-a2f48a85eb41).
+
+The following example shows the UniversalPrint configuration service provider in tree format.
+
+```console
+./Vendor/MSFT
+PrinterProvisioning
+----UPPrinterInstalls
+-------- (PrinterSharedID)
+--------CloudDeviceID
+--------PrinterSharedName
+--------Install
+--------Status
+--------ErrorCode
+```
+
+**./Vendor/MSFT/PrinterProvisioning**
+The root node for the Universal Print PrinterProvisioning configuration service provider.
+
+**UPPrinterInstalls**
+
+This setting will install or uninstall a specific printer to a targeted user account.
+
+Valid values:
+
+- Install (default) - The printer is installed.
+- Uninstall - The printer is uninstalled.
+
+The data type is node (XML node). Supported operation is Get.
+
+**`` (PrinterSharedID)**
+
+The Share ID is used to identify the Universal Print printer you want to install on the targeted user account. You can get the printer's Share ID in the printer's properties in the [Universal Print portal](/universal-print/portal/navigate-up).
+
+The data type is node (XML node). Supported operations are Get, Add, and Delete.
+
+> [!NOTE]
+> The targeted user account must have access rights to the printer and to the Universal Print service.
+
+**CloudDeviceID**
+
+The Printer ID is used to identify the Universal Print printer you want to install on the targeted user account. You can get the printer's Printer ID in the printer's properties in the [Universal Print portal](/universal-print/portal/navigate-up).
+
+The data type is string/text (GUID). Supported operations are Get, Add, Delete, and Replace.
+
+> [!NOTE]
+> The targeted user account must have access rights to the printer and to the Universal Print service.
+
+**PrinterSharedName**
+
+The Share Name is used to identify the Universal Print printer you want to install on the targeted user account. You can get the printer's Share Name in the printer's properties in the [Universal Print portal](/universal-print/portal/navigate-up).
+
+The data type is string/text. Supported operations are Get, Add, Delete, and Replace.
+
+> [!NOTE]
+> The targeted user account must have access rights to the printer and to the Universal Print service.
+
+**Install**
+
+Installs the Universal Print printer. Supports async execute.
+
+The data type is string/text (empty string). Supported operations are Get and Execute.
+
+**Status**
+
+The result status of the printer installation.
+
+Valid values:
+
+- 1 (default) - Installation completed successfully.
+- 2 - Installation is in progress after receiving execute cmd.
+- 4 - Installation failed.
+- 8 - Installation initial status
+- 32 - Unknown (not used)
+
+The data type is int. Supported operations is Get.
+
+**ErrorCode**
+
+HRESULT of the last installation returned code.
+
+The data type is int. Supported operation is Get.
diff --git a/windows/client-management/mdm/universalprint-ddf-file.md b/windows/client-management/mdm/universalprint-ddf-file.md
new file mode 100644
index 0000000000..6e8412dfa0
--- /dev/null
+++ b/windows/client-management/mdm/universalprint-ddf-file.md
@@ -0,0 +1,214 @@
+---
+title: UniversalPrint DDF file
+description: UniversalPrint DDF file
+ms.author: vinpa
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: vinaypamnani-msft
+ms.date: 06/02/2022
+ms.reviewer: jimwu
+manager: aaroncz
+---
+
+# UniversalPrint DDF file
+
+This article shows the OMA DM device description framework (DDF) for the **UniversalPrint** configuration service provider.
+
+Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
+
+The XML below is the current version for this CSP.
+
+```xml
+
+]>
+
+ 1.2
+
+ PrinterProvisioning
+ ./User/Vendor/MSFT
+
+
+
+
+ Printer Provisioning
+
+
+
+
+
+
+
+
+
+
+ com.microsoft/1.0/MDM/PrinterProvisioning
+
+
+
+ UPPrinterInstalls
+
+
+
+
+ This setting will take the action on the specified user account to install or uninstall the specified printer. Install action is selected by default.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Identifies the Universal Print printer, by its Share ID, you wish to install on the targeted user account. The printer's Share ID can be found in the printer's properties via the Universal Print portal. Note: the targeted user account must have access rights to both the printer and to the Universal Print service.
+
+
+
+
+
+
+
+
+
+ PrinterSharedID
+
+
+
+
+ PrinterSharedID from the Universal Print system, which is used to discover and install Univeral Print printer
+
+
+
+
+
+ CloudDeviceID
+
+
+
+
+
+
+
+ Identifies the Universal Print printer, by its Printer ID, you wish to install on the targeted user account. The printer's Printer ID can be found in the printer's properties via the Universal Print portal. Note: the targeted user account must have access rights to both the printer and to the Universal Print service.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ Install
+
+
+
+
+
+ Support async execute. Install Universal Print printer.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ Status
+
+
+
+
+ 1 finished installation successfully, 2 installation in progress after receiving execute cmd, 4 installation failed, 8 installation initial status, 32 unknown (not used).
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ ErrorCode
+
+
+
+
+ HRESULT of the last installation returned code.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ PrinterSharedName
+
+
+
+
+
+
+
+ Identifies the Universal Print printer, by its Share Name, you wish to install on the targeted user account. The printer's Share Name can be found in the printer's properties via the Universal Print portal. Note: the targeted user account must have access rights to both the printer and to the Universal Print service.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+
+
+
+```
diff --git a/windows/client-management/mdm/update-csp.md b/windows/client-management/mdm/update-csp.md
index ec193e1117..e7c54fb69a 100644
--- a/windows/client-management/mdm/update-csp.md
+++ b/windows/client-management/mdm/update-csp.md
@@ -1,30 +1,31 @@
---
title: Update CSP
description: Learn how the Update configuration service provider (CSP) enables IT administrators to manage and control the rollout of new updates.
-ms.assetid: F1627B57-0749-47F6-A066-677FDD3D7359
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 02/23/2018
---
# Update CSP
+The Update configuration service provider enables the IT administrators to manage and control the rollout of new updates.
+
The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
-The Update configuration service provider enables IT administrators to manage and control the rollout of new updates.
> [!NOTE]
> The Update CSP functionality of 'ApprovedUpdates' is not recommended for managing desktop devices. To manage updates to desktop devices from Windows Update, see the [Policy CSP - Updates](policy-csp-update.md) documentation for the recommended policies.
diff --git a/windows/client-management/mdm/update-ddf-file.md b/windows/client-management/mdm/update-ddf-file.md
index efba4330c5..06da8be6f1 100644
--- a/windows/client-management/mdm/update-ddf-file.md
+++ b/windows/client-management/mdm/update-ddf-file.md
@@ -1,14 +1,13 @@
---
title: Update DDF file
description: Learn about the OMA DM device description framework (DDF) for the Update configuration service provider (CSP).
-ms.assetid: E236E468-88F3-402A-BA7A-834ED38DD388
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 02/23/2018
---
diff --git a/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider.md b/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider.md
index 7dee32b407..d42e777b93 100644
--- a/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider.md
+++ b/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider.md
@@ -1,14 +1,13 @@
---
title: Using PowerShell scripting with the WMI Bridge Provider
description: This topic covers using PowerShell Cmdlet scripts to configure per-user and per-device policy settings, and how to invoke methods through the WMI Bridge Provider.
-ms.assetid: 238D45AD-3FD8-46F9-B7FB-6AEE42BE4C08
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/vpn-csp.md b/windows/client-management/mdm/vpn-csp.md
index 4e2ae5fec4..6d484acd8d 100644
--- a/windows/client-management/mdm/vpn-csp.md
+++ b/windows/client-management/mdm/vpn-csp.md
@@ -1,14 +1,13 @@
---
title: VPN CSP
description: Learn how the VPN configuration service provider (CSP) allows the mobile device management (MDM) server to configure the VPN profile of the device.
-ms.assetid: 05ca946a-1c0b-4e11-8d7e-854e14740707
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 04/02/2017
---
diff --git a/windows/client-management/mdm/vpn-ddf-file.md b/windows/client-management/mdm/vpn-ddf-file.md
index ba5b9526f2..4cf629cb79 100644
--- a/windows/client-management/mdm/vpn-ddf-file.md
+++ b/windows/client-management/mdm/vpn-ddf-file.md
@@ -1,14 +1,13 @@
---
title: VPN DDF file
description: Learn about the OMA DM device description framework (DDF) for the VPN configuration service provider (CSP).
-ms.assetid: 728FCD9C-0B8E-413B-B54A-CD72C9F2B9EE
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/vpnv2-csp.md b/windows/client-management/mdm/vpnv2-csp.md
index 94974cf502..fb60f1756f 100644
--- a/windows/client-management/mdm/vpnv2-csp.md
+++ b/windows/client-management/mdm/vpnv2-csp.md
@@ -1,14 +1,13 @@
---
title: VPNv2 CSP
description: Learn how the VPNv2 configuration service provider (CSP) allows the mobile device management (MDM) server to configure the VPN profile of the device.
-ms.assetid: 51ADA62E-1EE5-4F15-B2AD-52867F5B2AD2
ms.reviewer: pesmith
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/21/2021
---
@@ -20,16 +19,17 @@ The table below shows the applicability of Windows:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
-The VPNv2 configuration service provider allows the mobile device management (MDM) server to configure the VPN profile of the device.
+The VPNv2 configuration service provider allows the Mobile Device Management (MDM) server to configure the VPN profile of the device.
Here are the requirements for this CSP:
- VPN configuration commands must be wrapped in an Atomic block in SyncML.
-- For best results, configure your VPN certificates first before pushing down VPN profiles to devices. If you're using Windows Information Protection (WIP) (formerly known as Enterprise Data Protection), then you should configure VPN first before you configure WIP policies.
+- For best results, configure your VPN certificates first before pushing down VPN profiles to devices. If you're using Windows Information Protection (WIP) (formerly known as Enterprise Data Protection), then you should configure VPN first before you configure Windows Information Protection policies.
- Instead of changing individual properties, follow these steps to make any changes:
- Send a Delete command for the ProfileName to delete the entire profile.
@@ -346,11 +346,10 @@ A sequential integer identifier that allows the ability to specify multiple apps
Supported operations include Get, Add, Replace, and Delete.
**VPNv2/**ProfileName**/AppTriggerList/**appTriggerRowId**/App**
-App Node under the Row Id.
+App Node under the Row ID.
**VPNv2/**ProfileName**/AppTriggerList/**appTriggerRowId**/App/Id**
-App identity, which is either an app’s package family name or file path. The type is inferred by the Id, and therefore can't be specified in the get only App/Type field
-
+App identity, which is either an app’s package family name or file path. The type is inferred by the ID, and therefore can't be specified in the get only App/Type field
**VPNv2/**ProfileName**/AppTriggerList/**appTriggerRowId**/App/Type**
Returns the type of **App/Id**. This value can be either of the following values:
@@ -364,9 +363,10 @@ Optional node. List of routes to be added to the routing table for the VPN inter
Every computer that runs TCP/IP makes routing decisions. These decisions are controlled by the IP routing table. Adding values under this node updates the routing table with routes for the VPN interface post connection. The values under this node represent the destination prefix of IP routes. A destination prefix consists of an IP address prefix and a prefix length.
-Adding a route here allows the networking stack to identify the traffic that needs to go over the VPN interface for split tunnel VPN. Some VPN servers can configure this route during connect negotiation and don't need this information in the VPN Profile. Check with your VPN server administrator to determine whether you need this information in the VPN profile.
+Adding a route here allows the networking stack to identify the traffic that needs to go over the VPN interface for split tunnel VPN. Some VPN servers can configure this during connect negotiation and don't need this information in the VPN Profile. Check with your VPN server administrator to determine whether you need this information in the VPN profile.
**VPNv2/**ProfileName**/RouteList/**routeRowId
+
A sequential integer identifier for the RouteList. This value is required if you're adding routes. Sequencing must start at 0.
Supported operations include Get, Add, Replace, and Delete.
@@ -411,7 +411,7 @@ Supported operations include Get, Add, Replace, and Delete.
Used to indicate the namespace to which the policy applies. When a Name query is issued, the DNS client compares the name in the query to all of the namespaces under DomainNameInformationList to find a match. This parameter can be one of the following types:
- FQDN - Fully qualified domain name
-- Suffix - A domain suffix that will be appended to the shortname query for DNS resolution. To specify a suffix, prepend **.** to the DNS suffix.
+- Suffix - A domain suffix that will be appended to the shortname query for DNS resolution. To specify a suffix, prepend.**.** to the DNS suffix.
Value type is chr. Supported operations include Get, Add, Replace, and Delete.
@@ -540,9 +540,9 @@ If no inbound filter is provided, then by default all unsolicited inbound traffi
Value type is chr. Supported operations include Get, Add, Replace, and Delete.
**VPNv2/**ProfileName**/EdpModeId**
-Enterprise ID, which is required for connecting this VPN profile with a WIP policy. When this ID is set, the networking stack looks for this Enterprise ID in the app token to determine if the traffic is allowed to go over the VPN. If the profile is active, it also automatically triggers the VPN to connect. We recommend having only one such profile per device.
+Enterprise ID, which is required for connecting this VPN profile with a Windows Information Protection policy. When this ID is set, the networking stack looks for this Enterprise ID in the app token to determine if the traffic is allowed to go over the VPN. If the profile is active, it also automatically triggers the VPN to connect. We recommend having only one such profile per device.
-Additionally when a connection is being established with Windows Information Protection (WIP)(formerly known as Enterprise Data Protection), the admin doesn't have to specify AppTriggerList and TrafficFilterList rules separately in this profile (unless more advanced config is needed) because the WIP policies and App lists automatically takes effect.
+Additionally when a connection is being established with Windows Information Protection (WIP)(formerly known as Enterprise Data Protection), the admin doesn't have to specify AppTriggerList and TrafficFilterList rules separately in this profile (unless more advanced config is needed) because the Windows Information Protection policies and App lists automatically takes effect.
Value type is chr. Supported operations include Get, Add, Replace, and Delete.
@@ -658,10 +658,10 @@ Reserved for future use.
Reserved for future use.
**VPNv2/**ProfileName**/DeviceCompliance**
-Added in Windows 10, version 1607. Nodes under DeviceCompliance can be used to enable AAD-based Conditional Access for VPN.
+Added in Windows 10, version 1607. Nodes under DeviceCompliance can be used to enable Azure Active Directory-based Conditional Access for VPN.
**VPNv2/**ProfileName**/DeviceCompliance/Enabled**
-Added in Windows 10, version 1607. Enables the Device Compliance flow from the client. If marked as True, the VPN Client will attempt to communicate with AAD to get a certificate to use for authentication. The VPN should be set up to use Certificate Auth and the VPN Server must trust the Server returned by Azure Active Directory.
+Added in Windows 10, version 1607. Enables the Device Compliance flow from the client. If marked as True, the VPN Client will attempt to communicate with Azure Active Directory to get a certificate to use for authentication. The VPN should be set up to use Certificate Auth and the VPN Server must trust the Server returned by Azure Active Directory (AAD).
Value type is bool. Supported operations include Get, Add, Replace, and Delete.
diff --git a/windows/client-management/mdm/vpnv2-ddf-file.md b/windows/client-management/mdm/vpnv2-ddf-file.md
index 7ac4734a65..ec744e211f 100644
--- a/windows/client-management/mdm/vpnv2-ddf-file.md
+++ b/windows/client-management/mdm/vpnv2-ddf-file.md
@@ -1,14 +1,13 @@
---
title: VPNv2 DDF file
description: This topic shows the OMA DM device description framework (DDF) for the VPNv2 configuration service provider.
-ms.assetid: 4E2F36B7-D2EE-4F48-AD1A-6BDE7E72CC94
ms.reviewer: pesmith
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 10/30/2020
---
@@ -1403,7 +1402,7 @@ The XML below is for Windows 10, version 2004.
- Nodes under DeviceCompliance can be used to enable AAD based Conditional Access for VPN
+ Nodes under DeviceCompliance can be used to enable Azure Active Directory based Conditional Access for VPN
@@ -1426,7 +1425,7 @@ The XML below is for Windows 10, version 2004.
- Enables the Device Compliance flow from the client. If marked as True, the VPN Client will attempt to communicate with AAD to get a certificate to use for authentication. The VPN should be set up to use Certificate Auth and the VPN Server must trust the Server returned by Azure Active Directory
+ Enables the Device Compliance flow from the client. If marked as True, the VPN Client will attempt to communicate with Azure Active Directory to get a certificate to use for authentication. The VPN should be set up to use Certificate Auth and the VPN Server must trust the Server returned by Azure Active Directory
@@ -3593,7 +3592,7 @@ The XML below is for Windows 10, version 2004.
- Nodes under DeviceCompliance can be used to enable AAD based Conditional Access for VPN
+ Nodes under DeviceCompliance can be used to enable Azure Active Directory based Conditional Access for VPN
@@ -3616,7 +3615,7 @@ The XML below is for Windows 10, version 2004.
- Enables the Device Compliance flow from the client. If marked as True, the VPN Client will attempt to communicate with AAD to get a certificate to use for authentication. The VPN should be set up to use Certificate Auth and the VPN Server must trust the Server returned by Azure Active Directory
+ Enables the Device Compliance flow from the client. If marked as True, the VPN Client will attempt to communicate with Azure Active Directory to get a certificate to use for authentication. The VPN should be set up to use Certificate Auth and the VPN Server must trust the Server returned by Azure Active Directory
diff --git a/windows/client-management/mdm/vpnv2-profile-xsd.md b/windows/client-management/mdm/vpnv2-profile-xsd.md
index d318a8734b..6e67b7102c 100644
--- a/windows/client-management/mdm/vpnv2-profile-xsd.md
+++ b/windows/client-management/mdm/vpnv2-profile-xsd.md
@@ -1,14 +1,13 @@
---
title: ProfileXML XSD
description: Here's the XSD for the ProfileXML node in VPNv2 CSP for Windows 10 and some profile examples.
-ms.assetid: 2F32E14B-F9B9-4760-AE94-E57F1D4DFDB3
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+ms.reviewer:
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 07/14/2020
---
@@ -442,3 +441,7 @@ Here's the XSD for the ProfileXML node in the VPNv2 CSP and VpnManagementAgent::
```
+
+## Related topics
+
+[Configuration service provider reference](configuration-service-provider-reference.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/w4-application-csp.md b/windows/client-management/mdm/w4-application-csp.md
index bb90fb33e2..7bc64259b1 100644
--- a/windows/client-management/mdm/w4-application-csp.md
+++ b/windows/client-management/mdm/w4-application-csp.md
@@ -1,14 +1,13 @@
---
title: w4 APPLICATION CSP
description: Use an APPLICATION configuration service provider (CSP) that has an APPID of w4 to configure Multimedia Messaging Service (MMS).
-ms.assetid: ef42b82a-1f04-49e4-8a48-bd4e439fc43a
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
@@ -20,6 +19,7 @@ The table below shows the applicability of Windows:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -52,7 +52,6 @@ Optional. Specifies a user–readable application identity. This parameter is al
This parameter takes a string value. The possible values to configure the NAME parameter are:
- Character string containing the name.
-
- no value specified
> [!NOTE]
@@ -74,9 +73,7 @@ Required. Specifies the network access point identification name (NAPID) defined
Required. Specifies the address of the MMS application server, as a string. The possible values to configure the ADDR parameter are:
- A Uniform Resource Identifier (URI)
-
- An IPv4 address represented in decimal format with dots as delimiters
-
- A fully qualified Internet domain name
**MS**
diff --git a/windows/client-management/mdm/w7-application-csp.md b/windows/client-management/mdm/w7-application-csp.md
index 3ba0e48d8e..f5dc037820 100644
--- a/windows/client-management/mdm/w7-application-csp.md
+++ b/windows/client-management/mdm/w7-application-csp.md
@@ -1,14 +1,13 @@
---
title: w7 APPLICATION CSP
description: Learn that the APPLICATION configuration service provider (CSP) that has an APPID of w7 is used for bootstrapping a device with an OMA DM account.
-ms.assetid: 10f8aa16-5c89-455d-adcd-d7fb45d4e768
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
@@ -20,6 +19,7 @@ The table below shows the applicability of Windows:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -107,10 +107,8 @@ Optional. The AAUTHTYPE parameter of the APPAUTH characteristic is used to get o
Valid values:
-- BASIC - specifies that the SyncML DM `syncml:auth-basic` authentication type.
-
-- DIGEST - specifies that the SyncML DM `syncml:auth-md5` authentication type.
-
+- BASIC - Specifies that the SyncML DM 'syncml:auth-basic' authentication type.
+- DIGEST - Specifies that the SyncML DM 'syncml:auth-md5' authentication type.
- When AAUTHLEVEL is CLIENT, then AAUTHTYPE must be DIGEST. When AAUTHLEVEL is APPSRV, AAUTHTYPE can be BASIC or DIGEST.
**APPID**
@@ -122,6 +120,7 @@ Optional. The BACKCOMPATRETRYDISABLED parameter is used in the APPLICATION chara
> [!Note]
> This parameter doesn't contain a value. The existence of this parameter means backward compatibility retry is disabled. If the parameter is missing, it means backward compatibility retry is enabled.
+
**CONNRETRYFREQ**
Optional. The CONNRETRYFREQ parameter is used in the APPLICATION characteristic to specify how many retries the DM client performs when there are Connection Manager-level or WinInet-level errors. This parameter takes a numeric value in string format. The default value is “3”. You can set this parameter.
@@ -131,7 +130,6 @@ Optional. The DEFAULTENCODING parameter is used in the APPLICATION characteristi
The valid values are:
- application/vnd.syncml.dm+xml (Default)
-
- application/vnd.syncml.dm+wbxml
**INIT**
@@ -140,6 +138,7 @@ Optional. The INIT parameter is used in the APPLICATION characteristic to indica
> [!Note]
> This node is only for mobile operators and MDM servers that try to use this will fail. This node isn't supported in the enterprise MDM enrollment scenario.
This parameter forces the device to attempt to connect with the OMA DM server. The connection attempt fails if the XML is set during the coldinit phase. A common cause of this failure is that immediately after coldinit is finished the radio isn't yet ready.
+
**INITIALBACKOFFTIME**
Optional. The INITIALBACKOFFTIME parameter is used in the APPLICATION characteristic to specify the initial wait time in milliseconds when the DM client retries for the first time. The wait time grows exponentially. This parameter takes a numeric value in string format. The default value is “16000”. You can get or set this parameter.
@@ -158,7 +157,6 @@ Optional. The PROTOVER parameter is used in the APPLICATION characteristic to sp
Possible values:
- 1.1
-
- 1.2
**PROVIDER-ID**
@@ -174,7 +172,6 @@ Optional. The TO-NAPID parameter is used in the APPLICATION characteristic to sp
Optional. The USEHWDEVID parameter is used in the APPLICATION characteristic to specify use of device hardware identification. It doesn't have a value.
- If the parameter isn't present, the default behavior is to use an application-specific GUID used rather than the hardware device ID.
-
- If the parameter is present, the hardware device ID will be provided at the **./DevInfo/DevID** node and in the Source LocURI for the DM package sent to the server. International Mobile Subscriber Identity (IMEI) is returned for a GSM device.
**SSLCLIENTCERTSEARCHCRITERIA**
@@ -185,12 +182,12 @@ The string is a concatenation of name/value pairs, each member of the pair delim
The supported names are Subject and Stores; wildcard certificate search isn't supported.
Stores specifies which certificate stores the DM client will search to find the SSL client certificate. The valid store value is My%5CUser. The store name isn't case sensitive.
+
+Subject specifies the certificate to search for. For example, to specify that you want a certificate with a particular Subject attribute (“CN=Tester,O=Microsoft”), use the following:
> [!Note]
> `%EF%80%80` is the UTF8-encoded character U+F000.
-Subject specifies the certificate to search for. For example, to specify that you want a certificate with a particular Subject attribute (“CN=Tester,O=Microsoft”), use the following syntax:
-
```xml
diff --git a/windows/client-management/mdm/wifi-csp.md b/windows/client-management/mdm/wifi-csp.md
index e10daf5564..60791f3a53 100644
--- a/windows/client-management/mdm/wifi-csp.md
+++ b/windows/client-management/mdm/wifi-csp.md
@@ -1,14 +1,13 @@
---
title: WiFi CSP
-description: The WiFi configuration service provider (CSP) provides the functionality to add or delete Wi-Fi networks on a Windows device.
-ms.assetid: f927cb5f-9555-4029-838b-03fb68937f06
+description: The WiFi configuration service provider (CSP) provides the functionality to add or delete Wi-Fi networks on a Windows device.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/18/2019
---
@@ -20,6 +19,7 @@ The table below shows the applicability of Windows:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/wifi-ddf-file.md b/windows/client-management/mdm/wifi-ddf-file.md
index cb88b8e71a..3f1d8d46e7 100644
--- a/windows/client-management/mdm/wifi-ddf-file.md
+++ b/windows/client-management/mdm/wifi-ddf-file.md
@@ -1,14 +1,13 @@
---
title: WiFi DDF file
description: Learn about the OMA DM device description framework (DDF) for the WiFi configuration service provider (CSP).
-ms.assetid: 00DE1DA7-23DE-4871-B3F0-28EB29A62D61
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/28/2018
---
diff --git a/windows/client-management/mdm/win32-and-centennial-app-policy-configuration.md b/windows/client-management/mdm/win32-and-centennial-app-policy-configuration.md
index f822a664d9..824f17444b 100644
--- a/windows/client-management/mdm/win32-and-centennial-app-policy-configuration.md
+++ b/windows/client-management/mdm/win32-and-centennial-app-policy-configuration.md
@@ -1,14 +1,14 @@
---
title: Win32 and Desktop Bridge app ADMX policy Ingestion
description: Starting in Windows 10, version 1703, you can ingest ADMX files and set those ADMX policies for Win32 and Desktop Bridge apps.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 03/23/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Win32 and Desktop Bridge app ADMX policy Ingestion
diff --git a/windows/client-management/mdm/win32appinventory-csp.md b/windows/client-management/mdm/win32appinventory-csp.md
index bc34d7b38d..82a4e341dd 100644
--- a/windows/client-management/mdm/win32appinventory-csp.md
+++ b/windows/client-management/mdm/win32appinventory-csp.md
@@ -1,14 +1,13 @@
---
title: Win32AppInventory CSP
description: Learn how the Win32AppInventory configuration service provider (CSP) is used to provide an inventory of installed applications on a device.
-ms.assetid: C0DEDD51-4EAD-4F8E-AEE2-CBE9658BCA22
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
@@ -20,6 +19,7 @@ The table below shows the applicability of Windows:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/win32appinventory-ddf-file.md b/windows/client-management/mdm/win32appinventory-ddf-file.md
index 0f56a61d98..9cd08b73e2 100644
--- a/windows/client-management/mdm/win32appinventory-ddf-file.md
+++ b/windows/client-management/mdm/win32appinventory-ddf-file.md
@@ -1,14 +1,13 @@
---
title: Win32AppInventory DDF file
description: Learn about the OMA DM device description framework (DDF) for the Win32AppInventory configuration service provider (CSP).
-ms.assetid: F6BCC10B-BFE4-40AB-AEEE-34679A4E15B0
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/win32compatibilityappraiser-csp.md b/windows/client-management/mdm/win32compatibilityappraiser-csp.md
index b3a8915e7f..816e68336d 100644
--- a/windows/client-management/mdm/win32compatibilityappraiser-csp.md
+++ b/windows/client-management/mdm/win32compatibilityappraiser-csp.md
@@ -1,14 +1,14 @@
---
title: Win32CompatibilityAppraiser CSP
description: Learn how the Win32CompatibilityAppraiser configuration service provider enables the IT admin to query the current status of the Appraiser and UTC telemetry health.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 07/19/2018
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Win32CompatibilityAppraiser CSP
@@ -19,6 +19,7 @@ The table below shows the applicability of Windows:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
@@ -160,7 +161,7 @@ Value type is bool.
Supported operation is Get.
**UniversalTelemetryClient/UtcConfigurationDiagnosis/MsaServiceEnabled**
-A boolean value representing whether the MSA service is enabled. This service must be enabled for UTC data to be indexed with Global Device IDs.
+A boolean value representing whether the Microsoft account service is enabled. This service must be enabled for UTC data to be indexed with Global Device IDs.
Value type is bool.
diff --git a/windows/client-management/mdm/win32compatibilityappraiser-ddf.md b/windows/client-management/mdm/win32compatibilityappraiser-ddf.md
index 057c668a74..56b7cbd8ed 100644
--- a/windows/client-management/mdm/win32compatibilityappraiser-ddf.md
+++ b/windows/client-management/mdm/win32compatibilityappraiser-ddf.md
@@ -1,14 +1,14 @@
---
title: Win32CompatibilityAppraiser DDF file
description: Learn about the XML file containing the device description framework for the Win32CompatibilityAppraiser configuration service provider.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 07/19/2018
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Win32CompatibilityAppraiser DDF file
diff --git a/windows/client-management/mdm/windows-mdm-enterprise-settings.md b/windows/client-management/mdm/windows-mdm-enterprise-settings.md
index d9ef683424..0c7b48f2a8 100644
--- a/windows/client-management/mdm/windows-mdm-enterprise-settings.md
+++ b/windows/client-management/mdm/windows-mdm-enterprise-settings.md
@@ -1,17 +1,16 @@
---
title: Enterprise settings, policies, and app management
description: The DM client manages the interaction between a device and a server. Learn more about the client-server management workflow.
-MS-HAID:
-- 'p\_phdevicemgmt.enterprise\_settings\_\_policies\_\_and\_app\_management'
-- 'p\_phDeviceMgmt.windows\_mdm\_enterprise\_settings'
-ms.assetid: 92711D65-3022-4789-924B-602BE3187E23
+MS-HAID:
+ - 'p\_phdevicemgmt.enterprise\_settings\_\_policies\_\_and\_app\_management'
+ - 'p\_phDeviceMgmt.windows\_mdm\_enterprise\_settings'
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md b/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md
index c9940fce4d..48b0ea237e 100644
--- a/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md
+++ b/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md
@@ -1,14 +1,13 @@
---
title: WindowsAdvancedThreatProtection CSP
description: The Windows Defender Advanced Threat Protection (WDATP) CSP allows IT Admins to onboard, determine configuration and health status, and offboard endpoints for WDATP.
-ms.assetid: 6C3054CA-9890-4C08-9DB6-FBEEB74699A8
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 11/01/2017
---
@@ -20,6 +19,7 @@ The table below shows the applicability of Windows:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md b/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md
index 044557e1f2..cddb4f73e0 100644
--- a/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md
+++ b/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md
@@ -3,12 +3,12 @@ title: WindowsAdvancedThreatProtection DDF file
description: Learn about the OMA DM device description framework (DDF) for the WindowsAdvancedThreatProtection configuration service provider (CSP).
ms.assetid: 0C62A790-4351-48AF-89FD-7D46C42D13E0
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/windowsautopilot-csp.md b/windows/client-management/mdm/windowsautopilot-csp.md
index 8a39f5ec42..b50630eea2 100644
--- a/windows/client-management/mdm/windowsautopilot-csp.md
+++ b/windows/client-management/mdm/windowsautopilot-csp.md
@@ -1,14 +1,13 @@
---
title: WindowsAutopilot CSP
description: Learn how without the ability to mark a device as remediation required, the device will remain in a broken state, which results in security and privacy concerns in Autopilot.
-ms.assetid: E6BC6B0D-1F16-48A5-9AC4-76D69A7EDDA6
ms.reviewer:
-manager: dansimp
-ms.author: v-nsatapathy
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 05/09/2022
---
@@ -20,22 +19,26 @@ The table below shows the applicability of Windows:
|--- |--- |--- |
|Home|No|No|
|Pro|No|Yes|
+|Windows SE|No|Yes|
|Business|No|Yes|
|Enterprise|No|Yes|
|Education|No|Yes|
> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+> Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
The WindowsAutopilot CSP exposes Windows Autopilot related device information. The WindowsAutopilot CSP collects hardware information about a device and formats it into a BLOB. This BLOB is used as input for calling Windows Autopilot Service to mark a device as remediation required if the device underwent a hardware change that affects its ability to use Windows Autopilot.
**./Vendor/MSFT/WindowsAutopilot**
-Root node. Supported operation is Get.
+Root node for the WindowsAutopilot configuration service provider.
+Supported operation is Get.
**HardwareMismatchRemediationData**
-Interior node. Supported operation is Get. Collects hardware information about a device and returns it as an encoded string. This string is used as input for calling Windows Autopilot Service to remediate a device if the device underwent a hardware change that affects its ability to use Windows Autopilot.
+Interior node for the HardwareMismatchRemediationData configuration service provider. Collects hardware information about a device and returns it as an encoded string. This string is used as input for calling Windows Autopilot Service to remediate a device if the device underwent a hardware change that affects its ability to use Windows Autopilot.
+
+Supported operation is Get.
## Related topics
diff --git a/windows/client-management/mdm/windowsautopilot-ddf-file.md b/windows/client-management/mdm/windowsautopilot-ddf-file.md
index d6f71e89a4..dfc52ce96c 100644
--- a/windows/client-management/mdm/windowsautopilot-ddf-file.md
+++ b/windows/client-management/mdm/windowsautopilot-ddf-file.md
@@ -1,14 +1,14 @@
---
title: WindowsAutopilot DDF file
description: Learn how without the ability to mark a device as remediation required, the device will remain in a broken state, for the WindowsAutopilot DDF file configuration service provider (CSP) .
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 02/07/2022
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# WindowsAutopilot DDF file
diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
index 10551772c3..e8c9563d43 100644
--- a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
+++ b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
@@ -1,14 +1,14 @@
---
title: WindowsDefenderApplicationGuard CSP
description: Configure the settings in Microsoft Defender Application Guard by using the WindowsDefenderApplicationGuard configuration service provider (CSP).
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 11/02/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# WindowsDefenderApplicationGuard CSP
@@ -19,6 +19,7 @@ The table below shows the applicability of Windows:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
+|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md b/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md
index d910c1b600..c49a7214d2 100644
--- a/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md
+++ b/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md
@@ -1,14 +1,14 @@
---
title: WindowsDefenderApplicationGuard DDF file
description: Learn about the OMA DM device description framework (DDF) for the WindowsDefenderApplicationGuard DDF file configuration service provider (CSP).
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/10/2018
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# WindowsDefenderApplicationGuard DDF file
diff --git a/windows/client-management/mdm/windowslicensing-csp.md b/windows/client-management/mdm/windowslicensing-csp.md
index bf35fddf2f..f120a8272e 100644
--- a/windows/client-management/mdm/windowslicensing-csp.md
+++ b/windows/client-management/mdm/windowslicensing-csp.md
@@ -1,14 +1,13 @@
---
title: WindowsLicensing CSP
description: Learn how the WindowsLicensing configuration service provider (CSP) is designed for licensing related management scenarios.
-ms.assetid: E6BC6B0D-1F16-48A5-9AC4-76D69A7EDDA6
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 08/15/2018
---
@@ -20,6 +19,7 @@ The table below shows the applicability of Windows:
|--- |--- |--- |
|Home|Yes|Yes|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/windowslicensing-ddf-file.md b/windows/client-management/mdm/windowslicensing-ddf-file.md
index bdce69a6f7..6ebeec7c74 100644
--- a/windows/client-management/mdm/windowslicensing-ddf-file.md
+++ b/windows/client-management/mdm/windowslicensing-ddf-file.md
@@ -1,14 +1,13 @@
---
title: WindowsLicensing DDF file
description: Learn about the OMA DM device description framework (DDF) for the WindowsLicensing configuration service provider (CSP).
-ms.assetid: 2A24C922-A167-4CEE-8F74-08E7453800D2
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 07/16/2017
---
diff --git a/windows/client-management/mdm/wirednetwork-csp.md b/windows/client-management/mdm/wirednetwork-csp.md
index f3ba7e9ad2..dd76d25d3e 100644
--- a/windows/client-management/mdm/wirednetwork-csp.md
+++ b/windows/client-management/mdm/wirednetwork-csp.md
@@ -1,14 +1,14 @@
---
title: WiredNetwork CSP
description: The WiredNetwork configuration service provider (CSP) is used by the enterprise to configure wired Internet on devices that don't have GP. Learn how it works.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/27/2018
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# WiredNetwork CSP
@@ -19,6 +19,7 @@ The table below shows the applicability of Windows:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
+|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/wirednetwork-ddf-file.md b/windows/client-management/mdm/wirednetwork-ddf-file.md
index f527c65745..9d071d2ad5 100644
--- a/windows/client-management/mdm/wirednetwork-ddf-file.md
+++ b/windows/client-management/mdm/wirednetwork-ddf-file.md
@@ -1,14 +1,14 @@
---
title: WiredNetwork DDF file
-description: This topic shows the OMA DM device description framework (DDF) for the WiredNetwork configuration service provider.
-ms.author: dansimp
+description: This topic shows the OMA DM device description framework (DDF) for the WiredNetwork configuration service provider.
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/28/2018
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# WiredNetwork DDF file
diff --git a/windows/client-management/mdm/wmi-providers-supported-in-windows.md b/windows/client-management/mdm/wmi-providers-supported-in-windows.md
index c968865ad0..3026a02d56 100644
--- a/windows/client-management/mdm/wmi-providers-supported-in-windows.md
+++ b/windows/client-management/mdm/wmi-providers-supported-in-windows.md
@@ -1,17 +1,16 @@
---
title: WMI providers supported in Windows 10
description: Manage settings and applications on devices that subscribe to the Mobile Device Management (MDM) service with Windows Management Infrastructure (WMI).
-MS-HAID:
-- 'p\_phdevicemgmt.wmi\_providers\_supported\_in\_windows\_10\_technical\_preview'
-- 'p\_phDeviceMgmt.wmi\_providers\_supported\_in\_windows'
-ms.assetid: 7D533044-AAD7-4B8F-B71B-9D52C15A168A
+MS-HAID:
+ - 'p\_phdevicemgmt.wmi\_providers\_supported\_in\_windows\_10\_technical\_preview'
+ - 'p\_phDeviceMgmt.wmi\_providers\_supported\_in\_windows'
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/new-policies-for-windows-10.md b/windows/client-management/new-policies-for-windows-10.md
index 79a75c3f90..5bc9aad966 100644
--- a/windows/client-management/new-policies-for-windows-10.md
+++ b/windows/client-management/new-policies-for-windows-10.md
@@ -1,15 +1,11 @@
---
title: New policies for Windows 10 (Windows 10)
description: Learn how Windows 10 includes new policies for management, like Group Policy settings for the Windows system and components.
-ms.assetid: 1F24ABD8-A57A-45EA-BA54-2DA2238C573D
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
-keywords: ["MDM", "Group Policy", "GP"]
+manager: aaroncz
+ms.author: vinpa
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/15/2021
ms.topic: reference
@@ -270,7 +266,7 @@ The following Group Policy settings were added in Windows 10, version 1803:
- Windows Components\IME\Turn on Live Sticker
- Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection\Do not allow video capture redirection
- Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\Use hardware graphics adapters for all Remote Desktop Services sessions
-- Windows Components\Search\Allow Cortana Page in OOBE on an AAD account
+- Windows Components\Search\Allow Cortana Page in OOBE on an Azure Active Directory account
- Windows Components\Store\Disable all apps from Microsoft Store
- Windows Components\Text Input\Allow Uninstallation of Language Features
- Windows Components\Text Input\Improve inking and typing recognition
@@ -311,7 +307,7 @@ The following Group Policy settings were added in Windows 10, version 1709:
- Windows Components\Data Collection and Preview Builds\Limit Enhanced diagnostic data to the minimum required by Windows Analytics
- Windows Components\Handwriting\Handwriting Panel Default Mode Docked
- Windows Components\Internet Explorer\Internet Settings\Advanced settings\Browsing\Hide the button (next to the New Tab button) that opens Microsoft Edge
-- Windows Components\MDM\Auto MDM Enrollment with AAD Token
+- Windows Components\MDM\Auto MDM Enrollment with Azure Active Directory Token
- Windows Components\Messaging\Allow Message Service Cloud Sync
- Windows Components\Microsoft Edge\Always show the Books Library in Microsoft Edge
- Windows Components\Microsoft Edge\Provision Favorites
diff --git a/windows/client-management/quick-assist.md b/windows/client-management/quick-assist.md
index 120ac4d165..0b4918cbd6 100644
--- a/windows/client-management/quick-assist.md
+++ b/windows/client-management/quick-assist.md
@@ -1,30 +1,32 @@
---
title: Use Quick Assist to help users
-description: How IT Pros can use Quick Assist to help users
+description: How IT Pros can use Quick Assist to help users.
ms.prod: w10
-ms.sitesec: library
ms.topic: article
-author: aczechowski
+ms.technology: windows
ms.localizationpriority: medium
-ms.author: aaroncz
-manager: dougeby
+author: vinaypamnani-msft
+ms.author: vinpa
+manager: aaroncz
+ms.reviewer: pmadrigal
ms.collection: highpri
+ms.date: 08/26/2022
---
# Use Quick Assist to help users
-Quick Assist is a Windows application that enables a person to share their device with another person over a remote connection. Your support staff can use it to remotely connect to a user’s device and then view its display, make annotations, or take full control. In this way, they can troubleshoot, diagnose technological issues, and provide instructions to users directly on their devices.
+Quick Assist is a Microsoft Store application that enables a person to share their device with another person over a remote connection. Your support staff can use it to remotely connect to a user's device and then view its display, make annotations, or take full control. In this way, they can troubleshoot, diagnose technological issues, and provide instructions to users directly on their devices.
## Before you begin
-All that's required to use Quick Assist is suitable network and internet connectivity. No particular roles, permissions, or policies are involved. Neither party needs to be in a domain. The helper must have a Microsoft account. The sharer doesn’t have to authenticate.
+All that's required to use Quick Assist is suitable network and internet connectivity. No roles, permissions, or policies are involved. Neither party needs to be in a domain. The helper must have a Microsoft account. The sharer doesn't have to authenticate.
> [!NOTE]
> In case the helper and sharer use different keyboard layouts or mouse settings, the ones from the sharer are used during the session.
### Authentication
-The helper can authenticate when they sign in by using a Microsoft Account (MSA) or Azure Active Directory. Local Active Directory authentication is not supported at this time.
+The helper can authenticate when they sign in by using a Microsoft account (MSA) or Azure Active Directory (Azure AD). Local Active Directory authentication isn't currently supported.
### Network considerations
@@ -32,24 +34,32 @@ Quick Assist communicates over port 443 (https) and connects to the Remote Assis
Both the helper and sharer must be able to reach these endpoints over port 443:
-| Domain/Name | Description |
-|-----------------------------------|-------------------------------------------------------|
-| \*.support.services.microsoft.com | Primary endpoint used for Quick Assist application |
-| \*.resources.lync.com | Required for the Skype framework used by Quick Assist |
-| \*.infra.lync.com | Required for the Skype framework used by Quick Assist |
-| \*.latest-swx.cdn.skype.com | Required for the Skype framework used by Quick Assist |
-| \*.login.microsoftonline.com | Required for logging in to the application (MSA) |
-| \*.channelwebsdks.azureedge.net | Used for chat services within Quick Assist |
-| \*.aria.microsoft.com | Used for accessibility features within the app |
-| \*.api.support.microsoft.com | API access for Quick Assist |
-| \*.vortex.data.microsoft.com | Used for diagnostic data |
-| \*.channelservices.microsoft.com | Required for chat services within Quick Assist |
+| Domain/Name | Description |
+|--|--|
+| `*.api.support.microsoft.com` | API access for Quick Assist |
+| `*.aria.microsoft.com` | Used for accessibility features within the app |
+| `*.cc.skype.com` | Azure Communication Service for chat and connection between parties |
+| `*.channelservices.microsoft.com` | Required for chat services within Quick Assist |
+| `*.channelwebsdks.azureedge.net` | Used for chat services within Quick Assist |
+| `*.edgeassetservice.azureedge.net` | Used for diagnostic data |
+| `*.flightproxy.skype.com` | Azure Communication Service for chat and connection between parties |
+| `*.login.microsoftonline.com` | Required for logging in to the application (Microsoft account) |
+| `*.monitor.azure.com` | Service Performance Monitoring |
+| `*.registrar.skype.com` | Azure Communication Service for chat and connection between parties. |
+| `*.remoteassistanceprodacs.communication.azure.com` | Azure Communication Services (ACS) technology the Quick Assist app uses. |
+| `*.support.services.microsoft.com` | Primary endpoint used for Quick Assist application |
+| `*.trouter.skype.com` | Azure Communication Service for chat and connection between parties. |
+| `*.turn.azure.com` | Protocol used to help endpoint. |
+| `*.vortex.data.microsoft.com` | Used for diagnostic data |
+| `browser.pipe.aria.microsoft.com` | Required diagnostic data for client and services used by Quick Assist. |
+| `edge.skype.com` | Azure Communication Service for chat and connection between parties. |
+| `events.data.microsoft.com` | Required diagnostic data for client and services used by Quick Assist. |
## How it works
1. Both the helper and the sharer start Quick Assist.
-2. The helper selects **Assist another person**. Quick Assist on the helper's side contacts the Remote Assistance Service to obtain a session code. An RCC chat session is established and the helper's Quick Assist instance joins it. The helper then provides the code to the sharer.
+2. The helper selects **Assist another person**. Quick Assist on the helper's side contacts the Remote Assistance Service to obtain a session code. An RCC chat session is established, and the helper's Quick Assist instance joins it. The helper then provides the code to the sharer.
3. After the sharer enters the code in their Quick Assist app, Quick Assist uses that code to contact the Remote Assistance Service and join that specific session. The sharer's Quick Assist instance joins the RCC chat session.
@@ -73,9 +83,9 @@ Microsoft logs a small amount of session data to monitor the health of the Quick
- Features used inside the app such as view only, annotation, and session pause
-No logs are created on either the helper’s or sharer’s device. Microsoft cannot access a session or view any actions or keystrokes that occur in the session.
+No logs are created on either the helper's or sharer's device. Microsoft can't access a session or view any actions or keystrokes that occur in the session.
-The sharer sees only an abbreviated version of the helper’s name (first name, last initial) and no other information about them. Microsoft does not store any data about either the sharer or the helper for longer than three days.
+The sharer sees only an abbreviated version of the helper's name (first name, last initial) and no other information about them. Microsoft doesn't store any data about either the sharer or the helper for longer than three days.
In some scenarios, the helper does require the sharer to respond to application permission prompts (User Account Control), but otherwise the helper has the same permissions as the sharer on the device.
@@ -83,43 +93,69 @@ In some scenarios, the helper does require the sharer to respond to application
Either the support staff or a user can start a Quick Assist session.
-
-1. Support staff (“helper”) starts Quick Assist in any of a few ways:
+1. Support staff ("helper") starts Quick Assist in any of a few ways:
- Type *Quick Assist* in the search box and press ENTER.
- - From the Start menu, select **Windows Accessories**, and then select **Quick Assist**.
- - Type CTRL+Windows+Q
+ - Press **CTRL** + **Windows** + **Q**
+ - For **Windows 10** users, from the Start menu, select **Windows Accessories**, and then choose **Quick Assist**.
+ - For **Windows 11** users, from the Start menu, select **All Apps**, **Windows Tools**, and then choose **Quick Assist**.
-2. In the **Give assistance** section, helper selects **Assist another person**. The helper might be asked to choose their account or sign in. Quick Assist generates a time-limited security code.
+2. In the **Give assistance** section, the helper selects **Assist another person**. The helper might be asked to choose their account or sign in. Quick Assist generates a time-limited security code.
3. Helper shares the security code with the user over the phone or with a messaging system.
-4. Quick Assist opens on the sharer’s device. The user enters the provided code in the **Code from assistant** box, and then selects **Share screen**.
+4. Quick Assist opens on the sharer's device. The user enters the provided code in the **Code from assistant** box, and then selects **Share screen**.
-5. The helper receives a dialog offering the opportunity to take full control of the device or just view its screen. After choosing, the helper selects **Continue**.
+5. The helper receives a dialog offering the opportunity to take full control of the device or just view its screen. After they choose an option, the helper selects **Continue**.
6. The sharer receives a dialog asking for permission to show their screen or allow access. The sharer gives permission by selecting the **Allow** button.
-## If Quick Assist is missing
+## Install Quick Assist
-If for some reason a user doesn't have Quick Assist on their system or it's not working properly, they might need to uninstall and reinstall it.
+### Install Quick Assist from the Microsoft Store
-### Uninstall Quick Assist
+1. Download the new version of Quick Assist by visiting the [Microsoft Store](https://apps.microsoft.com/store/detail/quick-assist/9P7BP5VNWKX5).
+1. In the Microsoft Store, select **Get in Store app**. Then, give permission to install Quick Assist. When the installation is complete, you'll see **Get** change to **Open**. :::image type="content" source="images/quick-assist-get.png" lightbox="images/quick-assist-get.png" alt-text="Microsoft Store window showing the Quick Assist app with a button labeled get in the bottom right corner.":::
-1. Start the Settings app, and then select **Apps**.
-2. Select **Optional features**.
-3. In the **Installed features** search bar, type *Quick Assist*.
-4. Select **Microsoft Quick Assist**, and then select **Uninstall**.
+For more information, visit [Install Quick Assist](https://support.microsoft.com/windows/install-quick-assist-c17479b7-a49d-4d12-938c-dbfb97c88bca).
-### Reinstall Quick Assist
+### Install Quick Assist with Intune
-1. Start the Settings app, and then select **Apps**.
-2. Select **Optional features**.
-3. Select **Add a feature**.
-4. In the new dialog that opens, in the **Add an optional feature** search bar, type *Quick Assist*.
-5. Select the check box for **Microsoft Quick Assist**, and then select **Install**.
-6. Restart the device.
+Before installing Quick Assist, you'll need to set up synchronization between Intune and Microsoft Store for Business. If you've already set up sync, log into [Microsoft Store for Business](https://businessstore.microsoft.com) and skip to step 5.
+
+1. Go to [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com/) and navigate to **Tenant administration** / **Connectors and tokens** / **Microsoft Store for Business** and verify that **Microsoft Store for Business sync** is set to **Enable**.
+1. Using your Global Admin account, log into [Microsoft Store for Business](https://businessstore.microsoft.com).
+1. Select **Manage** / **Settings** and turn on **Show offline apps**.
+1. Choose the **Distribute** tab and verify that **Microsoft Intune** is **Active**. You may need to use the **+Add management tool** link if it's not.
+1. Search for **Quick Assist** and select it from the Search results.
+1. Choose the **Offline** license and select **Get the app**
+1. From the Intune portal (Endpoint Manager admin center) choose **Sync**.
+1. Navigate to **Apps** / **Windows** and you should see **Quick Assist (Offline)** in the list.
+1. Select it to view its properties. By default, the app won't be assigned to anyone or any devices, select the **Edit** link.
+1. Assign the app to the required group of devices and choose **Review + save** to complete the application install.
+
+> [!NOTE]
+> Assigning the app to a device or group of devices instead of a user is important because it's the only way to install a store app in device context.
+
+Visit [Add Microsoft Store apps to Microsoft Intune](/mem/intune/apps/store-apps-windows) for more information.
+
+### Install Quick Assist Offline
+
+To install Quick Assist offline, you'll need to download your APPXBUNDLE and unencoded XML file from [Microsoft Store for Business](https://businessstore.microsoft.com). Visit [Download an offline-licensed app](/microsoft-store/distribute-offline-apps#download-an-offline-licensed-app) for more information.
+
+1. Start **Windows PowerShell** with Administrative privileges.
+1. In PowerShell, change the directory to the location you've saved the file to in step 1. (CD <*location of package file*>)
+1. Run the following command to install Quick Assist: *Add-appxprovisionedpackage -online -PackagePath "MicrosoftCorporationII.QuickAssist_2022.509.2259.0_neutral___8wekyb3d8bbwe.AppxBundle" -LicensePath "MicrosoftCorporationII.QuickAssist_8wekyb3d8bbwe_4bc27046-84c5-8679-dcc7-d44c77a47dd0.xml"*
+1. After Quick Assist has installed, run this command: _Get-appxpackage \*QuickAssist* -alluser_
+
+After running the command, you'll see Quick Assist 2.X is installed for the user.
+
+## Microsoft Edge WebView2
+
+The Microsoft Edge WebView2 is a development control that uses Microsoft Edge as the rendering engine to display web content in native apps. The new Quick Assist app is written using this control and is required. For Windows 11 users, this runtime control is built in. For Windows 10 users, the Quick Assist Store app will detect if WebView2 is present on launch and if necessary, it will be installed automatically. If an error message or prompt is shown indicating WebView2 isn't present, it will need to be installed separately.
+
+For more information on distributing and installing Microsoft Edge WebView2, visit [Distribute your app and the WebView2 Runtime](/microsoft-edge/webview2/concepts/distribution)
## Next steps
-If you have any problems, questions, or suggestions for Quick Assist, contact us by using the [Feedback Hub app](https://www.microsoft.com/p/feedback-hub/9nblggh4r32n?SilentAuth=1&wa=wsignin1.0&rtc=1#activetab=pivot:overviewtab).
+If you have any problems, questions, or suggestions for Quick Assist, contact us by using the [Feedback Hub app](https://support.microsoft.com/windows/send-feedback-to-microsoft-with-the-feedback-hub-app-f59187f8-8739-22d6-ba93-f66612949332).
diff --git a/windows/client-management/system-failure-recovery-options.md b/windows/client-management/system-failure-recovery-options.md
index 777b9fa6ec..354b49fbea 100644
--- a/windows/client-management/system-failure-recovery-options.md
+++ b/windows/client-management/system-failure-recovery-options.md
@@ -2,12 +2,11 @@
title: Configure system failure and recovery options in Windows
description: Learn how to configure the actions that Windows takes when a system error occurs and what the recovery options are.
ms.prod: w10
-ms.sitesec: library
ms.topic: troubleshooting
author: Deland-Han
ms.localizationpriority: medium
ms.author: delhan
-ms.date: 8/22/2019
+ms.date: 07/12/2022
ms.reviewer: dcscontentpm
manager: dansimp
---
@@ -184,6 +183,63 @@ To specify that you don't want to overwrite any previous kernel or complete memo
- Set the **Overwrite** DWORD value to **0**.
+#### Automatic Memory Dump
+
+This is the default option. An Automatic Memory Dump contains the same information as a Kernel Memory Dump. The difference between the two is in the way that Windows sets the size of the system paging file. If the system paging file size is set to **System managed size**, and the kernel-mode crash dump is set to **Automatic Memory Dump**, then Windows can set the size of the paging file to less than the size of RAM. In this case, Windows sets the size of the paging file large enough to ensure that a kernel memory dump can be captured most of the time.
+
+If the computer crashes and the paging file is not large enough to capture a kernel memory dump, Windows increases the size of the paging file to at least the size of RAM. For more information, see [Automatic Memory Dump](/windows-hardware/drivers/debugger/automatic-memory-dump).
+
+To specify that you want to use an automatic memory dump file, run the following command or modify the registry value:
+
+- ```cmd
+ wmic recoveros set DebugInfoType = 7
+ ```
+
+- Set the **CrashDumpEnabled** DWORD value to **7**.
+
+To specify that you want to use a file as your memory dump file, run the following command or modify the registry value:
+
+- ```cmd
+ wmic recoveros set DebugFilePath =
+ ```
+
+- Set the **DumpFile** Expandable String Value to \.
+
+To specify that you don't want to overwrite any previous kernel or complete memory dump files, run the following command or modify the registry value:
+
+- ```cmd
+ wmic recoveros set OverwriteExistingDebugFile = 0
+ ```
+
+- Set the **Overwrite** DWORD value to **0**.
+
+#### Active Memory Dump
+
+An Active Memory Dump is similar to a Complete Memory Dump, but it filters out pages that are not likely to be relevant to troubleshooting problems on the host machine. Because of this filtering, it is typically significantly smaller than a Complete Memory Dump.
+
+This dump file includes any memory allocated to user-mode applications. It also includes memory allocated to the Windows kernel and hardware abstraction layer, as well as memory allocated to kernel-mode drivers and other kernel-mode programs. The dump includes active pages mapped into the kernel or user space that are useful for debugging, as well as selected Pagefile-backed Transition, Standby, and Modified pages such as the memory allocated with VirtualAlloc or page-file-backed sections. Active dumps do not include pages on the free and zeroed lists, the file cache, guest VM pages, and various other types of memory that are not likely to be useful during debugging. For more information, see [Active Memory Dump](/windows-hardware/drivers/debugger/active-memory-dump).
+
+To specify that you want to use an active memory dump file, modify the registry value:
+
+- Set the **CrashDumpEnabled** DWORD value to **1**.
+- Set the **FilterPages** DWORD value to **1**.
+
+To specify that you want to use a file as your memory dump file, run the following command or modify the registry value:
+
+- ```cmd
+ wmic recoveros set DebugFilePath =
+ ```
+
+- Set the DumpFile Expandable String Value to \.
+
+To specify that you don't want to overwrite any previous kernel or complete memory dump files, run the following command or modify the registry value:
+
+- ```cmd
+ wmic recoveros set OverwriteExistingDebugFile = 0
+ ```
+
+- Set the **Overwrite** DWORD value to **0**.
+
>[!Note]
>If you contact Microsoft Support about a Stop error, you might be asked for the memory dump file that is generated by the Write Debugging Information option.
@@ -192,6 +248,7 @@ To view system failure and recovery settings for your local computer, type **wmi
>[!Note]
>To successfully use these Wmic.exe command line examples, you must be logged on by using a user account that has administrative rights on the computer. If you are not logged on by using a user account that has administrative rights on the computer, use the **/user:user_name** and **/password:password** switches.
+
### Tips
- To take advantage of the dump file feature, your paging file must be on the boot volume. If you've moved the paging file to another volume, you must move it back to the boot volume before you use this feature.
@@ -202,4 +259,4 @@ To view system failure and recovery settings for your local computer, type **wmi
## References
-[Varieties of Kernel-Mode Dump Files](/windows-hardware/drivers/debugger/varieties-of-kernel-mode-dump-files)
\ No newline at end of file
+[Varieties of Kernel-Mode Dump Files](/windows-hardware/drivers/debugger/varieties-of-kernel-mode-dump-files)
diff --git a/windows/client-management/toc.yml b/windows/client-management/toc.yml
index 92e5722e04..d856948d89 100644
--- a/windows/client-management/toc.yml
+++ b/windows/client-management/toc.yml
@@ -1,7 +1,7 @@
items:
- name: Windows client management
href: index.yml
- items:
+ items:
- name: Client management tools and settings
items:
- name: Windows Tools/Administrative Tools
@@ -29,30 +29,30 @@ items:
- name: Windows libraries
href: windows-libraries.md
- name: Mobile device management (MDM)
- items:
- - name: Mobile Device Management
- href: mdm/index.md
+ items:
+ - name: Mobile Device Management
+ href: mdm/index.yml
- name: Configuration Service Provider (CSP)
- items:
- - name: CSP reference
+ items:
+ - name: CSP reference
href: mdm/configuration-service-provider-reference.md
- name: Troubleshoot Windows clients
- items:
- - name: Windows 10 support solutions
+ items:
+ - name: Windows 10 support solutions
href: windows-10-support-solutions.md
- name: Advanced troubleshooting for Windows networking
href: troubleshoot-networking.md
- items:
+ items:
- name: Advanced troubleshooting Wireless network connectivity
href: advanced-troubleshooting-wireless-network-connectivity.md
- name: Advanced troubleshooting 802.1X authentication
href: advanced-troubleshooting-802-authentication.md
- items:
+ items:
- name: Data collection for troubleshooting 802.1X authentication
href: data-collection-for-802-authentication.md
- name: Advanced troubleshooting for TCP/IP
href: troubleshoot-tcpip.md
- items:
+ items:
- name: Collect data using Network Monitor
href: troubleshoot-tcpip-netmon.md
- name: "Part 1: TCP/IP performance overview"
@@ -60,7 +60,7 @@ items:
- name: "Part 2: TCP/IP performance underlying network issues"
href: /troubleshoot/windows-server/networking/troubleshooting-tcpip-performance-underlying-network
- name: "Part 3: TCP/IP performance known issues"
- href: /troubleshoot/windows-server/networking/tcpip-performance-known-issues
+ href: /troubleshoot/windows-server/networking/tcpip-performance-known-issues
- name: Troubleshoot TCP/IP connectivity
href: troubleshoot-tcpip-connectivity.md
- name: Troubleshoot port exhaustion
@@ -69,7 +69,7 @@ items:
href: troubleshoot-tcpip-rpc-errors.md
- name: Advanced troubleshooting for Windows startup
href: troubleshoot-windows-startup.md
- items:
+ items:
- name: How to determine the appropriate page file size for 64-bit versions of Windows
href: determine-appropriate-page-file-size.md
- name: Generate a kernel or complete crash dump
diff --git a/windows/client-management/troubleshoot-event-id-41-restart.md b/windows/client-management/troubleshoot-event-id-41-restart.md
index 48678bf786..07b7e3a9ca 100644
--- a/windows/client-management/troubleshoot-event-id-41-restart.md
+++ b/windows/client-management/troubleshoot-event-id-41-restart.md
@@ -11,7 +11,6 @@ ms.custom:
- CSSTroubleshooting
audience: ITPro
ms.localizationpriority: medium
-keywords: event id 41, reboot, restart, stop error, bug check code
manager: kaushika
ms.collection: highpri
---
diff --git a/windows/client-management/troubleshoot-inaccessible-boot-device.md b/windows/client-management/troubleshoot-inaccessible-boot-device.md
index 3437793da8..0871f37f71 100644
--- a/windows/client-management/troubleshoot-inaccessible-boot-device.md
+++ b/windows/client-management/troubleshoot-inaccessible-boot-device.md
@@ -2,8 +2,6 @@
title: Advanced advice for Stop error 7B, Inaccessible_Boot_Device
description: Learn how to troubleshoot Stop error 7B or Inaccessible_Boot_Device. This error might occur after some changes are made to the computer,
ms.prod: w10
-ms.mktglfcycl:
-ms.sitesec: library
ms.topic: troubleshooting
author: dansimp
ms.localizationpriority: medium
diff --git a/windows/client-management/troubleshoot-networking.md b/windows/client-management/troubleshoot-networking.md
index 3f28ccd47b..cf2bc78b5b 100644
--- a/windows/client-management/troubleshoot-networking.md
+++ b/windows/client-management/troubleshoot-networking.md
@@ -4,7 +4,6 @@ ms.reviewer:
manager: dansimp
description: Learn about the topics that are available to help you troubleshoot common problems related to Windows networking.
ms.prod: w10
-ms.sitesec: library
ms.topic: troubleshooting
author: dansimp
ms.localizationpriority: medium
@@ -28,9 +27,9 @@ The following topics are available to help you troubleshoot common problems rela
[802.1X authenticated wired access overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831831(v=ws.11))
[802.1X authenticated wireless access overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh994700(v%3dws.11))
-[Wireless cccess deployment overview](/windows-server/networking/core-network-guide/cncg/wireless/b-wireless-access-deploy-overview)
+[Wireless access deployment overview](/windows-server/networking/core-network-guide/cncg/wireless/b-wireless-access-deploy-overview)
[TCP/IP technical reference](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd379473(v=ws.10))
[Network Monitor](/windows/desktop/netmon2/network-monitor)
[RPC and the network](/windows/desktop/rpc/rpc-and-the-network)
[How RPC works](/windows/desktop/rpc/how-rpc-works)
-[NPS reason codes](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd197570(v=ws.10))
\ No newline at end of file
+[NPS reason codes](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd197570(v=ws.10))
diff --git a/windows/client-management/troubleshoot-stop-error-on-broadcom-driver-update.md b/windows/client-management/troubleshoot-stop-error-on-broadcom-driver-update.md
index a22426c30a..e26d6a5173 100644
--- a/windows/client-management/troubleshoot-stop-error-on-broadcom-driver-update.md
+++ b/windows/client-management/troubleshoot-stop-error-on-broadcom-driver-update.md
@@ -11,7 +11,6 @@ ms.custom:
- CSSTroubleshooting
audience: ITPro
ms.localizationpriority: medium
-keywords:
manager: kaushika
---
diff --git a/windows/client-management/troubleshoot-stop-errors.md b/windows/client-management/troubleshoot-stop-errors.md
index 81396fc528..1d213f059d 100644
--- a/windows/client-management/troubleshoot-stop-errors.md
+++ b/windows/client-management/troubleshoot-stop-errors.md
@@ -14,6 +14,8 @@ ms.collection: highpri
# Advanced troubleshooting for stop or blue screen errors
+
Try our Virtual Agent - It can help you quickly identify and fix common Windows boot issues
+
> [!NOTE]
> If you're not a support agent or IT professional, you'll find more helpful information about stop error ("blue screen") messages in [Troubleshoot blue screen errors](https://support.microsoft.com/sbs/windows/troubleshoot-blue-screen-errors-5c62726c-6489-52da-a372-3f73142c14ad).
diff --git a/windows/client-management/troubleshoot-tcpip-connectivity.md b/windows/client-management/troubleshoot-tcpip-connectivity.md
index 56573160e6..a04d75d606 100644
--- a/windows/client-management/troubleshoot-tcpip-connectivity.md
+++ b/windows/client-management/troubleshoot-tcpip-connectivity.md
@@ -2,7 +2,6 @@
title: Troubleshoot TCP/IP connectivity
description: Learn how to troubleshoot TCP/IP connectivity and what you should do if you come across TCP reset in a network capture.
ms.prod: w10
-ms.sitesec: library
ms.topic: troubleshooting
author: dansimp
ms.localizationpriority: medium
diff --git a/windows/client-management/troubleshoot-tcpip-netmon.md b/windows/client-management/troubleshoot-tcpip-netmon.md
index aed2257b4d..18eff7c2dd 100644
--- a/windows/client-management/troubleshoot-tcpip-netmon.md
+++ b/windows/client-management/troubleshoot-tcpip-netmon.md
@@ -2,7 +2,6 @@
title: Collect data using Network Monitor
description: Learn how to run Network Monitor to collect data for troubleshooting TCP/IP connectivity.
ms.prod: w10
-ms.sitesec: library
ms.topic: troubleshooting
author: dansimp
ms.localizationpriority: medium
diff --git a/windows/client-management/troubleshoot-tcpip-port-exhaust.md b/windows/client-management/troubleshoot-tcpip-port-exhaust.md
index 938136edad..6a732b7a1d 100644
--- a/windows/client-management/troubleshoot-tcpip-port-exhaust.md
+++ b/windows/client-management/troubleshoot-tcpip-port-exhaust.md
@@ -2,7 +2,6 @@
title: Troubleshoot port exhaustion issues
description: Learn how to troubleshoot port exhaustion issues. Port exhaustion occurs when all the ports on a machine are used.
ms.prod: w10
-ms.sitesec: library
ms.topic: troubleshooting
author: dansimp
ms.localizationpriority: medium
diff --git a/windows/client-management/troubleshoot-tcpip-rpc-errors.md b/windows/client-management/troubleshoot-tcpip-rpc-errors.md
index ed7f973fef..0ed8972088 100644
--- a/windows/client-management/troubleshoot-tcpip-rpc-errors.md
+++ b/windows/client-management/troubleshoot-tcpip-rpc-errors.md
@@ -2,7 +2,6 @@
title: Troubleshoot Remote Procedure Call (RPC) errors
description: Learn how to troubleshoot Remote Procedure Call (RPC) errors when connecting to Windows Management Instrumentation (WMI), SQL Server, or during a remote connection.
ms.prod: w10
-ms.sitesec: library
ms.topic: troubleshooting
author: dansimp
ms.localizationpriority: medium
diff --git a/windows/client-management/troubleshoot-tcpip.md b/windows/client-management/troubleshoot-tcpip.md
index 1ffd3f1dc2..e449140d95 100644
--- a/windows/client-management/troubleshoot-tcpip.md
+++ b/windows/client-management/troubleshoot-tcpip.md
@@ -2,7 +2,6 @@
title: Advanced troubleshooting for TCP/IP issues
description: Learn how to troubleshoot common problems in a TCP/IP network environment, for example by collecting data using Network monitor.
ms.prod: w10
-ms.sitesec: library
ms.topic: troubleshooting
author: dansimp
ms.localizationpriority: medium
diff --git a/windows/client-management/troubleshoot-windows-freeze.md b/windows/client-management/troubleshoot-windows-freeze.md
index 9820130606..aeb80a0007 100644
--- a/windows/client-management/troubleshoot-windows-freeze.md
+++ b/windows/client-management/troubleshoot-windows-freeze.md
@@ -225,7 +225,7 @@ If the physical computer is still running in a frozen state, follow these steps
Pool Monitor shows you the number of allocations and outstanding bytes of allocation by type of pool and the tag that is passed into calls of ExAllocatePoolWithTag.
-For more information, see [How to use Memory Pool Monitor to troubleshoot kernel mode memory leaks](https://support.microsoft.com/topic/4f4a05c2-ef8a-fca4-3ae0-670b940af398).
+For more information, see [Using PoolMon to Find a Kernel-Mode Memory Leak](/windows-hardware/drivers/debugger/using-poolmon-to-find-a-kernel-mode-memory-leak) and [PoolMon Examples](/windows-hardware/drivers/devtest/poolmon-examples).
### Use memory dump to collect data for the virtual machine that's running in a frozen state
diff --git a/windows/client-management/troubleshoot-windows-startup.md b/windows/client-management/troubleshoot-windows-startup.md
index 9d9283a355..6747a6a240 100644
--- a/windows/client-management/troubleshoot-windows-startup.md
+++ b/windows/client-management/troubleshoot-windows-startup.md
@@ -2,7 +2,6 @@
title: Advanced troubleshooting for Windows start-up issues
description: Learn advanced options for how to troubleshoot common Windows start-up issues, like system crashes and freezes.
ms.prod: w10
-ms.sitesec: library
ms.topic: troubleshooting
author: dansimp
ms.localizationpriority: medium
@@ -14,6 +13,8 @@ manager: dansimp
# Advanced troubleshooting for Windows start-up issues
+
Try our Virtual Agent - It can help you quickly identify and fix common Windows boot issues
+
In these topics, you will learn how to troubleshoot common problems that are related to Windows startup.
## How it works
diff --git a/windows/client-management/windows-10-support-solutions.md b/windows/client-management/windows-10-support-solutions.md
index 2c423bfbc7..6dd2f0b24a 100644
--- a/windows/client-management/windows-10-support-solutions.md
+++ b/windows/client-management/windows-10-support-solutions.md
@@ -2,12 +2,10 @@
title: Windows 10 support solutions
description: Learn where to find information about troubleshooting Windows 10 issues, for example BitLocker issues and bugcheck errors.
ms.reviewer: kaushika
-manager: dansimp
+manager: aaroncz
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.author: kaushika
-author: kaushika-msft
+ms.author: vinpa
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.topic: troubleshooting
---
diff --git a/windows/client-management/windows-libraries.md b/windows/client-management/windows-libraries.md
index 5db8c1238b..2ec424585c 100644
--- a/windows/client-management/windows-libraries.md
+++ b/windows/client-management/windows-libraries.md
@@ -1,17 +1,17 @@
---
-ms.assetid: e68cd672-9dea-4ff8-b725-a915f33d8fd2
ms.reviewer:
-manager: dansimp
+manager: aaroncz
title: Windows Libraries
ms.prod: windows-server-threshold
-ms.author: dansimp
+ms.author: vinpa
ms.manager: dongill
ms.technology: storage
ms.topic: article
-author: dansimp
+author: vinaypamnani-msft
description: All about Windows Libraries, which are containers for users' content, such as Documents and Pictures.
ms.date: 09/15/2021
---
+
# Windows libraries
> Applies to: Windows 10, Windows 11, Windows 8.1, Windows 7, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2
@@ -29,21 +29,21 @@ Windows libraries are backed by full content search and rich metadata. Libraries
## Features for Administrators
-Administrators can configure and control Windows libraries in the following ways:
+Administrators can configure and control Windows libraries in the following methods:
- Create custom libraries by creating and deploying Library Description (*.library-ms) files.
-- Hide or delete the default libraries. (The Library node itself cannot be hidden or deleted from the Windows Explorer navigation pane.)
+- Hide or delete the default libraries. (The Library node itself can't be hidden or deleted from the Windows Explorer navigation pane.)
- Specify a set of libraries available to Default User, and then deploy those libraries to users that derive from Default User.
- Specify locations to include in a library.
- Remove a default location from a library.
-- Remove advanced libraries features, when the environment does not support the local caching of files, by using the [Turn off Windows Libraries features that rely on indexed file data](/previous-versions/windows/it-pro/windows-7/dd744697(v=ws.10)#WS_TurnOffWindowsLibraries) Group Policy. This makes all libraries basic (see [Indexing Requirements and Basic Libraries](/previous-versions/windows/it-pro/windows-7/dd744693(v=ws.10)#WS_IndexingReqs_BasicLibraries)), removes libraries from the scope of the Start menu search, and removes other features to avoid confusing users and consuming resources.
+- Remove advanced libraries features, when the environment doesn't support the local caching of files, by using the [Turn off Windows Libraries features that rely on indexed file data](/previous-versions/windows/it-pro/windows-7/dd744697(v=ws.10)#WS_TurnOffWindowsLibraries) Group Policy. This method makes all libraries basic (see [Indexing Requirements and Basic Libraries](/previous-versions/windows/it-pro/windows-7/dd744693(v=ws.10)#WS_IndexingReqs_BasicLibraries)), removes libraries from the scope of the Start menu search, and removes other features to avoid confusing users and consuming resources.
## More about Libraries
-The following is important information about libraries you may need to understand to successfully manage your enterprise.
+The following information is important in the context of libraries you may need to understand to successfully manage your enterprise.
### Library Contents
-Including a folder in a library does not physically move or change the storage location of the files or folders; the library is a view into those folders. However, users interacting with files in a library are copying, moving, and deleting the files themselves, not copies of these files.
+Including a folder in a library doesn't physically move or change the storage location of the files or folders; the library is a view into those folders. However, users interacting with files in a library are copying, moving, and deleting the files themselves, not copies of these files.
### Default Libraries and Known Folders
@@ -57,35 +57,35 @@ Libraries are built upon the legacy known folders (such as My Documents, My Pict
### Hiding Default Libraries
-Users or administrators can hide or delete the default libraries, though the libraries node in the Navigation pane cannot be hidden or deleted. Hiding a default library is preferable to deleting it, as applications like Windows Media Player rely on the default libraries and will re-create them if they do not exist on the computer. See [How to Hide Default Libraries](/previous-versions/windows/it-pro/windows-7/ee461108(v=ws.10)#BKMK_HideDefaultLibraries) for instructions.
+Users or administrators can hide or delete the default libraries, though the libraries node in the Navigation pane can't be hidden or deleted. Hiding a default library is preferable to deleting it, as applications like Windows Media Player rely on the default libraries and will re-create them if they don't exist on the computer. See [How to Hide Default Libraries](/previous-versions/windows/it-pro/windows-7/ee461108(v=ws.10)#BKMK_HideDefaultLibraries) for instructions.
### Default Save Locations for Libraries
Each library has a default save location. Files are saved or copied to this location if the user chooses to save or copy a file to a library, rather than a specific location within the library. Known folders are the default save locations; however, users can select a different save location.
-If the user removes the default save location from a library, the next location is automatically selected as the new default save location. If the library is empty of locations or if all included locations cannot be saved to, then the save operation fails.
+If the user removes the default save location from a library, the next location is automatically selected as the new default save location. If the library is empty of locations or if all included locations can't be saved to, then the save operation fails.
### Indexing Requirements and “Basic” Libraries
-Certain library features depend on the contents of the libraries being indexed. Library locations must be available for local indexing or be indexed in a manner conforming to the Windows Indexing Protocol. If indexing is not enabled for one or more locations within a library, the entire library reverts to basic functionality:
+Certain library features depend on the contents of the libraries being indexed. Library locations must be available for local indexing or be indexed in a manner conforming to the Windows Indexing Protocol. If indexing isn't enabled for one or more locations within a library, the entire library reverts to basic functionality:
- No support for metadata browsing via **Arrange By** views.
- Grep-only searches.
- Grep-only search suggestions. The only properties available for input suggestions are **Date Modified** and **Size**.
-- No support for searching from the Start menu. Start menu searches do not return files from basic libraries.
+- No support for searching from the Start menu. Start menu searches don't return files from basic libraries.
- No previews of file snippets for search results returned in Content mode.
-To avoid this limited functionality, all locations within the library must be indexable, either locally or remotely. When users add local folders to libraries, Windows adds the location to the indexing scope and indexes the contents. Remote locations that are not indexed remotely can be added to the local index using Offline File synchronization. This gives the user the benefits of local storage even though the location is remote. Making a folder “Always available offline” creates a local copy of the folder’s files, adds those files to the index, and keeps the local and remote copies in sync. Users can manually sync locations which are not indexed remotely and are not using folder redirection to gain the benefits of being indexed locally.
+To avoid this limited functionality, all locations within the library must be indexable, either locally or remotely. When users add local folders to libraries, Windows adds the location to the indexing scope and indexes the contents. Remote locations that aren't indexed remotely can be added to the local index using Offline File synchronization. This feature gives the user the benefits of local storage even though the location is remote. Making a folder “Always available offline” creates a local copy of the folder’s files, adds those files to the index, and keeps the local and remote copies in sync. Users can manually sync locations that aren't indexed remotely and aren't using folder redirection to gain the benefits of being indexed locally.
For instructions on enabling indexing, see [How to Enable Indexing of Library Locations](/previous-versions/windows/it-pro/windows-7/ee461108(v=ws.10)#BKMK_EnableIndexLocations).
-If your environment does not support caching files locally, you should enable the [Turn off Windows Libraries features that rely on indexed file](/previous-versions/windows/it-pro/windows-7/dd744697(v=ws.10)#WS_TurnOffWindowsLibraries) data Group Policy. This makes all libraries basic. For further information, see [Group Policy for Windows Search, Browse, and Organize](/previous-versions/windows/it-pro/windows-7/dd744697(v=ws.10)).
+If your environment doesn't support caching files locally, you should enable the [Turn off Windows Libraries features that rely on indexed file](/previous-versions/windows/it-pro/windows-7/dd744697(v=ws.10)#WS_TurnOffWindowsLibraries) data Group Policy. This enablement makes all libraries basic. For more information, see [Group Policy for Windows Search, Browse, and Organize](/previous-versions/windows/it-pro/windows-7/dd744697(v=ws.10)).
### Folder Redirection
-While library files themselves cannot be redirected, you can redirect known folders included in libraries by using [Folder Redirection](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh848267(v=ws.11)). For example, you can redirect the “My Documents” folder, which is included in the default Documents library. When redirecting known folders, you should make sure that the destination is either indexed or always available offline in order to maintain full library functionality. In both cases, the files for the destination folder are indexed and supported in libraries. These settings are configured on the server side.
+While library files themselves can't be redirected, you can redirect known folders included in libraries by using [Folder Redirection](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh848267(v=ws.11)). For example, you can redirect the “My Documents” folder, which is included in the default Documents library. When redirecting known folders, you should make sure that the destination is either indexed or always available offline in order to maintain full library functionality. In both cases, the files for the destination folder are indexed and supported in libraries. These settings are configured on the server side.
### Supported storage locations
-The following table show which locations are supported in Windows libraries.
+The following table shows which locations are supported in Windows libraries.
|Supported Locations|Unsupported Locations|
|---|---|
@@ -98,8 +98,8 @@ The following table show which locations are supported in Windows libraries.
- Expected maximum load is four concurrent query requests.
- Expected indexing corpus is a maximum of one million documents.
-- Users directly access the server. That is, the server is not made available through DFS Namespaces.
-- Users are not redirected to another server in case of failure. That is, server clusters are not used.
+- Users directly access the server. That is, the server isn't made available through DFS Namespaces.
+- Users aren't redirected to another server if there's a failure. That is, server clusters aren't used.
### Library Attributes
@@ -122,7 +122,7 @@ See the [Library Description Schema](/windows/win32/shell/library-schema-entry)
- [Federated Search Features](/previous-versions/windows/it-pro/windows-7/dd744682(v=ws.10))
- [Administrative How-to Guides](/previous-versions/windows/it-pro/windows-7/ee461108(v=ws.10))
- [Group Policy for Windows Search, Browse, and Organize](/previous-versions/windows/it-pro/windows-7/dd744697(v=ws.10))
-- [Additional Resources for Windows Search, Browse, and Organization](/previous-versions/windows/it-pro/windows-7/dd744695(v=ws.10))
+- [More Resources for Windows Search, Browse, and Organization](/previous-versions/windows/it-pro/windows-7/dd744695(v=ws.10))
### Other resources
diff --git a/windows/client-management/windows-version-search.md b/windows/client-management/windows-version-search.md
index 52a2fb766d..939d36455a 100644
--- a/windows/client-management/windows-version-search.md
+++ b/windows/client-management/windows-version-search.md
@@ -1,21 +1,21 @@
---
title: What version of Windows am I running?
-description: Discover which version of Windows you are running to determine whether or not your device is enrolled in the Long-Term Servicing Channel or General Availability Channel.
+description: Discover which version of Windows you're running to determine whether or not your device is enrolled in the Long-Term Servicing Channel or General Availability Channel.
keywords: Long-Term Servicing Channel, LTSC, LTSB, General Availability Channel, GAC, Windows, version, OS Build
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
-author: dansimp
-ms.author: dansimp
+author: vinaypamnani-msft
+ms.author: vinpa
ms.date: 04/30/2018
ms.reviewer:
-manager: dansimp
+manager: aaroncz
ms.topic: troubleshooting
---
# What version of Windows am I running?
-To determine if your device is enrolled in the [Long-Term Servicing Channel](/windows/deployment/update/waas-overview#servicing-channels) (LTSC, formerly LTSB) or the [General Availability Channel](/windows/deployment/update/waas-overview#servicing-channels) (SAC) you'll need to know what version of Windows 10 you're running. There are a few ways to figure this out. Each method provides a different set of details, so it’s useful to learn about all of them.
+To determine if your device is enrolled in the [Long-Term Servicing Channel](/windows/deployment/update/waas-overview#servicing-channels) (LTSC, formerly LTSB) or the [General Availability Channel](/windows/deployment/update/waas-overview#servicing-channels) (SAC) you'll need to know what version of Windows 10 you're running. There are a few ways to figure this out. Each method provides a different set of details, so it’s useful to learn about all of them.
## System Properties
Click **Start** > **Settings** > **System** > click **About** from the bottom of the left-hand menu
@@ -25,7 +25,7 @@ You'll now see **Edition**, **Version**, and **OS Build** information. Something
## Using Keyword Search
-You can simply type the following in the search bar and press **ENTER** to see version details for your device.
+You can type the following in the search bar and press **ENTER** to see version details for your device.
**“winver”**
diff --git a/windows/configuration/changes-to-start-policies-in-windows-10.md b/windows/configuration/changes-to-start-policies-in-windows-10.md
index 756137de7c..350a9ffd87 100644
--- a/windows/configuration/changes-to-start-policies-in-windows-10.md
+++ b/windows/configuration/changes-to-start-policies-in-windows-10.md
@@ -1,15 +1,11 @@
---
title: Changes to Group Policy settings for Windows 10 Start menu (Windows 10)
description: Learn about changes to Group Policy settings for the Windows 10 Start menu. Also, learn about the new Windows 10 Start experience.
-ms.assetid: 612FB68A-3832-451F-AA97-E73791FEAA9F
ms.reviewer:
-manager: dougeby
-keywords: ["group policy", "start menu", "start screen"]
+manager: aaroncz
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-author: aczechowski
-ms.author: aaroncz
+author: lizgt2000
+ms.author: lizlong
ms.topic: article
ms.localizationpriority: medium
ms.date: 11/28/2017
@@ -32,27 +28,27 @@ These policy settings are available in **Administrative Templates\\Start Menu an
|Policy|Notes|
|--- |--- |
|Clear history of recently opened documents on exit|Documents that the user opens are tracked during the session. When the user signs off, the history of opened documents is deleted.|
-|Do not allow pinning items in Jump Lists|Jump Lists are lists of recently opened items, such as files, folders, or websites, organized by the program that you use to open them. This policy prevents users from pinning items to any Jump List.|
-|Do not display or track items in Jump Lists from remote locations|When this policy is applied, only items local on the computer are shown in Jump Lists.|
-|Do not keep history of recently opened documents|Documents that the user opens are not tracked during the session.|
-|Prevent changes to Taskbar and Start Menu Settings|In Windows 10, this disables all of the settings in **Settings** > **Personalization** > **Start** as well as the options in dialog available via right-click Taskbar > **Properties**|
+|Don't allow pinning items in Jump Lists|Jump Lists are lists of recently opened items, such as files, folders, or websites, organized by the program that you use to open them. This policy prevents users from pinning items to any Jump List.|
+|Don't display or track items in Jump Lists from remote locations|When this policy is applied, only items local on the computer are shown in Jump Lists.|
+|Don't keep history of recently opened documents|Documents that the user opens aren't tracked during the session.|
+|Prevent changes to Taskbar and Start Menu Settings|In Windows 10, this policy disables all of the settings in **Settings** > **Personalization** > **Start** and the options in dialog available via right-click Taskbar > **Properties**|
|Prevent users from customizing their Start Screen|Use this policy in conjunction with a [customized Start layout](windows-10-start-layout-options-and-policies.md) to prevent users from changing it|
-|Prevent users from uninstalling applications from Start|In Windows 10, this removes the uninstall button in the context menu. It does not prevent users from uninstalling the app through other entry points (e.g. PowerShell)|
-|Remove All Programs list from the Start menu|In Windows 10, this removes the **All apps** button.|
-|Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands|This removes the Shut Down, Restart, Sleep, and Hibernate commands from the Start Menu, Start Menu power button, CTRL+ALT+DEL screen, and Alt+F4 Shut Down Windows menu.|
-|Remove common program groups from Start Menu|As in earlier versions of Windows, this removes apps specified in the All Users profile from Start|
-|Remove frequent programs list from the Start Menu|In Windows 10, this removes the top left **Most used** group of apps.|
+|Prevent users from uninstalling applications from Start|In Windows 10, this policy removes the uninstall button in the context menu. It doesn't prevent users from uninstalling the app through other entry points (for example, PowerShell)|
+|Remove All Programs list from the Start menu|In Windows 10, this policy removes the **All apps** button.|
+|Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands|This policy removes the Shut Down, Restart, Sleep, and Hibernate commands from the Start Menu, Start Menu power button, CTRL+ALT+DEL screen, and Alt+F4 Shut Down Windows menu.|
+|Remove common program groups from Start Menu|As in earlier versions of Windows, this policy removes apps specified in the All Users profile from Start|
+|Remove frequent programs list from the Start Menu|In Windows 10, this policy removes the top left **Most used** group of apps.|
|Remove Logoff on the Start Menu|**Logoff** has been changed to **Sign Out** in the user interface, however the functionality is the same.|
-|Remove pinned programs list from the Start Menu|In Windows 10, this removes the bottom left group of apps (by default, only File Explorer and Settings are pinned).|
-|Show "Run as different user" command on Start|This enables the **Run as different user** option in the right-click menu for apps.|
-|Start Layout|This applies a specific Start layout, and it also prevents users from changing the layout. This policy can be configured in **User Configuration** or **Computer Configuration**.|
-|Force Start to be either full screen size or menu size|This applies a specific size for Start.|
+|Remove pinned programs list from the Start Menu|In Windows 10, this policy removes the bottom left group of apps (by default, only File Explorer and Settings are pinned).|
+|Show "Run as different user" command on Start|This policy enables the **Run as different user** option in the right-click menu for apps.|
+|Start Layout|This policy applies a specific Start layout, and it also prevents users from changing the layout. This policy can be configured in **User Configuration** or **Computer Configuration**.|
+|Force Start to be either full screen size or menu size|This policy applies a specific size for Start.|
## Deprecated Group Policy settings for Start
-The Start policy settings listed below do not work on Windows 10. Most of them were deprecated in Windows 8 however a few more were deprecated in Windows 10. Deprecation in this case means that the policy setting will not work on Windows 10. The “Supported on” text for a policy setting will not list Windows 10. The policy settings are still in the Group Policy Management Console and can be used on the operating systems that they apply to.
+The Start policy settings listed below don't work on Windows 10. Most of them were deprecated in Windows 8 however a few more were deprecated in Windows 10. Deprecation in this case means that the policy setting won't work on Windows 10. The “Supported on” text for a policy setting won't list Windows 10. The policy settings are still in the Group Policy Management Console and can be used on the operating systems that they apply to.
| Policy | When deprecated |
|----------------------------------------------------------------------------------|-----------------|
@@ -94,7 +90,7 @@ The Start policy settings listed below do not work on Windows 10. Most of them
- [Start layout XML for desktop editions of Windows 10 (reference)](start-layout-xml-desktop.md)
- [Customize Windows 10 Start and taskbar with Group Policy](customize-windows-10-start-screens-by-using-group-policy.md)
- [Customize Windows 10 Start and taskbar with provisioning packages](customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md)
-- [Customize Windows 10 Start and tasbkar with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md)
+- [Customize Windows 10 Start and taskbar with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md)
diff --git a/windows/configuration/configure-windows-10-taskbar.md b/windows/configuration/configure-windows-10-taskbar.md
index 500f5c624f..53a58baf77 100644
--- a/windows/configuration/configure-windows-10-taskbar.md
+++ b/windows/configuration/configure-windows-10-taskbar.md
@@ -1,29 +1,29 @@
---
title: Configure Windows 10 taskbar (Windows 10)
-description: Administrators can pin additional apps to the taskbar and remove default pinned apps from the taskbar by adding a section to a layout modification XML file.
-keywords: ["taskbar layout","pin apps"]
+description: Administrators can pin more apps to the taskbar and remove default pinned apps from the taskbar by adding a section to a layout modification XML file.
+keywords: [taskbar layout, pin apps]
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
-author: aczechowski
-ms.author: aaroncz
+author: lizgt2000
+ms.author: lizlong
ms.topic: article
ms.localizationpriority: medium
ms.date: 01/18/2018
ms.reviewer:
-manager: dougeby
+manager: aaroncz
ms.collection: highpri
---
# Configure Windows 10 taskbar
-Starting in Windows 10, version 1607, administrators can pin additional apps to the taskbar and remove default pinned apps from the taskbar by adding a `` section to a layout modification XML file. This method never removes user-pinned apps from the taskbar.
+Starting in Windows 10, version 1607, administrators can pin more apps to the taskbar and remove default pinned apps from the taskbar by adding a `` section to a layout modification XML file. This method never removes user-pinned apps from the taskbar.
> [!NOTE]
> The only aspect of the taskbar that can currently be configured by the layout modification XML file is the layout.
-You can specify different taskbar configurations based on device locale and region. There is no limit on the number of apps that you can pin. You specify apps using the [Application User Model ID (AUMID)](./find-the-application-user-model-id-of-an-installed-app.md) or Desktop Application Link Path (the local path to the application).
+You can specify different taskbar configurations based on device locale and region. There's no limit on the number of apps that you can pin. You specify apps using the [Application User Model ID (AUMID)](./find-the-application-user-model-id-of-an-installed-app.md) or Desktop Application Link Path (the local path to the application).
-If you specify an app to be pinned that is not provisioned for the user on the computer, the pinned icon won't appear on the taskbar.
+If you specify an app to be pinned that isn't provisioned for the user on the computer, the pinned icon won't appear on the taskbar.
The order of apps in the XML file dictates the order of pinned apps on the taskbar from left to right, to the right of any existing apps pinned by the user.
@@ -40,8 +40,8 @@ The following example shows how apps will be pinned: Windows default apps to the
**To configure the taskbar:**
1. Create the XML file.
- * If you are also [customizing the Start layout](customize-and-export-start-layout.md), use `Export-StartLayout` to create the XML, and then add the `` section from [the following sample](#sample-taskbar-configuration-added-to-start-layout-xml-file) to the file.
- * If you are only configuring the taskbar, use [the following sample](#sample-taskbar-configuration-xml-file) to create a layout modification XML file.
+ * If you're also [customizing the Start layout](customize-and-export-start-layout.md), use `Export-StartLayout` to create the XML, and then add the `` section from [the following sample](#sample-taskbar-configuration-added-to-start-layout-xml-file) to the file.
+ * If you're only configuring the taskbar, use [the following sample](#sample-taskbar-configuration-xml-file) to create a layout modification XML file.
2. Edit and save the XML file. You can use [AUMID](./find-the-application-user-model-id-of-an-installed-app.md) or Desktop Application Link Path to identify the apps to pin to the taskbar.
* Add `xmlns:taskbar="http://schemas.microsoft.com/Start/2014/TaskbarLayout"` to the first line of the file, before the closing \>.
* Use `` and [AUMID](./find-the-application-user-model-id-of-an-installed-app.md) to pin Universal Windows Platform apps.
@@ -55,7 +55,7 @@ The following example shows how apps will be pinned: Windows default apps to the
### Tips for finding AUMID and Desktop Application Link Path
-In the layout modification XML file, you will need to add entries for applications in the XML markup. In order to pin an application, you need either its AUMID or Desktop Application Link Path.
+In the layout modification XML file, you'll need to add entries for applications in the XML markup. In order to pin an application, you need either its AUMID or Desktop Application Link Path.
The easiest way to find this data for an application is to:
1. Pin the application to the Start menu on a reference or testing PC.
@@ -207,7 +207,7 @@ By adding `PinListPlacement="Replace"` to ``, you
## Configure taskbar by country or region
-The following example shows you how to configure taskbars by country or region. When the layout is applied to a computer, if there is no `` node with a region tag for the current region, the first `` node that has no specified region will be applied. When you specify one or more countries or regions in a `` node, the specified apps are pinned on computers configured for any of the specified countries or regions.
+The following example shows you how to configure taskbars by country or region. When the layout is applied to a computer, if there's no `` node with a region tag for the current region, the first `` node that has no specified region will be applied. When you specify one or more countries or regions in a `` node, the specified apps are pinned on computers configured for any of the specified countries or regions.
```xml
@@ -326,5 +326,5 @@ The resulting taskbar for computers in any other country region:
- [Start layout XML for desktop editions of Windows 10 (reference)](start-layout-xml-desktop.md)
- [Customize Windows 10 Start and taskbar with Group Policy](customize-windows-10-start-screens-by-using-group-policy.md)
- [Customize Windows 10 Start and taskbar with provisioning packages](customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md)
-- [Customize Windows 10 Start and tasbkar with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md)
+- [Customize Windows 10 Start and taskbar with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md)
- [Changes to Start policies in Windows 10](changes-to-start-policies-in-windows-10.md)
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-crm.md b/windows/configuration/cortana-at-work/cortana-at-work-crm.md
index 805a227811..3790905b51 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-crm.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-crm.md
@@ -2,8 +2,6 @@
title: Set up and test Cortana with Microsoft Dynamics CRM (Preview feature) in Windows
description: How to set up Cortana to give salespeople insights on important CRM activities, including sales leads, accounts, and opportunities.
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
@@ -14,7 +12,7 @@ manager: dougeby
# Set up and test Cortana with Microsoft Dynamics CRM (Preview feature) in your organization
-Cortana integration is a Preview feature that's available for your test or dev environment, starting with the CRM Online 2016 Update. If you decide to use this Preview feature, you'll need to turn in on and accept the license terms. After that, your salespeople will get proactive insights from Cortana on important CRM activities, including sales leads, accounts, and opportunities; presenting the most relevant info at any given time. This can even include getting company-specific news that surfaces when the person is meeting with a representative from another company.
+Cortana integration is a Preview feature that's available for your test or dev environment, starting with the CRM Online 2016 Update. If you decide to use this Preview feature, you'll need to turn in on and accept the license terms. After that, your salespeople will get proactive insights from Cortana on important CRM activities, including sales leads, accounts, and opportunities; presenting the most relevant information at any given time. This information can even include getting company-specific news that surfaces when the person is meeting with a representative from another company.
>[!NOTE]
>For more info about Dynamics CRM integration, how to turn on Cortana, and how to provide feedback, see [Preview feature: Set up Cortana integration](https://go.microsoft.com/fwlink/p/?LinkId=746819).
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-feedback.md b/windows/configuration/cortana-at-work/cortana-at-work-feedback.md
index 6d940ecc14..0f3bf0b348 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-feedback.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-feedback.md
@@ -2,8 +2,6 @@
title: Send feedback about Cortana at work back to Microsoft
description: Learn how to send feedback to Microsoft about Cortana at work so you can provide more information to help diagnose reported issues..
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
@@ -14,11 +12,11 @@ manager: dougeby
# Send feedback about Cortana back to Microsoft
-To provide feedback on an individual request or response, select the item in the conversation history and then select **Give feedback**. This opens the Feedback Hub application where you can provide more information to help diagnose reported issues.
+To provide feedback on an individual request or response, select the item in the conversation history and then select **Give feedback**. The Feedback Hub application is launched, where you can provide more information to help diagnose reported issues.
:::image type="content" source="../screenshot1.png" alt-text="Screenshot: Send feedback page":::
-To provide feedback about the application in general, go to the **Settings** menu by selecting the three dots in the top left of the application, and select **Feedback**. This opens the Feedback Hub where more information on the issue can be provided.
+To provide feedback about the application in general, go to the **Settings** menu by selecting the three dots in the top left of the application, and select **Feedback**. The Feedback Hub is launched, where more information on the issue can be provided.
:::image type="content" source="../screenshot12.png" alt-text="Screenshot: Select Feedback to go to the Feedback Hub":::
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-o365.md b/windows/configuration/cortana-at-work/cortana-at-work-o365.md
index d949c55ed5..1d18b8d49d 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-o365.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-o365.md
@@ -29,7 +29,7 @@ There are a few things to be aware of before you start using Cortana in Windows
- **Office 365 Trust Center.** Cortana in Windows 10, version 1909 and earlier, isn't a service governed by the [Online Services Terms](https://www.microsoft.com/en-us/licensing/product-licensing/products). [Learn more about how Cortana in Windows 10, versions 1909 and earlier, treats your data](https://support.microsoft.com/en-us/help/4468233/cortana-and-privacy-microsoft-privacy).
-- Windows Information Protection (WIP). If you want to secure the calendar, email, and contact info provided to Cortana on a device, you can use WIP. For more info about WIP, see [Protect your enterprise data using Windows Information Protection (WIP)](/windows/threat-protection/windows-information-protection/protect-enterprise-data-using-wip). If you decide to use WIP, you must also have a management solution. This can be Microsoft Intune, Microsoft Endpoint Manager (version 1606 or later), or your current company-wide 3rd party mobile device management (MDM) solution.
+- Windows Information Protection (WIP). If you want to secure the calendar, email, and contact info provided to Cortana on a device, you can use WIP. For more info about WIP, see [Protect your enterprise data using Windows Information Protection (WIP)](/windows/threat-protection/windows-information-protection/protect-enterprise-data-using-wip). If you decide to use WIP, you must also have a management solution. This solution can be Microsoft Intune, Microsoft Endpoint Manager (version 1606 or later), or your current company-wide third-party mobile device management (MDM) solution.
- **Troubleshooting tips.** If you run into issues, check out these [troubleshooting tips](/office365/troubleshoot/miscellaneous/issues-in-cortana).
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-overview.md b/windows/configuration/cortana-at-work/cortana-at-work-overview.md
index 2b72551c54..81cc7d9dff 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-overview.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-overview.md
@@ -4,8 +4,6 @@ ms.reviewer:
manager: dougeby
description: Cortana includes powerful configuration options specifically to optimize for unique small to medium-sized business and for enterprise environments.
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
@@ -27,7 +25,7 @@ The Cortana app in Windows 10, version 2004 requires the latest Microsoft Store
## Required hardware and software
-Cortana requires a PC running Windows 10, version 1703 or later, as well as the following software to successfully run the included scenario in your organization.
+Cortana requires a PC running Windows 10, version 1703 or later, and the following software to successfully run the included scenario in your organization.
>[!NOTE]
>A microphone isn't required to use Cortana.
@@ -36,14 +34,14 @@ Cortana requires a PC running Windows 10, version 1703 or later, as well as the
|---------|---------|
|Client operating system | - Windows 10, version 2004 (recommended)
- Windows 10, version 1703 (legacy version of Cortana)
For more information on the differences between Cortana in Windows 10, version 2004 and earlier versions, see [**How is my data processed by Cortana**](#how-is-my-data-processed-by-cortana) below. |
|Azure Active Directory (Azure AD) | While all employees signing into Cortana need an Azure AD account, an Azure AD premium tenant isn't required. |
-|Additional policies (Group Policy and Mobile Device Management (MDM)) |There is a rich set of policies that can be used to manage various aspects of Cortana. Most of these policies will limit the abilities of Cortana but won't turn Cortana off. For example, if you turn **Speech** off, your employees won't be able to use the wake word ("Cortana") for hands-free activation or voice commands to easily ask for help. |
+|Additional policies (Group Policy and Mobile Device Management (MDM)) |There's a rich set of policies that can be used to manage various aspects of Cortana. Most of these policies will limit the abilities of Cortana but won't turn off Cortana. For example, if you turn **Speech** off, your employees won't be able to use the wake word ("Cortana") for hands-free activation or voice commands to easily ask for help. |
>[!NOTE]
>For Windows 11, Cortana is no longer pinned to the taskbar by default. You can still pin the Cortana app to the taskbar as you would any other app. In addition, the keyboard shortcut that launched Cortana (Win+C) no longer opens Cortana.
## Signing in using Azure AD
-Your organization must have an Azure AD tenant and your employees' devices must all be Azure AD-joined for the best Cortana experience. (Users may also sign into Cortana with a Microsoft account, but will not be able to use their enterprise email or calendar.) For info about what an Azure AD tenant is, how to get your devices joined, and other Azure AD maintenance info, see [Azure Active Directory documentation.](/azure/active-directory/)
+Your organization must have an Azure AD tenant and your employees' devices must all be Azure AD-joined for the best Cortana experience. (Users may also sign into Cortana with a Microsoft account, but won't be able to use their enterprise email or calendar.) For info about what an Azure AD tenant is, how to get your devices joined, and other Azure AD maintenance info, see [Azure Active Directory documentation.](/azure/active-directory/)
## How is my data processed by Cortana?
@@ -60,11 +58,11 @@ The table below describes the data handling for Cortana enterprise services.
| Name | Description |
|---------|---------|
-|**Storage** |Customer Data is stored on Microsoft servers inside the Office 365 cloud. Your data is part of your tenant. Speech audio is not retained. |
+|**Storage** |Customer Data is stored on Microsoft servers inside the Office 365 cloud. Your data is part of your tenant. Speech audio isn't retained. |
|**Stays in Geo** |Customer Data is stored on Microsoft servers inside the Office 365 cloud in Geo. Your data is part of your tenant. |
-|**Retention** |Customer Data is deleted when the account is closed by the tenant administrator or when a GDPR Data Subject Rights deletion request is made. Speech audio is not retained. |
+|**Retention** |Customer Data is deleted when the account is closed by the tenant administrator or when a GDPR Data Subject Rights deletion request is made. Speech audio isn't retained. |
|**Processing and confidentiality** |Personnel engaged in the processing of Customer Data and personal data (i) will process such data only on instructions from Customer, and (ii) will be obligated to maintain the confidentiality and security of such data even after their engagement ends. |
-|**Usage** |Microsoft uses Customer Data only to provide the services agreed upon, and for purposes that are compatible with those services. Machine learning to develop and improve models is one of those purposes. Machine learning is done inside the Office 365 cloud consistent with the Online Services Terms. Your data is not used to target advertising. |
+|**Usage** |Microsoft uses Customer Data only to provide the services agreed upon, and for purposes that are compatible with those services. Machine learning to develop and improve models is one of those purposes. Machine learning is done inside the Office 365 cloud consistent with the Online Services Terms. Your data isn't used to target advertising. |
#### How does the wake word (Cortana) work? If I enable it, is Cortana always listening?
@@ -75,11 +73,11 @@ Cortana only begins listening for commands or queries when the wake word is dete
First, the user must enable the wake word from within Cortana settings. Once it has been enabled, a component of Windows called the [Windows Multiple Voice Assistant platform](/windows-hardware/drivers/audio/voice-activation-mva#voice-activation) will start listening for the wake word. No audio is processed by speech recognition unless two local wake word detectors and a server-side one agree with high confidence that the wake word was heard.
-The first decision is made by the Windows Multiple Voice Assistant platform leveraging hardware optionally included in the user's PC for power savings. If the wake word is detected, Windows will show a microphone icon in the system tray indicating an assistant app is listening.
+The first decision is made by the Windows Multiple Voice Assistant platform using hardware optionally included in the user's PC for power savings. If the wake word is detected, Windows will show a microphone icon in the system tray indicating an assistant app is listening.
:::image type="content" source="./images/screenshot2.png" alt-text="Screenshot: Microphone icon in the system tray indicating an assistant app is listening":::
-At that point, the Cortana app will receive the audio, run a second, more accurate wake word detector, and optionally send it to a Microsoft cloud service where a third wake word detector will confirm. If the service does not confirm that the activation was valid, the audio will be discarded and deleted from any further processing or server logs. On the user's PC, the Cortana app will be silently dismissed, and no query will be shown in conversation history because the query was discarded.
+At that point, the Cortana app will receive the audio, run a second, more accurate wake word detector, and optionally send it to a Microsoft cloud service where a third wake word detector will confirm. If the service doesn't confirm that the activation was valid, the audio will be discarded and deleted from any further processing or server logs. On the user's PC, the Cortana app will be silently dismissed, and no query will be shown in conversation history because the query was discarded.
If all three wake word detectors agree, the Cortana canvas will show what speech has been recognized.
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md b/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md
index 2eb0ba6a03..97966260a0 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md
@@ -2,8 +2,6 @@
title: Configure Cortana with Group Policy and MDM settings (Windows)
description: The list of Group Policy and mobile device management (MDM) policy settings that apply to Cortana at work.
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-powerbi.md b/windows/configuration/cortana-at-work/cortana-at-work-powerbi.md
index a54d958f6e..fd81d85f3a 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-powerbi.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-powerbi.md
@@ -2,8 +2,6 @@
title: Set up and test Cortana for Power BI in your organization (Windows)
description: How to integrate Cortana with Power BI to help your employees get answers directly from your key business data.
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md
index de0f3315ae..f19d6c310d 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md
@@ -2,8 +2,6 @@
title: Sign into Azure AD, enable the wake word, and try a voice query
description: A test scenario walking you through signing in and managing the notebook.
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md
index b9c64414bc..32d197bae2 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md
@@ -1,9 +1,7 @@
---
title: Perform a quick search with Cortana at work (Windows)
-description: This is a test scenario about how to perform a quick search with Cortana at work.
+description: This scenario is a test scenario about how to perform a quick search with Cortana at work.
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-3.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-3.md
index 68ba398dbf..f6d46feb8f 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-3.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-3.md
@@ -2,8 +2,6 @@
title: Set a reminder for a location with Cortana at work (Windows)
description: A test scenario about how to set a location-based reminder using Cortana at work.
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-4.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-4.md
index 6c6a391833..582e780d1f 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-4.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-4.md
@@ -2,8 +2,6 @@
title: Use Cortana at work to find your upcoming meetings (Windows)
description: A test scenario on how to use Cortana at work to find your upcoming meetings.
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
@@ -22,6 +20,6 @@ This scenario helps you find out if a time slot is free on your calendar.
3. Type **Am I free at 3 PM tomorrow?**
-Cortana will respond with your availability for that time, as well as nearby meetings.
+Cortana will respond with your availability for that time, and nearby meetings.
:::image type="content" source="../screenshot8.png" alt-text="Screenshot: Cortana showing free time on a calendar":::
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-5.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-5.md
index 63f5f07436..5085f7608d 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-5.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-5.md
@@ -2,8 +2,6 @@
title: Use Cortana to send email to a co-worker (Windows)
description: A test scenario about how to use Cortana at work to send email to a co-worker.
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-6.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-6.md
index c4647b52d8..dcc810fb0f 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-6.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-6.md
@@ -2,8 +2,6 @@
title: Review a reminder suggested by Cortana (Windows)
description: A test scenario on how to use Cortana with the Suggested reminders feature.
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
@@ -18,7 +16,7 @@ Cortana can help employees in regions outside the US search for quick answers li
1. Select the **Cortana** icon in the taskbar.
-2. Select the **…** menu, then select **Settings**, **Language**, then select **Español (España)**. You will be prompted to restart the app.
+2. Select the **…** menu, then select **Settings**, **Language**, then select **Español (España)**. You'll be prompted to restart the app.
3. Once the app has restarted, type or say **Convierte 100 Euros a Dólares**.
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-7.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-7.md
index 6a7ab71a9a..942d908f2b 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-7.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-7.md
@@ -2,8 +2,6 @@
title: Help protect data with Cortana and WIP (Windows)
description: An optional test scenario about how to use Cortana at work with Windows Information Protection (WIP).
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
@@ -21,7 +19,7 @@ This optional scenario helps you to protect your organization’s data on a devi
## Use Cortana and WIP to protect your organization’s data
-1. Create and deploy an WIP policy to your organization. For info about how to do this, see [Protect your enterprise data using Windows Information Protection (WIP)](/windows/threat-protection/windows-information-protection/protect-enterprise-data-using-wip).
+1. Create and deploy a WIP policy to your organization. For information about how to do this step, see [Protect your enterprise data using Windows Information Protection (WIP)](/windows/threat-protection/windows-information-protection/protect-enterprise-data-using-wip).
2. Create a new email from a non-protected or personal mailbox, including the text _I’ll send you that presentation tomorrow_.
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-testing-scenarios.md b/windows/configuration/cortana-at-work/cortana-at-work-testing-scenarios.md
index cf0cd10b10..55023907da 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-testing-scenarios.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-testing-scenarios.md
@@ -2,8 +2,6 @@
title: Cortana at work testing scenarios
description: Suggested testing scenarios that you can use to test Cortana in your organization.
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-voice-commands.md b/windows/configuration/cortana-at-work/cortana-at-work-voice-commands.md
index 10a3e5644b..d38268d716 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-voice-commands.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-voice-commands.md
@@ -2,8 +2,6 @@
title: Set up and test custom voice commands in Cortana for your organization (Windows)
description: How to create voice commands that use Cortana to perform voice-enabled actions in your line-of-business (LOB) Universal Windows Platform (UWP) apps.
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
@@ -20,7 +18,7 @@ manager: dougeby
Working with a developer, you can create voice commands that use Cortana to perform voice-enabled actions in your line-of-business (LOB) Universal Windows Platform (UWP) apps. These voice-enabled actions can reduce the time necessary to access your apps and to complete simple actions.
## High-level process
-Cortana uses a Voice Command Definition (VCD) file, aimed at an installed app, to define the actions that are to happen during certain vocal commands. A VCD file can be very simple to very complex, supporting anything from a single sound to a collection of more flexible, natural language sounds, all with the same intent.
+Cortana uses a Voice Command Definition (VCD) file, aimed at an installed app, to define the actions that are to happen during certain vocal commands. A VCD file can be simple to complex, supporting anything from a single sound to a collection of more flexible, natural language sounds, all with the same intent.
To enable voice commands in Cortana
@@ -35,7 +33,7 @@ To enable voice commands in Cortana
2. **Install the VCD file on employees' devices**. You can use Microsoft Endpoint Manager or Microsoft Intune to deploy and install the VCD file on your employees' devices, the same way you deploy and install any other package in your organization.
## Test scenario: Use voice commands in a Microsoft Store app
-While these aren't line-of-business apps, we've worked to make sure to implement a VCD file, allowing you to test how the functionality works with Cortana in your organization.
+While these apps aren't line-of-business apps, we've worked to make sure to implement a VCD file, allowing you to test how the functionality works with Cortana in your organization.
**To get a Microsoft Store app**
1. Go to the Microsoft Store, scroll down to the **Collections** area, click **Show All**, and then click **Better with Cortana**.
diff --git a/windows/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10.md b/windows/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10.md
index b922d049e4..2a50408b60 100644
--- a/windows/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10.md
+++ b/windows/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10.md
@@ -4,8 +4,6 @@ ms.reviewer:
manager: dougeby
description: Cortana includes powerful configuration options specifically to optimize unique small to medium-sized business and enterprise environments.
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
@@ -15,8 +13,8 @@ ms.author: aaroncz
## Before you begin
-- If your enterprise had previously disabled Cortana for your employees using the **Computer Configuration\Administrative Templates\Windows Components\Search\Allow Cortana** Group Policy or the **Experience\AllowCortana** MDM setting but want to enable it now that Cortana is part of Microsoft 365, you will need to re-enable it at least for Windows 10, version 2004 and later, or Windows 11.
-- **Cortana is regularly updated through the Microsoft Store.** Beginning with Windows 10, version 2004, Cortana is an appx preinstalled with Windows and is regularly updated through the Microsoft Store. To receive the latest updates to Cortana, you will need to [enable updates through the Microsoft Store](../stop-employees-from-using-microsoft-store.md).
+- If your enterprise had previously disabled Cortana for your employees using the **Computer Configuration\Administrative Templates\Windows Components\Search\Allow Cortana** Group Policy or the **Experience\AllowCortana** MDM setting but want to enable it now that Cortana is part of Microsoft 365, you'll need to re-enable it at least for Windows 10, version 2004 and later, or Windows 11.
+- **Cortana is regularly updated through the Microsoft Store.** Beginning with Windows 10, version 2004, Cortana is an appx preinstalled with Windows and is regularly updated through the Microsoft Store. To receive the latest updates to Cortana, you'll need to [enable updates through the Microsoft Store](../stop-employees-from-using-microsoft-store.md).
## Set up and configure the Bing Answers feature
Bing Answers provides fast, authoritative results to search queries based on search terms. When the Bing Answers feature is enabled, users will be able to ask Cortana web-related questions in the Cortana in Windows app, such as "What's the current weather?" or "Who is the president of the U.S.?," and get a response, based on public results from Bing.com.
@@ -27,7 +25,7 @@ The above experience is powered by Microsoft Bing, and Cortana sends the user qu
Admins can configure the Cortana in Windows Bing Answers feature for their organizations. As the admin, use the following steps to change the setting for Bing Answers at the tenant/security group level. This setting is enabled by default, so that all users who have Cortana enabled will be able to receive Bing Answers. By default, the Bing Answer feature will be available to your users.
-Users cannot enable or disable the Bing Answer feature individually. So, if you disable this feature at the tenant/security group level, no users in your organization or specific security group will be able to use Bing Answers in Cortana in Windows.
+Users can't enable or disable the Bing Answer feature individually. So, if you disable this feature at the tenant/security group level, no users in your organization or specific security group will be able to use Bing Answers in Cortana in Windows.
Sign in to the [Office Configuration Admin tool](https://config.office.com/).
@@ -37,13 +35,13 @@ Follow the steps [here](/deployoffice/overview-office-cloud-policy-service#steps
## How does Microsoft handle customer data for Bing Answers?
-When a user enters a search query (by speech or text), Cortana evaluates if the request is for any of our first-party compliant skills if enabled in a specific market, and does the following:
+When a user enters a search query (by speech or text), Cortana evaluates if the request is for any of our first-party compliant skills if enabled in a specific market, and does the following actions:
1. If it is for any of the first-party compliant skills, the query is sent to that skill, and results/action are returned.
-2. If it is not for any of the first-party compliant skills, the query is sent to Bing for a search of public results from Bing.com. Because enterprise searches might be sensitive, similar to [Microsoft Search in Bing](/MicrosoftSearch/security-for-search#microsoft-search-in-bing-protects-workplace-searches), Bing Answers in Cortana has implemented a set of trust measures, described below, that govern how the separate search of public results from Bing.com is handled. The Bing Answers in Cortana trust measures are consistent with the enhanced privacy and security measures described in [Microsoft Search in Bing](/MicrosoftSearch/security-for-search). All Bing.com search logs that pertain to Cortana traffic are disassociated from users' workplace identity. All Cortana queries issued via a work or school account are stored separately from public, non-Cortana traffic.
+2. If it isn't for any of the first-party compliant skills, the query is sent to Bing for a search of public results from Bing.com. Because enterprise searches might be sensitive, similar to [Microsoft Search in Bing](/MicrosoftSearch/security-for-search#microsoft-search-in-bing-protects-workplace-searches), Bing Answers in Cortana has implemented a set of trust measures, described below, that govern how the separate search of public results from Bing.com is handled. The Bing Answers in Cortana trust measures are consistent with the enhanced privacy and security measures described in [Microsoft Search in Bing](/MicrosoftSearch/security-for-search). All Bing.com search logs that pertain to Cortana traffic are disassociated from users' workplace identity. All Cortana queries issued via a work or school account are stored separately from public, non-Cortana traffic.
-Bing Answers is enabled by default for all users. However, admins can configure and change this for specific users and user groups in their organization.
+Bing Answers is enabled by default for all users. However, admins can configure and change this setting for specific users and user groups in their organization.
## How the Bing Answer policy configuration is applied
-Before a query is sent to Bing for a search of public results from Bing.com, the Bing Answers service checks with the Office Cloud Policy Service to see if there are any policy configurations that pertain to the user for allowing Bing Answers to respond to questions users ask Cortana. If the user is a member of an AAD group that is assigned that policy configuration, then the appropriate policy settings are applied and a check is made again in 10 minutes.
+Before a query is sent to Bing for a search of public results from Bing.com, the Bing Answers service checks with the Office Cloud Policy Service to see if there are any policy configurations that pertain to the user for allowing Bing Answers to respond to questions users ask Cortana. If the user is a member of an Azure Active Directory group that is assigned that policy configuration, then the appropriate policy settings are applied and a check is made again in 10 minutes.
diff --git a/windows/configuration/cortana-at-work/test-scenario-1.md b/windows/configuration/cortana-at-work/test-scenario-1.md
index 729352fb95..d11ddd9fbf 100644
--- a/windows/configuration/cortana-at-work/test-scenario-1.md
+++ b/windows/configuration/cortana-at-work/test-scenario-1.md
@@ -2,8 +2,6 @@
title: Test scenario 1 – Sign in with your work or school account and use Cortana to manage the notebook
description: A test scenario about how to sign in with your work or school account and use Cortana to manage the notebook.
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/cortana-at-work/test-scenario-2.md b/windows/configuration/cortana-at-work/test-scenario-2.md
index 86c279c752..f9128ac53e 100644
--- a/windows/configuration/cortana-at-work/test-scenario-2.md
+++ b/windows/configuration/cortana-at-work/test-scenario-2.md
@@ -2,8 +2,6 @@
title: Test scenario 2 - Perform a quick search with Cortana at work
description: A test scenario about how to perform a quick search with Cortana at work.
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/cortana-at-work/test-scenario-3.md b/windows/configuration/cortana-at-work/test-scenario-3.md
index f1706c3579..0bef2a7ad9 100644
--- a/windows/configuration/cortana-at-work/test-scenario-3.md
+++ b/windows/configuration/cortana-at-work/test-scenario-3.md
@@ -2,8 +2,6 @@
title: Test scenario 3 - Set a reminder for a specific location using Cortana at work
description: A test scenario about how to set up, review, and edit a reminder based on a location.
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/cortana-at-work/test-scenario-4.md b/windows/configuration/cortana-at-work/test-scenario-4.md
index 635172f826..45d2df199c 100644
--- a/windows/configuration/cortana-at-work/test-scenario-4.md
+++ b/windows/configuration/cortana-at-work/test-scenario-4.md
@@ -2,8 +2,6 @@
title: Use Cortana to find your upcoming meetings at work (Windows)
description: A test scenario about how to use Cortana at work to find your upcoming meetings.
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/cortana-at-work/test-scenario-5.md b/windows/configuration/cortana-at-work/test-scenario-5.md
index 7770f46dfd..4a890aca59 100644
--- a/windows/configuration/cortana-at-work/test-scenario-5.md
+++ b/windows/configuration/cortana-at-work/test-scenario-5.md
@@ -2,8 +2,6 @@
title: Use Cortana to send an email to co-worker (Windows)
description: A test scenario on how to use Cortana at work to send email to a co-worker.
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/cortana-at-work/test-scenario-6.md b/windows/configuration/cortana-at-work/test-scenario-6.md
index e9b09188c2..8a9d2fec64 100644
--- a/windows/configuration/cortana-at-work/test-scenario-6.md
+++ b/windows/configuration/cortana-at-work/test-scenario-6.md
@@ -2,8 +2,6 @@
title: Test scenario 6 - Review a reminder suggested by Cortana based on what you’ve promised in email
description: A test scenario about how to use Cortana with the Suggested reminders feature.
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
@@ -17,7 +15,7 @@ manager: dougeby
>[!Important]
>The data created as part of these scenarios will be uploaded to Microsoft’s Cloud to help Cortana learn and help your employees. This is the same info that Cortana uses in the consumer offering. For more info, see the [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement) and the [Microsoft Services Agreement](https://www.microsoft.com/servicesagreement).
-Cortana automatically finds patterns in your email, suggesting reminders based things that you said you would do so you don’t forget about them. For example, Cortana recognizes that if you include the text, I’ll get this to you by the end of the week in an email, you're making a commitment to provide something by a specific date. Cortana can now suggest that you be reminded about this event, letting you decide whether to keep it or to cancel it.
+Cortana automatically finds patterns in your email, suggesting reminders based things that you said you would do so you don’t forget about them. For example, Cortana recognizes that if you include the text, I’ll get something to you by the end of the week in an email, you're making a commitment to provide something by a specific date. Cortana can now suggest that you be reminded about this event, letting you decide whether to keep it or to cancel it.
>[!Important]
>The Suggested reminders feature is currently only available in English (en-us).
diff --git a/windows/configuration/cortana-at-work/testing-scenarios-using-cortana-in-business-org.md b/windows/configuration/cortana-at-work/testing-scenarios-using-cortana-in-business-org.md
index 57153a781a..b62794ff0f 100644
--- a/windows/configuration/cortana-at-work/testing-scenarios-using-cortana-in-business-org.md
+++ b/windows/configuration/cortana-at-work/testing-scenarios-using-cortana-in-business-org.md
@@ -2,8 +2,6 @@
title: Testing scenarios using Cortana in your business or organization
description: A list of suggested testing scenarios that you can use to test Cortana in your organization.
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/customize-and-export-start-layout.md b/windows/configuration/customize-and-export-start-layout.md
index c979753ccb..747d7491b2 100644
--- a/windows/configuration/customize-and-export-start-layout.md
+++ b/windows/configuration/customize-and-export-start-layout.md
@@ -1,15 +1,11 @@
---
title: Customize and export Start layout (Windows 10)
description: The easiest method for creating a customized Start layout is to set up the Start screen and export the layout.
-ms.assetid: CA8DF327-5DD4-452F-9FE5-F17C514B6236
ms.reviewer:
-manager: dougeby
-keywords: ["start screen"]
+manager: aaroncz
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-author: aczechowski
-ms.author: aaroncz
+author: lizgt2000
+ms.author: lizlong
ms.topic: article
ms.localizationpriority: medium
ms.date: 09/18/2018
diff --git a/windows/configuration/customize-start-menu-layout-windows-11.md b/windows/configuration/customize-start-menu-layout-windows-11.md
index f21e9bf9dc..d50036f2c7 100644
--- a/windows/configuration/customize-start-menu-layout-windows-11.md
+++ b/windows/configuration/customize-start-menu-layout-windows-11.md
@@ -1,15 +1,11 @@
---
title: Add or remove pinned apps on the Start menu in Windows 11 | Microsoft Docs
description: Export Start layout to LayoutModification.json with pinned apps, and add or remove pinned apps. Use the JSON text in an MDM policy to deploy a custom Start menu layout to Windows 11 devices.
-ms.assetid:
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: lizlong
ms.reviewer: ericpapa
ms.prod: w11
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: mobile
-author: aczechowski
+author: lizgt2000
ms.localizationpriority: medium
ms.collection: highpri
---
diff --git a/windows/configuration/customize-taskbar-windows-11.md b/windows/configuration/customize-taskbar-windows-11.md
index 8679cc641f..f9af3940ce 100644
--- a/windows/configuration/customize-taskbar-windows-11.md
+++ b/windows/configuration/customize-taskbar-windows-11.md
@@ -1,15 +1,11 @@
---
title: Configure and customize Windows 11 taskbar | Microsoft Docs
description: On Windows 11 devices, pin and unpin default apps and organization apps on the taskbar using an XML file. Deploy the taskbar XML file using Group Policy or MDM and Microsoft Endpoint Manager. See what happens to the taskbar when the Windows OS client is installed or upgraded.
-ms.assetid:
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: lizlong
ms.reviewer: chataylo
ms.prod: w11
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: mobile
-author: aczechowski
+author: lizgt2000
ms.localizationpriority: medium
ms.collection: highpri
---
diff --git a/windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md b/windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md
index 434d699db3..dff79978bd 100644
--- a/windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md
+++ b/windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md
@@ -1,16 +1,12 @@
---
title: Customize Windows 10 Start and taskbar with Group Policy (Windows 10)
description: In Windows 10, you can use a Group Policy Object (GPO) to deploy a customized Start layout to users in a domain.
-ms.assetid: F4A47B36-F1EF-41CD-9CBA-04C83E960545
ms.reviewer:
-manager: dougeby
-keywords: ["Start layout", "start menu", "layout", "group policy"]
+manager: aaroncz
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-author: aczechowski
+author: lizgt2000
ms.localizationpriority: medium
-ms.author: aaroncz
+ms.author: lizlong
ms.topic: article
ms.collection: highpri
---
diff --git a/windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management.md b/windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management.md
index a06b4c2919..d14d3320b6 100644
--- a/windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management.md
+++ b/windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management.md
@@ -1,16 +1,12 @@
---
title: Change the Windows 10 Start and taskbar using mobile device management | Microsoft Docs
description: In Windows 10, you can use a mobile device management (MDM) policy to deploy a customized Start and taskbar layout to users. For example, use Microsoft Intune to configure the start menu layout and taskbar, and deploy the policy to your devices.
-ms.assetid: F487850D-8950-41FB-9B06-64240127C1E4
ms.reviewer:
-manager: dougeby
-keywords: ["start screen", "start menu"]
+manager: aaroncz
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-author: aczechowski
+author: lizgt2000
ms.topic: article
-ms.author: aaroncz
+ms.author: lizlong
ms.localizationpriority: medium
ms.date: 08/05/2021
---
diff --git a/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md b/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md
index 110d43b999..33777e162b 100644
--- a/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md
+++ b/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md
@@ -1,15 +1,11 @@
---
title: Customize Windows 10 Start and taskbar with provisioning packages (Windows 10)
description: In Windows 10, you can use a provisioning package to deploy a customized Start layout to users.
-ms.assetid: AC952899-86A0-42FC-9E3C-C25F45B1ACAC
ms.reviewer:
-manager: dougeby
-keywords: ["Start layout", "start menu"]
+manager: aaroncz
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-author: aczechowski
-ms.author: aaroncz
+author: lizgt2000
+ms.author: lizlong
ms.topic: article
ms.localizationpriority: medium
---
diff --git a/windows/configuration/docfx.json b/windows/configuration/docfx.json
index 18a8bd0b88..ee22abf878 100644
--- a/windows/configuration/docfx.json
+++ b/windows/configuration/docfx.json
@@ -21,6 +21,7 @@
"files": [
"**/*.png",
"**/*.jpg",
+ "**/*.svg",
"**/*.gif"
],
"exclude": [
diff --git a/windows/configuration/find-the-application-user-model-id-of-an-installed-app.md b/windows/configuration/find-the-application-user-model-id-of-an-installed-app.md
index 05e5647ef7..27d56ce3c5 100644
--- a/windows/configuration/find-the-application-user-model-id-of-an-installed-app.md
+++ b/windows/configuration/find-the-application-user-model-id-of-an-installed-app.md
@@ -1,10 +1,10 @@
---
title: Find the Application User Model ID of an installed app
ms.reviewer: sybruckm
-manager: dougeby
-description: To configure assigned access (kiosk mode), you need the Application User Model ID (AUMID) of apps installed on a device.
-author: aczechowski
-ms.author: aaroncz
+manager: aaroncz
+description: To configure assigned access (kiosk mode), you need the Application User Model ID (AUMID) of apps installed on a device.
+author: lizgt2000
+ms.author: lizlong
ms.topic: article
ms.localizationpriority: medium
ms.prod: w10
@@ -97,7 +97,7 @@ function listAumids( $userAccount ) {
}
```
-The following Windows PowerShell commands demonstrate how you can call the listAumids function after you have created it.
+The following Windows PowerShell commands demonstrate how you can call the listAumids function after you've created it.
```powershell
# Get a list of AUMIDs for the current account:
diff --git a/windows/configuration/guidelines-for-assigned-access-app.md b/windows/configuration/guidelines-for-assigned-access-app.md
index 7ec5869bf1..28d7a44308 100644
--- a/windows/configuration/guidelines-for-assigned-access-app.md
+++ b/windows/configuration/guidelines-for-assigned-access-app.md
@@ -1,16 +1,16 @@
---
title: Guidelines for choosing an app for assigned access (Windows 10/11)
description: The following guidelines may help you choose an appropriate Windows app for your assigned access experience.
-keywords: ["kiosk", "lockdown", "assigned access"]
+keywords: [kiosk, lockdown, assigned access]
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
-author: aczechowski
+author: lizgt2000
ms.localizationpriority: medium
-ms.author: aaroncz
+ms.author: lizlong
ms.topic: article
ms.reviewer: sybruckm
-manager: dougeby
+manager: aaroncz
ms.collection: highpri
---
@@ -31,9 +31,9 @@ The following guidelines may help you choose an appropriate Windows app for your
- Windows apps must be provisioned or installed for the assigned access account before they can be selected as the assigned access app. [Learn how to provision and install apps](/windows/client-management/mdm/enterprise-app-management#install_your_apps).
-- Updating a Windows app can sometimes change the Application User Model ID (AUMID) of the app. If this happens, you must update the assigned access settings to launch the updated app, because assigned access uses the AUMID to determine which app to launch.
+- Updating a Windows app can sometimes change the Application User Model ID (AUMID) of the app. If this change happens, you must update the assigned access settings to launch the updated app, because assigned access uses the AUMID to determine which app to launch.
-- Apps that are generated using the [Desktop App Converter (Desktop Bridge)](/windows/uwp/porting/desktop-to-uwp-run-desktop-app-converter) cannot be used as kiosk apps.
+- Apps that are generated using the [Desktop App Converter (Desktop Bridge)](/windows/uwp/porting/desktop-to-uwp-run-desktop-app-converter) can't be used as kiosk apps.
@@ -46,16 +46,14 @@ Avoid selecting Windows apps that are designed to launch other apps as part of t
## Guidelines for web browsers
-In Windows 10, version 1909, assigned access adds support for the new Microsoft Edge kiosk mode. [Learn how to deploy Microsoft Edge kiosk mode](/DeployEdge/microsoft-edge-configure-kiosk-mode).
+Starting with Windows 10 version 1809+, Microsoft Edge includes support for kiosk mode. [Learn how to deploy Microsoft Edge kiosk mode.](/microsoft-edge/deploy/microsoft-edge-kiosk-mode-deploy)
-In Windows 10, version 1809, Microsoft Edge Legacy includes support for kiosk mode. [Learn how to deploy Microsoft Edge kiosk mode](/microsoft-edge/deploy/microsoft-edge-kiosk-mode-deploy).
-
-In Windows client, you can install the **Kiosk Browser** app from Microsoft to use as your kiosk app. For digital signage scenarios, you can configure **Kiosk Browser** to navigate to a URL and show only that content -- no navigation buttons, no address bar, etc. For kiosk scenarios, you can configure additional settings, such as allowed and blocked URLs, navigation buttons, and end session buttons. For example, you could configure your kiosk to show the online catalog for your store, where customers can navigate between departments and items, but aren’t allowed to go to a competitor's website.
+In Windows client, you can install the **Kiosk Browser** app from Microsoft to use as your kiosk app. For digital signage scenarios, you can configure **Kiosk Browser** to navigate to a URL and show only that content -- no navigation buttons, no address bar, etc. For kiosk scenarios, you can configure more settings, such as allowed and blocked URLs, navigation buttons, and end session buttons. For example, you could configure your kiosk to show the online catalog for your store, where customers can navigate between departments and items, but aren’t allowed to go to a competitor's website.
>[!NOTE]
>Kiosk Browser supports a single tab. If a website has links that open a new tab, those links will not work with Kiosk Browser. Kiosk Browser does not support .pdfs.
>
->Kiosk Browser cannot access intranet websites.
+>Kiosk Browser can't access intranet websites.
**Kiosk Browser** must be downloaded for offline licensing using Microsoft Store For Business. You can deploy **Kiosk Browser** to devices running Windows 10, version 1803 (Pro, Business, Enterprise, and Education) and Windows 11.
@@ -84,8 +82,7 @@ Restart on Idle Time | Specify when Kiosk Browser should restart in a fresh stat
>
> 1. Create the provisioning package. When ready to export, close the project in Windows Configuration Designer.
> 2. Open the customizations.xml file in the project folder (e.g C:\Users\name\Documents\Windows Imaging and Configuration Designer (WICD)\Project_18).
-> 3. Insert the null character string in between each URL
-(e.g `www.bing.com` and `www.contoso.com`).
+> 3. Insert the null character string in between each URL (e.g www.bing.com``www.contoso.com).
> 4. Save the XML file.
> 5. Open the project again in Windows Configuration Designer.
> 6. Export the package. Ensure you do not revisit the created policies under Kiosk Browser or else the null character will be removed.
@@ -107,10 +104,10 @@ URLs can include:
- The path to the resource.
- Query parameters.
-Additional guidelines for URLs:
+More guidelines for URLs:
- If a period precedes the host, the policy filters exact host matches only.
-- You cannot use user:pass fields.
+- You can't use user:pass fields.
- When both blocked URL and blocked URL exceptions apply with the same path length, the exception takes precedence.
- The policy searches wildcards (*) last.
- The optional query is a set of key-value and key-only tokens delimited by '&'.
@@ -123,8 +120,8 @@ The following table describes the results for different combinations of blocked
Blocked URL rule | Block URL exception rule | Result
--- | --- | ---
-`*` | `contoso.com` `fabrikam.com` | All requests are blocked unless it is to `contoso.com, fabrikam.com,` or any of their subdomains.
-`contoso.com` | `mail.contoso.com` `.contoso.com` `.www.contoso.com` | Block all requests to `contoso.com,` except for the main page and its mail subdomain.
+`*` | `contoso.com` `fabrikam.com` | All requests are blocked unless it's to contoso.com, fabrikam.com, or any of their subdomains.
+`contoso.com` | `mail.contoso.com` `.contoso.com` `.www.contoso.com` | Block all requests to contoso.com, except for the main page and its mail subdomain.
`youtube.com` | `youtube.com/watch?v=v1` `youtube.com/watch?v=v2` | Blocks all access to youtube.com except for the specified videos (v1 and v2).
The following table gives examples for blocked URLs.
@@ -132,16 +129,16 @@ The following table gives examples for blocked URLs.
| Entry | Result |
|--------------------------|-------------------------------------------------------------------------------|
-| `contoso.com` | Blocks all requests to contoso.com, `www.contoso.com,` and sub.www.contoso.com |
+| `contoso.com` | Blocks all requests to contoso.com, www.contoso.com, and sub.www.contoso.com |
| `https://*` | Blocks all HTTPS requests to any domain. |
-| `mail.contoso.com` | Blocks requests to mail.contoso.com but not to `www.contoso.com` or `contoso.com` |
+| `mail.contoso.com` | Blocks requests to mail.contoso.com but not to www.contoso.com or contoso.com |
| `.contoso.com` | Blocks contoso.com but not its subdomains, like subdomain.contoso.com. |
-| `.www.contoso.com` | Blocks `www.contoso.com` but not its subdomains. |
+| `.www.contoso.com` | Blocks www.contoso.com but not its subdomains. |
| `*` | Blocks all requests except for URLs in the Blocked URL Exceptions list. |
| `*:8080` | Blocks all requests to port 8080. |
| `contoso.com/stuff` | Blocks all requests to contoso.com/stuff and its subdomains. |
| `192.168.1.2` | Blocks requests to 192.168.1.2. |
-| `youtube.com/watch?v=V1` | Blocks youtube video with id V1. |
+| `youtube.com/watch?v=V1` | Blocks YouTube video with id V1. |
### Other browsers
@@ -158,24 +155,18 @@ You can create your own web browser Windows app by using the WebView class. Lear
Avoid selecting Windows apps that may expose the information you don’t want to show in your kiosk, since kiosk usually means anonymous access and locates in a public setting like a shopping mall. For example, an app that has a file picker allows the user to gain access to files and folders on the user's system, avoid selecting these types of apps if they provide unnecessary data access.
-## Customize your breakout sequence
-
-Assigned access allows for the specification of a new breakout sequence. A breakout sequence is a keyboard shortcut that stops the kiosk experience and brings the user back to the lock screen. By default the breakout sequence is configured to be ctrl+alt+delete, a common Windows keyboard shortcut. It is recommended that this is set to a non-standard Windows shortcut to prevent disruptions in the kiosk experience.
-
-There is currently no user interface for customizing the breakout sequence in Windows settings, so it would need to be specified in a provisioning method where an XML format such as MDM is used.
-
## App configuration
-Some apps may require additional configurations before they can be used appropriately in assigned access. For example, Microsoft OneNote requires you to set up a Microsoft account for the assigned access user account before OneNote will open in assigned access.
+Some apps may require more configurations before they can be used appropriately in assigned access. For example, Microsoft OneNote requires you to set up a Microsoft account for the assigned access user account before OneNote will open in assigned access.
Check the guidelines published by your selected app and set up accordingly.
## Develop your kiosk app
-Assigned access in Windows client leverages the new lock framework. When an assigned access user signs in, the selected kiosk app is launched above the lock screen. The kiosk app is running as an above lock screen app.
+Assigned access in Windows client uses the new lock framework. When an assigned access user signs in, the selected kiosk app is launched above the lock screen. The kiosk app is running as an above lock screen app.
Follow the [best practices guidance for developing a kiosk app for assigned access](/windows-hardware/drivers/partnerapps/create-a-kiosk-app-for-assigned-access).
## Test your assigned access experience
-The above guidelines may help you select or develop an appropriate Windows app for your assigned access experience. Once you have selected your app, we recommend that you thoroughly test the assigned access experience to ensure that your device provides a good customer experience.
+The above guidelines may help you select or develop an appropriate Windows app for your assigned access experience. Once you've selected your app, we recommend that you thoroughly test the assigned access experience to ensure that your device provides a good customer experience.
diff --git a/windows/configuration/images/choose-package.png b/windows/configuration/images/choose-package.png
deleted file mode 100644
index 2bf7a18648..0000000000
Binary files a/windows/configuration/images/choose-package.png and /dev/null differ
diff --git a/windows/configuration/images/oobe.jpg b/windows/configuration/images/oobe.jpg
deleted file mode 100644
index 2e700971c1..0000000000
Binary files a/windows/configuration/images/oobe.jpg and /dev/null differ
diff --git a/windows/configuration/images/oobe.png b/windows/configuration/images/oobe.png
new file mode 100644
index 0000000000..331797c251
Binary files /dev/null and b/windows/configuration/images/oobe.png differ
diff --git a/windows/configuration/images/package.png b/windows/configuration/images/package.png
deleted file mode 100644
index e10cf84f51..0000000000
Binary files a/windows/configuration/images/package.png and /dev/null differ
diff --git a/windows/configuration/images/prov.jpg b/windows/configuration/images/prov.jpg
deleted file mode 100644
index 1593ccb36b..0000000000
Binary files a/windows/configuration/images/prov.jpg and /dev/null differ
diff --git a/windows/configuration/images/provisioning-oobe-choice.png b/windows/configuration/images/provisioning-oobe-choice.png
new file mode 100644
index 0000000000..503fa8f17b
Binary files /dev/null and b/windows/configuration/images/provisioning-oobe-choice.png differ
diff --git a/windows/configuration/images/provisioning-oobe-choose-package.png b/windows/configuration/images/provisioning-oobe-choose-package.png
new file mode 100644
index 0000000000..68b23dae54
Binary files /dev/null and b/windows/configuration/images/provisioning-oobe-choose-package.png differ
diff --git a/windows/configuration/images/provisioning-oobe-installing.png b/windows/configuration/images/provisioning-oobe-installing.png
new file mode 100644
index 0000000000..4b05a90946
Binary files /dev/null and b/windows/configuration/images/provisioning-oobe-installing.png differ
diff --git a/windows/configuration/images/provisioning-runtime-UAC.png b/windows/configuration/images/provisioning-runtime-UAC.png
new file mode 100644
index 0000000000..5e00691b05
Binary files /dev/null and b/windows/configuration/images/provisioning-runtime-UAC.png differ
diff --git a/windows/configuration/images/provisioning-runtime-add-package.png b/windows/configuration/images/provisioning-runtime-add-package.png
new file mode 100644
index 0000000000..542c73fe6e
Binary files /dev/null and b/windows/configuration/images/provisioning-runtime-add-package.png differ
diff --git a/windows/configuration/images/provisioning-runtime-choose-package.png b/windows/configuration/images/provisioning-runtime-choose-package.png
new file mode 100644
index 0000000000..00a8f198a3
Binary files /dev/null and b/windows/configuration/images/provisioning-runtime-choose-package.png differ
diff --git a/windows/configuration/images/provisioning-runtime-click-to-install.png b/windows/configuration/images/provisioning-runtime-click-to-install.png
new file mode 100644
index 0000000000..5e06f26654
Binary files /dev/null and b/windows/configuration/images/provisioning-runtime-click-to-install.png differ
diff --git a/windows/configuration/images/provisioning-runtime-manage-packages.png b/windows/configuration/images/provisioning-runtime-manage-packages.png
new file mode 100644
index 0000000000..657e69b945
Binary files /dev/null and b/windows/configuration/images/provisioning-runtime-manage-packages.png differ
diff --git a/windows/configuration/images/provisioning-runtime-trust.png b/windows/configuration/images/provisioning-runtime-trust.png
new file mode 100644
index 0000000000..50cb98ff3b
Binary files /dev/null and b/windows/configuration/images/provisioning-runtime-trust.png differ
diff --git a/windows/configuration/images/setupmsg.jpg b/windows/configuration/images/setupmsg.jpg
deleted file mode 100644
index 06348dd2b8..0000000000
Binary files a/windows/configuration/images/setupmsg.jpg and /dev/null differ
diff --git a/windows/configuration/images/trust-package.png b/windows/configuration/images/trust-package.png
deleted file mode 100644
index 8a293ea4da..0000000000
Binary files a/windows/configuration/images/trust-package.png and /dev/null differ
diff --git a/windows/configuration/includes/multi-app-kiosk-support-windows11.md b/windows/configuration/includes/multi-app-kiosk-support-windows11.md
index e3b0982b66..efe346ced6 100644
--- a/windows/configuration/includes/multi-app-kiosk-support-windows11.md
+++ b/windows/configuration/includes/multi-app-kiosk-support-windows11.md
@@ -3,7 +3,6 @@ author: aczechowski
ms.author: aaroncz
ms.date: 09/21/2021
ms.reviewer:
-audience: itpro
manager: dougeby
ms.prod: w10
ms.topic: include
diff --git a/windows/configuration/index.yml b/windows/configuration/index.yml
index aa2502cdf2..be1a9d7a92 100644
--- a/windows/configuration/index.yml
+++ b/windows/configuration/index.yml
@@ -1,7 +1,7 @@
### YamlMime:Landing
title: Configure Windows client # < 60 chars
-summary: Find out how to apply custom configurations to Windows 10 and Windows 11 devices. Windows 10 provides a number of features and methods to help you configure or lock down specific parts of Windows client. # < 160 chars
+summary: Find out how to apply custom configurations to Windows 10 and Windows 11 devices. Windows 10 provides many features and methods to help you configure or lock down specific parts of Windows client. # < 160 chars
metadata:
title: Configure Windows client # Required; page title displayed in search results. Include the brand. < 60 chars.
diff --git a/windows/configuration/kiosk-additional-reference.md b/windows/configuration/kiosk-additional-reference.md
index cd38222026..3028bbe1c0 100644
--- a/windows/configuration/kiosk-additional-reference.md
+++ b/windows/configuration/kiosk-additional-reference.md
@@ -1,15 +1,11 @@
---
title: More kiosk methods and reference information (Windows 10/11)
description: Find more information for configuring, validating, and troubleshooting kiosk configuration.
-ms.assetid: 428680AE-A05F-43ED-BD59-088024D1BFCC
ms.reviewer: sybruckm
-manager: dougeby
-ms.author: aaroncz
-keywords: ["assigned access", "kiosk", "lockdown", "digital sign", "digital signage"]
+manager: aaroncz
+ms.author: lizlong
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-author: aczechowski
+author: lizgt2000
ms.localizationpriority: medium
ms.topic: reference
---
diff --git a/windows/configuration/kiosk-mdm-bridge.md b/windows/configuration/kiosk-mdm-bridge.md
index 7c0a77b39e..abda04599e 100644
--- a/windows/configuration/kiosk-mdm-bridge.md
+++ b/windows/configuration/kiosk-mdm-bridge.md
@@ -1,15 +1,11 @@
---
title: Use MDM Bridge WMI Provider to create a Windows 10/11 kiosk (Windows 10/11)
description: Environments that use Windows Management Instrumentation (WMI) can use the MDM Bridge WMI Provider to configure the MDM_AssignedAccess class.
-ms.assetid: 428680AE-A05F-43ED-BD59-088024D1BFCC
ms.reviewer: sybruckm
-manager: dougeby
-ms.author: aaroncz
-keywords: ["assigned access", "kiosk", "lockdown", "digital sign", "digital signage"]
+manager: aaroncz
+ms.author: lizlong
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-author: aczechowski
+author: lizgt2000
ms.localizationpriority: medium
ms.topic: article
---
diff --git a/windows/configuration/kiosk-methods.md b/windows/configuration/kiosk-methods.md
index ea9c57c785..f2071ae8ea 100644
--- a/windows/configuration/kiosk-methods.md
+++ b/windows/configuration/kiosk-methods.md
@@ -1,15 +1,12 @@
---
title: Configure kiosks and digital signs on Windows 10/11 desktop editions
ms.reviewer: sybruckm
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: lizlong
description: In this article, learn about the methods for configuring kiosks and digital signs on Windows 10 or Windows 11 desktop editions.
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: security
ms.localizationpriority: medium
-author: aczechowski
+author: lizgt2000
ms.topic: article
ms.collection: highpri
---
@@ -28,7 +25,7 @@ Some desktop devices in an enterprise serve a special purpose. For example, a PC
- **A single-app kiosk**: Runs a single Universal Windows Platform (UWP) app in full screen above the lock screen. People using the kiosk can see only that app. When the kiosk account (a local standard user account) signs in, the kiosk app will launch automatically, and you can configure the kiosk account to sign in automatically as well. If the kiosk app is closed, it will automatically restart.
- A single-app kiosk is ideal for public use. Using [Shell Launcher](kiosk-shelllauncher.md), you can configure a kiosk device that runs a Windows desktop application as the user interface. The application that you specify replaces the default shell (explorer.exe) that usually runs when a user logs on. This type of single-app kiosk does not run above the lock screen.
+ A single-app kiosk is ideal for public use. Using [Shell Launcher](kiosk-shelllauncher.md), you can configure a kiosk device that runs a Windows desktop application as the user interface. The application that you specify replaces the default shell (explorer.exe) that usually runs when a user logs on. This type of single-app kiosk doesn't run above the lock screen.
diff --git a/windows/configuration/kiosk-policies.md b/windows/configuration/kiosk-policies.md
index 6524e3e543..fda5b337bf 100644
--- a/windows/configuration/kiosk-policies.md
+++ b/windows/configuration/kiosk-policies.md
@@ -1,17 +1,12 @@
---
title: Policies enforced on kiosk devices (Windows 10/11)
description: Learn about the policies enforced on a device when you configure it as a kiosk.
-ms.assetid: 14DDDC96-88C7-4181-8415-B371F25726C8
ms.reviewer: sybruckm
-manager: dougeby
-keywords: ["lockdown", "app restrictions", "applocker"]
+manager: aaroncz
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: edu, security
-author: aczechowski
+author: lizgt2000
ms.localizationpriority: medium
-ms.author: aaroncz
+ms.author: lizlong
ms.topic: article
---
@@ -25,14 +20,14 @@ ms.topic: article
-It is not recommended to set policies enforced in assigned access kiosk mode to different values using other channels, as the kiosk mode has been optimized to provide a locked-down experience.
+It isn't recommended to set policies enforced in assigned access kiosk mode to different values using other channels, as the kiosk mode has been optimized to provide a locked-down experience.
When the assigned access kiosk configuration is applied on the device, certain policies are enforced system-wide, and will impact other users on the device.
## Group Policy
-The following local policies affect all **non-administrator** users on the system, regardless whether the user is configured as an assigned access user or not. This includes local users, domain users, and Azure Active Directory users.
+The following local policies affect all **non-administrator** users on the system, regardless whether the user is configured as an assigned access user or not. These users include local users, domain users, and Azure Active Directory users.
| Setting | Value |
| --- | --- |
@@ -70,7 +65,7 @@ Prevent access to drives from My Computer | Enabled - Restrict all drivers
## MDM policy
-Some of the MDM policies based on the [Policy configuration service provider (CSP)](/windows/client-management/mdm/policy-configuration-service-provider) affect all users on the system (i.e. system-wide).
+Some of the MDM policies based on the [Policy configuration service provider (CSP)](/windows/client-management/mdm/policy-configuration-service-provider) affect all users on the system (that is, system-wide impact).
Setting | Value | System-wide
--- | --- | ---
diff --git a/windows/configuration/kiosk-prepare.md b/windows/configuration/kiosk-prepare.md
index 45dec9443a..011b3f06f3 100644
--- a/windows/configuration/kiosk-prepare.md
+++ b/windows/configuration/kiosk-prepare.md
@@ -1,15 +1,11 @@
---
title: Prepare a device for kiosk configuration on Windows 10/11 | Microsoft Docs
description: Learn how to prepare a device for kiosk configuration. Also, learn about the recommended kiosk configuration changes.
-ms.assetid: 428680AE-A05F-43ED-BD59-088024D1BFCC
ms.reviewer: sybruckm
-manager: dougeby
-ms.author: aaroncz
-keywords: ["assigned access", "kiosk", "lockdown", "digital sign", "digital signage"]
+manager: aaroncz
+ms.author: lizlong
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-author: aczechowski
+author: lizgt2000
ms.localizationpriority: medium
ms.topic: article
ms.collection: highpri
diff --git a/windows/configuration/kiosk-shelllauncher.md b/windows/configuration/kiosk-shelllauncher.md
index 3cd7d04a31..b2ccf80c40 100644
--- a/windows/configuration/kiosk-shelllauncher.md
+++ b/windows/configuration/kiosk-shelllauncher.md
@@ -1,15 +1,11 @@
---
title: Use Shell Launcher to create a Windows 10/11 kiosk (Windows 10/11)
description: Shell Launcher lets you change the default shell that launches when a user signs in to a device.
-ms.assetid: 428680AE-A05F-43ED-BD59-088024D1BFCC
ms.reviewer: sybruckm
-manager: dougeby
-ms.author: aaroncz
-keywords: ["assigned access", "kiosk", "lockdown", "digital sign", "digital signage"]
+manager: aaroncz
+ms.author: lizlong
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-author: aczechowski
+author: lizgt2000
ms.localizationpriority: medium
ms.topic: article
ms.collection: highpri
diff --git a/windows/configuration/kiosk-single-app.md b/windows/configuration/kiosk-single-app.md
index 179c44499b..8410a63f1f 100644
--- a/windows/configuration/kiosk-single-app.md
+++ b/windows/configuration/kiosk-single-app.md
@@ -1,15 +1,11 @@
---
title: Set up a single-app kiosk on Windows 10/11
description: A single-use device is easy to set up in Windows 10 and Windows 11 for desktop editions (Pro, Enterprise, and Education).
-ms.assetid: 428680AE-A05F-43ED-BD59-088024D1BFCC
ms.reviewer: sybruckm
-manager: dougeby
-ms.author: aaroncz
-keywords: ["assigned access", "kiosk", "lockdown", "digital sign", "digital signage"]
+manager: aaroncz
+ms.author: lizlong
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-author: aczechowski
+author: lizgt2000
ms.localizationpriority: medium
ms.topic: article
ms.collection: highpri
diff --git a/windows/configuration/kiosk-troubleshoot.md b/windows/configuration/kiosk-troubleshoot.md
index cb60660c38..ad0602aff4 100644
--- a/windows/configuration/kiosk-troubleshoot.md
+++ b/windows/configuration/kiosk-troubleshoot.md
@@ -1,17 +1,12 @@
---
title: Troubleshoot kiosk mode issues (Windows 10/11)
description: Learn how to troubleshoot single-app and multi-app kiosk configurations, as well as common problems like sign-in issues.
-ms.assetid: 14DDDC96-88C7-4181-8415-B371F25726C8
ms.reviewer: sybruckm
-manager: dougeby
-keywords: ["lockdown", "app restrictions"]
+manager: aaroncz
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: edu, security
-author: aczechowski
+author: lizgt2000
ms.localizationpriority: medium
-ms.author: aaroncz
+ms.author: lizlong
ms.topic: article
---
diff --git a/windows/configuration/kiosk-validate.md b/windows/configuration/kiosk-validate.md
index 934dd1ed77..6a43b111e8 100644
--- a/windows/configuration/kiosk-validate.md
+++ b/windows/configuration/kiosk-validate.md
@@ -1,15 +1,11 @@
---
title: Validate kiosk configuration (Windows 10/11)
description: In this article, learn what to expect on a multi-app kiosk in Windows 10/11 Pro, Enterprise, and Education.
-ms.assetid: 428680AE-A05F-43ED-BD59-088024D1BFCC
ms.reviewer: sybruckm
-manager: dougeby
-ms.author: aaroncz
-keywords: ["assigned access", "kiosk", "lockdown", "digital sign", "digital signage"]
+manager: aaroncz
+ms.author: lizlong
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-author: aczechowski
+author: lizgt2000
ms.localizationpriority: medium
ms.topic: article
---
diff --git a/windows/configuration/kiosk-xml.md b/windows/configuration/kiosk-xml.md
index f6ddb6a2d4..d26ff8c364 100644
--- a/windows/configuration/kiosk-xml.md
+++ b/windows/configuration/kiosk-xml.md
@@ -1,17 +1,12 @@
---
title: Assigned Access configuration kiosk XML reference (Windows 10/11)
description: Learn about the assigned access configuration (kiosk) for XML and XSD for kiosk device configuration in Windows 10/11.
-ms.assetid: 14DDDC96-88C7-4181-8415-B371F25726C8
ms.reviewer: sybruckm
-manager: dougeby
-keywords: ["lockdown", "app restrictions", "applocker"]
+manager: aaroncz
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: edu, security
-author: aczechowski
+author: lizgt2000
ms.localizationpriority: medium
-ms.author: aaroncz
+ms.author: lizlong
ms.topic: article
---
diff --git a/windows/configuration/lock-down-windows-10-applocker.md b/windows/configuration/lock-down-windows-10-applocker.md
index 4fcd915dd1..7c5751d47e 100644
--- a/windows/configuration/lock-down-windows-10-applocker.md
+++ b/windows/configuration/lock-down-windows-10-applocker.md
@@ -1,18 +1,13 @@
---
title: Use AppLocker to create a Windows 10 kiosk that runs multiple apps (Windows 10)
description: Learn how to use AppLocker to configure a kiosk device running Windows 10 Enterprise or Windows 10 Education so that users can only run a few specific apps.
-ms.assetid: 14DDDC96-88C7-4181-8415-B371F25726C8
ms.reviewer: sybruckm
-manager: dougeby
-keywords: ["lockdown", "app restrictions", "applocker"]
+manager: aaroncz
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: edu, security
-author: aczechowski
+author: lizgt2000
ms.localizationpriority: medium
ms.date: 07/30/2018
-ms.author: aaroncz
+ms.author: lizlong
ms.topic: article
---
diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md
index ef2974bbc5..209003e5e1 100644
--- a/windows/configuration/lock-down-windows-10-to-specific-apps.md
+++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md
@@ -3,9 +3,9 @@ title: Set up a multi-app kiosk on Windows 10
description: Learn how to configure a kiosk device running Windows 10 so that users can only run a few specific apps.
ms.prod: w10
ms.technology: windows
-author: aczechowski
-ms.author: aaroncz
-manager: dougeby
+author: lizgt2000
+ms.author: lizlong
+manager: aaroncz
ms.reviewer: sybruckm
ms.localizationpriority: medium
ms.topic: how-to
@@ -404,7 +404,7 @@ Group accounts are specified using ``. Nested groups aren't supported
```
-- Azure AD group: Use the group object ID from the Azure portal to uniquely identify the group in the Name attribute. You can find the object ID on the overview page for the group in **Users and groups** > **All groups**. Specify the group type as **AzureActiveDirectoryGroup**. The kiosk device must have internet connectivity when users that belong to the group sign in.
+- Azure AD group: Use the group object ID from the Azure portal to uniquely identify the group in the Name attribute. You can find the object ID on the overview page for the group in **Users and groups** > **All groups**. Specify the group type as **AzureActiveDirectoryGroup**. The kiosk device must have internet connectivity when users that belong to the group sign-in.
```xml
@@ -544,43 +544,11 @@ Use the Windows Configuration Designer tool to create a provisioning package. [L
### Apply provisioning package to device
-Provisioning packages can be applied to a device during the first-run experience (out-of-box experience or "OOBE") and after ("runtime").
-
->[!TIP]
->In addition to the methods below, you can use the PowerShell comdlet [install-provisioningpackage](/powershell/module/provisioning/Install-ProvisioningPackage) with `-LogsDirectoryPath` to get logs for the operation.
-
-#### During initial setup, from a USB drive
-
-1. Start with a computer on the first-run setup screen. If the PC has gone past this screen, reset the PC to start over. To reset the PC, go to **Settings** > **Update & security** > **Recovery** > **Reset this PC**.
-
- 
-
-2. Insert the USB drive. Windows Setup will recognize the drive and ask if you want to set up the device. Select **Set up**.
-
- 
-
-3. The next screen asks you to select a provisioning source. Select **Removable Media** and tap **Next**.
-
- 
-
-4. Select the provisioning package (\*.ppkg) that you want to apply, and tap **Next**.
-
- 
-
-5. Select **Yes, add it**.
-
- 
-
-#### After setup, from a USB drive, network folder, or SharePoint site
-
-1. Sign in with an admin account.
-2. Insert the USB drive to a desktop computer, navigate to **Settings** > **Accounts** > **Access work or school** > **Add or remove a provisioning package** > **Add a package**, and select the package to install. For a provisioning package stored on a network folder or on a SharePoint site, navigate to the provisioning package and double-click it to begin installation.
+Provisioning packages can be applied to a device during initial setup (out-of-box experience or "OOBE") and after ("runtime"). For more information, see [Apply a provisioning package](./provisioning-packages/provisioning-apply-package.md).
> [!NOTE]
> If your provisioning package doesn't include the assigned access user account creation, make sure the account you specified in the multi-app configuration XML exists on the device.
-
-
### Use MDM to deploy the multi-app configuration
Multi-app kiosk mode is enabled by the [AssignedAccess configuration service provider (CSP)](/windows/client-management/mdm/assignedaccess-csp). Your MDM policy can contain the assigned access configuration XML.
diff --git a/windows/configuration/lockdown-features-windows-10.md b/windows/configuration/lockdown-features-windows-10.md
index 36bf667cc7..05bf244383 100644
--- a/windows/configuration/lockdown-features-windows-10.md
+++ b/windows/configuration/lockdown-features-windows-10.md
@@ -1,16 +1,11 @@
---
title: Lockdown features from Windows Embedded 8.1 Industry (Windows 10)
-description: Many of the lockdown features available in Windows Embedded 8.1 Industry have been modified in some form for Windows 10.
-ms.assetid: 3C006B00-535C-4BA4-9421-B8F952D47A14
+description: Many of the lockdown features available in Windows Embedded 8.1 Industry have been modified in some form for Windows 10.
ms.reviewer:
-manager: dougeby
-keywords: lockdown, embedded
+manager: aaroncz
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-author: aczechowski
-ms.author: aaroncz
+author: lizgt2000
+ms.author: lizlong
ms.topic: article
ms.localizationpriority: medium
---
diff --git a/windows/configuration/manage-tips-and-suggestions.md b/windows/configuration/manage-tips-and-suggestions.md
index 2dcf1d588b..13dd5ee45a 100644
--- a/windows/configuration/manage-tips-and-suggestions.md
+++ b/windows/configuration/manage-tips-and-suggestions.md
@@ -1,18 +1,14 @@
---
title: Manage Windows 10 and Microsoft Store tips, fun facts, and suggestions (Windows 10)
-description: Windows 10 provides organizations with various options to manage user experiences to provide a consistent and predictable experience for employees.
-keywords: ["device management"]
+description: Windows 10 provides organizations with various options to manage user experiences to provide a consistent and predictable experience for employees.
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: devices
-author: aczechowski
-ms.author: aaroncz
+author: lizgt2000
+ms.author: lizlong
ms.topic: article
ms.localizationpriority: medium
ms.date: 09/20/2017
ms.reviewer:
-manager: dougeby
+manager: aaroncz
---
# Manage Windows 10 and Microsoft Store tips, "fun facts", and suggestions
diff --git a/windows/configuration/manage-wifi-sense-in-enterprise.md b/windows/configuration/manage-wifi-sense-in-enterprise.md
index 8149182469..eaff525abc 100644
--- a/windows/configuration/manage-wifi-sense-in-enterprise.md
+++ b/windows/configuration/manage-wifi-sense-in-enterprise.md
@@ -1,16 +1,11 @@
---
title: Manage Wi-Fi Sense in your company (Windows 10)
description: Wi-Fi Sense automatically connects you to Wi-Fi, so you can get online quickly in more places.
-ms.assetid: 1845e00d-c4ee-4a8f-a5e5-d00f2735a271
ms.reviewer:
-manager: dougeby
-ms.author: aaroncz
-keywords: ["WiFi Sense", "automatically connect to wi-fi", "wi-fi hotspot connection"]
+manager: aaroncz
+ms.author: lizlong
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: mobile
-author: aczechowski
+author: lizgt2000
ms.localizationpriority: medium
ms.topic: article
---
diff --git a/windows/configuration/provisioning-apn.md b/windows/configuration/provisioning-apn.md
index ffe4a55f6d..2971e83a97 100644
--- a/windows/configuration/provisioning-apn.md
+++ b/windows/configuration/provisioning-apn.md
@@ -1,14 +1,11 @@
---
title: Configure cellular settings for tablets and PCs (Windows 10)
description: Enterprises can provision cellular settings for tablets and PC with built-in cellular modems or plug-in USB modem dongles.
-ms.assetid: 287706E5-063F-4AB5-902C-A0DF6D0730BC
ms.reviewer:
-manager: dougeby
+manager: aaroncz
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-author: aczechowski
-ms.author: aaroncz
+author: lizgt2000
+ms.author: lizlong
ms.topic: article
ms.localizationpriority: medium
ms.date: 04/13/2018
diff --git a/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md b/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md
index 9147bc6b90..933279aeb0 100644
--- a/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md
+++ b/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md
@@ -1,14 +1,11 @@
---
title: Configuration service providers for IT pros (Windows 10/11)
-description: Describes how IT pros and system administrators can use configuration service providers (CSPs) to configure devices.
-ms.assetid: 25C1FDCA-0E10-42A1-A368-984FFDB2B7B6
+description: Describes how IT pros and system administrators can use configuration service providers (CSPs) to configure devices.
ms.reviewer: gkomatsu
-manager: dougeby
+manager: aaroncz
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-author: aczechowski
-ms.author: aaroncz
+author: lizgt2000
+ms.author: lizlong
ms.topic: article
ms.localizationpriority: medium
---
@@ -153,7 +150,6 @@ Here is a list of CSPs supported on Windows 10 Enterprise:
- [DMClient CSP](/windows/client-management/mdm/dmclient-csp)
- [Email2 CSP](/windows/client-management/mdm/email2-csp)
- [EnterpriseAPN CSP](/windows/client-management/mdm/enterpriseapn-csp)
-- [EnterpriseAppManagement CSP](/windows/client-management/mdm/enterpriseappmanagement-csp)
- [EnterpriseAssignedAccess CSP](/windows/client-management/mdm/enterpriseassignedaccess-csp)
- [EnterpriseDesktopAppManagement CSP](/windows/client-management/mdm/enterprisedesktopappmanagement-csp)
- [EnterpriseExt CSP](/windows/client-management/mdm/enterpriseext-csp)
@@ -164,12 +160,12 @@ Here is a list of CSPs supported on Windows 10 Enterprise:
- [Maps CSP](/windows/client-management/mdm/maps-csp)
- [NAP CSP](/windows/client-management/mdm/filesystem-csp)
- [NAPDEF CSP](/windows/client-management/mdm/napdef-csp)
-- [NodeCache CSP]( https://go.microsoft.com/fwlink/p/?LinkId=723265)
+- [NodeCache CSP](https://go.microsoft.com/fwlink/p/?LinkId=723265)
- [PassportForWork CSP](/windows/client-management/mdm/passportforwork-csp)
- [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider)
-- [PolicyManager CSP]( https://go.microsoft.com/fwlink/p/?LinkId=723418)
+- [PolicyManager CSP](https://go.microsoft.com/fwlink/p/?LinkId=723418)
- [Provisioning CSP](/windows/client-management/mdm/provisioning-csp)
-- [Proxy CSP]( https://go.microsoft.com/fwlink/p/?LinkId=723372)
+- [Proxy CSP](https://go.microsoft.com/fwlink/p/?LinkId=723372)
- [PXLOGICAL CSP](/windows/client-management/mdm/pxlogical-csp)
- [Registry CSP](/windows/client-management/mdm/registry-csp)
- [RemoteFind CSP](/windows/client-management/mdm/remotefind-csp)
diff --git a/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md b/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md
index 1305b2bb87..149f92d455 100644
--- a/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md
+++ b/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md
@@ -1,15 +1,11 @@
---
title: Provision PCs with common settings (Windows 10/11)
-description: Create a provisioning package to apply common settings to a PC running Windows 10.
-ms.assetid: 66D14E97-E116-4218-8924-E2A326C9367E
+description: Create a provisioning package to apply common settings to a PC running Windows 10.
ms.reviewer: gkomatsu
-manager: dougeby
-keywords: ["runtime provisioning", "provisioning package"]
+manager: aaroncz
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-author: aczechowski
-ms.author: aaroncz
+author: lizgt2000
+ms.author: lizlong
ms.topic: article
ms.localizationpriority: medium
---
@@ -143,12 +139,6 @@ After you're done, click **Create**. It only takes a few seconds. When the packa
**Next step**: [How to apply a provisioning package](provisioning-apply-package.md)
-
-## Learn more
-
-- Watch the video: [Provisioning Windows 10 Devices with New Tools](https://go.microsoft.com/fwlink/p/?LinkId=615921)
-
-
## Related articles
- [Provisioning packages for Windows client](provisioning-packages.md)
diff --git a/windows/configuration/provisioning-packages/provision-pcs-with-apps-and-certificates.md b/windows/configuration/provisioning-packages/provision-pcs-with-apps-and-certificates.md
index faad3522bb..2e3e08cf89 100644
--- a/windows/configuration/provisioning-packages/provision-pcs-with-apps-and-certificates.md
+++ b/windows/configuration/provisioning-packages/provision-pcs-with-apps-and-certificates.md
@@ -1,17 +1,14 @@
---
title: Provision PCs with apps and certificates (Windows 10)
-description: Create a provisioning package to apply settings to a PC running Windows 10.
-keywords: ["runtime provisioning", "provisioning package"]
+description: Create a provisioning package to apply settings to a PC running Windows 10.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-author: aczechowski
-ms.author: aaroncz
+author: lizgt2000
+ms.author: lizlong
ms.topic: article
ms.localizationpriority: medium
ms.date: 07/27/2017
ms.reviewer:
-manager: dougeby
+manager: aaroncz
---
# Provision PCs with apps and certificates for initial deployment (advanced provisioning)
@@ -177,13 +174,6 @@ For details about the settings you can customize in provisioning packages, see [
**Next step**: [How to apply a provisioning package](provisioning-apply-package.md)
-## Learn more
-
-- Watch the video: [Provisioning Windows 10 Devices with New Tools](https://go.microsoft.com/fwlink/p/?LinkId=615921)
-
-- Watch the video: [Windows 10 for Mobile Devices: Provisioning Is Not Imaging](https://go.microsoft.com/fwlink/p/?LinkId=615922)
-
-
## Related topics
- [Provisioning packages for Windows 10](provisioning-packages.md)
diff --git a/windows/configuration/provisioning-packages/provision-pcs-with-apps.md b/windows/configuration/provisioning-packages/provision-pcs-with-apps.md
index f1b8691117..c96322afd3 100644
--- a/windows/configuration/provisioning-packages/provision-pcs-with-apps.md
+++ b/windows/configuration/provisioning-packages/provision-pcs-with-apps.md
@@ -1,16 +1,13 @@
---
title: Provision PCs with apps (Windows 10/11)
description: Learn how to install multiple Universal Windows Platform (UWP) apps and Windows desktop applications (Win32) in a provisioning package.
-keywords: ["runtime provisioning", "provisioning package"]
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-author: aczechowski
+author: lizgt2000
ms.localizationpriority: medium
-ms.author: aaroncz
+ms.author: lizlong
ms.topic: article
ms.reviewer: gkomatsu
-manager: dougeby
+manager: aaroncz
---
# Provision PCs with apps
@@ -187,11 +184,6 @@ For details about the settings you can customize in provisioning packages, see [
**Next step**: [How to apply a provisioning package](provisioning-apply-package.md)
-## Learn more
-
-- Watch the video: [Provisioning Windows 10 Devices with New Tools](https://go.microsoft.com/fwlink/p/?LinkId=615921)
-
-
## Related articles
- [Provisioning packages for Windows client](provisioning-packages.md)
diff --git a/windows/configuration/provisioning-packages/provisioning-apply-package.md b/windows/configuration/provisioning-packages/provisioning-apply-package.md
index 230570bfa8..f3f3796147 100644
--- a/windows/configuration/provisioning-packages/provisioning-apply-package.md
+++ b/windows/configuration/provisioning-packages/provisioning-apply-package.md
@@ -1,15 +1,13 @@
---
title: Apply a provisioning package (Windows 10/11)
-description: Provisioning packages can be applied to a device during the first-run experience (OOBE) and after ("runtime").
+description: Provisioning packages can be applied to a device during initial setup (OOBE) and after (runtime).
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-author: aczechowski
-ms.author: aaroncz
+author: lizgt2000
+ms.author: lizlong
ms.topic: article
ms.localizationpriority: medium
ms.reviewer: gkomatsu
-manager: dougeby
+manager: aaroncz
---
# Apply a provisioning package
@@ -20,40 +18,82 @@ manager: dougeby
- Windows 10
- Windows 11
-Provisioning packages can be applied to client devices during the first-run experience (out-of-box experience or "OOBE") and after ("runtime").
+Provisioning packages can be applied to a device during initial setup (out-of-box experience or "OOBE") and after ("runtime").
->[!NOTE]
+> [!NOTE]
>
> - Applying a provisioning package to a desktop device requires administrator privileges on the device.
> - You can interrupt a long-running provisioning process by pressing ESC.
-## During initial setup, from a USB drive
+> [!TIP]
+> In addition to the following methods, you can use the PowerShell cmdlet [Install-ProvisioningPackage](/powershell/module/provisioning/Install-ProvisioningPackage) with `-LogsDirectoryPath` to get logs for the operation.
-1. Start with a computer on the first-run setup screen. If the PC has gone past this screen, reset the PC to start over. To reset the PC, go to **Settings** > **Update & security** > **Recovery** > **Reset this PC**.
+## During initial setup
- 
+To apply a provisioning package from a USB drive during initial setup:
-2. Insert the USB drive. Windows Setup will recognize the drive and ask if you want to set up the device. Select **Set up**.
+1. Start with a device on the initial setup screen. If the device has gone past this screen, reset the device to start over. To reset, go to **Settings** > **System** > [**Recovery**](ms-settings:recovery) > **Reset this PC**.
- 
+ :::image type="content" source="../images/oobe.png" alt-text="The first screen when setting up a new PC.":::
-3. The next screen asks you to select a provisioning source. Select **Removable Media** and select **Next**.
+2. Insert the USB drive. If nothing happens when you insert the USB drive, press the Windows key five times.
- 
+ - If there is only one provisioning package on the USB drive, the provisioning package is applied. See step 5.
+ - If there is more than one provisioning package on the USB drive, Windows setup will recognize the drive and ask how you want to provision the device. Select **Install provisioning package** and select **Next**.
-4. Select the provisioning package (`.ppkg`) that you want to apply, and select **Next**.
+ :::image type="content" source="../images/provisioning-oobe-choice.png" alt-text="What would you like to do?":::
- 
+3. Select the provisioning package (`.ppkg`) that you want to apply, and select **Yes**.
-5. Select **Yes, add it**.
+ :::image type="content" source="../images/provisioning-oobe-choose-package.png" alt-text="Choose a package.":::
- 
+4. The selected provisioning package will install and apply to the device.
-## After setup, from a USB drive, network folder, or SharePoint site
+ :::image type="content" source="../images/provisioning-oobe-installing.png" alt-text="Setting up your PC.":::
-Insert the USB drive to a desktop computer, navigate to **Settings** > **Accounts** > **Access work or school** > **Add or remove a provisioning package** > **Add a package**, and select the package to install. For a provisioning package stored on a network folder or on a SharePoint site, navigate to the provisioning package and double-click it to begin installation.
+5. Wait for the device to load and begin applying the provisioning package. Once you see "You can remove your removable media now!" you can remove your USB drive. Windows will continue provisioning the device.
-
+## After initial setup
+
+Provisioning packages can be applied after initial setup through Windows settings or by simply double-clicking a provisioning package.
+
+### Windows Settings
+
+1. Insert the USB drive, then navigate to **Settings** > **Accounts** > [**Access work or school**](ms-settings:workplace) > **Add or remove a provisioning package** > **Add a package**.
+
+ :::image type="content" source="../images/provisioning-runtime-manage-packages.png" alt-text="Add or remove a provisioning package.":::
+
+2. Choose the method you want to use, such as **Removable Media**.
+
+ :::image type="content" source="../images/provisioning-runtime-choose-package.png" alt-text="Choose a method.":::
+
+3. Select the provisioning package (`.ppkg`) that you want to apply, and select **Add**.
+
+ :::image type="content" source="../images/provisioning-runtime-add-package.png" alt-text="Select and add a package.":::
+
+4. Provisioning packages require administrator privileges as they can modify system policies and run scripts at the system level. Ensure you trust the package you are installing before accepting the UAC prompt. Select **Yes**.
+
+ :::image type="content" source="../images/provisioning-runtime-UAC.png" alt-text="Do you want to allow changes to your device?":::
+
+5. The provisioning runtime will ask if the package is from a source you trust. Verify that you are applying the correct package and that it is trusted. Select **Yes, add it**.
+
+ :::image type="content" source="../images/provisioning-runtime-trust.png" alt-text="Do you trust this package?":::
+
+### Apply Directly
+
+To apply a provisioning package directly, such as from a USB drive, folder, network, or SharePoint site:
+
+1. Navigate to the provisioning package and double-click it to begin the installation.
+
+ :::image type="content" source="../images/provisioning-runtime-click-to-install.png" alt-text="Double-click package to being installation.":::
+
+2. Provisioning packages require administrator privileges as they can modify system policies and run scripts at the system level. Ensure you trust the package you are installing before accepting the UAC prompt. Select **Yes**.
+
+ :::image type="content" source="../images/provisioning-runtime-UAC.png" alt-text="Do you want to allow changes to your device?":::
+
+3. The provisioning runtime will ask if the package is from a source you trust. Verify that you are applying the correct package and that it is trusted. Select **Yes, add it**.
+
+ :::image type="content" source="../images/provisioning-runtime-trust.png" alt-text="Do you trust this package?":::
## Related articles
diff --git a/windows/configuration/provisioning-packages/provisioning-command-line.md b/windows/configuration/provisioning-packages/provisioning-command-line.md
index 95e51c1316..365710b8c3 100644
--- a/windows/configuration/provisioning-packages/provisioning-command-line.md
+++ b/windows/configuration/provisioning-packages/provisioning-command-line.md
@@ -2,14 +2,12 @@
title: Windows Configuration Designer command-line interface (Windows 10/11)
description: Learn more about the ICD syntax, switches, and arguments that you can use in the Windows Configuration Designer command-line interface for Windows10/11 client devices.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-author: aczechowski
-ms.author: aaroncz
+author: lizgt2000
+ms.author: lizlong
ms.topic: article
ms.localizationpriority: medium
ms.reviewer: gkomatsu
-manager: dougeby
+manager: aaroncz
---
# Windows Configuration Designer command-line interface (reference)
diff --git a/windows/configuration/provisioning-packages/provisioning-create-package.md b/windows/configuration/provisioning-packages/provisioning-create-package.md
index f926e57f98..a7fc0987ba 100644
--- a/windows/configuration/provisioning-packages/provisioning-create-package.md
+++ b/windows/configuration/provisioning-packages/provisioning-create-package.md
@@ -2,14 +2,12 @@
title: Create a provisioning package (Windows 10/11)
description: Learn how to create a provisioning package for Windows 10/11, which lets you quickly configure a device without having to install a new image.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-author: aczechowski
-ms.author: aaroncz
+author: lizgt2000
+ms.author: lizlong
ms.topic: article
ms.localizationpriority: medium
ms.reviewer: gkomatsu
-manager: dougeby
+manager: aaroncz
ms.collection: highpri
---
@@ -148,8 +146,6 @@ For details on each specific setting, see [Windows Provisioning settings referen
## Learn more
-- Watch the video: [Provisioning Windows 10 Devices with New Tools](https://go.microsoft.com/fwlink/p/?LinkId=615921)
-
- [How to bulk-enroll devices with On-premises Mobile Device Management in Microsoft Endpoint Configuration Manager](/configmgr/mdm/deploy-use/bulk-enroll-devices-on-premises-mdm)
## Related articles
diff --git a/windows/configuration/provisioning-packages/provisioning-how-it-works.md b/windows/configuration/provisioning-packages/provisioning-how-it-works.md
index cc1fff48d3..935cd2807e 100644
--- a/windows/configuration/provisioning-packages/provisioning-how-it-works.md
+++ b/windows/configuration/provisioning-packages/provisioning-how-it-works.md
@@ -1,15 +1,13 @@
---
title: How provisioning works in Windows 10/11
-description: Learn more about how provisioning package work on Windows client devices. A provisioning package (.ppkg) is a container for a collection of configuration settings.
+description: Learn more about how provisioning package work on Windows client devices. A provisioning package (.ppkg) is a container for a collection of configuration settings.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-author: aczechowski
-ms.author: aaroncz
+author: lizgt2000
+ms.author: lizlong
ms.topic: article
ms.localizationpriority: medium
ms.reviewer: gkomatsu
-manager: dougeby
+manager: aaroncz
---
# How provisioning works in Windows
@@ -143,12 +141,6 @@ When applying multiple provisioning packages to a device, the provisioning engin
After a stand-alone provisioning package is applied to the device, the package is persisted in the `%ProgramData%\Microsoft\Provisioning` folder on the device. Provisioning packages can be removed by an administrator by using the **Add or remove a provisioning package** available under **Settings** > **Accounts** > **Access work or school**.
-
-## Learn more
-
-- Watch the video: [Provisioning Windows 10 Devices with New Tools](https://go.microsoft.com/fwlink/p/?LinkId=615921)
-
-
## Related articles
- [Provisioning packages for Windows client](provisioning-packages.md)
diff --git a/windows/configuration/provisioning-packages/provisioning-install-icd.md b/windows/configuration/provisioning-packages/provisioning-install-icd.md
index 1df2136104..6440a0c7d2 100644
--- a/windows/configuration/provisioning-packages/provisioning-install-icd.md
+++ b/windows/configuration/provisioning-packages/provisioning-install-icd.md
@@ -1,15 +1,13 @@
---
title: Install Windows Configuration Designer (Windows 10/11)
-description: Learn how to install and use Windows Configuration Designer so you can easily configure devices running Windows 10/11.
+description: Learn how to install and use Windows Configuration Designer so you can easily configure devices running Windows 10/11.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-author: aczechowski
-ms.author: aaroncz
+author: lizgt2000
+ms.author: lizlong
ms.topic: article
ms.localizationpriority: medium
ms.reviewer: gkomatsu
-manager: dougeby
+manager: aaroncz
ms.collection: highpri
---
@@ -80,10 +78,6 @@ On devices running Windows client, you can install [the Windows Configuration De
**Next step**: [How to create a provisioning package](provisioning-create-package.md)
-## Learn more
-
-- Watch the video: [Provisioning Windows 10 Devices with New Tools](https://go.microsoft.com/fwlink/p/?LinkId=615921)
-
## Related articles
- [Provisioning packages for Windows client](provisioning-packages.md)
diff --git a/windows/configuration/provisioning-packages/provisioning-multivariant.md b/windows/configuration/provisioning-packages/provisioning-multivariant.md
index 0987e3f720..36f22395b0 100644
--- a/windows/configuration/provisioning-packages/provisioning-multivariant.md
+++ b/windows/configuration/provisioning-packages/provisioning-multivariant.md
@@ -2,14 +2,12 @@
title: Create a provisioning package with multivariant settings (Windows 10/11)
description: Create a provisioning package with multivariant settings to customize the provisioned settings for defined conditions.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-author: aczechowski
+author: lizgt2000
ms.topic: article
ms.localizationpriority: medium
ms.reviewer: gkomatsu
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: lizlong
---
# Create a provisioning package with multivariant settings
diff --git a/windows/configuration/provisioning-packages/provisioning-packages.md b/windows/configuration/provisioning-packages/provisioning-packages.md
index da386db801..48a18fc43e 100644
--- a/windows/configuration/provisioning-packages/provisioning-packages.md
+++ b/windows/configuration/provisioning-packages/provisioning-packages.md
@@ -1,14 +1,11 @@
---
title: Provisioning packages overview on Windows 10/11
description: With Windows 10 and Windows 11, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image. Learn about what provisioning packages, are and what they do.
-ms.assetid: 287706E5-063F-4AB5-902C-A0DF6D0730BC
ms.reviewer: gkomatsu
-manager: dougeby
+manager: aaroncz
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-author: aczechowski
-ms.author: aaroncz
+author: lizgt2000
+ms.author: lizlong
ms.topic: article
ms.localizationpriority: medium
ms.collection: highpri
@@ -16,7 +13,6 @@ ms.collection: highpri
# Provisioning packages for Windows
-
**Applies to**
- Windows 10
@@ -31,9 +27,6 @@ Provisioning packages are simple enough that with a short set of written instruc
Windows Configuration Designer is available as an [app in the Microsoft Store](https://www.microsoft.com/store/apps/9nblggh4tx22).
-
-
-
@@ -44,10 +37,8 @@ Windows Configuration Designer is available as an [app in the Microsoft Store](h
-
## Benefits of provisioning packages
-
Provisioning packages let you:
- Quickly configure a new device without going through the process of installing a new image.
@@ -79,7 +70,7 @@ The following table describes settings that you can configure using the wizards
| Set up device | Assign device name, enter product key to upgrade Windows, configure shared used, remove pre-installed software | ✔️ | ✔️ | ✔️ |
| Set up network | Connect to a Wi-Fi network | ✔️ | ✔️ | ✔️ |
| Account management | Enroll device in Active Directory, enroll device in Azure Active Directory, or create a local administrator account | ✔️ | ✔️ | ✔️ |
-| Bulk Enrollment in Azure AD | Enroll device in Azure Active Directory using Bulk Token [Set up Azure AD join in your organization](/azure/active-directory/active-directory-azureadjoin-setup), before you use Windows Configuration Designer wizard to configure bulk Azure AD enrollment,. | ✔️ | ✔️ | ✔️ |
+| Bulk Enrollment in Azure AD | Enroll device in Azure Active Directory using Bulk Token [Set up Azure AD join in your organization](/azure/active-directory/active-directory-azureadjoin-setup), before you use Windows Configuration Designer wizard to configure bulk Azure AD enrollment. | ✔️ | ✔️ | ✔️ |
| Add applications | Install applications using the provisioning package. | ✔️ | ✔️ | ❌ |
| Add certificates | Include a certificate file in the provisioning package. | ✔️ | ✔️ | ✔️ |
| Configure kiosk account and app | Create local account to run the kiosk mode app, specify the app to run in kiosk mode | ❌ | ✔️ | ❌ |
@@ -90,7 +81,6 @@ The following table describes settings that you can configure using the wizards
- [Instructions for the kiosk wizard](../kiosk-single-app.md#wizard)
- [Instructions for the HoloLens wizard](/hololens/hololens-provisioning#wizard)
-
>[!NOTE]
>After you start a project using a Windows Configuration Designer wizard, you can switch to the advanced editor to configure additional settings in the provisioning package.
@@ -98,7 +88,6 @@ The following table describes settings that you can configure using the wizards
The following table provides some examples of settings that you can configure using the Windows Configuration Designer advanced editor to create provisioning packages.
-
| Customization options | Examples |
|---|---|
| Bulk Active Directory join and device name | Join devices to Active Directory domain and assign device names using hardware-specific serial numbers or random characters |
@@ -140,12 +129,6 @@ WCD supports the following scenarios for IT administrators:
-## Learn more
-
-For more information about provisioning, watch the following video:
-
-- [Provisioning Windows client devices with new tools](https://go.microsoft.com/fwlink/p/?LinkId=615921)
-
## Related articles
- [How provisioning works in Windows client](provisioning-how-it-works.md)
diff --git a/windows/configuration/provisioning-packages/provisioning-powershell.md b/windows/configuration/provisioning-packages/provisioning-powershell.md
index 3b6e0300dc..76c5aaf5a9 100644
--- a/windows/configuration/provisioning-packages/provisioning-powershell.md
+++ b/windows/configuration/provisioning-packages/provisioning-powershell.md
@@ -2,14 +2,12 @@
title: PowerShell cmdlets for provisioning Windows 10/11 (Windows 10/11)
description: Learn more about the Windows PowerShell cmdlets that you can use with Provisioning packages on Windows10/11 client desktop devices.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-author: aczechowski
-ms.author: aaroncz
+author: lizgt2000
+ms.author: lizlong
ms.topic: article
ms.localizationpriority: medium
ms.reviewer: gkomatsu
-manager: dougeby
+manager: aaroncz
---
# PowerShell cmdlets for provisioning Windows client (reference)
diff --git a/windows/configuration/provisioning-packages/provisioning-script-to-install-app.md b/windows/configuration/provisioning-packages/provisioning-script-to-install-app.md
index 0f1b11b953..b203cd0294 100644
--- a/windows/configuration/provisioning-packages/provisioning-script-to-install-app.md
+++ b/windows/configuration/provisioning-packages/provisioning-script-to-install-app.md
@@ -2,14 +2,12 @@
title: Use a script to install a desktop app in provisioning packages (Windows 10/11)
description: With Windows 10/11, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-author: aczechowski
-ms.author: aaroncz
+author: lizgt2000
+ms.author: lizlong
ms.topic: article
ms.localizationpriority: medium
ms.reviewer: gkomatsu
-manager: dougeby
+manager: aaroncz
---
# Use a script to install a desktop app in provisioning packages
diff --git a/windows/configuration/provisioning-packages/provisioning-uninstall-package.md b/windows/configuration/provisioning-packages/provisioning-uninstall-package.md
index 1a6f2d6af3..553df87c89 100644
--- a/windows/configuration/provisioning-packages/provisioning-uninstall-package.md
+++ b/windows/configuration/provisioning-packages/provisioning-uninstall-package.md
@@ -2,14 +2,12 @@
title: Uninstall a provisioning package - reverted settings (Windows 10/11)
description: This article lists the settings that are reverted when you uninstall a provisioning package on Windows 10/11 desktop client devices.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-author: aczechowski
-ms.author: aaroncz
+author: lizgt2000
+ms.author: lizlong
ms.topic: article
ms.localizationpriority: medium
ms.reviewer: gkomatsu
-manager: dougeby
+manager: aaroncz
---
# Settings changed when you uninstall a provisioning package
@@ -64,13 +62,11 @@ Here is the list of revertible settings based on configuration service providers
[CMPolicyEnterprise CSP](/windows/client-management/mdm/cmpolicyenterprise-csp)
[EMAIL2 CSP](/windows/client-management/mdm/email2-csp)
[EnterpriseAPN CSP](/windows/client-management/mdm/enterpriseapn-csp)
-[EnterpriseAppManagement CSP](/windows/client-management/mdm/enterpriseappmanagement-csp)
[EnterpriseDesktopAppManagement CSP](/windows/client-management/mdm/enterprisedesktopappmanagement-csp)
[EnterpriseModernAppManagement CSP](/windows/client-management/mdm/enterprisemodernappmanagement-csp)
[NAP CSP](/windows/client-management/mdm/nap-csp)
[PassportForWork CSP](/windows/client-management/mdm/passportforwork-csp)
[Provisioning CSP](/windows/client-management/mdm/provisioning-csp)
-[PROXY CSP](/windows/client-management/mdm/proxy-csp)
[SecureAssessment CSP](/windows/client-management/mdm/secureassessment-csp)
[VPN CSP](/windows/client-management/mdm/vpn-csp)
[VPNv2 CSP](/windows/client-management/mdm/vpnv2-csp)
diff --git a/windows/configuration/set-up-shared-or-guest-pc.md b/windows/configuration/set-up-shared-or-guest-pc.md
index 92a57a02af..191ecb60c4 100644
--- a/windows/configuration/set-up-shared-or-guest-pc.md
+++ b/windows/configuration/set-up-shared-or-guest-pc.md
@@ -1,16 +1,13 @@
---
title: Set up a shared or guest PC with Windows 10/11
description: Windows 10 and Windows has shared PC mode, which optimizes Windows client for shared use scenarios.
-keywords: ["shared pc mode"]
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-author: aczechowski
-ms.author: aaroncz
+author: lizgt2000
+ms.author: lizlong
ms.topic: article
ms.localizationpriority: medium
ms.reviewer: sybruckm
-manager: dougeby
+manager: aaroncz
ms.collection: highpri
---
@@ -65,7 +62,7 @@ Shared PC mode exposes a set of customizations to tailor the behavior to your re
|:---|:---|
| EnableSharedPCMode | Set as **True**. If this is not set to **True**, shared PC mode is not turned on and none of the other settings apply. This setting controls this API: [IsEnabled](/uwp/api/windows.system.profile.sharedmodesettings) Some of the remaining settings in **SharedPC** are optional, but we strongly recommend that you also set `EnableAccountManager` to **True**. |
| AccountManagement: AccountModel | This option controls how users can sign-in on the PC. Choosing domain-joined will enable any user in the domain to sign-in.
Specifying the guest option will add the **Guest** option to the sign-in screen and enable anonymous guest access to the PC.
- **Only guest** allows anyone to use the PC as a local standard (non-admin) account. - **Domain-joined only** allows users to sign in with an Active Directory or Azure AD account. - **Domain-joined and guest** allows users to sign in with an Active Directory, Azure AD, or local standard account. |
-| AccountManagement: DeletionPolicy | - **Delete immediately** will delete the account on sign-out.
- **Delete at disk space threshold** will start deleting accounts when available disk space falls below the threshold you set for **DiskLevelDeletion**, and it will stop deleting accounts when the available disk space reaches the threshold you set for **DiskLevelCaching**. Accounts are deleted in order of oldest accessed to most recently accessed.
Example: The caching number is 50 and the deletion number is 25. Accounts will be cached while the free disk space is above 25%. When the free disk space is less than 25% (the deletion number) at a maintenance period, accounts will be deleted (oldest last used first) until the free disk space is above 50% (the caching number). Accounts will be deleted immediately at sign off of an account if free space is under the deletion threshold and disk space is very low, regardless if the PC is actively in use or not. - **Delete at disk space threshold and inactive threshold** will apply the same disk space checks as noted above, but also delete accounts if they have not signed in within the number of days specified by **InactiveThreshold** |
+| AccountManagement: DeletionPolicy | - **Delete immediately** will delete the account on sign-out.
- **Delete at disk space threshold** will start deleting accounts when available disk space falls below the threshold you set for **DiskLevelDeletion**, and it will stop deleting accounts when the available disk space reaches the threshold you set for **DiskLevelCaching**. Accounts are deleted in order of oldest accessed to most recently accessed.
Example: The caching number is 50 and the deletion number is 25. Accounts will be cached while the free disk space is above 25%. When the free disk space is less than 25% (the deletion number) at a maintenance period, accounts will be deleted (oldest last used first) until the free disk space is above 50% (the caching number). Accounts will be deleted immediately at sign-off of an account if free space is under the deletion threshold and disk space is very low, regardless if the PC is actively in use or not. - **Delete at disk space threshold and inactive threshold** will apply the same disk space checks as noted above, but also delete accounts if they have not signed in within the number of days specified by **InactiveThreshold** |
| AccountManagement: DiskLevelCaching | If you set **DeletionPolicy** to **Delete at disk space threshold**, set the percent of total disk space to be used as the disk space threshold for account caching. |
| AccountManagement: DiskLevelDeletion | If you set **DeletionPolicy** to **Delete at disk space threshold**, set the percent of total disk space to be used as the disk space threshold for account deletion. |
| AccountManagement: InactiveThreshold | If you set **DeletionPolicy** to **Delete at disk space threshold and inactive threshold**, set the number of days after which an account that has not signed in will be deleted. |
@@ -85,7 +82,7 @@ Shared PC mode exposes a set of customizations to tailor the behavior to your re
You can configure Windows to be in shared PC mode in a couple different ways:
-- Mobile device management (MDM): Shared PC mode is enabled by the [SharedPC configuration service provider (CSP)](/windows/client-management/mdm/sharedpc-csp). To setup a shared device policy for Windows client in Intune, complete the following steps:
+- Mobile device management (MDM): Shared PC mode is enabled by the [SharedPC configuration service provider (CSP)](/windows/client-management/mdm/sharedpc-csp). To set up a shared device policy for Windows client in Intune, complete the following steps:
1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
@@ -185,30 +182,7 @@ You can configure Windows to be in shared PC mode in a couple different ways:
### Apply the provisioning package
-You can apply the provisioning package to a PC during initial setup or to a PC that has already been set up.
-
-**During initial setup**
-
-1. Start with a PC on the setup screen.
-
- 
-
-2. Insert the USB drive. If nothing happens when you insert the USB drive, press the Windows key five times.
-
- - If there is only one provisioning package on the USB drive, the provisioning package is applied.
-
- - If there is more than one provisioning package on the USB drive, the **Set up device?** message displays. Click **Set up**, and select the provisioning package that you want to install.
-
- 
-
-3. Complete the setup process.
-
-
-**After setup**
-
-On a desktop computer, navigate to **Settings** > **Accounts** > **Work access** > **Add or remove a management package** > **Add a package**, and selects the package to install.
-
-
+Provisioning packages can be applied to a device during initial setup (out-of-box experience or "OOBE") and after ("runtime"). For more information, see [Apply a provisioning package](./provisioning-packages/provisioning-apply-package.md).
> [!NOTE]
> If you apply the setup file to a computer that has already been set up, existing accounts and data might be lost.
@@ -217,7 +191,7 @@ On a desktop computer, navigate to **Settings** > **Accounts** > **Work ac
* We recommend no local admin accounts on the PC to improve the reliability and security of the PC.
-* When a PC is set up in shared PC mode with the default deletion policy, accounts will be cached automatically until disk space is low. Then, accounts will be deleted to reclaim disk space. This account management happens automatically. Both Azure AD and Active Directory domain accounts are managed in this way. Any accounts created through **Guest** and **Kiosk** will be deleted automatically at sign out.
+* When a PC is set up in shared PC mode with the default deletion policy, accounts will be cached automatically until disk space is low. Then, accounts will be deleted to reclaim disk space. This account management happens automatically. Both Azure AD and Active Directory domain accounts are managed in this way. Any accounts created through **Guest** and **Kiosk** will be deleted automatically at sign-out.
* On a Windows PC joined to Azure Active Directory:
* By default, the account that joined the PC to Azure AD will have an admin account on that PC. Global administrators for the Azure AD domain will also have admin accounts on the PC.
* With Azure AD Premium, you can specify which accounts have admin accounts on a PC using the **Additional administrators on Azure AD Joined devices** setting on the Azure portal.
diff --git a/windows/configuration/setup-digital-signage.md b/windows/configuration/setup-digital-signage.md
index 921c556ecf..572cd93eff 100644
--- a/windows/configuration/setup-digital-signage.md
+++ b/windows/configuration/setup-digital-signage.md
@@ -1,15 +1,11 @@
---
title: Set up digital signs on Windows 10/11
description: A single-use device such as a digital sign is easy to set up in Windows 10 and Windows 11 (Pro, Enterprise, and Education).
-ms.assetid: 428680AE-A05F-43ED-BD59-088024D1BFCC
ms.reviewer: sybruckm
-manager: dougeby
-ms.author: aaroncz
-keywords: ["assigned access", "kiosk", "lockdown", "digital sign", "digital signage", "kiosk browser", "browser"]
+manager: aaroncz
+ms.author: lizlong
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-author: aczechowski
+author: lizgt2000
ms.localizationpriority: medium
ms.date: 09/20/2021
ms.topic: article
diff --git a/windows/configuration/start-layout-troubleshoot.md b/windows/configuration/start-layout-troubleshoot.md
index 4b0658894b..28d3a28707 100644
--- a/windows/configuration/start-layout-troubleshoot.md
+++ b/windows/configuration/start-layout-troubleshoot.md
@@ -2,13 +2,11 @@
title: Troubleshoot Start menu errors
description: Learn how to troubleshoot common Start menu errors in Windows 10. For example, learn to troubleshoot errors related to deployment, crashes, and performance.
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.author: aaroncz
-author: aczechowski
+ms.author: lizlong
+author: lizgt2000
ms.localizationpriority: medium
ms.reviewer:
-manager: dougeby
+manager: aaroncz
ms.topic: troubleshooting
ms.collection: highpri
---
diff --git a/windows/configuration/start-layout-xml-desktop.md b/windows/configuration/start-layout-xml-desktop.md
index a0d7a0b65a..4d719d63a3 100644
--- a/windows/configuration/start-layout-xml-desktop.md
+++ b/windows/configuration/start-layout-xml-desktop.md
@@ -1,16 +1,13 @@
---
title: Start layout XML for desktop editions of Windows 10 (Windows 10)
description: This article describes the options for customizing Start layout in LayoutModification.xml for Windows 10 desktop editions.
-keywords: ["start screen"]
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-author: aczechowski
-ms.author: aaroncz
+author: lizgt2000
+ms.author: lizlong
ms.topic: article
ms.date: 10/02/2018
ms.reviewer:
-manager: dougeby
+manager: aaroncz
ms.localizationpriority: medium
ms.collection: highpri
---
diff --git a/windows/configuration/start-secondary-tiles.md b/windows/configuration/start-secondary-tiles.md
index 5699938be7..23f838107a 100644
--- a/windows/configuration/start-secondary-tiles.md
+++ b/windows/configuration/start-secondary-tiles.md
@@ -2,15 +2,12 @@
title: Add image for secondary Microsoft Edge tiles (Windows 10)
description: Add app tiles on Windows 10 that's a secondary tile.
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: security
ms.localizationpriority: medium
-author: aczechowski
-ms.author: aaroncz
+author: lizgt2000
+ms.author: lizlong
ms.topic: article
ms.reviewer:
-manager: dougeby
+manager: aaroncz
---
# Add image for secondary Microsoft Edge tiles
diff --git a/windows/configuration/stop-employees-from-using-microsoft-store.md b/windows/configuration/stop-employees-from-using-microsoft-store.md
index 40fc295016..03338078f4 100644
--- a/windows/configuration/stop-employees-from-using-microsoft-store.md
+++ b/windows/configuration/stop-employees-from-using-microsoft-store.md
@@ -1,15 +1,11 @@
---
title: Configure access to Microsoft Store (Windows 10)
description: Learn how to configure access to Microsoft Store for client computers and mobile devices in your organization.
-ms.assetid: 7AA60D3D-2A69-45E7-AAB0-B8AFC29C2E97
ms.reviewer:
-manager: dougeby
+manager: aaroncz
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: store, mobile
-author: aczechowski
-ms.author: aaroncz
+author: lizgt2000
+ms.author: lizlong
ms.topic: conceptual
ms.localizationpriority: medium
ms.date: 4/16/2018
@@ -98,7 +94,7 @@ You can also use Group Policy to manage access to Microsoft Store.
4. On the **Turn off the Store application** setting page, click **Enabled**, and then click **OK**.
> [!Important]
-> Enabling **Turn off the Store application** policy turns off app updates from Microsoft Store.
+> When you enable the policy to **Turn off the Store application**, it turns off app updates from the Microsoft Store. To allow store apps to update, disable the policy to **Turn off automatic download and install of Updates**. This configuration allows in-box store apps to update while still blocking access to the store.
## Show private store only using Group Policy
diff --git a/windows/configuration/supported-csp-start-menu-layout-windows.md b/windows/configuration/supported-csp-start-menu-layout-windows.md
index 30c40db968..cc9735faab 100644
--- a/windows/configuration/supported-csp-start-menu-layout-windows.md
+++ b/windows/configuration/supported-csp-start-menu-layout-windows.md
@@ -1,15 +1,11 @@
---
title: Supported CSP policies to customize Start menu on Windows 11 | Microsoft Docs
description: See a list of the Policy CSP - Start items that are supported on Windows 11 to customize the Start menu.
-ms.assetid:
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: lizlong
ms.reviewer: ericpapa
ms.prod: w11
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: mobile
-author: aczechowski
+author: lizgt2000
ms.localizationpriority: medium
---
diff --git a/windows/configuration/supported-csp-taskbar-windows.md b/windows/configuration/supported-csp-taskbar-windows.md
index 0891f70e8c..da0f246bc9 100644
--- a/windows/configuration/supported-csp-taskbar-windows.md
+++ b/windows/configuration/supported-csp-taskbar-windows.md
@@ -1,15 +1,11 @@
---
title: Supported CSP policies to customize the Taskbar on Windows 11 | Microsoft Docs
description: See a list of the Policy CSP - Start items that are supported on Windows 11 to customize the Taskbar.
-ms.assetid:
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: lizlong
ms.reviewer: chataylo
ms.prod: w11
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: mobile
-author: aczechowski
+author: lizgt2000
ms.localizationpriority: medium
---
diff --git a/windows/configuration/ue-v/uev-administering-uev-with-windows-powershell-and-wmi.md b/windows/configuration/ue-v/uev-administering-uev-with-windows-powershell-and-wmi.md
index 5c0961785e..4f970289fa 100644
--- a/windows/configuration/ue-v/uev-administering-uev-with-windows-powershell-and-wmi.md
+++ b/windows/configuration/ue-v/uev-administering-uev-with-windows-powershell-and-wmi.md
@@ -2,9 +2,6 @@
title: Administering UE-V with Windows PowerShell and WMI
description: Learn how User Experience Virtualization (UE-V) provides Windows PowerShell cmdlets to help administrators perform various UE-V tasks.
author: aczechowski
-ms.pagetype: mdop, virtualization
-ms.mktglfcycl: deploy
-ms.sitesec: library
ms.prod: w10
ms.date: 04/19/2017
ms.reviewer:
@@ -13,7 +10,6 @@ ms.author: aaroncz
ms.topic: article
---
-
# Administering UE-V with Windows PowerShell and WMI
**Applies to**
diff --git a/windows/configuration/ue-v/uev-administering-uev.md b/windows/configuration/ue-v/uev-administering-uev.md
index f2456dee1a..0a76ddcdb0 100644
--- a/windows/configuration/ue-v/uev-administering-uev.md
+++ b/windows/configuration/ue-v/uev-administering-uev.md
@@ -2,9 +2,6 @@
title: Administering UE-V
description: Learn how to perform administrative tasks for User Experience Virtualization (UE-V). These tasks include configuring the UE-V service and recovering lost settings.
author: aczechowski
-ms.pagetype: mdop, virtualization
-ms.mktglfcycl: deploy
-ms.sitesec: library
ms.prod: w10
ms.date: 04/19/2017
ms.reviewer:
@@ -13,7 +10,6 @@ ms.author: aaroncz
ms.topic: article
---
-
# Administering UE-V
**Applies to**
@@ -38,7 +34,7 @@ This topic explains how to use the UE-V template generator and manage custom set
## Back up and restore application and Windows settings that are synchronized with UE-V
-Windows Management Instrumentation (WMI) and Windows PowerShell features of UE-V allow you to restore settings packages. By using WMI and Windows PowerShell commands, you can restore application and Windows settings to their original state and restore additional settings when a user adopts a new device.
+Windows Management Instrumentation (WMI) and Windows PowerShell features of UE-V allow you to restore settings packages. By using WMI and Windows PowerShell commands, you can restore application and Windows settings to their original state and restore other settings when a user adopts a new device.
[Manage Administrative Backup and Restore in UE-V](uev-manage-administrative-backup-and-restore.md)
diff --git a/windows/configuration/ue-v/uev-application-template-schema-reference.md b/windows/configuration/ue-v/uev-application-template-schema-reference.md
index 50a4533c63..3a98106d0c 100644
--- a/windows/configuration/ue-v/uev-application-template-schema-reference.md
+++ b/windows/configuration/ue-v/uev-application-template-schema-reference.md
@@ -2,9 +2,6 @@
title: Application Template Schema Reference for UE-V
description: Learn details about the XML structure of the UE-V settings location templates and learn how to edit these files.
author: aczechowski
-ms.pagetype: mdop, virtualization
-ms.mktglfcycl: deploy
-ms.sitesec: library
ms.prod: w10
ms.date: 04/19/2017
ms.reviewer:
@@ -13,7 +10,6 @@ ms.author: aaroncz
ms.topic: article
---
-
# Application Template Schema Reference for UE-V
**Applies to**
@@ -60,7 +56,7 @@ This section details the XML structure of the UE-V settings location template an
**Type: String**
-The XML declaration must specify the XML version 1.0 attribute (<?xml version="1.0">). Settings location templates created by the UE-V template generator are saved in UTF-8 encoding, although the encoding is not explicitly specified. We recommend that you include the encoding="UTF-8" attribute in this element as a best practice. All templates included with the product specify this tag as well (see the documents in %ProgramFiles%\\Microsoft User Experience Virtualization\\Templates for reference). For example:
+The XML declaration must specify the XML version 1.0 attribute (<?xml version="1.0">). Settings location templates created by the UE-V template generator are saved in UTF-8 encoding, although the encoding isn't explicitly specified. We recommend that you include the encoding="UTF-8" attribute in this element as a best practice. All templates included with the product specify this tag as well (see the documents in %ProgramFiles%\\Microsoft User Experience Virtualization\\Templates for reference). For example:
``
@@ -70,28 +66,30 @@ The XML declaration must specify the XML version 1.0 attribute (<?xml version
**Type: String**
-UE-V uses the ```https://schemas.microsoft.com/UserExperienceVirtualization/2012/SettingsLocationTemplate``` namespace for all applications. SettingsLocationTemplate is the root element and contains all other elements. Reference SettingsLocationTemplate in all templates using this tag:
+UE-V uses the `https://schemas.microsoft.com/UserExperienceVirtualization/2012/SettingsLocationTemplate` namespace for all applications. SettingsLocationTemplate is the root element and contains all other elements. Reference SettingsLocationTemplate in all templates using this tag:
-``
+```xml
+
+```
### Data types
-These are the data types for the UE-V application template schema.
+These data types are the ones for the UE-V application template schema.
**GUID**
-GUID describes a standard globally unique identifier regular expression in the form "\\{\[a-fA-F0-9\]{8}-\[a-fA-F0-9\]{4}-\[a-fA-F0-9\]{4}-\[a-fA-F0-9\]{4}-\[a-fA-F0-9\]{12}\\}". This is used in the Filesetting\\Root\\KnownFolder element to verify the formatting of well-known folders.
+GUID describes a standard globally unique identifier regular expression in the form "\\{\[a-fA-F0-9\]{8}-\[a-fA-F0-9\]{4}-\[a-fA-F0-9\]{4}-\[a-fA-F0-9\]{4}-\[a-fA-F0-9\]{12}\\}". This GUID is used in the Filesetting\\Root\\KnownFolder element to verify the formatting of well-known folders.
**FilenameString**
FilenameString refers to the file name of a process to be monitored. Its values are restricted by the regex \[^\\\\\\?\\\*\\|<>/:\]+, (that is, they may not contain backslash characters, asterisk or question mark wild-card characters, the pipe character, the greater than or less than sign, forward slash, or colon characters).
**IDString**
-IDString refers to the ID value of Application elements, SettingsLocationTemplate, and Common elements (used to describe application suites that share common settings). It is restricted by the same regex as FilenameString (\[^\\\\\\?\\\*\\|<>/:\]+).
+IDString refers to the ID value of Application elements, SettingsLocationTemplate, and Common elements (used to describe application suites that share common settings). It's restricted by the same regex as FilenameString (\[^\\\\\\?\\\*\\|<>/:\]+).
**TemplateVersion**
TemplateVersion is an integer value used to describe the revision of the settings location template. Its value may range from 0 to 2147483647.
**Empty**
-Empty refers to a null value. This is used in Process\\ShellProcess to indicate that there is no process to monitor. This value should not be used in any application templates.
+Empty refers to a null value. This data type is used in Process\\ShellProcess to indicate that there's no process to monitor. This value shouldn't be used in any application templates.
**Author**
The Author data type is a complex type that identifies the author of a template. It contains two child elements: **Name** and **Email**. Within the Author data type, the Name element is mandatory while the Email element is optional. This type is described in more detail under the SettingsLocationTemplate element.
@@ -106,7 +104,7 @@ ProcessVersion defines a type with four child elements: **Major**, **Minor**, **
Architecture enumerates two possible values: **Win32** and **Win64**. These values are used to specify process architecture.
**Process**
-The Process data type is a container used to describe processes to be monitored by UE-V. It contains six child elements: **Filename**, **Architecture**, **ProductName**, **FileDescription**, **ProductVersion**, and **FileVersion**. This table details each element’s respective data type:
+The Process data type is a container used to describe processes to be monitored by UE-V. It contains six child elements: **Filename**, **Architecture**, **ProductName**, **FileDescription**, **ProductVersion**, and **FileVersion**. This table details each element's respective data type:
|Element|Data Type|Mandatory|
|--- |--- |--- |
@@ -121,11 +119,11 @@ The Process data type is a container used to describe processes to be monitored
The Processes data type represents a container for a collection of one or more Process elements. Two child elements are supported in the Processes sequence type: **Process** and **ShellProcess**. Process is an element of type Process and ShellProcess is of data type Empty. At least one item must be identified in the sequence.
**Path**
-Path is consumed by RegistrySetting and FileSetting to refer to registry and file paths. This element supports two optional attributes: **Recursive** and **DeleteIfNotFound**. Both values are set to default=”False”.
+Path is consumed by RegistrySetting and FileSetting to refer to registry and file paths. This element supports two optional attributes: **Recursive** and **DeleteIfNotFound**. Both values are set to default="False".
-Recursive indicates that the path and all subfolders are included for file settings or that all child registry keys are included for registry settings. In both cases, all items at the current level are included in the data captured. For a FileSettings object, all files within the specified folder are included in the data captured by UE-V but folders are not included. For registry paths, all values in the current path are captured but child registry keys are not captured. In both cases, care should be taken to avoid capturing large data sets or large numbers of items.
+Recursive indicates that the path and all subfolders are included for file settings or that all child registry keys are included for registry settings. In both cases, all items at the current level are included in the data captured. For a FileSettings object, all files within the specified folder are included in the data captured by UE-V but folders aren't included. For registry paths, all values in the current path are captured but child registry keys aren't captured. In both cases, care should be taken to avoid capturing large data sets or large numbers of items.
-The DeleteIfNotFound attribute removes the setting from the user’s settings storage path data. This may be desirable in cases where removing these settings from the package will save a large amount of disk space on the settings storage path file server.
+The DeleteIfNotFound attribute removes the setting from the user’s settings storage path data. This removal may be desirable in cases where removing these settings from the package will save a large amount of disk space on the settings storage path file server.
**FileMask**
FileMask specifies only certain file types for the folder that is defined by Path. For example, Path might be `C:\users\username\files` and FileMask could be `*.txt` to include only text files.
@@ -141,8 +139,8 @@ Settings is a container for all the settings that apply to a particular template
|Element|Description|
|--- |--- |
-|Asynchronous|Asynchronous settings packages are applied without blocking the application startup so that the application start proceeds while the settings are still being applied. This is useful for settings that can be applied asynchronously, such as those get/set through an API, like SystemParameterSetting.|
-|PreventOverlappingSynchronization|By default, UE-V only saves settings for an application when the last instance of an application using the template is closed. When this element is set to ‘false’, UE-V exports the settings even if other instances of an application are running. Suited templates – those that include a Common element section– that are shipped with UE-V use this flag to enable shared settings to always export on application close, while preventing application-specific settings from exporting until the last instance is closed.|
+|Asynchronous|Asynchronous settings packages are applied without blocking the application startup so that the application start proceeds while the settings are still being applied. This element is useful for settings that can be applied asynchronously, such as those settings get/set through an API, like SystemParameterSetting.|
+|PreventOverlappingSynchronization|By default, UE-V only saves settings for an application when the last instance of an application using the template is closed. When this element is set to ‘false’, UE-V exports the settings even if other instances of an application are running. Suited templates – those templates that include a Common element section– that are shipped with UE-V use this flag to enable shared settings to always export on application close, while preventing application-specific settings from exporting until the last instance is closed.|
|AlwaysApplySettings|This parameter forces an imported settings package to be applied even if there are no differences between the package and the current state of the application. This parameter should be used only in special cases since it can slow down settings import.|
### Name Element
@@ -151,10 +149,10 @@ Settings is a container for all the settings that apply to a particular template
**Type: String**
-Name specifies a unique name for the settings location template. This is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. In general, avoid referencing version information, as this can be objected from the ProductVersion element. For example, specify `My Application` rather than `My Application 1.1`.
+Name specifies a unique name for the settings location template. This name is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. In general, avoid referencing version information, as this referencing can be objected from the ProductVersion element. For example, specify `My Application` rather than `My Application 1.1`.
> [!NOTE]
-> UE-V does not reference external DTDs, so it is not possible to use named entities in a settings location template. For example, do not use ® to refer to the registered trade mark sign ®. Instead, use canonical numbered references to include these types of special characters, for example, &\#174 for the ® character. This rule applies to all string values in this document.
+> UE-V does not reference external DTDs, so it's not possible to use named entities in a settings location template. For example, do not use ® to refer to the registered trade mark sign ®. Instead, use canonical numbered references to include these types of special characters, for example, &\#174 for the ® character. This rule applies to all string values in this document.
See for a complete list of character entities. UTF-8-encoded documents may include the Unicode characters directly. Saving templates through the UE-V template generator converts character entities to their Unicode representations automatically.
@@ -166,7 +164,7 @@ See for a complete list of character ent
**Type: String**
-ID populates a unique identifier for a particular template. This tag becomes the primary identifier that the UE-V service uses to reference the template at runtime (for example, see the output of the Get-UevTemplate and Get-UevTemplateProgram PowerShell cmdlets). By convention, this tag should not contain any spaces, which simplifies scripting. Version numbers of applications should be specified in this element to allow for easy identification of the template, such as `MicrosoftOffice2016Win64`.
+ID populates a unique identifier for a particular template. This tag becomes the primary identifier that the UE-V service uses to reference the template at runtime (for example, see the output of the Get-UevTemplate and Get-UevTemplateProgram PowerShell cmdlets). By convention, this tag shouldn't contain any spaces, which simplifies scripting. Version numbers of applications should be specified in this element to allow for easy identification of the template, such as `MicrosoftOffice2016Win64`.
### Version Element
@@ -178,7 +176,7 @@ ID populates a unique identifier for a particular template. This tag becomes the
**Maximum Value: 2147483647**
-Version identifies the version of the settings location template for administrative tracking of changes. The UE-V template generator automatically increments this number by one each time the template is saved. Notice that this field must be a whole number integer; fractional values, such as `2.5` are not allowed.
+Version identifies the version of the settings location template for administrative tracking of changes. The UE-V template generator automatically increments this number by one each time the template is saved. Notice that this field must be a whole number integer; fractional values, such as `2.5` aren't allowed.
> [!TIP]
> You can save notes about version changes using XML comment tags ``, for example:
@@ -212,7 +210,7 @@ Version identifies the version of the settings location template for administrat
**Type: String**
-Author identifies the creator of the settings location template. Two optional child elements are supported: **Name** and **Email**. Both attributes are optional, but, if the Email child element is specified, it must be accompanied by the Name element. Author refers to the full name of the contact for the settings location template, and email should refer to an email address for the author. We recommend that you include this information in templates published publicly, for example, on the [UE-V Template Gallery](https://gallery.technet.microsoft.com/site/search?f%5B0%5D.Type=RootCategory&f%5B0%5D.Value=UE-V).
+Author identifies the creator of the settings location template. Two optional child elements are supported: **Name** and **Email**. Both attributes are optional, but, if the Email child element is specified, it must be accompanied by the Name element. Author refers to the full name of the contact for the settings location template, and email should refer to an email address for the author. We recommend that you include this information in templates published publicly.
### Processes and Process Element
@@ -220,7 +218,7 @@ Author identifies the creator of the settings location template. Two optional ch
**Type: Element**
-Processes contains at least one `` element, which in turn contains the following child elements: **Filename**, **Architecture**, **ProductName**, **FileDescription**, **ProductVersion**, and **FileVersion**. The Filename child element is mandatory and the others are optional. A fully populated element contains tags similar to this example:
+Processes contain at least one `` element, which in turn contains the following child elements: **Filename**, **Architecture**, **ProductName**, **FileDescription**, **ProductVersion**, and **FileVersion**. The Filename child element is mandatory and the others are optional. A fully populated element contains tags similar to this example:
```xml
@@ -254,7 +252,7 @@ Filename refers to the actual file name of the executable as it appears in the f
Valid filenames must not match the regular expression \[^\\\\\\?\\\*\\|<>/:\]+, that is, they may not contain backslash characters, asterisk or question mark wild-card characters, the pipe character, the greater than or less than sign, forward slash, or colon (the \\ ? \* | < > / or : characters.).
> [!TIP]
-> To test a string against this regex, use a PowerShell command window and substitute your executable’s name for **YourFileName**:
+> To test a string against this regex, use a PowerShell command window and substitute your executable's name for **YourFileName**:
`"YourFileName.exe" -match "[\\\?\*\|<>/:]+"`
@@ -273,7 +271,7 @@ A value of **True** indicates that the string contains illegal characters. Here
-In rare circumstances, the FileName value will not necessarily include the .exe extension, but it should be specified as part of the value. For example, `MyApplication.exe` should be specified instead of `MyApplication`. The second example will not apply the template to the process if the actual name of the executable file is “MyApplication.exe”.
+In rare circumstances, the FileName value won't necessarily include the .exe extension, but it should be specified as part of the value. For example, `MyApplication.exe` should be specified instead of `MyApplication`. The second example won't apply the template to the process if the actual name of the executable file is “MyApplication.exe”.
### Architecture
@@ -281,9 +279,9 @@ In rare circumstances, the FileName value will not necessarily include the .exe
**Type: Architecture (String)**
-Architecture refers to the processor architecture for which the target executable was compiled. Valid values are Win32 for 32-bit applications or Win64 for 64-bit applications. If present, this tag limits the applicability of the settings location template to a particular application architecture. For an example of this, compare the %ProgramFiles%\\Microsoft User Experience Virtualization\\templates\\ MicrosoftOffice2016Win32.xml and MicrosoftOffice2016Win64.xml files included with UE-V. This is useful when relative paths change between different versions of an executable or if settings have been added or removed when moving from one processor architecture to another.
+Architecture refers to the processor architecture for which the target executable was compiled. Valid values are Win32 for 32-bit applications or Win64 for 64-bit applications. If present, this tag limits the applicability of the settings location template to a particular application architecture. For an example of this applicability restriction, compare the %ProgramFiles%\\Microsoft User Experience Virtualization\\templates\\ MicrosoftOffice2016Win32.xml and MicrosoftOffice2016Win64.xml files included with UE-V. This applicability restriction is useful when relative paths change between different versions of an executable or if settings have been added or removed when moving from one processor architecture to another.
-If this element is absent, the settings location template ignores the process’ architecture and applies to both 32 and 64-bit processes if the file name and other attributes apply.
+If this element is absent, the settings location template ignores the process’ architecture and applies to both 32-bit and 64-bit processes if the file name and other attributes apply.
> [!NOTE]
> UE-V does not support ARM processors in this version.
@@ -296,7 +294,7 @@ If this element is absent, the settings location template ignores the process’
**Type: String**
-ProductName is an optional element used to identify a product for administrative purposes or reporting. ProductName differs from Filename in that there are no regular expression restrictions on its value. This allows for more easily understood descriptions of a process where the executable name may not be obvious. For example:
+ProductName is an optional element used to identify a product for administrative purposes or reporting. ProductName differs from Filename in that there are no regular expression restrictions on its value. This flexibility allows for more easily understood descriptions of a process where the executable name may not be obvious. For example:
```xml
@@ -314,7 +312,7 @@ ProductName is an optional element used to identify a product for administrative
**Type: String**
-FileDescription is an optional tag that allows for an administrative description of the executable file. This is a free text field and can be useful in distinguishing multiple executables within a software package where there is a need to identify the function of the executable.
+FileDescription is an optional tag that allows for an administrative description of the executable file. This tag is a free text field and can be useful in distinguishing multiple executables within a software package where there's a need to identify the function of the executable.
For example, in a suited application, it might be useful to provide reminders about the function of two executables (MyApplication.exe and MyApplicationHelper.exe), as shown here:
@@ -346,7 +344,7 @@ For example, in a suited application, it might be useful to provide reminders ab
ProductVersion refers to the major and minor product versions of a file, as well as a build and patch level. ProductVersion is an optional element, but if specified, it must contain at least the Major child element. The value must express a range in the form Minimum="X" Maximum="Y" where X and Y are integers. The Minimum and Maximum values can be identical.
-The product and file version elements may be left unspecified. Doing so makes the template “version agnostic”, meaning that the template will apply to all versions of the specified executable.
+The product and file version elements may be left unspecified. Doing so makes the template "version agnostic", meaning that the template will apply to all versions of the specified executable.
**Example 1:**
@@ -372,7 +370,7 @@ File version: 5.0.2.1000 specified in the UE-V template generator produces the f
```
-**Incorrect Example 1 – incomplete range:**
+**Incorrect Example 1 - incomplete range:**
Only the Minimum attribute is present. Maximum must be included in a range as well.
@@ -382,7 +380,7 @@ Only the Minimum attribute is present. Maximum must be included in a range as we
```
-**Incorrect Example 2 – Minor specified without Major element:**
+**Incorrect Example 2 - Minor specified without Major element:**
Only the Minor element is present. Major must be included as well.
@@ -398,13 +396,13 @@ Only the Minor element is present. Major must be included as well.
**Type: String**
-FileVersion differentiates between the release version of a published application and the internal build details of a component executable. For the majority of commercial applications, these numbers are identical. Where they vary, the product version of a file indicates a generic version identification of a file, while file version indicates a specific build of a file (as in the case of a hotfix or update). This uniquely identifies files without breaking detection logic.
+FileVersion differentiates between the release version of a published application and the internal build details of a component executable. For most of the commercial applications, these numbers are identical. Where they vary, the product version of a file indicates a generic version identification of a file, while file version indicates a specific build of a file (as in the example of a hotfix or update). This file version uniquely identifies files without breaking detection logic.
To determine the product version and file version of a particular executable, right-click on the file in Windows Explorer, select Properties, then click on the Details tab.
-Including a FileVersion element for an application allows for more granular fine-tuning detection logic, but is not necessary for most applications. The ProductVersion element settings are checked first, and then FileVersion is checked. The more restrictive setting will apply.
+Including a FileVersion element for an application allows for more granular fine-tuning detection logic, but isn't necessary for most applications. The ProductVersion element settings are checked first, and then FileVersion is checked. The more restrictive setting will apply.
-The child elements and syntax rules for FileVersion are identical to those of ProductVersion.
+The child elements and syntax rules for FileVersion are identical to those elements and rules of ProductVersion.
```xml
@@ -423,38 +421,38 @@ The child elements and syntax rules for FileVersion are identical to those of Pr
### Application Element
-Application is a container for settings that apply to a particular application. It is a collection of the following fields/types.
+Application is a container for settings that apply to a particular application. It's a collection of the following fields/types.
|Field/Type|Description|
|--- |--- |
-|Name|Specifies a unique name for the settings location template. This is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. For more information, see [Name](#name21).|
+|Name|Specifies a unique name for the settings location template. This name is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. For more information, see [Name](#name21).|
|ID|Populates a unique identifier for a particular template. This tag becomes the primary identifier that the UE-V service uses to reference the template at runtime. For more information, see [ID](#id21).|
|Description|An optional description of the template.|
|LocalizedNames|An optional name displayed in the UI, localized by a language locale.|
|LocalizedDescriptions|An optional template description localized by a language locale.|
|Version|Identifies the version of the settings location template for administrative tracking of changes. For more information, see [Version](#version21).|
|DeferToMSAccount|Controls whether this template is enabled in conjunction with a Microsoft account or not. If MSA syncing is enabled for a user on a machine, then this template will automatically be disabled.|
-|DeferToOffice365|Similar to MSA, this controls whether this template is enabled in conjunction with Office365. If Office 365 is being used to sync settings, this template will automatically be disabled.|
-|FixedProfile|Specifies that this template can only be associated with the profile specified within this element, and cannot be changed via WMI or PowerShell.|
+|DeferToOffice365|Similar to MSA, this type controls whether this template is enabled in conjunction with Office365. If Office 365 is being used to sync settings, this template will automatically be disabled.|
+|FixedProfile|Specifies that this template can only be associated with the profile specified within this element, and can't be changed via WMI or PowerShell.|
|Processes|A container for a collection of one or more Process elements. For more information, see [Processes](#processes21).|
|Settings|A container for all the settings that apply to a particular template. It contains instances of the Registry, File, SystemParameter, and CustomAction settings. For more information, see **Settings** in [Data types](#data21)".|
### Common Element
-Common is similar to an Application element, but it is always associated with two or more Application elements. The Common section represents the set of settings that are shared between those Application instances. It is a collection of the following fields/types.
+Common is similar to an Application element, but it's always associated with two or more Application elements. The Common section represents the set of settings that are shared between those Application instances. It's a collection of the following fields/types.
|Field/Type|Description|
|--- |--- |
-|Name|Specifies a unique name for the settings location template. This is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. For more information, see [Name](#name21).|
+|Name|Specifies a unique name for the settings location template. This name is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. For more information, see [Name](#name21).|
|ID|Populates a unique identifier for a particular template. This tag becomes the primary identifier that the UE-V service uses to reference the template at runtime. For more information, see [ID](#id21).|
|Description|An optional description of the template.|
|LocalizedNames|An optional name displayed in the UI, localized by a language locale.|
|LocalizedDescriptions|An optional template description localized by a language locale.|
|Version|Identifies the version of the settings location template for administrative tracking of changes. For more information, see [Version](#version21).|
|DeferToMSAccount|Controls whether this template is enabled in conjunction with a Microsoft account or not. If MSA syncing is enabled for a user on a machine, then this template will automatically be disabled.|
-|DeferToOffice365|Similar to MSA, this controls whether this template is enabled in conjunction with Office365. If Office 365 is being used to sync settings, this template will automatically be disabled.|
-|FixedProfile|Specifies that this template can only be associated with the profile specified within this element, and cannot be changed via WMI or PowerShell.|
+|DeferToOffice365|Similar to MSA, this type controls whether this template is enabled in conjunction with Office365. If Office 365 is being used to sync settings, this template will automatically be disabled.|
+|FixedProfile|Specifies that this template can only be associated with the profile specified within this element, and can't be changed via WMI or PowerShell.|
|Settings|A container for all the settings that apply to a particular template. It contains instances of the Registry, File, SystemParameter, and CustomAction settings. For more information, see **Settings** in [Data types](#data21).|
### SettingsLocationTemplate Element
@@ -463,7 +461,7 @@ This element defines the settings for a single application or a suite of applica
|Field/Type|Description|
|--- |--- |
-|Name|Specifies a unique name for the settings location template. This is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. For more information, see [Name](#name21).|
+|Name|Specifies a unique name for the settings location template. This type is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. For more information, see [Name](#name21).|
|ID|Populates a unique identifier for a particular template. This tag becomes the primary identifier that the UE-V service uses to reference the template at runtime. For more information, see [ID](#id21).|
|Description|An optional description of the template.|
|LocalizedNames|An optional name displayed in the UI, localized by a language locale.|
@@ -472,7 +470,7 @@ This element defines the settings for a single application or a suite of applica
### Appendix: SettingsLocationTemplate.xsd
-Here is the SettingsLocationTemplate.xsd file showing its elements, child elements, attributes, and parameters:
+Here's the SettingsLocationTemplate.xsd file showing its elements, child elements, attributes, and parameters:
```xml
diff --git a/windows/configuration/ue-v/uev-changing-the-frequency-of-scheduled-tasks.md b/windows/configuration/ue-v/uev-changing-the-frequency-of-scheduled-tasks.md
index 7b1980ded7..f9a1b5f123 100644
--- a/windows/configuration/ue-v/uev-changing-the-frequency-of-scheduled-tasks.md
+++ b/windows/configuration/ue-v/uev-changing-the-frequency-of-scheduled-tasks.md
@@ -2,9 +2,6 @@
title: Changing the Frequency of UE-V Scheduled Tasks
description: Learn how to create a script that uses the Schtasks.exe command-line options so you can change the frequency of UE-V scheduled tasks.
author: aczechowski
-ms.pagetype: mdop, virtualization
-ms.mktglfcycl: deploy
-ms.sitesec: library
ms.prod: w10
ms.date: 04/19/2017
ms.reviewer:
@@ -13,7 +10,6 @@ ms.author: aaroncz
ms.topic: article
---
-
# Changing the Frequency of UE-V Scheduled Tasks
**Applies to**
@@ -32,7 +28,7 @@ When the User Experience Virtualization (UE-V) service is enabled, it creates th
> [!NOTE]
> These tasks must remain enabled, because UE-V cannot function without them.
-These scheduled tasks are not configurable with the UE-V tools. Administrators who want to change the scheduled task for these items can create a script that uses the Schtasks.exe command-line options.
+These scheduled tasks aren't configurable with the UE-V tools. Administrators who want to change the scheduled task for these items can create a script that uses the Schtasks.exe command-line options.
For more information about Schtasks.exe, see [Schtasks](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/cc725744(v=ws.11)).
@@ -42,11 +38,11 @@ The following scheduled tasks are included in UE-V with sample scheduled task co
### Monitor Application Settings
-The **Monitor Application Settings** task is used to synchronize settings for Windows apps. It is runs at logon but is delayed by 30 seconds to not affect the logon detrimentally. The Monitor Application Status task runs the UevAppMonitor.exe file, which is located in the UE-V Agent installation directory.
+The **Monitor Application Settings** task is used to synchronize settings for Windows apps. It's runs at sign in but is delayed by 30 seconds to not affect the logon detrimentally. The Monitor Application Status task runs the UevAppMonitor.exe file, which is located in the UE-V Agent installation directory.
|Task name|Default event|
|--- |--- |
-|\Microsoft\UE-V\Monitor Application Status|Logon|
+|\Microsoft\UE-V\Monitor Application Status|Sign in|
### Sync Controller Application
@@ -54,7 +50,7 @@ The **Sync Controller Application** task is used to start the Sync Controller to
|Task name|Default event|
|--- |--- |
-|\Microsoft\UE-V\Sync Controller Application|Logon, and every 30 minutes thereafter|
+|\Microsoft\UE-V\Sync Controller Application|Sign in, and every 30 minutes thereafter|
For example, the following command configures the agent to synchronize settings every 15 minutes instead of the default 30 minutes.
@@ -64,11 +60,11 @@ Schtasks /change /tn “Microsoft\UE-V\Sync Controller Application” /ri 15
### Synchronize Settings at Logoff
-The **Synchronize Settings at Logoff** task is used to start an application at logon that controls the synchronization of applications at logoff for UE-V. The Synchronize Settings at Logoff task runs the Microsoft.Uev.SyncController.exe file, which is located in the UE-V Agent installation directory.
+The **Synchronize Settings at Logoff** task is used to start an application at sign in that controls the synchronization of applications at sign out for UE-V. The Synchronize Settings at Logoff task runs the Microsoft.Uev.SyncController.exe file, which is located in the UE-V Agent installation directory.
|Task name|Default event|
|--- |--- |
-|\Microsoft\UE-V\Synchronize Settings at Logoff|Logon|
+|\Microsoft\UE-V\Synchronize Settings at Logoff|Sign in|
### Template Auto Update
@@ -92,22 +88,22 @@ The following chart provides additional information about scheduled tasks for UE
|Task Name (file name)|Default Frequency|Power Toggle|Idle Only|Network Connection|Description|
|--- |--- |--- |--- |--- |--- |
-|**Monitor Application Settings** (UevAppMonitor.exe)|Starts 30 seconds after logon and continues until logoff.|No|Yes|N/A|Synchronizes settings for Windows (AppX) apps.|
-|**Sync Controller Application** (Microsoft.Uev.SyncController.exe)|At logon and every 30 min thereafter.|Yes|Yes|Only if Network is connected|Starts the Sync Controller which synchronizes local settings with the settings storage location.|
-|**Synchronize Settings at Logoff** (Microsoft.Uev.SyncController.exe)|Runs at logon and then waits for Logoff to Synchronize settings.|No|Yes|N/A|Start an application at logon that controls the synchronization of applications at logoff.|
-|**Template Auto Update** (ApplySettingsCatalog.exe)|Runs at initial logon and at 3:30 AM every day thereafter.|Yes|No|N/A|Checks the settings template catalog for new, updated, or removed templates. This task only runs if SettingsTemplateCatalog is configured.|
+|**Monitor Application Settings** (UevAppMonitor.exe)|Starts 30 seconds after sign in and continues until sign out.|No|Yes|N/A|Synchronizes settings for Windows (AppX) apps.|
+|**Sync Controller Application** (Microsoft.Uev.SyncController.exe)|At sign in and every 30 min thereafter.|Yes|Yes|Only if Network is connected|Starts the Sync Controller that synchronizes local settings with the settings storage location.|
+|**Synchronize Settings at Logoff** (Microsoft.Uev.SyncController.exe)|Runs at sign in and then waits for sign out to Synchronize settings.|No|Yes|N/A|Start an application at sign in that controls the synchronization of applications at sign out.|
+|**Template Auto Update** (ApplySettingsCatalog.exe)|Runs at initial sign in and at 3:30 AM every day thereafter.|Yes|No|N/A|Checks the settings template catalog for new, updated, or removed templates. This task only runs if SettingsTemplateCatalog is configured.|
**Legend**
- **Power Toggle** – Task Scheduler will optimize power consumption when not connected to AC power. The task might stop running if the computer switches to battery power.
-- **Idle Only** – The task will stop running if the computer ceases to be idle. By default the task will not restart when the computer is idle again. Instead the task will begin again on the next task trigger.
+- **Idle Only** – The task will stop running if the computer ceases to be idle. By default the task won't restart when the computer is idle again. Instead the task will begin again on the next task trigger.
- **Network Connection** – Tasks marked “Yes” only run if the computer has a network connection available. Tasks marked “N/A” run regardless of network connectivity.
### How to Manage Scheduled Tasks
-To find Scheduled Tasks, perform the following:
+To find Scheduled Tasks, perform the following steps:
1. Open “Schedule Tasks” on the user computer.
@@ -121,9 +117,9 @@ The following additional information applies to UE-V scheduled tasks:
- All task sequence programs are located in the UE-V Agent installation folder, `%programFiles%\Microsoft User Experience Virtualization\Agent\[architecture]\`, by default.
-- The Sync Controller Application Scheduled task is the crucial component when the UE-V SyncMethod is set to “SyncProvider” (UE-V default configuration). This scheduled task keeps the SettingsSToragePath synchronized with the locally cached versions of the settings package files. If users complain that settings do not synchronize often enough, then you can reduce the scheduled task setting to as little as 1 minute. You can also increase the 30 min default to a higher amount if necessary.
+- The Sync Controller Application Scheduled task is the crucial component when the UE-V SyncMethod is set to “SyncProvider” (UE-V default configuration). This scheduled task keeps the SettingsSToragePath synchronized with the locally cached versions of the settings package files. If users complain that settings don't synchronize often enough, then you can reduce the scheduled task setting to as little as 1 minute. You can also increase the 30-min default to a higher amount if necessary.
-- You do not need to disable the Template Auto Update scheduled task if you use another method to keep the clients’ templates in sync (i.e. Group Policy or Configuration Manager Baselines). Leaving the SettingsTemplateCatalog property value blank prevents UE-V from checking the settings catalog for custom templates. This scheduled task runs ApplySettingsCatalog.exe and will essentially return immediately.
+- You don't need to disable the Template Auto Update scheduled task if you use another method to keep the clients’ templates in sync (that is, Group Policy or Configuration Manager Baselines). Leaving the SettingsTemplateCatalog property value blank prevents UE-V from checking the settings catalog for custom templates. This scheduled task runs ApplySettingsCatalog.exe and will essentially return immediately.
- The Monitor Application Settings scheduled task will update Windows app (AppX) settings in real time, based on Windows app program setting triggers built into each app.
diff --git a/windows/configuration/ue-v/uev-configuring-uev-with-group-policy-objects.md b/windows/configuration/ue-v/uev-configuring-uev-with-group-policy-objects.md
index 8aa4719d90..249336440f 100644
--- a/windows/configuration/ue-v/uev-configuring-uev-with-group-policy-objects.md
+++ b/windows/configuration/ue-v/uev-configuring-uev-with-group-policy-objects.md
@@ -2,9 +2,6 @@
title: Configuring UE-V with Group Policy Objects
description: In this article, learn how to configure User Experience Virtualization (UE-V) with Group Policy objects.
author: aczechowski
-ms.pagetype: mdop, virtualization
-ms.mktglfcycl: deploy
-ms.sitesec: library
ms.prod: w10
ms.date: 04/19/2017
ms.reviewer:
@@ -13,7 +10,6 @@ ms.author: aaroncz
ms.topic: article
---
-
# Configuring UE-V with Group Policy Objects
**Applies to**
diff --git a/windows/configuration/ue-v/uev-configuring-uev-with-system-center-configuration-manager.md b/windows/configuration/ue-v/uev-configuring-uev-with-system-center-configuration-manager.md
index fa9dda05ab..4377246f93 100644
--- a/windows/configuration/ue-v/uev-configuring-uev-with-system-center-configuration-manager.md
+++ b/windows/configuration/ue-v/uev-configuring-uev-with-system-center-configuration-manager.md
@@ -2,9 +2,6 @@
title: Configuring UE-V with Microsoft Endpoint Configuration Manager
description: Learn how to configure User Experience Virtualization (UE-V) with Microsoft Endpoint Configuration Manager.
author: aczechowski
-ms.pagetype: mdop, virtualization
-ms.mktglfcycl: deploy
-ms.sitesec: library
ms.prod: w10
ms.date: 04/19/2017
ms.reviewer:
@@ -13,7 +10,6 @@ ms.author: aaroncz
ms.topic: article
---
-
# Configuring UE-V with Microsoft Endpoint Manager
**Applies to**
@@ -38,7 +34,7 @@ The UE-V Configuration Pack includes tools to:
|Configuration|Setting|Description|
|--- |--- |--- |
|Max package size|Enable/disable Windows app sync|Wait for sync on application start|
- |Setting import delay|Sync unlisted Windows apps|Wait for sync on logon|
+ |Setting import delay|Sync unlisted Windows apps|Wait for sync on sign in|
|Settings import notification|IT contact URL|Wait for sync timeout|
|Settings storage path|IT contact descriptive text|Settings template catalog path|
|Sync enablement|Tray icon enabled|Start/Stop UE-V agent service|
@@ -91,7 +87,7 @@ The UE-V service policy configuration item CAB file is created using the UevTemp
- **Unmanaged** to have the configuration item left at its current state
- Do not remove lines from this section. Instead, set the DesiredState to ‘Unmanaged’ if you do not want Configuration Manager to alter current or default values.
+ Don't remove lines from this section. Instead, set the DesiredState to ‘Unmanaged’ if you don't want Configuration Manager to alter current or default values.
**CurrentComputerUserPolicy**
All UE-V user level settings. These entries override the machine settings for a user. The DesiredState attribute can be
@@ -102,7 +98,7 @@ The UE-V service policy configuration item CAB file is created using the UevTemp
- **Unmanaged** to have the configuration item left at its current state
- Do not remove lines from this section. Instead, set the DesiredState to ‘Unmanaged’ if you do not want Configuration Manager to alter current or default values.
+ Don't remove lines from this section. Instead, set the DesiredState to ‘Unmanaged’ if you don't want Configuration Manager to alter current or default values.
**Services**
Entries in this section control service operation. The default configuration file contains a single entry for the UevAgentService. The DesiredState attribute can be set to **Running** or **Stopped**.
@@ -116,7 +112,7 @@ The UE-V service policy configuration item CAB file is created using the UevTemp
- **Cleared** to have the entry removed from UE-V control
- Additional lines can be added to this section based on the list of installed Windows apps that can be viewed using the PowerShell cmdlet GetAppxPackage.
+ More lines can be added to this section based on the list of installed Windows apps that can be viewed using the PowerShell cmdlet GetAppxPackage.
**Windows8AppsCurrentComputerUserPolicy**
Identical to the Windows8AppsComputerPolicy with settings that override machine settings for an individual user.
@@ -163,9 +159,9 @@ The result is a baseline CAB file that is ready for import into Configuration Ma
### Create the First UE-V Template Baseline
-1. Create a “master” set of UE-V templates in a stable folder location visible to the machine running your ConfigMgr Admin Console. As templates are added or updated, this folder is where they are pulled for distribution. The initial list of templates can be copied from a machine with UE-V installed. The default template location is C:\\Program Files\\Microsoft User Experience Virtualization\\Templates.
+1. Create a “master” set of UE-V templates in a stable folder location visible to the machine running your ConfigMgr Admin Console. As templates are added or updated, this folder is where they're pulled for distribution. The initial list of templates can be copied from a machine with UE-V installed. The default template location is C:\\Program Files\\Microsoft User Experience Virtualization\\Templates.
-2. Create a text.bat file where you can add the template generator command. This is optional, but will make regeneration simpler if you save the command parameters.
+2. Create a text.bat file where you can add the template generator command. This step is optional, but will make regeneration simpler if you save the command parameters.
3. Add the command and parameters to the .bat file that will generate the baseline. The following example creates a baseline that distributes Notepad and Calculator:
diff --git a/windows/configuration/ue-v/uev-deploy-required-features.md b/windows/configuration/ue-v/uev-deploy-required-features.md
index 1b6513b56d..efe3834122 100644
--- a/windows/configuration/ue-v/uev-deploy-required-features.md
+++ b/windows/configuration/ue-v/uev-deploy-required-features.md
@@ -1,10 +1,7 @@
---
title: Deploy required UE-V features
-description: Learn how to install and configure User Experience Virtualization (UE-V) features, for example a network share that stores and retrieves user settings.
+description: Learn how to install and configure User Experience Virtualization (UE-V) features, for example, a network share that stores and retrieves user settings.
author: aczechowski
-ms.pagetype: mdop, virtualization
-ms.mktglfcycl: deploy
-ms.sitesec: library
ms.prod: w10
ms.date: 04/19/2017
ms.reviewer:
@@ -22,7 +19,7 @@ To get up and running with User Experience Virtualization (UE-V), install and co
- [Deploy a settings storage location](#deploy-a-ue-v-settings-storage-location) that is accessible to end users.
- This is a standard network share that stores and retrieves user settings.
+ This feature is a standard network share that stores and retrieves user settings.
- [Choose the configuration method for UE-V](#choose-the-configuration-method-for-ue-v)
@@ -52,7 +49,7 @@ The settings storage location is defined by setting the SettingsStoragePath conf
- Through [Group Policy](uev-configuring-uev-with-group-policy-objects.md) settings
-- With the [System Center Configuration Pack](uev-configuring-uev-with-system-center-configuration-manager.md) for UE-V
+- With the [Configuration Manager Pack](uev-configuring-uev-with-system-center-configuration-manager.md) for UE-V
- With [Windows PowerShell or Windows Management Instrumentation (WMI)](uev-administering-uev-with-windows-powershell-and-wmi.md)
@@ -88,10 +85,10 @@ The UE-V service dynamically creates a user-specific settings storage path, with
| Creator/owner | Full control | Subfolders and files only |
| Security group of UE-V users | List folder/read data, create folders/append data | This folder only |
-With this configuration, the UE-V service creates and secures a Settingspackage folder while it runs in the context of the user, and grants each user permission to create folders for settings storage. Users receive full control to their Settingspackage folder while other users cannot access it.
+With this configuration, the UE-V service creates and secures a Settingspackage folder while it runs in the context of the user, and grants each user permission to create folders for settings storage. Users receive full control to their Settingspackage folder while other users can't access it.
**Note**
-If you create the settings storage share on a computer running a Windows Server operating system, configure UE-V to verify that either the local Administrators group or the current user is the owner of the folder where settings packages are stored. To enable this additional security, specify this setting in the Windows Server Registry Editor:
+If you create the settings storage share on a computer running a Windows Server operating system, configure UE-V to verify that either the local Administrators group or the current user is the owner of the folder where settings packages are stored. To enable this extra security, specify this setting in the Windows Server Registry Editor:
1. Add a **REG\_DWORD** registry key named **"RepositoryOwnerCheckEnabled"** to **HKEY\_LOCAL\_MACHINE\\Software\\Microsoft\\UEV\\Agent\\Configuration**.
@@ -103,7 +100,7 @@ The UE-V service uses Active Directory (AD) by default if you don’t define a s
## Choose the Configuration Method for UE-V
-You’ll need to decide which configuration method you'll use to manage UE-V after deployment since this will be the configuration method you use to deploy the UE-V Agent. Typically, this is the configuration method that you already use in your environment, such as Windows PowerShell or Configuration Manager.
+You’ll need to decide which configuration method you'll use to manage UE-V after deployment since this configuration method is the one you'll use to deploy the UE-V Agent. Typically, this configuration method is the one that you already use in your environment, such as Windows PowerShell or Configuration Manager.
You can configure UE-V before, during, or after you enable the UE-V service on user devices, depending on the configuration method that you use.
diff --git a/windows/configuration/ue-v/uev-deploy-uev-for-custom-applications.md b/windows/configuration/ue-v/uev-deploy-uev-for-custom-applications.md
index 21f2749843..883ee35328 100644
--- a/windows/configuration/ue-v/uev-deploy-uev-for-custom-applications.md
+++ b/windows/configuration/ue-v/uev-deploy-uev-for-custom-applications.md
@@ -2,9 +2,6 @@
title: Use UE-V with custom applications
description: Use User Experience Virtualization (UE-V) to create your own custom settings location templates with the UE-V template generator.
author: aczechowski
-ms.pagetype: mdop, virtualization
-ms.mktglfcycl: deploy
-ms.sitesec: library
ms.prod: w10
ms.date: 04/19/2017
ms.reviewer:
@@ -18,9 +15,9 @@ ms.topic: article
**Applies to**
- Windows 10, version 1607
-User Experience Virtualization (UE-V) uses XML files called ***settings location templates*** to monitor and synchronize application settings and Windows settings between user devices. By default, some settings location templates are included in UE-V. However, if you want to synchronize settings for desktop applications other than those included in the default templates, you can create your own custom settings location templates with the UE-V template generator.
+User Experience Virtualization (UE-V) uses XML files called ***settings location templates*** to monitor and synchronize application settings and Windows settings between user devices. By default, some settings location templates are included in UE-V. However, if you want to synchronize settings for desktop applications other than those settings included in the default templates, you can create your own custom settings location templates with the UE-V template generator.
-After you’ve reviewed [Prepare a UE-V Deployment](uev-prepare-for-deployment.md) and decided that you want to synchronize settings for custom applications (third-party, line-of-business, e.g.), you’ll need to deploy the features of UE-V described in this topic.
+After you’ve reviewed [Prepare a UE-V Deployment](uev-prepare-for-deployment.md) and decided that you want to synchronize settings for custom applications (for example, third-party, line-of-business), you’ll need to deploy the features of UE-V described in this topic.
To start, here are the main steps required to synchronize settings for custom applications:
@@ -55,7 +52,7 @@ Before you start deploying the UE-V features that handle custom applications, re
### The UE-V template generator
-Use the UE-V template generator to monitor, discover, and capture the locations where Win32 applications store settings. The template generator does not create settings location templates for the following types of applications:
+Use the UE-V template generator to monitor, discover, and capture the locations where Win32 applications store settings. The template generator doesn't create settings location templates for the following types of applications:
- Virtualized applications
@@ -66,11 +63,11 @@ Use the UE-V template generator to monitor, discover, and capture the locations
- Windows applications
>**Note**
-UE-V settings location templates cannot be created from virtualized applications or Terminal Services applications. However, settings that are synchronized by using the templates can be applied to those applications. To create templates that support Virtual Desktop Infrastructure (VDI) and Terminal Services applications, open a version of the Windows Installer (.msi) package of the application by using the UE-V template generator. For more information about synchronizing settings for virtual applications, see [Using UE-V with virtual applications](uev-using-uev-with-application-virtualization-applications.md).
+UE-V settings location templates can't be created from virtualized applications or Terminal Services applications. However, settings that are synchronized by using the templates can be applied to those applications. To create templates that support Virtual Desktop Infrastructure (VDI) and Terminal Services applications, open a version of the Windows Installer (.msi) package of the application by using the UE-V template generator. For more information about synchronizing settings for virtual applications, see [Using UE-V with virtual applications](uev-using-uev-with-application-virtualization-applications.md).
-**Excluded Locations:** The discovery process excludes locations that commonly store application software files that do not synchronize settings well between user computers or computing environments. By default, these are excluded:
+**Excluded Locations:** The discovery process excludes locations that commonly store application software files that don't synchronize settings well between user computers or computing environments. By default, these files are excluded:
-- HKEY\_CURRENT\_USER registry keys and files to which the logged-on user cannot write values
+- HKEY\_CURRENT\_USER registry keys and files to which the signed-in user can't write values
- HKEY\_CURRENT\_USER registry keys and files that are associated with the core functionality of the Windows operating system
@@ -86,7 +83,7 @@ If registry keys and files that are stored in excluded locations are required to
### Replace the default Microsoft templates
-A default group of settings location templates for common Microsoft applications and Windows settings is included with Windows 10, version 1607. If you customize these templates, or create settings location templates to synchronize settings for custom applications, the UE-V service can be configured to use a settings template catalog to store the templates. In this case, you will need to include the default templates with the custom templates in the settings template catalog.
+A default group of settings location templates for common Microsoft applications and Windows settings is included with Windows 10, version 1607. If you customize these templates, or create settings location templates to synchronize settings for custom applications, the UE-V service can be configured to use a settings template catalog to store the templates. In this case, you'll need to include the default templates with the custom templates in the settings template catalog.
>**Important**
After you enable the UE-V service, you’ll need to register the settings location templates using the `Register-UevTemplate` cmdlet in Windows PowerShell.
@@ -98,7 +95,7 @@ If there are customized templates in the settings template catalog that use the
You can replace the default templates by using the UE-V Windows PowerShell features. To replace the default Microsoft template with Windows PowerShell, unregister all of the default Microsoft templates, and then register the customized templates.
-Old settings packages remain in the settings storage location even if you deploy new settings location templates for an application. These packages are not read by the UE-V service, but neither are they automatically deleted.
+Old settings packages remain in the settings storage location even if you deploy new settings location templates for an application. These packages aren't read by the UE-V service, but neither are they automatically deleted.
### Install the UEV template generator
@@ -212,7 +209,7 @@ Use the UE-V template generator to create settings location templates for line-o
11. Click **Close** to close the settings template wizard. Exit the UE-V template generator application.
-12. After you have created the settings location template for an application, test the template. Deploy the template in a lab environment before you put it into production in the enterprise.
+12. After you've created the settings location template for an application, test the template. Deploy the template in a lab environment before you put it into production in the enterprise.
See [Application template schema reference for UE-V](uev-application-template-schema-reference.md) for details about the XML structure of the UE-V settings location template and for guidance about editing these files.
diff --git a/windows/configuration/ue-v/uev-for-windows.md b/windows/configuration/ue-v/uev-for-windows.md
index 9074ddc234..75fab30ab1 100644
--- a/windows/configuration/ue-v/uev-for-windows.md
+++ b/windows/configuration/ue-v/uev-for-windows.md
@@ -2,9 +2,6 @@
title: User Experience Virtualization for Windows 10, version 1607
description: Overview of User Experience Virtualization for Windows 10, version 1607
author: aczechowski
-ms.pagetype: mdop, virtualization
-ms.mktglfcycl: deploy
-ms.sitesec: library
ms.prod: w10
ms.date: 05/02/2017
ms.reviewer:
diff --git a/windows/configuration/ue-v/uev-getting-started.md b/windows/configuration/ue-v/uev-getting-started.md
index 2bb02af5e6..39bbfe1418 100644
--- a/windows/configuration/ue-v/uev-getting-started.md
+++ b/windows/configuration/ue-v/uev-getting-started.md
@@ -2,9 +2,6 @@
title: Get Started with UE-V
description: Use the steps in this article to deploy User Experience Virtualization (UE-V) for the first time in a test environment.
author: aczechowski
-ms.pagetype: mdop, virtualization
-ms.mktglfcycl: deploy
-ms.sitesec: library
ms.prod: w10
ms.date: 03/08/2018
ms.reviewer:
diff --git a/windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md b/windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md
index 9ed8904dec..60b4b6dd82 100644
--- a/windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md
+++ b/windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md
@@ -2,9 +2,6 @@
title: Manage Administrative Backup and Restore in UE-V
description: Learn how an administrator of User Experience Virtualization (UE-V) can back up and restore application and Windows settings to their original state.
author: aczechowski
-ms.pagetype: mdop, virtualization
-ms.mktglfcycl: deploy
-ms.sitesec: library
ms.prod: w10
ms.date: 04/19/2017
ms.reviewer:
@@ -13,13 +10,12 @@ ms.author: aaroncz
ms.topic: article
---
-
# Manage Administrative Backup and Restore in UE-V
**Applies to**
- Windows 10, version 1607
-As an administrator of User Experience Virtualization (UE-V), you can restore application and Windows settings to their original state. You can also restore additional settings when a user adopts a new device.
+As an administrator of User Experience Virtualization (UE-V), you can restore application and Windows settings to their original state. You can also restore more settings when a user adopts a new device.
## Restore Settings in UE-V when a User Adopts a New Device
@@ -34,7 +30,7 @@ Set-UevTemplateProfile -ID -Profile
- <backup> can either be Backup or Roaming
-When replacing a user’s device, UE-V automatically restores settings if the user’s domain, username, and device name all match. All synchronized and any backup data is restored on the device automatically.
+When a user’s device is being replaced, UE-V automatically restores settings if the user’s domain, username, and device name all match. All synchronized and any backup data is restored on the device automatically.
You can also use the Windows PowerShell cmdlet, Restore-UevBackup, to restore settings from a different device. To clone the settings packages for the new device, use the following cmdlet in Windows PowerShell:
@@ -44,7 +40,7 @@ Restore-UevBackup -ComputerName
where <ComputerName> is the computer name of the device.
-Templates such as the Office 2013 template that include many applications can either all be included in the roamed (default) or backed up profile. Individual apps in a template suite follow the group. Office 2013 in-box templates include both roaming and backup-only settings. Backup-only settings cannot be included in a roaming profile.
+Templates such as the Office 2013 template that include many applications can either all be included in the roamed (default) or backed up profile. Individual apps in a template suite follow the group. Office 2013 in-box templates include both roaming and backup-only settings. Backup-only settings can't be included in a roaming profile.
As part of the Backup/Restore feature, UE-V added **last known good (LKG)** to the options for rolling back to settings. In this release, you can roll back to either the original settings or LKG settings. The LKG settings let users roll back to an intermediate and stable point ahead of the pre-UE-V state of the settings.
@@ -78,7 +74,7 @@ Templates designated BackupOnly include settings specific to that device that sh
**Settings packages location within the Settings Storage Location template**
-Roaming Profile settings are stored on the settings storage location. Templates assigned to the Backup or the BackupOnly profile store their settings to the Settings Storage Location in a special Device name directory. Each device with templates in these profiles has its own device name. UE-V does not clean up these directories.
+Roaming Profile settings are stored on the settings storage location. Templates assigned to the Backup or the BackupOnly profile store their settings to the Settings Storage Location in a special Device name directory. Each device with templates in these profiles has its own device name. UE-V doesn't clean up these directories.
**Backup trigger**
@@ -127,7 +123,7 @@ WMI and Windows PowerShell commands let you restore application and Windows sett
|`Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class UserSettings -Name RestoreByTemplateId -ArgumentList `|Restores the user settings for an application or restores a group of Windows settings.|
>[!NOTE]
->UE-V does not provide a settings rollback for Windows apps.
+>UE-V doesn't provide a settings rollback for Windows apps.
## Related topics
diff --git a/windows/configuration/ue-v/uev-manage-configurations.md b/windows/configuration/ue-v/uev-manage-configurations.md
index 4533fb9eb7..a8f2d63d6f 100644
--- a/windows/configuration/ue-v/uev-manage-configurations.md
+++ b/windows/configuration/ue-v/uev-manage-configurations.md
@@ -2,9 +2,6 @@
title: Manage Configurations for UE-V
description: Learn to manage the configuration of the User Experience Virtualization (UE-V) service and also learn to manage storage locations for UE-V resources.
author: aczechowski
-ms.pagetype: mdop, virtualization
-ms.mktglfcycl: deploy
-ms.sitesec: library
ms.prod: w10
ms.date: 04/19/2017
ms.reviewer:
@@ -13,7 +10,6 @@ ms.author: aaroncz
ms.topic: article
---
-
# Manage Configurations for UE-V
**Applies to**
diff --git a/windows/configuration/ue-v/uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md b/windows/configuration/ue-v/uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md
index b36faf10c5..ba5bebadea 100644
--- a/windows/configuration/ue-v/uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md
+++ b/windows/configuration/ue-v/uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md
@@ -2,9 +2,6 @@
title: Managing UE-V Settings Location Templates Using Windows PowerShell and WMI
description: Managing UE-V Settings Location Templates Using Windows PowerShell and WMI
author: aczechowski
-ms.pagetype: mdop, virtualization
-ms.mktglfcycl: deploy
-ms.sitesec: library
ms.prod: w10
ms.date: 04/19/2017
ms.reviewer:
@@ -13,7 +10,6 @@ ms.author: aaroncz
ms.topic: article
---
-
# Managing UE-V Settings Location Templates Using Windows PowerShell and WMI
**Applies to**
diff --git a/windows/configuration/ue-v/uev-managing-uev-agent-and-packages-with-windows-powershell-and-wmi.md b/windows/configuration/ue-v/uev-managing-uev-agent-and-packages-with-windows-powershell-and-wmi.md
index d111d768eb..b6ebd53d9d 100644
--- a/windows/configuration/ue-v/uev-managing-uev-agent-and-packages-with-windows-powershell-and-wmi.md
+++ b/windows/configuration/ue-v/uev-managing-uev-agent-and-packages-with-windows-powershell-and-wmi.md
@@ -2,9 +2,6 @@
title: Manage UE-V Service and Packages with Windows PowerShell and WMI
description: Managing the UE-V service and packages with Windows PowerShell and WMI
author: aczechowski
-ms.pagetype: mdop, virtualization
-ms.mktglfcycl: deploy
-ms.sitesec: library
ms.prod: w10
ms.date: 04/19/2017
ms.reviewer:
@@ -13,7 +10,6 @@ ms.author: aaroncz
ms.topic: article
---
-
# Managing the UE-V service and packages with Windows PowerShell and WMI
**Applies to**
@@ -45,8 +41,8 @@ You can use Windows Management Instrumentation (WMI) and Windows PowerShell to m
|`Set-UevConfiguration -Computer -DisableFirstUseNotification`|Configures the UE-V service to not display notification the first time that the service runs for all users on the computer.|
|`Set-UevConfiguration -Computer -EnableSettingsImportNotify`|Configures the UE-V service to notify all users on the computer when settings synchronization is delayed.
Use the DisableSettingsImportNotify parameter to disable notification.|
|`Set-UevConfiguration -CurrentComputerUser -EnableSettingsImportNotify`|Configures the UE-V service to notify the current user when settings synchronization is delayed.
Use the DisableSettingsImportNotify parameter to disable notification.|
- |`Set-UevConfiguration -Computer -EnableSyncUnlistedWindows8Apps`|Configures the UE-V service to synchronize all Windows apps that are not explicitly disabled by the Windows app list for all users of the computer. For more information, see "Get-UevAppxPackage" in [Managing UE-V Settings Location Templates Using Windows PowerShell and WMI](uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md).
Use the DisableSyncUnlistedWindows8Apps parameter to configure the UE-V service to synchronize only Windows apps that are explicitly enabled by the Windows App List.|
- |`Set-UevConfiguration -CurrentComputerUser - EnableSyncUnlistedWindows8Apps`|Configures the UE-V service to synchronize all Windows apps that are not explicitly disabled by the Windows app list for the current user on the computer. For more information, see "Get-UevAppxPackage" in [Managing UE-V Settings Location Templates Using Windows PowerShell and WMI](uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md).
Use the DisableSyncUnlistedWindows8Apps parameter to configure the UE-V service to synchronize only Windows apps that are explicitly enabled by the Windows App List.|
+ |`Set-UevConfiguration -Computer -EnableSyncUnlistedWindows8Apps`|Configures the UE-V service to synchronize all Windows apps that aren't explicitly disabled by the Windows app list for all users of the computer. For more information, see "Get-UevAppxPackage" in [Managing UE-V Settings Location Templates Using Windows PowerShell and WMI](uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md).
Use the DisableSyncUnlistedWindows8Apps parameter to configure the UE-V service to synchronize only Windows apps that are explicitly enabled by the Windows App List.|
+ |`Set-UevConfiguration -CurrentComputerUser - EnableSyncUnlistedWindows8Apps`|Configures the UE-V service to synchronize all Windows apps that aren't explicitly disabled by the Windows app list for the current user on the computer. For more information, see "Get-UevAppxPackage" in [Managing UE-V Settings Location Templates Using Windows PowerShell and WMI](uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md).
Use the DisableSyncUnlistedWindows8Apps parameter to configure the UE-V service to synchronize only Windows apps that are explicitly enabled by the Windows App List.|
|`Set-UevConfiguration -Computer -DisableSync`|Disables UE-V for all the users on the computer.
Use the EnableSync parameter to enable or re-enable.|
|`Set-UevConfiguration -CurrentComputerUser -DisableSync`|Disables UE-V for the current user on the computer.
Use the EnableSync parameter to enable or re-enable.|
|`Set-UevConfiguration -Computer -EnableTrayIcon`|Enables the UE-V icon in the notification area for all users of the computer.
Use the DisableTrayIcon parameter to disable the icon.|
@@ -101,7 +97,7 @@ You can use Windows Management Instrumentation (WMI) and Windows PowerShell to m
|`$config = Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration`
`$config. = `
`$config.Put()`|Updates a specific per-computer setting. To clear the setting, use $null as the setting value.|
|`$config = Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration`
`$config. = `
`$config.Put()`|Updates a specific per-user setting for all users of the computer. To clear the setting, use $null as the setting value.|
-When you are finished configuring the UE-V service with WMI and Windows PowerShell, the defined configuration is stored in the registry in the following locations.
+When you're finished configuring the UE-V service with WMI and Windows PowerShell, the defined configuration is stored in the registry in the following locations.
`\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\UEV\Agent\Configuration`
diff --git a/windows/configuration/ue-v/uev-migrating-settings-packages.md b/windows/configuration/ue-v/uev-migrating-settings-packages.md
index 026b5fd10f..2716fc1659 100644
--- a/windows/configuration/ue-v/uev-migrating-settings-packages.md
+++ b/windows/configuration/ue-v/uev-migrating-settings-packages.md
@@ -2,9 +2,6 @@
title: Migrating UE-V settings packages
description: Learn to relocate User Experience Virtualization (UE-V) user settings packages either when you migrate to a new server or when you perform backups.
author: aczechowski
-ms.pagetype: mdop, virtualization
-ms.mktglfcycl: deploy
-ms.sitesec: library
ms.prod: w10
ms.date: 04/19/2017
ms.reviewer:
@@ -13,7 +10,6 @@ ms.author: aaroncz
ms.topic: article
---
-
# Migrating UE-V settings packages
**Applies to**
@@ -25,7 +21,7 @@ In the lifecycle of a User Experience Virtualization (UE-V) deployment, you migh
- Migration of a settings storage location share from a test server to a production server
-Simply copying the files and folders does not preserve the security settings and permissions. The following steps describe how to correctly copy the settings package along with their NTFS file system permissions to a new share.
+Simply copying the files and folders doesn't preserve the security settings and permissions. The following steps describe how to correctly copy the settings package along with their NTFS file system permissions to a new share.
**To preserve UE-V settings packages when you migrate to a new server**
diff --git a/windows/configuration/ue-v/uev-prepare-for-deployment.md b/windows/configuration/ue-v/uev-prepare-for-deployment.md
index b2b109d6b6..f44d3f47be 100644
--- a/windows/configuration/ue-v/uev-prepare-for-deployment.md
+++ b/windows/configuration/ue-v/uev-prepare-for-deployment.md
@@ -2,9 +2,6 @@
title: Prepare a UE-V Deployment
description: Learn about the types of User Experience Virtualization (UE-V) deployment you can execute and what preparations you can make beforehand to be successful.
author: aczechowski
-ms.pagetype: mdop, virtualization
-ms.mktglfcycl: deploy
-ms.sitesec: library
ms.prod: w10
ms.date: 04/19/2017
ms.reviewer:
@@ -18,13 +15,13 @@ ms.topic: article
**Applies to**
- Windows 10, version 1607
-Before you deploy User Experience Virtualization (UE-V), review this topic for important information about the type of deployment you’re planning and for preparations you can make beforehand so that your deployment is successful. If you leave this page, be sure to come back and read through the planning information in this topic.
+Before you deploy User Experience Virtualization (UE-V), review this topic for important information about the type of deployment you're planning and for preparations you can make beforehand so that your deployment is successful. If you leave this page, be sure to come back and read through the planning information in this topic.
## Plan your UE-V deployment
With UE-V, you can synchronize user-defined application and operating system settings across all the devices that a user works from. Use UE-V to synchronize settings for Windows applications and custom applications, such as third-party and line-of-business applications.
-Whether you want to synchronize settings for only default Windows applications or for both Windows and custom applications, you’ll need to first deploy the features required to use UE-V.
+Whether you want to synchronize settings for only default Windows applications or for both Windows and custom applications, you'll need to first deploy the features required to use UE-V.
[Deploy required UE-V features](uev-deploy-required-features.md)
@@ -32,7 +29,7 @@ Whether you want to synchronize settings for only default Windows applications o
- [Enable the UE-V service](uev-deploy-required-features.md#enable-the-ue-v-service) on user computers
-If you want to use UE-V to synchronize user-defined settings for custom applications (third-party or line-of-business), you’ll need to install and configure these optional additional UE-V features:
+If you want to use UE-V to synchronize user-defined settings for custom applications (third-party or line-of-business), you’ll need to install and configure these optional extra UE-V features:
[Deploy UE-V for custom applications](uev-deploy-uev-for-custom-applications.md)
@@ -52,11 +49,11 @@ The workflow diagram below illustrates a typical UE-V deployment and the decisio
### Planning a UE-V deployment
-Review the following topics to determine which UE-V components you’ll be deploying.
+Review the following topics to determine which UE-V components you'll be deploying.
- [Decide whether to synchronize settings for custom applications](#decide-whether-to-synchronize-settings-for-custom-applications)
- If you want to synchronize settings for custom applications, you’ll need to install the UE-V template generator. Use the generator to create custom settings location templates, which involves the following tasks:
+ If you want to synchronize settings for custom applications, you'll need to install the UE-V template generator. Use the generator to create custom settings location templates, which involves the following tasks:
- Review the [settings that are synchronized automatically in a UE-V deployment](#settings-automatically-synchronized-in-a-ue-v-deployment).
@@ -82,11 +79,7 @@ This section explains which settings are synchronized by default in UE-V, includ
- A statement of support for Windows applications setting synchronization
-For downloadable UE-V templates, see:
-
-- [Microsoft Authored Office 2016 UE-V Templates](https://gallery.technet.microsoft.com/Authored-Office-2016-32-0dc05cd8)
-
-- [User Experience Virtualization (UE-V) settings templates for Microsoft Office](https://www.microsoft.com/download/details.aspx?id=46367) (for Office 2013 and Office 2010)
+For downloadable UE-V templates, see: [User Experience Virtualization (UE-V) settings templates for Microsoft Office](https://www.microsoft.com/download/details.aspx?id=46367)
### Desktop applications synchronized by default in UE-V
@@ -94,16 +87,16 @@ When you enable the UE-V service on user devices, it registers a default group o
| Application category | Description |
|-----------------------------|-------------------|
-| Microsoft Office 2016 applications [Download a list of all settings synced](https://gallery.technet.microsoft.com/Authored-Office-2016-32-0dc05cd8) | Microsoft Access 2016 Microsoft Lync 2016 Microsoft Excel 2016 Microsoft OneNote 2016 Microsoft Outlook 2016 Microsoft PowerPoint 2016 Microsoft Project 2016 Microsoft Publisher 2016 Microsoft SharePoint Designer 2013 (not updated for 2016) Microsoft Visio 2016 Microsoft Word 2016 Microsoft Office Upload Manager Microsoft Infopath has been removed (deprecated) from the Office 2016 suite |
+| Microsoft Office 2016 applications | Microsoft Access 2016 Microsoft Lync 2016 Microsoft Excel 2016 Microsoft OneNote 2016 Microsoft Outlook 2016 Microsoft PowerPoint 2016 Microsoft Project 2016 Microsoft Publisher 2016 Microsoft SharePoint Designer 2013 (not updated for 2016) Microsoft Visio 2016 Microsoft Word 2016 Microsoft Office Upload Manager Microsoft Infopath has been removed (deprecated) from the Office 2016 suite |
| Microsoft Office 2013 applications [Download a list of all settings synced](https://www.microsoft.com/download/details.aspx?id=46367) | Microsoft Word 2013 Microsoft Excel 2013 Microsoft Outlook 2013 Microsoft Access 2013 Microsoft Project 2013 Microsoft PowerPoint 2013 Microsoft Publisher 2013 Microsoft Visio 2013 Microsoft InfoPath 2013 Microsoft Lync 2013 Microsoft OneNote 2013 Microsoft SharePoint Designer 2013 Microsoft Office 2013 Upload Center Microsoft OneDrive for Business 2013
| Microsoft Office 2010 applications [Download a list of all settings synced](https://www.microsoft.com/download/details.aspx?id=46367) | Microsoft Word 2010 Microsoft Excel 2010 Microsoft Outlook 2010 Microsoft Access 2010 Microsoft Project 2010 Microsoft PowerPoint 2010 Microsoft Publisher 2010 Microsoft Visio 2010 Microsoft SharePoint Workspace 2010 Microsoft InfoPath 2010 Microsoft Lync 2010 Microsoft OneNote 2010 Microsoft SharePoint Designer 2010 |
-| Browser options: Internet Explorer 11 and 10 | Synchronize favorites, home page, tabs, and toolbars. **Note** UE-V does not roam settings for Internet Explorer cookies. |
+| Browser options: Internet Explorer 11 and 10 | Synchronize favorites, home page, tabs, and toolbars. **Note** UE-V doesn't roam settings for Internet Explorer cookies. |
| Windows accessories | Microsoft NotePad, WordPad |
> [!NOTE]
> - An Outlook profile must be created for any device on which a user wants to sync their Outlook signature. If the profile is not already created, the user can create one and then restart Outlook on that device to enable signature synchronization.
>
-> - UE-V does not synchronize settings between the Microsoft Calculator in Windows 10 and the Microsoft Calculator in previous operating systems.
+> - UE-V doesn't synchronize settings between the Microsoft Calculator in Windows 10 and the Microsoft Calculator in previous operating systems.
### Windows settings synchronized by default
@@ -113,17 +106,17 @@ UE-V includes settings location templates that capture settings values for these
|----------------------|-----------------|--------------|---------------|-------------------|
| Desktop background | Currently active desktop background or wallpaper | Log on, unlock, remote connect, Scheduled Task events | Log off, lock, remote disconnect, or scheduled task interval | Enabled |
| Ease of Access | Accessibility and input settings, Microsoft Magnifier, Narrator, and on-Screen Keyboard | Log on only | Log off or scheduled task interval | Enabled |
-| Desktop settings | Start menu and Taskbar settings, folder options, default desktop icons, additional clocks, and region and language settings | Log on only | Log off or scheduled task | Enabled |
+| Desktop settings | Start menu and Taskbar settings, folder options, default desktop icons, more clocks, and region and language settings | Log on only | Log off or scheduled task | Enabled |
> [!IMPORTANT]
-> UE-V roams taskbar settings between Windows 10 devices. However, UE-V does not synchronize taskbar settings between Windows 10 devices and devices running previous operating systems versions.
+> UE-V roams taskbar settings between Windows 10 devices. However, UE-V doesn't synchronize taskbar settings between Windows 10 devices and devices running previous operating systems versions.
| Settings group | Category | Capture | Apply |
|--------------------------|----------------|----------------|--------------|
| **Application Settings** | Windows applications | Close application Windows application settings change event | Start the UE-V App Monitor at startup Open app Windows application settings change event Arrival of a settings package |
| | Desktop applications | Application closes | Application opens and closes |
| **Desktop settings** | Desktop background | Lock or log off | Log on, unlock, remote connect, notification of new package arrival, or scheduled task runs |
-| | Ease of Access (Common – Accessibility, Narrator, Magnifier, On-Screen-Keyboard) | Lock or Log off | Log on |
+| | Ease of Access (Common - Accessibility, Narrator, Magnifier, On-Screen-Keyboard) | Lock or Log off | Log on |
| | Ease of Access (Shell - Audio, Accessibility, Keyboard, Mouse) | Lock or log off | Log on, unlock, remote connect, notification of new package arrival, or scheduled task runs |
| | Desktop settings | Lock or log off | Log on |
@@ -149,11 +142,11 @@ Printer roaming in UE-V requires one of these scenarios:
- The printer driver can be imported from Windows Update.
> [!NOTE]
-> The UE-V printer roaming feature does not roam printer settings or preferences, such as printing double-sided.
+> The UE-V printer roaming feature doesn't roam printer settings or preferences, such as printing double-sided.
### Determine whether you need settings synchronized for other applications
-After you have reviewed the settings that are synchronized automatically in a UE-V deployment, you’ll need to decide whether to synchronize settings for other applications as your decision will determine how you deploy UE-V throughout your enterprise.
+After you've reviewed the settings that are synchronized automatically in a UE-V deployment, you’ll need to decide whether to synchronize settings for other applications as your decision will determine how you deploy UE-V throughout your enterprise.
As an administrator, when you consider which desktop applications to include in your UE-V solution, consider which settings can be customized by users, and how and where the application stores its settings. Not all desktop applications have settings that can be customized or that are routinely customized by users. In addition, not all desktop applications settings can be synchronized safely across multiple devices or environments.
@@ -167,21 +160,21 @@ In general, you can synchronize settings that meet the following criteria:
### Checklist for evaluating custom applications
-If you’ve decided that you need to synchronize settings for custom applications, use this checklist to determine which applications you’ll include.
+If you've decided that you need to synchronize settings for custom applications, use this checklist to determine which applications you'll include.
| | Description |
|-------|--------------------------|
|  | Does this application contain settings that the user can customize? |
|  | Is it important for the user that these settings are synchronized? |
|  | Are these user settings already managed by an application management or settings policy solution? UE-V applies application settings at application startup and Windows settings at logon, unlock, or remote connect events. If you use UE-V with other settings sharing solutions, users might experience inconsistency across synchronized settings. |
-|  | Are the application settings specific to the computer? Application preferences and customizations that are associated with hardware or specific computer configurations do not consistently synchronize across sessions and can cause a poor application experience. |
-|  | Does the application store settings in the Program Files directory or in the file directory that is located in the **Users**\\ \[User name\] \\**AppData**\\**LocalLow** directory? Application data that is stored in either of these locations usually should not synchronize with the user, because this data is specific to the computer or because the data is too large to synchronize. |
-|  | Does the application store any settings in a file that contains other application data that should not synchronize? UE-V synchronizes files as a single unit. If settings are stored in files that include application data other than settings, then synchronizing this additional data can cause a poor application experience.|
+|  | Are the application settings specific to the computer? Application preferences and customizations that are associated with hardware or specific computer configurations don't consistently synchronize across sessions and can cause a poor application experience. |
+|  | Does the application store settings in the Program Files directory or in the file directory that is located in the **Users**\\ \[User name\] \\**AppData**\\**LocalLow** directory? Application data that is stored in either of these locations usually shouldn't synchronize with the user, because this data is specific to the computer or because the data is too large to synchronize. |
+|  | Does the application store any settings in a file that contains other application data that shouldn't synchronize? UE-V synchronizes files as a single unit. If settings are stored in files that include application data other than settings, then synchronizing this extra data can cause a poor application experience.|
|  | How large are the files that contain the settings? The performance of the settings synchronization can be affected by large files. Including large files can affect the performance of settings synchronization. |
## Other considerations when preparing a UE-V deployment
-You should also consider these things when you are preparing to deploy UE-V:
+You should also consider these things when you're preparing to deploy UE-V:
- [Managing credentials synchronization](#managing-credentials-synchronization-in-ue-v)
@@ -199,19 +192,19 @@ You should also consider these things when you are preparing to deploy UE-V:
### Managing credentials synchronization in UE-V
-Many enterprise applications, including Microsoft Outlook, Lync, and Skype for Business prompt users for their domain credentials when they log in. Users have the option of saving their credentials to disk to prevent having to enter them every time they open these applications. Enabling roaming credentials synchronization lets users save their credentials on one computer and avoid re-entering them on every computer they use in their environment. Users can synchronize some domain credentials with UE-V.
+Many enterprise applications, including Microsoft Outlook, Lync, and Skype for Business prompt users for their domain credentials when they log in. Users have the option of saving their credentials to disk to prevent having to enter them every time they open these applications. Enabling roaming credentials synchronization lets users save their credentials on one computer and avoid reentering them on every computer they use in their environment. Users can synchronize some domain credentials with UE-V.
> [!IMPORTANT]
> Credentials synchronization is disabled by default. You must explicitly enable credentials synchronization after you enable the UE-V service to implement this feature.
-UE-V can synchronize enterprise credentials, but does not roam credentials intended only for use on the local device.
+UE-V can synchronize enterprise credentials, but doesn't roam credentials intended only for use on the local device.
-Credentials are synchronous settings, meaning that they are applied to users' profiles the first time they log on to their devices after UE-V synchronizes.
+Credentials are synchronous settings, meaning that they're applied to users' profiles the first time they log on to their devices after UE-V synchronizes.
Credentials synchronization is managed by its own settings location template, which is disabled by default. You can enable or disable this template through the same methods used for other templates. The template identifier for this feature is RoamingCredentialSettings.
> [!IMPORTANT]
-> If you are using Active Directory Credential Roaming in your environment, we recommend that you do not enable the UE-V credential roaming template. Instead, use PowerShell or Group Policy to enable credentials synchronization. Note that credentials are encrypted during synchronization.
+> If you're using Active Directory Credential Roaming in your environment, we recommend that you do not enable the UE-V credential roaming template. Instead, use PowerShell or Group Policy to enable credentials synchronization. Note that credentials are encrypted during synchronization.
[PowerShell](uev-administering-uev-with-windows-powershell-and-wmi.md)**:** Enter this PowerShell cmdlet to enable credential synchronization:
@@ -253,7 +246,7 @@ Credential files saved by applications into the following locations are synchron
- %UserProfile%\\AppData\\Roaming\\Microsoft\\SystemCertificates\\
-Credentials saved to other locations are not synchronized by UE-V.
+Credentials saved to other locations aren't synchronized by UE-V.
### Windows applications settings synchronization
@@ -263,13 +256,13 @@ UE-V manages Windows application settings synchronization in three ways:
- **Windows applications list:** Synchronize a list of Windows applications
-- **Unlisted default sync behavior:** Determine the synchronization behavior of Windows applications that are not in the Windows applications list.
+- **Unlisted default sync behavior:** Determine the synchronization behavior of Windows applications that aren't in the Windows applications list.
For more information, see the [Windows Application List](uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md#win8applist).
### Custom UE-V settings location templates
-If you are deploying UE-V to synchronize settings for custom applications, you’ll use the UE-V template generator to create custom settings location templates for those desktop applications. After you create and test a custom settings location template in a test environment, you can deploy the settings location templates to user devices.
+If you're deploying UE-V to synchronize settings for custom applications, you’ll use the UE-V template generator to create custom settings location templates for those desktop applications. After you create and test a custom settings location template in a test environment, you can deploy the settings location templates to user devices.
Custom settings location templates must be deployed with an existing deployment infrastructure, such as an enterprise software distribution method, including Microsoft Endpoint Configuration Manager, with preferences, or by configuring a UE-V settings template catalog. Templates that are deployed with Configuration Manager or Group Policy must be registered using UE-V WMI or Windows PowerShell.
@@ -289,7 +282,7 @@ UE-V downloads new user settings information from a settings storage location an
- When the Sync Controller Application scheduled task is run
-If UE-V is installed on computer A and computer B, and the settings that you want for the application are on computer A, then computer A should open and close the application first. If the application is opened and closed on computer B first, then the application settings on computer A are configured to the application settings on computer B. Settings are synchronized between computers on per-application basis. Over time, settings become consistent between computers as they are opened and closed with preferred settings.
+If UE-V is installed on computer A and computer B, and the settings that you want for the application are on computer A, then computer A should open and close the application first. If the application is opened and closed on computer B first, then the application settings on computer A are configured to the application settings on computer B. Settings are synchronized between computers on per-application basis. Over time, settings become consistent between computers as they're opened and closed with preferred settings.
This scenario also applies to Windows settings. If the Windows settings on computer B should be the same as the Windows settings on computer A, then the user should log on and log off computer A first.
@@ -301,7 +294,7 @@ Specify your requirements for UE-V with standard disk capacity and network healt
UE-V uses a Server Message Block (SMB) share for the storage of settings packages. The size of settings packages varies depending on the settings information for each application. While most settings packages are small, the synchronization of potentially large files, such as desktop images, can result in poor performance, particularly on slower networks.
-To reduce problems with network latency, create settings storage locations on the same local networks where the users’ computers reside. We recommend 20 MB of disk space per user for the settings storage location.
+To reduce problems with network latency, create settings storage locations on the same local networks where the users' computers reside. We recommend 20 MB of disk space per user for the settings storage location.
By default, UE-V synchronization times out after 2 seconds to prevent excessive lag due to a large settings package. You can configure the SyncMethod=SyncProvider setting by using [Group Policy objects](uev-configuring-uev-with-group-policy-objects.md).
@@ -311,17 +304,17 @@ The UE-V settings storage location and settings template catalog support storing
- Format the storage volume with an NTFS file system.
-- The share can use Distributed File System (DFS) replication, but Distributed File System Replication (DFSR) is specifically not supported. Distributed File System Namespaces (DFSN) are supported. For detailed information, see:
+- The share can use Distributed File System (DFS) replication, but Distributed File System Replication (DFSR) is not supported. Distributed File System Namespaces (DFSN) are supported. For detailed information, see:
- [Deploying Roaming User Profiles](/windows-server/storage/folder-redirection/deploy-roaming-user-profiles)
- [Information about Microsoft support policy for a DFS-R and DFS-N deployment scenario](/troubleshoot/windows-server/networking/support-policy-for-dfsr-dfsn-deployment)
- In addition, because SYSVOL uses DFSR for replication, SYSVOL cannot be used for UE-V data file replication.
+ In addition, because SYSVOL uses DFSR for replication, SYSVOL can't be used for UE-V data file replication.
- Configure the share permissions and NTFS access control lists (ACLs) as specified in [Deploying the settings storage location for UE-V](uev-deploy-required-features.md).
-- Use file server clustering along with the UE-V service to provide access to copies of user state data in the event of communications failures.
+- Use file server clustering along with the UE-V service to provide access to copies of user state data if communications failures occur.
- You can store the settings storage path data (user data) and settings template catalog templates on clustered shares, on DFSN shares, or on both.
@@ -342,7 +335,7 @@ Before you proceed, ensure that your environment meets these requirements for us
> [!NOTE]
> - Windows Server 2012 operating systems come with .NET Framework 4.5 installed. The Windows 10 operating system comes with .NET Framework 4.6 installed.
>
-> - The “Delete Roaming Cache” policy for mandatory profiles is not supported with UE-V and should not be used.
+> - The “Delete Roaming Cache” policy for mandatory profiles isn't supported with UE-V and shouldn't be used.
There are no special random access memory (RAM) requirements specific to UE-V.
@@ -360,7 +353,7 @@ Sync Provider is the default setting for users and synchronizes a local cache wi
A scheduled task manages this synchronization of settings every 30 minutes or through trigger events for certain applications. For more information, see [Changing the frequency of UE-V scheduled tasks](uev-changing-the-frequency-of-scheduled-tasks.md).
-The UE-V service synchronizes user settings for devices that are not always connected to the enterprise network (remote devices and laptops) and devices that are always connected to the network (devices that run Windows Server and host virtual desktop interface (VDI) sessions).
+The UE-V service synchronizes user settings for devices that aren't always connected to the enterprise network (remote devices and laptops) and devices that are always connected to the network (devices that run Windows Server and host virtual desktop interface (VDI) sessions).
**Synchronization for computers with always-available connections** When you use UE-V on devices that are always connected to the network, you must configure the UE-V service to synchronize settings by using the *SyncMethod=None* parameter, which treats the settings storage server as a standard network share. In this configuration, the UE-V service can be configured to notify if the import of the application settings is delayed.
diff --git a/windows/configuration/ue-v/uev-release-notes-1607.md b/windows/configuration/ue-v/uev-release-notes-1607.md
index fdc838991d..743b218e4a 100644
--- a/windows/configuration/ue-v/uev-release-notes-1607.md
+++ b/windows/configuration/ue-v/uev-release-notes-1607.md
@@ -1,10 +1,7 @@
---
title: User Experience Virtualization (UE-V) Release Notes
-description: Read the latest information required to successfully install and use User Experience Virtualization (UE-V) that is not included in the UE-V documentation.
+description: Read the latest information required to successfully install and use User Experience Virtualization (UE-V) that isn't included in the UE-V documentation.
author: aczechowski
-ms.pagetype: mdop, virtualization
-ms.mktglfcycl: deploy
-ms.sitesec: library
ms.prod: w10
ms.date: 04/19/2017
ms.reviewer:
@@ -18,7 +15,7 @@ ms.topic: article
**Applies to**
- Windows 10, version 1607
-This topic includes information required to successfully install and use UE-V that is not included in the User Experience Virtualization (UE-V) documentation. If there are differences between the information in this topic and other UE-V topics, the latest change should be considered authoritative.
+This topic includes information required to successfully install and use UE-V that isn't included in the User Experience Virtualization (UE-V) documentation. If there are differences between the information in this topic and other UE-V topics, the latest change should be considered authoritative.
### Company Settings Center removed in UE-V for Windows 10, version 1607
@@ -47,33 +44,33 @@ When a user generates a valid settings location template for the Skype desktop a
WORKAROUND: Remove or unregister the Skype template to allow Skype to work again.
-### Registry settings do not synchronize between App-V and native applications on the same device
+### Registry settings don't synchronize between App-V and native applications on the same device
-When a device has an application that is installed through both Application Virtualization (App-V) and locally with a Windows Installer (.msi) file, the registry-based settings do not synchronize between the technologies.
+When a device has an application that is installed through both Application Virtualization (App-V) and locally with a Windows Installer (.msi) file, the registry-based settings don't synchronize between the technologies.
WORKAROUND: To resolve this problem, run the application by selecting one of the two technologies, but not both.
### Unpredictable results when both Office 2010 and Office 2013 are installed on the same device
-When a user has both Office 2010 and Office 2013 installed, any common settings between the two versions of Office are roamed by UE-V. This could cause the Office 2010 package size to be large or result in unpredictable conflicts with 2013, particularly if Office 365 is used.
+When a user has both Office 2010 and Office 2013 installed, any common settings between the two versions of Office are roamed by UE-V. This roaming could cause the Office 2010 package size to be large or result in unpredictable conflicts with 2013, particularly if Office 365 is used.
WORKAROUND: Install only one version of Office or limit which settings are synchronized by UE-V.
### Uninstallation and reinstallation of Windows 8 applications reverts settings to initial state
-While using UE-V settings synchronization for a Windows 8 application, if the user uninstalls the application and then reinstalls the application, the application’s settings revert to their default values. This result happens because the uninstall removes the local (cached) copy of the application’s settings but does not remove the local UE-V settings package. When the application is reinstalled and launched, UE-V gathers the application settings that were reset to the application defaults and then uploads the default settings to the central storage location. Other computers running the application then download the default settings. This behavior is identical to the behavior of desktop applications.
+While UE-V settings synchronization is being used for a Windows 8 application, if the user uninstalls the application and then reinstalls the application, the application’s settings revert to their default values. This result happens because the uninstall removes the local (cached) copy of the application’s settings but doesn't remove the local UE-V settings package. When the application is reinstalled and launched, UE-V gathers the application settings that were reset to the application defaults and then uploads the default settings to the central storage location. Other computers running the application then download the default settings. This behavior is identical to the behavior of desktop applications.
WORKAROUND: None.
-### UE-V does not support roaming settings between 32-bit and 64-bit versions of Microsoft Office
+### UE-V doesn't support roaming settings between 32-bit and 64-bit versions of Microsoft Office
-We recommend that you install the 32-bit version of Microsoft Office for both 32-bit and 64-bit operating systems. To choose the Microsoft Office version that you need, click [here](). UE-V supports roaming settings between identical architecture versions of Office. For example, 32-bit Office settings will roam between all 32-bit Office instances. UE-V does not support roaming settings between 32-bit and 64-bit versions of Office.
+We recommend that you install the 32-bit version of Microsoft Office for both 32-bit and 64-bit operating systems. To choose the Microsoft Office version that you need, click [here](). UE-V supports roaming settings between identical architecture versions of Office. For example, 32-bit Office settings will roam between all 32-bit Office instances. UE-V doesn't support roaming settings between 32-bit and 64-bit versions of Office.
WORKAROUND: None
-### Favicons that are associated with Internet Explorer 9 favorites do not roam
+### Favicons that are associated with Internet Explorer 9 favorites don't roam
-The favicons that are associated with Internet Explorer 9 favorites are not roamed by User Experience Virtualization and do not appear when the favorites first appear on a new computer.
+The favicons that are associated with Internet Explorer 9 favorites aren't roamed by User Experience Virtualization and don't appear when the favorites first appear on a new computer.
WORKAROUND: Favicons will appear with their associated favorites once the bookmark is used and cached in the Internet Explorer 9 browser.
@@ -87,7 +84,7 @@ WORKAROUND: Use folder redirection or some other technology to ensure that any f
Keep settings storage paths as short as possible. Long paths could prevent resolution or synchronization. UE-V uses the Settings storage path as part of the calculated path to store settings. That path is calculated in the following way: settings storage path + "settingspackages" + package dir (template ID) + package name (template ID) + .pkgx. If that calculated path exceeds 260 characters, package storage will fail and generate the following error message in the UE-V operational event log:
-\[boost::filesystem::copy\_file: The system cannot find the path specified\]
+\[boost::filesystem::copy\_file: The system can't find the path specified\]
To check the operational log events, open the Event Viewer and navigate to Applications and Services Logs / Microsoft / User Experience Virtualization / Logging / Operational.
@@ -95,7 +92,7 @@ WORKAROUND: None.
### Some operating system settings only roam between like operating system versions
-Operating system settings for Narrator and currency characters specific to the locale (that is, language and regional settings) will only roam across like operating system versions of Windows. For example, currency characters will not roam between Windows 7 and Windows 8.
+Operating system settings for Narrator and currency characters specific to the locale (that is, language and regional settings) will only roam across like operating system versions of Windows. For example, currency characters won't roam between Windows 7 and Windows 8.
WORKAROUND: None
diff --git a/windows/configuration/ue-v/uev-security-considerations.md b/windows/configuration/ue-v/uev-security-considerations.md
index d692ba9f46..d6c504b837 100644
--- a/windows/configuration/ue-v/uev-security-considerations.md
+++ b/windows/configuration/ue-v/uev-security-considerations.md
@@ -2,9 +2,6 @@
title: Security Considerations for UE-V
description: Learn about accounts and groups, log files, and other security-related considerations for User Experience Virtualization (UE-V).
author: aczechowski
-ms.pagetype: mdop, virtualization
-ms.mktglfcycl: deploy
-ms.sitesec: library
ms.prod: w10
ms.date: 04/19/2017
ms.reviewer:
@@ -13,7 +10,6 @@ ms.author: aaroncz
ms.topic: article
---
-
# Security Considerations for UE-V
**Applies to**
@@ -27,13 +23,13 @@ This topic contains a brief overview of accounts and groups, log files, and othe
> [!IMPORTANT]
> When you create the settings storage share, limit the share access to users who require access.
-Because settings packages might contain personal information, you should take care to protect them as well as possible. In general, do the following:
+Because settings packages might contain personal information, you should take care to protect them as much as possible. In general, do the following steps:
- Restrict the share to only those users who require access. Create a security group for users who have redirected folders on a particular share and limit access to only those users.
-- When you create the share, hide the share by putting a $ after the share name. This addition hides the share from casual browsers, and the share is not visible in My Network Places.
+- When you create the share, hide the share by putting a $ after the share name. This addition hides the share from casual browsers, and the share isn't visible in My Network Places.
-- Only give users the minimum amount of permissions that they must have. The following tables show the required permissions.
+- Only give users the minimum number of permissions that they must have. The following tables show the required permissions.
1. Set the following share-level SMB permissions for the setting storage location folder.
@@ -63,10 +59,10 @@ Because settings packages might contain personal information, you should take ca
|User account|Recommended permissions|Apply to|
|--- |--- |--- |
- |Creator/Owner|Full control|This folder, sub-folders, and files|
- |Domain Computers|List folder contents and Read permissions|This folder, sub-folders, and files|
+ |Creator/Owner|Full control|This folder, subfolders, and files|
+ |Domain Computers|List folder contents and Read permissions|This folder, subfolders, and files|
|Everyone|No permissions|No permissions|
- |Administrators|Full Control|This folder, sub-folders, and files|
+ |Administrators|Full Control|This folder, subfolders, and files|
### Use Windows Server as of Windows Server 2003 to host redirected file shares
@@ -76,9 +72,9 @@ User settings data is vulnerable to these potential threats: interception of the
As of Windows Server 2003, several features of the Windows Server operating system can help secure user data:
-- **Kerberos** - Kerberos is standard on all versions of Microsoft Windows 2000 Server and Windows Server beginning with Windows Server 2003. Kerberos ensures the highest level of security to network resources. NTLM authenticates the client only; Kerberos authenticates the server and the client. When NTLM is used, the client does not know whether the server is valid. This difference is particularly important if the client exchanges personal files with the server, as is the case with Roaming User Profiles. Kerberos provides better security than NTLM. Kerberos is not available on the Microsoft Windows NT Server 4.0 or earlier operating systems.
+- **Kerberos** - Kerberos is standard on all versions of Microsoft Windows 2000 Server and Windows Server beginning with Windows Server 2003. Kerberos ensures the highest level of security to network resources. NTLM authenticates the client only; Kerberos authenticates the server and the client. When NTLM is used, the client doesn't know whether the server is valid. This difference is important if the client exchanges personal files with the server, as is the case with Roaming User Profiles. Kerberos provides better security than NTLM. Kerberos isn't available on the Microsoft Windows NT Server 4.0 or earlier operating systems.
-- **IPsec** - The IP Security Protocol (IPsec) provides network-level authentication, data integrity, and encryption. IPsec ensures the following:
+- **IPsec** - The IP Security Protocol (IPsec) provides network-level authentication, data integrity, and encryption. IPsec ensures that:
- Roamed data is safe from data modification while data is en route.
@@ -86,23 +82,23 @@ As of Windows Server 2003, several features of the Windows Server operating sys
- Roamed data is safe from access by unauthenticated parties.
-- **SMB Signing** - The Server Message Block (SMB) authentication protocol supports message authentication, which prevents active message and "man-in-the-middle" attacks. SMB signing provides this authentication by placing a digital signature into each SMB. The digital signature is then verified by both the client and the server. In order to use SMB signing, you must first either enable it, or you must require it on both the SMB client and the SMB server. Note that the SMB signing imposes a performance penalty. It does not consume any more network bandwidth, but it uses more CPU cycles on the client and server side.
+- **SMB Signing** - The Server Message Block (SMB) authentication protocol supports message authentication, which prevents active message and "man-in-the-middle" attacks. SMB signing provides this authentication by placing a digital signature into each SMB. The digital signature is then verified by both the client and the server. In order to use SMB signing, you must first either enable it, or you must require it on both the SMB client and the SMB server. The SMB signing imposes a performance penalty. It doesn't consume any more network bandwidth, but it uses more CPU cycles on the client and server side.
### Always use the NTFS file system for volumes that hold user data
For the most secure configuration, configure servers that host the UE-V settings files to use the NTFS file system. Unlike the FAT file system, NTFS supports Discretionary access control lists (DACLs) and system access control lists (SACLs). DACLs and SACLs control who can perform operations on a file and what events trigger the logging of actions that is performed on a file.
-### Do not rely on EFS to encrypt user files when they are transmitted over the network
+### Don't rely on EFS to encrypt user files when they're transmitted over the network
-When you use the Encrypting File System (EFS) to encrypt files on a remote server, the encrypted data is not encrypted during transit over the network; it only becomes encrypted when it is stored on disk.
+When you use the Encrypting File System (EFS) to encrypt files on a remote server, the encrypted data isn't encrypted during transit over the network; it only becomes encrypted when it's stored on disk.
-This encryption process does not apply when your system includes Internet Protocol security (IPsec) or Web Distributed Authoring and Versioning (WebDAV). IPsec encrypts data while it is transported over a TCP/IP network. If the file is encrypted before it is copied or moved to a WebDAV folder on a server, it remains encrypted during the transmission and while it is stored on the server.
+This encryption process doesn't apply when your system includes Internet Protocol security (IPsec) or Web Distributed Authoring and Versioning (WebDAV). IPsec encrypts data while it's transported over a TCP/IP network. If the file is encrypted before it's copied or moved to a WebDAV folder on a server, it remains encrypted during the transmission and while it's stored on the server.
### Let the UE-V service create folders for each user
To ensure that UE-V works optimally, create only the root share on the server, and let the UE-V service create the folders for each user. UE-V creates these user folders with the appropriate security.
-This permission configuration enables users to create folders for settings storage. The UE-V service creates and secures a settings package folder while it runs in the context of the user. Users receive full control to their settings package folder. Other users do not inherit access to this folder. You do not have to create and secure individual user directories. The UE-V service that runs in the context of the user does it automatically.
+This permission configuration enables users to create folders for settings storage. The UE-V service creates and secures a settings package folder while it runs in the context of the user. Users receive full control to their settings package folder. Other users don't inherit access to this folder. You don't have to create and secure individual user directories. The UE-V service that runs in the context of the user does it automatically.
> [!NOTE]
> Additional security can be configured when a Windows Server is used for the settings storage share. UE-V can be configured to verify that either the local Administrators group or the current user is the owner of the folder where settings packages are stored. To enable additional security, use the following command:
@@ -111,12 +107,12 @@ This permission configuration enables users to create folders for settings stora
2. Set the registry key value to *1*.
-When this configuration setting is in place, the UE-V service verifies that the local Administrators group or current user is the owner of the settings package folder. If not, then the UE-V service does not grant access to the folder.
+When this configuration setting is in place, the UE-V service verifies that the local Administrators group or current user is the owner of the settings package folder. If not, then the UE-V service doesn't grant access to the folder.
If you must create folders for the users, ensure that you have the correct permissions set.
-We strongly recommend that you do not pre-create folders. Instead, let the UE-V service create the folder for the user.
+We strongly recommend that you don't pre-create folders. Instead, let the UE-V service create the folder for the user.
### Ensure correct permissions to store UE-V 2 settings in a home directory or custom directory
@@ -124,9 +120,9 @@ If you redirect UE-V settings to a user’s home directory or a custom Active Di
### Review the contents of settings location templates and control access to them as needed
-When creating a settings location template, the UE-V generator uses a Lightweight Directory Access Protocol (LDAP) query to get username and email address of the current logged in user. This information is stored in the template as the template author name and template author email. (None of this information is sent to Microsoft.)
+When a settings location template is being created, the UE-V generator uses a Lightweight Directory Access Protocol (LDAP) query to get username and email address of the current logged in user. This information is stored in the template as the template author name and template author email. (None of this information is sent to Microsoft.)
-If you plan to share settings location templates with anyone outside your organization you should review all the settings locations and ensure the settings location templates do not contain any personal or company information. You can view the contents by opening the settings location template files using any XML viewer. The following are ways you can view and remove any personal or company information from the settings location template files before sharing with anyone outside your company:
+If you plan to share settings location templates with anyone outside your organization, you should review all the settings locations and ensure the settings location templates don't contain any personal or company information. You can view the contents by opening the settings location template files using any XML viewer. The following are ways you can view and remove any personal or company information from the settings location template files before sharing with anyone outside your company:
- **Template Author Name** – Specify a general, non-identifying name for the template author name or exclude this data from the template.
diff --git a/windows/configuration/ue-v/uev-sync-methods.md b/windows/configuration/ue-v/uev-sync-methods.md
index 6eea46080c..0bfc613f89 100644
--- a/windows/configuration/ue-v/uev-sync-methods.md
+++ b/windows/configuration/ue-v/uev-sync-methods.md
@@ -2,9 +2,6 @@
title: Sync Methods for UE-V
description: Learn how User Experience Virtualization (UE-V) service sync methods let you synchronize users’ application and Windows settings with the settings storage location.
author: aczechowski
-ms.pagetype: mdop, virtualization
-ms.mktglfcycl: deploy
-ms.sitesec: library
ms.prod: w10
ms.date: 04/19/2017
ms.reviewer:
@@ -28,13 +25,13 @@ This table provides a description of each SyncMethod configuration:
|------------------------------|---------------------|
| SyncProvider (Default) | Settings changes for a specific application or for global Windows desktop settings are saved locally to a cache folder. These changes are then synchronized with the settings storage location when a synchronization trigger event takes place. Pushing out changes will save the local changes to the settings storage path. This default setting is the gold standard for computers. This option attempts to synchronize the setting and times out after a short delay to ensure that the application or operating system startup isn’t delayed for a long period of time. This functionality is also tied to the Scheduled task – Sync Controller Application. The administrator controls the frequency of the Scheduled task. By default, computers synchronize their settings every 30 min after logging on. |
| External | This configuration method specifies that if UE-V settings are written to a local folder on the user computer, then any external sync engine (such as OneDrive for Business, Work Folders, Sharepoint, or Dropbox) can be used to apply these settings to the different computers that users access. |
-| None | This configuration setting is designed for the Virtual Desktop Infrastructure (VDI) and Streamed Application experience primarily. This setting should be used on computers running the Windows Server operating system in a datacenter, where the connection will always be available. Any settings changes are saved directly to the server. If the network connection to the settings storage path is not available, then the settings changes are cached on the device and are synchronized the next time that the Sync Provider runs. If the settings storage path is not found and the user profile is removed from a pooled VDI environment on logoff, then these settings changes are lost, and the user must reapply the change when the computer can again reach the settings storage path. Apps and OS will wait indefinitely for the location to be present. This could cause App load or OS logon time to dramatically increase if the location is not found. |
+| None | This configuration setting is designed for the Virtual Desktop Infrastructure (VDI) and Streamed Application experience primarily. This setting should be used on computers running the Windows Server operating system in a datacenter, where the connection will always be available. Any settings changes are saved directly to the server. If the network connection to the settings storage path isn't available, then the settings changes are cached on the device and are synchronized the next time that the Sync Provider runs. If the settings storage path isn't found and the user profile is removed from a pooled VDI environment on sign out, then these settings changes are lost, and the user must reapply the change when the computer can again reach the settings storage path. Apps and OS will wait indefinitely for the location to be present. This waiting period could cause App load or OS sign-in time to dramatically increase if the location isn't found. |
You can configure the sync method in these ways:
- Through [Group Policy](uev-configuring-uev-with-group-policy-objects.md) settings
-- With the [System Center Configuration Pack](uev-configuring-uev-with-system-center-configuration-manager.md) for UE-V
+- With the [Configuration Manager Pack](uev-configuring-uev-with-system-center-configuration-manager.md) for UE-V
- With [Windows PowerShell or Windows Management Instrumentation (WMI)](uev-administering-uev-with-windows-powershell-and-wmi.md)
diff --git a/windows/configuration/ue-v/uev-sync-trigger-events.md b/windows/configuration/ue-v/uev-sync-trigger-events.md
index 414b095f83..a396907df5 100644
--- a/windows/configuration/ue-v/uev-sync-trigger-events.md
+++ b/windows/configuration/ue-v/uev-sync-trigger-events.md
@@ -2,9 +2,6 @@
title: Sync Trigger Events for UE-V
description: Learn how User Experience Virtualization (UE-V) lets you synchronize your application and Windows settings across all your domain-joined devices.
author: aczechowski
-ms.pagetype: mdop, virtualization
-ms.mktglfcycl: deploy
-ms.sitesec: library
ms.prod: w10
ms.date: 04/19/2017
ms.reviewer:
diff --git a/windows/configuration/ue-v/uev-synchronizing-microsoft-office-with-uev.md b/windows/configuration/ue-v/uev-synchronizing-microsoft-office-with-uev.md
index ea4f3d49bd..56ff1970cc 100644
--- a/windows/configuration/ue-v/uev-synchronizing-microsoft-office-with-uev.md
+++ b/windows/configuration/ue-v/uev-synchronizing-microsoft-office-with-uev.md
@@ -2,9 +2,6 @@
title: Synchronizing Microsoft Office with UE-V
description: Learn how User Experience Virtualization (UE-V) supports the synchronization of Microsoft Office application settings.
author: aczechowski
-ms.pagetype: mdop, virtualization
-ms.mktglfcycl: deploy
-ms.sitesec: library
ms.prod: w10
ms.date: 04/19/2017
ms.reviewer:
@@ -13,7 +10,6 @@ ms.author: aaroncz
ms.topic: article
---
-
# Synchronizing Office with UE-V
**Applies to**
@@ -21,14 +17,13 @@ ms.topic: article
Microsoft User Experience Virtualization (UE-V) supports the synchronization of Microsoft Office application settings. The combination of UE-V and App-V support for Office enables the same experience on virtualized instances of Office from any UE-V-enabled device or virtualized desktop.
-To synchronize Office applications settings, you can download Office templates from the [User Experience Virtualization (UE-V) Template Gallery](https://gallery.technet.microsoft.com/site/search?f%5B0%5D.Type=RootCategory&f%5B0%5D.Value=UE-V&f%5B0%5D.Text=UE-V). This resource provides Microsoft-authored UE-V settings location templates as well as community-developed settings location templates.
-
+To synchronize Office applications settings, you can download Office templates from the [User Experience Virtualization (UE-V) Template Gallery](https://gallery.technet.microsoft.com/site/search?f%5B0%5D.Type=RootCategory&f%5B0%5D.Value=UE-V&f%5B0%5D.Text=UE-V). This resource provides Microsoft-authored UE-V settings location templates and community-developed settings location templates.
## Microsoft Office support in UE-V
UE-V includes settings location templates for Microsoft Office 2016, 2013, and 2010. In previous versions of UE-V, settings location templates for Office 2013 and Office 2010 were distributed and registered when you installed the UE-V agent. Now that UE-V is a feature in Windows 10, version 1607, settings location templates are installed when you install or upgrade to the new operating system.
-These templates help synchronize users’ Office experience between devices. Microsoft Office 2016 settings roamed by Office 365 experience are not included in these settings. For a list of Office 365-specific settings, see [Overview of user and roaming settings for Office](/previous-versions/office/office-2013-resource-kit/jj733593(v=office.15)).
+These templates help synchronize users’ Office experience between devices. Microsoft Office 2016 settings roamed by Office 365 experience aren't included in these settings. For a list of Office 365-specific settings, see [Overview of user and roaming settings for Office](/previous-versions/office/office-2013-resource-kit/jj733593(v=office.15)).
## Synchronized Office Settings
@@ -49,7 +44,6 @@ Review the following tables for details about Office support in UE-V:
## Deploying Office templates
-
You can deploy UE-V settings location template with the following methods:
- **Registering template with PowerShell**. If you use Windows PowerShell to manage computers, run the following Windows PowerShell command as Administrator to register this settings location template:
@@ -60,6 +54,6 @@ You can deploy UE-V settings location template with the following methods:
For more information about using UE-V and Windows PowerShell, see [Managing UE-V settings location templates using Windows PowerShell and WMI](uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md).
-- **Registering template with Template Catalog Path**. If you use the Settings Template Catalog Path to manage templates on users’ computers, copy the Office template into the folder defined in the UE-V service. The next time the Template Auto Update (ApplySettingsCatalog.exe) scheduled task runs, the settings location template will be registered on the device. For more information, see [Deploy a settings template catalog](uev-deploy-uev-for-custom-applications.md).
+- **Registering template with Template Catalog Path**. If you use the Settings Template Catalog Path to manage templates on users' computers, copy the Office template into the folder defined in the UE-V service. The next time the Template Auto Update (ApplySettingsCatalog.exe) scheduled task runs, the settings location template will be registered on the device. For more information, see [Deploy a settings template catalog](uev-deploy-uev-for-custom-applications.md).
-- **Registering template with Configuration Manager**. If you use Configuration Manager to manage your UE-V settings storage templates, recreate the Template Baseline CAB, import it into Configuration Manager, and then deploy the baseline to user devices.
\ No newline at end of file
+- **Registering template with Configuration Manager**. If you use Configuration Manager to manage your UE-V settings storage templates, recreate the Template Baseline CAB, import it into Configuration Manager, and then deploy the baseline to user devices.
diff --git a/windows/configuration/ue-v/uev-technical-reference.md b/windows/configuration/ue-v/uev-technical-reference.md
index cac53df19c..f5a9059d3e 100644
--- a/windows/configuration/ue-v/uev-technical-reference.md
+++ b/windows/configuration/ue-v/uev-technical-reference.md
@@ -2,9 +2,6 @@
title: Technical Reference for UE-V
description: Use this technical reference to learn about the various features of User Experience Virtualization (UE-V).
author: aczechowski
-ms.pagetype: mdop, virtualization
-ms.mktglfcycl: deploy
-ms.sitesec: library
ms.prod: w10
ms.date: 04/19/2017
ms.reviewer:
@@ -13,7 +10,6 @@ ms.author: aaroncz
ms.topic: article
---
-
# Technical Reference for UE-V
**Applies to**
diff --git a/windows/configuration/ue-v/uev-troubleshooting.md b/windows/configuration/ue-v/uev-troubleshooting.md
index a940df7833..3bf804b17d 100644
--- a/windows/configuration/ue-v/uev-troubleshooting.md
+++ b/windows/configuration/ue-v/uev-troubleshooting.md
@@ -2,9 +2,6 @@
title: Troubleshooting UE-V
description: Use this technical reference to find resources for troubleshooting User Experience Virtualization (UE-V) for Windows 10.
author: aczechowski
-ms.pagetype: mdop, virtualization
-ms.mktglfcycl: deploy
-ms.sitesec: library
ms.prod: w10
ms.date: 04/19/2017
ms.reviewer:
@@ -13,7 +10,6 @@ ms.author: aaroncz
ms.topic: article
---
-
# Troubleshooting UE-V
**Applies to**
diff --git a/windows/configuration/ue-v/uev-upgrade-uev-from-previous-releases.md b/windows/configuration/ue-v/uev-upgrade-uev-from-previous-releases.md
index 7cae468ca9..226fe3c440 100644
--- a/windows/configuration/ue-v/uev-upgrade-uev-from-previous-releases.md
+++ b/windows/configuration/ue-v/uev-upgrade-uev-from-previous-releases.md
@@ -2,9 +2,6 @@
title: Upgrade to UE-V for Windows 10
description: Use these few adjustments to upgrade from User Experience Virtualization (UE-V) 2.x to the latest version of UE-V.
author: aczechowski
-ms.pagetype: mdop, virtualization
-ms.mktglfcycl: deploy
-ms.sitesec: library
ms.prod: w10
ms.date: 04/19/2017
ms.reviewer:
diff --git a/windows/configuration/ue-v/uev-using-uev-with-application-virtualization-applications.md b/windows/configuration/ue-v/uev-using-uev-with-application-virtualization-applications.md
index fb8d02a2a7..0396b91e54 100644
--- a/windows/configuration/ue-v/uev-using-uev-with-application-virtualization-applications.md
+++ b/windows/configuration/ue-v/uev-using-uev-with-application-virtualization-applications.md
@@ -2,9 +2,6 @@
title: Using UE-V with Application Virtualization applications
description: Learn how to use User Experience Virtualization (UE-V) with Microsoft Application Virtualization (App-V).
author: aczechowski
-ms.pagetype: mdop, virtualization
-ms.mktglfcycl: deploy
-ms.sitesec: library
ms.prod: w10
ms.date: 04/19/2017
ms.reviewer:
@@ -19,7 +16,7 @@ ms.topic: article
**Applies to**
- Windows 10, version 1607
-User Experience Virtualization (UE-V) supports Microsoft Application Virtualization (App-V) applications without any required modifications to either the App-V package or the UE-V template. However, an additional step is required because you cannot run the UE-V template generator directly on a virtualized App-V application. Instead, you must install the application locally, generate the template, and then apply the template to the virtualized application. UE-V supports App-V for Windows 10 packages and App-V 5.0 packages.
+User Experience Virtualization (UE-V) supports Microsoft Application Virtualization (App-V) applications without any required modifications to either the App-V package or the UE-V template. However, another step is required because you can't run the UE-V template generator directly on a virtualized App-V application. Instead, you must install the application locally, generate the template, and then apply the template to the virtualized application. UE-V supports App-V for Windows 10 packages and App-V 5.0 packages.
## UE-V settings synchronization for App-V applications
@@ -29,7 +26,7 @@ UE-V monitors when an application opens by the program name and, optionally, by
1. Run the UE-V template generator to collect the settings of the locally installed application whose settings you want to synchronize between computers. This process creates a settings location template. If you use a built-in template such as a Microsoft Office template, skip this step. For more information about using the UE-V template generator, see [Deploy UE-V for custom applications](uev-deploy-uev-for-custom-applications.md).
-2. Install the App-V application package if you have not already done so.
+2. Install the App-V application package if you haven't already done so.
3. Publish the template to the location of your settings template catalog or manually install the template by using the `Register-UEVTemplate` Windows PowerShell cmdlet.
diff --git a/windows/configuration/ue-v/uev-whats-new-in-uev-for-windows.md b/windows/configuration/ue-v/uev-whats-new-in-uev-for-windows.md
index 3240b7bcfa..a0b47df0de 100644
--- a/windows/configuration/ue-v/uev-whats-new-in-uev-for-windows.md
+++ b/windows/configuration/ue-v/uev-whats-new-in-uev-for-windows.md
@@ -2,9 +2,6 @@
title: What's New in UE-V for Windows 10, version 1607
description: Learn about what's new in User Experience Virtualization (UE-V) for Windows 10, including new features and capabilities.
author: aczechowski
-ms.pagetype: mdop, virtualization
-ms.mktglfcycl: deploy
-ms.sitesec: library
ms.prod: w10
ms.date: 04/19/2017
ms.reviewer:
@@ -13,22 +10,22 @@ ms.author: aaroncz
ms.topic: article
---
-# What's New in UE-V
+# What's new in UE-V
**Applies to**
- Windows 10, version 1607
-User Experience Virtualization (UE-V) for Windows 10, version 1607, includes these new features and capabilities compared to UE-V 2.1. See [UE-V Release notes](uev-release-notes-1607.md) for more information about the UE-V for Windows 10, version 1607 release.
+User Experience Virtualization (UE-V) for Windows 10, version 1607, includes these new features and capabilities compared to UE-V 2.1. For more information about the UE-V for Windows 10, version 1607 release, see [UE-V Release notes](uev-release-notes-1607.md).
-## UE-V is now a feature in Windows 10
+## UE-V is a feature in Windows 10
-With Windows 10, version 1607 and later releases, UE-V is included with [Windows 10 for Enterprise](https://www.microsoft.com/WindowsForBusiness/windows-for-enterprise) and is no longer part of the Microsoft Desktop Optimization Pack.
+With Windows 10, version 1607 and later releases, UE-V is included with Windows Enterprise. It's no longer part of the Microsoft Desktop Optimization Pack.
The changes in UE-V for Windows 10, version 1607 impact already existing implementations of UE-V in the following ways:
-- The UE-V Agent is replaced by the UE-V service. The UE-V service is installed with Windows 10, version 1607 and no longer has to be deployed separately. Performing an in-place upgrade to Windows 10, version 1607, on user devices automatically installs the UE-V service, migrates users’ UE-V configurations, and updates the settings storage path.
+- The UE-V Agent is replaced by the UE-V service. The UE-V service is installed with Windows 10, version 1607 and no longer has to be deployed separately. Performing an in-place upgrade to Windows 10, version 1607, on user devices automatically installs the UE-V service, migrates users' UE-V configurations, and updates the settings storage path.
-- The UE-V template generator is available from the Windows 10 ADK. In previous releases of UE-V, the template generator was included in the Microsoft Desktop Optimization Pack. Although you’ll need to use the new template generator to create new settings location templates, existing settings location templates will continue to work.
+- The UE-V template generator is available from the Windows 10 ADK. In previous releases of UE-V, the template generator was included in the Microsoft Desktop Optimization Pack. Although you'll need to use the new template generator to create new settings location templates, existing settings location templates will continue to work.
- The Company Settings Center was removed and is no longer available on user devices. Users can no longer manage their synchronized settings.
@@ -36,11 +33,11 @@ The changes in UE-V for Windows 10, version 1607 impact already existing impleme
For more information about how to configure an existing UE-V installation after upgrading user devices to Windows 10, see [Upgrade to UE-V for Windows 10](uev-upgrade-uev-from-previous-releases.md).
-> **Important** You can upgrade your existing UE-V installation to Windows 10 from UE-V versions 2.1 or 2.0 only. If you are using a previous version of UE-V, you’ll need to upgrade from that version to UE-V 2.x before you upgrade to Windows 10.
+> **Important** You can upgrade your existing UE-V installation to Windows 10 from UE-V versions 2.1 or 2.0 only. If you are using a previous version of UE-V, you'll need to upgrade from that version to UE-V 2.x before you upgrade to Windows 10.
## New UE-V template generator is available from the Windows 10 ADK
-UE-V for Windows 10 includes a new template generator, available from a new location. If you are upgrading from an existing UE-V installation, you’ll need to use the new generator to create settings location templates. The UE-V for Windows 10 template generator is now available in the [Windows 10 Assessment and Deployment Kit](https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit) (Windows ADK).
+UE-V for Windows 10 includes a new template generator, available from a new location. If you're upgrading from an existing UE-V installation, you’ll need to use the new generator to create settings location templates. The UE-V for Windows 10 template generator is now available in the [Windows 10 Assessment and Deployment Kit](https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit) (Windows ADK).
## Company Settings Center removed in UE-V for Windows 10, version 1607
@@ -50,7 +47,8 @@ With the release of Windows 10, version 1607, the Company Settings Center was re
Administrators can still define which user-customized application settings can synchronize (roam) with Group Policy or Windows PowerShell.
-**Note** With the removal of the Company Settings Center, the following group policies are no longer applicable:
+>[!Note]
+>With the removal of the Company Settings Center, the following group policies are no longer applicable:
- Contact IT Link Text
- Contact IT URL
@@ -60,32 +58,33 @@ Administrators can still define which user-customized application settings can s
With Windows 10, version 1607, users can synchronize Windows application settings and Windows operating system settings to Azure instead of to OneDrive. You can use the Windows 10 enterprise sync functionality together with UE-V for on-premises domain-joined devices only.
-In hybrid cloud environments, UE-V can roam Win32 applications on-premises while [Enterprise State Roaming](/azure/active-directory/devices/enterprise-state-roaming-overview) (ESR) can roam the rest, e.g., Windows and desktop settings, themes, colors, etc., to an Azure cloud installation.
+In hybrid cloud environments, UE-V can roam Win32 applications on-premises while [Enterprise State Roaming](/azure/active-directory/devices/enterprise-state-roaming-overview) (ESR) can roam the rest, for example, Windows and desktop settings, themes, colors, and so on, to an Azure cloud installation.
To configure UE-V to roam Windows desktop and application data only, change the following group policies:
-- Disable “Roam Windows settings” group policy
+- Disable "Roam Windows settings" group policy
-- Enable “Do not synchronize Windows Apps” group policy
+- Enable "Do not synchronize Windows Apps" group policy
-For more information about using UE-V with Enterprise State Roaming, see [Settings and data roaming FAQ](/azure/active-directory/devices/enterprise-state-roaming-faqs#what-are-the-options-for-roaming-settings-for-existing-windows-desktop-applications).
+For more information about using UE-V with Enterprise State Roaming, see [Settings and data roaming FAQ](/azure/active-directory/devices/enterprise-state-roaming-faqs#what-are-the-roaming-settings-options-for-existing-windows-desktop-applications-).
Additionally, to enable Windows 10 and UE-V to work together, configure these policy settings in the Microsoft User Experience Virtualization node:
-- Enable “Do Not Synchronize Windows Apps”
+- Enable "Do Not Synchronize Windows Apps"
-- Disable “Sync Windows Settings”
+- Disable "Sync Windows Settings"
## Settings Synchronization Behavior Changed in UE-V for Windows 10
-While earlier versions of UE-V roamed taskbar settings between Windows 10 devices, UE-V for Windows 10, version 1607 does not synchronize taskbar settings between devices running Windows 10 and devices running previous versions of Windows.
+While earlier versions of UE-V roamed taskbar settings between Windows 10 devices, UE-V for Windows 10, version 1607 doesn't synchronize taskbar settings between devices running Windows 10 and devices running previous versions of Windows.
In addition, UE-V for Windows has removed support for the Windows calculator application.
-The Windows modern apps settings (DontSyncWindows8AppSettings) group policy is enabled by default and therefore, modern apps will not roam unless this policy is changed to disabled.
+The Windows modern apps settings (DontSyncWindows8AppSettings) group policy is enabled by default and therefore, modern apps won't roam unless this policy is changed to disabled.
-Please note, UE-V will roam any AppX apps that use the WinRT settings roaming API, provided that they have been opted in to roam at the time of development by the developer so there is no definitive list.
+> [!NOTE]
+> UE-V will roam any AppX apps that use the WinRT settings roaming API, if they've been opted in to roam at the time of development by the developer so there is no definitive list.
## Support Added for Roaming Network Printers
@@ -99,27 +98,25 @@ Printer roaming in UE-V requires one of these scenarios:
- The printer driver can be imported from Windows Update.
-> **Note** The UE-V printer roaming feature does not roam printer settings or preferences, such as printing double-sided.
+> [!Note]
+> The UE-V printer roaming feature doesn't roam printer settings or preferences, such as printing double-sided.
## Office 2016 Settings Location Template
-UE-V for Windows 10, version 1607 includes the Microsoft Office 2016 settings location template with improved Outlook signature support. We’ve added synchronization of default signature settings for new, reply, and forwarded emails. Users no longer have to choose the default signature settings.
+UE-V for Windows 10, version 1607 includes the Microsoft Office 2016 settings location template with improved Outlook signature support. We've added synchronization of default signature settings for new, reply, and forwarded emails. Users no longer have to choose the default signature settings.
-> **Note** An Outlook profile must be created on any device on which a user wants to synchronize their Outlook signature. If the profile is not already created, the user can create one and then restart Outlook on that device to enable signature synchronization.
+> [!Note]
+> An Outlook profile must be created on any device on which a user wants to synchronize their Outlook signature. If the profile is not already created, the user can create one and then restart Outlook on that device to enable signature synchronization.
-UE-V works with Office 365 to determine whether Office 2016 settings are roamed by Office 365. If settings are roamed by Office 365, they are not roamed by UE-V. See [Overview of user and roaming settings for Microsoft Office](/previous-versions/office/office-2013-resource-kit/jj733593(v=office.15)) for more information.
+UE-V works with Office 365 to determine whether Office 2016 settings are roamed by Office 365. If settings are roamed by Office 365, they aren't roamed by UE-V. For more information, see [Overview of user and roaming settings for Microsoft Office](/previous-versions/office/office-2013-resource-kit/jj733593(v=office.15)).
-To enable settings synchronization using UE-V, do one of the following:
+To enable settings synchronization using UE-V, do one of the following steps:
- Use Group Policy to disable Office 365 synchronization
-- Do not enable the Office 365 synchronization experience during Office 2013 installation
-
-UE-V includes Office 2016, Office 2013, and Office 2010 templates. Office 2007 templates are no longer supported. Users can still use Office 2007 templates from UE-V 2.0 or earlier and can still get templates from the [User Experience Virtualization Template Gallery](https://gallery.technet.microsoft.com/site/search?f%5B0%5D.Type=RootCategory&f%5B0%5D.Value=UE-V&f%5B0%5D.Text=UE-V).
-
-
-
+- Don't enable the Office 365 synchronization experience during Office 2013 installation
+UE-V includes Office 2016, Office 2013, and Office 2010 templates.
## Related topics
diff --git a/windows/configuration/ue-v/uev-working-with-custom-templates-and-the-uev-generator.md b/windows/configuration/ue-v/uev-working-with-custom-templates-and-the-uev-generator.md
index bbbe078c55..f857c6ac20 100644
--- a/windows/configuration/ue-v/uev-working-with-custom-templates-and-the-uev-generator.md
+++ b/windows/configuration/ue-v/uev-working-with-custom-templates-and-the-uev-generator.md
@@ -1,10 +1,7 @@
---
title: Working with Custom UE-V Templates and the UE-V Template Generator
-description: Create your own custom settings location templates by working with Custom User Experience Virtualization (UE-V) Templates and the UE-V Template Generator.
+description: Create your own custom settings location templates by working with Custom User Experience Virtualization (UE-V) Templates and the UE-V Template Generator.
author: aczechowski
-ms.pagetype: mdop, virtualization
-ms.mktglfcycl: deploy
-ms.sitesec: library
ms.prod: w10
ms.date: 04/19/2017
ms.reviewer:
@@ -17,11 +14,11 @@ ms.topic: article
# Working with custom UE-V templates and the UE-V template generator
**Applies to**
-- Windows 10, version 1607
+- Windows 10
-User Experience Virtualization (UE-V) uses XML files called ***settings location templates*** to monitor and synchronize application settings and Windows settings between user devices. By default, some settings location templates are included in UE-V. However, if you want to synchronize settings for desktop applications other than those included in the default templates, you can create your own custom settings location templates with the UE-V template generator. You can also edit or validate custom settings location templates with the UE-V template generator.
+User Experience Virtualization (UE-V) uses XML files called ***settings location templates*** to monitor and synchronize application settings and Windows settings between user devices. By default, some settings location templates are included in UE-V. However, if you want to synchronize settings for desktop applications other than those settings included in the default templates, you can create your own custom settings location templates with the UE-V template generator. You can also edit or validate custom settings location templates with the UE-V template generator.
-Use the UE-V template generator to monitor, discover, and capture the locations where Win32 applications store settings. The template generator does not create settings location templates for the following types of applications:
+Use the UE-V template generator to monitor, discover, and capture the locations where Win32 applications store settings. The template generator doesn't create settings location templates for the following types of applications:
- Virtualized applications
- Applications that are offered through Terminal Services
@@ -36,13 +33,13 @@ Discovered settings are grouped into two categories: **Standard** and **Non-stan
The UE-V template generator opens the application as part of the discovery process. The generator can capture settings in the following locations:
-- **Registry Settings** – Registry locations under **HKEY\_CURRENT\_USER**
+- **Registry Settings** - Registry locations under **HKEY\_CURRENT\_USER**
-- **Application Settings Files** – Files that are stored under \\ **Users** \\ \[User name\] \\ **AppData** \\ **Roaming**
+- **Application Settings Files** - Files that are stored under \\ **Users** \\ \[User name\] \\ **AppData** \\ **Roaming**
-The UE-V template generator excludes locations, which commonly store application software files, but do not synchronize well between user computers or environments. The UE-V template generator excludes these locations. Excluded locations are as follows:
+The UE-V template generator excludes locations, which commonly store application software files, but don't synchronize well between user computers or environments. The UE-V template generator excludes these locations. Excluded locations are as follows:
-- HKEY\_CURRENT\_USER registry keys and files to which the logged-on user cannot write values
+- HKEY\_CURRENT\_USER registry keys and files to which the logged-on user can't write values
- HKEY\_CURRENT\_USER registry keys and files that are associated with the core functionality of the Windows operating system
@@ -60,7 +57,7 @@ If registry keys and files that are stored in these locations are required to sy
Use the UE-V template generator to edit settings location templates. When the revised settings are added to the templates with the UE-V template generator, the version information within the template is automatically updated to ensure that any existing templates that are deployed in the enterprise are updated correctly.
-**To edit a UE-V settings location template with the UE-V template generator**
+### To edit a UE-V settings location template with the UE-V template generator
1. Open the **Start** menu and navigate to **Windows Kits** > **Microsoft User Experience Virtualization (UE-V) Template Generator** to open the template generator.
@@ -94,7 +91,7 @@ Use the UE-V template generator to edit settings location templates. When the re
After you edit the settings location template for an application, you should test the template. Deploy the revised settings location template in a lab environment before you put it into production in the enterprise.
-**How to manually edit a settings location template**
+### How to manually edit a settings location template
1. Create a local copy of the settings location template .xml file. UE-V settings location templates are .xml files that identify the locations where application store settings values.
@@ -111,14 +108,13 @@ Use the UE-V template generator to edit settings location templates. When the re
6. Validate the modified settings location template file by using the UE-V template generator.
-7. You must register the edited UE-V settings location template before it can synchronize settings between client computers. To register a template, open Windows PowerShell, and then run the following cmdlet: `update-uevtemplate [templatefilename]`. You can then copy the file to the settings storage catalog. The UE-V Agent on users’ computers should then update as scheduled in the scheduled task.
+7. You must register the edited UE-V settings location template before it can synchronize settings between client computers. To register a template, open Windows PowerShell, and then run the following cmdlet: `update-uevtemplate [templatefilename]`. You can then copy the file to the settings storage catalog. The UE-V Agent on users' computers should then update as scheduled in the scheduled task.
## Validate settings location templates with the UE-V template generator
+It's possible to create or edit settings location templates in an XML editor without using the UE-V template generator. If you do, you can use the UE-V template generator to validate that the new or revised XML matches the schema that has been defined for the template.
-It is possible to create or edit settings location templates in an XML editor without using the UE-V template generator. If you do, you can use the UE-V template generator to validate that the new or revised XML matches the schema that has been defined for the template.
-
-**To validate a UE-V settings location template with the UE-V template generator**
+To validate a UE-V settings location template with the UE-V template generator:
1. Open the **Start** menu and navigate to **Windows Kits** > **Microsoft User Experience Virtualization (UE-V) Template Generator** to open the template generator.
@@ -132,35 +128,23 @@ It is possible to create or edit settings location templates in an XML editor wi
After you validate the settings location template for an application, you should test the template. Deploy the template in a lab environment before you put it into a production environment in enterprise.
+## Next steps
+
## Share settings location templates with the Template Gallery
The [User Experience Virtualization Template Gallery](https://gallery.technet.microsoft.com/site/search?f%5B0%5D.Type=RootCategory&f%5B0%5D.Value=UE-V&f%5B0%5D.Text=UE-V) enables administrators to share their UE-V settings location templates. Upload your settings location templates to the gallery for other users to use, and download templates that other users have created.
-Before you share a settings location template on the UE-V template gallery, ensure it does not contain any personal or company information. You can use any XML viewer to open and view the contents of a settings location template file. The following template values should be reviewed before you share a template with anyone outside your company.
+Before you share a settings location template on the UE-V template gallery, ensure it doesn't contain any personal or company information. You can use any XML viewer to open and view the contents of a settings location template file. The following template values should be reviewed before you share a template with anyone outside your company.
- Template Author Name – Specify a general, non-identifying name for the template author name or exclude this data from the template.
- Template Author Email – Specify a general, non-identifying template author email or exclude this data from the template.
-Before you deploy any settings location template that you have downloaded from the UE-V gallery, you should first test the template to ensure that the application settings synchronize settings correctly in a test environment.
-
-
-
-
+Before you deploy any settings location template that you've downloaded from the UE-V gallery, you should first test the template to ensure that the application settings synchronize settings correctly in a test environment.
## Related topics
-
[Administering UE-V](uev-administering-uev.md)
[Use UE-V with custom applications](uev-deploy-uev-for-custom-applications.md)
-
-
-
-
-
-
-
-
-
diff --git a/windows/configuration/wcd/wcd-accountmanagement.md b/windows/configuration/wcd/wcd-accountmanagement.md
index ac4bac4e80..98aa47fcb1 100644
--- a/windows/configuration/wcd/wcd-accountmanagement.md
+++ b/windows/configuration/wcd/wcd-accountmanagement.md
@@ -2,8 +2,6 @@
title: AccountManagement (Windows 10)
description: This section describes the account management settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-accounts.md b/windows/configuration/wcd/wcd-accounts.md
index 25d47941a7..0186f5e66f 100644
--- a/windows/configuration/wcd/wcd-accounts.md
+++ b/windows/configuration/wcd/wcd-accounts.md
@@ -2,8 +2,6 @@
title: Accounts (Windows 10)
description: This section describes the account settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
@@ -45,8 +43,8 @@ Specifies the settings you can configure when joining a device to a domain, incl
| Account | String | Account to use to join computer to domain |
| AccountOU | Enter the full path for the organizational unit. For example: OU=testOU,DC=domain,DC=Domain,DC=com. | Name of organizational unit for the computer account |
| ComputerName | On desktop PCs, this setting specifies the DNS hostname of the computer (Computer Name) up to 63 characters. Use `%RAND:x%` to generate x number of random digits in the name, where x must be a number less than 63. For domain-joined computers, the unique name must use `%RAND:x%`. Use `%SERIAL%` to generate the name with the `computer's` serial number embedded. If the serial number exceeds the character limit, it will be truncated from the beginning of the sequence. The character restriction limit doesn't count the length of the macros, including `%RAND:x%` and `%SERIAL%`. This setting is supported only in Windows 10, version 1803 and later. To change this setting in Windows 10 version 1709 and earlier releases, use the **ComputerName** setting under **Accounts**. | Specifies the name of the Windows device (computer name on PCs) |
-| DomainName | String (cannot be empty) | Specify the name of the domain that the device will join |
-| Password | String (cannot be empty) | Corresponds to the password of the user account that's authorized to join the computer account to the domain. |
+| DomainName | String (can't be empty) | Specify the name of the domain that the device will join |
+| Password | String (can't be empty) | Corresponds to the password of the user account that's authorized to join the computer account to the domain. |
## Users
@@ -54,7 +52,7 @@ Use these settings to add local user accounts to the device.
| Setting | Value | Description |
| --- | --- | --- |
-| UserName | String (cannot be empty) | Specify a name for the local user account |
-| HomeDir | String (cannot be empty) | Specify the path of the home directory for the user |
-| Password | String (cannot be empty) | Specify the password for the user account |
-| UserGroup | String (cannot be empty) | Specify the local user group for the user |
+| UserName | String (can't be empty) | Specify a name for the local user account |
+| HomeDir | String (can't be empty) | Specify the path of the home directory for the user |
+| Password | String (can't be empty) | Specify the password for the user account |
+| UserGroup | String (can't be empty) | Specify the local user group for the user |
diff --git a/windows/configuration/wcd/wcd-admxingestion.md b/windows/configuration/wcd/wcd-admxingestion.md
index ae172dc1c5..80e83844b0 100644
--- a/windows/configuration/wcd/wcd-admxingestion.md
+++ b/windows/configuration/wcd/wcd-admxingestion.md
@@ -2,8 +2,6 @@
title: ADMXIngestion (Windows 10)
description: This section describes the ADMXIngestion settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-assignedaccess.md b/windows/configuration/wcd/wcd-assignedaccess.md
index 68825227e9..f7c184e359 100644
--- a/windows/configuration/wcd/wcd-assignedaccess.md
+++ b/windows/configuration/wcd/wcd-assignedaccess.md
@@ -2,8 +2,6 @@
title: AssignedAccess (Windows 10)
description: This section describes the AssignedAccess setting that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-browser.md b/windows/configuration/wcd/wcd-browser.md
index 5df5b2dfcd..df8f60051d 100644
--- a/windows/configuration/wcd/wcd-browser.md
+++ b/windows/configuration/wcd/wcd-browser.md
@@ -2,8 +2,6 @@
title: Browser (Windows 10)
description: This section describes the Browser settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
@@ -38,7 +36,7 @@ Select between **Prevent Pre-launching** and **Allow Pre-launching**.
Use to add items to the Favorites Bar in Microsoft Edge.
-1. Enter a name for the item, and select **Add**. (The name you enter here is only used to distinguish the group of settings, and is not shown on the device when the settings are applied.)
+1. Enter a name for the item, and select **Add**. (The name you enter here's only used to distinguish the group of settings, and isn't shown on the device when the settings are applied.)
2. In **Available customizations**, select the item that you added, and then configure the following settings for that item:
Setting | Description
@@ -55,7 +53,7 @@ To add a new item under the browser's **Favorites** list:
1. In the **Name** field, enter a friendly name for the item, and then click **Add**.
-2. In the **Available customizations** pane, select the friendly name that you just created, and in the text field, enter the URL for the item.
+2. In the **Available customizations** pane, select the friendly name that you created, and in the text field, enter the URL for the item.
For example, to include the corporate Web site to the list of browser favorites, a company called Contoso can specify **Contoso** as the value for the name and "" for the URL.
@@ -67,18 +65,18 @@ For example, to include the corporate Web site to the list of browser favorites,
Set the value to a character string that corresponds to the OEM's Partner Search Code. This identification code must match the one assigned to you by Microsoft.
-OEMs who are part of the program only have one PartnerSearchCode and this should be used for all Windows 10 for desktop editions images.
+OEMs who are part of the program only have one PartnerSearchCode which should be used for all Windows 10 for desktop editions images.
## SearchProviders
-Contains the settings you can use to configure the default and additional search providers.
+Contains the settings you can use to configure the default and other search providers.
### Default
-Use *Default* to specify a name that matches one of the search providers you enter in [SearchProviderList](#searchproviderlist). If you don't specify a default search provider, this will default to Microsoft Bing.
+Use *Default* to specify a name that matches one of the search providers you enter in [SearchProviderList](#searchproviderlist). If you don't specify a default search provider, this search provider will default to Microsoft Bing.
#### Specific region guidance
@@ -91,13 +89,13 @@ Some countries require specific, default search providers. The following table l
### SearchProviderList
-Use to specify a list of additional search providers.
+Use to specify a list of extra search providers.
1. In the **Name** field, enter a name for the item, and then click **Add**.
-2. In the **Available customizations** pane, select the name that you just created, and in the text field, enter the URL for the additional search provider.
+2. In the **Available customizations** pane, select the name that you created, and in the text field, enter the URL for the other search provider.
For example, to specify Yandex in Russia and Commonwealth of Independent States (CIS), set the value of URL to "https://yandex.ru/search/touch/?text={searchTerm}&clid=2234144".
-When configured with multiple search providers, the browser can display up to ten search providers.
+When configured with multiple search providers, the browser can display up to 10 search providers.
diff --git a/windows/configuration/wcd/wcd-cellcore.md b/windows/configuration/wcd/wcd-cellcore.md
index 6c94aa8796..f2f39286c3 100644
--- a/windows/configuration/wcd/wcd-cellcore.md
+++ b/windows/configuration/wcd/wcd-cellcore.md
@@ -2,8 +2,6 @@
title: CellCore (Windows 10)
description: This section describes the CellCore settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
@@ -15,46 +13,42 @@ manager: dougeby
# CellCore (Windows Configuration Designer reference)
->Setting documentation is provided for Windows 10, version 1803 and earlier. CellCore is not available in Windows 10, version 1809.
+>Setting documentation is provided for Windows 10, version 1803 and earlier. CellCore isn't available in Windows 10, version 1809.
Use to configure settings for cellular data.
>[!IMPORTANT]
->These settings are intended to be used only by manufacturers, mobile operators, and solution providers when configuring devices, and are not intended for use by administrators in the enterprise.
+>These settings are intended to be used only by manufacturers, mobile operators, and solution providers when configuring devices, and aren't intended for use by administrators in the enterprise.
## Applies to
-
- Setting groups | Windows client | Surface Hub | HoloLens | IoT Core
- --- | :---: | :---: | :---: | :---:
- PerDevice: [CellConfigurations](#cellconfigurations) | | | | |
- PerDevice: [CellData](#celldata) | ✔️ | ✔️ | |
- PerDevice: [CellUX](#cellux) | ✔️ | ✔️ | |
- PerDevice: [CGDual](#cgdual) | | | |
- PerDevice: [eSim](#esim) | ✔️ | ✔️ | |
- PerDevice: [External](#external) | | | |
- PerDevice: [General](#general) | | | |
- PerDevice: [RCS](#rcs) | | | |
- PerDevice: [SMS](#sms) | ✔️ | ✔️ | |
- PerDevice: [UIX](#uix) | | | |
- PerDevice: [UTK](#utk) | | | |
- PerlMSI: [CellData](#celldata2) | | | |
- PerIMSI: [CellUX](#cellux2) | | | |
- PerIMSI: [General](#general2) | | | |
- PerIMSI: [RCS](#rcs2) | | | |
- PerIMSI: [SMS](#sms2) | ✔️ | ✔️ | |
- PerIMSI: [UTK](#utk2) | | | |
- PerIMSI: [VoLTE](#volte) | | | |
-
+|Setting groups | Windows client | Surface Hub | HoloLens | IoT Core|
+|:---|:---:|:---:|:---:|:---:|
+|PerDevice: [CellConfigurations](#cellconfigurations)| | | | |
+|PerDevice: [CellData](#celldata) |✔️|✔️| | |
+|PerDevice: [CellUX](#cellux)| ✔️ |✔️| | |
+|PerDevice: [CGDual](#cgdual)| | | | |
+|PerDevice: [eSim](#esim) | ✔️ | ✔️ | | |
+|PerDevice: [External](#external) | | | | |
+|PerDevice: [General](#general) | | | | |
+|PerDevice: [RCS](#rcs)| | | | |
+|PerDevice: [SMS](#sms)| ✔️ | ✔️ | |
+|PerDevice: [UIX](#uix)| | | | |
+|PerDevice: [UTK](#utk)| | | | |
+|PerIMSI: [CellData](#celldata2)| | | | |
+|PerIMSI: [CellUX](#cellux2)| | | | |
+|PerIMSI: [General](#general2)| | | | |
+|PerIMSI: [RCS](#rcs2)| | | | |
+|PerIMSI: [SMS](#sms2)|✔️|✔️| | |
+|PerIMSI: [UTK](#utk2)| | | | |
+|PerIMSI: [VoLTE](#volte)| | | | |
## PerDevice
### CellConfigurations
-
-
1. In **CellConfiguration** > **PropertyGroups**, enter a name for the property group.
-2. Select the **PropertyGroups** you just created in the **Available customizations** pane and then enter a **PropertyName**.
-3. Select the **PropertyName** you just created in the **Available customizations** pane, and then select one of the following data types for the property:
+2. Select the **PropertyGroups** you created in the **Available customizations** pane and then enter a **PropertyName**.
+3. Select the **PropertyName** you created in the **Available customizations** pane, and then select one of the following data types for the property:
- Binary
- Boolean
- Integer
@@ -63,77 +57,75 @@ Use to configure settings for cellular data.
### CellData
-Setting | Description
---- | ---
-CellularFailover | Allow or disallow cellular data failover when in limited Wi-Fi connectivity. By default, if the phone is connected to a Wi-Fi network and the data connection to a site is unsuccessful due to limited Wi-Fi connectivity, the phone will complete the connection to the site using available cellular data networks (when possible) to provide an optimal user experience. When the customization is enabled, a user option to use or not use cellular data for limited Wi-Fi connectivity becomes visible in the **Settings** > **cellular+SIM** screen. This option is automatically set to **don’t use cellular data** when the customization is enabled.
-MaxNumberOfPDPContexts | Set a maximum value (1 through 4, inclusive, or 0x1 through 0x4 hexadecimal) for the number of simultaneous packet data protocol (PDP) contexts for 3GPP connections. By default, the OS enforces a maximum of four (4) simultaneous packet data protocol (PDP) contexts for 3GPP connections, and one (1) PDP context for 3GPP2 connections. You can set a different maximum value if required by their mobile operator. The same maximums apply for both roaming and non-roaming scenarios. This maximum does not include packet contexts used internally by the modem.
-ModemProfiles > LTEAttachGuids | Set the value for LTEAttachGuid to the OemConnectionId GUID used for the LTE attach profile in the modem. The value is a GUID in the string format *XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX*.
-PersistAtImaging > DisableAoAc | Enable or disable Always-on/Always-connected (AoAc) on the WWAN adapter.
-
+|Setting | Description|
+|:--- |:---|
+|CellularFailover | Allow or disallow cellular data failover when in limited Wi-Fi connectivity. By default, if the phone is connected to a Wi-Fi network and the data connection to a site is unsuccessful due to limited Wi-Fi connectivity, the phone will complete the connection to the site using available cellular data networks (when possible) to provide an optimal user experience. When the customization is enabled, a user option to use or not use cellular data for limited Wi-Fi connectivity becomes visible in the **Settings** > **cellular+SIM** screen. This option is automatically set to **don’t use cellular data** when the customization is enabled.|
+|MaxNumberOfPDPContexts | Set a maximum value (1 through 4, inclusive, or 0x1 through 0x4 hexadecimal) for the number of simultaneous packet data protocol (PDP) contexts for 3GPP connections. By default, the OS enforces a maximum of four (4) simultaneous packet data protocol (PDP) contexts for 3GPP connections, and one (1) PDP context for 3GPP2 connections. You can set a different maximum value if required by their mobile operator. The same maximums apply for both roaming and non-roaming scenarios. This maximum does not include packet contexts used internally by the modem.|
+|ModemProfiles > LTEAttachGuids | Set the value for LTEAttachGuid to the OemConnectionId GUID used for the LTE attach profile in the modem. The value is a GUID in the string format *XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX*.|
+|PersistAtImaging > DisableAoAc | Enable or disable Always-on/Always-connected (AoAc) on the WWAN adapter.|
### CellUX
-Setting | Description
---- | ---
-APNAuthTypeDefault | Select between **Pap** and **Chap** for default APN authentication type.
-APNIPTypeIfHidden | Select between **IPV4**, **IPV6**, **IPV4V6**, and **IPV4V6XLAT** for default APN IP type.
-Critical > ShowVoLTERoaming | Select **Yes** to show the VoLTE roaming control in the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to hide the control.
-Critical > ShowVoLTEToggle | Select **Yes** to show the VoLTE toggle in the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to hide the toggle.
-Disable2GByDefault | Select **Yes** to disable 2G by default. Select **No** to enable 2G.
-Disabled2GNoticeDescription | Enter text to customize the notification for disabled 2G.
-EmbeddedUiccSlotId | ID for embedded UICC (eUICC) slot.
-GenericWifiCallingErrorMessage | Enter text to customize the generic error message when a Wi-Fi calling error occurs.
-Hide3GPP2ModeSelection | Select **Yes** to hide the **CDMA** option in the network **Mode** selection drop-down menu. Select **No** to show the **CDMA** option.
-Hide3GPP2Selection | For 3GPP2 or CDMA phones, select **Yes** to hide the **Network Type** drop-down menu in the **SIM** settings screen. Select **No** to show **Network Type**.
-Hide3GPPNetworks | For 3GPP or GSM phones, select **Yes** to hide the **Network Type** drop-down menu in the **SIM settings** screen. Select **No** to show **Network Type**.
-HideAPN | Select **Yes** to hide the **add internet APN** button in the **SIM settings** screen. Select **No** to show **add internet APN**.
-HideAPNAuthType | Select **Yes** to hide the APN authentication selector. Select **No** to show the APN authentication selector.
-HideAPNIPType | Select **Yes** to hide the **IP type** list in the **internet APN** settings screen. Select **No** to show **IP type**.
-HideDisabled2GNotice | Select **Yes** to hide the notification for disabled 2G. Select **No** to show the notification for disabled 2G.
-HideHighestSpeed | Select **Yes** to hide the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show **Highest connection speed**.
-HideHighestSpeed2G | Select **Yes** to hide the 2G option on the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the 2G option.
-HideHighestSpeed3GOnly | Select **Yes** to hide the 3G option on the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the 3G option.
-HideHighestSpeed4G | Select **Yes** to hide the 4G option on the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the 4G option.
-HideHighestSpeed4G3GOnly | Select **Yes** to hide the 4G or 3G Only option on the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the 4G or 3G Only option.
-HideHighestSpeed4GOnly | Select **Yes** to hide the 4G Only option on the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the 4G Only option.
-HideLTEAttachAPN | Select **Yes** to hide the **LTE attach APN** button on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the **LTE attach APN** button.
-HideMMSAPN | Select **Yes** to hide the **add mms apn** button on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the **add mms apn** button.
-HideMMSAPNAuthType | Select **Yes** to hide the APN authentication type selector on the MMS APN page. Select **No** to show APN authentication selector.
-HideMMSAPNIPType | Select **Yes** to hide the APN IP type selector on the MMS APN page. Select **No** to show the APN IP type selector.
-HideModeSelection | Select **Yes** to hide the **Network Mode selection** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the **Network Mode selection**.
-HidePersoUnlock | Select **Yes** to hide the Perso unlock UI. Select **No** to show the Perso unlock UI.
-HighestSpeed2G | You can customize the listed names of the connection speeds with their own character codes. To modify "2G" to another character code, change the value of HighestSpeed2G. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.
-HighestSpeed3G | You can customize the listed names of the connection speeds with their own character codes. To modify "3G" to another character code, change the value of HighestSpeed3G. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.
-HighestSpeed3GOnly | You can customize the listed names of the connection speeds with their own character codes. To modify "3G Only" to another character code, change the value of HighestSpeed3GOnly. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.
-HighestSpeed3GPreferred | You can customize the listed names of the connection speeds with their own character codes. To modify "3G Preferred" to another character code, change the value of HighestSpeed3GPreferred. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.
-HighestSpeed4G | You can customize the listed names of the connection speeds with their own character codes. To modify "4G" to another character code, change the value of HighestSpeed4G. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.
-HighestSpeed4G3GOnly | You can customize the listed names of the connection speeds with their own character codes. To modify "4G or 3G Only" to another character code, change the value of HighestSpeed4G3GOnly. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.
-HighestSpeed4GOnly | You can customize the listed names of the connection speeds with their own character codes. To modify "4G Only" to another character code, change the value of HighestSpeed4GOnly. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.
-HighestSpeedTitle | You can customize the **Highest connection speed** drop-down label in the **Settings** > **Cellular+SIM** > **SIM** settings page. To change the Highest connection speed drop-down label, set HighestSpeedTitle to another string. For example, you can set this to "Preferred connection speed".
-IsATTSpecific | Control the roaming text for AT&T devices. AT&T requires the phone to show a particular roaming text to meet their legal and marketing guidelines. By default, if the user chooses **roam** under **Data roaming options** in the **Settings** > **Cellular+SIM** screen, they will see the following text: *Depending on your service agreement, you might pay more when using data roaming.* If you set IsATTSpecific to **Yes**, the following roaming text will be displayed instead: *International data roaming charges apply for data usage outside the United States, Puerto Rico, and United States Virgin Islands. Don’t allow roaming to avoid international data roaming charges.*
-LTEAttachGUID | Set the value for LTEAttachGuid to the OemConnectionId GUID used for the LTE attach profile in the modem. The value is a GUID in the string format *XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX*.
-MMSAPNAuthTypeDefault | Select between **Pap** and **Chap** for default MMS APN authentication type.
-MMSAPNIPTypeIfHidden | Select between **IPV4**, **IPV6**, **IPV4V6**, and **IPV4V6XLAT** for default MMS APN IP type.
-ShowExtendedRejectCodes | When a reject code is sent by the network, partners can specify that extended error messages should be displayed instead of the standard simple error messages. This customization is only intended for use when required by the mobile operator’s network. The short versions of the extended reject message are shown in the following screens:- Phone tile in Start- Call History screen- Dialer- Call Progress screen- Incoming Call screen- As the status string under Settings > cellular+SIMThe long version of the extended reject message is shown under the Active Network label in **Settings** > **cellular+SIM**. Select **Yes** to show the extended error message. Select **No** to hide the extended error message. See [Error messages for reject codes](#errorreject) to see the versions of the message.
-ShowHighestSpeed3GPreferred | Select **Yes** to show the **3G Preferred** option in the **Highest connection speed** drop-down menu. Select **No** to hide **3G Preferred**.
-ShowManualAvoidance | Select **Yes** to show the **Switch to next network manually** button in SIM settings when Mode Selection is CDMA on a C+G dual SIM phone. Select **No** to hide the **Switch to next network manually** button
-ShowPreferredPLMNPage | Select **Yes** to show the preferred public land mobile network (PLMN) page in SIM settings.
-ShowSpecificWifiCallingError | Select **Yes** to show a specific error message based on operator requirements.
-ShowViewAPN | Select **Yes** to show the **View Internet APN** button in **Settings** > **cellular+SIM**.
-ShowWifiCallingEmergencyCallWarning | Select **Yes** to show Wi-Fi emergency call warning.
-ShowWifiCallingError | Select **Yes** to show Wi-Fi calling error message.
-SlotSelectionSim1Name | Enter text for the name of SIM 1 in slot selection UI.
-SlotSelectionSim2Name | Enter text for the name of SIM 2 in slot selection UI.
-SuppressDePersoUI | Select **Yes** to hide the Perso unlock UI.
-
+|Setting | Description|
+|:- |:-|
+|APNAuthTypeDefault | Select between **Pap** and **Chap** for default APN authentication type.|
+|APNIPTypeIfHidden | Select between **IPV4**, **IPV6**, **IPV4V6**, and **IPV4V6XLAT** for default APN IP type.|
+|Critical > ShowVoLTERoaming | Select **Yes** to show the VoLTE roaming control in the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to hide the control.|
+|Critical > ShowVoLTEToggle | Select **Yes** to show the VoLTE toggle in the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to hide the toggle.|
+|Disable2GByDefault | Select **Yes** to disable 2G by default. Select **No** to enable 2G.|
+|Disabled2GNoticeDescription | Enter text to customize the notification for disabled 2G.|
+|EmbeddedUiccSlotId | ID for embedded UICC (eUICC) slot.|
+|GenericWifiCallingErrorMessage | Enter text to customize the generic error message when a Wi-Fi calling error occurs.|
+|Hide3GPP2ModeSelection | Select **Yes** to hide the **CDMA** option in the network **Mode** selection drop-down menu. Select **No** to show the **CDMA** option.|
+|Hide3GPP2Selection | For 3GPP2 or CDMA phones, select **Yes** to hide the **Network Type** drop-down menu in the **SIM** settings screen. Select **No** to show **Network Type**.|
+|Hide3GPPNetworks | For 3GPP or GSM phones, select **Yes** to hide the **Network Type** drop-down menu in the **SIM settings** screen. Select **No** to show **Network Type**.|
+|HideAPN | Select **Yes** to hide the **add internet APN** button in the **SIM settings** screen. Select **No** to show **add internet APN**.|
+|HideAPNAuthType | Select **Yes** to hide the APN authentication selector. Select **No** to show the APN authentication selector.|
+|HideAPNIPType | Select **Yes** to hide the **IP type** list in the **internet APN** settings screen. Select **No** to show **IP type**.|
+|HideDisabled2GNotice | Select **Yes** to hide the notification for disabled 2G. Select **No** to show the notification for disabled 2G.|
+|HideHighestSpeed | Select **Yes** to hide the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show **Highest connection speed**.|
+|HideHighestSpeed2G | Select **Yes** to hide the 2G option on the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the 2G option.|
+|HideHighestSpeed3GOnly | Select **Yes** to hide the 3G option on the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the 3G option.|
+|HideHighestSpeed4G | Select **Yes** to hide the 4G option on the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the 4G option.|
+|HideHighestSpeed4G3GOnly | Select **Yes** to hide the 4G or 3G Only option on the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the 4G or 3G Only option.|
+|HideHighestSpeed4GOnly | Select **Yes** to hide the 4G Only option on the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the 4G Only option.|
+|HideLTEAttachAPN | Select **Yes** to hide the **LTE attach APN** button on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the **LTE attach APN** button.|
+|HideMMSAPN | Select **Yes** to hide the **add mms apn** button on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the **add mms apn** button.|
+|HideMMSAPNAuthType | Select **Yes** to hide the APN authentication type selector on the MMS APN page. Select **No** to show APN authentication selector.|
+|HideMMSAPNIPType | Select **Yes** to hide the APN IP type selector on the MMS APN page. Select **No** to show the APN IP type selector.|
+|HideModeSelection | Select **Yes** to hide the **Network Mode selection** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the **Network Mode selection**.|
+|HidePersoUnlock | Select **Yes** to hide the Perso unlock UI. Select **No** to show the Perso unlock UI.|
+|HighestSpeed2G | You can customize the listed names of the connection speeds with their own character codes. To modify "2G" to another character code, change the value of HighestSpeed2G. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.|
+|HighestSpeed3G | You can customize the listed names of the connection speeds with their own character codes. To modify "3G" to another character code, change the value of HighestSpeed3G. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.|
+|HighestSpeed3GOnly | You can customize the listed names of the connection speeds with their own character codes. To modify "3G Only" to another character code, change the value of HighestSpeed3GOnly. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.|
+|HighestSpeed3GPreferred | You can customize the listed names of the connection speeds with their own character codes. To modify "3G Preferred" to another character code, change the value of HighestSpeed3GPreferred. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.|
+|HighestSpeed4G | You can customize the listed names of the connection speeds with their own character codes. To modify "4G" to another character code, change the value of HighestSpeed4G. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.|
+|HighestSpeed4G3GOnly | You can customize the listed names of the connection speeds with their own character codes. To modify "4G or 3G Only" to another character code, change the value of HighestSpeed4G3GOnly. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.|
+|HighestSpeed4GOnly | You can customize the listed names of the connection speeds with their own character codes. To modify "4G Only" to another character code, change the value of HighestSpeed4GOnly. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.|
+|HighestSpeedTitle | You can customize the **Highest connection speed** drop-down label in the **Settings** > **Cellular+SIM** > **SIM** settings page. To change the Highest connection speed drop-down label, set HighestSpeedTitle to another string. For example, you can set this to "Preferred connection speed".|
+|IsATTSpecific | Control the roaming text for AT&T devices. AT&T requires the phone to show a particular roaming text to meet their legal and marketing guidelines. By default, if the user chooses **roam** under **Data roaming options** in the **Settings** > **Cellular+SIM** screen, they will see the following text: *Depending on your service agreement, you might pay more when using data roaming.* If you set IsATTSpecific to **Yes**, the following roaming text will be displayed instead: *International data roaming charges apply for data usage outside the United States, Puerto Rico, and United States Virgin Islands. Don’t allow roaming to avoid international data roaming charges.*|
+|LTEAttachGUID | Set the value for LTEAttachGuid to the OemConnectionId GUID used for the LTE attach profile in the modem. The value is a GUID in the string format *XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX*.|
+|MMSAPNAuthTypeDefault | Select between **Pap** and **Chap** for default MMS APN authentication type.|
+|MMSAPNIPTypeIfHidden | Select between **IPV4**, **IPV6**, **IPV4V6**, and **IPV4V6XLAT** for default MMS APN IP type.|
+|ShowExtendedRejectCodes | When a reject code is sent by the network, partners can specify that extended error messages should be displayed instead of the standard simple error messages. This customization is only intended for use when required by the mobile operator’s network. The short versions of the extended reject message are shown in the following screens:- Phone tile in Start- Call History screen- Dialer- Call Progress screen- Incoming Call screen- As the status string under Settings > cellular+SIMThe long version of the extended reject message is shown under the Active Network label in **Settings** > **cellular+SIM**. Select **Yes** to show the extended error message. Select **No** to hide the extended error message. See [Error messages for reject codes](#errorreject) to see the versions of the message.|
+|ShowHighestSpeed3GPreferred | Select **Yes** to show the **3G Preferred** option in the **Highest connection speed** drop-down menu. Select **No** to hide **3G Preferred**.|
+|ShowManualAvoidance | Select **Yes** to show the **Switch to next network manually** button in SIM settings when Mode Selection is CDMA on a C+G dual SIM phone. Select **No** to hide the **Switch to next network manually** button.|
+|ShowPreferredPLMNPage | Select **Yes** to show the preferred public land mobile network (PLMN) page in SIM settings.|
+|ShowSpecificWifiCallingError | Select **Yes** to show a specific error message based on operator requirements.|
+|ShowViewAPN | Select **Yes** to show the **View Internet APN** button in **Settings** > **cellular+SIM**.|
+|ShowWifiCallingEmergencyCallWarning | Select **Yes** to show Wi-Fi emergency call warning.|
+|ShowWifiCallingError | Select **Yes** to show Wi-Fi calling error message.|
+|SlotSelectionSim1Name | Enter text for the name of SIM 1 in slot selection UI.|
+|SlotSelectionSim2Name | Enter text for the name of SIM 2 in slot selection UI.|
+|SuppressDePersoUI | Select **Yes** to hide the Perso unlock UI.|
### CGDual
-Use **CGDual** > **RestrictToGlobalMode** to configure settings for global mode on C+G Dual SIM phones. When the device registration changes, if the value for this setting is set, the OS changes the preferred system type to the default preferred system type for world mode. If the phone is not camped on any network, the OS assumes the phone is on the home network and changes the network registration preference to default mode.
+Use **CGDual** > **RestrictToGlobalMode** to configure settings for global mode on C+G Dual SIM phones. When the device registration changes, if the value for this setting is set, the OS changes the preferred system type to the default preferred system type for world mode. If the phone isn't camped on any network, the OS assumes the phone is on the home network and changes the network registration preference to default mode.
-Select from the following:
+Select from the following modes:
-- RestrictToGlobalMode_Disabled: the phone is not restricted to global mode.
+- RestrictToGlobalMode_Disabled: the phone isn't restricted to global mode.
- RestrictToGlobalMobe_Home: when a slot is registered at home and supports global mode, the mode selection is restricted to global mode.
- RestrictToGlobalMode_Always: if a slot supports global mode and this value is selected, the mode selection is restricted to global mode.
@@ -143,296 +135,274 @@ Configure **FwUpdate** > **AllowedAppIdList** to list apps that are allowed to u
### External
-Setting | Description
---- | ---
-CallSupplementaryService > OTASPNonStandardDialString | Enter a list of all desired non-standard OTASP dial strings.
-CarrierSpecific > FallBackMode | Select between **GWCSFB** and **1xCSFB** for fallback mode.
-CarrierSpecific > VZW > ActSeq | Enables activation for 4G VZW card. Do not configure this setting for non-VZW devices.
-EnableLTESnrReporting | Select between **Use only RSRP** and **Use both RSRP and ECNO** to check if SNR needs to be used for LTE Signal Quality calculations.
-EnableUMTSEcnoReporting | Select between **Use only RSSI** and **Use both RSSI and SNR** to check if SNR needs to be used for UMTS Signal Quality calculations.
-ImageOnly > ERI > AlgorithmMBB0 | Select between **Sprint** and **Verizon** to specify the ERI algorithm in MBB for subscription 0.
-ImageOnly > ERI > AlgorithmMBB1 | Select between **Sprint** and **Verizon** to specify the ERI algorithm in MBB for subscription 1.
-ImageOnly > ERI > AlgorithmWmRil | Select between **Sprint** and **Verizon** to specify the ERI-based notification algorithm.
-ImageOnly > ERI > DataFileNameWmRil | Specify the location of the ERI file on the device; for example, `C:\Windows\System32\SPCS_en.eri`. *SPCS_en.eri* is a placeholder. Obtain the ERI file name from the mobile operator and replace this filename with it.
-ImageOnly > ERI > EnabledWmRil | Enable or disable ERI-based notifications.
-ImageOnly > ERI > ERIDataFileNameMBB0 | Specify the ERI data file name with international roaming list for Verizon in MBB for subscription 0.
-ImageOnly > ERI > ERIDataFileNameMBB1 | Specify the ERI data file name with international roaming list for Verizon in MBB for subscription 1.
-ImageOnly > ERI > ERISprintIntlRoamDataFileNameMBB0 | Specify the ERI data file name with international roaming list for Sprint in MBB for subscription 0.
-ImageOnly > ERI > ERISprintIntlRoamDataFileNameMBB1 | Specify the ERI data file name with international roaming list for Sprint in MBB for subscription 1.
-ImageOnly > ERI > SprintInternationalERIValuesWmRil | Specify the international ERI values for Sprint as `to 4A,7C,7D,7E,9D,9E,9F,C1,C2,C3,C4,C5,C6,E4,E5,E6,E7,E8.`.
-ImageOnly > MTU > DormancyTimeout0 | Enter the number of milliseconds to wait after dormancy hint before telling the modem to make the air interface dormant for subscription 0. Minimum value is 1703, and maximum value is 5000.
-ImageOnly > MTU > DormancyTimeout1 | Enter the number of milliseconds to wait after dormancy hint before telling the modem to make the air interface dormant for subscription 1. Minimum value is 1703, and maximum value is 5000.
-ImageOnly > MTU > MTUDataSize | Customize the TCP maximum segment size (MSS) by setting the maximum transmission unit (MTU) data size if the MSS does not meet the requirements of the mobile operator network. For TCP, the default maximum transmission unit (MTU) is set to 1500 bytes, which makes the maximum segment size (MSS) 1460 bytes. In general, this value should not be changed, as the user experience will degrade if low values are set. However, if the MSS does not meet the requirements of the mobile operator network, OEMs can customize it by setting the MTU data size. This customization configures the MTU, so the size should be set to the required MSS size plus 40 bytes.
-ImageOnly > MTU > RoamingMTUDataSize | Customize the TCP maximum segment size (MSS) for roaming by setting the maximum transmission unit (MTU) data size if the MSS does not meet the requirements of the mobile operator network. For TCP, the default maximum transmission unit (MTU) is set to 1500 bytes, which makes the maximum segment size (MSS) 1460 bytes. In general, this value should not be changed, as the user experience will degrade if low values are set. However, if the MSS does not meet the requirements of the mobile operator network, OEMs can customize it for roaming by setting the MTU data size. This customization configures the MTU, so the size should be set to the required MSS size plus 40 bytes.
-ImageOnly > SuppressNwPSDetach | Configure whether to suppress reporting of network-initiated PS detach (appear attached to OS) until deregistered.
-SignalBarMapping Table | You can modify the percentage values used for the signal strength in the status bar per filter.
-SRVCCAutoToggleWmRil | Configure whether to link SRVCC to VOLTE on/off.
-
-
+|Setting |Description|
+|:--- |:---|
+|CallSupplementaryService > OTASPNonStandardDialString | Enter a list of all desired non-standard OTASP dial strings.|
+|CarrierSpecific > FallBackMode | Select between **GWCSFB** and **1xCSFB** for fallback mode.|
+|CarrierSpecific > VZW > ActSeq | Enables activation for 4G VZW card. Do not configure this setting for non-VZW devices.|
+|EnableLTESnrReporting | Select between **Use only RSRP** and **Use both RSRP and ECNO** to check if SNR needs to be used for LTE Signal Quality calculations.|
+|EnableUMTSEcnoReporting | Select between **Use only RSSI** and **Use both RSSI and SNR** to check if SNR needs to be used for UMTS Signal Quality calculations.|
+|ImageOnly > ERI > AlgorithmMBB0 | Select between **Sprint** and **Verizon** to specify the ERI algorithm in MBB for subscription 0.|
+|ImageOnly > ERI > AlgorithmMBB1 | Select between **Sprint** and **Verizon** to specify the ERI algorithm in MBB for subscription 1.|
+|ImageOnly > ERI > AlgorithmWmRil | Select between **Sprint** and **Verizon** to specify the ERI-based notification algorithm.|
+|ImageOnly > ERI > DataFileNameWmRil | Specify the location of the ERI file on the device; for example, `C:\Windows\System32\SPCS_en.eri`. *SPCS_en.eri* is a placeholder. Obtain the ERI file name from the mobile operator and replace this filename with it.|
+|ImageOnly > ERI > EnabledWmRil | Enable or disable ERI-based notifications.|
+|ImageOnly > ERI > ERIDataFileNameMBB0 | Specify the ERI data file name with international roaming list for Verizon in MBB for subscription 0.|
+|ImageOnly > ERI > ERIDataFileNameMBB1 | Specify the ERI data file name with international roaming list for Verizon in MBB for subscription 1.|
+|ImageOnly > ERI > ERISprintIntlRoamDataFileNameMBB0 | Specify the ERI data file name with international roaming list for Sprint in MBB for subscription 0.|
+|ImageOnly > ERI > ERISprintIntlRoamDataFileNameMBB1 | Specify the ERI data file name with international roaming list for Sprint in MBB for subscription 1.
+|ImageOnly > ERI > SprintInternationalERIValuesWmRil | Specify the international ERI values for Sprint as `to 4A,7C,7D,7E,9D,9E,9F,C1,C2,C3,C4,C5,C6,E4,E5,E6,E7,E8.`.|
+|ImageOnly > MTU > DormancyTimeout0 | Enter the number of milliseconds to wait after dormancy hint before telling the modem to make the air interface dormant for subscription 0. Minimum value is 1703, and maximum value is 5000.|
+|ImageOnly > MTU > DormancyTimeout1 | Enter the number of milliseconds to wait after dormancy hint before telling the modem to make the air interface dormant for subscription 1. Minimum value is 1703, and maximum value is 5000.|
+|ImageOnly > MTU > MTUDataSize | Customize the TCP maximum segment size (MSS) by setting the maximum transmission unit (MTU) data size if the MSS does not meet the requirements of the mobile operator network. For TCP, the default maximum transmission unit (MTU) is set to 1500 bytes, which makes the maximum segment size (MSS) 1460 bytes. In general, this value should not be changed, as the user experience will degrade if low values are set. However, if the MSS does not meet the requirements of the mobile operator network, OEMs can customize it by setting the MTU data size. This customization configures the MTU, so the size should be set to the required MSS size plus 40 bytes.|
+|ImageOnly > MTU > RoamingMTUDataSize | Customize the TCP maximum segment size (MSS) for roaming by setting the maximum transmission unit (MTU) data size if the MSS does not meet the requirements of the mobile operator network. For TCP, the default maximum transmission unit (MTU) is set to 1500 bytes, which makes the maximum segment size (MSS) 1460 bytes. In general, this value should not be changed, as the user experience will degrade if low values are set. However, if the MSS does not meet the requirements of the mobile operator network, OEMs can customize it for roaming by setting the MTU data size. This customization configures the MTU, so the size should be set to the required MSS size plus 40 bytes.|
+|ImageOnly > SuppressNwPSDetach | Configure whether to suppress reporting of network-initiated PS detach (appear attached to OS) until deregistered.|
+|SignalBarMapping Table | You can modify the percentage values used for the signal strength in the status bar per filter.|
+|SRVCCAutoToggleWmRil | Configure whether to link SRVCC to VOLTE on/off.|
### General
-Setting | Description
---- | ---
-atomicRoamingTableSettings3GPP | If you enable 3GPP roaming, configure the following settings:- **Exceptions** maps the SerialNumber key to the Exceptions value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "Exceptions" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (Exceptions). The data in the regvalue is a string representing an MCC-MNC pair, such as "410510" where 410 is the MCC and 510 is the MNC.- **HomePLMN** maps the SerialNumber key to the HomePLMN value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "HomePLMN" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (HomePLMN). The data in the regvalue is a string representing an MCC-MNC pair, such as "410510" where 410 is the MCC and 510 is the MNC.- **TargetImsi** maps the SerialNubmer key to the TargetIMSI value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "TargetImsi" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (TargetImsi). The data in the regvalue is a string representing an MCC-MNC pair, such as "410510" where 410 is the MCC and 510 is the MNC.
-atomicRoamingTableSettings3GPP2 | If you enable 3GPP2 roaming, configure the following settings:- **Home** maps the SerialNumber key to the Home value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "Home" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (Home). The data in the regvalue is a DWORD representing the Roaming Indicator. - **Roaming** maps the SerialNumber key to the Roaming value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "Roaming" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (Roaming). The data in the regvalue is a DWORD representing the Roaming Indicator.
-AvoidStayingInManualSelection | You can enable permanent automatic mode for mobile networks that require the cellular settings to revert to automatic network selection after the user has manually selected another network when roaming or out of range of the home network.
-CardAllowList | Define the list of SIM cards allowed in the first slot of a C+G dual SIM phone. This setting is used only if **CardLock** is set to allow it. If **CardLock** is not set, this list is ignored. To configure the list of SIM cards allowed in the first slot, set the value for CardAllowList to a comma-separated MCC:MNC list. You can also use wild cards, represented by an asterisk, to accept any value. For example, you can set the value to `310:410,311:*,404:012,310:70`.
-CardBlockList | Define the list of SIM cards that are not allowed in the first slot of a C+G dual SIM phone. This setting is used only if **CardLock** is set to allow it. If **CardLock** is not set, this list is ignored. To configure the list of SIM cards that are not allowed in the first slot, set the value for CardBlockList to a comma separated MCC:MNC list. You can also use wild cards, represented by an asterisk, to accept any value. For example, you can set the value to `310:410,311:*,404:012,310:70`.
-CardLock | Used to enforce either the card allow list or both the card allow and block lists on a C+G dual SIM phone.
-DefaultSlotAffinity | Set the data connection preference for:- **SlotAffinityForInternetData_Automatic**: data connection preference is automatically set- **SlotAffinityForInternetData_Slot0**: sets the data connection preference to Slot 0. The data connection cannot be edited by the user.- **SlotAffinityForInternetData_Slot1**: Sets the data connection preference to Slot 1. The data connection cannot be edited by the user.
-DisableLTESupportWhenRoaming | Set to **Yes** to disable LTE support when roaming.
-DisableSystemTypeSupport | Enter the system types to be removed.
-DTMFOffTime | Sets the length of time, in milliseconds (between 64 and 1000 inclusive), of the pause between DTMF digits. For example, a value of 120 specifies 0.12 seconds.
-DTMFOnTime | Sets the length of time, in milliseconds (between 64 and 1000 inclusive), to generate the DTMF tone when a key is pressed. For example, a value of 120 specifies 0.12 seconds.
-EnableIMSWhenRoaming | Set to **Yes** to enable IMS when roaming.
-ExcludedSystemTypesByDefault | Set the default value for **Highest connection speed** in the **Settings** > **Cellular & SIM** > **SIM** screen by specifying the bitmask for any combination of radio technology to be excluded from the default value. The connection speed that has not been excluded will show up as the highest connection speed. On dual SIM phones that only support up to 3G connection speeds, the **Highest connection speed** option is replaced by a 3G on/off toggle based on the per-device setting. Enter the binary setting to exclude 4G (`10000`) or 3G (`01000`).
-ExcludedSystemTypesPerOperator | Exclude specified system types from SIM cards that match the MCC:MNC pairs listed in **OperatorListForExcludedSystemTypes**. This setting is used only for China. Set the value to match the system type to be excluded. For more information about the RIL system types, see [RILSYSTEMTYPE](/previous-versions/windows/hardware/cellular/dn931143(v=vs.85)). For example, a value of 0x8 specifies RIL_SYSTEMTYPE_UMTS (3G) while 0x10 specifies RIL_SYSTEMTYPE_LTE (4G). To exclude more than one system type, perform a bitwise OR operation on the radio technologies you want to exclude. For example, a bitwise OR operation on RIL_SYSTEMTYPE_LTE (4G) and RIL_SYSTEMTYPE_UMTS (3G) results in the value 11000 (binary) or 0x18 (hexadecimal). In this case, the ExcludedSystemTypesPerOperator value must be set to 0x18 to limit the matching MCC:MNC pairs to 2G.
-LTEEnabled | Select **Yes** to enable LTE, and **No** to disable LTE.
-LTEForced | Select **Yes** to force LTE.
-ManualNetworkSelectionTimeout | Set the default network selection timeout value, in a range of 1-600 seconds. By default, the OS allows the phone to attempt registration on the manually selected network for 60 seconds (or 1 minute) before it switches back to automatic mode. This value is the amount of time that the OS will wait for the modem to register on the manually selected network. If the time lapses and the modem was not able to register on the network that was manually selected by the user, the OS will either switch back to the automatic network selection mode if Permanent automatic mode is enabled, and the user has manually selected a network or the modem was turned on, or display a dialog that notifies the user that the phone was unable to connect to the manually selected network after the phone was turned on or after airplane mode was turned off.
-NetworkSuffix | To meet branding requirements for some mobile operators, you can add a suffix to the network name that is displayed on the phone. For example, you can change from ABC to ABC 3G when under 3G coverage. This feature can be applied for any radio access technology (RAT). For TD-SCDMA RAT, a 3G suffix is always appended by default, but partners can also customize this the same way as with any other RAT. In the setting name, set SYSTEMTYPE to the network type that you want to append the network name to and click **Add**:- system type 4: 2G (GSM)- system type 8: 3G (UMTS)- system type 16: LTE- system type 32: 3G (TS-SCDMA)Select the system type that you added, and enter the network name and suffix that you want displayed.
-NitzFiltering | For mobile networks that can receive Network Identity and Time Zone (NITZ) information from multiple sources, partners can set the phone to ignore the time received from an LTE network. Time received from a CDMA network is not affected. Set the value of NitzFiltering to `0x10`.
-OperatorListForExcludedSystemTypes | Enter a comma-separated list of MCC and MNC (MCC:MNC) for which system types should be restricted. For mobile operators that require more control over the system types that their phones use to connect to the mobile operators' networks, OEMs can specify the MCC and MNC of other specific operators that the main mobile operator wishes to limit. If the UICC's MCC and MNC matches any of the pairs that OEMs can specify for the operator, a specified RIL system type will be removed from the UICC regardless of its app types, slot position, or executor mapping. This setting is used only for China. OEMs should not use this setting unless required by the mobile operator. Set the value of the OperatorListForExcludedSystemTypes setting a comma separated list of MCC:MNC pairs for which the system types should be restricted. For example, the value can be set to 310:026,310:030 to restrict operators with an MCC:MNC of 310:026 and 310:030.
-OperatorPreferredForFasterRadio | Set Issuer Identification Number (IIN) or partial ICCID of preferred operator for the faster radio. For mobile operators that require more control over the system types that their phones use to connect to the mobile operators' networks, OEMs can map a partial ICCID or an Industry Identification Number (IIN) to the faster radio regardless of which SIM card is chosen for data connectivity. This setting is used only for China. OEMs should not use this setting unless required by the mobile operator. To map a partial ICCID or an IIN to the faster radio regardless of which SIM card is chosen for data connectivity, set the value of OperatorPreferredForFasterRadio to match the IIN or the ICCID, up to 7 digits, of the preferred operator.
-PreferredDataProviderList | OEMs can set a list of MCC/MNC pairs for the purchase order (PO) carrier or primary operator. For mobile operators that require it, OEMs can set a list of MCC/MNC pairs for the purchase order (PO) carrier or primary operator so that it can be set as the default data line for phones that have a dual SIM. When the PO SIM is inserted into the phone, the OS picks the PO SIM as the data line and shows a notification to the user that the SIM has been selected for Internet data. If two PO SIMs are inserted, the OS will choose the first PO SIM that was detected as the default data line and the mobile operator action required dialogue (ARD) is shown. If two non-PO SIMs are inserted, the user is prompted to choose the SIM to use as the default data line. Note OEMs should not set this customization unless required by the mobile operator. To enumerate the MCC/MNC value pairs to use for data connections, set the value for **PreferredDataProviderList**. The value must be a comma-separated list of preferred MCC:MNC values. For example, the value can be 301:026,310:030 and so on.
-Slot2DisableAppsList | Disable specified apps from slot 2 on a C+G dual SIM phone. To disable a list of specified apps from Slot 2, set Slot2DisableAppsList to a comma-separated list of values representing the apps. For example, `4,6`.
-Slot2ExcludedSystemTypes | Exclude specified system types from SIM cards inserted in Slot 2. For mobile operators that require more control over the system types that their phones use to connect to the mobile operators' networks, OEMs can restrict the second slot in a dual-SIM phone regardless of what apps or executor mapping the second slot is associated with. Note This setting is used only for China. OEMs should not use this setting unless required by the mobile operator. To allow an operator to simply restrict the second slot in a dual SIM phone regardless of what apps or executor mapping the second slot is associated with, set the value of Slot2ExcludedSystemTypes to the system types to be excluded from the SIM cards inserted in Slot 2. For example, a value of 0x8 specifies RIL_SYSTEMTYPE_UMTS (3G) while 0x10 specifies RIL_SYSTEMTYPE_LTE (4G). To exclude more than one system type, perform a bitwise OR operation on the radio technologies you want to exclude. For example, a bitwise OR operation on RIL_SYSTEMTYPE_LTE (4G) and RIL_SYSTEMTYPE_UMTS (3G) results in the value 11000 (binary) or 0x18 (hexadecimal). In this case, any SIM inserted in Slot 2 will be limited to 2G. For more information about the RIL system types, see [RILSYSTEMTYPE](/previous-versions/windows/hardware/cellular/dn931143(v=vs.85)).
-SuggestDataRoamingARD | Use to show the data roaming suggestion dialog when roaming and the data roaming setting is set to no roaming.
-SuggestGlobalModeARD | Define whether Global Mode is suggested on a C+G dual SIM phone.
-SuggestGlobalModeTimeout | To specify the number of seconds to wait for network registration before suggesting global mode, set SuggestGlobalModeTimeout to a value between 1 and 600, inclusive. For example, to set the timeout to 60 seconds, set the value to 60 (decimal) or 0x3C (hexadecimal).
+|Setting | Description|
+|:---|:---|
+|atomicRoamingTableSettings3GPP | If you enable 3GPP roaming, configure the following settings:- **Exceptions** maps the SerialNumber key to the Exceptions value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "Exceptions" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (Exceptions). The data in the regvalue is a string representing an MCC-MNC pair, such as "410510" where 410 is the MCC and 510 is the MNC.- **HomePLMN** maps the SerialNumber key to the HomePLMN value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "HomePLMN" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (HomePLMN). The data in the regvalue is a string representing an MCC-MNC pair, such as "410510" where 410 is the MCC and 510 is the MNC.- **TargetImsi** maps the SerialNubmer key to the TargetIMSI value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "TargetImsi" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (TargetImsi). The data in the regvalue is a string representing an MCC-MNC pair, such as "410510" where 410 is the MCC and 510 is the MNC.|
+|atomicRoamingTableSettings3GPP2 | If you enable 3GPP2 roaming, configure the following settings:- **Home** maps the SerialNumber key to the Home value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "Home" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (Home). The data in the regvalue is a DWORD representing the Roaming Indicator. - **Roaming** maps the SerialNumber key to the Roaming value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "Roaming" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (Roaming). The data in the regvalue is a DWORD representing the Roaming Indicator.|
+|AvoidStayingInManualSelection | You can enable permanent automatic mode for mobile networks that require the cellular settings to revert to automatic network selection after the user has manually selected another network when roaming or out of range of the home network.|
+|CardAllowList | Define the list of SIM cards allowed in the first slot of a C+G dual SIM phone. This setting is used only if **CardLock** is set to allow it. If **CardLock** is not set, this list is ignored. To configure the list of SIM cards allowed in the first slot, set the value for CardAllowList to a comma-separated MCC:MNC list. You can also use wild cards, represented by an asterisk, to accept any value. For example, you can set the value to `310:410,311:*,404:012,310:70`.|
+|CardBlockList | Define the list of SIM cards that are not allowed in the first slot of a C+G dual SIM phone. This setting is used only if **CardLock** is set to allow it. If **CardLock** is not set, this list is ignored. To configure the list of SIM cards that are not allowed in the first slot, set the value for CardBlockList to a comma separated MCC:MNC list. You can also use wild cards, represented by an asterisk, to accept any value. For example, you can set the value to `310:410,311:*,404:012,310:70`. |
+|CardLock | Used to enforce either the card allow list or both the card allow and block lists on a C+G dual SIM phone. |
+|DefaultSlotAffinity | Set the data connection preference for:- **SlotAffinityForInternetData_Automatic**: data connection preference is automatically set- **SlotAffinityForInternetData_Slot0**: sets the data connection preference to Slot 0. The data connection cannot be edited by the user.- **SlotAffinityForInternetData_Slot1**: Sets the data connection preference to Slot 1. The data connection cannot be edited by the user.|
+|DisableLTESupportWhenRoaming | Set to **Yes** to disable LTE support when roaming.|
+|DisableSystemTypeSupport | Enter the system types to be removed.|
+|DTMFOffTime | Sets the length of time, in milliseconds (between 64 and 1000 inclusive), of the pause between DTMF digits. For example, a value of 120 specifies 0.12 seconds.|
+|DTMFOnTime | Sets the length of time, in milliseconds (between 64 and 1000 inclusive), to generate the DTMF tone when a key is pressed. For example, a value of 120 specifies 0.12 seconds.|
+|EnableIMSWhenRoaming | Set to **Yes** to enable IMS when roaming.|
+|ExcludedSystemTypesByDefault | Set the default value for **Highest connection speed** in the **Settings** > **Cellular & SIM** > **SIM** screen by specifying the bitmask for any combination of radio technology to be excluded from the default value. The connection speed that has not been excluded will show up as the highest connection speed. On dual SIM phones that only support up to 3G connection speeds, the **Highest connection speed** option is replaced by a 3G on/off toggle based on the per-device setting. Enter the binary setting to exclude 4G (`10000`) or 3G (`01000`).|
+|ExcludedSystemTypesPerOperator | Exclude specified system types from SIM cards that match the MCC:MNC pairs listed in **OperatorListForExcludedSystemTypes**. This setting is used only for China. Set the value to match the system type to be excluded. For more information about the RIL system types, see [RILSYSTEMTYPE](/previous-versions/windows/hardware/cellular/dn931143(v=vs.85)). For example, a value of 0x8 specifies RIL_SYSTEMTYPE_UMTS (3G) while 0x10 specifies RIL_SYSTEMTYPE_LTE (4G). To exclude more than one system type, perform a bitwise OR operation on the radio technologies you want to exclude. For example, a bitwise OR operation on RIL_SYSTEMTYPE_LTE (4G) and RIL_SYSTEMTYPE_UMTS (3G) results in the value 11000 (binary) or 0x18 (hexadecimal). In this case, the ExcludedSystemTypesPerOperator value must be set to 0x18 to limit the matching MCC:MNC pairs to 2G.|
+|LTEEnabled | Select **Yes** to enable LTE, and **No** to disable LTE.|
+|LTEForced | Select **Yes** to force LTE.|
+|ManualNetworkSelectionTimeout | Set the default network selection timeout value, in a range of 1-600 seconds. By default, the OS allows the phone to attempt registration on the manually selected network for 60 seconds (or 1 minute) before it switches back to automatic mode. This value is the amount of time that the OS will wait for the modem to register on the manually selected network. If the time lapses and the modem was not able to register on the network that was manually selected by the user, the OS will either switch back to the automatic network selection mode if Permanent automatic mode is enabled, and the user has manually selected a network or the modem was turned on, or display a dialog that notifies the user that the phone was unable to connect to the manually selected network after the phone was turned on or after airplane mode was turned off.|
+|NetworkSuffix | To meet branding requirements for some mobile operators, you can add a suffix to the network name that is displayed on the phone. For example, you can change from ABC to ABC 3G when under 3G coverage. This feature can be applied for any radio access technology (RAT). For TD-SCDMA RAT, a 3G suffix is always appended by default, but partners can also customize this the same way as with any other RAT. In the setting name, set SYSTEMTYPE to the network type that you want to append the network name to and click **Add**:- system type 4: 2G (GSM)- system type 8: 3G (UMTS)- system type 16: LTE- system type 32: 3G (TS-SCDMA)Select the system type that you added, and enter the network name and suffix that you want displayed.|
+|NitzFiltering | For mobile networks that can receive Network Identity and Time Zone (NITZ) information from multiple sources, partners can set the phone to ignore the time received from an LTE network. Time received from a CDMA network is not affected. Set the value of NitzFiltering to `0x10`. |
+|OperatorListForExcludedSystemTypes | Enter a comma-separated list of MCC and MNC (MCC:MNC) for which system types should be restricted. For mobile operators that require more control over the system types that their phones use to connect to the mobile operators' networks, OEMs can specify the MCC and MNC of other specific operators that the main mobile operator wishes to limit. If the UICC's MCC and MNC matches any of the pairs that OEMs can specify for the operator, a specified RIL system type will be removed from the UICC regardless of its app types, slot position, or executor mapping. This setting is used only for China. OEMs should not use this setting unless required by the mobile operator. Set the value of the OperatorListForExcludedSystemTypes setting a comma separated list of MCC:MNC pairs for which the system types should be restricted. For example, the value can be set to 310:026,310:030 to restrict operators with an MCC:MNC of 310:026 and 310:030.|
+|OperatorPreferredForFasterRadio | Set Issuer Identification Number (IIN) or partial ICCID of preferred operator for the faster radio. For mobile operators that require more control over the system types that their phones use to connect to the mobile operators' networks, OEMs can map a partial ICCID or an Industry Identification Number (IIN) to the faster radio regardless of which SIM card is chosen for data connectivity. This setting is used only for China. OEMs should not use this setting unless required by the mobile operator. To map a partial ICCID or an IIN to the faster radio regardless of which SIM card is chosen for data connectivity, set the value of OperatorPreferredForFasterRadio to match the IIN or the ICCID, up to 7 digits, of the preferred operator.|
+|PreferredDataProviderList | OEMs can set a list of MCC/MNC pairs for the purchase order (PO) carrier or primary operator. For mobile operators that require it, OEMs can set a list of MCC/MNC pairs for the purchase order (PO) carrier or primary operator so that it can be set as the default data line for phones that have a dual SIM. When the PO SIM is inserted into the phone, the OS picks the PO SIM as the data line and shows a notification to the user that the SIM has been selected for Internet data. If two PO SIMs are inserted, the OS will choose the first PO SIM that was detected as the default data line and the mobile operator action required dialogue (ARD) is shown. If two non-PO SIMs are inserted, the user is prompted to choose the SIM to use as the default data line. Note OEMs should not set this customization unless required by the mobile operator. To enumerate the MCC/MNC value pairs to use for data connections, set the value for **PreferredDataProviderList**. The value must be a comma-separated list of preferred MCC:MNC values. For example, the value can be 301:026,310:030 and so on.|
+|Slot2DisableAppsList | Disable specified apps from slot 2 on a C+G dual SIM phone. To disable a list of specified apps from Slot 2, set Slot2DisableAppsList to a comma-separated list of values representing the apps. For example, `4,6`.|
+|Slot2ExcludedSystemTypes | Exclude specified system types from SIM cards inserted in Slot 2. For mobile operators that require more control over the system types that their phones use to connect to the mobile operators' networks, OEMs can restrict the second slot in a dual-SIM phone regardless of what apps or executor mapping the second slot is associated with. Note This setting is used only for China. OEMs should not use this setting unless required by the mobile operator. To allow an operator to simply restrict the second slot in a dual SIM phone regardless of what apps or executor mapping the second slot is associated with, set the value of Slot2ExcludedSystemTypes to the system types to be excluded from the SIM cards inserted in Slot 2. For example, a value of 0x8 specifies RIL_SYSTEMTYPE_UMTS (3G) while 0x10 specifies RIL_SYSTEMTYPE_LTE (4G). To exclude more than one system type, perform a bitwise OR operation on the radio technologies you want to exclude. For example, a bitwise OR operation on RIL_SYSTEMTYPE_LTE (4G) and RIL_SYSTEMTYPE_UMTS (3G) results in the value 11000 (binary) or 0x18 (hexadecimal). In this case, any SIM inserted in Slot 2 will be limited to 2G. For more information about the RIL system types, see [RILSYSTEMTYPE](/previous-versions/windows/hardware/cellular/dn931143(v=vs.85)).|
+|SuggestDataRoamingARD | Use to show the data roaming suggestion dialog when roaming and the data roaming setting is set to no roaming.|
+|SuggestGlobalModeARD | Define whether Global Mode is suggested on a C+G dual SIM phone.|
+|SuggestGlobalModeTimeout | To specify the number of seconds to wait for network registration before suggesting global mode, set SuggestGlobalModeTimeout to a value between 1 and 600, inclusive. For example, to set the timeout to 60 seconds, set the value to 60 (decimal) or 0x3C (hexadecimal).|
### RCS
-Setting | Description
---- | ---
-SystemEnabled | Select **Yes** to specify that the system is RCS-enabled.
-UserEnabled | Select **Yes** to show the user setting if RCS is enabled on the device.
+|Setting | Description|
+|:---|:---|
+|SystemEnabled | Select **Yes** to specify that the system is RCS-enabled.|
+|UserEnabled | Select **Yes** to show the user setting if RCS is enabled on the device.|
### SMS
-| Setting | Description |
-|----------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| AckExpirySeconds | Set the value, in seconds, for how long to wait for a client ACK before trying to deliver. |
-| DefaultMCC | Set the default mobile country code (MCC). |
-| Encodings > GSM7BitEncodingPage | Enter the code page value for the 7-bit GSM default alphabet encoding. Values:- Code page value: 55000 (Setting value: 0xD6D8)(Code page: default alphabet)- Code page value: 55001 (Setting value: 0xD6D9)(Code page: GSM with single shift for Spanish)- Code page value: 55002 (Setting value: 0xD6DA)(Code page: GSM with single shift for Portuguese)- Code page value: 55003 (Setting value: 0xD6DB)(Code page: GSM with single shift for Turkish)- Code page value: 55004 (Setting value: 0xD6DC)(Code page: SMS Greek Reduction) |
-| Encodings > GSM8BitEncodingPage | Enter the code page value for GSM 8-bit encoding (OEM set). OEM-created code page IDs should be in the range 55050–55099. |
-| Encodings > OctetEncodingPage | Set the octet (binary) encoding. |
-| Encodings > SendUDHNLSS | Set the 7 bit GSM shift table encoding. |
-| Encodings > UseASCII | Set the 7 bit ASCII encoding. Used only for CDMA carriers that use 7-bit ASCII encoding instead of GSM 7-bit encoding. |
-| Encodings > UseKeyboardLangague | Set whether to use the keyboard language (Portuguese, Spanish, or Turkish) based encoding (set shift table based on keyboard language). |
-| IncompleteMsgDeliverySeconds | Set the value, in seconds, for long to wait for all parts of multisegment Sprint messages for concatenation. |
-| MessageExpirySeconds | Partners can set the expiration time before the phone deletes the received parts of a long SMS message. For example, if the phone is waiting for a three-part SMS message and the first part has been received, the first part will be deleted when the time expires and the other part of the message has not arrived. If the second part of the message arrives before the time expires, the first and second parts of the message will be deleted if the last part does not arrive after the time expires. The expiration time is reset whenever the next part of the long message is received. Set MessageExpirySeconds to the number seconds that the phone should wait before deleting the received parts of a long SMS messages. This value should be in hexadecimal and must be prefixed with 0x. The default value is 0x15180, which is equivalent to 1 day or 86,400 seconds. |
-| SmsFragmentLimit | Partners can specify a maximum length for SMS messages. This requires setting both the maximum number of SMS fragments per SMS message, from 1 to 255, and the maximum size in bytes of each SMS fragment, from 16 to 140 bytes. Use SmsFragmentLimit to set the maximum number of bytes in the user data body of an SMS message. You must set the value between 16 (0x10) and 140 (0x8C). You must also use SmsPageLimit to set the maximum number of segments in a concatenated SMS message. |
-| SmsPageLimit | Partners can specify a maximum length for SMS messages. This requires setting both the maximum number of SMS fragments per SMS message, from 1 to 255, and the maximum size in bytes of each SMS fragment, from 16 to 140 bytes. Use SmsPageLimit to set the maximum number of segments in a concatenated SMS message. You must set the value to 255 (0xFF) or smaller. You must also use SmsFragmentLimit to set the maximum number of bytes in the body of the SMS message. |
-| SmsStoreDeleteSize | Set the number of messages that can be deleted when a "message full" indication is received from the modem. |
-| SprintFragmentInfoInBody | Partners can enable the messaging client to allow users to enter more than 160 characters per message. Messages longer than 160 characters are sent as multiple SMS messages that contain a tag at the beginning of the message in the form "(1/2)", where the first number represents the segment or part number and the second number represents the total number of segments or parts. Multiple messages are limited to 6 total segments. When enabled, the user cannot enter more characters after the 6 total segments limit is reached. Any message received with tags at the beginning is recombined with its corresponding segments and shown as one composite message. |
-| Type3GPP > ErrorHandling > ErrorType | Enter a name for ERRORCODE3GPP, and click **Add**. Configure the error type that you added as **Transient Failure** or **Permanent Failure**. |
-| Type3GPP > ErrorHandling > FriendlyErrorClass | Enter a name for ERRORCODE3GPP, and click **Add**. Configure the error class that you added as **generic error**, **invalid recipient address**, or **network connectivity trouble**. |
-| Type3GPP > IMS > AttemptThresholdForIMS | Set the maximum number of tries to send SMS on IMS. |
-| Type3GPP > IMS > RetryEnabled | Configure whether to enable one automatic retry after failure to send over IMS. |
-| Type 3GPP > SmsUse16BitReferenceNumbers | Configure whether to use 8-bit or 16-bit message ID (reference number) in the UDH. |
-| Type3GPP2 > ErrorHandling > FriendlyErrorClass | Enter a name for ERRORCODE3GPP2, and click **Add**. Configure the error class that you added as **generic error**, **invalid recipient address**, or **network connectivity trouble**. |
-| Type3GPP2 > ErrorHandling > UseReservedAsPermanent | Set the 3GPP2 permanent error type. |
+|Setting |Description|
+|:--|:--|
+|AckExpirySeconds |Set the value, in seconds, for how long to wait for a client ACK before trying to deliver. |
+|DefaultMCC |Set the default mobile country code (MCC).|
+|Encodings > GSM7BitEncodingPage |Enter the code page value for the 7-bit GSM default alphabet encoding. Values:- Code page value: 55000 (Setting value: 0xD6D8)(Code page: default alphabet)- Code page value: 55001 (Setting value: 0xD6D9)(Code page: GSM with single shift for Spanish)- Code page value: 55002 (Setting value: 0xD6DA)(Code page: GSM with single shift for Portuguese)- Code page value: 55003 (Setting value: 0xD6DB)(Code page: GSM with single shift for Turkish)- Code page value: 55004 (Setting value: 0xD6DC)(Code page: SMS Greek Reduction)|
+|Encodings > GSM8BitEncodingPage|Enter the code page value for GSM 8-bit encoding (OEM set). OEM-created code page IDs should be in the range 55050–55099. |
+|Encodings > OctetEncodingPage |Set the octet (binary) encoding.|
+|Encodings > SendUDHNLSS |Set the 7 bit GSM shift table encoding.|
+|Encodings > UseASCII |Set the 7 bit ASCII encoding. Used only for CDMA carriers that use 7-bit ASCII encoding instead of GSM 7-bit encoding.|
+|Encodings > UseKeyboardLangague |Set whether to use the keyboard language (Portuguese, Spanish, or Turkish) based encoding (set shift table based on keyboard language).|
+|IncompleteMsgDeliverySeconds |Set the value, in seconds, for long to wait for all parts of multisegment Sprint messages for concatenation.|
+|MessageExpirySeconds|Partners can set the expiration time before the phone deletes the received parts of a long SMS message. For example, if the phone is waiting for a three-part SMS message and the first part has been received, the first part will be deleted when the time expires and the other part of the message has not arrived. If the second part of the message arrives before the time expires, the first and second parts of the message will be deleted if the last part does not arrive after the time expires. The expiration time is reset whenever the next part of the long message is received. Set MessageExpirySeconds to the number seconds that the phone should wait before deleting the received parts of a long SMS messages. This value should be in hexadecimal and must be prefixed with 0x. The default value is 0x15180, which is equivalent to 1 day or 86,400 seconds. |
+|SmsFragmentLimit |Partners can specify a maximum length for SMS messages. This requires setting both the maximum number of SMS fragments per SMS message, from 1 to 255, and the maximum size in bytes of each SMS fragment, from 16 to 140 bytes. Use SmsFragmentLimit to set the maximum number of bytes in the user data body of an SMS message. You must set the value between 16 (0x10) and 140 (0x8C). You must also use SmsPageLimit to set the maximum number of segments in a concatenated SMS message.|
+|SmsPageLimit |Partners can specify a maximum length for SMS messages. This requires setting both the maximum number of SMS fragments per SMS message, from 1 to 255, and the maximum size in bytes of each SMS fragment, from 16 to 140 bytes. Use SmsPageLimit to set the maximum number of segments in a concatenated SMS message. You must set the value to 255 (0xFF) or smaller. You must also use SmsFragmentLimit to set the maximum number of bytes in the body of the SMS message.|
+|SmsStoreDeleteSize |Set the number of messages that can be deleted when a "message full" indication is received from the modem. |
+|SprintFragmentInfoInBody |Partners can enable the messaging client to allow users to enter more than 160 characters per message. Messages longer than 160 characters are sent as multiple SMS messages that contain a tag at the beginning of the message in the form "(1/2)", where the first number represents the segment or part number and the second number represents the total number of segments or parts. Multiple messages are limited to 6 total segments. When enabled, the user cannot enter more characters after the 6 total segments limit is reached. Any message received with tags at the beginning is recombined with its corresponding segments and shown as one composite message. |
+|Type3GPP > ErrorHandling > ErrorType |Enter a name for ERRORCODE3GPP, and click **Add**. Configure the error type that you added as **Transient Failure** or **Permanent Failure**.|
+|Type3GPP > ErrorHandling > FriendlyErrorClass|Enter a name for ERRORCODE3GPP, and click **Add**. Configure the error class that you added as **generic error**, **invalid recipient address**, or **network connectivity trouble**.|
+|Type3GPP > IMS > AttemptThresholdForIMS |Set the maximum number of tries to send SMS on IMS.|
+|Type3GPP > IMS > RetryEnabled |Configure whether to enable one automatic retry after failure to send over IMS.|
+|Type 3GPP > SmsUse16BitReferenceNumbers |Configure whether to use 8-bit or 16-bit message ID (reference number) in the UDH.|
+|Type3GPP2 > ErrorHandling > FriendlyErrorClass |Enter a name for ERRORCODE3GPP2, and click **Add**. Configure the error class that you added as **generic error**, **invalid recipient address**, or **network connectivity trouble**.|
+|Type3GPP2 > ErrorHandling > UseReservedAsPermanent |Set the 3GPP2 permanent error type.|
### UIX
Setting | Description
---- | ---
+|:-|:--|
SIM1ToUIM1 | Used to show UIM1 as an alternate string instead of SIM1 for the first SIM on C+G dual SIM phones.
-SIMToSIMUIM | Partners can change the string "SIM" to "SIM/UIM" to accommodate scenarios such as Dual Mode cards of SIM cards on the phone. This can provide a better user experience for users in some markets. Enabling this customization changes all "SIM" strings to "SIM/UIM".
-
+SIMToSIMUIM | Partners can change the string "SIM" to "SIM/UIM" to accommodate scenarios such as Dual Mode cards of SIM cards on the phone. This scenario can provide a better experience for users in some markets. Enabling this customization changes all "SIM" strings to "SIM/UIM".
### UTK
-Setting | Description
---- | ---
-UIDefaultDuration | Specifies the default time, in milliseconds, that the DISPLAY TEXT, GET INKEY, PLAY TONE, or SELECT ITEM dialog should be displayed. The default value is 60000 milliseconds (60 seconds). The valid value range is 1-120000.
-UIGetInputDuration | Specifies the default time, in milliseconds, that the GET INPUT dialog should be displayed. The default value is 120000 milliseconds (120 seconds). The valid value range is 1-120000.
+|Setting |Description|
+|:-|:-|
+|UIDefaultDuration |Specifies the default time, in milliseconds, that the DISPLAY TEXT, GET INKEY, PLAY TONE, or SELECT ITEM dialog should be displayed. The default value is 60000 milliseconds (60 seconds). The valid value range is 1-120000.|
+|UIGetInputDuration |Specifies the default time, in milliseconds, that the GET INPUT dialog should be displayed. The default value is 120000 milliseconds (120 seconds). The valid value range is 1-120000.|
-
-
-
-## PerlMSI
+## PerIMSI
Enter an IMSI, click **Add**, and then select the IMSI that you added to configure the following settings.
-
-### CellData
+### CellData
-Setting | Description
---- | ---
-MaxNumberOfPDPContexts | OEMs can set a maximum value for the number of simultaneous packet data protocol (PDP) contexts for 3GPP connections. By default, the OS enforces a maximum of four (4) simultaneous packet data protocol (PDP) contexts for 3GPP connections, and one (1) PDP context for 3GPP2 connections. OEMs can set a different maximum value if required by their mobile operator. The same maximums apply for both roaming and non-roaming scenarios. This maximum does not include packet contexts used internally by the modem.
+|Setting |Description|
+|:--- |:---|
+|MaxNumberOfPDPContexts |OEMs can set a maximum value for the number of simultaneous packet data protocol (PDP) contexts for 3GPP connections. By default, the OS enforces a maximum of four (4) simultaneous packet data protocol (PDP) contexts for 3GPP connections, and one (1) PDP context for 3GPP2 connections. OEMs can set a different maximum value if required by their mobile operator. The same maximums apply for both roaming and non-roaming scenarios. This maximum does not include packet contexts used internally by the modem.|
+### CellUX
-
-### CellUX
+|Setting |Description|
+|:--- |:---|
+|APNIPTypeIfHidden |Used to set the default IP type shown in the **IP type** listbox on the **internet APN** settings screen.|
+|Critical > ShowVoLTERoaming | Use to show the IMS roaming control in the cellular settings page|
+|Critical > ShowVoLTEToggle | Show or hide VoLTE toggle.|
+|Critical > SwitchIMS | Switch IMS on or off with a toggle. OEMs can configure the default settings and toggle for IMS services to meet mobile operator requirements. Users can later manually change the default values for these settings if they choose to do so.|
+|Critical > SwitchSMSOverIMS | Switch SMS over IMS on or off when VoLTE is toggled.|
+|Critical > SwitchVideoOverIMS | Use to switch video over IMS when VoLTE is switched.|
+|Critical > SwitchVoiceOverIMS | Switch voice over IMS when VoLTE is toggled.|
+|Critical > SwitchXCAP | Use to switch the XML Configuration Access Protocol (XCAP) when VoLTE is enabled.|
+|Critical > VoLTERoamingOffDescription | Use to customize the description string that appears under IMS roaming control when IMS roaming is turned off. The string must not be longer than 127 characters. |
+|Critical > VoLTERoamingOnDescription | Use to customize the description string that appears under IMS roaming control when IMS roaming is turned on. The string must not be longer than 127 characters. |
+|Critical > VoLTERoamingSettingDisableDuringCall | Use to specify whether to grey out VoLTE roaming settings during an active VoLTE call.|
+|Critical > VoLTERoamingTitle | Use to customize the description string for the IMS roaming control. The string must not be longer than 127 characters. |
+|Critical > VoLTESectionTitle | Use to customize the section title for the IMS settings. he string must not be longer than 127 characters.|
+|Critical > VoLTESettingDisableDuringCall | Use to specify whether to grey out VoLTE-related settings during an active VoLTE call.|
+|Critical > VoLTEToggleDescription | Use to customize the VoLTE toggle description. To customize the VoLTE toggle description, set VoLTEToggleDescription to the name of the resource-only .dll file, specifying the string offset. For example: @DisplayStrings.dll,-101.|
+|Critical > VoLTEToggleSettingDisableDuringCall | Use to specify whether to grey out the VoLTE toggle during an active VoLTE call.|
+|Critical > VoLTEToggleTitle | Use to customize the VoLTE toggle label. To customize the VoLTE toggle label, set VoLTEToggleTitle to the name of the resource-only .dll file, specifying the string offset. For example: @DisplayStrings.dll,-102.|
+|Critical > WFCSettingDisableDuringCall | Use to specify whether to grey out the Wi-Fi calling settings during an active VoLTE call.|
+|Disable2GByDefault | Select **Yes** to disable 2G by default. Select **No** to enable 2G.|
+|Disabled2GNoticeDescription | Enter text to customize the notification for disabled 2G.|
+|GenericWifiCallingErrorMessage | Enter text to customize the generic error message when a Wi-Fi calling error occurs.|
+|Hide3GPP2ModeSelection | Select **Yes** to hide the **CDMA** option in the network **Mode** selection drop-down menu. Select **No** to show the **CDMA** option.|
+|Hide3GPP2Selection | For 3GPP2 or CDMA phones, select **Yes** to hide the **Network Type** drop-down menu in the **SIM** settings screen. Select **No** to show **Network Type**.|
+|Hide3GPPNetworks | For 3GPP or GSM phones, select **Yes** to hide the **Network Type** drop-down menu in the **SIM settings** screen. Select **No** to show **Network Type**.|
+|HideAPN | Select **Yes** to hide the **add internet APN** button in the **SIM settings** screen. Select **No** to show **add internet APN**.|
+|HideAPNIPType | Select **Yes** to hide the **IP type** list in the **internet APN** settings screen. Select **No** to show **IP type**.|
+|HideDisabled2GNotice | Select **Yes** to hide the notification for disabled 2G. Select **No** to show the notification for disabled 2G.|
+|HideHighestSpeed | Select **Yes** to hide the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show **Highest connection speed**.|
+|HideHighestSpeed2G | Select **Yes** to hide the 2G option on the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the 2G option.|
+|HideHighestSpeed3GOnly | Select **Yes** to hide the 3G option on the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the 3G option.|
+|HideHighestSpeed4G | Select **Yes** to hide the 4G option on the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the 4G option.|
+|HideHighestSpeed4G3GOnly | Select **Yes** to hide the 4G or 3G Only option on the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the 4G or 3G Only option.|
+|HideHighestSpeed4GOnly | Select **Yes** to hide the 4G Only option on the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the 4G Only option.|
+|HideLTEAttachAPN | Select **Yes** to hide the **LTE attach APN** button on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the **LTE attach APN** button.|
+|HideMMSAPN | Select **Yes** to hide the **add mms apn** button on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the **add mms apn** button.|
+|HideMMSAPNIPType | Select **Yes** to hide the APN IP type selector on the MMS APN page. Select **No** to show the APN IP type selector.|
+|HideModeSelection | Select **Yes** to hide the **Network Mode selection** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the **Network Mode selection**.|
+|HidePersoUnlock | Select **Yes** to hide the Perso unlock UI. Select **No** to show the Perso unlock UI. (Removed in Windows 10, version 1803.)|
+|HighestSpeed2G | You can customize the listed names of the connection speeds with their own character codes. To modify "2G" to another character code, change the value of HighestSpeed2G. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.|
+|HighestSpeed3G | You can customize the listed names of the connection speeds with their own character codes. To modify "3G" to another character code, change the value of HighestSpeed3G. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.|
+|HighestSpeed3GOnly | You can customize the listed names of the connection speeds with their own character codes. To modify "3G Only" to another character code, change the value of HighestSpeed3GOnly. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.|
+|HighestSpeed3GPreferred | You can customize the listed names of the connection speeds with their own character codes. To modify "3G Preferred" to another character code, change the value of HighestSpeed3GPreferred. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.|
+|HighestSpeed4G | You can customize the listed names of the connection speeds with their own character codes. To modify "4G" to another character code, change the value of HighestSpeed4G. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.|
+|HighestSpeed4G3GOnly | You can customize the listed names of the connection speeds with their own character codes. To modify "4G or 3G Only" to another character code, change the value of HighestSpeed4G3GOnly. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.|
+|HighestSpeed4GOnly | You can customize the listed names of the connection speeds with their own character codes. To modify "4G Only" to another character code, change the value of HighestSpeed4GOnly. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.|
+|HighestSpeedTitle | You can customize the **Highest connection speed** drop-down label in the **Settings** > **Cellular+SIM** > **SIM** settings page. To change the Highest connection speed drop-down label, set HighestSpeedTitle to another string. For example, you can set this to "Preferred connection speed".|
+|IsATTSpecific | Control the roaming text for AT&T devices. AT&T requires the phone to show a particular roaming text to meet their legal and marketing guidelines. By default, if the user chooses **roam** under **Data roaming options** in the **Settings** > **Cellular+SIM** screen, they will see the following text: *Depending on your service agreement, you might pay more when using data roaming.* If you set IsATTSpecific to **Yes**, the following roaming text will be displayed instead: *International data roaming charges apply for data usage outside the United States, Puerto Rico, and United States Virgin Islands. Don’t allow roaming to avoid international data roaming charges.*|
+|LTEAttachGUID | Set the value for LTEAttachGuid to the OemConnectionId GUID used for the LTE attach profile in the modem. The value is a GUID in the string format *XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX*.|
+|MMSAPNIPTypeIfHidden | Select between **IPV4**, **IPV6**, **IPV4V6**, and **IPV4V6XLAT** for default MMS APN IP type.|
+|ShowExtendedRejectCodes | When a reject code is sent by the network, partners can specify that extended error messages should be displayed instead of the standard simple error messages. This customization is only intended for use when required by the mobile operator’s network. The short versions of the extended reject message are shown in the following screens:- Phone tile in Start- Call History screen- Dialer- Call Progress screen- Incoming Call screen- As the status string under Settings > cellular+SIMThe long version of the extended reject message is shown under the Active Network label in **Settings** > **cellular+SIM**. Select **Yes** to show the extended error message. Select **No** to hide the extended error message. See [Error messages for reject codes](#errorreject) to see the versions of the message.|
+|ShowHighestSpeed3GPreferred | Select **Yes** to show the **3G Preferred** option in the **Highest connection speed** drop-down menu. Select **No** to hide **3G Preferred**.|
+|ShowManualAvoidance | Select **Yes** to show the **Switch to next network manually** button in SIM settings when Mode Selection is CDMA on a C+G dual SIM phone. Select **No** to hide the **Switch to next network manually** button.|
+|ShowPreferredPLMNPage | Select **Yes** to show the preferred public land mobile network (PLMN) page in SIM settings.|
+|ShowSpecificWifiCallingError | Select **Yes** to show a specific error message based on operator requirements.|
+|ShowViewAPN | Select **Yes** to show the **View Internet APN** button in **Settings** > **cellular+SIM**.|
+|ShowWifiCallingEmergencyCallWarning | Select **Yes** to show Wi-Fi emergency call warning.|
+|ShowWifiCallingError | Select **Yes** to show Wi-Fi calling error message.|
+|SlotSelectionSim1Name | Enter text for the name of SIM 1 in slot selection UI. (Removed in Windows 10, version 1803.)|
+|SlotSelectionSim2Name | Enter text for the name of SIM 2 in slot selection UI. (Removed in Windows 10, version 1803.)|
+|SuppressDePersoUI | Suppress DePerso UI to unlock Perso. (Removed in Windows 10, version 1803.)|
-Setting | Description
---- | ---
-APNIPTypeIfHidden | Used to set the default IP type shown in the **IP type** listbox on the **internet APN** settings screen.
-Critical > ShowVoLTERoaming | Use to show the IMS roaming control in the cellular settings page
-Critical > ShowVoLTEToggle | Show or hide VoLTE toggle.
-Critical > SwitchIMS | Switch IMS on or off with a toggle. OEMs can configure the default settings and toggle for IMS services to meet mobile operator requirements. Users can later manually change the default values for these settings if they choose to do so.
-Critical > SwitchSMSOverIMS | Switch SMS over IMS on or off when VoLTE is toggled.
-Critical > SwitchVideoOverIMS | Use to switch video over IMS when VoLTE is switched.
-Critical > SwitchVoiceOverIMS | Switch voice over IMS when VoLTE is toggled.
-Critical > SwitchXCAP | Use to switch the XML Configuration Access Protocol (XCAP) when VoLTE is enabled.
-Critical > VoLTERoamingOffDescription | Use to customize the description string that appears under IMS roaming control when IMS roaming is turned off. The string must not be longer than 127 characters.
-Critical > VoLTERoamingOnDescription | Use to customize the description string that appears under IMS roaming control when IMS roaming is turned on. The string must not be longer than 127 characters.
-Critical > VoLTERoamingSettingDisableDuringCall | Use to specify whether to grey out VoLTE roaming settings during an active VoLTE call.
-Critical > VoLTERoamingTitle | Use to customize the description string for the IMS roaming control. The string must not be longer than 127 characters.
-Critical > VoLTESectionTitle | Use to customize the section title for the IMS settings. he string must not be longer than 127 characters.
-Critical > VoLTESettingDisableDuringCall | Use to specify whether to grey out VoLTE-related settings during an active VoLTE call.
-Critical > VoLTEToggleDescription | Use to customize the VoLTE toggle description. To customize the VoLTE toggle description, set VoLTEToggleDescription to the name of the resource-only .dll file, specifying the string offset. For example: @DisplayStrings.dll,-101.
-Critical > VoLTEToggleSettingDisableDuringCall | Use to specify whether to grey out the VoLTE toggle during an active VoLTE call.
-Critical > VoLTEToggleTitle | Use to customize the VoLTE toggle label. To customize the VoLTE toggle label, set VoLTEToggleTitle to the name of the resource-only .dll file, specifying the string offset. For example: @DisplayStrings.dll,-102.
-Critical > WFCSettingDisableDuringCall | Use to specify whether to grey out the Wi-Fi calling settings during an active VoLTE call.
-Disable2GByDefault | Select **Yes** to disable 2G by default. Select **No** to enable 2G.
-Disabled2GNoticeDescription | Enter text to customize the notification for disabled 2G.
-GenericWifiCallingErrorMessage | Enter text to customize the generic error message when a Wi-Fi calling error occurs.
-Hide3GPP2ModeSelection | Select **Yes** to hide the **CDMA** option in the network **Mode** selection drop-down menu. Select **No** to show the **CDMA** option.
-Hide3GPP2Selection | For 3GPP2 or CDMA phones, select **Yes** to hide the **Network Type** drop-down menu in the **SIM** settings screen. Select **No** to show **Network Type**.
-Hide3GPPNetworks | For 3GPP or GSM phones, select **Yes** to hide the **Network Type** drop-down menu in the **SIM settings** screen. Select **No** to show **Network Type**.
-HideAPN | Select **Yes** to hide the **add internet APN** button in the **SIM settings** screen. Select **No** to show **add internet APN**.
-HideAPNIPType | Select **Yes** to hide the **IP type** list in the **internet APN** settings screen. Select **No** to show **IP type**.
-HideDisabled2GNotice | Select **Yes** to hide the notification for disabled 2G. Select **No** to show the notification for disabled 2G.
-HideHighestSpeed | Select **Yes** to hide the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show **Highest connection speed**.
-HideHighestSpeed2G | Select **Yes** to hide the 2G option on the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the 2G option.
-HideHighestSpeed3GOnly | Select **Yes** to hide the 3G option on the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the 3G option.
-HideHighestSpeed4G | Select **Yes** to hide the 4G option on the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the 4G option.
-HideHighestSpeed4G3GOnly | Select **Yes** to hide the 4G or 3G Only option on the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the 4G or 3G Only option.
-HideHighestSpeed4GOnly | Select **Yes** to hide the 4G Only option on the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the 4G Only option.
-HideLTEAttachAPN | Select **Yes** to hide the **LTE attach APN** button on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the **LTE attach APN** button.
-HideMMSAPN | Select **Yes** to hide the **add mms apn** button on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the **add mms apn** button.
-HideMMSAPNIPType | Select **Yes** to hide the APN IP type selector on the MMS APN page. Select **No** to show the APN IP type selector.
-HideModeSelection | Select **Yes** to hide the **Network Mode selection** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the **Network Mode selection**.
-HidePersoUnlock | Select **Yes** to hide the Perso unlock UI. Select **No** to show the Perso unlock UI. (Removed in Windows 10, version 1803.)
-HighestSpeed2G | You can customize the listed names of the connection speeds with their own character codes. To modify "2G" to another character code, change the value of HighestSpeed2G. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.
-HighestSpeed3G | You can customize the listed names of the connection speeds with their own character codes. To modify "3G" to another character code, change the value of HighestSpeed3G. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.
-HighestSpeed3GOnly | You can customize the listed names of the connection speeds with their own character codes. To modify "3G Only" to another character code, change the value of HighestSpeed3GOnly. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.
-HighestSpeed3GPreferred | You can customize the listed names of the connection speeds with their own character codes. To modify "3G Preferred" to another character code, change the value of HighestSpeed3GPreferred. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.
-HighestSpeed4G | You can customize the listed names of the connection speeds with their own character codes. To modify "4G" to another character code, change the value of HighestSpeed4G. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.
-HighestSpeed4G3GOnly | You can customize the listed names of the connection speeds with their own character codes. To modify "4G or 3G Only" to another character code, change the value of HighestSpeed4G3GOnly. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.
-HighestSpeed4GOnly | You can customize the listed names of the connection speeds with their own character codes. To modify "4G Only" to another character code, change the value of HighestSpeed4GOnly. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.
-HighestSpeedTitle | You can customize the **Highest connection speed** drop-down label in the **Settings** > **Cellular+SIM** > **SIM** settings page. To change the Highest connection speed drop-down label, set HighestSpeedTitle to another string. For example, you can set this to "Preferred connection speed".
-IsATTSpecific | Control the roaming text for AT&T devices. AT&T requires the phone to show a particular roaming text to meet their legal and marketing guidelines. By default, if the user chooses **roam** under **Data roaming options** in the **Settings** > **Cellular+SIM** screen, they will see the following text: *Depending on your service agreement, you might pay more when using data roaming.* If you set IsATTSpecific to **Yes**, the following roaming text will be displayed instead: *International data roaming charges apply for data usage outside the United States, Puerto Rico, and United States Virgin Islands. Don’t allow roaming to avoid international data roaming charges.*
-LTEAttachGUID | Set the value for LTEAttachGuid to the OemConnectionId GUID used for the LTE attach profile in the modem. The value is a GUID in the string format *XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX*.
-MMSAPNIPTypeIfHidden | Select between **IPV4**, **IPV6**, **IPV4V6**, and **IPV4V6XLAT** for default MMS APN IP type.
-ShowExtendedRejectCodes | When a reject code is sent by the network, partners can specify that extended error messages should be displayed instead of the standard simple error messages. This customization is only intended for use when required by the mobile operator’s network. The short versions of the extended reject message are shown in the following screens:- Phone tile in Start- Call History screen- Dialer- Call Progress screen- Incoming Call screen- As the status string under Settings > cellular+SIMThe long version of the extended reject message is shown under the Active Network label in **Settings** > **cellular+SIM**. Select **Yes** to show the extended error message. Select **No** to hide the extended error message. See [Error messages for reject codes](#errorreject) to see the versions of the message.
-ShowHighestSpeed3GPreferred | Select **Yes** to show the **3G Preferred** option in the **Highest connection speed** drop-down menu. Select **No** to hide **3G Preferred**.
-ShowManualAvoidance | Select **Yes** to show the **Switch to next network manually** button in SIM settings when Mode Selection is CDMA on a C+G dual SIM phone. Select **No** to hide the **Switch to next network manually** button
-ShowPreferredPLMNPage | Select **Yes** to show the preferred public land mobile network (PLMN) page in SIM settings.
-ShowSpecificWifiCallingError | Select **Yes** to show a specific error message based on operator requirements.
-ShowViewAPN | Select **Yes** to show the **View Internet APN** button in **Settings** > **cellular+SIM**.
-ShowWifiCallingEmergencyCallWarning | Select **Yes** to show Wi-Fi emergency call warning.
-ShowWifiCallingError | Select **Yes** to show Wi-Fi calling error message.
-SlotSelectionSim1Name | Enter text for the name of SIM 1 in slot selection UI. (Removed in Windows 10, version 1803.)
-SlotSelectionSim2Name | Enter text for the name of SIM 2 in slot selection UI. (Removed in Windows 10, version 1803.)
-SuppressDePersoUI | Suppress DePerso UI to unlock Perso. (Removed in Windows 10, version 1803.)
+### General
+|Setting |Description|
+|:--|:--|
+|atomicRoamingTableSettings3GPP |If you enable 3GPP roaming, configure the following settings:- **Exceptions** maps the SerialNumber key to the Exceptions value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "Exceptions" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (Exceptions). The data in the regvalue is a string representing an MCC-MNC pair, such as "410510" where 410 is the MCC and 510 is the MNC.- **HomePLMN** maps the SerialNumber key to the HomePLMN value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "HomePLMN" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (HomePLMN). The data in the regvalue is a string representing an MCC-MNC pair, such as "410510" where 410 is the MCC and 510 is the MNC.- **TargetImsi** maps the SerialNubmer key to the TargetIMSI value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "TargetImsi" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (TargetImsi). The data in the regvalue is a string representing an MCC-MNC pair, such as "410510" where 410 is the MCC and 510 is the MNC. |
+|atomicRoamingTableSettings3GPP2 |If you enable 3GPP2 roaming, configure the following settings:- **Home** maps the SerialNumber key to the Home value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "Home" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (Home). The data in the regvalue is a DWORD representing the Roaming Indicator. - **Roaming** maps the SerialNumber key to the Roaming value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "Roaming" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (Roaming). The data in the regvalue is a DWORD representing the Roaming Indicator. |
+|AvoidStayingInManualSelection |You can enable permanent automatic mode for mobile networks that require the cellular settings to revert to automatic network selection after the user has manually selected another network when roaming or out of range of the home network. |
+|CardAllowList |Define the list of SIM cards allowed in the first slot of a C+G dual SIM phone. This setting is used only if **CardLock** is set to allow it. If **CardLock** is not set, this list is ignored. To configure the list of SIM cards allowed in the first slot, set the value for CardAllowList to a comma-separated MCC:MNC list. You can also use wild cards, represented by an asterisk (*), to accept any value. For example, you can set the value to \`310:410,311:*,404:012,310:70\`.|
+|CardBlockList |Define the list of SIM cards that are not allowed in the first slot of a C+G dual SIM phone. This setting is used only if **CardLock** is set to allow it. If **CardLock** is not set, this list is ignored. To configure the list of SIM cards that are not allowed in the first slot, set the value for CardBlockList to a comma separated MCC:MNC list. You can also use wild cards, represented by an asterisk (*), to accept any value. For example, you can set the value to \`310:410,311:*,404:012,310:70\`. |
+|CardLock |Used to enforce either the card allow list or both the card allow and block lists on a C+G dual SIM phone. |
+|Critical > MultivariantProvisionedSPN |Used to change the default friendly SIM names in dual SIM phones. By default, the OS displays SIM 1 or SIM 2 as the default friendly name for the SIM in slot 1 or slot 2 if the service provider name (SPN) or mobile operator name has not been set. Partners can use this setting to change the default name read from the SIM to define the SPN for SIM cards that do not contain this information or to generate the default friendly name for the SIM. The OS uses the default value as the display name for the SIM or SPN in the Start screen and other parts of the UI including the SIM settings screen. For dual SIM phones that contain SIMs from the same mobile operator, the names that appear in the UI may be similar. See [Values for MultivariantProvisionedSPN](#spn).|
+|Critical > SimNameWithoutMSISDNENabled |Use this setting to remove the trailing MSISDN digits from the service provider name (SPN) in the phone UI. By default, the OS appends the trailing MSISDN digits to the service provider name (SPN) in the phone UI, including on the phone and messaging apps. If required by mobile operators, OEMs can use the SimNameWithoutMSISDNEnabled setting to remove the trailing MSISDN digits. However, you must use this setting together with **MultivariantProvisionedSPN** to suppress the MSISDN digits. |
+|DisableLTESupportWhenRoaming |Set to **Yes** to disable LTE support when roaming.|
+|EnableIMSWhenRoaming|Set to **Yes** to enable IMS when roaming.|
+|ExcludedSystemTypesByDefault |Set the default value for **Highest connection speed** in the **Settings** > **Cellular & SIM** > **SIM** screen by specifying the bitmask for any combination of radio technology to be excluded from the default value. The connection speed that has not been excluded will show up as the highest connection speed. On dual SIM phones that only support up to 3G connection speeds, the **Highest connection speed** option is replaced by a 3G on/off toggle based on the per-device setting. Enter the binary setting to exclude 4G (`10000`) or 3G (`01000`). |
+|LTEEnabled |Select **Yes** to enable LTE, and **No** to disable LTE. |
+|LTEForced |Select **Yes** to force LTE. |
+|NetworkSuffix |To meet branding requirements for some mobile operators, you can add a suffix to the network name that is displayed on the phone. For example, you can change from ABC to ABC 3G when under 3G coverage. This feature can be applied for any radio access technology (RAT). For TD-SCDMA RAT, a 3G suffix is always appended by default, but partners can also customize this the same way as with any other RAT. In the setting name, set SYSTEMTYPE to the network type that you want to append the network name to and click **Add**:- system type 4: 2G (GSM)- system type 8: 3G (UMTS)- system type 16: LTE- system type 32: 3G (TS-SCDMA)Select the system type that you added, and enter the network name and suffix that you want displayed.|
+|NitzFiltering |For mobile networks that can receive Network Identity and Time Zone (NITZ) information from multiple sources, partners can set the phone to ignore the time received from an LTE network. Time received from a CDMA network is not affected. Set the value of NitzFiltering to `0x10`.|
+|OperatorListForExcludedSystemTypes |Enter a comma-separated list of MCC and MNC (MCC:MNC) for which system types should be restricted. For mobile operators that require more control over the system types that their phones use to connect to the mobile operators' networks, OEMs can specify the MCC and MNC of other specific operators that the main mobile operator wishes to limit. If the UICC's MCC and MNC matches any of the pairs that OEMs can specify for the operator, a specified RIL system type will be removed from the UICC regardless of its app types, slot position, or executor mapping. This setting is used only for China. OEMs should not use this setting unless required by the mobile operator. Set the value of the OperatorListForExcludedSystemTypes setting a comma separated list of MCC:MNC pairs for which the system types should be restricted. For example, the value can be set to 310:026,310:030 to restrict operators with an MCC:MNC of 310:026 and 310:030. (Removed in Windows 10, version 1803.)|
+|OperatorPreferredForFasterRadio |Set Issuer Identification Number (IIN) or partial ICCID of preferred operator for the faster radio. For mobile operators that require more control over the system types that their phones use to connect to the mobile operators' networks, OEMs can map a partial ICCID or an Industry Identification Number (IIN) to the faster radio regardless of which SIM card is chosen for data connectivity. This setting is used only for China. OEMs should not use this setting unless required by the mobile operator. To map a partial ICCID or an IIN to the faster radio regardless of which SIM card is chosen for data connectivity, set the value of OperatorPreferredForFasterRadio to match the IIN or the ICCID, up to 7 digits, of the preferred operator. (Removed in Windows 10, version 1803.) |
+|SuggestDataRoamingARD |Use to show the data roaming suggestion dialog when roaming and the data roaming setting is set to no roaming. |
-
-
-
-### General
-
-| Setting | Description |
-|----------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| atomicRoamingTableSettings3GPP | If you enable 3GPP roaming, configure the following settings:- **Exceptions** maps the SerialNumber key to the Exceptions value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "Exceptions" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (Exceptions). The data in the regvalue is a string representing an MCC-MNC pair, such as "410510" where 410 is the MCC and 510 is the MNC.- **HomePLMN** maps the SerialNumber key to the HomePLMN value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "HomePLMN" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (HomePLMN). The data in the regvalue is a string representing an MCC-MNC pair, such as "410510" where 410 is the MCC and 510 is the MNC.- **TargetImsi** maps the SerialNubmer key to the TargetIMSI value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "TargetImsi" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (TargetImsi). The data in the regvalue is a string representing an MCC-MNC pair, such as "410510" where 410 is the MCC and 510 is the MNC. |
-| atomicRoamingTableSettings3GPP2 | If you enable 3GPP2 roaming, configure the following settings:- **Home** maps the SerialNumber key to the Home value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "Home" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (Home). The data in the regvalue is a DWORD representing the Roaming Indicator. - **Roaming** maps the SerialNumber key to the Roaming value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "Roaming" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (Roaming). The data in the regvalue is a DWORD representing the Roaming Indicator. |
-| AvoidStayingInManualSelection | You can enable permanent automatic mode for mobile networks that require the cellular settings to revert to automatic network selection after the user has manually selected another network when roaming or out of range of the home network. |
-| CardAllowList | Define the list of SIM cards allowed in the first slot of a C+G dual SIM phone. This setting is used only if **CardLock** is set to allow it. If **CardLock** is not set, this list is ignored. To configure the list of SIM cards allowed in the first slot, set the value for CardAllowList to a comma-separated MCC:MNC list. You can also use wild cards, represented by an asterisk (*), to accept any value. For example, you can set the value to \`310:410,311:*,404:012,310:70\`. |
-| CardBlockList | Define the list of SIM cards that are not allowed in the first slot of a C+G dual SIM phone. This setting is used only if **CardLock** is set to allow it. If **CardLock** is not set, this list is ignored. To configure the list of SIM cards that are not allowed in the first slot, set the value for CardBlockList to a comma separated MCC:MNC list. You can also use wild cards, represented by an asterisk (*), to accept any value. For example, you can set the value to \`310:410,311:*,404:012,310:70\`. |
-| CardLock | Used to enforce either the card allow list or both the card allow and block lists on a C+G dual SIM phone. |
-| Critical > MultivariantProvisionedSPN | Used to change the default friendly SIM names in dual SIM phones. By default, the OS displays SIM 1 or SIM 2 as the default friendly name for the SIM in slot 1 or slot 2 if the service provider name (SPN) or mobile operator name has not been set. Partners can use this setting to change the default name read from the SIM to define the SPN for SIM cards that do not contain this information or to generate the default friendly name for the SIM. The OS uses the default value as the display name for the SIM or SPN in the Start screen and other parts of the UI including the SIM settings screen. For dual SIM phones that contain SIMs from the same mobile operator, the names that appear in the UI may be similar. See [Values for MultivariantProvisionedSPN](#spn). |
-| Critical > SimNameWithoutMSISDNENabled | Use this setting to remove the trailing MSISDN digits from the service provider name (SPN) in the phone UI. By default, the OS appends the trailing MSISDN digits to the service provider name (SPN) in the phone UI, including on the phone and messaging apps. If required by mobile operators, OEMs can use the SimNameWithoutMSISDNEnabled setting to remove the trailing MSISDN digits. However, you must use this setting together with **MultivariantProvisionedSPN** to suppress the MSISDN digits. |
-| DisableLTESupportWhenRoaming | Set to **Yes** to disable LTE support when roaming. |
-| EnableIMSWhenRoaming | Set to **Yes** to enable IMS when roaming. |
-| ExcludedSystemTypesByDefault | Set the default value for **Highest connection speed** in the **Settings** > **Cellular & SIM** > **SIM** screen by specifying the bitmask for any combination of radio technology to be excluded from the default value. The connection speed that has not been excluded will show up as the highest connection speed. On dual SIM phones that only support up to 3G connection speeds, the **Highest connection speed** option is replaced by a 3G on/off toggle based on the per-device setting. Enter the binary setting to exclude 4G (`10000`) or 3G (`01000`). |
-| LTEEnabled | Select **Yes** to enable LTE, and **No** to disable LTE. |
-| LTEForced | Select **Yes** to force LTE. |
-| NetworkSuffix | To meet branding requirements for some mobile operators, you can add a suffix to the network name that is displayed on the phone. For example, you can change from ABC to ABC 3G when under 3G coverage. This feature can be applied for any radio access technology (RAT). For TD-SCDMA RAT, a 3G suffix is always appended by default, but partners can also customize this the same way as with any other RAT. In the setting name, set SYSTEMTYPE to the network type that you want to append the network name to and click **Add**:- system type 4: 2G (GSM)- system type 8: 3G (UMTS)- system type 16: LTE- system type 32: 3G (TS-SCDMA)Select the system type that you added, and enter the network name and suffix that you want displayed. |
-| NitzFiltering | For mobile networks that can receive Network Identity and Time Zone (NITZ) information from multiple sources, partners can set the phone to ignore the time received from an LTE network. Time received from a CDMA network is not affected. Set the value of NitzFiltering to `0x10`. |
-| OperatorListForExcludedSystemTypes | Enter a comma-separated list of MCC and MNC (MCC:MNC) for which system types should be restricted. For mobile operators that require more control over the system types that their phones use to connect to the mobile operators' networks, OEMs can specify the MCC and MNC of other specific operators that the main mobile operator wishes to limit. If the UICC's MCC and MNC matches any of the pairs that OEMs can specify for the operator, a specified RIL system type will be removed from the UICC regardless of its app types, slot position, or executor mapping. This setting is used only for China. OEMs should not use this setting unless required by the mobile operator. Set the value of the OperatorListForExcludedSystemTypes setting a comma separated list of MCC:MNC pairs for which the system types should be restricted. For example, the value can be set to 310:026,310:030 to restrict operators with an MCC:MNC of 310:026 and 310:030. (Removed in Windows 10, version 1803.) |
-| OperatorPreferredForFasterRadio | Set Issuer Identification Number (IIN) or partial ICCID of preferred operator for the faster radio. For mobile operators that require more control over the system types that their phones use to connect to the mobile operators' networks, OEMs can map a partial ICCID or an Industry Identification Number (IIN) to the faster radio regardless of which SIM card is chosen for data connectivity. This setting is used only for China. OEMs should not use this setting unless required by the mobile operator. To map a partial ICCID or an IIN to the faster radio regardless of which SIM card is chosen for data connectivity, set the value of OperatorPreferredForFasterRadio to match the IIN or the ICCID, up to 7 digits, of the preferred operator. (Removed in Windows 10, version 1803.) |
-| SuggestDataRoamingARD | Use to show the data roaming suggestion dialog when roaming and the data roaming setting is set to no roaming. |
-
-
-### RCS
+## RCS
See descriptions in Windows Configuration Designer.
-
+## SMS
-
-### SMS
+|Setting |Description|
+|:--|:--|
+|AckExpirySeconds |Set the value, in seconds, for how long to wait for a client ACK before trying to deliver.|
+|DefaultMCC |Set the default mobile country code (MCC). |
+|Encodings > GSM7BitEncodingPage |Enter the code page value for the 7-bit GSM default alphabet encoding. Values:- Code page value: 55000 (Setting value: 0xD6D8)(Code page: default alphabet)- Code page value: 55001 (Setting value: 0xD6D9)(Code page: GSM with single shift for Spanish)- Code page value: 55002 (Setting value: 0xD6DA)(Code page: GSM with single shift for Portuguese)- Code page value: 55003 (Setting value: 0xD6DB)(Code page: GSM with single shift for Turkish)- Code page value: 55004 (Setting value: 0xD6DC)(Code page: SMS Greek Reduction)|
+|Encodings > GSM8BitEncodingPage |Enter the code page value for GSM 8-bit encoding (OEM set). OEM-created code page IDs should be in the range 55050–55099.|
+|Encodings > OctetEncodingPage |Set the octet (binary) encoding.|
+|Encodings > SendUDHNLSS |Set the 7 bit GSM shift table encoding. |
+|Encodings > UseASCII |Set the 7 bit ASCII encoding. Used only for CDMA carriers that use 7-bit ASCII encoding instead of GSM 7-bit encoding.|
+|Encodings > UseKeyboardLangague |Set whether to use the keyboard language (Portuguese, Spanish, or Turkish) based encoding (set shift table based on keyboard language).|
+|IncompleteMsgDeliverySeconds |Set the value, in seconds, for long to wait for all parts of multisegment Sprint messages for concatenation. |
+|MessageExpirySeconds |Partners can set the expiration time before the phone deletes the received parts of a long SMS message. For example, if the phone is waiting for a three-part SMS message and the first part has been received, the first part will be deleted when the time expires and the other part of the message has not arrived. If the second part of the message arrives before the time expires, the first and second parts of the message will be deleted if the last part does not arrive after the time expires. The expiration time is reset whenever the next part of the long message is received. Set MessageExpirySeconds to the number seconds that the phone should wait before deleting the received parts of a long SMS messages. This value should be in hexadecimal and must be prefixed with 0x. The default value is 0x15180, which is equivalent to 1 day or 86,400 seconds. |
+|SmsFragmentLimit|Partners can specify a maximum length for SMS messages. This requires setting both the maximum number of SMS fragments per SMS message, from 1 to 255, and the maximum size in bytes of each SMS fragment, from 16 to 140 bytes. Use SmsFragmentLimit to set the maximum number of bytes in the user data body of an SMS message. You must set the value between 16 (0x10) and 140 (0x8C). You must also use SmsPageLimit to set the maximum number of segments in a concatenated SMS message. |
+|SmsPageLimit|Partners can specify a maximum length for SMS messages. This requires setting both the maximum number of SMS fragments per SMS message, from 1 to 255, and the maximum size in bytes of each SMS fragment, from 16 to 140 bytes. Use SmsPageLimit to set the maximum number of segments in a concatenated SMS message. You must set the value to 255 (0xFF) or smaller. You must also use SmsFragmentLimit to set the maximum number of bytes in the body of the SMS message.|
+|SprintFragmentInfoInBody |Partners can enable the messaging client to allow users to enter more than 160 characters per message. Messages longer than 160 characters are sent as multiple SMS messages that contain a tag at the beginning of the message in the form "(1/2)", where the first number represents the segment or part number and the second number represents the total number of segments or parts. Multiple messages are limited to 6 total segments. When enabled, the user cannot enter more characters after the 6 total segments limit is reached. Any message received with tags at the beginning is recombined with its corresponding segments and shown as one composite message.|
+|Type3GPP > ErrorHandling > ErrorType |Enter a name for ERRORCODE3GPP, and click **Add**. Configure the error type that you added as **Transient Failure** or **Permanent Failure**.|
+|Type3GPP > ErrorHandling > FriendlyErrorClass |Enter a name for ERRORCODE3GPP, and click **Add**. Configure the error class that you added as **generic error**, **invalid recipient address**, or **network connectivity trouble**.|
+|Type3GPP > IMS > SmsUse16BitReferenceNumbers |Configure whether to use 8-bit or 16-bit message ID (reference number) in the UDH.|
+|Type3GPP2 > ErrorHandling > FriendlyErrorClass |Enter a name for ERRORCODE3GPP2, and click **Add**. Configure the error class that you added as **generic error**, **invalid recipient address**, or **network connectivity trouble**.|
+| Type3GPP2 > ErrorHandling > UseReservedAsPermanent |Set the 3GPP2 permanent error type.|
-| Setting | Description |
-|----------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| AckExpirySeconds | Set the value, in seconds, for how long to wait for a client ACK before trying to deliver. |
-| DefaultMCC | Set the default mobile country code (MCC). |
-| Encodings > GSM7BitEncodingPage | Enter the code page value for the 7-bit GSM default alphabet encoding. Values:- Code page value: 55000 (Setting value: 0xD6D8)(Code page: default alphabet)- Code page value: 55001 (Setting value: 0xD6D9)(Code page: GSM with single shift for Spanish)- Code page value: 55002 (Setting value: 0xD6DA)(Code page: GSM with single shift for Portuguese)- Code page value: 55003 (Setting value: 0xD6DB)(Code page: GSM with single shift for Turkish)- Code page value: 55004 (Setting value: 0xD6DC)(Code page: SMS Greek Reduction) |
-| Encodings > GSM8BitEncodingPage | Enter the code page value for GSM 8-bit encoding (OEM set). OEM-created code page IDs should be in the range 55050–55099. For more information, see [Add encoding extension tables for SMS](/windows-hardware/customize/mobile/mcsf/add-encoding-extension-tables-for-sms). |
-| Encodings > OctetEncodingPage | Set the octet (binary) encoding. |
-| Encodings > SendUDHNLSS | Set the 7 bit GSM shift table encoding. |
-| Encodings > UseASCII | Set the 7 bit ASCII encoding. Used only for CDMA carriers that use 7-bit ASCII encoding instead of GSM 7-bit encoding. |
-| Encodings > UseKeyboardLangague | Set whether to use the keyboard language (Portuguese, Spanish, or Turkish) based encoding (set shift table based on keyboard language). |
-| IncompleteMsgDeliverySeconds | Set the value, in seconds, for long to wait for all parts of multisegment Sprint messages for concatenation. |
-| MessageExpirySeconds | Partners can set the expiration time before the phone deletes the received parts of a long SMS message. For example, if the phone is waiting for a three-part SMS message and the first part has been received, the first part will be deleted when the time expires and the other part of the message has not arrived. If the second part of the message arrives before the time expires, the first and second parts of the message will be deleted if the last part does not arrive after the time expires. The expiration time is reset whenever the next part of the long message is received. Set MessageExpirySeconds to the number seconds that the phone should wait before deleting the received parts of a long SMS messages. This value should be in hexadecimal and must be prefixed with 0x. The default value is 0x15180, which is equivalent to 1 day or 86,400 seconds. |
-| SmsFragmentLimit | Partners can specify a maximum length for SMS messages. This requires setting both the maximum number of SMS fragments per SMS message, from 1 to 255, and the maximum size in bytes of each SMS fragment, from 16 to 140 bytes. Use SmsFragmentLimit to set the maximum number of bytes in the user data body of an SMS message. You must set the value between 16 (0x10) and 140 (0x8C). You must also use SmsPageLimit to set the maximum number of segments in a concatenated SMS message. |
-| SmsPageLimit | Partners can specify a maximum length for SMS messages. This requires setting both the maximum number of SMS fragments per SMS message, from 1 to 255, and the maximum size in bytes of each SMS fragment, from 16 to 140 bytes. Use SmsPageLimit to set the maximum number of segments in a concatenated SMS message. You must set the value to 255 (0xFF) or smaller. You must also use SmsFragmentLimit to set the maximum number of bytes in the body of the SMS message. |
-| SprintFragmentInfoInBody | Partners can enable the messaging client to allow users to enter more than 160 characters per message. Messages longer than 160 characters are sent as multiple SMS messages that contain a tag at the beginning of the message in the form "(1/2)", where the first number represents the segment or part number and the second number represents the total number of segments or parts. Multiple messages are limited to 6 total segments. When enabled, the user cannot enter more characters after the 6 total segments limit is reached. Any message received with tags at the beginning is recombined with its corresponding segments and shown as one composite message. |
-| Type3GPP > ErrorHandling > ErrorType | Enter a name for ERRORCODE3GPP, and click **Add**. Configure the error type that you added as **Transient Failure** or **Permanent Failure**. |
-| Type3GPP > ErrorHandling > FriendlyErrorClass | Enter a name for ERRORCODE3GPP, and click **Add**. Configure the error class that you added as **generic error**, **invalid recipient address**, or **network connectivity trouble**. |
-| Type3GPP > IMS > SmsUse16BitReferenceNumbers | Configure whether to use 8-bit or 16-bit message ID (reference number) in the UDH. |
-| Type3GPP2 > ErrorHandling > FriendlyErrorClass | Enter a name for ERRORCODE3GPP2, and click **Add**. Configure the error class that you added as **generic error**, **invalid recipient address**, or **network connectivity trouble**. |
-| Type3GPP2 > ErrorHandling > UseReservedAsPermanent | Set the 3GPP2 permanent error type. |
-
-
-### UTK
-
-Setting | Description
---- | ---
-UIDefaultDuration | Specifies the default time, in milliseconds, that the DISPLAY TEXT, GET INKEY, PLAY TONE, or SELECT ITEM dialog should be displayed. The default value is 60000 milliseconds (60 seconds). The valid value range is 1-120000.
-UIGetInputDuration | Specifies the default time, in milliseconds, that the GET INPUT dialog should be displayed. The default value is 120000 milliseconds (120 seconds). The valid value range is 1-120000.
+### UTK
+|Setting |Description|
+|:---|:---|
+|UIDefaultDuration | Specifies the default time, in milliseconds, that the DISPLAY TEXT, GET INKEY, PLAY TONE, or SELECT ITEM dialog should be displayed. The default value is 60000 milliseconds (60 seconds). The valid value range is 1-120000. |
+|UIGetInputDuration |Specifies the default time, in milliseconds, that the GET INPUT dialog should be displayed. The default value is 120000 milliseconds (120 seconds). The valid value range is 1-120000.|
### VoLTE
-Setting | Description
---- | ---
-IMSOMADMServices | Allows configuration of OMA DM Services Mask. The value is mapped directly to RIL_IMS_NW_ENABLED_FLAGS on the modem side. To configure the OMA DM services mask, set the IMSOMADMServices setting to one of the following values:- None, Flag: 0, Bitmask: 00000- OMA DM, Flag: 1, Bitmask: 00001- Voice, Flag: 2, Bitmask: 00010- Video, Flag: 4, Bitmask: 00100- EAB presence, Flag: 8, Bitmask: 01000- Enable all services, Flag: 15, Bitmask: 10000
-IMSServices | Identifies which IMS services are enabled (if any). The value is any combination of flags 1 (IMS), 2 (SMS over IMS), 4 (Voice over IMS) and 8 (Video Over IMS). Set the value for the IMSServices setting to any combination of the following flags or bitmasks:- IMS, Flag: 1, Bitmask: 0001- SMS over IMS, Flag: 2, Bitmask: 0010- Voice over IMS, Flag: 4, Bitmask: 0100Video over IMS, Flag: 8, Bitmask: 1000
+|Setting | Description|
+|:---|:---|
+|IMSOMADMServices |Allows configuration of OMA DM Services Mask. The value is mapped directly to RIL_IMS_NW_ENABLED_FLAGS on the modem side. To configure the OMA DM services mask, set the IMSOMADMServices setting to one of the following values:- None, Flag: 0, Bitmask: 00000- OMA DM, Flag: 1, Bitmask: 00001- Voice, Flag: 2, Bitmask: 00010- Video, Flag: 4, Bitmask: 00100- EAB presence, Flag: 8, Bitmask: 01000- Enable all services, Flag: 15, Bitmask: 10000|
+|IMSServices |Identifies which IMS services are enabled (if any). The value is any combination of flags 1 (IMS), 2 (SMS over IMS), 4 (Voice over IMS) and 8 (Video Over IMS). Set the value for the IMSServices setting to any combination of the following flags or bitmasks:- IMS, Flag: 1, Bitmask: 0001- SMS over IMS, Flag: 2, Bitmask: 0010- Voice over IMS, Flag: 4, Bitmask: 0100Video over IMS, Flag: 8, Bitmask: 1000|
+## Error messages for reject codes
-
-## Error messages for reject codes
-
-
-Reject code | Extended error message | Short error message
---- | --- | ---
-2 (The SIM card hasn't been activated or has been deactivated) | SIM not set up MM#2 | Invalid SIM
-3 (The SIM card fails authentication or one of the identity check procedures. This can also happen due to a duplication of the TMSI across different MSCs.) | Can't verify SIM MM#3 | Invalid SIM
-6 (The device has been put on a block list, such as when the phone has been stolen or the IMEI is restricted.) | Phone not allowed MM#6 | No service
+|Reject code |Extended error message |Short error message|
+|:---|:---|:---|
+|2 (The SIM card hasn't been activated or has been deactivated) | SIM not set up MM#2 | Invalid SIM|
+|3 (The SIM card fails authentication or one of the identity check procedures. This can also happen due to a duplication of the TMSI across different MSCs.) |Can't verify SIM MM#3 |Invalid SIM|
+|6 (The device has been put on a block list, such as when the phone has been stolen or the IMEI is restricted.) | Phone not allowed MM#6 | No service|
+
## Values for MultivariantProvisionedSPN
Set the MultivariantProvisionedSPN value to the name of the SPN or mobile operator.
-The following table shows the scenarios supported by this customization:
+The following table shows the scenarios supported by this customization.
>[!NOTE]
>In the Default SIM name column:
>
->- The " " in MultivariantProvisionedSPN" "1234 means that there is a space between the mobile operator name or SPN and the last 4 digits of the MSISDN.
+>- The " " in MultivariantProvisionedSPN" "1234 means that there's a space between the mobile operator name or SPN and the last 4 digits of the MSISDN.
>- MultivariantProvisionedSPN means the value that you set for the MultivariantProvisionedSPN setting.
>- SIM 1 or SIM 2 is the default friendly name for the SIM in slot 1 or slot 2.
-
-Multivariant setting set?|SPN provisioned?|MSISDN (last 4 digits: 1234, for example) provisioned?|Default SIM name
+Multivariant setting set?|SPN provisioned?|MSISDN (last four digits: 1234, for example) provisioned?|Default SIM name
--- | --- | --- | ---
Yes|Yes|Yes|*MultivariantProvisionedSPN*1234 or *MultivariantProvisionedSPN*" "1234
Yes|No|No|*MultivariantProvisionedSPN* (up to 16 characters)
diff --git a/windows/configuration/wcd/wcd-cellular.md b/windows/configuration/wcd/wcd-cellular.md
index f2ba57eae2..d0a091f53f 100644
--- a/windows/configuration/wcd/wcd-cellular.md
+++ b/windows/configuration/wcd/wcd-cellular.md
@@ -4,8 +4,6 @@ ms.reviewer:
manager: dougeby
description: This section describes the Cellular settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-certificates.md b/windows/configuration/wcd/wcd-certificates.md
index 668d0bb304..02b779a5db 100644
--- a/windows/configuration/wcd/wcd-certificates.md
+++ b/windows/configuration/wcd/wcd-certificates.md
@@ -2,8 +2,6 @@
title: Certificates (Windows 10)
description: This section describes the Certificates settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
@@ -21,7 +19,7 @@ Use to deploy Root Certificate Authority (CA) certificates to devices. The follo
- In [ClientCertificates](#clientcertificates), you specify a certificate that will be added to the Personal store on the target device, and provide (password, keylocation), (and configure whether the certificate can be exported).
- In [RootCertificates](#rootcertificates), you specify a certificate that will be added to the Trusted Root CA store on the target device.
- In [TrustedPeopleCertificates](#trustedpeoplecertificates), you specify a certificate that will be added to the Trusted People store on the target device.
-- In [TrustedProvisioners](#trustedprovisioners), you specify a certificate which allows devices to automatically trust packages from the specified publisher.
+- In [TrustedProvisioners](#trustedprovisioners), you specify a certificate that allows devices to automatically trust packages from the specified publisher.
## Applies to
@@ -33,14 +31,14 @@ Use to deploy Root Certificate Authority (CA) certificates to devices. The follo
## CACertificates
1. In **Available customizations**, select **CACertificates**, enter a friendly name for the certificate, and then click **Add**.
-2. In **Available customizations**, select the name that you just created.
+2. In **Available customizations**, select the name that you created.
3. In **CertificatePath**, browse to or enter the path to the certificate.
## ClientCertificates
1. In **Available customizations**, select **ClientCertificates**, enter a friendly name for the certificate, and then click **Add**.
-2. In **Available customizations**, select the name that you just created. The following table describes the settings you can configure. Settings in **bold** are required.
+2. In **Available customizations**, select the name that you created. The following table describes the settings you can configure. Settings in **bold** are required.
| Setting | Value | Description |
| --- | --- | ---- |
@@ -52,20 +50,20 @@ Use to deploy Root Certificate Authority (CA) certificates to devices. The follo
## RootCertificates
1. In **Available customizations**, select **RootCertificates**, enter a friendly name for the certificate, and then click **Add**.
-2. In **Available customizations**, select the name that you just created.
+2. In **Available customizations**, select the name that you created.
3. In **CertificatePath**, browse to or enter the path to the certificate.
## TrustedPeopleCertificates
1. In **Available customizations**, select **TrustedPeopleCertificates**, enter a friendly name for the certificate, and then click **Add**.
-2. In **Available customizations**, select the name that you just created.
+2. In **Available customizations**, select the name that you created.
3. In **TrustedCertificate**, browse to or enter the path to the certificate.
## TrustedProvisioners
1. In **Available customizations**, select **TrustedPprovisioners**, enter a CertificateHash, and then click **Add**.
-2. In **Available customizations**, select the name that you just created.
+2. In **Available customizations**, select the name that you created.
3. In **TrustedProvisioner**, browse to or enter the path to the certificate.
## Related topics
diff --git a/windows/configuration/wcd/wcd-changes.md b/windows/configuration/wcd/wcd-changes.md
index d196972424..7fae1e2c06 100644
--- a/windows/configuration/wcd/wcd-changes.md
+++ b/windows/configuration/wcd/wcd-changes.md
@@ -4,8 +4,6 @@ ms.reviewer:
manager: dougeby
description: This section describes the changes to settings in Windows Configuration Designer in Windows 10, version 1809.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-cleanpc.md b/windows/configuration/wcd/wcd-cleanpc.md
index 090081972f..fdcbf1dd2a 100644
--- a/windows/configuration/wcd/wcd-cleanpc.md
+++ b/windows/configuration/wcd/wcd-cleanpc.md
@@ -2,8 +2,6 @@
title: CleanPC (Windows 10)
description: This section describes the CleanPC settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-connections.md b/windows/configuration/wcd/wcd-connections.md
index e71332a303..4468f64eee 100644
--- a/windows/configuration/wcd/wcd-connections.md
+++ b/windows/configuration/wcd/wcd-connections.md
@@ -2,8 +2,6 @@
title: Connections (Windows 10)
description: This section describes the Connections settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
@@ -26,7 +24,7 @@ Use to configure settings related to various types of phone connections.
For each setting group:
1. In **Available customizations**, select the setting group (such as **Cellular**), enter a friendly name for the connection, and then click **Add**.
-2. In **Available customizations**, select the name that you just created.
+2. In **Available customizations**, select the name that you created.
## Cellular
diff --git a/windows/configuration/wcd/wcd-connectivityprofiles.md b/windows/configuration/wcd/wcd-connectivityprofiles.md
index 4f9bd01b6e..21f4e49131 100644
--- a/windows/configuration/wcd/wcd-connectivityprofiles.md
+++ b/windows/configuration/wcd/wcd-connectivityprofiles.md
@@ -2,8 +2,6 @@
title: ConnectivityProfiles (Windows 10)
description: This section describes the ConnectivityProfile settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
@@ -33,7 +31,7 @@ Use to configure profiles that a user will connect with, such as an email accoun
Specify an email account to be automatically set up on the device.
1. In **Available customizations**, select **Email**, enter a friendly name for the account, and then click **Add**.
-2. In **Available customizations**, select the name that you just created. The following table describes the settings you can configure for each account. Settings in **bold** are required.
+2. In **Available customizations**, select the name that you created. The following table describes the settings you can configure for each account. Settings in **bold** are required.
| Setting | Description |
| --- | --- |
@@ -63,7 +61,7 @@ Configure settings related to Exchange email server. These settings are related
1. In **Available customizations**, select **Exchange**, enter a name for the account, and then click **Add**. A globally unique identifier (GUID) is generated for the account.
-2. In **Available customizations**, select the GUID that you just created. The following table describes the settings you can configure. Settings in **bold** are required.
+2. In **Available customizations**, select the GUID that you created. The following table describes the settings you can configure. Settings in **bold** are required.
| Setting | Description |
| --- | --- |
@@ -90,7 +88,7 @@ Configure settings related to Exchange email server. These settings are related
## KnownAccounts
-Configure the settings to add additional email accounts.
+Configure the settings to add more email accounts.
| Setting | Description |
| --- | --- |
@@ -112,7 +110,7 @@ Configure settings to change the default maximum transmission unit ([MTU](#mtu))
### VPN
1. In **Available customizations**, select **VPNSetting**, enter a friendly name for the account, and then click **Add**.
-2. In **Available customizations**, select the name that you just created. The following table describes the settings you can configure. Settings in **bold** are required.
+2. In **Available customizations**, select the name that you created. The following table describes the settings you can configure. Settings in **bold** are required.
| Setting | Description |
| --- | --- |
@@ -120,14 +118,14 @@ Configure settings to change the default maximum transmission unit ([MTU](#mtu))
| AlwaysOn | Set to **True** to automatically connect the VPN at sign-in |
| ByPassForLocal | When set to **True**, requests to local resources on the same Wi-Fi network as the VPN client can bypass VPN |
| DnsSuffix | Enter one or more comma-separated DNS suffixes. The first suffix listed is used as the primary connection-specific DNS suffix for the VPN interface. The list is added to the SuffixSearchList. |
-| LockDown | When set to **True**:- Profile automatically becomes an "always on" profile- VPN cannot be disconnected-If the profile is not connected, the user has no network connectivity- No other profiles can be connected or modified |
+| LockDown | When set to **True**:- Profile automatically becomes an "always on" profile- VPN can't be disconnected-If the profile isn't connected, the user has no network connectivity- No other profiles can be connected or modified |
| Proxy | Configure to **Automatic** or **Manual** |
| ProxyAutoConfigUrl | When **Proxy** is set to **Automatic**, enter the URL to automatically retrieve the proxy settings |
| ProxyServer | When **Proxy** is set to **Manual**, enter the proxy server address as a fully qualified hostname or enter `IP address:Port` |
| RememberCredentials | Select whether credentials should be cached |
-| TrustedNetworkDetection | Enter a comma-separated string to identify the trusted network. VPN will not connect automatically when the user is on their corporate wireless network where protected resources are directly accessible to the device. |
+| TrustedNetworkDetection | Enter a comma-separated string to identify the trusted network. VPN won't connect automatically when the user is on their corporate wireless network where protected resources are directly accessible to the device. |
-When **ProfileType** is set to **Native**, the following additional settings are available.
+When **ProfileType** is set to **Native**, the following extra settings are available.
Setting | Description
--- | ---
@@ -137,11 +135,11 @@ NativeProtocolType | Choose between **PPTP**, **L2TP**, **IKEv2**, and **Automat
RoutingPolicyType | Choose between **SplitTunnel**, in which traffic can go over any interface as determined by the networking stack, and **ForceTunnel**, in which all IP traffic must go over the VPN interface.
Server | Enter the public or routable IP address or DNS name for the VPN gateway. It can point to the external IP of a gateway or a virtual IP for a server farm.
-When **ProfileType** is set to **Third Party**, the following additional settings are available.
+When **ProfileType** is set to **Third Party**, the following extra settings are available.
Setting | Description
--- |---
-PluginProfileCustomConfiguration | Enter HTML-encoded XML for SSL-VPN plug-in specific configuration, including authentication information that is deployed to the device to make it available for SSL-VPN plug-ins. Contact the plug-in provider for format and other details. Most plug-ins can also configure values based on the server negotiations as well as defaults.
+PluginProfileCustomConfiguration | Enter HTML-encoded XML for SSL-VPN plug-in specific configuration, including authentication information that is deployed to the device to make it available for SSL-VPN plug-ins. Contact the plug-in provider for format and other details. Most plug-ins can also configure values based on the server negotiations and defaults.
PluginProfilePackageFamilyName | Choose between **Pulse Secure VPN**, **F5 VPN Client**, and **SonicWALL Mobile Connect**.
PluginProfileServerUrlList | Enter a comma-separated list of servers in URL, hostname, or IP format.
@@ -175,7 +173,7 @@ You can use these settings to configure system capabilities for Wi-Fi adapters,
| --- | --- |
| CoexistenceSupport | Specify the type of co-existence that's supported on the device:- **Both**: Both Wi-Fi and Bluetooth work at the same performance level during co-existence- **Wi-Fi reduced**: On a 2X2 system, Wi-Fi performance is reduced to 1X1 level- **Bluetooth centered**: When co-existing, Bluetooth has priority and restricts Wi-Fi performance- **One**: Either Wi-Fi or Bluetooth will stop working |
| NumAntennaConnected | Enter the number of antennas that are connected to the WLAN radio |
-| SimultaneousMultiChannelSupported | Enter the maximum number of channels that the Wi-Fi device can simultaneously operate on. For example, you can use this to specify support for Station mode and Wi-Fi Direct GO on separate channels simultaneously. |
+| SimultaneousMultiChannelSupported | Enter the maximum number of channels that the Wi-Fi device can simultaneously operate on. For example, you can use this setting to specify support for Station mode and Wi-Fi Direct GO on separate channels simultaneously. |
| WLANFunctionLevelDeviceResetSupported | Select whether the device supports functional level device reset (FLDR). The FLDR feature in the OS checks this system capability exclusively to determine if it can run. |
| WLANPlatformLevelDeviceResetSupported | Select whether the device supports platform level device reset (PLDR). The PLDR feature in the OS checks this system capability exclusively to determine if it can run. |
@@ -194,7 +192,7 @@ Configure settings for wireless connectivity.
### WLANXmlSettings
-Enter a SSID, click **Add**, and then configure the following settings for the SSID.
+Enter an SSID, click **Add**, and then configure the following settings for the SSID.
| Settings | Description |
| --- | --- |
diff --git a/windows/configuration/wcd/wcd-countryandregion.md b/windows/configuration/wcd/wcd-countryandregion.md
index e09bfedbeb..2d326165c7 100644
--- a/windows/configuration/wcd/wcd-countryandregion.md
+++ b/windows/configuration/wcd/wcd-countryandregion.md
@@ -2,8 +2,6 @@
title: CountryAndRegion (Windows 10)
description: This section describes the CountryAndRegion settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-desktopbackgroundandcolors.md b/windows/configuration/wcd/wcd-desktopbackgroundandcolors.md
index e8ea46b7dc..dccfa2bfd8 100644
--- a/windows/configuration/wcd/wcd-desktopbackgroundandcolors.md
+++ b/windows/configuration/wcd/wcd-desktopbackgroundandcolors.md
@@ -2,8 +2,6 @@
title: DesktopBackgroundAndColors (Windows 10)
description: This section describes the DesktopBackgrounAndColors settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-developersetup.md b/windows/configuration/wcd/wcd-developersetup.md
index 6d1c176a3d..62715da105 100644
--- a/windows/configuration/wcd/wcd-developersetup.md
+++ b/windows/configuration/wcd/wcd-developersetup.md
@@ -2,8 +2,6 @@
title: DeveloperSetup (Windows 10)
description: This section describes the DeveloperSetup settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-deviceformfactor.md b/windows/configuration/wcd/wcd-deviceformfactor.md
index 8a4fe3064e..a643a6b0f5 100644
--- a/windows/configuration/wcd/wcd-deviceformfactor.md
+++ b/windows/configuration/wcd/wcd-deviceformfactor.md
@@ -2,8 +2,6 @@
title: DeviceFormFactor (Windows 10)
description: This section describes the DeviceFormFactor setting that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
@@ -36,7 +34,7 @@ Select the appropriate form from the dropdown menu.
| --- | --- |
| Phone | A typical smartphone combines cellular connectivity, a touch screen, rechargeable power source, and other components into a single chassis. |
| LargeScreen | Microsoft Surface Hub |
-| HMD | (Head-mounted display) A holographic computer that is completely untethered - no wires, phones, or connection to a PC needed. |
+| HMD | (Head-mounted display) A holographic computer that is untethered - no wires, phones, or connection to a PC needed. |
| IndustryHandheld | A device screen less than 7” diagonal designed for industrial solutions. May or may not have a cellular stack. |
| IndustryTablet | A device with an integrated screen greater than 7” diagonal and no attached keyboard designed for industrial solutions as opposed to consumer personal computer. May or may not have a cellular stack. |
| Banking | A machine at a bank branch or another location that enables customers to perform basic banking activities including withdrawing money and checking one's bank balance. |
@@ -56,10 +54,10 @@ Select the appropriate form from the dropdown menu.
| Toy | A device used solely for enjoyment or entertainment. |
| Vending | A machine that dispenses items in exchange for payment in the form of coin, currency, or credit/debit card. |
| IndustryOther |A device that doesn't fit into any of the previous categories. |
-| Desktop | A desktop PC form factor traditional comes in an upright tower or small desktop chassis and does not have an integrated screen. |
-| Notebook | A notebook is a portable clamshell device with an attached keyboard that cannot be removed. |
-| Convertible | A convertible device is an evolution of the traditional notebook where the keyboard can be swiveled, rotated or flipped, but not completely removed. It is a blend between a traditional notebook and tablet, also called a 2-in-1. |
-| Detachable | A detachable device is an evolution of the traditional notebook where the keyboard can be completely removed. It is a blend between a traditional notebook and tablet, also called a 2-in-1. |
+| Desktop | A desktop PC form factor traditional comes in an upright tower or small desktop chassis and doesn't have an integrated screen. |
+| Notebook | A notebook is a portable clamshell device with an attached keyboard that can't be removed. |
+| Convertible | A convertible device is an evolution of the traditional notebook where the keyboard can be swiveled, rotated or flipped, but not completely removed. It's a blend between a traditional notebook and tablet, also called a 2-in-1. |
+| Detachable | A detachable device is an evolution of the traditional notebook where the keyboard can be removed. It's a blend between a traditional notebook and tablet, also called a 2-in-1. |
| AIO | An All-in-One (AIO) device is an evolution of the traditional desktop with an attached display. |
| Stick | A device that turns your TV into a Windows computer. Plug the stick into the HDMI slot on the TV and connect a USB or Bluetooth keyboard or mouse. |
| Puck | A small-size PC that users can use to plug in a monitor and keyboard. |
diff --git a/windows/configuration/wcd/wcd-devicemanagement.md b/windows/configuration/wcd/wcd-devicemanagement.md
index 32484edbd9..0eba4cd0e2 100644
--- a/windows/configuration/wcd/wcd-devicemanagement.md
+++ b/windows/configuration/wcd/wcd-devicemanagement.md
@@ -2,8 +2,6 @@
title: DeviceManagement (Windows 10)
description: This section describes the DeviceManagement setting that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
@@ -29,7 +27,7 @@ Use to configure device management settings.
## Accounts
1. In **Available customizations**, select **Accounts**, enter a friendly name for the account, and then click **Add**.
-2. In **Available customizations**, select the account that you just created. The following table describes the settings you can configure. Settings in **bold** are required.
+2. In **Available customizations**, select the account that you created. The following table describes the settings you can configure. Settings in **bold** are required.
| Setting | Description |
| --- | --- |
@@ -60,14 +58,14 @@ Use to configure device management settings.
## PGList
1. In **Available customizations**, select **PGList**, enter a LogicalProxyName, and then click **Add**.
-2. In **Available customizations**, select the LogicalProxyName that you just created, and then select **PhysicalProxies**.
+2. In **Available customizations**, select the LogicalProxyName that you created, and then select **PhysicalProxies**.
3. Enter a PhysicalProxyName, and then click **Add**. The following table describes the settings you can configure for the physical proxy and for **Trust**.
| Setting | Description |
| --- | --- |
| Address | Enter the address of the physical proxy |
| AddressType | Select between **E164**, **IPV4**, and **IPV^** for the format and protocol of the PXADDR element for a physical proxy |
-| MatchedNapID | Enter a string that defines the SMS bearer. This string must match the NAPID exactly. The value must contains MVID macro if it is an IPv4 PXADDRTYPE. |
+| MatchedNapID | Enter a string that defines the SMS bearer. This string must match the NAPID exactly. The value must contain MVID macro if it's an IPv4 PXADDRTYPE. |
| PushEnabled | Select whether push operations are enabled |
| Trust | Specify whether or not the physical proxies in this logical proxy are privileged |
diff --git a/windows/configuration/wcd/wcd-deviceupdatecenter.md b/windows/configuration/wcd/wcd-deviceupdatecenter.md
index 440ed6459b..83bb19007c 100644
--- a/windows/configuration/wcd/wcd-deviceupdatecenter.md
+++ b/windows/configuration/wcd/wcd-deviceupdatecenter.md
@@ -2,8 +2,6 @@
title: DeviceUpdateCenter (Windows 10)
description: This section describes the DeviceUpdateCenter settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-dmclient.md b/windows/configuration/wcd/wcd-dmclient.md
index ed596c0b34..1154e1643c 100644
--- a/windows/configuration/wcd/wcd-dmclient.md
+++ b/windows/configuration/wcd/wcd-dmclient.md
@@ -2,8 +2,6 @@
title: DMClient (Windows 10)
description: This section describes the DMClient setting that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-editionupgrade.md b/windows/configuration/wcd/wcd-editionupgrade.md
index 9c2e199008..114234aa5d 100644
--- a/windows/configuration/wcd/wcd-editionupgrade.md
+++ b/windows/configuration/wcd/wcd-editionupgrade.md
@@ -2,8 +2,6 @@
title: EditionUpgrade (Windows 10)
description: This section describes the EditionUpgrade settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-firewallconfiguration.md b/windows/configuration/wcd/wcd-firewallconfiguration.md
index 574f4d2a0d..a31d1cddcb 100644
--- a/windows/configuration/wcd/wcd-firewallconfiguration.md
+++ b/windows/configuration/wcd/wcd-firewallconfiguration.md
@@ -2,8 +2,6 @@
title: FirewallConfiguration (Windows 10)
description: This section describes the FirewallConfiguration setting that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-firstexperience.md b/windows/configuration/wcd/wcd-firstexperience.md
index a830d6925b..2f607deb18 100644
--- a/windows/configuration/wcd/wcd-firstexperience.md
+++ b/windows/configuration/wcd/wcd-firstexperience.md
@@ -1,9 +1,7 @@
---
-title: FirstExperience (Windows 10)
+title: FirstExperience
description: This section describes the FirstExperience settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
@@ -15,18 +13,18 @@ manager: dougeby
# FirstExperience (Windows Configuration Designer reference)
-Use these settings to configure the out-of-box experience (OOBE) to set up HoloLens.
+Use these settings to configure the out-of-box experience (OOBE) to set up HoloLens.
## Applies to
-| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
+| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: |
-| All settings | | | ✔️ | |
+| All settings | | | X | |
-Setting | Description
---- | ---
-PreferredRegion | Enter the [geographical location identifier](/windows/win32/intl/table-of-geographical-locations) for the region.
-PreferredTimezone | Enter the timezone. [Microsoft Time Zone Index Values](/previous-versions/windows/embedded/ms912391(v=winembedded.11))
-SkipCalibration | Initial setup of HoloLens includes a calibration step. Set to **True** to skip calibration.
-SkipTraining | Initial setup of HoloLens includes training on how to perform the gestures to operate HoloLens. Set to **True** to skip training.
-SkipWifi | Set to **True** to skip connecting to a Wi-Fi network.
**Note:** HoloLens [requires a Wi-Fi connection during setup to verify the account](/hololens/hololens-setup). To skip the Wi-Fi connection page during setup, your provisioning package must provide the network configuration. You can configure the network configuration [in the HoloLens wizard](/hololens/hololens-provisioning#create-a-provisioning-package-for-hololens-using-the-hololens-wizard) and then switch to the advanced editor to configure **FirstExperience** settings, or in advanced settings, configure a WLAN [connectivity profile](wcd-connectivityprofiles.md).
+| Setting | Description |
+| --- | --- |
+| PreferredRegion | Enter the [geographical location identifier](/windows/win32/intl/table-of-geographical-locations) for the region. |
+| PreferredTimezone | Enter the timezone. [Microsoft Time Zone Index Values](/previous-versions/windows/embedded/ms912391(v=winembedded.11)) |
+| SkipCalibration | Initial setup of HoloLens includes a calibration step. Set to **True** to skip calibration. |
+| SkipTraining | Initial setup of HoloLens includes training on how to perform the gestures to operate HoloLens. Set to **True** to skip training. |
+| SkipWifi | Set to **True** to skip connecting to a Wi-Fi network.
**Note:** HoloLens [requires a Wi-Fi connection during setup to verify the account](/hololens/hololens2-start). To skip the Wi-Fi connection page during setup, your provisioning package must provide the network configuration. You can configure the network configuration [in the HoloLens wizard](/hololens/hololens-provisioning#provisioning-package-hololens-wizard) and then switch to the advanced editor to configure **FirstExperience** settings, or in advanced settings, configure a WLAN [connectivity profile](wcd-connectivityprofiles.md). |
diff --git a/windows/configuration/wcd/wcd-folders.md b/windows/configuration/wcd/wcd-folders.md
index 1008dd3172..e45a67e31a 100644
--- a/windows/configuration/wcd/wcd-folders.md
+++ b/windows/configuration/wcd/wcd-folders.md
@@ -2,8 +2,6 @@
title: Folders (Windows 10)
description: This section describes the Folders settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-hotspot.md b/windows/configuration/wcd/wcd-hotspot.md
index cf3eb21000..db0317ff32 100644
--- a/windows/configuration/wcd/wcd-hotspot.md
+++ b/windows/configuration/wcd/wcd-hotspot.md
@@ -2,8 +2,6 @@
title: HotSpot (Windows 10)
description: This section describes the HotSpot settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-kioskbrowser.md b/windows/configuration/wcd/wcd-kioskbrowser.md
index 9e653528de..0f38069d39 100644
--- a/windows/configuration/wcd/wcd-kioskbrowser.md
+++ b/windows/configuration/wcd/wcd-kioskbrowser.md
@@ -2,8 +2,6 @@
title: KioskBrowser (Windows 10)
description: This section describes the KioskBrowser settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-licensing.md b/windows/configuration/wcd/wcd-licensing.md
index 8342ca38d7..5e1385d91a 100644
--- a/windows/configuration/wcd/wcd-licensing.md
+++ b/windows/configuration/wcd/wcd-licensing.md
@@ -2,8 +2,6 @@
title: Licensing (Windows 10)
description: This section describes the Licensing settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-location.md b/windows/configuration/wcd/wcd-location.md
index 3e0a47a230..65d0cf04b9 100644
--- a/windows/configuration/wcd/wcd-location.md
+++ b/windows/configuration/wcd/wcd-location.md
@@ -2,8 +2,6 @@
title: Location (Windows 10)
description: This section describes the Location settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-maps.md b/windows/configuration/wcd/wcd-maps.md
index cdb5ff8a79..fa05e3ac5d 100644
--- a/windows/configuration/wcd/wcd-maps.md
+++ b/windows/configuration/wcd/wcd-maps.md
@@ -2,8 +2,6 @@
title: Maps (Windows 10)
description: This section describes the Maps settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-networkproxy.md b/windows/configuration/wcd/wcd-networkproxy.md
index e16622e753..4d50550dee 100644
--- a/windows/configuration/wcd/wcd-networkproxy.md
+++ b/windows/configuration/wcd/wcd-networkproxy.md
@@ -2,8 +2,6 @@
title: NetworkProxy (Windows 10)
description: This section describes the NetworkProxy settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
@@ -29,18 +27,18 @@ Automatically detect network proxy settings.
| Value | Description |
| --- | --- |
-| 0 | Disabled. Do not automatically detect settings. |
+| 0 | Disabled. Don't automatically detect settings. |
| 1 | Enabled. Automatically detect settings. |
## ProxyServer
-Node for configuring a static proxy for Ethernet and Wi-Fi connections. The same proxy server is used for all protocols - including HTTP, HTTPS, FTP, and SOCKS. These settings do not apply to VPN connections.
+Node for configuring a static proxy for Ethernet and Wi-Fi connections. The same proxy server is used for all protocols - including HTTP, HTTPS, FTP, and SOCKS. These settings don't apply to VPN connections.
| Setting | Description |
| --- | --- |
| ProxyAddress | Address to the proxy server. Specify an address in the format `server:port`. |
-| ProxyExceptions | Addresses that should not use the proxy server. The system will not use the proxy server for addresses that begin with the values specified in this node. Use semicolons (;) to separate entries. |
-| UseProxyForLocalAddresses | Whether the proxy server should be used for local (intranet) addresses.- 0 = Disabled. Do not use the proxy server for local addresses.- 1 = Enabled. Use the proxy server for local addresses. |
+| ProxyExceptions | Addresses that shouldn't use the proxy server. The system won't use the proxy server for addresses that begin with the values specified in this node. Use semicolons (;) to separate entries. |
+| UseProxyForLocalAddresses | Whether the proxy server should be used for local (intranet) addresses.- 0 = Disabled. Don't use the proxy server for local addresses.- 1 = Enabled. Use the proxy server for local addresses. |
## SetupScriptUrl
diff --git a/windows/configuration/wcd/wcd-networkqospolicy.md b/windows/configuration/wcd/wcd-networkqospolicy.md
index 24179089bf..46d1804745 100644
--- a/windows/configuration/wcd/wcd-networkqospolicy.md
+++ b/windows/configuration/wcd/wcd-networkqospolicy.md
@@ -2,8 +2,6 @@
title: NetworkQoSPolicy (Windows 10)
description: This section describes the NetworkQoSPolicy settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-oobe.md b/windows/configuration/wcd/wcd-oobe.md
index 7ab4e1b5f7..f885d27c0e 100644
--- a/windows/configuration/wcd/wcd-oobe.md
+++ b/windows/configuration/wcd/wcd-oobe.md
@@ -4,8 +4,6 @@ ms.reviewer:
manager: dougeby
description: This section describes the OOBE settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-personalization.md b/windows/configuration/wcd/wcd-personalization.md
index 6bfb8c53ab..ecd6a488c9 100644
--- a/windows/configuration/wcd/wcd-personalization.md
+++ b/windows/configuration/wcd/wcd-personalization.md
@@ -2,8 +2,6 @@
title: Personalization (Windows 10)
description: This section describes the Personalization settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-policies.md b/windows/configuration/wcd/wcd-policies.md
index c894bdc784..59377ff9bc 100644
--- a/windows/configuration/wcd/wcd-policies.md
+++ b/windows/configuration/wcd/wcd-policies.md
@@ -4,8 +4,6 @@ ms.reviewer:
manager: dougeby
description: This section describes the Policies settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
@@ -48,10 +46,10 @@ This section describes the **Policies** settings that you can configure in [prov
| [AllowAllTrustedApps](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowalltrustedapps) | Whether non-Microsoft Store apps are allowed | ✔️ | | | ✔️ |
| [AllowAppStoreAutoUpdate](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowappstoreautoupdate) | Whether automatic update of apps from Microsoft Store is allowed | ✔️ | | | ✔️ |
| [AllowDeveloperUnlock](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowdeveloperunlock) | Whether developer unlock of device is allowed | ✔️ | ✔️ | ✔️ | ✔️ |
-| [AllowGameDVR](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowgamedvr) |Whether DVR and broadcasting is allowed | ✔️ | | | |
+| [AllowGameDVR](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowgamedvr) |Whether DVR and broadcasting are allowed | ✔️ | | | |
| [AllowSharedUserAppData](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowshareduserappdata) | Whether multiple users of the same app can share data | ✔️ | | | |
| [AllowStore](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowstore) | Whether app store is allowed at device | | | | |
-| [ApplicationRestrictions](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-applicationrestrictions) | An XML blob that specifies app restrictions, such as an allow list, disallow list, etc. | | | | |
+| [ApplicationRestrictions](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-applicationrestrictions) | An XML blob that specifies app restrictions, such as an allowlist, disallow list, etc. | | | | |
| [LaunchAppAfterLogOn](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-launchappafterlogon) |Whether to launch an app or apps when the user signs in. | ✔️ | | | |
| [RestrictAppDataToSystemVolume](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-restrictappdatatosystemvolume) | Whether app data is restricted to the system drive | ✔️ | | | ✔️ |
| [RestrictAppToSystemVolume](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-restrictapptosystemvolume) | Whether the installation of apps is restricted to the system drive | ✔️ | | | ✔️ |
@@ -65,7 +63,7 @@ This section describes the **Policies** settings that you can configure in [prov
| --- | --- | :---: | :---: | :---: | :---: |
| [AllowFastReconnect](/windows/client-management/mdm/policy-csp-authentication#authentication-allowfastreconnect) | Allows EAP Fast Reconnect from being attempted for EAP Method TLS. | ✔️ | ✔️ | ✔️ | ✔️ |
| [EnableFastFirstSignin](/windows/client-management/mdm/policy-csp-authentication#authentication-enablefastfirstsignin) | Enables a quick first sign-in experience for a user by automatically connecting new non-admin Azure AD accounts to the pre-configured candidate local accounts. | ✔️ | ✔️ | | ✔️ |
-| [EnableWebSignin](/windows/client-management/mdm/policy-csp-authentication#authentication-enablewebsignin) | Enables Windows logon support for non-ADFS federated providers (e.g. SAML). | ✔️ | ✔️ | | ✔️ |
+| [EnableWebSignin](/windows/client-management/mdm/policy-csp-authentication#authentication-enablewebsignin) | Enables Windows sign-in support for non-ADFS federated providers (for example, SAML). | ✔️ | ✔️ | | ✔️ |
| [PreferredAadTenantDomainName](/windows/client-management/mdm/policy-csp-authentication#authentication-preferredaadtenantdomainname) | Specifies the preferred domain among available domains in the Azure AD tenant. | ✔️ | ✔️ | | ✔️ |
@@ -97,7 +95,7 @@ This section describes the **Policies** settings that you can configure in [prov
[AllowConfigurationUpdateForBooksLibrary](/windows/client-management/mdm/policy-csp-browser#browser-allowconfigurationupdateforbookslibrary) | Specify whether Microsoft Edge can automatically update the configuration data for the Books Library. | ✔️ | | | |
| [AllowCookies](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowcookies) | Specify whether cookies are allowed. | ✔️ | ✔️ | | ✔️ |
| [AllowDeveloperTools](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowdevelopertools) | Specify whether employees can use F12 Developer Tools on Microsoft Edge. | ✔️ | | | |
-| [AllowDoNotTrack](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowdonottrack) | Specify whether Do Not Track headers are allowed. | ✔️ | ✔️ | | ✔️ |
+| [AllowDoNotTrack](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowdonottrack) | Specify whether Do not Track headers are allowed. | ✔️ | ✔️ | | ✔️ |
| [AllowExtensions](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowextensions) | Specify whether Microsoft Edge extensions are allowed. | ✔️ | | | |
| [AllowFlash](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowflash) | Specify whether Adobe Flash can run in Microsoft Edge. | ✔️ | | | |
| [AllowFlashClickToRun](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowflashclicktorun) | Specify whether users must take an action, such as clicking the content or a Click-to-Run button, before seeing content in Adobe Flash. | ✔️ | | | |
@@ -117,18 +115,18 @@ This section describes the **Policies** settings that you can configure in [prov
| [AllowWebContentOnNewTabPage](/windows/client-management/mdm/policy-csp-browser#browser-allowwebcontentonnewtabpage) | Specify whether a New tab page opens with the default content or a blank page. | ✔️ | ✔️ | | ✔️ |
[AlwaysEnableBooksLibrary](/windows/client-management/mdm/policy-csp-browser#browser-alwaysenablebookslibrary) | Always show the Books Library in Microsoft Edge. | ✔️ | | | |
| [ClearBrowsingDataOnExit](/windows/client-management/mdm/policy-configuration-service-provider#browser-clearbrowsingdataonexit) | Specify whether to clear browsing data when exiting Microsoft Edge. | ✔️ | | | |
-| [ConfigureAdditionalSearchEngines](/windows/client-management/mdm/policy-configuration-service-provider#browser-configureadditionalsearchengines) | Allows you to add up to 5 additional search engines for MDM-enrolled devices. | ✔️ | ✔️ | | ✔️ |
+| [ConfigureAdditionalSearchEngines](/windows/client-management/mdm/policy-configuration-service-provider#browser-configureadditionalsearchengines) | Allows you to add up to five more search engines for MDM-enrolled devices. | ✔️ | ✔️ | | ✔️ |
| [ConfigureFavoritesBar](/windows/client-management/mdm/policy-csp-browser#browser-configurefavoritesbar) | Specify whether the Favorites bar is shown or hidden on all pages. | ✔️ | | | |
-| [ConfigureHomeButton](/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton) | Configure whether the Home button will be shown, and what should happen when it is selected. You should also configure the [SetHomeButtonURL](/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl) setting. To configure this setting and also allow users to make changes to the Home button, see the [UnlockHomeButton](/windows/client-management/mdm/policy-csp-browser#browser-unlockhomebutton) setting. | ✔️ | | | |
+| [ConfigureHomeButton](/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton) | Configure whether the Home button will be shown, and what should happen when it's selected. You should also configure the [SetHomeButtonURL](/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl) setting. To configure this setting and also allow users to make changes to the Home button, see the [UnlockHomeButton](/windows/client-management/mdm/policy-csp-browser#browser-unlockhomebutton) setting. | ✔️ | | | |
| [ConfigureKioskMode](/windows/client-management/mdm/policy-csp-browser#browser-configurekioskmode) | Configure how Microsoft Edge operates when it's running in kiosk mode, either as a single-app kiosk or as one of multiple apps running on the kiosk device. | ✔️ | | | |
| [ConfigureKioskResetAfterIdleTimeout](/windows/client-management/mdm/policy-csp-browser#browser-configurekioskresetafteridletimeout) | Specify the time, in minutes, after which Microsoft Edge running in kiosk mode resets to the default kiosk configuration. | ✔️ | | | |
| [ConfigureOpenMicrosoftEdgeWith](/windows/client-management/mdm/policy-csp-browser#browser-configureopenmicrosoftedgewith) | Specify which pages should load when Microsoft Edge opens. You should also configure the [ConfigureStartPages](/windows/client-management/mdm/policy-csp-browser#browser-configurestartpages) setting and [DisableLockdownOfStartPages](/windows/client-management/mdm/policy-configuration-service-provider#browser-disablelockdownofstartpages) setting. | ✔️ | | | |
| [ConfigureTelemetryForMicrosoft365Analytics](/windows/client-management/mdm/policy-csp-browser#browser-configuretelemetryformicrosoft365analytics) | Specify whether to send Microsoft Edge browsing history data to Microsoft 365 Analytics. | ✔️ | | | |
| [DisableLockdownOfStartPages](/windows/client-management/mdm/policy-configuration-service-provider#browser-disablelockdownofstartpages) | Specify whether the lockdown on the Start pages is disabled. | ✔️ | | | |
-[EnableExtendedBooksTelemetry](/windows/client-management/mdm/policy-csp-browser#browser-enableextendedbookstelemetry) | Enable this setting to send additional diagnostic data, on top of the basic diagnostic data, from the Books tab. | ✔️ | ✔️ | | |
+[EnableExtendedBooksTelemetry](/windows/client-management/mdm/policy-csp-browser#browser-enableextendedbookstelemetry) | Enable this setting to send more diagnostic data, on top of the basic diagnostic data, from the Books tab. | ✔️ | ✔️ | | |
| [EnterpriseModeSiteList](/windows/client-management/mdm/policy-configuration-service-provider#browser-enterprisemodesitelist) | Allow the user to specify a URL of an enterprise site list. | ✔️ | | | |
| [EnterpriseSiteListServiceUrl](/windows/client-management/mdm/policy-csp-browser#browser-enterprisesitelistserviceurl) | This policy (introduced in Windows 10, version 1507) was deprecated in Windows 10, version 1511 by [Browser/EnterpriseModeSiteList](/windows/client-management/mdm/policy-configuration-service-provider#browser-enterprisemodesitelist). | ✔️ | | | |
-| [FirstRunURL](/windows/client-management/mdm/policy-configuration-service-provider#browser-firstrunurl) | Specify the URL that Microsoft Edge will use when it is opened for the first time. | ✔️ | | | |
+| [FirstRunURL](/windows/client-management/mdm/policy-configuration-service-provider#browser-firstrunurl) | Specify the URL that Microsoft Edge will use when it's opened for the first time. | ✔️ | | | |
| [HomePages](/windows/client-management/mdm/policy-configuration-service-provider#browser-homepages) | Specify your Start pages for MDM-enrolled devices. | ✔️ | | | |
[LockdownFavorites](/windows/client-management/mdm/policy-csp-browser#browser-lockdownfavorites) | Configure whether employees can add, import, sort, or edit the Favorites list in Microsoft Edge. | ✔️ | | | |
| [PreventAccessToAboutFlagsInMicrosoftEdge](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventaccesstoaboutflagsinmicrosoftedge) | Specify whether users can access the **about:flags** page, which is used to change developer settings and to enable experimental features. | ✔️ | ✔️ | | ✔️ |
@@ -138,9 +136,9 @@ This section describes the **Policies** settings that you can configure in [prov
| [PreventSmartScreenPromptOverride](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventsmartscreenpromptoverride) | Specify whether users can override the Windows Defender SmartScreen warnings about potentially malicious websites. | ✔️ | ✔️ | | ✔️ |
| [PreventSmartScreenPromptOverrideForFiles](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventsmartscreenpromptoverrideforfiles) | Specify whether users can override the Windows Defender SmartScreen warnings about downloading unverified files. | ✔️ | ✔️ | | ✔️ |
PreventTabPreloading | Prevent Microsoft Edge from starting and loading the Start and New Tab page at Windows startup and each time Microsoft Edge is closed. Applies to Windows 10, version 1803 and earlier only. | ✔️ | | | |
-| [PreventTurningOffRequiredExtensions](/windows/client-management/mdm/policy-configuration-service-provider#browser-forceenabledextensions) | Enter a list of extensions in Microsoft Edge that users cannot turn off, using a semi-colon delimited list of extension package family names. | ✔️ | | | |
+| [PreventTurningOffRequiredExtensions](/windows/client-management/mdm/policy-configuration-service-provider#browser-forceenabledextensions) | Enter a list of extensions in Microsoft Edge that users can't turn off, using a semi-colon delimited list of extension package family names. | ✔️ | | | |
| [PreventUsingLocalHostIPAddressForWebRTC](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventusinglocalhostipaddressforwebrtc) | Specify whether a user's localhost IP address is displayed while making phone calls using the WebRTC protocol. | ✔️ | ✔️ | | ✔️ |
-[ProvisionFavorites](/windows/client-management/mdm/policy-csp-browser#browser-provisionfavorites) | Configure a default set of favorites which will appear for employees. | ✔️ | | | |
+[ProvisionFavorites](/windows/client-management/mdm/policy-csp-browser#browser-provisionfavorites) | Configure a default set of favorites that will appear for employees. | ✔️ | | | |
| [SendIntranetTraffictoInternetExplorer](/windows/client-management/mdm/policy-configuration-service-provider#browser-sendintranettraffictointernetexplorer) | Specify whether to send intranet traffic to Internet Explorer. | ✔️ | | | |
| [SetDefaultSearchEngine](/windows/client-management/mdm/policy-configuration-service-provider#browser-setdefaultsearchengine) | Configure the default search engine for your employees. | ✔️ | ✔️ | | ✔️ |
| [SetHomeButtonURL](/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl) | Specify a custom URL for the Home button. You should also enable the [ConfigureHomeButton](/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton) setting and select the **Show the home button; clicking the home button loads a specific URL** option. | ✔️ | | | |
@@ -177,7 +175,7 @@ PreventTabPreloading | Prevent Microsoft Edge from starting and loading the Star
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: |
-[DisableAutomaticReDeploymentCredentials](/windows/client-management/mdm/policy-csp-credentialproviders) | This setting disables the visibility of the credential provider that triggers the PC refresh on a device. This policy does not actually trigger the refresh. The admin user is required to authenticate to trigger the refresh on the target device. The Windows 10 Autopilot Reset feature allows admin to reset devices to a known good managed state while preserving the management enrollment. After the automatic redeployment is triggered the devices are for ready for use by information workers or students. | ✔️ | | | |
+[DisableAutomaticReDeploymentCredentials](/windows/client-management/mdm/policy-csp-credentialproviders) | This setting disables the visibility of the credential provider that triggers the PC refresh on a device. This policy doesn't actually trigger the refresh. The admin user is required to authenticate to trigger the refresh on the target device. The Windows 10 Autopilot Reset feature allows admin to reset devices to a known good managed state while preserving the management enrollment. After the automatic redeployment is triggered, the devices are for ready for use by information workers or students. | ✔️ | | | |
## Cryptography
@@ -207,7 +205,7 @@ PreventTabPreloading | Prevent Microsoft Edge from starting and loading the Star
| [DaysToRetainCleanedMalware](/windows/client-management/mdm/policy-configuration-service-provider#defender-daystoretaincleanedmalware) | Specify time period (in days) that quarantine items will be stored on the system. | ✔️ | | | |
| [ExcludedExtensions](/windows/client-management/mdm/policy-configuration-service-provider#defender-excludedextensions) | Specify a list of file type extensions to ignore during a scan. Separate each file type in the list by using \|. | ✔️ | | | |
| [ExcludedPaths](/windows/client-management/mdm/policy-configuration-service-provider#defender-excludedpaths) | Specify a list of directory paths to ignore during a scan. Separate each path in the list by using \|. | ✔️ | | | |
-| [ExcludedProcesses](/windows/client-management/mdm/policy-configuration-service-provider#defender-excludedprocesses) | Specify a list of files opened by processes to ignore during a scan. Separate each file type in the list by using \|. The process itself is not excluded from the scan, but can be excluded by using the [Defender/ExcludedPaths](/windows/client-management/mdm/policy-configuration-service-provider#defender-excludedpaths) policy to exclude its path. | ✔️ | | | |
+| [ExcludedProcesses](/windows/client-management/mdm/policy-configuration-service-provider#defender-excludedprocesses) | Specify a list of files opened by processes to ignore during a scan. Separate each file type in the list by using \|. The process itself isn't excluded from the scan, but can be excluded by using the [Defender/ExcludedPaths](/windows/client-management/mdm/policy-configuration-service-provider#defender-excludedpaths) policy to exclude its path. | ✔️ | | | |
| [RealTimeScanDirection](/windows/client-management/mdm/policy-configuration-service-provider#defender-realtimescandirection) | Control which sets of files should be monitored. | ✔️ | | | |
| [ScanParameter](/windows/client-management/mdm/policy-configuration-service-provider#defender-scanparameter) | Select whether to perform a quick scan or full scan. | ✔️ | | | |
| [ScheduleQuickScanTime](/windows/client-management/mdm/policy-configuration-service-provider#defender-schedulequickscantime) | Specify the time of day that Windows Defender quick scan should run. | ✔️ | | | |
@@ -282,7 +280,7 @@ PreventTabPreloading | Prevent Microsoft Edge from starting and loading the Star
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: |
-| [AllowCopyPaste](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowcopypaste) | Specify whether copy and paste is allowed. | | | | |
+| [AllowCopyPaste](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowcopypaste) | Specify whether copy and paste are allowed. | | | | |
| [AllowCortana](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowcortana) | Specify whether Cortana is allowed on the device. | ✔️ | | ✔️ | |
| [AllowDeviceDiscovery](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowdevicediscovery) | Allow users to turn device discovery on or off in the UI. | ✔️ | | | |
| [AllowFindMyDevice](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowfindmydevice) | Turn on **Find my device** feature. | ✔️ | | | |
@@ -321,13 +319,13 @@ These settings apply to the **Kiosk Browser** app available in Microsoft Store.
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: |
-|[BlockedUrlExceptions](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-blockedurlexceptions) | List of exceptions to the blocked website URLs (with wildcard support). This is used to configure URLs kiosk browsers are allowed to navigate to, which are a subset of the blocked URLs. | ✔️ | | | |
-|[BlockedUrls](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-blockedurls) | List of blocked website URLs (with wildcard support). This is used to configure blocked URLs kiosk browsers cannot navigate to. | ✔️ | | | |
+|[BlockedUrlExceptions](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-blockedurlexceptions) | List of exceptions to the blocked website URLs (with wildcard support). This setting is used to configure URLs kiosk browsers are allowed to navigate to, which are a subset of the blocked URLs. | ✔️ | | | |
+|[BlockedUrls](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-blockedurls) | List of blocked website URLs (with wildcard support). This setting is used to configure blocked URLs kiosk browsers can't navigate to. | ✔️ | | | |
|[DefaultURL](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-defaulturl) | Configures the default URL kiosk browsers to navigate on launch and restart. | ✔️ | | | |
|[EnableEndSessionButton](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-enableendsessionbutton) | Enable/disable kiosk browser's end session button. | ✔️ | | | |
|[EnableHomeButton](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-enablehomebutton) | Enable/disable kiosk browser's home button. | ✔️ | | | |
|[EnableNavigationButtons](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-enablenavigationbuttons) | Enable/disable kiosk browser's navigation buttons (forward/back). | ✔️ | | | |
-|[RestartOnIdleTime](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-restartonidletime) | Amount of time in minutes the session is idle until the kiosk browser restarts in a fresh state. The value is an int 1-1440 that specifies the amount of minutes the session is idle until the kiosk browser restarts in a fresh state. The default value is empty which means there is no idle timeout within the kiosk browser. | ✔️ | | | |
+|[RestartOnIdleTime](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-restartonidletime) | Amount of time in minutes the session is idle until the kiosk browser restarts in a fresh state. The value is an int 1-1440 that specifies the number of minutes the session is idle until the kiosk browser restarts in a fresh state. The default value is empty, which means there's no idle timeout within the kiosk browser. | ✔️ | | | |
To configure multiple URLs for **Blocked URL Exceptions** or **Blocked URLs** in Windows Configuration Designer:
@@ -336,7 +334,7 @@ To configure multiple URLs for **Blocked URL Exceptions** or **Blocked URLs** in
3. Insert the null character string in between each URL (e.g www.bing.comwww.contoso.com).
4. Save the XML file.
5. Open the project again in Windows Configuration Designer.
-6. Export the package. Ensure you do not revisit the created policies under Kiosk Browser or else the null character will be removed.
+6. Export the package. Ensure you don't revisit the created policies under Kiosk Browser or else the null character will be removed.
## LocalPoliciesSecurityOptions
@@ -350,7 +348,7 @@ To configure multiple URLs for **Blocked URL Exceptions** or **Blocked URLs** in
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: |
-| [EnableLocation](/windows/client-management/mdm/policy-configuration-service-provider#location-enablelocation) | Do not use. | | | | |
+| [EnableLocation](/windows/client-management/mdm/policy-configuration-service-provider#location-enablelocation) | Don't use. | | | | |
## Power
@@ -376,8 +374,8 @@ To configure multiple URLs for **Blocked URL Exceptions** or **Blocked URLs** in
| [StandbyTimeoutPluggedIn](/windows/client-management/mdm/policy-csp-power#standbytimeoutpluggedin) | Specify the period of inactivity before Windows transitions the system to sleep while plugged in. | ✔️ | | | |
| [TurnOffHybridSleepOnBattery](/windows/client-management/mdm/policy-csp-power#turnoffhybridsleeponbattery) | Turn off hybrid sleep while on battery. | ✔️ | | | |
| [TurnOffHybridSleepPluggedIn](/windows/client-management/mdm/policy-csp-power#turnoffhybridsleeppluggedin) | Turn off hybrid sleep while plugged in. | ✔️ | | | |
-| [UnattendedSleepTimeoutOnBattery](/windows/client-management/mdm/policy-csp-power#unattendedsleeptimeoutonbattery) | Specify the period of inactivity before Windows transitions the system to sleep automatically when a user is not present while on battery. | ✔️ | | | |
-| [UnattendedSleepTimeoutPluggedIn](/windows/client-management/mdm/policy-csp-power#unattendedsleeptimeoutpluggedin) | Specify the period of inactivity before Windows transitions the system to sleep automatically when a user is not present while plugged in. | ✔️ | | | |
+| [UnattendedSleepTimeoutOnBattery](/windows/client-management/mdm/policy-csp-power#unattendedsleeptimeoutonbattery) | Specify the period of inactivity before Windows transitions the system to sleep automatically when a user isn't present while on battery. | ✔️ | | | |
+| [UnattendedSleepTimeoutPluggedIn](/windows/client-management/mdm/policy-csp-power#unattendedsleeptimeoutpluggedin) | Specify the period of inactivity before Windows transitions the system to sleep automatically when a user isn't present while plugged in. | ✔️ | | | |
## Privacy
@@ -392,11 +390,11 @@ To configure multiple URLs for **Blocked URL Exceptions** or **Blocked URLs** in
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: |
[AllowCloudSearch](/windows/client-management/mdm/policy-csp-search#search-allowcloudsearch) | Allow search and Cortana to search cloud sources like OneDrive and SharePoint. T | ✔️ | | | |
-[AllowCortanaInAAD](/windows/client-management/mdm/policy-csp-search#search-allowcortanainaad) | This specifies whether the Cortana consent page can appear in the Azure Active Directory (AAD) device out-of-box-experience (OOBE) flow. | ✔️ | | | |
+[AllowCortanaInAAD](/windows/client-management/mdm/policy-csp-search#search-allowcortanainaad) | This setting specifies whether the Cortana consent page can appear in the Azure Active Directory (AAD) device out-of-box-experience (OOBE) flow. | ✔️ | | | |
| [AllowIndexingEncryptedStoresOrItems](/windows/client-management/mdm/policy-configuration-service-provider#search-allowindexingencryptedstoresoritems) | Allow or disallow the indexing of items. | ✔️ | | | |
| [AllowSearchToUseLocation](/windows/client-management/mdm/policy-configuration-service-provider#search-allowsearchtouselocation) | Specify whether search can use location information. | ✔️ | | ✔️ | |
| [AllowUsingDiacritics](/windows/client-management/mdm/policy-configuration-service-provider#search-allowusingdiacritics) | Allow the use of diacritics. | ✔️ | | | |
-| [AllowWindowsIndexer](/windows/client-management/mdm/policy-csp-search#search-allowwindowsindexer) | The indexer provides fast file, email, and web history search for apps and system components including Cortana, Outlook, file explorer, and Edge. To do this, it requires access to the file system and app data stores such as Outlook OST files.- **Off** setting disables Windows indexer- **EnterpriseSecure** setting stops the indexer from indexing encrypted files or stores, and is recommended for enterprises using Windows Information Protection (WIP)- **Enterprise** setting reduces potential network loads for enterprises- **Standard** setting is appropriate for consumers | ✔️ | | | |
+| [AllowWindowsIndexer](/windows/client-management/mdm/policy-csp-search#search-allowwindowsindexer) | The indexer provides fast file, email, and web history search for apps and system components including Cortana, Outlook, file explorer, and Edge. To provide these features, it requires access to the file system and app data stores such as Outlook OST files.- **Off** setting disables Windows indexer- **EnterpriseSecure** setting stops the indexer from indexing encrypted files or stores, and is recommended for enterprises using Windows Information Protection (WIP)- **Enterprise** setting reduces potential network loads for enterprises- **Standard** setting is appropriate for consumers | ✔️ | | | |
| [AlwaysUseAutoLangDetection](/windows/client-management/mdm/policy-configuration-service-provider#search-alwaysuseautolangdetection) | Specify whether to always use automatic language detection when indexing content and properties. | ✔️ | | | |
| [DoNotUseWebResults](/windows/client-management/mdm/policy-configuration-service-provider#search-donotusewebresults) | Specify whether to allow Search to perform queries on the web. | ✔️ | | | |
| [DisableBackoff](/windows/client-management/mdm/policy-configuration-service-provider#search-disablebackoff) | If enabled, the search indexer backoff feature will be disabled. | ✔️ | | | |
@@ -426,7 +424,7 @@ To configure multiple URLs for **Blocked URL Exceptions** or **Blocked URLs** in
| [AllowAutoPlay](/windows/client-management/mdm/policy-configuration-service-provider#settings-allowautoplay) | Allow the user to change AutoPlay settings. | | | | |
| [AllowDataSense](/windows/client-management/mdm/policy-configuration-service-provider#settings-allowdatasense) | Allow the user to change Data Sense settings. | | | | |
| [AllowVPN](/windows/client-management/mdm/policy-configuration-service-provider#settings-allowvpn) | Allow the user to change VPN settings. | | | ✔️ | |
-| [ConfigureTaskbarCalendar](/windows/client-management/mdm/policy-configuration-service-provider#settings-configuretaskbarcalendar) | Configure the default setting for showing additional calendars (besides the default calendar for the locale) in the taskbar clock and calendar flyout. | ✔️ | | | |
+| [ConfigureTaskbarCalendar](/windows/client-management/mdm/policy-configuration-service-provider#settings-configuretaskbarcalendar) | Configure the default setting for showing other calendars (besides the default calendar for the locale) in the taskbar clock and calendar flyout. | ✔️ | | | |
[PageVisiblityList](/windows/client-management/mdm/policy-csp-settings#settings-pagevisibilitylist) | Allows IT admins to prevent specific pages in the System Settings app from being visible or accessible. Pages are identified by a shortened version of their already [published URIs](/windows/uwp/launch-resume/launch-settings-app#ms-settings-uri-scheme-reference), which is the URI minus the "ms-settings:" prefix. For example, if the URI for a settings page is "ms-settings:foo", the page identifier used in the policy will be just "foo". Multiple page identifiers are separated by semicolons. | ✔️ | | | |
## Start
@@ -450,7 +448,7 @@ To configure multiple URLs for **Blocked URL Exceptions** or **Blocked URLs** in
| [HideFrequentlyUsedApps](/windows/client-management/mdm/policy-configuration-service-provider#start-hidefrequentlyusedapps) | Hide **Most used** section of Start. | ✔️ | | | |
| [HideHibernate](/windows/client-management/mdm/policy-configuration-service-provider#start-hidehibernate) | Prevent **Hibernate** option from appearing in the Power button. | ✔️ | | | |
| [HideLock](/windows/client-management/mdm/policy-configuration-service-provider#start-hidelock) | Prevent **Lock** from appearing in the user tile. | ✔️ | | | |
-| HidePeopleBar | Remove the people icon from the taskbar, as well as the corresponding settings toggle. It also prevents users from pinning people to the taskbar. | ✔️ | | | |
+| HidePeopleBar | Remove the people icon from the taskbar, and the corresponding settings toggle. It also prevents users from pinning people to the taskbar. | ✔️ | | | |
| [HidePowerButton](/windows/client-management/mdm/policy-configuration-service-provider#start-hidepowerbutton) | Hide the **Power** button. | ✔️ | | | |
| [HideRecentJumplists](/windows/client-management/mdm/policy-configuration-service-provider#start-hiderecentjumplists) | Hide jumplists of recently opened items. | ✔️ | | | |
| [HideRecentlyAddedApps](/windows/client-management/mdm/policy-configuration-service-provider#start-hiderecentlyaddedapps) | Hide **Recently added** section of Start. | ✔️ | | | |
@@ -480,7 +478,7 @@ ConfigureTelemetryOptInSettingsUx | This policy setting determines whether peopl
| DisableDeviceDelete | Specify whether the delete diagnostic data is enabled in the Diagnostic & Feedback Settings page. | ✔️ | | | |
| DisableDataDiagnosticViewer | Configure whether users can enable and launch the Diagnostic Data Viewer from the Diagnostic & Feedback Settings page. | ✔️ | | | |
| [DisableOneDriveFileSync](/windows/client-management/mdm/policy-configuration-service-provider#system-disableonedrivefilesync) | Prevent apps and features from working with files on OneDrive. | ✔️ | | | |
-| [LimitEnhancedDiagnosticDataWindowsAnalytics](/windows/client-management/mdm/policy-csp-system#system-limitenhanceddiagnosticdatawindowsanalytics) | This policy setting, in combination with the System/AllowTelemetry policy setting, enables organizations to send Microsoft a specific set of diagnostic data for IT insights via Windows Analytics services. To enable this behavior you must enable this policy setting, and set Allow Telemetry to level 2 (Enhanced). When you configure these policy settings, a basic level of diagnostic data plus additional events that are required for Windows Analytics are sent to Microsoft. These events are documented in [Windows 10, version 1703 basic level Windows diagnostic events and fields](/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields). Enabling enhanced diagnostic data in the System/AllowTelemetry policy in combination with not configuring this policy will also send the required events for Windows Analytics, plus additional enhanced level diagnostic data. This setting has no effect on computers configured to send full, basic or security level diagnostic data to Microsoft. If you disable or do not configure this policy setting, then the level of diagnostic data sent to Microsoft is determined by the System/AllowTelemetry policy. | ✔️ | | | |
+| [LimitEnhancedDiagnosticDataWindowsAnalytics](/windows/client-management/mdm/policy-csp-system#system-limitenhanceddiagnosticdatawindowsanalytics) | This policy setting, in combination with the System/AllowTelemetry policy setting, enables organizations to send Microsoft a specific set of diagnostic data for IT insights via Windows Analytics services. To enable this behavior you must enable this policy setting, and set Allow Telemetry to level 2 (Enhanced). When you configure these policy settings, a basic level of diagnostic data plus other events that are required for Windows Analytics are sent to Microsoft. These events are documented in [Windows 10, version 1703 basic level Windows diagnostic events and fields](/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields). Enabling enhanced diagnostic data in the System/AllowTelemetry policy in combination with not configuring this policy will also send the required events for Windows Analytics, plus other enhanced level diagnostic data. This setting has no effect on computers configured to send full, basic or security level diagnostic data to Microsoft. If you disable or don't configure this policy setting, then the level of diagnostic data sent to Microsoft is determined by the System/AllowTelemetry policy. | ✔️ | | | |
## TextInput
@@ -488,7 +486,7 @@ ConfigureTelemetryOptInSettingsUx | This policy setting determines whether peopl
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: |
| [AllowIMELogging](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowimelogging) | Allow the user to turn on and off the logging for incorrect conversion and saving auto-tuning result to a file and history-based predictive input. | ✔️ | | | |
-| [AllowIMENetworkAccess](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowimenetworkaccess) | Allow the user to turn on Open Extended Dictionary, Internet search integration, or cloud candidate features to provide input suggestions that do not exist in the device's local dictionary. | ✔️ | | | |
+| [AllowIMENetworkAccess](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowimenetworkaccess) | Allow the user to turn on Open Extended Dictionary, Internet search integration, or cloud candidate features to provide input suggestions that don't exist in the device's local dictionary. | ✔️ | | | |
| [AllowInputPanel](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowinputpanel) | Disable the touch/handwriting keyboard. | ✔️ | | | |
| [AllowJapaneseIMESurrogatePairCharacters](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowjapaneseimesurrogatepaircharacters) | Allow the Japanese IME surrogate pair characters. | ✔️ | | | |
| [AllowJapaneseIVSCharacters](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowjapaneseivscharacters) | Allow Japanese Ideographic Variation Sequence (IVS) characters. | ✔️ | | | |
@@ -496,7 +494,7 @@ ConfigureTelemetryOptInSettingsUx | This policy setting determines whether peopl
| [AllowJapaneseUserDictionary](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowjapaneseuserdictionary) | Allow the Japanese user dictionary. | ✔️ | | | |
| [AllowKeyboardTextSuggestions](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowkeyboardtextsuggestions) | Specify whether text prediction is enabled or disabled for the on-screen keyboard, touch keyboard, and handwriting recognition tool. | ✔️ | | | |
| [AllowLanguageFeaturesUninstall](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowlanguagefeaturesuninstall) | All language features to be uninstalled. | ✔️ | | | |
-| AllowUserInputsFromMiracastRecevier | Do not use. Instead, use [WirelessDisplay](#wirelessdisplay)/[AllowUserInputFromWirelessDisplayReceiver](/windows/client-management/mdm/policy-configuration-service-provider#wirelessdisplay-allowuserinputfromwirelessdisplayreceiver) | | | | |
+| AllowUserInputsFromMiracastRecevier | Don't use. Instead, use [WirelessDisplay](#wirelessdisplay)/[AllowUserInputFromWirelessDisplayReceiver](/windows/client-management/mdm/policy-configuration-service-provider#wirelessdisplay-allowuserinputfromwirelessdisplayreceiver) | | | | |
| [ExcludeJapaneseIMEExceptISO208](/windows/client-management/mdm/policy-configuration-service-provider#textinput-excludejapaneseimeexceptjis0208) | Allow users to restrict character code range of conversion by setting the character filter. | ✔️ | | | |
| [ExcludeJapaneseIMEExceptISO208andEUDC](/windows/client-management/mdm/policy-configuration-service-provider#textinput-excludejapaneseimeexceptjis0208andeudc) | Allow users to restrict character code range of conversion by setting the character filter. | ✔️ | | | |
| [ExcludeJapaneseIMEExceptShiftJIS](/windows/client-management/mdm/policy-configuration-service-provider#textinput-excludejapaneseimeexceptshiftjis) | Allow users to restrict character code range of conversion by setting the character filter. | ✔️ | | | |
@@ -513,9 +511,9 @@ ConfigureTelemetryOptInSettingsUx | This policy setting determines whether peopl
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
|---------|-------------|:--------------:|:-----------:|:--------:|:--------:|
-| [ActiveHoursEnd](/windows/client-management/mdm/policy-configuration-service-provider#update-activehoursend) | Use with **Update/ActiveHoursStart** to manage the range of active hours where update reboots are not scheduled. | ✔️ | ✔️ | | ✔️ |
+| [ActiveHoursEnd](/windows/client-management/mdm/policy-configuration-service-provider#update-activehoursend) | Use with **Update/ActiveHoursStart** to manage the range of active hours where update reboots aren't scheduled. | ✔️ | ✔️ | | ✔️ |
| [ActiveHoursMaxRange](/windows/client-management/mdm/policy-configuration-service-provider#update-activehoursmaxrange) | Specify the maximum active hours range. | ✔️ | ✔️ | | ✔️ |
-| [ActiveHoursStart](/windows/client-management/mdm/policy-configuration-service-provider#update-activehoursstart) | Use with **Update/ActiveHoursEnd** to manage the range of active hours where update reboots are not scheduled. | ✔️ | ✔️ | | ✔️ |
+| [ActiveHoursStart](/windows/client-management/mdm/policy-configuration-service-provider#update-activehoursstart) | Use with **Update/ActiveHoursEnd** to manage the range of active hours where update reboots aren't scheduled. | ✔️ | ✔️ | | ✔️ |
| [AllowAutoUpdate](/windows/client-management/mdm/policy-configuration-service-provider#update-allowautoupdate) | Configure automatic update behavior to scan, download, and install updates. | ✔️ | ✔️ | ✔️ | ✔️ |
| [AllowAutoWindowsUpdateDownloadOverMeteredNetwork](/windows/client-management/mdm/policy-csp-update#update-allowautowindowsupdatedownloadovermeterednetwork) | Option to download updates automatically over metered connections (off by default). Enter `0` for not allowed, or `1` for allowed. | ✔️ | ✔️ | | ✔️ |
| [AllowMUUpdateService](/windows/client-management/mdm/policy-configuration-service-provider#update-allowmuupdateservice) | Manage whether to scan for app updates from Microsoft Update. | ✔️ | ✔️ | ✔️ | ✔️ |
@@ -531,7 +529,7 @@ ConfigureTelemetryOptInSettingsUx | This policy setting determines whether peopl
| [DeferUpdatePeriod](/windows/client-management/mdm/policy-csp-update#update-deferupdateperiod) | Specify update delays for up to 4 weeks. | ✔️ | ✔️ | ✔️ | ✔️ |
| [DeferUpgradePeriod](/windows/client-management/mdm/policy-csp-update#update-deferupgradeperiod) | Specify upgrade delays for up to 8 months. | ✔️ | ✔️ | ✔️ | ✔️ |
| [DetectionFrequency](/windows/client-management/mdm/policy-configuration-service-provider#update-detectionfrequency) | Specify the frequency to scan for updates, from every 1-22 hours. | ✔️ | ✔️ | ✔️ | ✔️ |
-| [DisableDualScan](/windows/client-management/mdm/policy-csp-update#update-disabledualscan) | Do not allow update deferral policies to cause scans against Windows Update. | ✔️ | ✔️ | | ✔️ |
+| [DisableDualScan](/windows/client-management/mdm/policy-csp-update#update-disabledualscan) | Don't allow update deferral policies to cause scans against Windows Update. | ✔️ | ✔️ | | ✔️ |
| [EngagedRestartDeadline](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartdeadline) | Specify the deadline in days before automatically scheduling and executing a pending restart outside of active hours. | ✔️ | ✔️ | | ✔️ |
| [EngagedRestartDeadlineForFeatureUpdates](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartdeadlineforfeatureupdates) | Specify the deadline in days before automatically scheduling and executing a pending restart outside of active hours. | ✔️ | ✔️ | | ✔️ |
| [EngagedRestartSnoozeSchedule](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartsnoozeschedule) | Specify the number of days a user can snooze Engaged restart reminder notifications. | ✔️ | ✔️ | | ✔️ |
@@ -539,7 +537,7 @@ ConfigureTelemetryOptInSettingsUx | This policy setting determines whether peopl
| [EngagedRestartTransitionSchedule](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestarttransitionschedule) | Specify the timing before transitioning from Auto restarts scheduled outside of active hours to Engaged restart, which requires the user to schedule. | ✔️ | ✔️ | | ✔️ |
| [EngagedRestartTransitionScheduleForFeatureUpdates](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestarttransitionscheduleforfeatureupdates) | Specify the timing before transitioning from Auto restarts scheduled outside of active hours to Engaged restart, which requires the user to schedule. | ✔️ | ✔️ | | ✔️ |
| [ExcludeWUDriversInQualityUpdate](/windows/client-management/mdm/policy-configuration-service-provider#update-excludewudriversinqualityupdate) | Exclude Windows Update (WU) drivers during quality updates. | ✔️ | ✔️ | | ✔️ |
-| [FillEmptyContentUrls](/windows/client-management/mdm/policy-configuration-service-provider#update-fillemptycontenturls) | Allow Windows Update Agent to determine the download URL when it is missing from the metadata. | ✔️ | ✔️ | | ✔️ |
+| [FillEmptyContentUrls](/windows/client-management/mdm/policy-configuration-service-provider#update-fillemptycontenturls) | Allow Windows Update Agent to determine the download URL when it's missing from the metadata. | ✔️ | ✔️ | | ✔️ |
| ManagePreviewBuilds | Use to enable or disable preview builds. | ✔️ | ✔️ | ✔️ | ✔️ |
| PhoneUpdateRestrictions | Deprecated | | ✔️ | | |
| [RequireDeferUpgrade](/windows/client-management/mdm/policy-configuration-service-provider#update-requiredeferupgrade) | Configure device to receive updates from Current Branch for Business (CBB). | ✔️ | ✔️ | ✔️ | ✔️ |
diff --git a/windows/configuration/wcd/wcd-privacy.md b/windows/configuration/wcd/wcd-privacy.md
index ff0d8ba5c4..827c8bad55 100644
--- a/windows/configuration/wcd/wcd-privacy.md
+++ b/windows/configuration/wcd/wcd-privacy.md
@@ -2,8 +2,6 @@
title: Privacy (Windows 10)
description: This section describes the Privacy settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-provisioningcommands.md b/windows/configuration/wcd/wcd-provisioningcommands.md
index 353d7fc8d7..fe6ca80426 100644
--- a/windows/configuration/wcd/wcd-provisioningcommands.md
+++ b/windows/configuration/wcd/wcd-provisioningcommands.md
@@ -2,8 +2,6 @@
title: ProvisioningCommands (Windows 10)
description: This section describes the ProvisioningCommands settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-sharedpc.md b/windows/configuration/wcd/wcd-sharedpc.md
index e92b9ff5e9..f3035e6415 100644
--- a/windows/configuration/wcd/wcd-sharedpc.md
+++ b/windows/configuration/wcd/wcd-sharedpc.md
@@ -2,8 +2,6 @@
title: SharedPC (Windows 10)
description: This section describes the SharedPC settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-smisettings.md b/windows/configuration/wcd/wcd-smisettings.md
index 18f8ce37ce..c3e15932b1 100644
--- a/windows/configuration/wcd/wcd-smisettings.md
+++ b/windows/configuration/wcd/wcd-smisettings.md
@@ -2,8 +2,6 @@
title: SMISettings (Windows 10)
description: This section describes the SMISettings settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-start.md b/windows/configuration/wcd/wcd-start.md
index c06113474f..04bbf138fd 100644
--- a/windows/configuration/wcd/wcd-start.md
+++ b/windows/configuration/wcd/wcd-start.md
@@ -2,8 +2,6 @@
title: Start (Windows 10)
description: This section describes the Start settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-startupapp.md b/windows/configuration/wcd/wcd-startupapp.md
index 97b161c250..ad8220553a 100644
--- a/windows/configuration/wcd/wcd-startupapp.md
+++ b/windows/configuration/wcd/wcd-startupapp.md
@@ -2,8 +2,6 @@
title: StartupApp (Windows 10)
description: This section describes the StartupApp settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-startupbackgroundtasks.md b/windows/configuration/wcd/wcd-startupbackgroundtasks.md
index 4e26559f04..dba45f6c55 100644
--- a/windows/configuration/wcd/wcd-startupbackgroundtasks.md
+++ b/windows/configuration/wcd/wcd-startupbackgroundtasks.md
@@ -2,8 +2,6 @@
title: StartupBackgroundTasks (Windows 10)
description: This section describes the StartupBackgroundTasks settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-storaged3inmodernstandby.md b/windows/configuration/wcd/wcd-storaged3inmodernstandby.md
index 4ef3ca8adf..83269cd2b6 100644
--- a/windows/configuration/wcd/wcd-storaged3inmodernstandby.md
+++ b/windows/configuration/wcd/wcd-storaged3inmodernstandby.md
@@ -2,8 +2,6 @@
title: StorageD3InModernStandby (Windows 10)
description: This section describes the StorageD3InModernStandby settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-surfacehubmanagement.md b/windows/configuration/wcd/wcd-surfacehubmanagement.md
index 227a05ff2f..5e2b059925 100644
--- a/windows/configuration/wcd/wcd-surfacehubmanagement.md
+++ b/windows/configuration/wcd/wcd-surfacehubmanagement.md
@@ -2,8 +2,6 @@
title: SurfaceHubManagement (Windows 10)
description: This section describes the SurfaceHubManagement settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
@@ -31,8 +29,8 @@ Use SurfaceHubManagement settings to set the administrator group that will manag
## GroupName
-Enter the group name for the administrators group in Active Directory.
+Enter the group name for the administrators' group in Active Directory.
## GroupSid
-Enter the SID or the administrators group in Active Directory.
+Enter the SID or the administrators' group in Active Directory.
diff --git a/windows/configuration/wcd/wcd-tabletmode.md b/windows/configuration/wcd/wcd-tabletmode.md
index 7365638aa4..7c8c7a37e3 100644
--- a/windows/configuration/wcd/wcd-tabletmode.md
+++ b/windows/configuration/wcd/wcd-tabletmode.md
@@ -2,8 +2,6 @@
title: TabletMode (Windows 10)
description: This section describes the TabletMode settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-takeatest.md b/windows/configuration/wcd/wcd-takeatest.md
index 0fc360651c..b4843fdb7b 100644
--- a/windows/configuration/wcd/wcd-takeatest.md
+++ b/windows/configuration/wcd/wcd-takeatest.md
@@ -2,8 +2,6 @@
title: TakeATest (Windows 10)
description: This section describes the TakeATest settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-time.md b/windows/configuration/wcd/wcd-time.md
index 19dc4a9203..c2a766d169 100644
--- a/windows/configuration/wcd/wcd-time.md
+++ b/windows/configuration/wcd/wcd-time.md
@@ -2,8 +2,6 @@
title: Time (Windows 10)
description: This section describes the Time settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-unifiedwritefilter.md b/windows/configuration/wcd/wcd-unifiedwritefilter.md
index 7a54c8d4a2..8c8c8648db 100644
--- a/windows/configuration/wcd/wcd-unifiedwritefilter.md
+++ b/windows/configuration/wcd/wcd-unifiedwritefilter.md
@@ -2,8 +2,6 @@
title: UnifiedWriteFilter (Windows 10)
description: This section describes the UnifiedWriteFilter settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-universalappinstall.md b/windows/configuration/wcd/wcd-universalappinstall.md
index 3eec0e5b18..f62e4299e3 100644
--- a/windows/configuration/wcd/wcd-universalappinstall.md
+++ b/windows/configuration/wcd/wcd-universalappinstall.md
@@ -2,8 +2,6 @@
title: UniversalAppInstall (Windows 10)
description: This section describes the UniversalAppInstall settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-universalappuninstall.md b/windows/configuration/wcd/wcd-universalappuninstall.md
index 38594be3eb..690bfc3ea4 100644
--- a/windows/configuration/wcd/wcd-universalappuninstall.md
+++ b/windows/configuration/wcd/wcd-universalappuninstall.md
@@ -2,8 +2,6 @@
title: UniversalAppUninstall (Windows 10)
description: This section describes the UniversalAppUninstall settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-usberrorsoemoverride.md b/windows/configuration/wcd/wcd-usberrorsoemoverride.md
index 946006edef..1c9909507e 100644
--- a/windows/configuration/wcd/wcd-usberrorsoemoverride.md
+++ b/windows/configuration/wcd/wcd-usberrorsoemoverride.md
@@ -2,8 +2,6 @@
title: UsbErrorsOEMOverride (Windows 10)
description: This section describes the UsbErrorsOEMOverride settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-weakcharger.md b/windows/configuration/wcd/wcd-weakcharger.md
index 057f4eb2ea..676df2efed 100644
--- a/windows/configuration/wcd/wcd-weakcharger.md
+++ b/windows/configuration/wcd/wcd-weakcharger.md
@@ -2,8 +2,6 @@
title: WeakCharger (Windows 10)
description: This section describes the WeakCharger settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-windowshelloforbusiness.md b/windows/configuration/wcd/wcd-windowshelloforbusiness.md
index 9549606c41..f42e48ac49 100644
--- a/windows/configuration/wcd/wcd-windowshelloforbusiness.md
+++ b/windows/configuration/wcd/wcd-windowshelloforbusiness.md
@@ -2,8 +2,6 @@
title: WindowsHelloForBusiness (Windows 10)
description: This section describes the Windows Hello for Business settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-windowsteamsettings.md b/windows/configuration/wcd/wcd-windowsteamsettings.md
index 37390601a1..51e2f55a43 100644
--- a/windows/configuration/wcd/wcd-windowsteamsettings.md
+++ b/windows/configuration/wcd/wcd-windowsteamsettings.md
@@ -2,8 +2,6 @@
title: WindowsTeamSettings (Windows 10)
description: This section describes the WindowsTeamSettings settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-wlan.md b/windows/configuration/wcd/wcd-wlan.md
index 810a9d27b4..2709497450 100644
--- a/windows/configuration/wcd/wcd-wlan.md
+++ b/windows/configuration/wcd/wcd-wlan.md
@@ -4,8 +4,6 @@ ms.reviewer:
manager: dougeby
description: This section describes the WLAN settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd-workplace.md b/windows/configuration/wcd/wcd-workplace.md
index a61acc7311..ee8d4e0bc6 100644
--- a/windows/configuration/wcd/wcd-workplace.md
+++ b/windows/configuration/wcd/wcd-workplace.md
@@ -2,8 +2,6 @@
title: Workplace (Windows 10)
description: This section describes the Workplace settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/wcd/wcd.md b/windows/configuration/wcd/wcd.md
index a0de3514c7..6fb2f329ca 100644
--- a/windows/configuration/wcd/wcd.md
+++ b/windows/configuration/wcd/wcd.md
@@ -2,8 +2,6 @@
title: Windows Configuration Designer provisioning settings (Windows 10)
description: This section describes the settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
diff --git a/windows/configuration/windows-10-accessibility-for-ITPros.md b/windows/configuration/windows-10-accessibility-for-ITPros.md
index 2bbae9dfc2..6bd9df7cb4 100644
--- a/windows/configuration/windows-10-accessibility-for-ITPros.md
+++ b/windows/configuration/windows-10-accessibility-for-ITPros.md
@@ -1,16 +1,14 @@
---
title: Windows 10 accessibility information for IT Pros (Windows 10)
-description: Lists the various accessibility features available in Windows 10 with links to detailed guidance on how to set them
+description: Lists the various accessibility features available in Windows 10 with links to detailed guidance on how to set them
keywords: accessibility, settings, vision, hearing, physical, cognition, assistive
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.author: aaroncz
-author: aczechowski
+ms.author: lizlong
+author: lizgt2000
ms.localizationpriority: medium
ms.date: 01/12/2018
ms.reviewer:
-manager: dougeby
+manager: aaroncz
ms.topic: reference
---
@@ -21,7 +19,7 @@ This topic helps IT administrators learn about built-in accessibility features,
## General recommendations
- **Be aware of Ease of Access settings** – Understand how people in your organization might use these settings. Help people in your organization learn how they can customize Windows 10.
- **Do not block settings** – Avoid using Group Policy or MDM settings that override Ease of Access settings.
-- **Encourage choice** – Allow people in your organization to customize their computers based on their needs. That might mean installing an add-on for their browser, or a non-Microsoft assistive technology.
+- **Encourage choice** – Allow people in your organization to customize their computers based on their needs. That customization might mean installing an add-on for their browser, or a non-Microsoft assistive technology.
## Vision
@@ -30,12 +28,12 @@ This topic helps IT administrators learn about built-in accessibility features,
| [Use Narrator to use devices without a screen](https://support.microsoft.com/help/22798/windows-10-narrator-get-started) | Narrator describes Windows and apps and enables you to control devices by using a keyboard, controller, or with a range of gestures on touch-supported devices.|
| [Create accessible apps](https://developer.microsoft.com/windows/accessible-apps) | You can develop accessible apps just like Mail, Groove, and Store that work well with Narrator and other leading screen readers.|
| Use keyboard shortcuts for [Windows](https://support.microsoft.com/help/12445/windows-keyboard-shortcuts), [Narrator](https://support.microsoft.com/help/22806), and [Magnifier](https://support.microsoft.com/help/13810) | Get the most out of Windows with shortcuts for apps and desktops.|
-| Get closer with [Magnifier](https://support.microsoft.com/help/11542/windows-use-magnifier) | Magnifier enlarges all or part of your screen and offers a variety of configuration settings.|
+| Get closer with [Magnifier](https://support.microsoft.com/help/11542/windows-use-magnifier) | Magnifier enlarges all or part of your screen and offers various configuration settings.|
| [Cursor and pointer adjustments](https://support.microsoft.com/help/27928/windows-10-make-windows-easier-to-see) | Changing the size or color of pointers or adding trails or touch feedback make it easier to follow the mouse.|
-| [Have Cortana assist](https://support.microsoft.com/help/17214/windows-10-what-is) | Cortana can handle a variety of tasks for you, including setting reminders, opening apps, finding facts, and sending emails and texts.|
+| [Have Cortana assist](https://support.microsoft.com/help/17214/windows-10-what-is) | Cortana can handle various tasks for you, including setting reminders, opening apps, finding facts, and sending emails and texts.|
| [Dictate text and commands](https://support.microsoft.com/help/17208/windows-10-use-speech-recognition) | Windows includes speech recognition that lets you tell it what to do.|
| [Customize the size](https://support.microsoft.com/help/27928/windows-10-make-windows-easier-to-see) of screen items | You can adjust the size of text, icons, and other screen items to make them easier to see.|
-| [Improve contrast](https://support.microsoft.com/help/27928/windows-10-make-windows-easier-to-see) | A number of high-contrast themes are available to suit your needs.|
+| [Improve contrast](https://support.microsoft.com/help/27928/windows-10-make-windows-easier-to-see) | Many high-contrast themes are available to suit your needs.|
| [Simplify for focus](https://support.microsoft.com/help/27930) | Reducing animations and turning off background images and transparency can minimize distractions.|
| [Keep notifications around longer](https://support.microsoft.com/help/27933/windows-10-make-windows-easier-to-hear) | If notifications aren't staying visible long enough for you to notice them, you can increase the time a notification will be displayed up to five minutes.|
| [Read in Braille](https://support.microsoft.com/help/4004263) | Narrator supports braille displays from more than 35 manufacturers using more than 40 languages and multiple braille variants.|
@@ -45,19 +43,19 @@ This topic helps IT administrators learn about built-in accessibility features,
| Accessibility feature | Description |
|---------------------------|------------|
| [Transcribe with Translator](https://www.skype.com/en/features/skype-translator) | Translator can transcribe voice to text so you won’t miss what’s being said. |
-| [Use Skype for sign language](https://www.skype.com/en/) | Skype is available on a variety of platforms and devices, so you don’t have to worry about whether your co-workers, friends and family can communicate with you.|
+| [Use Skype for sign language](https://www.skype.com/en/) | Skype is available on various platforms and devices, so you don’t have to worry about whether your co-workers, friends and family can communicate with you.|
| [Get visual notifications for sounds](https://support.microsoft.com/help/27933/windows-10-make-windows-easier-to-hear) | You can replace audible alerts with visual alerts.|
| [Keep notifications around longer](https://support.microsoft.com/help/27933/windows-10-make-windows-easier-to-hear)|If notifications aren't staying visible long enough for you to notice them, you can increase the time a notification will be displayed up to five minutes.|
| [Read spoken words with closed captioning](https://support.microsoft.com/help/21055/windows-10-closed-caption-settings) | You can customize things like color, size, and background transparency to suit your needs and tastes.|
-| [Switch to mono audio](https://support.microsoft.com/help/27933/) | Sending all sounds to both left and right channels is helpful for those with partial hearing loss or deafness in one ear.|
+| [Switch to mono audio](https://support.microsoft.com/help/27933/) | Sending all sounds to both left and right channels is helpful for those people with partial hearing loss or deafness in one ear.|
## Physical
| Accessibility feature | Description|
|---------------------------|------------|
-| [Have Cortana assist](https://support.microsoft.com/help/17214/windows-10-what-is) | Cortana can handle a variety of tasks for you, including setting reminders, opening apps, finding facts, and sending emails and texts.|
+| [Have Cortana assist](https://support.microsoft.com/help/17214/windows-10-what-is) | Cortana can handle various tasks for you, including setting reminders, opening apps, finding facts, and sending emails and texts.|
| [Dictate text and commands](https://support.microsoft.com/help/17208/windows-10-use-speech-recognition) | Windows includes speech recognition that lets you tell it what to do.|
-| Use the On-Screen Keyboard (OSK) | Instead of relying on a physical keyboard, you can use the [On-Screen Keyboard](https://support.microsoft.com/help/10762/windows-use-on-screen-keyboard) to type and enter data and select keys with a mouse or othet pointing device. Additionally, the OSK offers [word prediction and completion](https://support.microsoft.com/help/10762/windows-use-on-screen-keyboard).|
+| Use the On-Screen Keyboard (OSK) | Instead of relying on a physical keyboard, you can use the [On-Screen Keyboard](https://support.microsoft.com/help/10762/windows-use-on-screen-keyboard) to type and enter data and select keys with a mouse or other pointing device. Additionally, the OSK offers [word prediction and completion](https://support.microsoft.com/help/10762/windows-use-on-screen-keyboard).|
| [Live Tiles](https://support.microsoft.com/help/17176/windows-10-organize-your-apps)| Because Live Tiles display constantly updated information for many apps, you don't have to bother actually opening them. You can arrange, resize, and move tiles as needed.|
| [Keyboard assistance features](https://support.microsoft.com/help/27936)| You can personalize your keyboard to ignore repeated keys and do other helpful things if you have limited control of your hands.|
| [Mouse Keys](https://support.microsoft.com/help/27936)|If a mouse is difficult to use, you can control the pointer by using your numeric keypad.|
@@ -67,7 +65,7 @@ This topic helps IT administrators learn about built-in accessibility features,
| Accessibility feature | Description|
|---------------------------|------------|
| [Simplify for focus](https://support.microsoft.com/help/27930) | Reducing animations and turning off background images and transparency can minimize distractions.|
-| Use the On-Screen Keyboard (OSK) | Instead of relying on a physical keyboard, you can use the [On-Screen Keyboard](https://support.microsoft.com/help/10762/windows-use-on-screen-keyboard) to type and enter data and select keys with a mouse or othet pointing device. Additionally, the OSK offers [word prediction and completion](https://support.microsoft.com/help/10762/windows-use-on-screen-keyboard).|
+| Use the On-Screen Keyboard (OSK) | Instead of relying on a physical keyboard, you can use the [On-Screen Keyboard](https://support.microsoft.com/help/10762/windows-use-on-screen-keyboard) to type and enter data and select keys with a mouse or other pointing device. Additionally, the OSK offers [word prediction and completion](https://support.microsoft.com/help/10762/windows-use-on-screen-keyboard).|
| [Dictate text and commands](https://support.microsoft.com/help/17208/windows-10-use-speech-recognition) | Windows includes speech recognition that lets you tell it what to do.|
| [Use fonts that are easier to read](https://www.microsoft.com/download/details.aspx?id=50721) | Fluent Sitka Small and Fluent Calibri are fonts that address "visual crowding" by adding character and enhance word and line spacing. |
| [Edge Reading View](https://support.microsoft.com/help/17204/windows-10-take-your-reading-with-you) | Clears distracting content from web pages so you can stay focused on what you really want to read. |
@@ -82,7 +80,7 @@ This topic helps IT administrators learn about built-in accessibility features,
| [Use Speech Recognition]( https://support.microsoft.com/help/17208 ) | Narrator reads text on your PC screen aloud and describes events, such as notifications or calendar appointments, so you can use your PC without a display.|
| [Save time with keyboard shortcuts]( https://support.microsoft.com/help/17189) | Keyboard shortcuts for apps and desktops.|
-## Additional resources
+## Other resources
[Windows accessibility](https://www.microsoft.com/Accessibility/windows)
[Designing accessible software]( https://msdn.microsoft.com/windows/uwp/accessibility/designing-inclusive-software)
diff --git a/windows/configuration/windows-10-start-layout-options-and-policies.md b/windows/configuration/windows-10-start-layout-options-and-policies.md
index 917fc0e4f1..11028a1ef0 100644
--- a/windows/configuration/windows-10-start-layout-options-and-policies.md
+++ b/windows/configuration/windows-10-start-layout-options-and-policies.md
@@ -1,15 +1,11 @@
---
title: Customize and manage the Windows 10 Start and taskbar layout (Windows 10) | Microsoft Docs
description: On Windows devices, customize the start menu layout and taskbar using XML, group policy, provisioning package, or MDM policy. You can add pinned folders, add a start menu size, pin apps to the taskbar, and more.
-ms.assetid: 2E94743B-6A49-463C-9448-B7DD19D9CD6A
ms.reviewer:
-manager: dougeby
-keywords: ["start screen", "start menu"]
+manager: aaroncz
ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-author: aczechowski
-ms.author: aaroncz
+author: lizgt2000
+ms.author: lizlong
ms.topic: article
ms.localizationpriority: medium
ms.date: 08/05/2021
diff --git a/windows/configuration/windows-spotlight.md b/windows/configuration/windows-spotlight.md
index 962bb26a07..fcf7dec824 100644
--- a/windows/configuration/windows-spotlight.md
+++ b/windows/configuration/windows-spotlight.md
@@ -1,15 +1,11 @@
---
title: Configure Windows Spotlight on the lock screen (Windows 10)
description: Windows Spotlight is an option for the lock screen background that displays different background images on the lock screen.
-ms.assetid: 1AEA51FA-A647-4665-AD78-2F3FB27AD46A
ms.reviewer:
-manager: dougeby
-keywords: ["lockscreen"]
+manager: aaroncz
ms.prod: w10
-ms.mktglfcycl: explore
-ms.sitesec: library
-author: aczechowski
-ms.author: aaroncz
+author: lizgt2000
+ms.author: lizlong
ms.topic: article
ms.localizationpriority: medium
ms.date: 04/30/2018
@@ -39,7 +35,7 @@ For managed devices running Windows 10 Enterprise and Windows 10 Education, en
- **Background image**
- The Windows Spotlight displays a new image on the lock screen each day. The initial background image is included during installation. Additional images are downloaded on ongoing basis.
+ The Windows Spotlight displays a new image on the lock screen each day. The initial background image is included during installation. More images are downloaded on ongoing basis.
@@ -71,7 +67,7 @@ Windows Spotlight is enabled by default. Windows 10 provides Group Policy and mo
| **Configure Spotlight on lock screen** | **Experience/Configure Windows Spotlight On Lock Screen** | Specifically controls the use of the dynamic Windows Spotlight image on the lock screen, and can be enabled or disabled | Windows 10 Enterprise and Education, version 1607 and later |
| **Turn off the Windows Spotlight on Action Center** | **Experience/Allow Windows Spotlight On Action Center** | Turn off Suggestions from Microsoft that show after each clean install, upgrade, or on an on-going basis to introduce users to what is new or changed | Windows 10 Enterprise and Education, version 1703 |
| **Do not use diagnostic data for tailored experiences** | **Experience/Allow Tailored Experiences With Diagnostic Data** | Prevent Windows from using diagnostic data to provide tailored experiences to the user | Windows 10 Pro, Enterprise, and Education, version 1703 |
-| **Turn off the Windows Welcome Experience** | **Experience/Allow Windows Spotlight Windows Welcome Experience** | Turn off the Windows Spotlight Windows Welcome experience which helps introduce users to Windows, such as launching Microsoft Edge with a web page highlighting new features | Windows 10 Enterprise and Education, version 1703 |
+| **Turn off the Windows Welcome Experience** | **Experience/Allow Windows Spotlight Windows Welcome Experience** | Turn off the Windows Spotlight Windows Welcome experience that helps introduce users to Windows, such as launching Microsoft Edge with a web page highlighting new features | Windows 10 Enterprise and Education, version 1703 |
**Turn off the Windows Spotlight on Settings** | **Experience/Allow Windows Spotlight on Settings** | Turn off the Windows Spotlight in the Settings app. | Windows 10 Enterprise and Education, version 1803 |
@@ -84,11 +80,11 @@ Windows Spotlight is enabled by default. Windows 10 provides Group Policy and mo
-Pay attention to the checkbox in **Options**. In addition to providing the path to the lock screen image, administrators can choose to allow or **Turn off fun facts, tips, tricks, and more on lock screen**. If the checkbox is not selected, users will see the lock screen image that is defined in the policy setting, and will also see occasional messages.
+Pay attention to the checkbox in **Options**. In addition to providing the path to the lock screen image, administrators can choose to allow or **Turn off fun facts, tips, tricks, and more on lock screen**. If the checkbox isn't selected, users will see the lock screen image that is defined in the policy setting, and will also see occasional messages.
## Resolution for custom lock screen image
-A concern with custom lock screen images is how they will appear on different screen sizes and resolutions.
+A concern with custom lock screen images is how they'll appear on different screen sizes and resolutions.
A custom lock screen image created in 16:9 aspect ratio (1600x900) will scale properly on devices using a 16:9 resolution, such as 1280x720 or 1920x1080. On devices using other aspect ratios, such as 4:3 (1024x768) or 16:10 (1280x800), height scales correctly and width is cropped to a size equal to the aspect ratio. The image will remain centered on the screen
diff --git a/windows/configure/images/apn-add-details.PNG b/windows/configure/images/apn-add-details.PNG
deleted file mode 100644
index caee3d6429..0000000000
Binary files a/windows/configure/images/apn-add-details.PNG and /dev/null differ
diff --git a/windows/configure/images/apn-add.PNG b/windows/configure/images/apn-add.PNG
deleted file mode 100644
index 0e25e5c0e9..0000000000
Binary files a/windows/configure/images/apn-add.PNG and /dev/null differ
diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml
index 0e700e4349..902c4828e2 100644
--- a/windows/deployment/TOC.yml
+++ b/windows/deployment/TOC.yml
@@ -65,11 +65,11 @@
href: planning/features-lifecycle.md
- name: Features we're no longer developing
items:
- - name: Windows 10 deprecated features
+ - name: Windows deprecated features
href: planning/windows-10-deprecated-features.md
- name: Features we removed
items:
- - name: Windows 10 features removed
+ - name: Windows features removed
href: planning/windows-10-removed-features.md
- name: Prepare
@@ -184,51 +184,91 @@
href: update/deploy-updates-intune.md
- name: Monitor Windows client updates
items:
- - name: Monitor Delivery Optimization
- href: do/waas-delivery-optimization-setup.md#monitor-delivery-optimization
- - name: Monitor Windows Updates
+ - name: Monitor with Update Compliance (preview version)
+ items:
+ - name: Update Compliance overview
+ href: update/update-compliance-v2-overview.md
+ - name: Enable Update Compliance (preview)
+ items:
+ - name: Update Compliance prerequisites
+ href: update/update-compliance-v2-prerequisites.md
+ - name: Enable the Update Compliance solution
+ href: update/update-compliance-v2-enable.md
+ - name: Configure clients with a script
+ href: update/update-compliance-v2-configuration-script.md
+ - name: Configure clients manually
+ href: update/update-compliance-v2-configuration-manual.md
+ - name: Configure clients with Microsoft Endpoint Manager
+ href: update/update-compliance-v2-configuration-mem.md
+ - name: Use Update Compliance (preview)
items:
- - name: Monitor Windows Updates with Update Compliance
- href: update/update-compliance-monitor.md
- - name: Get started
- items:
- - name: Get started with Update Compliance
- href: update/update-compliance-get-started.md
- - name: Update Compliance configuration script
- href: update/update-compliance-configuration-script.md
- - name: Manually configuring devices for Update Compliance
- href: update/update-compliance-configuration-manual.md
- - name: Configuring devices for Update Compliance in Microsoft Endpoint Manager
- href: update/update-compliance-configuration-mem.md
- - name: Update Compliance monitoring
- items:
- - name: Use Update Compliance
- href: update/update-compliance-using.md
- - name: Need attention report
- href: update/update-compliance-need-attention.md
- - name: Security update status report
- href: update/update-compliance-security-update-status.md
- - name: Feature update status report
- href: update/update-compliance-feature-update-status.md
- - name: Safeguard holds report
- href: update/update-compliance-safeguard-holds.md
- - name: Delivery Optimization in Update Compliance
- href: update/update-compliance-delivery-optimization.md
- - name: Data handling and privacy in Update Compliance
- href: update/update-compliance-privacy.md
- - name: Update Compliance schema reference
- href: update/update-compliance-schema.md
- items:
- - name: WaaSUpdateStatus
- href: update/update-compliance-schema-waasupdatestatus.md
- - name: WaaSInsiderStatus
- href: update/update-compliance-schema-waasinsiderstatus.md
- - name: WaaSDepoymentStatus
- href: update/update-compliance-schema-waasdeploymentstatus.md
- - name: WUDOStatus
- href: update/update-compliance-schema-wudostatus.md
- - name: WUDOAggregatedStatus
- href: update/update-compliance-schema-wudoaggregatedstatus.md
+ - name: Update Compliance workbook
+ href: update/update-compliance-v2-workbook.md
+ - name: Software updates in the Microsoft admin center (preview)
+ href: update/update-status-admin-center.md
+ - name: Use Update Compliance data
+ href: update/update-compliance-v2-use.md
+ - name: Feedback, support, and troubleshooting
+ href: update/update-compliance-v2-help.md
+ - name: Update Compliance schema reference (preview)
+ items:
+ - name: Update Compliance schema reference
+ href: update/update-compliance-v2-schema.md
+ - name: UCClient
+ href: update/update-compliance-v2-schema-ucclient.md
+ - name: UCClientReadinessStatus
+ href: update/update-compliance-v2-schema-ucclientreadinessstatus.md
+ - name: UCClientUpdateStatus
+ href: update/update-compliance-v2-schema-ucclientupdatestatus.md
+ - name: UCDeviceAlert
+ href: update/update-compliance-v2-schema-ucdevicealert.md
+ - name: UCServiceUpdateStatus
+ href: update/update-compliance-v2-schema-ucserviceupdatestatus.md
+ - name: UCUpdateAlert
+ href: update/update-compliance-v2-schema-ucupdatealert.md
+ - name: Monitor updates with Update Compliance
+ href: update/update-compliance-monitor.md
+ items:
+ - name: Get started
+ items:
+ - name: Get started with Update Compliance
+ href: update/update-compliance-get-started.md
+ - name: Update Compliance configuration script
+ href: update/update-compliance-configuration-script.md
+ - name: Manually configuring devices for Update Compliance
+ href: update/update-compliance-configuration-manual.md
+ - name: Configuring devices for Update Compliance in Microsoft Endpoint Manager
+ href: update/update-compliance-configuration-mem.md
+ - name: Update Compliance monitoring
+ items:
+ - name: Use Update Compliance
+ href: update/update-compliance-using.md
+ - name: Need attention report
+ href: update/update-compliance-need-attention.md
+ - name: Security update status report
+ href: update/update-compliance-security-update-status.md
+ - name: Feature update status report
+ href: update/update-compliance-feature-update-status.md
+ - name: Safeguard holds report
+ href: update/update-compliance-safeguard-holds.md
+ - name: Delivery Optimization in Update Compliance
+ href: update/update-compliance-delivery-optimization.md
+ - name: Data handling and privacy in Update Compliance
+ href: update/update-compliance-privacy.md
+ - name: Schema reference
+ items:
+ - name: Update Compliance schema reference
+ href: update/update-compliance-schema.md
+ - name: WaaSUpdateStatus
+ href: update/update-compliance-schema-waasupdatestatus.md
+ - name: WaaSInsiderStatus
+ href: update/update-compliance-schema-waasinsiderstatus.md
+ - name: WaaSDeploymentStatus
+ href: update/update-compliance-schema-waasdeploymentstatus.md
+ - name: WUDOStatus
+ href: update/update-compliance-schema-wudostatus.md
+ - name: WUDOAggregatedStatus
+ href: update/update-compliance-schema-wudoaggregatedstatus.md
- name: Troubleshooting
items:
- name: Resolve upgrade errors
diff --git a/windows/deployment/Windows-AutoPilot-EULA-note.md b/windows/deployment/Windows-AutoPilot-EULA-note.md
index ea378aa5e9..1b7ef3ad3b 100644
--- a/windows/deployment/Windows-AutoPilot-EULA-note.md
+++ b/windows/deployment/Windows-AutoPilot-EULA-note.md
@@ -2,16 +2,11 @@
title: Windows Autopilot EULA dismissal – important information
description: A notice about EULA dismissal through Windows Autopilot
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: deploy
ms.localizationpriority: medium
-ms.audience: itpro
ms.date: 08/22/2017
author: aczechowski
ms.author: aaroncz
manager: dougeby
-audience: itpro
ROBOTS: NOINDEX
ms.topic: article
---
@@ -22,4 +17,4 @@ ms.topic: article
Using this tool allows you to configure individual installations of Windows on devices managed by your organization. You may choose to suppress or hide certain set-up screens that are normally presented to users when setting up Windows, including the EULA acceptance screen.
-By using this function, you agree that suppressing or hiding any screens that are designed to provide users with notice or acceptance of terms means that you, on behalf of your organization or the individual user as the case may be, have consented to the notices and accepted the applicable terms. This includes your agreement to the terms and conditions of the license or notice that would be presented to the user if you did not suppress or hide it using this tool. You and your users may not use the Windows software on those devices if you have not validly acquired a license for the software from Microsoft or its licensed distributors.
+By using this function, you agree that suppressing or hiding any screens that are designed to provide users with notice or acceptance of terms means that you, on behalf of your organization or the individual user as the case may be, have consented to the notices and accepted the applicable terms. This consent includes your agreement to the terms and conditions of the license or notice that would be presented to the user if you didn't suppress or hide it using this tool. You and your users may not use the Windows software on those devices if you haven't validly acquired a license for the software from Microsoft or its licensed distributors.
diff --git a/windows/deployment/add-store-apps-to-image.md b/windows/deployment/add-store-apps-to-image.md
index def6469305..ba83569cc0 100644
--- a/windows/deployment/add-store-apps-to-image.md
+++ b/windows/deployment/add-store-apps-to-image.md
@@ -1,13 +1,8 @@
---
title: Add Microsoft Store for Business applications to a Windows 10 image
description: This article describes the correct way to add Microsoft Store for Business applications to a Windows 10 image.
-keywords: upgrade, update, windows, windows 10, deploy, store, image, wim
ms.prod: w10
-ms.mktglfcycl: deploy
ms.localizationpriority: medium
-ms.sitesec: library
-ms.pagetype: deploy
-audience: itpro
author: aczechowski
ms.author: aaroncz
ms.reviewer:
diff --git a/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md b/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md
index 129bdcec47..a4360e4aa4 100644
--- a/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md
+++ b/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md
@@ -1,13 +1,8 @@
---
title: Configure a PXE server to load Windows PE (Windows 10)
description: This topic describes how to configure a PXE server to load Windows PE so that it can be used with an image file to install Windows 10 from the network.
-keywords: upgrade, update, windows, windows 10, pxe, WinPE, image, wim
ms.prod: w10
-ms.mktglfcycl: deploy
ms.localizationpriority: medium
-ms.sitesec: library
-ms.pagetype: deploy
-audience: itpro
author: aczechowski
manager: dougeby
ms.author: aaroncz
@@ -39,7 +34,7 @@ All four of the roles specified above can be hosted on the same computer or each
2. Right-click **Deployment and Imaging Tools Environment** and then click **Run as administrator**. The Deployment and Imaging Tools Environment shortcut opens a Command Prompt window and automatically sets environment variables to point to all the necessary tools.
-3. Run the following command to copy the base Windows PE files into a new folder. The script requires two arguments: hardware architecture and destination location. The value of **<architecture>** can be **x86**, **amd64**, or **arm** and **<destination>** is a path to a local directory. If the directory does not already exist, it will be created.
+3. Run the following command to copy the base Windows PE files into a new folder. The script requires two arguments: hardware architecture and destination location. The value of **<architecture>** can be **x86**, **amd64**, or **arm** and **<destination>** is a path to a local directory. If the directory doesn't already exist, it will be created.
```
copype.cmd
@@ -172,7 +167,7 @@ ramdisksdipath \Boot\boot.sdi
## PXE boot process summary
-The following summarizes the PXE client boot process.
+The following process summarizes the PXE client boot.
>The following assumes that you have configured DHCP option 67 (Bootfile Name) to "boot\PXEboot.n12" which enables direct boot to PXE with no user interaction. For more information about DHCP options for network boot, see [Managing Network Boot Programs](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc732351(v=ws.10)).
@@ -182,7 +177,7 @@ The following summarizes the PXE client boot process.
5. Bootmgr.exe reads the BCD operating system entries and downloads boot\\boot.sdi and the Windows PE image (boot\\boot.wim). Optional files that can also be downloaded include true type fonts (boot\\Fonts\\wgl4\_boot.ttf) and the hibernation state file (\\hiberfil.sys) if these files are present.
6. Bootmgr.exe starts Windows PE by calling winload.exe within the Windows PE image.
7. Windows PE loads, a command prompt opens and wpeinit.exe is run to initialize Windows PE.
-8. The Windows PE client provides access to tools like imagex, diskpart, and bcdboot using the Windows PE command prompt. Using these tools together with a Windows 10 image file, the destination computer can be formatted properly to load a full Windows 10 operating system.
+8. The Windows PE client provides access to tools like imagex, diskpart, and bcdboot using the Windows PE command prompt. With the help of these tools accompanied by a Windows 10 image file, the destination computer can be formatted properly to load a full Windows 10 operating system.
## See Also
diff --git a/windows/deployment/deploy-enterprise-licenses.md b/windows/deployment/deploy-enterprise-licenses.md
index 409ecf66ed..0eb5352dfa 100644
--- a/windows/deployment/deploy-enterprise-licenses.md
+++ b/windows/deployment/deploy-enterprise-licenses.md
@@ -1,16 +1,10 @@
---
title: Deploy Windows 10/11 Enterprise licenses
manager: dougeby
-ms.audience: itpro
ms.author: aaroncz
description: Steps to deploy Windows 10 Enterprise or Windows 11 Enterprise licenses for Windows 10/11 Enterprise E3 or E5 Subscription Activation, or for Windows 10/11 Enterprise E3 in CSP
-keywords: upgrade, update, task sequence, deploy
ms.prod: w10
-ms.mktglfcycl: deploy
ms.localizationpriority: medium
-ms.sitesec: library
-ms.pagetype: mdt
-audience: itpro
author: aczechowski
ms.topic: article
ms.collection: highpri
@@ -24,10 +18,10 @@ This topic describes how to deploy Windows 10 or Windows 11 Enterprise E3 or E5
> * Windows 10/11 Enterprise Subscription Activation (EA or MPSA) requires Windows 10 Pro, version 1703 or later. Windows 11 is considered "later" in this context.
> * Windows 10/11 Enterprise E3 in CSP requires Windows 10 Pro, version 1607 or later.
> * Automatic, non-KMS activation requires Windows 10, version 1803 or later, on a device with a firmware-embedded activation key.
-> * Windows 10/11 Enterprise Subscription Activation requires Windows 10/11 Enterprise per user licensing; it does not work on per device based licensing.
+> * Windows 10/11 Enterprise Subscription Activation requires Windows 10/11 Enterprise per user licensing; it doesn't work on per device based licensing.
> [!IMPORTANT]
-> An issue has been identified where devices can lose activation status or be blocked from upgrading to Windows Enterprise if the device is not able to connect to Windows Update. A workaround is to ensure that devices do not have the REG_DWORD present HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\DoNotConnectToWindowsUpdateInternetLocations and set to 1. If this REG_DWORD is present, it must be set to 0.
+> An issue has been identified where devices can lose activation status or be blocked from upgrading to Windows Enterprise if the device isn't able to connect to Windows Update. A workaround is to ensure that devices do not have the REG_DWORD present HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\DoNotConnectToWindowsUpdateInternetLocations and set to 1. If this REG_DWORD is present, it must be set to 0.
>
>Also ensure that the Group Policy setting: Computer Configuration > Administrative Templates > Windows Components > Windows Update > "Do not connect to any Windows Update Internet locations" is set to "Disabled".
@@ -39,18 +33,18 @@ To determine if the computer has a firmware-embedded activation key, type the fo
(Get-CimInstance -query ‘select * from SoftwareLicensingService’).OA3xOriginalProductKey
```
-If the device has a firmware-embedded activation key, it will be displayed in the output. If the output is blank, the device does not have a firmware embedded activation key. Most OEM-provided devices designed to run Windows 8 or later will have a firmware-embedded key.
+If the device has a firmware-embedded activation key, it will be displayed in the output. If the output is blank, the device doesn't have a firmware embedded activation key. Most OEM-provided devices designed to run Windows 8 or later will have a firmware-embedded key.
## Enabling Subscription Activation with an existing EA
-If you are an EA customer with an existing Office 365 tenant, use the following steps to enable Windows 10 Subscription licenses on your existing tenant:
+If you're an EA customer with an existing Office 365 tenant, use the following steps to enable Windows 10 Subscription licenses on your existing tenant:
1. Work with your reseller to place an order for one $0 SKU per user. There are two SKUs available, depending on their current Windows Enterprise SA license:
- **AAA-51069** - Win10UsrOLSActv Alng MonthlySub Addon E3
- **AAA-51068** - Win10UsrOLSActv Alng MonthlySub Addon E5
-2. After placing an order, the OLS admin on the agreement will receive a service activation email, indicating their subscription licenses have been provisioned on the tenant.
+2. After an order is placed, the OLS admin on the agreement will receive a service activation email, indicating their subscription licenses have been provisioned on the tenant.
3. The admin can now assign subscription licenses to users.
Use the following process if you need to update contact information and retrigger activation in order to resend the activation email:
@@ -61,7 +55,7 @@ Use the following process if you need to update contact information and retrigge
4. Enter your agreement number, and then click **Search**.
5. Click the **Service Name**.
6. In the **Subscription Contact** section, click the name listed under **Last Name**.
-7. Update the contact information, then click **Update Contact Details**. This will trigger a new email.
+7. Update the contact information, then click **Update Contact Details**. This action will trigger a new email.
Also in this article:
- [Explore the upgrade experience](#explore-the-upgrade-experience): How to upgrade devices using the deployed licenses.
@@ -71,7 +65,7 @@ Also in this article:
You probably have on-premises Active Directory Domain Services (AD DS) domains. Users will use their domain-based credentials to sign in to the AD DS domain. Before you start deploying Windows 10/11 Enterprise E3 or E5 licenses to users, you need to synchronize the identities in the on-premises ADDS domain with Azure AD.
-You might ask why you need to synchronize these identities. The answer is so that users will have a *single identity* that they can use to access their on-premises apps and cloud services that use Azure AD (such as Windows 10/11 Enterprise E3 or E5). This means that users can use their existing credentials to sign in to Azure AD and access the cloud services that you provide and manage for them.
+You might ask why you need to synchronize these identities. The answer is so that users will have a *single identity* that they can use to access their on-premises apps and cloud services that use Azure AD (such as Windows 10/11 Enterprise E3 or E5). This synchronization means that users can use their existing credentials to sign in to Azure AD and access the cloud services that you provide and manage for them.
**Figure 1** illustrates the integration between the on-premises AD DS domain with Azure AD. [Microsoft Azure Active Directory Connect](https://www.microsoft.com/download/details.aspx?id=47594) (Azure AD Connect) is responsible for synchronization of identities between the on-premises AD DS domain and Azure AD. Azure AD Connect is a service that you can install on-premises or in a virtual machine in Azure.
@@ -85,11 +79,11 @@ For more information about integrating on-premises AD DS domains with Azure AD,
- [Azure AD + Domain Join + Windows 10](https://blogs.technet.microsoft.com/enterprisemobility/2016/02/17/azure-ad-domain-join-windows-10/)
> [!NOTE]
-> If you are implementing Azure AD, and you already have an on-premises domain, you don't need to integrate with Azure AD, since your main authentication method is your internal AD. If you want to manage all your infrastructure in the cloud, you can safely configure your domain controller remotely to integrate your computers with Azure AD, but you won't be able to apply fine controls using GPO. Azure AD is best suited for the global administration of devices when you don't have any on-premises servers.
+> If you're implementing Azure AD, and you already have an on-premises domain, you don't need to integrate with Azure AD, since your main authentication method is your internal AD. If you want to manage all your infrastructure in the cloud, you can safely configure your domain controller remotely to integrate your computers with Azure AD, but you won't be able to apply fine controls using GPO. Azure AD is best suited for the global administration of devices when you don't have any on-premises servers.
## Preparing for deployment: reviewing requirements
-Devices must be running Windows 10 Pro, version 1703, or later and be Azure Active Directory joined, or hybrid domain joined with Azure AD Connect. Customers who are federated with Azure Active Directory are also eligible. For more information, see [Review requirements on devices](#review-requirements-on-devices), later in this topic.
+Devices must be running Windows 10 Pro, version 1703, or later and be Azure Active Directory-joined, or hybrid domain joined with Azure AD Connect. Customers who are federated with Azure Active Directory are also eligible. For more information, see [Review requirements on devices](#review-requirements-on-devices), later in this topic.
## Assigning licenses to users
@@ -170,7 +164,7 @@ Now the device is Azure AD–joined to the company's subscription.
### Step 2: Pro edition activation
> [!IMPORTANT]
-> If your device is running Windows 10, version 1803 or later, this step is not needed. From Windows 10, version 1803, the device will automatically activate Windows 10 Enterprise using the firmware-embedded activation key.
+> If your device is running Windows 10, version 1803 or later, this step isn't needed. From Windows 10, version 1803, the device will automatically activate Windows 10 Enterprise using the firmware-embedded activation key.
> If the device is running Windows 10, version 1703 or 1709, then Windows 10 Pro must be successfully activated in **Settings > Update & Security > Activation**, as illustrated in **Figure 7a**.
@@ -181,7 +175,7 @@ Windows 10/11 Pro activation is required before Enterprise E3 or E5 can be enabl
### Step 3: Sign in using Azure AD account
-Once the device is joined to your Azure AD subscription, the user will sign in by using his or her Azure AD account, as illustrated in **Figure 8**. The Windows 10 Enterprise E3 or E5 license associated with the user will enable Windows 10 Enterprise edition capabilities on the device.
+Once the device is joined to your Azure AD subscription, the users will sign in by using their Azure AD account, as illustrated in **Figure 8**. The Windows 10 Enterprise E3 or E5 license associated with the user will enable Windows 10 Enterprise edition capabilities on the device.
@@ -214,14 +208,14 @@ Virtual machines (VMs) must be configured to enable Windows 10 Enterprise subscr
In some instances, users may experience problems with the Windows 10/11 Enterprise E3 or E5 subscription. The most common problems that users may experience are as follows:
-- The existing Windows 10 Pro, version 1703 or 1709 operating system is not activated. This problem does not apply to Windows 10, version 1803 or later.
+- The existing Windows 10 Pro, version 1703 or 1709 operating system isn't activated. This problem doesn't apply to Windows 10, version 1803 or later.
- The Windows 10/11 Enterprise E3 or E5 subscription has lapsed or has been removed.
Use the following figures to help you troubleshoot when users experience these common problems:
- [Figure 9](#win-10-activated-subscription-active) (see the section above) illustrates a device in a healthy state, where Windows 10 Pro is activated and the Windows 10 Enterprise subscription is active.
-- [Figure 10](#win-10-not-activated) (below) illustrates a device on which Windows 10 Pro is not activated, but the Windows 10 Enterprise subscription is active.
+- [Figure 10](#win-10-not-activated) (below) illustrates a device on which Windows 10 Pro isn't activated, but the Windows 10 Enterprise subscription is active.
@@ -233,7 +227,7 @@ Use the following figures to help you troubleshoot when users experience these c
Figure 11 - Windows 10 Enterprise subscription lapsed or removed in Settings
-- [Figure 12](#win-10-not-activated-subscription-not-active) (below) illustrates a device on which Windows 10 Pro license is not activated and the Windows 10 Enterprise subscription is lapsed or removed.
+- [Figure 12](#win-10-not-activated-subscription-not-active) (below) illustrates a device on which Windows 10 Pro license isn't activated and the Windows 10 Enterprise subscription is lapsed or removed.
@@ -241,12 +235,12 @@ Use the following figures to help you troubleshoot when users experience these c
### Review requirements on devices
-Devices must be running Windows 10 Pro, version 1703 (or later), and be Azure Active Directory joined, or hybrid domain joined with Azure AD Connect. Customers who are federated with Azure Active Directory are also eligible. You can use the following procedures to review whether a particular device meets requirements.
+Devices must be running Windows 10 Pro, version 1703 (or later), and be Azure Active Directory-joined, or hybrid domain joined with Azure AD Connect. Customers who are federated with Azure Active Directory are also eligible. You can use the following procedures to review whether a particular device meets requirements.
-**To determine if a device is Azure Active Directory joined:**
+**To determine if a device is Azure Active Directory-joined:**
1. Open a command prompt and type **dsregcmd /status**.
-2. Review the output under Device State. If the **AzureAdJoined** status is YES, the device is Azure Active Directory joined.
+2. Review the output under Device State. If the **AzureAdJoined** status is YES, the device is Azure Active Directory-joined.
**To determine the version of Windows 10:**
@@ -258,5 +252,5 @@ If a device is running a version of Windows 10 Pro prior to version 1703 (for ex
### Delay in the activation of Enterprise License of Windows 10
-This is by design. Windows 10 and Windows 11 include a built-in cache that is used when determining upgrade eligibility, including responses that indicate that the device is not eligible for an upgrade. It can take up to four days after a qualifying purchase before the upgrade eligibility is enabled and the cache expires.
+This delay is by design. Windows 10 and Windows 11 include a built-in cache that is used when determining upgrade eligibility, including responses that indicate that the device isn't eligible for an upgrade. It can take up to four days after a qualifying purchase before the upgrade eligibility is enabled and the cache expires.
diff --git a/windows/deployment/deploy-m365.md b/windows/deployment/deploy-m365.md
index d5c45465ba..778cc5f140 100644
--- a/windows/deployment/deploy-m365.md
+++ b/windows/deployment/deploy-m365.md
@@ -5,12 +5,7 @@ manager: dougeby
ms.author: aaroncz
description: Learn about deploying Windows 10 with Microsoft 365 and how to use a free 90-day trial account to review some of the benefits of Microsoft 365.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: deploy
-keywords: deployment, automate, tools, configure, mdt, sccm, M365
ms.localizationpriority: medium
-audience: itpro
author: aczechowski
ms.topic: article
ms.collection: M365-modern-desktop
@@ -25,7 +20,7 @@ ms.custom: seo-marvel-apr2020
This topic provides a brief overview of Microsoft 365 and describes how to use a free 90-day trial account to review some of the benefits of Microsoft 365.
-[Microsoft 365](https://www.microsoft.com/microsoft-365) is a new offering from Microsoft that combines [Windows 10](https://www.microsoft.com/windows/features) with [Office 365](https://www.microsoft.com/microsoft-365/office-365), and [Enterprise Mobility and Security](https://www.microsoft.com/cloud-platform/enterprise-mobility-security) (EMS). See the [M365 Enterprise poster](#m365-enterprise-poster) for an overview.
+[Microsoft 365](https://www.microsoft.com/microsoft-365) is a new offering from Microsoft that combines [Windows 10](https://www.microsoft.com/windows/features) with [Office 365](https://www.microsoft.com/microsoft-365/office-365), and [Enterprise Mobility and Security](https://www.microsoft.com/cloud-platform/enterprise-mobility-security) (EMS). See the [Microsoft 365 Enterprise poster](#microsoft-365-enterprise-poster) for an overview.
For Windows 10 deployment, Microsoft 365 includes a fantastic deployment advisor that can walk you through the entire process of deploying Windows 10. The wizard supports multiple Windows 10 deployment methods, including:
@@ -40,7 +35,7 @@ For Windows 10 deployment, Microsoft 365 includes a fantastic deployment advisor
**If you already have a Microsoft services subscription account and access to the Microsoft 365 Admin Center**
From the [Microsoft 365 Admin Center](https://portal.office.com), go to Billing and then Purchase services.
-In the Enterprise Suites section of the service offerings, you will find Microsoft 365 E3 and Microsoft 365 E5 tiles.
+In the Enterprise Suites section of the service offerings, you'll find Microsoft 365 E3 and Microsoft 365 E5 tiles.
There are "Start Free Trial" options available for your selection by hovering your mouse over the tiles.
**If you do not already have a Microsoft services subscription**
@@ -50,11 +45,11 @@ You can check out the Microsoft 365 deployment advisor and other resources for f
>[!NOTE]
>If you have not run a setup guide before, you will see the **Prepare your environment** guide first. This is to make sure you have basics covered like domain verification and a method for adding users. At the end of the "Prepare your environment" guide, there will be a **Ready to continue** button that sends you to the original guide that was selected.
-1. [Obtain a free M365 trial](/office365/admin/try-or-buy-microsoft-365).
+1. [Obtain a free Microsoft 365 trial](/microsoft-365/commerce/try-or-buy-microsoft-365).
2. Check out the [Microsoft 365 deployment advisor](https://aka.ms/microsoft365setupguide).
3. Also check out the [Windows Analytics deployment advisor](/mem/configmgr/desktop-analytics/overview). This advisor will walk you through deploying [Desktop Analytics](/mem/configmgr/desktop-analytics/overview).
-That's all there is to it!
+That's all there's to it!
Examples of these two deployment advisors are shown below.
@@ -67,9 +62,9 @@ Examples of these two deployment advisors are shown below.
## Windows Analytics deployment advisor example
-## M365 Enterprise poster
+## Microsoft 365 Enterprise poster
-[](https://aka.ms/m365eposter)
+[](https://aka.ms/m365eposter)
## Related Topics
diff --git a/windows/deployment/deploy-whats-new.md b/windows/deployment/deploy-whats-new.md
index e534cf8937..55f1a653a6 100644
--- a/windows/deployment/deploy-whats-new.md
+++ b/windows/deployment/deploy-whats-new.md
@@ -3,13 +3,8 @@ title: What's new in Windows client deployment
manager: dougeby
ms.author: aaroncz
description: Use this article to learn about new solutions and online content related to deploying Windows in your organization.
-keywords: deployment, automate, tools, configure, news
-ms.mktglfcycl: deploy
ms.localizationpriority: medium
ms.prod: w10
-ms.sitesec: library
-ms.pagetype: deploy
-audience: itpro
author: aczechowski
ms.topic: article
ms.custom: seo-marvel-apr2020
@@ -47,7 +42,7 @@ The [Windows ADK for Windows 11](/windows-hardware/get-started/adk-install) is a
New capabilities are available for [Delivery Optimization](#delivery-optimization) and [Windows Update for Business](#windows-update-for-business).
VPN support is added to [Windows Autopilot](#windows-autopilot)
An in-place upgrade wizard is available in [Configuration Manager](#microsoft-endpoint-configuration-manager).
-The Windows 10 deployment and update [landing page](index.yml) has been redesigned, with additional content added and more content coming soon.
+The Windows 10 deployment and update [landing page](index.yml) has been redesigned, with more content added and more content coming soon.
## The Modern Desktop Deployment Center
@@ -60,7 +55,7 @@ Microsoft 365 is a new offering from Microsoft that combines
- Office 365
- Enterprise Mobility and Security (EMS).
-See [Deploy Windows 10 with Microsoft 365](deploy-m365.md) for an overview, which now includes a link to download a nifty [M365 Enterprise poster](deploy-m365.md#m365-enterprise-poster).
+See [Deploy Windows 10 with Microsoft 365](deploy-m365.md) for an overview, which now includes a link to download a nifty [Microsoft 365 Enterprise poster](deploy-m365.md#microsoft-365-enterprise-poster).
## Windows 10 servicing and support
@@ -70,12 +65,12 @@ Windows PowerShell cmdlets for Delivery Optimization have been improved:
- **Get-DeliveryOptimizationStatus** has added the **-PeerInfo** option for a real-time peak behind the scenes on peer-to-peer activity (for example the peer IP Address, bytes received / sent).
- **Get-DeliveryOptimizationLogAnalysis** is a new cmdlet that provides a summary of the activity in your DO log (# of downloads, downloads from peers, overall peer efficiency). Use the **-ListConnections** option to for in-depth look at peer-to-peer connections.
-- **Enable-DeliveryOptimizationVerboseLogs** is a new cmdlet that enables a greater level of logging detail to assist in troubleshooting.
+- **Enable-DeliveryOptimizationVerboseLogs** is a new cmdlet that enables a greater level of logging detail to help in troubleshooting.
-Additional improvements in [Delivery Optimization](./do/waas-delivery-optimization.md) include:
+Other improvements in [Delivery Optimization](./do/waas-delivery-optimization.md) include:
- Enterprise network [throttling is enhanced](/windows-insider/archive/new-for-business#new-download-throttling-options-for-delivery-optimization-build-18917) to optimize foreground vs. background throttling.
- Automatic cloud-based congestion detection is available for PCs with cloud service support.
-- Improved peer efficiency for enterprises and educational institutions with complex networks is enabled with [new policies](/windows/client-management/mdm/policy-csp-deliveryoptimization). This now supports Microsoft 365 Apps for enterprise updates and Intune content, with Microsoft Endpoint Manager content coming soon!
+- Improved peer efficiency for enterprises and educational institutions with complex networks is enabled with [new policies](/windows/client-management/mdm/policy-csp-deliveryoptimization). These policies now support Microsoft 365 Apps for enterprise updates and Intune content, with Microsoft Endpoint Manager content coming soon!
The following Delivery Optimization policies are removed in the Windows 10, version 2004 release:
@@ -90,17 +85,17 @@ The following Delivery Optimization policies are removed in the Windows 10, vers
[Windows Update for Business](./update/waas-manage-updates-wufb.md) enhancements in this release include:
- Intune console updates: target version is now available allowing you to specify which version of Windows 10 you want devices to move to. Additionally, this capability enables you to keep devices on their current version until they reach end of service. Check it out in Intune, also available as a Group Policy and Configuration Service Provider (CSP) policy.
-- Validation improvements: To ensure devices and end users stay productive and protected, Microsoft uses safeguard holds to block devices from updating when there are known issues that would impact that device. Also, to better enable IT administrators to validate on the latest release, we have created a new policy that enables admins to opt devices out of the built-in safeguard holds.
+- Validation improvements: To ensure devices and end users stay productive and protected, Microsoft uses safeguard holds to block devices from updating when there are known issues that would impact that device. Also, to better enable IT administrators to validate on the latest release, we've created a new policy that enables admins to opt devices out of the built-in safeguard holds.
-- [**Automatic Restart Sign-on (ARSO)**](/windows-server/identity/ad-ds/manage/component-updates/winlogon-automatic-restart-sign-on--arso-): Windows will automatically log on as the user and lock their device in order to complete the update, ensuring that when the user returns and unlocks the device, the update will be completed.
+- [**Automatic Restart Sign-on (ARSO)**](/windows-server/identity/ad-ds/manage/component-updates/winlogon-automatic-restart-sign-on--arso-): Windows will automatically sign in as the user and lock their device in order to complete the update, ensuring that when the user returns and unlocks the device, the update will be completed.
- [**Windows Update for Business**](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-Update-for-Business-and-the-retirement-of-SAC-T/ba-p/339523): There will now be a single, common start date for phased deployments (no more SAC-T designation). In addition, there will be a new notification and reboot scheduling experience for end users, the ability to enforce update installation and reboot deadlines, and the ability to provide end user control over reboots for a specific time period.
-- **Update rollback improvements**: You can now automatically recover from startup failures by removing updates if the startup failure was introduced after the installation of recent driver or quality updates. When a device is unable to start up properly after the recent installation of Quality of driver updates, Windows will now automatically uninstall the updates to get the device back up and running normally.
-- **Pause updates**: We have extended the ability to pause updates for both feature and monthly updates. This extension ability is for all editions of Windows 10, including Home. You can pause both feature and monthly updates for up to 35 days (seven days at a time, up to five times). Once the 35-day pause period is reached, you will need to update your device before pausing again.
+- **Update rollback improvements**: You can now automatically recover from startup failures by removing updates if the startup failure was introduced after the installation of recent driver or quality updates. When a device is unable to start up properly after the recent installation of Quality of driver updates, Windows will now automatically uninstall the updates to get the device back up and run normally.
+- **Pause updates**: We've extended the ability to pause updates for both feature and monthly updates. This extension ability is for all editions of Windows 10, including Home. You can pause both feature and monthly updates for up to 35 days (seven days at a time, up to five times). Once the 35-day pause period is reached, you'll need to update your device before pausing again.
- **Improved update notifications**: When there's an update requiring you to restart your device, you'll see a colored dot on the Power button in the Start menu and on the Windows icon in your taskbar.
-- **Intelligent active hours**: To further enhance active hours, users will now have the option to let Windows Update intelligently adjust active hours based on their device-specific usage patterns. You must enable the intelligent active hours feature for the system to predict device-specific usage patterns.
+- **Intelligent active hours**: To further enhance active hours, users now can let Windows Update intelligently adjust active hours based on their device-specific usage patterns. You must enable the intelligent active hours feature for the system to predict device-specific usage patterns.
- **Improved update orchestration to improve system responsiveness**: This feature will improve system performance by intelligently coordinating Windows updates and Microsoft Store updates, so they occur when users are away from their devices to minimize disruptions.
-Microsoft previously announced that we are [extending support](https://www.microsoft.com/microsoft-365/blog/2018/09/06/helping-customers-shift-to-a-modern-desktop) for Windows 10 Enterprise and Windows 10 Education editions to 30 months from the version release date. This includes all past versions and future versions that are targeted for release in September (versions ending in 09, ex: 1809). Future releases that are targeted for release in March (versions ending in 03, ex: 1903) will continue to be supported for 18 months from their release date. All releases of Windows 10 Home, Windows 10 Pro, and Microsoft 365 Apps for enterprise will continue to be supported for 18 months (there is no change for these editions). These support policies are summarized in the table below.
+Microsoft previously announced that we're [extending support](https://www.microsoft.com/microsoft-365/blog/2018/09/06/helping-customers-shift-to-a-modern-desktop) for Windows 10 Enterprise and Windows 10 Education editions to 30 months from the version release date. These editions include all past versions and future versions that are targeted for release in September (versions ending in 09, ex: 1809). Future releases that are targeted for release in March (versions ending in 03, ex: 1903) will continue to be supported for 18 months from their release date. All releases of Windows 10 Home, Windows 10 Pro, and Microsoft 365 Apps for enterprise will continue to be supported for 18 months (there's no change for these editions). These support policies are summarized in the table below.
@@ -120,14 +115,14 @@ For more information, see [Windows 10 Enterprise E3 in CSP](windows-10-enterpris
With the release of Windows 10, version 2004 you can configure [Windows Autopilot user-driven](/windows/deployment/windows-autopilot/user-driven) Hybrid Azure Active Directory join with VPN support. This support is also backported to Windows 10, version 1909 and 1903.
-If you configure the language settings in the Autopilot profile and the device is connected to Ethernet, all scenarios will now skip the language, locale, and keyboard pages. In previous versions, this was only supported with self-deploying profiles.
+If you configure the language settings in the Autopilot profile and the device is connected to Ethernet, all scenarios will now skip the language, locale, and keyboard pages. In previous versions, these language settings were only supported with self-deploying profiles.
The following Windows Autopilot features are available in Windows 10, version 1903 and later:
-- [Windows Autopilot for white glove deployment](/windows/deployment/windows-autopilot/white-glove) is new in Windows 10, version 1903. "White glove" deployment enables partners or IT staff to pre-provision devices so they are fully configured and business ready for your users.
+- [Windows Autopilot for white glove deployment](/windows/deployment/windows-autopilot/white-glove) is new in Windows 10, version 1903. "White glove" deployment enables partners or IT staff to pre-provision devices so they're fully configured and business ready for your users.
- The Intune [enrollment status page](/intune/windows-enrollment-status) (ESP) now tracks Intune Management Extensions.
- [Cortana voiceover](/windows-hardware/customize/desktop/cortana-voice-support) and speech recognition during OOBE is disabled by default for all Windows 10 Pro Education, and Enterprise SKUs.
-- Windows Autopilot is self-updating during OOBE. Starting with the Windows 10, version 1903 Autopilot functional and critical updates will begin downloading automatically during OOBE.
+- Windows Autopilot is self-updating during OOBE. From Windows 10 onward, version 1903 Autopilot functional and critical updates will begin downloading automatically during OOBE.
- Windows Autopilot will set the [diagnostics data](/windows/privacy/windows-diagnostic-data) level to Full on Windows 10 version 1903 and later during OOBE.
### Microsoft Endpoint Configuration Manager
@@ -142,11 +137,11 @@ With Windows 10, version 1903, you can step-up from Windows 10 Pro Education to
### SetupDiag
-[SetupDiag](upgrade/setupdiag.md) is a command-line tool that can help diagnose why a Windows 10 update failed. SetupDiag works by searching Windows Setup log files. When searching log files, SetupDiag uses a set of rules to match known issues.
+[SetupDiag](upgrade/setupdiag.md) is a command-line tool that can help diagnose why a Windows 10 update failed. SetupDiag works by searching Windows Setup log files. When log files are being searched, SetupDiag uses a set of rules to match known issues.
In Windows 10, version 2004, SetupDiag is now automatically installed.
-During the upgrade process, Windows Setup will extract all its sources files to the **%SystemDrive%\$Windows.~bt\Sources** directory. With Windows 10, version 2004 and later, Windows Setup now also installs SetupDiag.exe to this directory. If there is an issue with the upgrade, SetupDiag is automatically run to determine the cause of the failure. If the upgrade process proceeds normally, this directory is moved under %SystemDrive%\Windows.Old for cleanup.
+During the upgrade process, Windows Setup will extract all its sources files to the **%SystemDrive%\$Windows.~bt\Sources** directory. With Windows 10, version 2004 and later, Windows Setup now also installs SetupDiag.exe to this directory. If there's an issue with the upgrade, SetupDiag is automatically run to determine the cause of the failure. If the upgrade process proceeds normally, this directory is moved under %SystemDrive%\Windows.Old for cleanup.
### Upgrade Readiness
@@ -184,7 +179,7 @@ For more information, see [MBR2GPT.EXE](mbr-to-gpt.md).
### Microsoft Deployment Toolkit (MDT)
-MDT version 8456 supports Windows 10, version 2004 and earlier operating systems, including Windows Server 2019. There is currently an issue that causes MDT to incorrectly detect that UEFI is present in Windows 10, version 2004. This issue is currently under investigation.
+MDT version 8456 supports Windows 10, version 2004 and earlier operating systems, including Windows Server 2019. There's currently an issue that causes MDT to incorrectly detect that UEFI is present in Windows 10, version 2004. This issue is currently under investigation.
For the latest information about MDT, see the [MDT release notes](/mem/configmgr/mdt/release-notes).
diff --git a/windows/deployment/deploy-windows-cm/add-a-windows-10-operating-system-image-using-configuration-manager.md b/windows/deployment/deploy-windows-cm/add-a-windows-10-operating-system-image-using-configuration-manager.md
index 54ab2b9cb1..af75531621 100644
--- a/windows/deployment/deploy-windows-cm/add-a-windows-10-operating-system-image-using-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/add-a-windows-10-operating-system-image-using-configuration-manager.md
@@ -1,16 +1,11 @@
---
title: Add a Windows 10 operating system image using Configuration Manager
description: Operating system images are typically the production image used for deployment throughout the organization.
-ms.assetid: 77f769cc-1a47-4f36-8082-201cd77b8d3b
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-keywords: image, deploy, distribute
ms.prod: w10
-ms.mktglfcycl: deploy
ms.localizationpriority: medium
-ms.sitesec: library
-audience: itpro
author: aczechowski
ms.topic: article
ms.custom: seo-marvel-apr2020
@@ -26,8 +21,8 @@ Operating system images are typically the production image used for deployment t
## Infrastructure
-For the purposes of this guide, we will use one server computer: CM01.
-- CM01 is a domain member server and Configuration Manager software distribution point. In this guide CM01 is a standalone primary site server.
+For the purposes of this guide, we'll use one server computer: CM01.
+- CM01 is a domain member server and Configuration Manager software distribution point. In this guide, CM01 is a standalone primary site server.
- CM01 is running Windows Server 2019. However, an earlier, supported version of Windows Server can also be used.
An existing Configuration Manager infrastructure that is integrated with MDT is used for the following procedures. For more information about the setup for this article, see [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md).
@@ -51,7 +46,7 @@ An existing Configuration Manager infrastructure that is integrated with MDT is
5. On the **General** page, assign the name Windows 10 Enterprise x64 RTM, click **Next** twice, and then click **Close**.
6. Distribute the operating system image to the CM01 distribution point by right-clicking the **Windows 10 Enterprise x64 RTM** operating system image and then clicking **Distribute Content**.
7. In the Distribute Content Wizard, add the CM01 distribution point, click **Next** and click **Close**.
-8. View the content status for the Windows 10 Enterprise x64 RTM package. Do not continue until the distribution is completed (it might take a few minutes). You also can review the D:\\Program Files\\Microsoft Configuration Manager\\Logs\\distmgr.log file and look for the **STATMSG: ID=2301** line.
+8. View the content status for the Windows 10 Enterprise x64 RTM package. Don't continue until the distribution is completed (it might take a few minutes). You also can review the D:\\Program Files\\Microsoft Configuration Manager\\Logs\\distmgr.log file and look for the **STATMSG: ID=2301** line.
diff --git a/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md b/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
index b007f111f0..1d57288f6f 100644
--- a/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
@@ -1,16 +1,11 @@
---
title: Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager
description: Learn how to configure the Windows Preinstallation Environment (Windows PE) to include required network and storage drivers.
-ms.assetid: 97b3ea46-28d9-407e-8c42-ded2e45e8d5c
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-keywords: deploy, task sequence
ms.prod: w10
ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.sitesec: library
-audience: itpro
author: aczechowski
ms.topic: article
ms.custom: seo-marvel-apr2020
@@ -22,10 +17,10 @@ ms.custom: seo-marvel-apr2020
- Windows 10
-In this topic, you will learn how to configure the Windows Preinstallation Environment (Windows PE) to include the network drivers required to connect to the deployment share and the storage drivers required to see the local storage on machines. Even though the Windows PE boot image and the Windows 10 operating system contain many out-of-the-box drivers, it is likely you will have to add new or updated drivers to support all your hardware. In this section, you import drivers for both Windows PE and the full Windows 10 operating system.
+In this topic, you'll learn how to configure the Windows Preinstallation Environment (Windows PE) to include the network drivers required to connect to the deployment share and the storage drivers required to see the local storage on machines. Even though the Windows PE boot image and the Windows 10 operating system contain many out-of-the-box drivers, it's likely you'll have to add new or updated drivers to support all your hardware. In this section, you import drivers for both Windows PE and the full Windows 10 operating system.
-For the purposes of this guide, we will use one server computer: CM01.
-- CM01 is a domain member server and Configuration Manager software distribution point. In this guide CM01 is a standalone primary site server. CM01 is running Windows Server 2019. However, an earlier, supported version of Windows Server can also be used.
+For the purposes of this guide, we'll use one server computer: CM01.
+- CM01 is a domain member server and Configuration Manager software distribution point. In this guide, CM01 is a standalone primary site server. CM01 is running Windows Server 2019. However, an earlier, supported version of Windows Server can also be used.
An existing Configuration Manager infrastructure that is integrated with MDT is used for the following procedures. For more information about the setup for this article, see [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md).
@@ -34,9 +29,9 @@ For the purposes of this guide, we will use one server computer: CM01.
This section will show you how to import some network and storage drivers for Windows PE.
>[!NOTE]
->Windows PE usually has a fairly comprehensive set of drivers out of the box, assuming that you are using a recent version of the Windows ADK. This is different than the full Windows OS which will often require drivers. You shouldn't add drivers to Windows PE unless you have an issue or are missing functionality, and in these cases you should only add the driver that you need. An example of a common driver that is added is the Intel I217 driver. Adding too many drivers can cause conflicts and lead to driver bloat in the Config Mgr database. This section shows you how to add drivers, but typically you can just skip this procedure.
+>Windows PE usually has a fairly comprehensive set of drivers out of the box, assuming that you are using a recent version of the Windows ADK. This is different than the full Windows OS which will often require drivers. You shouldn't add drivers to Windows PE unless you've an issue or are missing functionality, and in these cases you should only add the driver that you need. An example of a common driver that is added is the Intel I217 driver. Adding too many drivers can cause conflicts and lead to driver bloat in the Config Mgr database. This section shows you how to add drivers, but typically you can just skip this procedure.
-This section assumes you have downloaded some drivers to the **D:\\Sources\\OSD\\DriverSources\\WinPE x64** folder on CM01.
+This section assumes you've downloaded some drivers to the **D:\\Sources\\OSD\\DriverSources\\WinPE x64** folder on CM01.
@@ -63,7 +58,7 @@ On **CM01**:
This section illustrates how to add drivers for Windows 10 using the HP EliteBook 8560w as an example. Use the HP Image Assistant from the [HP Client Management Solutions site](https://hp.com/go/clientmanagement).
-For the purposes of this section, we assume that you have downloaded the Windows 10 drivers for the HP EliteBook 8560w model and copied them to the **D:\Sources$\OSD\DriverSources\Windows 10 x64\Hewlett-Packard\HP EliteBook 8560w** folder on CM01.
+For the purposes of this section, we assume that you've downloaded the Windows 10 drivers for the HP EliteBook 8560w model and copied them to the **D:\Sources$\OSD\DriverSources\Windows 10 x64\Hewlett-Packard\HP EliteBook 8560w** folder on CM01.
@@ -86,9 +81,9 @@ On **CM01**:
* Path: \\\\CM01\\Sources$\\OSD\\DriverPackages\\Windows 10 x64\\Hewlett-Packard\\HP EliteBook 8560w
>[!NOTE]
- >The package path does not yet exist, so you have to type it in. The wizard will create the new package using the path you specify.
+ >The package path does not yet exist, so you've to type it in. The wizard will create the new package using the path you specify.
-5. On the **Select drivers to include in the boot image** page, do not select anything, and click **Next** twice. After the package has been created, click **Close**.
+5. On the **Select drivers to include in the boot image** page, don't select anything, and click **Next** twice. After the package has been created, click **Close**.
>[!NOTE]
>If you want to monitor the driver import process more closely, you can open the SMSProv.log file during driver import.
diff --git a/windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md b/windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
index 75682905f1..fb7aae6b8e 100644
--- a/windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
@@ -1,16 +1,11 @@
---
title: Create a custom Windows PE boot image with Configuration Manager (Windows 10)
description: Learn how to create custom Windows Preinstallation Environment (Windows PE) boot images in Microsoft Endpoint Configuration Manager.
-ms.assetid: b9e96974-324d-4fa4-b0ce-33cfc49c4809
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-keywords: tool, customize, deploy, boot image
ms.prod: w10
-ms.mktglfcycl: deploy
ms.localizationpriority: medium
-ms.sitesec: library
-audience: itpro
author: aczechowski
ms.topic: article
ms.custom: seo-marvel-apr2020
@@ -25,16 +20,16 @@ ms.custom: seo-marvel-apr2020
In Microsoft Endpoint Configuration Manager, you can create custom Windows Preinstallation Environment (Windows PE) boot images that include extra components and features. This topic shows you how to create a custom Windows PE 5.0 boot image with the Microsoft Deployment Toolkit (MDT) wizard. You can also add the Microsoft Diagnostics and Recovery Toolset (DaRT) 10 to the boot image as part of the boot image creation process.
- The boot image that is created is based on the version of ADK that is installed.
-For the purposes of this guide, we will use one server computer: CM01.
-- CM01 is a domain member server and Configuration Manager software distribution point. In this guide CM01 is a standalone primary site server. CM01 is running Windows Server 2019. However, an earlier, supported version of Windows Server can also be used.
+For the purposes of this guide, we'll use one server computer: CM01.
+- CM01 is a domain member server and Configuration Manager software distribution point. In this guide, CM01 is a standalone primary site server. CM01 is running Windows Server 2019. However, an earlier, supported version of Windows Server can also be used.
An existing Configuration Manager infrastructure that is integrated with MDT is used for the following procedures. For more information about the setup for this article, see [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md).
## Add DaRT 10 files and prepare to brand the boot image
-The steps below outline the process for adding DaRT 10 installation files to the MDT installation directory. You also copy a custom background image to be used later. These steps are optional. If you do not wish to add DaRT, skip the steps below to copy DaRT tools and later skip adding the DaRT component to the boot image.
+The steps below outline the process for adding DaRT 10 installation files to the MDT installation directory. You also copy a custom background image to be used later. These steps are optional. If you don't wish to add DaRT, skip the steps below to copy DaRT tools and later skip adding the DaRT component to the boot image.
-We assume you have downloaded [Microsoft Desktop Optimization Pack (MDOP) 2015](https://my.visualstudio.com/Downloads?q=Desktop%20Optimization%20Pack%202015) and copied the x64 version of MSDaRT100.msi to the **C:\\Setup\\DaRT 10** folder on CM01. We also assume you have created a custom background image and saved it in **C:\\Setup\\Branding** on CM01. In this section, we use a custom background image named ContosoBackground.bmp.
+We assume you've downloaded [Microsoft Desktop Optimization Pack (MDOP) 2015](https://my.visualstudio.com/Downloads?q=Desktop%20Optimization%20Pack%202015) and copied the x64 version of MSDaRT100.msi to the **C:\\Setup\\DaRT 10** folder on CM01. We also assume you've created a custom background image and saved it in **C:\\Setup\\Branding** on CM01. In this section, we use a custom background image named ContosoBackground.bmp.
On **CM01**:
@@ -47,7 +42,7 @@ On **CM01**:
## Create a boot image for Configuration Manager using the MDT wizard
-By using the MDT wizard to create the boot image in Configuration Manager, you gain additional options for adding components and features to the boot image. In this section, you create a boot image for Configuration Manager using the MDT wizard.
+By using the MDT wizard to create the boot image in Configuration Manager, you gain more options for adding components and features to the boot image. In this section, you create a boot image for Configuration Manager using the MDT wizard.
On **CM01**:
@@ -70,7 +65,7 @@ On **CM01**:
6. On the **Customization** page, select the **Use a custom background bitmap file** check box, and in the **UNC path:** text box, browse to **\\\\CM01\\Sources$\\OSD\\Branding\\ContosoBackground.bmp** and then click **Next** twice. Wait a few minutes while the boot image is generated, and then click **Finish**.
7. Distribute the boot image to the CM01 distribution point by selecting the **Boot images** node, right-clicking the **Zero Touch WinPE x64** boot image, and selecting **Distribute Content**.
8. In the Distribute Content Wizard, add the CM01 distribution point, and complete the wizard.
-9. Using Configuration Manager Trace, review the D:\\Program Files\\Microsoft Configuration Manager\\Logs\\distmgr.log file. Do not continue until you can see that the boot image is distributed. Look for the line that reads **STATMSG: ID=2301**. You also can monitor Content Status in the Configuration Manager Console at **\Monitoring\Overview\Distribution Status\Content Status\Zero Touch WinPE x64**. See the following examples:
+9. Using Configuration Manager Trace, review the D:\\Program Files\\Microsoft Configuration Manager\\Logs\\distmgr.log file. Don't continue until you can see that the boot image is distributed. Look for the line that reads **STATMSG: ID=2301**. You also can monitor Content Status in the Configuration Manager Console at **\Monitoring\Overview\Distribution Status\Content Status\Zero Touch WinPE x64**. See the following examples:
diff --git a/windows/deployment/deploy-windows-cm/create-a-task-sequence-with-configuration-manager-and-mdt.md b/windows/deployment/deploy-windows-cm/create-a-task-sequence-with-configuration-manager-and-mdt.md
index 98787c6771..f846694f35 100644
--- a/windows/deployment/deploy-windows-cm/create-a-task-sequence-with-configuration-manager-and-mdt.md
+++ b/windows/deployment/deploy-windows-cm/create-a-task-sequence-with-configuration-manager-and-mdt.md
@@ -1,17 +1,11 @@
---
title: Create a task sequence with Configuration Manager (Windows 10)
description: Create a Configuration Manager task sequence with Microsoft Deployment Toolkit (MDT) integration using the MDT wizard.
-ms.assetid: 0b069bec-5be8-47c6-bf64-7a630f41ac98
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-keywords: deploy, upgrade, task sequence, install
ms.prod: w10
-ms.mktglfcycl: deploy
ms.localizationpriority: medium
-ms.pagetype: mdt
-ms.sitesec: library
-audience: itpro
author: aczechowski
ms.topic: article
---
@@ -22,10 +16,10 @@ ms.topic: article
- Windows 10
-In this article, you will learn how to create a Configuration Manager task sequence with Microsoft Deployment Toolkit (MDT) integration using the MDT wizard. Creating task sequences in Configuration Manager requires many more steps than creating task sequences for MDT Lite Touch installation. Luckily, the MDT wizard helps you through the process and also guides you through creating the needed packages.
+In this article, you'll learn how to create a Configuration Manager task sequence with Microsoft Deployment Toolkit (MDT) integration using the MDT wizard. Creating task sequences in Configuration Manager requires many more steps than creating task sequences for MDT Lite Touch installation. Luckily, the MDT wizard helps you through the process and also guides you through creating the needed packages.
-For the purposes of this guide, we will use one server computer: CM01.
-- CM01 is a domain member server and Configuration Manager software distribution point. In this guide CM01 is a standalone primary site server. CM01 is running Windows Server 2019. However, an earlier, supported version of Windows Server can also be used.
+For the purposes of this guide, we'll use one server computer: CM01.
+- CM01 is a domain member server and Configuration Manager software distribution point. In this guide, CM01 is a standalone primary site server. CM01 is running Windows Server 2019. However, an earlier, supported version of Windows Server can also be used.
An existing Configuration Manager infrastructure that is integrated with MDT is used for the following procedures. For more information about the setup for this article, see [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md). Note: Active Directory [permissions](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md#configure-active-directory-permissions) for the **CM_JD** account are required for the task sequence to work properly.
@@ -99,9 +93,9 @@ On **CM01**:
Add an application to the Configuration Manager task sequence
>[!NOTE]
- >In recent versions of Configuration Manager the Request State Store and Release State Store actions described below are present by default. These actions are used for common computer replace scenarios. There is also the additional condition on the options tab: USMTOfflineMigration not equals TRUE. If these actions are not present, try updating to the Config Mgr current branch release.
+ >In recent versions of Configuration Manager the Request State Store and Release State Store actions described below are present by default. These actions are used for common computer replace scenarios. There's also the additional condition on the options tab: USMTOfflineMigration not equals TRUE. If these actions are not present, try updating to the Config Mgr current branch release.
-9. In the **State Restore** group, after the **Set Status 5** action, verify there is a **User State \ Request State Store** action with the following settings:
+9. In the **State Restore** group, after the **Set Status 5** action, verify there's a **User State \ Request State Store** action with the following settings:
* Request state storage location to: Restore state from another computer
* If computer account fails to connect to state store, use the Network Access account: selected
* Options: Continue on error
@@ -109,7 +103,7 @@ On **CM01**:
* Task Sequence Variable
* USMTLOCAL not equals True
-10. In the **State Restore** group, after the **Restore User State** action, verify there is a **Release State Store** action with the following settings:
+10. In the **State Restore** group, after the **Restore User State** action, verify there's a **Release State Store** action with the following settings:
* Options: Continue on error
* Options / Condition:
* Task Sequence Variable
@@ -119,14 +113,14 @@ On **CM01**:
## Organize your packages (optional)
-If desired, you can create a folder structure for packages. This is purely for organizational purposes and is useful if you need to manage a large number of packages.
+If desired, you can create a folder structure for packages. This folder structure is purely for organizational purposes and is useful if you need to manage a large number of packages.
To create a folder for packages:
On **CM01**:
1. Using the Configuration Manager Console, in the Software Library workspace, expand **Application Management**, and then select **Packages**.
-2. Right-click **Packages**, point to **Folder**, click **Create Folder** and create the OSD folder. This will create the Root \ OSD folder structure.
+2. Right-click **Packages**, point to **Folder**, click **Create Folder** and create the OSD folder. This process will create the Root \ OSD folder structure.
3. Select the **MDT**, **User State Migration Tool for Windows**, and **Windows 10 x64 Settings** packages, right-click and select **Move**.
4. In the **Move Selected Items** dialog box, select the **OSD** folder, and click **OK**.
diff --git a/windows/deployment/deploy-windows-cm/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md b/windows/deployment/deploy-windows-cm/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md
index 7aaa9cb56d..102b3ae2d6 100644
--- a/windows/deployment/deploy-windows-cm/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md
@@ -1,16 +1,12 @@
---
title: Create an app to deploy with Windows 10 using Configuration Manager
-description: Microsoft Microsoft Endpoint Manager supports deploying applications as part of the Windows 10 deployment process.
+description: Microsoft Endpoint Manager supports deploying applications as part of the Windows 10 deployment process.
ms.assetid: 2dfb2f39-1597-4999-b4ec-b063e8a8c90c
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-keywords: deployment, task sequence, custom, customize
ms.prod: w10
ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.sitesec: library
-audience: itpro
author: aczechowski
ms.topic: article
---
@@ -24,8 +20,8 @@ ms.topic: article
Microsoft Endpoint Manager supports deploying applications as part of the Windows 10 deployment process. In this section, you create an application in Microsoft Endpoint Manager that you later configure the task sequence to use.
-For the purposes of this guide, we will use one server computer: CM01.
-- CM01 is a domain member server and Configuration Manager software distribution point. In this guide CM01 is a standalone primary site server. CM01 is running Windows Server 2019. However, an earlier, supported version of Windows Server can also be used.
+For the purposes of this guide, we'll use one server computer: CM01.
+- CM01 is a domain member server and Configuration Manager software distribution point. In this guide, CM01 is a standalone primary site server. CM01 is running Windows Server 2019. However, an earlier, supported version of Windows Server can also be used.
>[!NOTE]
>The [reference image](add-a-windows-10-operating-system-image-using-configuration-manager.md) used in this lab already contains some applications, such as Microsoft Office 365 Pro Plus x64. The procedure demonstrated in this article enables you to add some additional custom applications beyond those included in the reference image.
@@ -34,9 +30,9 @@ For the purposes of this guide, we will use one server computer: CM01.
On **CM01**:
-1. Create the **D:\Setup** folder if it does not already exist.
+1. Create the **D:\Setup** folder if it doesn't already exist.
1. Download the Enterprise distribution version of [Adobe Acrobat Reader DC](https://get.adobe.com/reader/enterprise/) (ex: AcroRdrDC2000620034_en_US.exe) to **D:\\Setup\\Adobe** on CM01. The filename will differ depending on the version of Acrobat Reader.
-2. Extract the .exe file that you downloaded to an .msi. The source folder will differ depending on where you downloaded the file. See the following example:
+2. Extract the .exe file that you downloaded to a .msi. The source folder will differ depending on where you downloaded the file. See the following example:
```powershell
Set-Location C:\Users\administrator.CONTOSO\Downloads
@@ -69,7 +65,7 @@ On **CM01**:
Add the "OSD Install" suffix to the application name
-11. In the **Applications** node, select the Adobe Reader - OSD Install application, and click **Properties** on the ribbon bar (this is another place to view properties, you can also right-click and select properties).
+11. In the **Applications** node, select the Adobe Reader - OSD Install application, and click **Properties** on the ribbon bar (this path is another place to view properties, you can also right-click and select properties).
12. On the **General Information** tab, select the **Allow this application to be installed from the Install Application task sequence action without being deployed** check box, and click **OK**.
Next, see [Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager](add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md).
diff --git a/windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md b/windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md
index 0851a5ac05..253e63190e 100644
--- a/windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md
@@ -1,15 +1,11 @@
---
title: Deploy Windows 10 using PXE and Configuration Manager (Windows 10)
-description: In this topic, you will learn how to deploy Windows 10 using Microsoft Endpoint Manager deployment packages and task sequences.
+description: In this topic, you'll learn how to deploy Windows 10 using Microsoft Endpoint Manager deployment packages and task sequences.
ms.assetid: fb93f514-5b30-4f4b-99dc-58e6860009fa
manager: dougeby
ms.author: aaroncz
-keywords: deployment, image, UEFI, task sequence
ms.prod: w10
-ms.mktglfcycl: deploy
ms.localizationpriority: medium
-ms.sitesec: library
-audience: itpro
author: aczechowski
ms.topic: article
ms.collection: highpri
@@ -21,9 +17,9 @@ ms.collection: highpri
- Windows 10
-In this topic, you will learn how to deploy Windows 10 using Microsoft Endpoint Manager deployment packages and task sequences. This topic will walk you through the process of deploying the Windows 10 Enterprise image to a Unified Extensible Firmware Interface (UEFI) computer named PC0001. An existing Configuration Manager infrastructure that is integrated with MDT is used for the procedures in this topic.
+In this topic, you'll learn how to deploy Windows 10 using Microsoft Endpoint Manager deployment packages and task sequences. This topic will walk you through the process of deploying the Windows 10 Enterprise image to a Unified Extensible Firmware Interface (UEFI) computer named PC0001. An existing Configuration Manager infrastructure that is integrated with MDT is used for the procedures in this topic.
-This topic assumes that you have completed the following prerequisite procedures:
+This topic assumes that you've completed the following prerequisite procedures:
- [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)
- [Create a custom Windows PE boot image with Configuration Manager](create-a-custom-windows-pe-boot-image-with-configuration-manager.md)
- [Add a Windows 10 operating system image using Configuration Manager](add-a-windows-10-operating-system-image-using-configuration-manager.md)
@@ -32,10 +28,10 @@ This topic assumes that you have completed the following prerequisite procedures
- [Create a task sequence with Configuration Manager and MDT](create-a-task-sequence-with-configuration-manager-and-mdt.md)
- [Finalize the operating system configuration for Windows 10 deployment with Configuration Manager](finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md)
-For the purposes of this guide, we will use a minimum of two server computers (DC01 and CM01) and one client computer (PC0001).
+For the purposes of this guide, we'll use a minimum of two server computers (DC01 and CM01) and one client computer (PC0001).
- DC01 is a domain controller and DNS server for the contoso.com domain. DHCP services are also available and optionally installed on DC01 or another server. Note: DHCP services are required for the client (PC0001) to connect to the Windows Deployment Service (WDS).
-- CM01 is a domain member server and Configuration Manager software distribution point. In this guide CM01 is a standalone primary site server.
- - CM01 is also running WDS which will be required to start PC0001 via PXE. **Note**: Ensure that only CM01 is running WDS.
+- CM01 is a domain member server and Configuration Manager software distribution point. In this guide, CM01 is a standalone primary site server.
+ - CM01 is also running WDS that will be required to start PC0001 via PXE. **Note**: Ensure that only CM01 is running WDS.
- PC0001 is a client computer that is blank, or has an operating system that will be erased and replaced with Windows 10. The device must be configured to boot from the network.
>[!NOTE]
@@ -43,7 +39,7 @@ For the purposes of this guide, we will use a minimum of two server computers (D
All servers are running Windows Server 2019. However, an earlier, supported version of Windows Server can also be used.
-All server and client computers referenced in this guide are on the same subnet. This is not required, but each server and client computer must be able to connect to each other to share files, and to resolve all DNS names and Active Directory information for the contoso.com domain. Internet connectivity is also required to download OS and application updates.
+All server and client computers referenced in this guide are on the same subnet. This connection isn't required, but each server and client computer must be able to connect to each other to share files, and to resolve all DNS names and Active Directory information for the contoso.com domain. Internet connectivity is also required to download OS and application updates.
>[!NOTE]
>No WDS console configuration is required for PXE to work. Everything is done with the Configuration Manager console.
@@ -55,7 +51,7 @@ All server and client computers referenced in this guide are on the same subnet.
3. On the **Select a task sequence to run** page, select **Windows 10 Enterprise x64 RTM** and click **Next**.
4. On the **Edit Task Sequence Variables** page, double-click the **OSDComputerName** variable, and in the **Value** field, type **PC0001** and click **OK**. Then click **Next**.
5. The operating system deployment will take several minutes to complete.
-6. You can monitor the deployment on CM01 using the MDT Deployment Workbench. When you see the PC0001 entry, double-click **PC0001**, and then click **DaRT Remote Control** and review the **Remote Control** option. The task sequence will run and do the following:
+6. You can monitor the deployment on CM01 using the MDT Deployment Workbench. When you see the PC0001 entry, double-click **PC0001**, and then click **DaRT Remote Control** and review the **Remote Control** option. The task sequence will run and do the following steps:
* Install the Windows 10 operating system.
* Install the Configuration Manager client and the client hotfix.
@@ -69,7 +65,7 @@ All server and client computers referenced in this guide are on the same subnet.
Monitoring the deployment with MDT.
-7. When the deployment is finished you will have a domain-joined Windows 10 computer with the Adobe Reader application installed as well as the applications that were included in the reference image, such as Office 365 Pro Plus.
+7. When the deployment is finished you'll have a domain-joined Windows 10 computer with the Adobe Reader application installed as well as the applications that were included in the reference image, such as Office 365 Pro Plus.
Examples are provided below of various stages of deployment:
diff --git a/windows/deployment/deploy-windows-cm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md b/windows/deployment/deploy-windows-cm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md
index 4222c890b9..3984e65a9b 100644
--- a/windows/deployment/deploy-windows-cm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md
@@ -1,16 +1,11 @@
---
title: Finalize operating system configuration for Windows 10 deployment
description: This article provides a walk-through to finalize the configuration of your Windows 10 operating deployment.
-ms.assetid: 38b55fa8-e717-4689-bd43-8348751d493e
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-keywords: configure, deploy, upgrade
ms.prod: w10
ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.sitesec: library
-audience: itpro
author: aczechowski
ms.topic: article
ms.custom: seo-marvel-apr2020
@@ -24,8 +19,8 @@ ms.custom: seo-marvel-apr2020
This topic walks you through the steps to finalize the configuration of your Windows 10 operating deployment, which includes enabling optional MDT monitoring for Configuration Manager, logs folder settings, rules configuration, content distribution, and deployment of the previously created task sequence.
-For the purposes of this guide, we will use one server computer: CM01.
-- CM01 is a domain member server and Configuration Manager software distribution point. In this guide CM01 is a standalone primary site server. CM01 is running Windows Server 2019. However, an earlier, supported version of Windows Server can also be used.
+For the purposes of this guide, we'll use one server computer: CM01.
+- CM01 is a domain member server and Configuration Manager software distribution point. In this guide, CM01 is a standalone primary site server. CM01 is running Windows Server 2019. However, an earlier, supported version of Windows Server can also be used.
An existing Configuration Manager infrastructure that is integrated with MDT is used for the following procedures. For more information about the setup for this article, see [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md).
@@ -50,11 +45,11 @@ On **CM01**:
## Configure the Logs folder
-The D:\Logs folder was [created previously](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md?#review-the-sources-folder-structure) and SMB permissions were added. Next, we will add NTFS folder permissions for the Configuration Manager Network Access Account (CM_NAA), and enable server-side logging by modifying the CustomSettings.ini file used by the Configuration Manager task sequence.
+The D:\Logs folder was [created previously](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md?#review-the-sources-folder-structure) and SMB permissions were added. Next, we'll add NTFS folder permissions for the Configuration Manager Network Access Account (CM_NAA), and enable server-side logging by modifying the CustomSettings.ini file used by the Configuration Manager task sequence.
On **CM01**:
-1. To configure NTFS permissions using icacls.exe, type the following at an elevated Windows PowerShell prompt:
+1. To configure NTFS permissions using icacls.exe, type the following command at an elevated Windows PowerShell prompt:
```
icacls D:\Logs /grant '"CM_NAA":(OI)(CI)(M)'
@@ -87,17 +82,17 @@ On **CM01**:
3. In the Configuration Manager console, update the distribution point for the **Windows 10 x64 Settings** package by right-clicking the **Windows 10 x64 Settings** package and selecting **Update Distribution Points**. Click **OK** in the popup dialog box.
>[!NOTE]
- >Although you have not yet added a distribution point, you still need to select Update Distribution Points. This process also updates the Configuration Manager content library with changes.
+ >Although you haven't yet added a distribution point, you still need to select Update Distribution Points. This process also updates the Configuration Manager content library with changes.
## Distribute content to the CM01 distribution portal
-In Configuration Manager, you can distribute all packages needed by a task sequence in a single task. In this section, you distribute packages that have not yet been distributed to the CM01 distribution point.
+In Configuration Manager, you can distribute all packages needed by a task sequence in a single task. In this section, you distribute packages that haven't yet been distributed to the CM01 distribution point.
On **CM01**:
1. Using the Configuration Manager console, in the Software Library workspace, expand **Operating Systems** and select **Task Sequences**. Right-click the **Windows 10 Enterprise x64 RTM** task sequence, and select **Distribute Content**.
2. In the Distribute Content Wizard, click **Next** twice then on the **Specify the content destination** page add the Distribution Point: **CM01.CONTOSO.COM**, and then complete the wizard.
-3. Using the CMTrace tool, verify the distribution to the CM01 distribution point by reviewing the distmgr.log file, or use the Distribution Status / Content Status option in the Monitoring workspace. Do not continue until you see all the new packages being distributed successfully.
+3. Using the CMTrace tool, verify the distribution to the CM01 distribution point by reviewing the distmgr.log file, or use the Distribution Status / Content Status option in the Monitoring workspace. Don't continue until you see all the new packages being distributed successfully.
@@ -105,7 +100,7 @@ On **CM01**:
## Create a deployment for the task sequence
-This sections provides steps to help you create a deployment for the task sequence.
+This section provides steps to help you create a deployment for the task sequence.
On **CM01**:
@@ -131,7 +126,7 @@ On **CM01**:
## Configure Configuration Manager to prompt for the computer name during deployment (optional)
-You can have Configuration Manager prompt you for a computer name or you can use rules to generate a computer name. For more details on how to do this, see [Configure MDT settings](../deploy-windows-mdt/configure-mdt-settings.md).
+You can have Configuration Manager prompt you for a computer name or you can use rules to generate a computer name. For more information on how to do this step, see [Configure MDT settings](../deploy-windows-mdt/configure-mdt-settings.md).
This section provides steps to help you configure the All Unknown Computers collection to have Configuration Manager prompt for computer names.
diff --git a/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md b/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
index 0f6b99c4e4..02c1c8a43b 100644
--- a/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
@@ -1,71 +1,69 @@
---
title: Prepare for Zero Touch Installation of Windows 10 with Configuration Manager
description: Learn how to prepare a Zero Touch Installation of Windows 10 with Configuration Manager, by integrating Configuration Manager with Microsoft Deployment Toolkit.
-ms.assetid: 06e3a221-31ef-47a5-b4da-3b927cb50d08
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-keywords: install, configure, deploy, deployment
ms.prod: w10
ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.sitesec: library
-audience: itpro
author: aczechowski
-ms.topic: article
-ms.custom: seo-marvel-apr2020
+ms.topic: how-to
---
# Prepare for Zero Touch Installation of Windows 10 with Configuration Manager
**Applies to**
-- Windows 10
+- Windows 10
-This topic will walk you through the Zero Touch Installation process of Windows 10 operating system deployment (OSD) using Microsoft Endpoint Manager (ConfigMgr) [integrated](#why-integrate-mdt-with-configuration-manager) with Microsoft Deployment Toolkit (MDT).
+This article walks you through the Zero Touch Installation (ZTI) process of Windows 10 OS deployment using Microsoft Endpoint Configuration Manager [integrated](#why-integrate-mdt-with-configuration-manager) with Microsoft Deployment Toolkit (MDT).
## Prerequisites
-In this topic, you will use [components](#components-of-configuration-manager-operating-system-deployment) of an existing Configuration Manager infrastructure to prepare for Windows 10 OSD. In addition to the base setup, the following configurations should be made in the Configuration Manager environment:
+In this article, you'll use [components](#components-of-configuration-manager-operating-system-deployment) of an existing Configuration Manager infrastructure to prepare for Windows 10 OSD. In addition to the base setup, the following configurations should be made in the Configuration Manager environment:
- Configuration Manager current branch + all security and critical updates are installed.
- - Note: Procedures in this guide use ConfigMgr 1910. For information about the version of Windows 10 supported by ConfigMgr, see [Support for Windows 10](/configmgr/core/plan-design/configs/support-for-windows-10).
-- The [Active Directory Schema has been extended](/configmgr/core/plan-design/network/extend-the-active-directory-schema) and System Management container created.
-- Active Directory Forest Discovery and Active Directory System Discovery are [enabled](/configmgr/core/servers/deploy/configure/configure-discovery-methods).
-- IP range [boundaries and a boundary group](/configmgr/core/servers/deploy/configure/define-site-boundaries-and-boundary-groups) for content and site assignment have been created.
-- The Configuration Manager [reporting services](/configmgr/core/servers/manage/configuring-reporting) point role has been added and configured.
+
+ > [!NOTE]
+ > Procedures in this guide use Configuration Manager version 1910. For more information about the versions of Windows 10 supported by Configuration Manager, see [Support for Windows 10](/mem/configmgr/core/plan-design/configs/support-for-windows-10).
+- The [Active Directory Schema has been extended](/mem/configmgr/core/plan-design/network/extend-the-active-directory-schema) and System Management container created.
+- Active Directory Forest Discovery and Active Directory System Discovery are [enabled](/mem/configmgr/core/servers/deploy/configure/configure-discovery-methods).
+- IP range [boundaries and a boundary group](/mem/configmgr/core/servers/deploy/configure/define-site-boundaries-and-boundary-groups) for content and site assignment have been created.
+- The Configuration Manager [reporting services](/mem/configmgr/core/servers/manage/configuring-reporting) point role has been added and configured.
- A file system folder structure and Configuration Manager console folder structure for packages has been created. Steps to verify or create this folder structure are [provided below](#review-the-sources-folder-structure).
- The [Windows ADK](/windows-hardware/get-started/adk-install) (including USMT) version 1903, Windows PE add-on, WSIM 1903 update, [MDT](https://www.microsoft.com/download/details.aspx?id=54259) version 8456, and DaRT 10 (part of [MDOP 2015](https://my.visualstudio.com/Downloads?q=Desktop%20Optimization%20Pack%202015)) are installed.
- The [CMTrace tool](/configmgr/core/support/cmtrace) (cmtrace.exe) is installed on the distribution point.
- - Note: CMTrace is automatically installed with the current branch of Configuration Manager at **Program Files\Microsoft Configuration Manager\tools\cmtrace.exe**. In previous releases of ConfigMgr it was necessary to install the [Configuration Manager Toolkit](https://www.microsoft.com/download/details.aspx?id=50012) separately to get the CMTrace tool, but this is no longer needed. Configuraton Manager version 1910 installs version 5.0.8913.1000 of the CMTrace tool.
-For the purposes of this guide, we will use three server computers: DC01, CM01 and HV01.
+ > [!NOTE]
+ > CMTrace is automatically installed with the current branch of Configuration Manager at **Program Files\Microsoft Configuration Manager\tools\cmtrace.exe**.
+
+For the purposes of this guide, we'll use three server computers: DC01, CM01 and HV01.
- DC01 is a domain controller and DNS server for the contoso.com domain. DHCP services are also available and optionally installed on DC01 or another server.
-- CM01 is a domain member server and Configuration Manager software distribution point. In this guide CM01 is a standalone primary site server.
-- HV01 is a Hyper-V host computer that is used to build a Windows 10 reference image. This computer does not need to be a domain member.
+- CM01 is a domain member server and Configuration Manager software distribution point. In this guide, CM01 is a standalone primary site server.
+- HV01 is a Hyper-V host computer that is used to build a Windows 10 reference image. This computer doesn't need to be a domain member.
All servers are running Windows Server 2019. However, an earlier, supported version of Windows Server can also be used.
-All server and client computers referenced in this guide are on the same subnet. This is not required, but each server and client computer must be able to connect to each other to share files, and to resolve all DNS names and Active Directory information for the contoso.com domain. Internet connectivity is also required to download OS and application updates.
+All server and client computers referenced in this guide are on the same subnet. This interrelation isn't required, but each server and client computer must be able to connect to each other to share files, and to resolve all DNS names and Active Directory information for the contoso.com domain. Internet connectivity is also required to download OS and application updates.
### Domain credentials
The following generic credentials are used in this guide. You should replace these credentials as they appear in each procedure with your credentials.
-**Active Directory domain name**: contoso.com
-**Domain administrator username**: administrator
-**Domain administrator password**: pass@word1
+- **Active Directory domain name**: `contoso.com`
+- **Domain administrator username**: `administrator`
+-**Domain administrator password**: `pass@word1`
## Create the OU structure
>[!NOTE]
->If you have already [created the OU structure](../deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md#create-the-ou-structure) that was used in the OSD guide for MDT, the same structure is used here and you can skip this section.
+>If you've already [created the OU structure](../deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md#create-the-ou-structure) that was used in the OSD guide for MDT, the same structure is used here and you can skip this section.
On **DC01**:
To create the OU structure, you can use the Active Directory Users and Computers console (dsa.msc), or you can use Windows PowerShell. The procedure below uses Windows PowerShell.
-To use Windows PowerShell, copy the following commands into a text file and save it as C:\Setup\Scripts\ou.ps1. Be sure that you are viewing file extensions and that you save the file with the .ps1 extension.
+To use Windows PowerShell, copy the following commands into a text file and save it as `C:\Setup\Scripts\ou.ps1` Ensure that you're viewing file extensions and that you save the file with the `.ps1` extension.
```powershell
$oulist = Import-csv -Path c:\oulist.txt
@@ -111,10 +109,10 @@ On **DC01**:
2. Select the Service Accounts OU and create the CM\_JD account using the following settings:
* Name: CM\_JD
- * User logon name: CM\_JD
- * Password: pass@word1
+ * User sign-in name: CM\_JD
+ * Password: `pass@word1`
* User must change password at next logon: Clear
- * User cannot change password: Selected
+ * User can't change password: Selected
* Password never expires: Selected
3. Repeat the step, but for the CM\_NAA account.
@@ -125,19 +123,19 @@ On **DC01**:
## Configure Active Directory permissions
-In order for the Configuration Manager Join Domain Account (CM\_JD) to join machines into the contoso.com domain you need to configure permissions in Active Directory. These steps assume you have downloaded the sample [Set-OUPermissions.ps1 script](https://go.microsoft.com/fwlink/p/?LinkId=619362) and copied it to C:\\Setup\\Scripts on DC01.
+In order for the Configuration Manager Join Domain Account (CM\_JD) to join machines into the contoso.com domain, you need to configure permissions in Active Directory. These steps assume you've downloaded the sample [Set-OUPermissions.ps1 script](https://go.microsoft.com/fwlink/p/?LinkId=619362) and copied it to C:\\Setup\\Scripts on DC01.
On **DC01**:
-1. Sign in as contoso\administrator and enter the following at an elevated Windows PowerShell prompt:
+1. Sign in as contoso\administrator and enter the following commands at an elevated Windows PowerShell prompt:
- ```
+ ```powershell
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force
Set-Location C:\Setup\Scripts
.\Set-OUPermissions.ps1 -Account CM_JD -TargetOU "OU=Workstations,OU=Computers,OU=Contoso"
```
-2. The Set-OUPermissions.ps1 script allows the CM\_JD user account permissions to manage computer accounts in the Contoso / Computers / Workstations OU. The following is a list of the permissions being granted:
+2. The Set-OUPermissions.ps1 script allows the CM\_JD user account permissions to manage computer accounts in the Contoso / Computers / Workstations OU. The following list is that of permissions being granted:
* Scope: This object and all descendant objects
* Create Computer objects
@@ -176,7 +174,7 @@ To support the packages you create in this article, the following folder structu
You can run the following commands from an elevated Windows PowerShell prompt to create this folder structure:
->We will also create the D:\Logs folder here which will be used later to support server-side logging.
+>We'll also create the D:\Logs folder here which will be used later to support server-side logging.
```powershell
New-Item -ItemType Directory -Path "D:\Sources"
@@ -198,13 +196,13 @@ New-SmbShare -Name Logs$ -Path D:\Logs -ChangeAccess EVERYONE
## Integrate Configuration Manager with MDT
-To extend the Configuration Manager console with MDT wizards and templates, install MDT with the default settings and run the **Configure ConfigManager Integration** desktop app. In these steps, we assume you have already [downloaded MDT](https://www.microsoft.com/download/details.aspx?id=54259) and installed it with default settings.
+To extend the Configuration Manager console with MDT wizards and templates, install MDT with the default settings and run the **Configure ConfigManager Integration** desktop app. In these steps, we assume you've already [downloaded MDT](https://www.microsoft.com/download/details.aspx?id=54259) and installed it with default settings.
On **CM01**:
1. Sign in as contoso\administrator.
2. Ensure the Configuration Manager Console is closed before continuing.
-5. Click Start, type **Configure ConfigManager Integration**, and run the application the following settings:
+5. Select Start, type **Configure ConfigManager Integration**, and run the application the following settings:
* Site Server Name: CM01.contoso.com
* Site code: PS1
@@ -219,9 +217,9 @@ Most organizations want to display their name during deployment. In this section
On **CM01**:
-1. Open the Configuration Manager Console, select the Administration workspace, then click **Client Settings**.
-2. In the right pane, right-click **Default Client Settings** and then click **Properties**.
-3. In the **Computer Agent** node, in the **Organization name displayed in Software Center** text box, type in **Contoso** and click **OK**.
+1. Open the Configuration Manager Console, select the Administration workspace, then select **Client Settings**.
+2. In the right pane, right-click **Default Client Settings** and then select **Properties**.
+3. In the **Computer Agent** node, in the **Organization name displayed in Software Center** text box, type in **Contoso** and select **OK**.
@@ -266,7 +264,7 @@ On **CM01**:
Configure the CM01 distribution point for PXE.
>[!NOTE]
- >If you select **Enable a PXE responder without Windows Deployment Service**, then WDS will not be installed, or if it is already installed it will be suspended, and the **ConfigMgr PXE Responder Service** (SccmPxe) will be used instead of WDS. The ConfigMgr PXE Responder does not support multicast. For more information, see [Install and configure distribution points](/configmgr/core/servers/deploy/configure/install-and-configure-distribution-points#bkmk_config-pxe).
+ >If you select **Enable a PXE responder without Windows Deployment Service**, then WDS won't be installed, or if it's already installed it will be suspended, and the **ConfigMgr PXE Responder Service** (SccmPxe) will be used instead of WDS. The ConfigMgr PXE Responder doesn't support multicast. For more information, see [Install and configure distribution points](/configmgr/core/servers/deploy/configure/install-and-configure-distribution-points#bkmk_config-pxe).
4. Using the CMTrace tool, review the C:\\Program Files\\Microsoft Configuration Manager\\Logs\\distmgr.log file. Look for ConfigurePXE and CcmInstallPXE lines.
@@ -274,35 +272,35 @@ On **CM01**:
The distmgr.log displays a successful configuration of PXE on the distribution point.
-5. Verify that you have seven files in each of the folders **D:\\RemoteInstall\\SMSBoot\\x86** and **D:\\RemoteInstall\\SMSBoot\\x64**.
+5. Verify that you've seven files in each of the folders **D:\\RemoteInstall\\SMSBoot\\x86** and **D:\\RemoteInstall\\SMSBoot\\x64**.
The contents of the D:\\RemoteInstall\\SMSBoot\\x64 folder after you enable PXE.
- **Note**: These files are used by WDS. They are not used by the ConfigMgr PXE Responder. This article does not use the ConfigMgr PXE Responder.
+ **Note**: These files are used by WDS. They aren't used by the ConfigMgr PXE Responder. This article doesn't use the ConfigMgr PXE Responder.
Next, see [Create a custom Windows PE boot image with Configuration Manager](create-a-custom-windows-pe-boot-image-with-configuration-manager.md).
## Components of Configuration Manager operating system deployment
-Operating system deployment with Configuration Manager is part of the normal software distribution infrastructure, but there are additional components. For example, operating system deployment in Configuration Manager may use the State Migration Point role, which is not used by normal application deployment in Configuration Manager. This section describes the Configuration Manager components involved with the deployment of an operating system, such as Windows 10.
+Operating system deployment with Configuration Manager is part of the normal software distribution infrastructure, but there are more components. For example, operating system deployment in Configuration Manager may use the State Migration Point role, which isn't used by normal application deployment in Configuration Manager. This section describes the Configuration Manager components involved with the deployment of an operating system, such as Windows 10.
- **State migration point (SMP).** The state migration point is used to store user state migration data during computer replace scenarios.
- **Distribution point (DP).** The distribution point is used to store all packages in Configuration Manager, including the operating system deployment-related packages.
- **Software update point (SUP).** The software update point, which is normally used to deploy updates to existing machines, also can be used to update an operating system as part of the deployment process. You also can use offline servicing to update the image directly on the Configuration Manager server.
- **Reporting services point.** The reporting services point can be used to monitor the operating system deployment process.
- **Boot images.** Boot images are the Windows Preinstallation Environment (Windows PE) images Configuration Manager uses to start the deployment.
-- **Operating system images.** The operating system image package contains only one file, the custom .wim image. This is typically the production deployment image.
+- **Operating system images.** The operating system image package contains only one file, the custom .wim image. This image is typically the production deployment image.
- **Operating system installers.** The operating system installers were originally added to create reference images using Configuration Manager. Instead, we recommend that you use MDT Lite Touch to create your reference images. For more information on how to create a reference image, see [Create a Windows 10 reference image](../deploy-windows-mdt/create-a-windows-10-reference-image.md).
- **Drivers.** Like MDT Lite Touch, Configuration Manager also provides a repository (catalog) of managed device drivers.
-- **Task sequences.** The task sequences in Configuration Manager look and feel pretty much like the sequences in MDT Lite Touch, and they are used for the same purpose. However, in Configuration Manager the task sequence is delivered to the clients as a policy via the Management Point (MP). MDT provides additional task sequence templates to Configuration Manager.
-
- **Note** The Windows Assessment and Deployment Kit (ADK) for Windows 10 is also required to support management and deployment of Windows 10.
+- **Task sequences.** The task sequences in Configuration Manager look and feel much like the sequences in MDT Lite Touch, and they're used for the same purpose. However, in Configuration Manager, the task sequence is delivered to the clients as a policy via the Management Point (MP). MDT provides more task sequence templates to Configuration Manager.
+ > [!NOTE]
+ > The Windows Assessment and Deployment Kit (ADK) for Windows 10 is also required to support management and deployment of Windows 10.
## Why integrate MDT with Configuration Manager
-As noted above, MDT adds many enhancements to Configuration Manager. While these enhancements are called Zero Touch, that name does not reflect how deployment is conducted. The following sections provide a few samples of the 280 enhancements that MDT adds to Configuration Manager.
+As noted above, MDT adds many enhancements to Configuration Manager. While these enhancements are called Zero Touch, that name doesn't reflect how deployment is conducted. The following sections provide a few samples of the 280 enhancements that MDT adds to Configuration Manager.
>[!NOTE]
>MDT installation requires the following:
@@ -312,10 +310,10 @@ As noted above, MDT adds many enhancements to Configuration Manager. While these
### MDT enables dynamic deployment
-When MDT is integrated with Configuration Manager, the task sequence takes additional instructions from the MDT rules. In its most simple form, these settings are stored in a text file, the CustomSettings.ini file, but you can store the settings in Microsoft SQL Server databases, or have Microsoft Visual Basic Scripting Edition (VBScripts) or web services provide the settings used.
+When MDT is integrated with Configuration Manager, the task sequence takes more instructions from the MDT rules. In its most simple form, these settings are stored in a text file, the CustomSettings.ini file, but you can store the settings in Microsoft SQL Server databases, or have Microsoft Visual Basic Scripting Edition (VBScripts) or web services provide the settings used.
The task sequence uses instructions that allow you to reduce the number of task sequences in Configuration Manager and instead store settings outside the task sequence. Here are a few examples:
-- The following settings instruct the task sequence to install the HP Hotkeys package, but only if the hardware is a HP EliteBook 8570w. Note that you don't have to add the package to the task sequence.
+- The following settings instruct the task sequence to install the HP Hotkeys package, but only if the hardware is an HP EliteBook 8570w. You don't have to add the package to the task sequence.
``` syntax
[Settings]
@@ -347,7 +345,7 @@ The Gather action in the task sequence is reading the rules.
### MDT adds an operating system deployment simulation environment
-When testing a deployment, it is important to be able to quickly test any changes you make to the deployment without needing to run through an entire deployment. MDT rules can be tested very quickly, saving significant testing time in a deployment project. For more information, see [Configure MDT settings](../deploy-windows-mdt/configure-mdt-settings.md).
+When testing a deployment, it's important to be able to quickly test any changes you make to the deployment without needing to run through an entire deployment. MDT rules can be tested quickly, saving significant testing time in a deployment project. For more information, see [Configure MDT settings](../deploy-windows-mdt/configure-mdt-settings.md).
@@ -355,7 +353,7 @@ The folder that contains the rules, a few scripts from MDT, and a custom script
### MDT adds real-time monitoring
-With MDT integration, you can follow your deployments in real time, and if you have access to Microsoft Diagnostics and Recovery Toolkit (DaRT), you can even remote into Windows Preinstallation Environment (Windows PE) during deployment. The real-time monitoring data can be viewed from within the MDT Deployment Workbench, via a web browser, Windows PowerShell, the Event Viewer, or Microsoft Excel 2013. In fact, any script or app that can read an Open Data (OData) feed can read the information.
+With MDT integration, you can follow your deployments in real time, and if you've access to Microsoft Diagnostics and Recovery Toolkit (DaRT), you can even remote into Windows Preinstallation Environment (Windows PE) during deployment. The real-time monitoring data can be viewed from within the MDT Deployment Workbench, via a web browser, Windows PowerShell, the Event Viewer, or Microsoft Excel 2013. In fact, any script or app that can read an Open Data (OData) feed can read the information.
@@ -367,26 +365,27 @@ For some deployment scenarios, you may need to prompt the user for information d
-The optional UDI wizard open in the UDI Wizard Designer.
+The optional UDI wizard opens in the UDI Wizard Designer.
MDT Zero Touch simply extends Configuration Manager with many useful built-in operating system deployment components. By providing well-established, supported solutions, MDT reduces the complexity of deployment in Configuration Manager.
### Why use MDT Lite Touch to create reference images
You can create reference images for Configuration Manager in Configuration Manager, but in general we recommend creating them in MDT Lite Touch for the following reasons:
+
- You can use the same image for every type of operating system deployment - Microsoft Virtual Desktop Infrastructure (VDI), Microsoft System Center Virtual Machine Manager (VMM), MDT, Configuration Manager, Windows Deployment Services (WDS), and more.
-- Configuration Manager performs deployment in the LocalSystem context. This means that you cannot configure the Administrator account with all of the settings that you would like to be included in the image. MDT runs in the context of the Local Administrator, which means you can configure the look and feel of the configuration and then use the CopyProfile functionality to copy these changes to the default user during deployment.
-- The Configuration Manager task sequence does not suppress user interface interaction.
-- MDT Lite Touch supports a Suspend action that allows for reboots, which is useful when you need to perform a manual installation or check the reference image before it is automatically captured.
-- MDT Lite Touch does not require any infrastructure and is easy to delegate.
+- Configuration Manager performs deployment in the LocalSystem context, which means that you can't configure the Administrator account with all of the settings that you would like to be included in the image. MDT runs in the context of the Local Administrator, which means you can configure the look and feel of the configuration and then use the CopyProfile functionality to copy these changes to the default user during deployment.
+- The Configuration Manager task sequence doesn't suppress user interface interaction.
+- MDT Lite Touch supports a Suspend action that allows for reboots, which is useful when you need to perform a manual installation or check the reference image before it's automatically captured.
+- MDT Lite Touch doesn't require any infrastructure and is easy to delegate.
-## Related topics
+## Related articles
-[Create a custom Windows PE boot image with Configuration Manager](create-a-custom-windows-pe-boot-image-with-configuration-manager.md)
-[Add a Windows 10 operating system image using Configuration Manager](add-a-windows-10-operating-system-image-using-configuration-manager.md)
-[Create an application to deploy with Windows 10 using Configuration Manager](create-an-application-to-deploy-with-windows-10-using-configuration-manager.md)
-[Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager](add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md)
-[Create a task sequence with Configuration Manager and MDT](./create-a-task-sequence-with-configuration-manager-and-mdt.md)
-[Deploy Windows 10 using PXE and Configuration Manager](deploy-windows-10-using-pxe-and-configuration-manager.md)
-[Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md)
+[Create a custom Windows PE boot image with Configuration Manager](create-a-custom-windows-pe-boot-image-with-configuration-manager.md)\
+[Add a Windows 10 operating system image using Configuration Manager](add-a-windows-10-operating-system-image-using-configuration-manager.md)\
+[Create an application to deploy with Windows 10 using Configuration Manager](create-an-application-to-deploy-with-windows-10-using-configuration-manager.md)\
+[Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager](add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md)\
+[Create a task sequence with Configuration Manager and MDT](./create-a-task-sequence-with-configuration-manager-and-mdt.md)\
+[Deploy Windows 10 using PXE and Configuration Manager](deploy-windows-10-using-pxe-and-configuration-manager.md)\
+[Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md)\
[Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](replace-a-windows-7-client-with-windows-10-using-configuration-manager.md)
diff --git a/windows/deployment/deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md b/windows/deployment/deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md
index 511ddc7920..41822baf59 100644
--- a/windows/deployment/deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md
@@ -1,16 +1,11 @@
---
title: Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager
description: Learn how to use Configuration Manager and Microsoft Deployment Toolkit (MDT) to refresh a Windows 7 SP1 client with Windows 10.
-ms.assetid: 57c81667-1019-4711-b3de-15ae9c5387c7
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-keywords: upgrade, install, installation, computer refresh
ms.prod: w10
-ms.mktglfcycl: deploy
ms.localizationpriority: medium
-ms.sitesec: library
-audience: itpro
author: aczechowski
ms.topic: article
ms.custom: seo-marvel-apr2020
@@ -22,7 +17,7 @@ ms.custom: seo-marvel-apr2020
- Windows 10
-This topic will show you how to refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager and Microsoft Deployment Toolkit (MDT). A computer refresh is not the same as an in-place upgrade. A computer refresh involves storing user data and settings from the old installation, wiping the hard drives, installing a new OS, and then restoring the user data at the end of the installation. Also see the MDT refesh procedure: [Refresh a Windows 7 computer with Windows 10](../deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10.md).
+This topic will show you how to refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager and Microsoft Deployment Toolkit (MDT). A computer refresh isn't the same as an in-place upgrade. A computer refresh involves storing user data and settings from the old installation, wiping the hard drives, installing a new OS, and then restoring the user data at the end of the installation. Also see the MDT refresh procedure: [Refresh a Windows 7 computer with Windows 10](../deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10.md).
A computer refresh with Configuration Manager works the same as it does with MDT Lite Touch installation. Configuration Manager also uses the User State Migration Tool (USMT) from the Windows Assessment and Deployment Kit (Windows ADK) 10 in the background. A computer refresh with Configuration Manager has the following steps:
@@ -36,8 +31,8 @@ A computer refresh with Configuration Manager works the same as it does with MDT
An existing Configuration Manager infrastructure that is integrated with MDT is used for the following procedures. For more information about the setup for this article, see [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md).
-For the purposes of this article, we will use one server computer (CM01) and one client computer (PC0003).
-- CM01 is a domain member server and Configuration Manager software distribution point. In this guide CM01 is a standalone primary site server.
+For the purposes of this article, we'll use one server computer (CM01) and one client computer (PC0003).
+- CM01 is a domain member server and Configuration Manager software distribution point. In this guide, CM01 is a standalone primary site server.
- PC0003 is a domain member client computer running Windows 7 SP1, or a later version of Windows, with the Configuration Manager client installed, that will be refreshed to Windows 10.
>[!NOTE]
@@ -45,7 +40,7 @@ For the purposes of this article, we will use one server computer (CM01) and one
All servers are running Windows Server 2019. However, an earlier, supported version of Windows Server can also be used.
-All server and client computers referenced in this guide are on the same subnet. This is not required, but each server and client computer must be able to connect to each other to share files, and to resolve all DNS names and Active Directory information for the contoso.com domain. Internet connectivity is also required to download OS and application updates.
+All server and client computers referenced in this guide are on the same subnet. This interrelation isn't required, but each server and client computer must be able to connect to each other to share files, and to resolve all DNS names and Active Directory information for the contoso.com domain. Internet connectivity is also required to download OS and application updates.
>[!IMPORTANT]
>This article assumes that you have [configured Active Directory permissions](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md#configure-active-directory-permissions) in the specified OU for the **CM_JD** account, and the client's Active Directory computer account is in the **Contoso > Computers > Workstations** OU. Use the Active Directory Users and Computers console to review the location of computer objects and move them if needed.
@@ -81,7 +76,7 @@ On **CM01**:
Use the default settings to complete the remaining wizard pages and click **Close**.
-2. Review the Install Windows 10 Enterprise x64 collection. Do not continue until you see the PC0003 machine in the collection.
+2. Review the Install Windows 10 Enterprise x64 collection. Don't continue until you see the PC0003 machine in the collection.
>[!NOTE]
>It may take a short while for the collection to refresh; you can view progress via the Colleval.log file. If you want to speed up the process, you can manually update membership on the Install Windows 10 Enterprise x64 collection by right-clicking the collection and selecting Update Membership.
@@ -99,7 +94,7 @@ Using the Configuration Manager console, in the Software Library workspace, expa
- Make available to the following: Configuration Manager clients, media and PXE
>[!NOTE]
- >It is not necessary to make the deployment available to media and Pre-Boot Execution Environment (PXE) for a computer refresh, but you will use the same deployment for bare-metal deployments later on and you will need it at that point.
+ >It's not necessary to make the deployment available to media and Pre-Boot Execution Environment (PXE) for a computer refresh, but you will use the same deployment for bare-metal deployments later on and you will need it at that point.
- Scheduling
- <default>
diff --git a/windows/deployment/deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md b/windows/deployment/deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md
index 0f06e2c3b6..4d0bcca63b 100644
--- a/windows/deployment/deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md
@@ -1,16 +1,12 @@
---
title: Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager
-description: In this topic, you will learn how to replacing a Windows 7 SP1 computer using Microsoft Endpoint Configuration Manager.
+description: In this topic, you'll learn how to replace a Windows 7 SP1 computer using Microsoft Endpoint Configuration Manager.
ms.assetid: 3c8a2d53-8f08-475f-923a-bca79ca8ac36
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-keywords: upgrade, install, installation, replace computer, setup
ms.prod: w10
-ms.mktglfcycl: deploy
ms.localizationpriority: medium
-ms.sitesec: library
-audience: itpro
author: aczechowski
ms.topic: article
ms.custom: seo-marvel-apr2020
@@ -22,16 +18,16 @@ ms.custom: seo-marvel-apr2020
- Windows 10
-In this topic, you will learn how to replace a Windows 7 SP1 computer using Microsoft Endpoint Configuration Manager. This process is similar to refreshing a computer, but since you are replacing the device, you have to run the backup job separately from the deployment of Windows 10.
+In this topic, you'll learn how to replace a Windows 7 SP1 computer using Microsoft Endpoint Configuration Manager. This process is similar to refreshing a computer, but since you're replacing the device, you have to run the backup job separately from the deployment of Windows 10.
-In this topic, you will create a backup-only task sequence that you run on PC0004 (the device you are replacing), deploy the PC0006 computer running Windows 10, and then restore this backup of PC0004 onto PC006. This is similar to the MDT replace process: [Replace a Windows 7 computer with a Windows 10 computer](../deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md).
+In this topic, you'll create a backup-only task sequence that you run on PC0004 (the device you're replacing), deploy the PC0006 computer running Windows 10, and then restore this backup of PC0004 onto PC006. This process is similar to the MDT replace process: [Replace a Windows 7 computer with a Windows 10 computer](../deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md).
## Infrastructure
An existing Configuration Manager infrastructure that is integrated with MDT is used for the following procedures. For more information about the setup for this article, see [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md).
-For the purposes of this article, we will use one server computer (CM01) and two client computers (PC0004, PC0006).
-- CM01 is a domain member server and Configuration Manager software distribution point. In this guide CM01 is a standalone primary site server.
+For the purposes of this article, we'll use one server computer (CM01) and two client computers (PC0004, PC0006).
+- CM01 is a domain member server and Configuration Manager software distribution point. In this guide, CM01 is a standalone primary site server.
- Important: CM01 must include the **[State migration point](/configmgr/osd/get-started/manage-user-state#BKMK_StateMigrationPoint)** role for the replace task sequence used in this article to work.
- PC0004 is a domain member client computer running Windows 7 SP1, or a later version of Windows, with the Configuration Manager client installed, that will be replaced.
- PC0006 is a domain member client computer running Windows 10, with the Configuration Manager client installed, that will replace PC0004.
@@ -41,7 +37,7 @@ For the purposes of this article, we will use one server computer (CM01) and two
All servers are running Windows Server 2019. However, an earlier, supported version of Windows Server can also be used.
-All server and client computers referenced in this guide are on the same subnet. This is not required, but each server and client computer must be able to connect to each other to share files, and to resolve all DNS names and Active Directory information for the contoso.com domain. Internet connectivity is also required to download OS and application updates.
+All server and client computers referenced in this guide are on the same subnet. This interrelation isn't required, but each server and client computer must be able to connect to each other to share files, and to resolve all DNS names and Active Directory information for the contoso.com domain. Internet connectivity is also required to download OS and application updates.
>[!IMPORTANT]
>This article assumes that you have [configured Active Directory permissions](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md#configure-active-directory-permissions) in the specified OU for the **CM_JD** account, and the client's Active Directory computer account is in the **Contoso > Computers > Workstations** OU. Use the Active Directory Users and Computers console to review the location of computer objects and move them if needed.
@@ -75,15 +71,15 @@ The backup-only task sequence (named Replace Task Sequence).
## Associate the new device with the old computer
-This section walks you through the process of associating a new, blank device (PC0006), with an existing computer (PC0004), for the purpose of replacing PC0004 with PC0006. PC0006 can be either a physical or virtual machine.
+This section walks you through the process of associating a new, blank device (PC0006), with an existing computer (PC0004), for replacing PC0004 with PC0006. PC0006 can be either a physical or virtual machine.
On **HV01** (if PC0006 is a VM) or in the PC0006 BIOS:
-1. Make a note of the MAC address for PC0006. (If PC0006 is a virtual machine, you can see the MAC Address in the virtual machine settings.) In our example, the PC0006 MAC Address is 00:15:5D:0A:6A:96. Do not attempt to PXE boot PC0006 yet.
+1. Make a note of the MAC address for PC0006. (If PC0006 is a virtual machine, you can see the MAC Address in the virtual machine settings.) In our example, the PC0006 MAC Address is 00:15:5D:0A:6A:96. Don't attempt to PXE boot PC0006 yet.
On **CM01**:
-2. Using the Configuration Manager console, in the Assets and Compliance workspace, right-click **Devices**, and then click **Import Computer Information**.
+2. When you're using the Configuration Manager console, in the Assets and Compliance workspace, right-click **Devices**, and then click **Import Computer Information**.
3. On the **Select Source** page, select **Import single computer** and click **Next**.
4. On the **Single Computer** page, use the following settings and then click **Next**:
@@ -100,14 +96,14 @@ On **CM01**:
7. On the **Choose additional collections** page, click **Add** and then select the **Install Windows 10 Enterprise x64** collection. Now, select the checkbox next to the Install Windows 10 Enterprise x64 collection you just added, and then click **Next**.
8. On the **Summary** page, click **Next**, and then click **Close**.
9. Select the **User State Migration** node and review the computer association in the right hand pane.
-10. Right-click the **PC0004/PC0006** association and click **View Recovery Information**. Note that a recovery key has been assigned already, but a user state store location has not.
-11. Review the **Install Windows 10 Enterprise x64** collection. Do not continue until you see the **PC0006** computer in the collection. You might have to update membership and refresh the collection again.
+10. Right-click the **PC0004/PC0006** association and click **View Recovery Information**. A recovery key has been assigned already, but a user state store location hasn't.
+11. Review the **Install Windows 10 Enterprise x64** collection. Don't continue until you see the **PC0006** computer in the collection. You might have to update membership and refresh the collection again.
## Create a device collection and add the PC0004 computer
On **CM01**:
-1. Using the Configuration Manager console, in the Asset and Compliance workspace, right-click **Device Collections**, and then select **Create Device Collection**. Use the following settings:
+1. When you're using the Configuration Manager console, in the Asset and Compliance workspace, right-click **Device Collections**, and then select **Create Device Collection**. Use the following settings:
* General
* Name: USMT Backup (Replace)
@@ -122,7 +118,7 @@ On **CM01**:
Use default settings for the remaining wizard pages, then click **Close**.
-2. Review the **USMT Backup (Replace)** collection. Do not continue until you see the **PC0004** computer in the collection.
+2. Review the **USMT Backup (Replace)** collection. Don't continue until you see the **PC0004** computer in the collection.
## Create a new deployment
@@ -150,7 +146,7 @@ This section assumes that you have a computer named PC0004 with the Configuratio
On **PC0004**:
-1. If it is not already started, start the PC0004 computer and open the Configuration Manager control panel (control smscfgrc).
+1. If it's not already started, start the PC0004 computer and open the Configuration Manager control panel (control smscfgrc).
2. On the **Actions** tab, select **Machine Policy Retrieval & Evaluation Cycle**, click **Run Now**, and then click **OK** in the popup dialog box that appears.
>[!NOTE]
@@ -166,8 +162,8 @@ Capturing the user state
On **CM01**:
-6. Open the state migration point storage folder (ex: D:\Migdata) and verify that a sub-folder was created containing the USMT backup.
-7. Using the Configuration Manager console, in the Assets and Compliance workspace, select the **User State Migration** node, right-click the **PC0004/PC0006** association, and select **View Recovery Information**. Note that the object now also has a user state store location.
+6. Open the state migration point storage folder (ex: D:\Migdata) and verify that a subfolder was created containing the USMT backup.
+7. Using the Configuration Manager console, in the Assets and Compliance workspace, select the **User State Migration** node, right-click the **PC0004/PC0006** association, and select **View Recovery Information**. The object now also has a user state store location.
>[!NOTE]
>It may take a few minutes for the user state store location to be populated.
@@ -181,7 +177,7 @@ On **PC0006**:
* Password: pass@word1
* Select a task sequence to execute on this computer: Windows 10 Enterprise x64 RTM
-2. The setup now starts and does the following:
+2. The setup now starts and does the following steps:
* Installs the Windows 10 operating system
* Installs the Configuration Manager client
@@ -189,7 +185,7 @@ On **PC0006**:
* Installs the applications
* Restores the PC0004 backup
-When the process is complete, you will have a new Windows 10 computer in your domain with user data and settings restored. See the following examples:
+When the process is complete, you'll have a new Windows 10 computer in your domain with user data and settings restored. See the following examples:
diff --git a/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md b/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md
index 7b65bb7a4d..5d6a936a26 100644
--- a/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md
@@ -1,15 +1,11 @@
---
title: Perform in-place upgrade to Windows 10 via Configuration Manager
description: Learn how to perform an in-place upgrade to Windows 10 by automating the process with a Microsoft Endpoint Manager task sequence.
-ms.assetid: F8DF6191-0DB0-4EF5-A9B1-6A11D5DE4878
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-keywords: upgrade, update, task sequence, deploy
ms.prod: w10
ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-audience: itpro
author: aczechowski
ms.topic: article
ms.custom: seo-marvel-apr2020
@@ -31,28 +27,28 @@ The simplest path to upgrade PCs currently running Windows 7, Windows 8, or Wi
An existing Configuration Manager infrastructure that is integrated with MDT is used for the following procedures. For more information about the setup for this article, see [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md).
-For the purposes of this article, we will use one server computer (CM01) and one client computers (PC0004).
-- CM01 is a domain member server and Configuration Manager software distribution point. In this guide CM01 is a standalone primary site server.
+For the purposes of this article, we'll use one server computer (CM01) and one client computer (PC0004).
+- CM01 is a domain member server and Configuration Manager software distribution point. In this guide, CM01 is a standalone primary site server.
- PC0004 is a domain member client computer running Windows 7 SP1, or a later version of Windows, with the Configuration Manager client installed, that will be upgraded to Windows 10.
All servers are running Windows Server 2019. However, an earlier, supported version of Windows Server can also be used.
-All server and client computers referenced in this guide are on the same subnet. This is not required, but each server and client computer must be able to connect to each other to share files, and to resolve all DNS names and Active Directory information for the contoso.com domain. Internet connectivity is also required to download OS and application updates.
+All server and client computers referenced in this guide are on the same subnet. This interrelation isn't required, but each server and client computer must be able to connect to each other to share files, and to resolve all DNS names and Active Directory information for the contoso.com domain. Internet connectivity is also required to download OS and application updates.
## Add an OS upgrade package
-Configuration Manager Current Branch includes a native in-place upgrade task. This task sequence differs from the MDT in-place upgrade task sequence in that it does not use a default OS image, but rather uses an [OS upgrade package](/configmgr/osd/get-started/manage-operating-system-upgrade-packages).
+Configuration Manager Current Branch includes a native in-place upgrade task. This task sequence differs from the MDT in-place upgrade task sequence in that it doesn't use a default OS image, but rather uses an [OS upgrade package](/configmgr/osd/get-started/manage-operating-system-upgrade-packages).
On **CM01**:
1. Using the Configuration Manager console, in the Software Library workspace, expand **Operating Systems**, right-click **Operating System Upgrade Packages**, and click **Add Operating System Upgrade Package**.
-2. On the **Data Source** page, under **Path**, click **Browse** and enter the UNC path to your media source. In this example, we have extracted the Windows 10 installation media to **\\\\cm01\\Sources$\\OSD\\UpgradePackages\\Windows 10**.
-3. If you have multiple image indexes in the installation media, select **Extract a specific image index from install.wim...** and choose the image index you want from the dropdown menu. In this example, we have chosen **Windows 10 Enterprise**.
+2. On the **Data Source** page, under **Path**, click **Browse** and enter the UNC path to your media source. In this example, we've extracted the Windows 10 installation media to **\\\\cm01\\Sources$\\OSD\\UpgradePackages\\Windows 10**.
+3. If you have multiple image indexes in the installation media, select **Extract a specific image index from install.wim...** and choose the image index you want from the dropdown menu. In this example, we've chosen **Windows 10 Enterprise**.
4. Next to **Architecture**, select **x64**, choose a language from the dropdown menu next to **Language**, and then click **Next**.
5. Next to **Name**, enter **Windows 10 x64 RTM** and then complete the wizard by clicking **Next** and **Close**.
6. Distribute the OS upgrade package to the CM01 distribution point by right-clicking the **Windows 10 x64 RTM** OS upgrade package and then clicking **Distribute Content**.
7. In the Distribute Content Wizard, add the CM01 distribution point, click **Next** and click **Close**.
-8. View the content status for the Windows 10 x64 RTM upgrade package. Do not continue until the distribution is completed (it might take a few minutes). You also can review the D:\\Program Files\\Microsoft Configuration Manager\\Logs\\distmgr.log file and look for the **STATMSG: ID=2301** line.
+8. View the content status for the Windows 10 x64 RTM upgrade package. Don't continue until the distribution is completed (it might take a few minutes). You also can review the D:\\Program Files\\Microsoft Configuration Manager\\Logs\\distmgr.log file and look for the **STATMSG: ID=2301** line.
## Create an in-place upgrade task sequence
@@ -81,7 +77,7 @@ After you create the upgrade task sequence, you can create a collection to test
On **CM01**:
-1. Using the Configuration Manager console, in the Asset and Compliance workspace, right-click **Device Collections**, and then select **Create Device Collection**. Use the following settings:
+1. When you're using the Configuration Manager console, in the Asset and Compliance workspace, right-click **Device Collections**, and then select **Create Device Collection**. Use the following settings:
- General
- Name: Windows 10 x64 in-place upgrade
- Limited Collection: All Systems
@@ -93,7 +89,7 @@ On **CM01**:
- Select Resources
- Select PC0004
-2. Review the Windows 10 x64 in-place upgrade collection. Do not continue until you see PC0004 in the collection.
+2. Review the Windows 10 x64 in-place upgrade collection. Don't continue until you see PC0004 in the collection.
## Deploy the Windows 10 upgrade
diff --git a/windows/deployment/deploy-windows-mdt/assign-applications-using-roles-in-mdt.md b/windows/deployment/deploy-windows-mdt/assign-applications-using-roles-in-mdt.md
index f7703a6713..15fb8922d8 100644
--- a/windows/deployment/deploy-windows-mdt/assign-applications-using-roles-in-mdt.md
+++ b/windows/deployment/deploy-windows-mdt/assign-applications-using-roles-in-mdt.md
@@ -1,17 +1,11 @@
---
title: Assign applications using roles in MDT (Windows 10)
description: This topic will show you how to add applications to a role in the MDT database and then assign that role to a computer.
-ms.assetid: d82902e4-de9c-4bc4-afe0-41d649b83ce7
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-keywords: settings, database, deploy
ms.prod: w10
-ms.mktglfcycl: deploy
ms.localizationpriority: medium
-ms.sitesec: library
-ms.pagetype: mdt
-audience: itpro
author: aczechowski
ms.topic: article
---
diff --git a/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md b/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md
index 267f99374a..ccf4df0e57 100644
--- a/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md
+++ b/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md
@@ -1,17 +1,12 @@
---
title: Build a distributed environment for Windows 10 deployment (Windows 10)
-description: In this topic, you will learn how to replicate your Windows 10 deployment shares to facilitate the deployment of Windows 10 in remote or branch locations.
+description: In this topic, you'll learn how to replicate your Windows 10 deployment shares to facilitate the deployment of Windows 10 in remote or branch locations.
ms.assetid: a6cd5657-6a16-4fff-bfb4-44760902d00c
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-keywords: replication, replicate, deploy, configure, remote
ms.prod: w10
-ms.mktglfcycl: deploy
ms.localizationpriority: medium
-ms.sitesec: library
-ms.pagetype: mdt
-audience: itpro
author: aczechowski
ms.topic: article
---
@@ -23,9 +18,9 @@ ms.topic: article
Perform the steps in this article to build a distributed environment for Windows 10 deployment. A distributed environment for deployment is useful when you have a segmented network, for example one that is segmented geographically into two branch locations. If you work in a distributed environment, replicating the deployment shares is an important part of a deployment solution because images of 5 GB or more in size can present bandwidth issues when deployed over the wire. Replicating this content enables clients to do local deployments.
-Four computers are used in this topic: DC01, MDT01, MDT02, and PC0006. DC01 is a domain controller, MDT01 and MDT02 are domain member computers running Windows Server 2019, and PC0006 is a blank device where we will deploy Windows 10. The second deployment server (MDT02) will be configured for a remote site (Stockholm) by replicating the deployment share on MDT01 at the original site (New York). All devices are members of the domain contoso.com for the fictitious Contoso Corporation.
+Four computers are used in this topic: DC01, MDT01, MDT02, and PC0006. DC01 is a domain controller, MDT01 and MDT02 are domain member computers running Windows Server 2019, and PC0006 is a blank device where we'll deploy Windows 10. The second deployment server (MDT02) will be configured for a remote site (Stockholm) by replicating the deployment share on MDT01 at the original site (New York). All devices are members of the domain contoso.com for the fictitious Contoso Corporation.
-For the purposes of this article, we assume that MDT02 is prepared with the same network and storage capabilities that were specified for MDT01, except that MDT02 is located on a different subnet than MDT01. For more details on the infrastructure setup for this topic, please see [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md).
+For the purposes of this article, we assume that MDT02 is prepared with the same network and storage capabilities that were specified for MDT01, except that MDT02 is located on a different subnet than MDT01. For more information on the infrastructure setup for this topic, see [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md).
@@ -35,7 +30,7 @@ Computers used in this topic.
## Replicate deployment shares
-Replicating the content between MDT01 (New York) and MDT02 (Stockholm) can be done in a number of different ways. The most common content replication solutions with Microsoft Deployment Toolkit (MDT) use either the Linked Deployment Shares (LDS) feature or Distributed File System Replication (DFS-R). Some organizations have used a simple robocopy script for replication of the content.
+Replicating the content between MDT01 (New York) and MDT02 (Stockholm) can be done in different ways. The most common content replication solutions with Microsoft Deployment Toolkit (MDT) use either the Linked Deployment Shares (LDS) feature or Distributed File System Replication (DFS-R). Some organizations have used a simple robocopy script for replication of the content.
> [!NOTE]
> Robocopy has options that allow for synchronization between folders. It has a simple reporting function; it supports transmission retry; and, by default, it will only copy/remove files from the source that are newer than files on the target.
@@ -46,7 +41,7 @@ LDS is a built-in feature in MDT for replicating content. However, LDS works bes
### Why DFS-R is a better option
-DFS-R is not only very fast and reliable, but it also offers central monitoring, bandwidth control, and a great delta replication engine. DFS-R will work equally well whether you have 2 sites or 90. When using DFS-R for MDT, we recommend running your deployment servers on Windows Server 2008 R2 or higher. From that version on, you can configure the replication targets as read-only, which is exactly what you want for MDT. This way, you can have your master deployment share centralized and replicate out changes as they happen. DFS-R will quickly pick up changes at the central deployment share in MDT01 and replicate the delta changes to MDT02.
+DFS-R isn't only fast and reliable, but it also offers central monitoring, bandwidth control, and a great delta replication engine. DFS-R will work equally well whether you have 2 sites or 90. When using DFS-R for MDT, we recommend running your deployment servers on Windows Server 2008 R2 or higher. From that version on, you can configure the replication targets as read-only, which is exactly what you want for MDT. This way, you can have your master deployment share centralized and replicate out changes as they happen. DFS-R will quickly pick up changes at the central deployment share in MDT01 and replicate the delta changes to MDT02.
## Set up Distributed File System Replication (DFS-R) for replication
@@ -119,7 +114,7 @@ When you have multiple deployment servers sharing the same content, you need to
On **MDT01**:
-1. Using Notepad, navigate to the **D:\\MDTProduction\\Control** folder and modify the Boostrap.ini file as follows. Under [DefaultGateway] enter the IP addresses for the client's default gateway in New York and Stockholm, respectively (replace 10.10.10.1 and 10.10.20.1 with your default gateways). The default gateway setting is what tells the client which deployment share (i.e. server) to use.
+1. Using Notepad, navigate to the **D:\\MDTProduction\\Control** folder and modify the Boostrap.ini file as follows. Under [DefaultGateway] enter the IP addresses for the client's default gateway in New York and Stockholm, respectively (replace 10.10.10.1 and 10.10.20.1 with your default gateways). The default gateway setting is what tells the client which deployment share (that is, server) to use.
```ini
[Settings]
@@ -158,7 +153,7 @@ On **MDT01**:
## Replicate the content
- Once the MDT01 and MDT02 servers are prepared, you are ready to configure the actual replication.
+ Once the MDT01 and MDT02 servers are prepared, you're ready to configure the actual replication.
### Create the replication group
@@ -253,7 +248,7 @@ Now you should have a solution ready for deploying the Windows 10 client to the
1. Select a task sequence to execute on this computer: Windows 10 Enterprise x64 RTM Custom Image
2. Computer Name: PC0006
3. Applications: Select the Install - Adobe Reader
-4. Setup will now start and perform the following:
+4. Setup will now start and perform the following steps:
1. Install the Windows 10 Enterprise operating system.
2. Install applications.
3. Update the operating system using your local Windows Server Update Services (WSUS) server.
diff --git a/windows/deployment/deploy-windows-mdt/configure-mdt-deployment-share-rules.md b/windows/deployment/deploy-windows-mdt/configure-mdt-deployment-share-rules.md
index ae5d2449b7..fe96dcd42b 100644
--- a/windows/deployment/deploy-windows-mdt/configure-mdt-deployment-share-rules.md
+++ b/windows/deployment/deploy-windows-mdt/configure-mdt-deployment-share-rules.md
@@ -1,24 +1,18 @@
---
title: Configure MDT deployment share rules (Windows 10)
description: Learn how to configure the MDT rules engine to reach out to other resources for additional information instead of storing settings directly in the rules engine.
-ms.assetid: b5ce2360-33cc-4b14-b291-16f75797391b
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-keywords: rules, configuration, automate, deploy
ms.prod: w10
-ms.mktglfcycl: deploy
ms.localizationpriority: medium
-ms.sitesec: library
-ms.pagetype: mdt
-audience: itpro
author: aczechowski
ms.topic: article
---
# Configure MDT deployment share rules
-In this topic, you will learn how to configure the MDT rules engine to reach out to other resources, including external scripts, databases, and web services, for additional information instead of storing settings directly in the rules engine. The rules engine in MDT is powerful: most of the settings used for operating system deployments are retrieved and assigned via the rules engine. In its simplest form, the rules engine is the CustomSettings.ini text file.
+In this topic, you'll learn how to configure the MDT rules engine to reach out to other resources, including external scripts, databases, and web services, for additional information instead of storing settings directly in the rules engine. The rules engine in MDT is powerful: most of the settings used for operating system deployments are retrieved and assigned via the rules engine. In its simplest form, the rules engine is the CustomSettings.ini text file.
## Assign settings
@@ -35,7 +29,7 @@ Before adding the more advanced components like scripts, databases, and web serv
### Set computer name by MAC Address
-If you have a small test environment, or simply want to assign settings to a very limited number of machines, you can edit the rules to assign settings directly for a given MAC Address. If you have many machines, it makes sense to use the database instead.
+If you have a small test environment, or simply want to assign settings to a limited number of machines, you can edit the rules to assign settings directly for a given MAC Address. If you have many machines, it makes sense to use the database instead.
```
[Settings]
@@ -96,7 +90,7 @@ In the preceding sample, you still configure the rules to set the computer name
### Add laptops to a different organizational unit (OU) in Active Directory
-In the rules, you find built-in properties that use a Windows Management Instrumentation (WMI) query to determine whether the machine you are deploying is a laptop, desktop, or server. In this sample, we assume you want to add laptops to different OUs in Active Directory. Note that ByLaptopType is not a reserved word; rather, it is the name of the section to read.
+In the rules, you find built-in properties that use a Windows Management Instrumentation (WMI) query to determine whether the machine you're deploying is a laptop, desktop, or server. In this sample, we assume you want to add laptops to different OUs in Active Directory. Note that ByLaptopType isn't a reserved word; rather, it's the name of the section to read.
```
[Settings]
diff --git a/windows/deployment/deploy-windows-mdt/configure-mdt-for-userexit-scripts.md b/windows/deployment/deploy-windows-mdt/configure-mdt-for-userexit-scripts.md
index 416567fdcd..821329ba18 100644
--- a/windows/deployment/deploy-windows-mdt/configure-mdt-for-userexit-scripts.md
+++ b/windows/deployment/deploy-windows-mdt/configure-mdt-for-userexit-scripts.md
@@ -1,17 +1,11 @@
---
title: Configure MDT for UserExit scripts (Windows 10)
description: In this topic, you will learn how to configure the MDT rules engine to use a UserExit script to generate computer names based on a prefix and the computer MAC Address.
-ms.assetid: 29a421d1-12d2-414e-86dc-25b62f5238a7
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-keywords: rules, script
ms.prod: w10
-ms.mktglfcycl: deploy
ms.localizationpriority: medium
-ms.sitesec: library
-ms.pagetype: mdt
-audience: itpro
author: aczechowski
ms.topic: article
---
diff --git a/windows/deployment/deploy-windows-mdt/configure-mdt-settings.md b/windows/deployment/deploy-windows-mdt/configure-mdt-settings.md
index bc3c0f86ea..8c0ba8179d 100644
--- a/windows/deployment/deploy-windows-mdt/configure-mdt-settings.md
+++ b/windows/deployment/deploy-windows-mdt/configure-mdt-settings.md
@@ -1,25 +1,20 @@
---
title: Configure MDT settings (Windows 10)
-description: One of the most powerful features in Microsoft Deployment Toolkit (MDT) is its extension capabilities; there is virtually no limitation to what you can do in terms of customization.
+description: One of the most powerful features in Microsoft Deployment Toolkit (MDT) is its extension capabilities; there's virtually no limitation to what you can do in terms of customization.
ms.assetid: d3e1280c-3d1b-4fad-8ac4-b65dc711f122
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-keywords: customize, customization, deploy, features, tools
ms.prod: w10
-ms.mktglfcycl: deploy
ms.localizationpriority: medium
-ms.sitesec: library
-ms.pagetype: mdt
-audience: itpro
author: aczechowski
ms.topic: article
---
# Configure MDT settings
-One of the most powerful features in Microsoft Deployment Toolkit (MDT) is its extension capabilities; there is virtually no limitation to what you can do in terms of customization. In this topic, you learn about configuring customizations for your environment.
-For the purposes of this topic, we will use four machines: DC01, MDT01, HV01, and PC0001. DC01 is a domain controller, MDT01 is a Windows Server 2012 R2 Standard server, and PC0001 is a Windows 10 Enterprise x64 client used for the MDT simulation environment. OR01 has Microsoft System Center 2012 R2 Orchestrator installed. MDT01, OR01, and PC0001 are members of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](./prepare-for-windows-deployment-with-mdt.md).
+One of the most powerful features in Microsoft Deployment Toolkit (MDT) is its extension capabilities; there's virtually no limitation to what you can do in terms of customization. In this topic, you learn about configuring customizations for your environment.
+For the purposes of this topic, we'll use four machines: DC01, MDT01, HV01, and PC0001. DC01 is a domain controller, MDT01 is a Windows Server 2012 R2 Standard server, and PC0001 is a Windows 10 Enterprise x64 client used for the MDT simulation environment. OR01 has Microsoft System Center 2012 R2 Orchestrator installed. MDT01, OR01, and PC0001 are members of the domain contoso.com for the fictitious Contoso Corporation. For more information on the setup for this topic, see [Deploy Windows 10 with the Microsoft Deployment Toolkit](./prepare-for-windows-deployment-with-mdt.md).
diff --git a/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md b/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md
index 6d697f6d10..1f482f177d 100644
--- a/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md
+++ b/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md
@@ -1,17 +1,11 @@
---
title: Create a Windows 10 reference image (Windows 10)
description: Creating a reference image is important because that image serves as the foundation for the devices in your organization.
-ms.assetid: 9da2fb57-f2ff-4fce-a858-4ae4c237b5aa
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-keywords: deploy, deployment, configure, customize, install, installation
ms.prod: w10
-ms.mktglfcycl: deploy
ms.localizationpriority: medium
-ms.sitesec: library
-ms.pagetype: mdt
-audience: itpro
author: aczechowski
ms.topic: article
---
@@ -21,12 +15,12 @@ ms.topic: article
**Applies to**
- Windows 10
-Creating a reference image is important because that image serves as the foundation for the devices in your organization. In this topic, you will learn how to create a Windows 10 reference image using the Microsoft Deployment Toolkit (MDT). You will create a deployment share, configure rules and settings, and import all the applications and operating system files required to build a Windows 10 reference image. After completing the steps outlined in this topic, you will have a Windows 10 reference image that can be used in your deployment solution.
+Creating a reference image is important because that image serves as the foundation for the devices in your organization. In this topic, you 'll learn how to create a Windows 10 reference image using the Microsoft Deployment Toolkit (MDT). You 'll create a deployment share, configure rules and settings, and import all the applications and operating system files required to build a Windows 10 reference image. After completing the steps outlined in this topic, you 'll have a Windows 10 reference image that can be used in your deployment solution.
>[!NOTE]
->See [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md) for more information about the server, client, and network infrastructure used in this guide.
+>For more information about the server, client, and network infrastructure used in this guide, see [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md).
-For the purposes of this topic, we will use three computers: DC01, MDT01, and HV01.
+For the purposes of this topic, we'll use three computers: DC01, MDT01, and HV01.
- DC01 is a domain controller for the contoso.com domain.
- MDT01 is a contoso.com domain member server.
- HV01 is a Hyper-V server that will be used to build the reference image.
@@ -37,22 +31,22 @@ For the purposes of this topic, we will use three computers: DC01, MDT01, and HV
## The reference image
-The reference image described in this guide is designed primarily for deployment to physical devices. However, the reference image is typically created on a virtual platform, before being automatically run through the System Preparation (Sysprep) tool process and captured to a Windows Imaging (WIM) file. The reasons for creating the reference image on a virtual platform are the following:
+The reference image described in this guide is designed primarily for deployment to physical devices. However, the reference image is typically created on a virtual platform, before being automatically run through the System Preparation (Sysprep) tool process and captured to a Windows Imaging (WIM) file. The reasons for creating the reference image on a virtual platform are:
- To reduce development time and can use snapshots to test different configurations quickly.
-- To rule out hardware issues. You simply get the best possible image, and if you have a problem, it's not likely to be hardware related.
-- To ensures that you won't have unwanted applications that could be installed as part of a driver install but not removed by the Sysprep process.
+- To rule out hardware issues. You get the best possible image, and if you've a problem, it's not likely to be hardware related.
+- To ensure that you won't have unwanted applications that could be installed as part of a driver install but not removed by the Sysprep process.
- The image is easy to move between lab, test, and production.
## Set up the MDT build lab deployment share
-With Windows 10, there is no hard requirement to create reference images. However, to reduce the time needed for deployment, you might want to create a reference image that contains a few base applications as well as all of the latest updates. This section will show you how to create and configure the MDT Build Lab deployment share to create a Windows 10 reference image. Because reference images will be deployed only to virtual machines during the creation process and have specific settings (rules), you should always create a separate deployment share specifically for this process.
+With Windows 10, there's no hard requirement to create reference images. However, to reduce the time needed for deployment, you might want to create a reference image that contains a few base applications and all of the latest updates. This section will show you how to create and configure the MDT Build Lab deployment share to create a Windows 10 reference image. Because reference images will be deployed only to virtual machines during the creation process and have specific settings (rules), you should always create a separate deployment share specifically for this process.
### Create the MDT build lab deployment share
On **MDT01**:
- Sign in as contoso\\administrator using a password of pass@word1 (credentials from the [prepare for deployment](prepare-for-windows-deployment-with-mdt.md) topic).
-- Start the MDT deployment workbench, and pin this to the taskbar for easy access.
+- Start the MDT deployment workbench, and pin this workbench to the taskbar for easy access.
- Using the Deployment Workbench, right-click **Deployment Shares** and select **New Deployment Share**.
- Use the following settings for the New Deployment Share Wizard:
- Deployment share path: **D:\\MDTBuildLab**
@@ -76,7 +70,7 @@ In order to read files in the deployment share and write the reference image bac
On **MDT01**:
-1. Ensure you are signed in as **contoso\\administrator**.
+1. Ensure you're signed in as **contoso\\administrator**.
2. Modify the NTFS permissions for the **D:\\MDTBuildLab** folder by running the following command in an elevated Windows PowerShell prompt:
``` powershell
@@ -90,7 +84,7 @@ This section will show you how to populate the MDT deployment share with the Win
### Add the Windows 10 installation files
-MDT supports adding both full source Windows 10 DVDs (ISOs) and custom images that you have created. In this case, you create a reference image, so you add the full source setup files from Microsoft.
+MDT supports adding both full source Windows 10 DVDs (ISOs) and custom images that you've created. In this case, you create a reference image, so you add the full source setup files from Microsoft.
>[!NOTE]
>Due to the Windows limits on path length, we are purposely keeping the operating system destination directory short, using the folder name W10EX64RTM rather than a more descriptive name like Windows 10 Enterprise x64 RTM.
@@ -135,9 +129,9 @@ The steps in this section use a strict naming standard for your MDT applications
Using a script naming standard is always recommended when using MDT as it helps maintain order and consistency.
-By storing configuration items as MDT applications, it is easy to move these objects between various solutions, or between test and production environments.
+By storing configuration items as MDT applications, it's easy to move these objects between various solutions, or between test and production environments.
-In example sections, you will add the following applications:
+In example sections, you 'll add the following applications:
- Install - Microsoft Office 365 Pro Plus - x64
- Install - Microsoft Visual C++ Redistributable 2019 - x86
@@ -152,7 +146,7 @@ Download links:
Download all three items in this list to the D:\\Downloads folder on MDT01.
-**Note**: For the purposes of this lab, we will leave the MSVC files in the D:\\Downloads folder and the Office365 files will be extracted to a child folder. If you prefer, you can place each application in its own separate child folder and then modify the $ApplicationSourcePath below as needed (instead of just D:\\Downloads).
+**Note**: For the purposes of this lab, we'll leave the MSVC files in the D:\\Downloads folder and the Office365 files will be extracted to a child folder. If you prefer, you can place each application in its own separate child folder and then modify the $ApplicationSourcePath below as needed (instead of just D:\\Downloads).
>[!NOTE]
>All the Microsoft Visual C++ downloads can be found on [The latest supported Visual C++ downloads](https://go.microsoft.com/fwlink/p/?LinkId=619523). Visual C++ 2015, 2017 and 2019 all share the same redistributable files.
@@ -163,7 +157,9 @@ Download all three items in this list to the D:\\Downloads folder on MDT01.
2. Using a text editor (such as Notepad), create an XML file in the D:\\Downloads\\Office365 directory with the installation settings for Microsoft 365 Apps for enterprise that are appropriate for your organization. The file uses an XML format, so the file you create must have an extension of .xml but the file can have any filename.
For example, you can use the following configuration.xml file, which provides these configuration settings:
- - Install the 64-bit version of Microsoft 365 Apps for enterprise in English directly from the Office Content Delivery Network (CDN) on the internet. Note: 64-bit is now the default and recommended edition.
+ - Install the 64-bit version of Microsoft 365 Apps for enterprise in English directly from the Office Content Delivery Network (CDN) on the internet.
+ > [!NOTE]
+ > 64-bit is now the default and recommended edition.
- Use the General Availability Channel and get updates directly from the Office CDN on the internet.
- Perform a silent installation. You won’t see anything that shows the progress of the installation and you won’t see any error messages.
@@ -179,27 +175,27 @@ Download all three items in this list to the D:\\Downloads folder on MDT01.
```
- By using these settings, any time you build the reference image you’ll be installing the most up-to-date General Availability Channel version of Microsoft 365 Apps for enterprise.
+ When you use these settings, any time you build the reference image you’ll be installing the most up-to-date General Availability Channel version of Microsoft 365 Apps for enterprise.
>[!TIP]
>You can also use the web-based interface of the [Office Customization Tool](https://config.office.com/) to help you create your configuration.xml file.
- Also see [Configuration options for the Office Deployment Tool](/deployoffice/configuration-options-for-the-office-2016-deployment-tool) and [Overview of the Office Deployment Tool](/DeployOffice/overview-of-the-office-2016-deployment-tool) for more information.
+ For more information, see [Configuration options for the Office Deployment Tool](/deployoffice/configuration-options-for-the-office-2016-deployment-tool) and [Overview of the Office Deployment Tool](/DeployOffice/overview-of-the-office-2016-deployment-tool).
3. Ensure the configuration.xml file is in the D:\\Downloads\\Office365 folder. See the following example of the extracted files plus the configuration.xml file in the Downloads\\Office365 folder:
- Assuming you have named the file "configuration.xml" as shown above, we will use the command "**setup.exe /configure configuration.xml**" when we create the application in MDT. This will perform the installation of Microsoft 365 Apps for enterprise using the configuration settings in the configuration.xml file. Do not perform this step yet.
+ Assuming you've named the file "configuration.xml" as shown above, we'll use the command "**setup.exe /configure configuration.xml**" when we create the application in MDT. This command execution will perform the installation of Microsoft 365 Apps for enterprise using the configuration settings in the configuration.xml file. Don't perform this step yet.
>[!IMPORTANT]
- >After Microsoft 365 Apps for enterprise is installed on the reference image, do NOT open any Office programs. if you open an Office program, you are prompted to sign-in, which activates the installation of Microsoft 365 Apps for enterprise. Even if you don't sign in and you close the Sign in to set up Office dialog box, a temporary product key is installed. You don't want any kind of product key for Microsoft 365 Apps for enterprise installed as part of your reference image.
+ >After Microsoft 365 Apps for enterprise is installed on the reference image, do NOT open any Office programs. if you open an Office program, you're prompted to sign-in, which activates the installation of Microsoft 365 Apps for enterprise. Even if you don't sign in and you close the Sign in to set up Office dialog box, a temporary product key is installed. You don't want any kind of product key for Microsoft 365 Apps for enterprise installed as part of your reference image.
Additional information
-- Microsoft 365 Apps for enterprise is usually updated on a monthly basis with security updates and other quality updates (bug fixes), and possibly new features (depending on which update channel you’re using). That means that once you’ve deployed your reference image, Microsoft 365 Apps for enterprise will most likely need to download and install the latest updates that have been released since you created your reference image.
+- Microsoft 365 Apps for enterprise is updated on a monthly basis with security updates and other quality updates (bug fixes), and possibly new features (depending on which update channel you’re using). That means that once you’ve deployed your reference image, Microsoft 365 Apps for enterprise will most likely need to download and install the latest updates that have been released since you created your reference image.
-- **Note**: By using installing Office Deployment Tool as part of the reference image, Microsoft 365 Apps for enterprise is installed immediately after the reference image is deployed to the user’s device, rather than including Office apps part of the reference image. This way the user will have the most up-to-date version of Microsoft 365 Apps for enterprise right away and won’t have to download any new updates (which is most likely what would happen if Microsoft 365 Apps for enterprise was installed as part of the reference image.)
- - When you are creating your reference image, instead of installing Microsoft 365 Apps for enterprise directly from the Office CDN on the internet, you can install Microsoft 365 Apps for enterprise from a location on your local network, such as a file share. To do that, you would use the Office Deployment Tool in /download mode to download the installation files to that file share. Then you could use the Office Deployment Tool in /configure mode to install Microsoft 365 Apps for enterprise from that location on to your reference image. As part of that, you’ll need to point to that location in your configuration.xml file so that the Office Deployment Tool knows where to get the Microsoft 365 Apps for enterprise files. If you decide to do this, the next time you create a new reference image, you’ll want to be sure to use the Office Deployment Tool to download the most up-to-date installation files for Microsoft 365 Apps for enterprise to that location on your internal network. That way your new reference image will have a more up-to-date installation of Microsoft 365 Apps for enterprise.
+- **Note**: With the installing Office Deployment Tool being used as part of the reference image, Microsoft 365 Apps for enterprise is installed immediately after the reference image is deployed to the user’s device, rather than including Office apps part of the reference image. This way the user will have the most up-to-date version of Microsoft 365 Apps for enterprise right away and won’t have to download any new updates (which is most likely what would happen if Microsoft 365 Apps for enterprise was installed as part of the reference image.)
+ - When you're creating your reference image, instead of installing Microsoft 365 Apps for enterprise directly from the Office CDN on the internet, you can install Microsoft 365 Apps for enterprise from a location on your local network, such as a file share. To do that, you would use the Office Deployment Tool in /download mode to download the installation files to that file share. Then you could use the Office Deployment Tool in /configure mode to install Microsoft 365 Apps for enterprise from that location on to your reference image. As part of that process, you’ll need to point to that location in your configuration.xml file so that the Office Deployment Tool knows where to get the Microsoft 365 Apps for enterprise files. If you decide to do this step, the next time you create a new reference image, you’ll want to be sure to use the Office Deployment Tool to download the most up-to-date installation files for Microsoft 365 Apps for enterprise to that location on your internal network. That way your new reference image will have a more up-to-date installation of Microsoft 365 Apps for enterprise.
### Connect to the deployment share using Windows PowerShell
@@ -207,7 +203,7 @@ If you need to add many applications, you can take advantage of the PowerShell s
On **MDT01**:
-1. Ensure you are signed in as **contoso\\Administrator**.
+1. Ensure you're signed in as **contoso\\Administrator**.
2. Import the snap-in and create the PSDrive by running the following commands in an elevated PowerShell prompt:
``` powershell
@@ -219,11 +215,11 @@ On **MDT01**:
### Create the install: Microsoft Office 365 Pro Plus - x64
-In these steps we assume that you have downloaded the Office Deployment Tool. You might need to modify the path to the source folder to reflect your current environment. In this example, the source path is set to D:\\Downloads\\Office365.
+In these steps, we assume that you've downloaded the Office Deployment Tool. You might need to modify the path to the source folder to reflect your current environment. In this example, the source path is set to D:\\Downloads\\Office365.
On **MDT01**:
-1. Ensure you are signed on as **contoso\\Administrator**.
+1. Ensure you're signed on as **contoso\\Administrator**.
2. Create the application by running the following commands in an elevated PowerShell prompt:
``` powershell
@@ -233,7 +229,7 @@ On **MDT01**:
Import-MDTApplication -Path "DS001:\Applications\Microsoft" -Enable "True" -Name $ApplicationName -ShortName $ApplicationName -CommandLine $CommandLine -WorkingDirectory ".\Applications\$ApplicationName" -ApplicationSourcePath $ApplicationSourcePath -DestinationFolder $ApplicationName -Verbose
```
- Upon successful installation the following text is displayed:
+ Upon successful installation, the following text is displayed:
```
VERBOSE: Performing the operation "import" on target "Application".
VERBOSE: Beginning application import
@@ -252,11 +248,11 @@ On **MDT01**:
>[!NOTE]
>We have abbreviated "Microsoft Visual C++ Redistributable" in the $ApplicationName below as "MSVC" to avoid the path name exceeding the maxiumum allowed length of 248 characters.
-In these steps we assume that you have downloaded Microsoft Visual C++ Redistributable 2019 - x86. You might need to modify the path to the source folder to reflect your current environment. In this example, the source path is set to D:\\Downloads.
+In these steps, we assume that you've downloaded Microsoft Visual C++ Redistributable 2019 - x86. You might need to modify the path to the source folder to reflect your current environment. In this example, the source path is set to D:\\Downloads.
On **MDT01**:
-1. Ensure you are signed on as **contoso\\Administrator**.
+1. Ensure you're signed on as **contoso\\Administrator**.
2. Create the application by running the following commands in an elevated PowerShell prompt:
``` powershell
@@ -266,7 +262,7 @@ On **MDT01**:
Import-MDTApplication -Path "DS001:\Applications\Microsoft" -Enable "True" -Name $ApplicationName -ShortName $ApplicationName -CommandLine $CommandLine -WorkingDirectory ".\Applications\$ApplicationName" -ApplicationSourcePath $ApplicationSourcePath -DestinationFolder $ApplicationName -Verbose
```
- Upon successful installation the following text is displayed:
+ Upon successful installation, the following text is displayed:
```
VERBOSE: Performing the operation "import" on target "Application".
VERBOSE: Beginning application import
@@ -281,11 +277,11 @@ On **MDT01**:
### Create the install: Microsoft Visual C++ Redistributable 2019 - x64
-In these steps we assume that you have downloaded Microsoft Visual C++ Redistributable 2019 - x64. You might need to modify the path to the source folder to reflect your current environment. In this example, the source path is set to D:\\Downloads.
+In these steps, we assume that you've downloaded Microsoft Visual C++ Redistributable 2019 - x64. You might need to modify the path to the source folder to reflect your current environment. In this example, the source path is set to D:\\Downloads.
On **MDT01**:
-1. Ensure you are signed on as **contoso\\Administrator**.
+1. Ensure you're signed on as **contoso\\Administrator**.
2. Create the application by running the following commands in an elevated PowerShell prompt:
``` powershell
@@ -297,8 +293,8 @@ On **MDT01**:
## Create the reference image task sequence
-In order to build and capture your Windows 10 reference image for deployment using MDT, you will create a task sequence. The task sequence will reference the operating system and applications that you previously imported into the MDT Build Lab deployment share to build a Windows 10 reference image.
-After creating the task sequence, you configure it to enable patching against the Windows Server Update Services (WSUS) server. The Task Sequence Windows Update action supports getting updates directly from Microsoft Update, but you get more stable patching if you use a local WSUS server. WSUS also allows for an easy process of approving the patches that you are deploying.
+In order to build and capture your Windows 10 reference image for deployment using MDT, you 'll create a task sequence. The task sequence will reference the operating system and applications that you previously imported into the MDT Build Lab deployment share to build a Windows 10 reference image.
+After creating the task sequence, you configure it to enable patching against the Windows Server Update Services (WSUS) server. The Task Sequence Windows Update action supports getting updates directly from Microsoft Update, but you get more stable patching if you use a local WSUS server. WSUS also allows for an easy process of approving the patches that you're deploying.
### Drivers and the reference image
@@ -310,18 +306,18 @@ To create a Windows 10 reference image task sequence, the process is as follows
On **MDT01**:
-1. Using the Deployment Workbench, under **Deployment Shares > MDT Build Lab** right-click **Task Sequences**, and create a **New Folder** named **Windows 10**.
+1. When you're using the Deployment Workbench, under **Deployment Shares > MDT Build Lab** right-click **Task Sequences**, and create a **New Folder** named **Windows 10**.
2. Right-click the new **Windows 10** folder and select **New Task Sequence**. Use the following settings for the New Task Sequence Wizard:
1. Task sequence ID: REFW10X64-001
2. Task sequence name: Windows 10 Enterprise x64 RTM Default Image
3. Task sequence comments: Reference Build
4. Template: Standard Client Task Sequence
5. Select OS: Windows 10 Enterprise x64 RTM Default Image
- 6. Specify Product Key: Do not specify a product key at this time
+ 6. Specify Product Key: Don't specify a product key at this time
7. Full Name: Contoso
8. Organization: Contoso
9. Internet Explorer home page: http://www.contoso.com
- 10. Admin Password: Do not specify an Administrator Password at this time
+ 10. Admin Password: Don't specify an Administrator Password at this time
### Edit the Windows 10 task sequence
@@ -344,7 +340,7 @@ On **MDT01**:
3. Select the roles and features that should be installed: .NET Framework 3.5 (includes .NET 2.0 and 3.0)
>[!IMPORTANT]
- >This is probably the most important step when creating a reference image. Many applications need the .NET Framework, and we strongly recommend having it available in the image. The one thing that makes this different from other components is that .NET Framework 3.5.1 is not included in the WIM file. It is installed from the **Sources\\SxS** folder on the media, and that makes it more difficult to add after the image has been deployed.
+ >This is probably the most important step when creating a reference image. Many applications need the .NET Framework, and we strongly recommend having it available in the image. The one thing that makes this different from other components is that .NET Framework 3.5.1 is not included in the WIM file. It's installed from the **Sources\\SxS** folder on the media, and that makes it more difficult to add after the image has been deployed.
@@ -361,7 +357,7 @@ On **MDT01**:
### Optional configuration: Add a suspend action
-The goal when creating a reference image is of course to automate everything. But sometimes you have a special configuration or application setup that is too time-consuming to automate. If you need to do some manual configuration, you can add a little-known feature called Lite Touch Installation (LTI) Suspend. If you add the LTISuspend.wsf script as a custom action in the task sequence, it will suspend the task sequence until you click the Resume Task Sequence shortcut icon on the desktop. In addition to using the LTI Suspend feature for manual configuration or installation, you can also use it simply for verifying a reference image before you allow the task sequence to continue and use Sysprep and capture the virtual machine.
+The goal when creating a reference image is to automate everything. But sometimes you've a special configuration or application setup that is too time-consuming to automate. If you need to do some manual configuration, you can add a little-known feature called Lite Touch Installation (LTI) Suspend. If you add the LTISuspend.wsf script as a custom action in the task sequence, it will suspend the task sequence until you click the Resume Task Sequence shortcut icon on the desktop. In addition to using the LTI Suspend feature for manual configuration or installation, you can also use it simply for verifying a reference image before you allow the task sequence to continue and use Sysprep and capture the virtual machine.
@@ -373,20 +369,20 @@ The goal when creating a reference image is of course to automate everything. Bu
### Edit the Unattend.xml file for Windows 10 Enterprise
-When using MDT, you don't need to edit the Unattend.xml file very often because most configurations are taken care of by MDT. However if, for example, you want to configure Internet Explorer behavior, then you can edit the Unattend.xml for this. Editing the Unattend.xml for basic Internet Explorer settings is easy, but for more advanced settings, you will want to use the Internet Explorer Administration Kit (IEAK).
+When using MDT, you don't need to edit the Unattend.xml file often because most configurations are taken care of by MDT. However if, for example, you want to configure Internet Explorer behavior, then you can edit the Unattend.xml. Editing the Unattend.xml for basic Internet Explorer settings is easy, but for more advanced settings, you 'll want to use the Internet Explorer Administration Kit (IEAK).
>[!WARNING]
->Do not use **SkipMachineOOBE** or **SkipUserOOBE** in your Unattend.xml file. These settings are deprecated and can have unintended effects if used.
+>Don't use **SkipMachineOOBE** or **SkipUserOOBE** in your Unattend.xml file. These settings are deprecated and can have unintended effects if used.
>[!NOTE]
->You also can use the Unattend.xml to enable components in Windows 10, like the Telnet Client or Hyper-V client. Normally we prefer to do this via the **Install Roles and Features** action, or using Deployment Image Servicing and Management (DISM) command-line tools, because then we can add that as an application, being dynamic, having conditions, and so forth. Also, if you are adding packages via Unattend.xml, it is version specific, so Unattend.xml must match the exact version of the operating system you are servicing.
+>You also can use the Unattend.xml to enable components in Windows 10, like the Telnet Client or Hyper-V client. Normally we prefer to do this via the **Install Roles and Features** action, or using Deployment Image Servicing and Management (DISM) command-line tools, because then we can add that as an application, being dynamic, having conditions, and so forth. Also, if you're adding packages via Unattend.xml, it's version specific, so Unattend.xml must match the exact version of the operating system you're servicing.
Follow these steps to configure Internet Explorer settings in Unattend.xml for the Windows 10 Enterprise x64 RTM Default Image task sequence:
On **MDT01**:
-1. Using the Deployment Workbench, under **Deployment Shares > MDT Build Lab > Task Sequences** right-click the **Windows 10 Enterprise x64 RTM Default Image** task sequence and select **Properties**.
-2. In the **OS Info** tab, click **Edit Unattend.xml**. MDT now generates a catalog file. This will take a few minutes, and then Windows System Image Manager (Windows SIM) will start.
+1. When you're using the Deployment Workbench, under **Deployment Shares > MDT Build Lab > Task Sequences** right-click the **Windows 10 Enterprise x64 RTM Default Image** task sequence and select **Properties**.
+2. In the **OS Info** tab, click **Edit Unattend.xml**. MDT now generates a catalog file. This file generation process will take a few minutes, and then Windows System Image Manager (Windows SIM) will start.
> [!IMPORTANT]
> The ADK version 1903 has a [known issue](/windows-hardware/get-started/what-s-new-in-kits-and-tools#whats-new-in-the-windows-adk-for-windows-10-version-1903) generating a catalog file for Windows 10, version 1903 or 1909 X64 install.wim. You might see the error "Could not load file or assembly" in in the console output. To avoid this issue, [install the ADK, version 2004 or a later version](/windows-hardware/get-started/adk-install). A workaround is also available for the ADK version 1903:
@@ -399,7 +395,8 @@ On **MDT01**:
4. In the **amd64\_Microsoft-Windows-IE-InternetExplorer\_neutral properties** window (right-hand window), set the following values:
- DisableDevTools: true
5. Save the Unattend.xml file, and close Windows SIM.
- - Note: If errors are reported that certain display values are incorrect, you can ignore this or browse to **7oobeSystem\\amd64_Microsoft-Windows-Shell-Setup__neutral\\Display** and enter the following: ColorDepth 32, HorizontalResolution 1, RefreshRate 60, VerticalResolution 1.
+ > [!NOTE]
+ > If errors are reported that certain display values are incorrect, you can ignore this message or browse to **7oobeSystem\\amd64_Microsoft-Windows-Shell-Setup__neutral\\Display** and enter the following: ColorDepth 32, HorizontalResolution 1, RefreshRate 60, VerticalResolution 1.
6. On the Windows 10 Enterprise x64 RTM Default Image Properties, click **OK**.
@@ -419,7 +416,7 @@ To configure the rules for the MDT Build Lab deployment share:
On **MDT01**:
1. Using the Deployment Workbench, right-click the **MDT Build Lab** deployment share and select **Properties**.
-2. Select the **Rules** tab and replace the existing content with the following information (edit the settings as needed to match your deployment). For example, If you do not have a WSUS server in your environment, delete the **WSUSServer** line from the configuration:
+2. Select the **Rules** tab and replace the existing content with the following information (edit the settings as needed to match your deployment). For example, If you don't have a WSUS server in your environment, delete the **WSUSServer** line from the configuration:
```
[Settings]
@@ -475,7 +472,7 @@ On **MDT01**:
```
>[!NOTE]
- >For security reasons, you normally don't add the password to the Bootstrap.ini file; however, because this deployment share is for creating reference image builds only, and should not be published to the production network, it is acceptable to do so in this situation. Obviously if you are not using the same password (pass@word3) that is provided in this lab, you must enter your own custom password on the Rules tab and in Bootstrap.ini.
+ >For security reasons, you normally don't add the password to the Bootstrap.ini file; however, because this deployment share is for creating reference image builds only, and should not be published to the production network, it's acceptable to do so in this situation. Obviously if you're not using the same password (pass@word3) that is provided in this lab, you must enter your own custom password on the Rules tab and in Bootstrap.ini.
4. On the **Windows PE** tab, in the **Platform** drop-down list, select **x86**.
5. In the **Lite Touch Boot Image Settings** area, configure the following settings:
@@ -492,7 +489,7 @@ On **MDT01**:
### Update the deployment share
-After the deployment share has been configured, it needs to be updated. This is the process when the Windows PE boot images are created.
+After the deployment share has been configured, it needs to be updated. This update-process is the one when the Windows PE boot images are created.
1. In the Deployment Workbench, right-click the **MDT Build Lab** deployment share and select **Update Deployment Share**.
2. Use the default options for the Update Deployment Share Wizard.
@@ -502,9 +499,9 @@ After the deployment share has been configured, it needs to be updated. This is
### The rules explained
-Now that the MDT Build Lab deployment share (the share used to create the reference images) has been configured, it is time to explain the various settings used in the Bootstrap.ini and CustomSettings.ini files.
+Now that the MDT Build Lab deployment share (the share used to create the reference images) has been configured, it's time to explain the various settings used in the Bootstrap.ini and CustomSettings.ini files.
-The Bootstrap.ini and CustomSettings.ini files work together. The Bootstrap.ini file is always present on the boot image and is read first. The basic purpose for Bootstrap.ini is to provide just enough information for MDT to find the CustomSettings.ini.
+The Bootstrap.ini and CustomSettings.ini files work together. The Bootstrap.ini file is always present on the boot image and is read first. The basic purpose for Bootstrap.ini is to provide enough information for MDT to find the CustomSettings.ini.
The CustomSettings.ini file is normally stored on the server, in the Deployment share\\Control folder, but also can be stored on the media (when using offline media).
@@ -527,14 +524,14 @@ SkipBDDWelcome=YES
```
So, what are these settings?
-- **Priority.** This determines the order in which different sections are read. This Bootstrap.ini has only one section, named \[Default\].
-- **DeployRoot.** This is the location of the deployment share. Normally, this value is set by MDT, but you need to update the DeployRoot value if you move to another server or other share. If you don't specify a value, the Windows Deployment Wizard prompts you for a location.
-- **UserDomain, UserID, and UserPassword.** These values are used for automatic log on to the deployment share. Again, if they are not specified, the wizard prompts you.
+- **Priority.** This setting determines the order in which different sections are read. This Bootstrap.ini has only one section, named \[Default\].
+- **DeployRoot.** This location is of the deployment share. Normally, this value is set by MDT, but you need to update the DeployRoot value if you move to another server or other share. If you don't specify a value, the Windows Deployment Wizard prompts you for a location.
+- **UserDomain, UserID, and UserPassword.** These values are used for automatic sign in to the deployment share. Again, if they aren't specified, the wizard prompts you.
>[!WARNING]
>Caution is advised. These values are stored in clear text on the boot image. Use them only for the MDT Build Lab deployment share and not for the MDT Production deployment share that you learn to create in the next topic.
-- **SkipBDDWelcome.** Even if it is nice to be welcomed every time we start a deployment, we prefer to skip the initial welcome page of the Windows Deployment Wizard.
+- **SkipBDDWelcome.** Even if it's nice to be welcomed every time we start a deployment, we prefer to skip the initial welcome page of the Windows Deployment Wizard.
>[!NOTE]
>All properties beginning with "Skip" control only whether to display that pane in the Windows Deployment Wizard. Most of the panes also require you to actually set one or more values.
@@ -575,20 +572,20 @@ SkipRoles=YES
SkipCapture=NO
SkipFinalSummary=YES
```
-- **Priority.** Has the same function as in Bootstrap.ini. Priority determines the order in which different sections are read. This CustomSettings.ini has only one section, named \[Default\]. In general, if you have multiple sections that set the same value, the value from the first section (higher priority) wins. The rare exceptions are listed in the ZTIGather.xml file.
+- **Priority.** Has the same function as in Bootstrap.ini. Priority determines the order in which different sections are read. This CustomSettings.ini has only one section, named \[Default\]. In general, if you've multiple sections that set the same value, the value from the first section (higher priority) wins. The rare exceptions are listed in the ZTIGather.xml file.
- **\_SMSTSORGNAME.** The organization name displayed in the task sequence progress bar window during deployment.
-- **UserDataLocation.** Controls the settings for user state backup. You do not need to use when building and capturing a reference image.
+- **UserDataLocation.** Controls the settings for user state backup. You don't need to use when building and capturing a reference image.
- **DoCapture.** Configures the task sequence to run the System Preparation (Sysprep) tool and capture the image to a file when the operating system is installed.
-- **OSInstall.** Must be set to Y or YES (the code actually just looks for the Y character) for the setup to proceed.
+- **OSInstall.** Must be set to Y or YES (the code just looks for the Y character) for the setup to proceed.
- **AdminPassword.** Sets the local Administrator account password.
- **TimeZoneName.** Establishes the time zone to use. Don't confuse this value with TimeZone, which is only for legacy operating systems (Windows 7 and Windows Server 2003).
**Note**: The easiest way to find the current time zone name on a Windows 10 machine is to run tzutil /g in a command prompt. You can also run tzutil /l to get a listing of all available time zone names.
- **JoinWorkgroup.** Configures Windows to join a workgroup.
-- **HideShell.** Hides the Windows Shell during deployment. This is especially useful for Windows 10 deployments in which the deployment wizard will otherwise appear behind the tiles.
+- **HideShell.** Hides the Windows Shell during deployment. This hide-operation is especially useful for Windows 10 deployments in which the deployment wizard will otherwise appear behind the tiles.
- **FinishAction.** Instructs MDT what to do when the task sequence is complete.
-- **DoNotCreateExtraPartition.** Configures the task sequence not to create the extra partition for BitLocker. There is no need to do this for your reference image.
+- **DoNotCreateExtraPartition.** Configures the task sequence not to create the extra partition for BitLocker. There's no need to do this configuration for your reference image.
- **WSUSServer.** Specifies which Windows Server Update Services (WSUS) server (and port, if needed) to use during the deployment. Without this option MDT will use Microsoft Update directly, which will increase deployment time and limit your options of controlling which updates are applied.
- **SLSHARE.** Instructs MDT to copy the log files to a server share if something goes wrong during deployment, or when a deployment is successfully completed.
- **ApplyGPOPack.** Allows you to deploy local group policies created by Microsoft Security Compliance Manager (SCM).
@@ -608,9 +605,9 @@ SkipFinalSummary=YES
## Build the Windows 10 reference image
-As previously described, this section requires a Hyper-V host. See [Hyper-V requirements](prepare-for-windows-deployment-with-mdt.md#hyper-v-requirements) for more information.
+As previously described, this section requires a Hyper-V host. For more information, see [Hyper-V requirements](prepare-for-windows-deployment-with-mdt.md#hyper-v-requirements).
-Once you have created your task sequence, you are ready to create the Windows 10 reference image. This will be performed by launching the task sequence from a virtual machine which will then automatically perform the reference image creation and capture process.
+Once you've created your task sequence, you're ready to create the Windows 10 reference image. This image creation will be performed by launching the task sequence from a virtual machine that will then automatically perform the reference image creation and capture process.
The steps below outline the process used to boot a virtual machine using an ISO boot image created by MDT, and then run the reference image task sequence image to create and capture the Windows 10 reference image.
@@ -634,7 +631,7 @@ On **HV01**:
4. Start the REFW10X64-001 virtual machine and connect to it.
- **Note**: Up to this point we have not discussed IP addressing or DHCP. In the initial setup for this guide, DC01 was provisioned as a DHCP server to provide IP address leases to client computers. You might have a different DHCP server on your network that you wish to use. The REFW10X64-001 virtual machine requires an IP address lease that provides it with connectivity to MDT01 so that it can connect to the \\MDT01\MDTBuildLab$ share. In the current scenario this is accomplished with a DHCP scope that provides IP addresses in the 10.10.10.100 - 10.10.10.200 range, as part of a /24 subnet so that the client can connect to MDT01 at 10.10.10.11.
+ **Note**: Up to this point we haven't discussed IP addressing or DHCP. In the initial setup for this guide, DC01 was provisioned as a DHCP server to provide IP address leases to client computers. You might have a different DHCP server on your network that you wish to use. The REFW10X64-001 virtual machine requires an IP address lease that provides it with connectivity to MDT01 so that it can connect to the \\MDT01\MDTBuildLab$ share. In the current scenario, this connectivity is accomplished with a DHCP scope that provides IP addresses in the 10.10.10.100 - 10.10.10.200 range, as part of a /24 subnet so that the client can connect to MDT01 at 10.10.10.11.
After booting into Windows PE, complete the Windows Deployment Wizard with the following settings:
1. Select a task sequence to execute on this computer: Windows 10 Enterprise x64 RTM Default Image
@@ -646,7 +643,7 @@ On **HV01**:
The Windows Deployment Wizard for the Windows 10 reference image.
-5. The setup now starts and does the following:
+5. The setup now starts and does the following steps:
1. Installs the Windows 10 Enterprise operating system.
2. Installs the added applications, roles, and features.
3. Updates the operating system via your local Windows Server Update Services (WSUS) server.
@@ -655,7 +652,7 @@ On **HV01**:
6. Captures the installation to a Windows Imaging (WIM) file.
7. Turns off the virtual machine.
-After some time, you will have a Windows 10 Enterprise x64 image that is fully patched and has run through Sysprep, located in the D:\\MDTBuildLab\\Captures folder on your deployment server. The file name is REFW10X64-001.wim.
+After some time, you 'll have a Windows 10 Enterprise x64 image that is fully patched and has run through Sysprep, located in the D:\\MDTBuildLab\\Captures folder on your deployment server. The file name is REFW10X64-001.wim.
@@ -668,9 +665,9 @@ If you [enabled monitoring](#enable-monitoring), you can check the progress of t
-If there are problems with your task sequence, you can troubleshoot in Windows PE by pressing F8 to open a command prompt. There are several [MDT log files](/configmgr/mdt/troubleshooting-reference#mdt-logs) created that can be helpful determining the origin of an error, such as BDD.log. From the command line in Windows PE you can copy these logs from the client to your MDT server for viewing with CMTrace. For example: copy BDD.log \\\\mdt01\\logs$.
+If there are problems with your task sequence, you can troubleshoot in Windows PE by pressing F8 to open a command prompt. There are several [MDT log files](/configmgr/mdt/troubleshooting-reference#mdt-logs) created that can be helpful determining the origin of an error, such as BDD.log. From the command line in Windows PE, you can copy these logs from the client to your MDT server for viewing with CMTrace. For example: copy BDD.log \\\\mdt01\\logs$.
-After some time, you will have a Windows 10 Enterprise x64 image that is fully patched and has run through Sysprep, located in the D:\\MDTBuildLab\\Captures folder on your deployment server. The file name is REFW10X64-001.wim.
+After some time, you 'll have a Windows 10 Enterprise x64 image that is fully patched and has run through Sysprep, located in the D:\\MDTBuildLab\\Captures folder on your deployment server. The file name is REFW10X64-001.wim.
## Related topics
diff --git a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md
index e1650926b3..90deeb5238 100644
--- a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md
+++ b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md
@@ -1,17 +1,11 @@
---
title: Deploy a Windows 10 image using MDT (Windows 10)
description: This topic will show you how to take your reference image for Windows 10, and deploy that image to your environment using the Microsoft Deployment Toolkit (MDT).
-ms.assetid: 1d70a3d8-1b1d-4051-b656-c0393a93f83c
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-keywords: deployment, automate, tools, configure
ms.prod: w10
-ms.mktglfcycl: deploy
ms.localizationpriority: medium
-ms.sitesec: library
-ms.pagetype: mdt
-audience: itpro
author: aczechowski
ms.topic: article
---
@@ -21,16 +15,16 @@ ms.topic: article
**Applies to**
- Windows 10
-This topic will show you how to take your reference image for Windows 10 (that was just [created](create-a-windows-10-reference-image.md)), and deploy that image to your environment using the Microsoft Deployment Toolkit (MDT).
+This topic will show you how to take your reference image for Windows 10 (that was [created](create-a-windows-10-reference-image.md)), and deploy that image to your environment using the Microsoft Deployment Toolkit (MDT).
-We will prepare for this by creating an MDT deployment share that is used solely for image deployment. Separating the processes of creating reference images from the processes used to deploy them in production allows greater control of on both processes. We will configure Active Directory permissions, configure the deployment share, create a new task sequence, and add applications, drivers, and rules.
+We'll prepare for this deployment by creating an MDT deployment share that is used solely for image deployment. Separating the processes of creating reference images from the processes used to deploy them in production allows greater control of on both processes. We'll configure Active Directory permissions, configure the deployment share, create a new task sequence, and add applications, drivers, and rules.
-For the purposes of this topic, we will use four computers: DC01, MDT01, HV01 and PC0005.
+For the purposes of this topic, we'll use four computers: DC01, MDT01, HV01 and PC0005.
- DC01 is a domain controller
- MDT01 is a domain member server
- HV01 is a Hyper-V server
-- PC0005 is a blank device to which we will deploy Windows 10
+- PC0005 is a blank device to which we'll deploy Windows 10
MDT01 and PC0005 are members of the domain contoso.com for the fictitious Contoso Corporation. HV01 used to test deployment of PC0005 in a virtual environment.
@@ -41,7 +35,7 @@ MDT01 and PC0005 are members of the domain contoso.com for the fictitious Contos
## Step 1: Configure Active Directory permissions
-These steps will show you how to configure an Active Directory account with the permissions required to deploy a Windows 10 machine to the domain using MDT. These steps assume you have The account is used for Windows Preinstallation Environment (Windows PE) to connect to MDT01. In order for MDT to join machines into the contoso.com domain you need to create an account and configure permissions in Active Directory.
+These steps will show you how to configure an Active Directory account with the permissions required to deploy a Windows 10 machine to the domain using MDT. These steps assume you've The account is used for Windows Preinstallation Environment (Windows PE) to connect to MDT01. In order for MDT to join machines into the contoso.com domain you need to create an account and configure permissions in Active Directory.
On **DC01**:
@@ -61,7 +55,7 @@ On **DC01**:
.\Set-OUPermissions.ps1 -Account MDT_JD -TargetOU "OU=Workstations,OU=Computers,OU=Contoso"
```
- The following is a list of the permissions being granted:
+ The following list is of the permissions being granted:
- Scope: This object and all descendant objects
- Create Computer objects
@@ -78,7 +72,7 @@ On **DC01**:
## Step 2: Set up the MDT production deployment share
-Next, create a new MDT deployment share. You should not use the same deployment share that you used to create the reference image for a production deployment. Perform this procedure on the MDT01 server.
+Next, create a new MDT deployment share. You shouldn't use the same deployment share that you used to create the reference image for a production deployment. Perform this procedure on the MDT01 server.
### Create the MDT production deployment share
@@ -86,7 +80,7 @@ On **MDT01**:
The steps for creating the deployment share for production are the same as when you created the deployment share for creating the custom reference image:
-1. Ensure you are signed on as: contoso\administrator.
+1. Ensure you're signed on as: contoso\administrator.
2. In the Deployment Workbench console, right-click **Deployment Shares** and select **New Deployment Share**.
3. On the **Path** page, in the **Deployment share path** text box, type **D:\\MDTProduction** and click **Next**.
@@ -103,7 +97,7 @@ To read files in the deployment share, you need to assign NTFS and SMB permissio
On **MDT01**:
-1. Ensure you are signed in as **contoso\\administrator**.
+1. Ensure you're signed in as **contoso\\administrator**.
2. Modify the NTFS permissions for the **D:\\MDTProduction** folder by running the following command in an elevated Windows PowerShell prompt:
``` powershell
@@ -113,11 +107,11 @@ On **MDT01**:
## Step 3: Add a custom image
-The next step is to add a reference image into the deployment share with the setup files required to successfully deploy Windows 10. When adding a custom image, you still need to copy setup files (an option in the wizard) because Windows 10 stores additional components in the Sources\\SxS folder which is outside the image and may be required when installing components.
+The next step is to add a reference image into the deployment share with the setup files required to successfully deploy Windows 10. When adding a custom image, you still need to copy setup files (an option in the wizard) because Windows 10 stores other components in the Sources\\SxS folder that is outside the image and may be required when installing components.
### Add the Windows 10 Enterprise x64 RTM custom image
-In these steps, we assume that you have completed the steps in the [Create a Windows 10 reference image](create-a-windows-10-reference-image.md) topic, so you have a Windows 10 reference image at **D:\\MDTBuildLab\\Captures\REFW10X64-001.wim** on MDT01.
+In these steps, we assume that you've completed the steps in the [Create a Windows 10 reference image](create-a-windows-10-reference-image.md) topic, so you've a Windows 10 reference image at **D:\\MDTBuildLab\\Captures\REFW10X64-001.wim** on MDT01.
1. Using the Deployment Workbench, expand the **Deployment Shares** node, and then expand **MDT Production**; select the **Operating Systems** node, and create a folder named **Windows 10**.
2. Right-click the **Windows 10** folder and select **Import Operating System**.
@@ -145,8 +139,8 @@ When you configure your MDT Build Lab deployment share, you can also add applica
On **MDT01**:
-1. Download the Enterprise distribution version of [Adobe Acrobat Reader DC](https://get.adobe.com/reader/enterprise/) (AcroRdrDC2200120117_en_US.exe) to **D:\\setup\\adobe** on MDT01.
-2. Extract the .exe file that you downloaded to an .msi (ex: .\AcroRdrDC2200120117_en_US.exe -sfx_o"d:\setup\adobe\install\" -sfx_ne).
+1. Download the Enterprise distribution version of [Adobe Acrobat Reader DC](https://get.adobe.com/reader/enterprise/) (AcroRdrDC2100520060_en_US.exe) to **D:\\setup\\adobe** on MDT01.
+2. Extract the .exe file that you downloaded to a .msi (ex: .\AcroRdrDC2100520060_en_US.exe -sfx_o"d:\setup\adobe\install\" -sfx_ne).
3. In the Deployment Workbench, expand the **MDT Production** node and navigate to the **Applications** node.
4. Right-click the **Applications** node, and create a new folder named **Adobe**.
@@ -181,12 +175,12 @@ For boot images, you need to have storage and network drivers; for the operating
### Create the driver source structure in the file system
-The key to successful management of drivers for MDT, as well as for any other deployment solution, is to have a really good driver repository. From this repository, you import drivers into MDT for deployment, but you should always maintain the repository for future use.
+The key to successful management of drivers for MDT, and for any other deployment solution, is to have a good driver repository. From this repository, you import drivers into MDT for deployment, but you should always maintain the repository for future use.
On **MDT01**:
> [!IMPORTANT]
-> In the steps below, it is critical that the folder names used for various computer makes and models exactly match the results of **wmic computersystem get model,manufacturer** on the target system.
+> In the steps below, it's critical that the folder names used for various computer makes and models exactly match the results of **wmic computersystem get model,manufacturer** on the target system.
1. Using File Explorer, create the **D:\\drivers** folder.
2. In the **D:\\drivers** folder, create the following folder structure:
@@ -204,11 +198,11 @@ On **MDT01**:
- Surface Laptop
> [!NOTE]
-> Even if you are not going to use both x86 and x64 boot images, we still recommend that you add the support structure for future use.
+> Even if you're not going to use both x86 and x64 boot images, we still recommend that you add the support structure for future use.
### Create the logical driver structure in MDT
-When you import drivers to the MDT driver repository, MDT creates a single instance folder structure based on driver class names. However, you can, and should, mimic the driver structure of your driver source repository in the Deployment Workbench. This is done by creating logical folders in the Deployment Workbench.
+When you import drivers to the MDT driver repository, MDT creates a single instance folder structure based on driver class names. However, you can, and should, mimic the driver structure of your driver source repository in the Deployment Workbench. This mimic is done by creating logical folders in the Deployment Workbench.
1. On MDT01, using Deployment Workbench, select the **Out-of-Box Drivers** node.
2. In the **Out-Of-Box Drivers** node, create the following folder structure:
1. WinPE x86
@@ -266,7 +260,7 @@ On **MDT01**:
### Extract and import drivers for the x64 boot image
-Windows PE supports all the hardware models that we have, but here you learn to add boot image drivers to accommodate any new hardware that might require additional drivers. In this example, you add the latest Intel network drivers to the x64 boot image.
+Windows PE supports all the hardware models that we have, but here you learn to add boot image drivers to accommodate any new hardware that might require more drivers. In this example, you add the latest Intel network drivers to the x64 boot image.
On **MDT01**:
@@ -288,7 +282,7 @@ For the ThinkStation P500 model, you use the Lenovo ThinkVantage Update Retrieve
To get the updates, download the drivers from the Lenovo ThinkVantage Update Retriever using its export function. You can also download the drivers by searching PC Support on the [Lenovo website](https://go.microsoft.com/fwlink/p/?LinkId=619543).
-In this example, we assume you have downloaded and extracted the drivers using ThinkVantage Update Retriever to the **D:\\Drivers\\Lenovo\\ThinkStation P500 (30A6003TUS)** directory.
+In this example, we assume you've downloaded and extracted the drivers using ThinkVantage Update Retriever to the **D:\\Drivers\\Lenovo\\ThinkStation P500 (30A6003TUS)** directory.
On **MDT01**:
@@ -298,13 +292,13 @@ On **MDT01**:
**D:\\Drivers\\Windows 10 x64\\Lenovo\\ThinkStation P500 (30A6003TUS)**
- The folder you select and all sub-folders will be checked for drivers, expanding any .cab files that are present and searching for drivers.
+ The folder you select and all subfolders will be checked for drivers, expanding any .cab files that are present and searching for drivers.
### For the Latitude E7450
For the Dell Latitude E7450 model, you use the Dell Driver CAB file, which is accessible via the [Dell TechCenter website](https://go.microsoft.com/fwlink/p/?LinkId=619544).
-In these steps, we assume you have downloaded and extracted the CAB file for the Latitude E7450 model to the **D:\\Drivers\\Dell Inc.\\Latitude E7450** folder.
+In these steps, we assume you've downloaded and extracted the CAB file for the Latitude E7450 model to the **D:\\Drivers\\Dell Inc.\\Latitude E7450** folder.
On **MDT01**:
@@ -318,7 +312,7 @@ On **MDT01**:
For the HP EliteBook 8560w, you use HP Image Assistant to get the drivers. The HP Image Assistant can be accessed on the [HP Support site](https://ftp.ext.hp.com/pub/caps-softpaq/cmit/HPIA.html).
-In these steps, we assume you have downloaded and extracted the drivers for the HP EliteBook 8650w model to the **D:\\Drivers\\Windows 10 x64\\Hewlett-Packard\\HP EliteBook 8560w** folder.
+In these steps, we assume you've downloaded and extracted the drivers for the HP EliteBook 8650w model to the **D:\\Drivers\\Windows 10 x64\\Hewlett-Packard\\HP EliteBook 8560w** folder.
On **MDT01**:
@@ -330,7 +324,7 @@ On **MDT01**:
### For the Microsoft Surface Laptop
-For the Microsoft Surface Laptop model, you find the drivers on the Microsoft website. In these steps we assume you have downloaded and extracted the Surface Laptop drivers to the **D:\\Drivers\\Windows 10 x64\\Microsoft\\Surface Laptop** folder.
+For the Microsoft Surface Laptop model, you find the drivers on the Microsoft website. In these steps, we assume you've downloaded and extracted the Surface Laptop drivers to the **D:\\Drivers\\Windows 10 x64\\Microsoft\\Surface Laptop** folder.
On **MDT01**:
@@ -342,7 +336,7 @@ On **MDT01**:
## Step 6: Create the deployment task sequence
-This section will show you how to create the task sequence used to deploy your production Windows 10 reference image. You will then configure the task sequence to enable patching via a Windows Server Update Services (WSUS) server.
+This section will show you how to create the task sequence used to deploy your production Windows 10 reference image. You'll then configure the task sequence to enable patching via a Windows Server Update Services (WSUS) server.
### Create a task sequence for Windows 10 Enterprise
@@ -356,11 +350,11 @@ On **MDT01**:
- Task sequence comments: Production Image
- Template: Standard Client Task Sequence
- Select OS: Windows 10 Enterprise x64 RTM Custom Image
- - Specify Product Key: Do not specify a product key at this time
+ - Specify Product Key: Don't specify a product key at this time
- Full Name: Contoso
- Organization: Contoso
- Internet Explorer home page: `https://www.contoso.com`
- - Admin Password: Do not specify an Administrator Password at this time
+ - Admin Password: Don't specify an Administrator Password at this time
### Edit the Windows 10 task sequence
@@ -378,7 +372,7 @@ On **MDT01**:
- Install all drivers from the selection profile
> [!NOTE]
- > The configuration above indicates that MDT should only use drivers from the folder specified by the DriverGroup001 property, which is defined by the "Choose a selection profile: Nothing" setting, and that MDT should not use plug and play to determine which drivers to copy, which is defined by the "Install all drivers from the selection profile" setting.
+ > The configuration above indicates that MDT should only use drivers from the folder specified by the DriverGroup001 property, which is defined by the "Choose a selection profile: Nothing" setting, and that MDT shouldn't use plug and play to determine which drivers to copy, which is defined by the "Install all drivers from the selection profile" setting.
3. State Restore. Enable the **Windows Update (Pre-Application Installation)** action.
@@ -392,7 +386,7 @@ On **MDT01**:
## Step 7: Configure the MDT production deployment share
-In this section, you will learn how to configure the MDT Build Lab deployment share with the rules required to create a simple and dynamic deployment process. This includes configuring commonly used rules and an explanation of how these rules work.
+In this section, you'll learn how to configure the MDT Build Lab deployment share with the rules required to create a dynamic deployment process. This configuration includes commonly used rules and an explanation of how these rules work.
### Configure the rules
@@ -466,7 +460,7 @@ On **MDT01**:
> [!NOTE]
>
- > Because you are going to use Pre-Boot Execution Environment (PXE) later to deploy the machines, you do not need the ISO file; however, we recommend creating ISO files because they are useful when troubleshooting deployments and for quick tests.
+ > Because you're going to use Pre-Boot Execution Environment (PXE) later to deploy the machines, you don't need the ISO file; however, we recommend creating ISO files because they're useful when troubleshooting deployments and for quick tests.
6. On the **Drivers and Patches** sub tab, select the **WinPE x86** selection profile and select the **Include all drivers from the selection profile** option.
@@ -494,13 +488,13 @@ On **MDT01**:
### The rules explained
-The rules for the MDT Production deployment share are somewhat different from those for the MDT Build Lab deployment share. The biggest differences are that you deploy the machines into a domain instead of a workgroup.
+The rules for the MDT Production deployment share are different from those rules for the MDT Build Lab deployment share. The biggest differences are that you deploy the machines into a domain instead of a workgroup.
-You can optionally remove the **UserID** and **UserPassword** entries from Bootstrap.ini so that users performing PXE boot are prompted to provide credentials with permission to connect to the deployment share. Setting **SkipBDDWelcome=NO** enables the welcome screen that displays options to run the deployment wizard, run DaRT tools (if installed), exit to a Windows PE command prompt, set the keyboard layout, or configure a static IP address. In this example we are skipping the welcome screen and providing credentials.
+You can optionally remove the **UserID** and **UserPassword** entries from Bootstrap.ini so that users performing PXE boot are prompted to provide credentials with permission to connect to the deployment share. Setting **SkipBDDWelcome=NO** enables the welcome screen that displays options to run the deployment wizard, run DaRT tools (if installed), exit to a Windows PE command prompt, set the keyboard layout, or configure a static IP address. In this example, we're skipping the welcome screen and providing credentials.
### The Bootstrap.ini file
-This is the MDT Production Bootstrap.ini:
+This file is the MDT Production Bootstrap.ini:
```
[Settings]
@@ -516,7 +510,7 @@ SkipBDDWelcome=YES
### The CustomSettings.ini file
-This is the CustomSettings.ini file with the new join domain information:
+This file is the CustomSettings.ini file with the new join domain information:
```
[Settings]
@@ -563,16 +557,22 @@ Some properties to use in the MDT Production rules file are as follows:
- **DomainAdminPassword.** The password for the join domain account.
- **MachineObjectOU.** The organizational unit (OU) to which to add the computer account.
- **ScanStateArgs.** Arguments for the User State Migration Tool (USMT) ScanState command.
-- **USMTMigFiles(\*).** List of USMT templates (controlling what to backup and restore).
+- **USMTMigFiles(\*).** List of USMT templates (controlling what to back up and restore).
- **EventService.** Activates logging information to the MDT monitoring web service.
+> [!NOTE]
+> For more information about localization support, see the following articles:
+>
+> - [MDT sample guide](/mem/configmgr/mdt/samples-guide#fully-automated-lti-deployment-for-a-refresh-computer-scenario)
+> - [LCID (Locale ID) codes](/openspecs/office_standards/ms-oe376/6c085406-a698-4e12-9d4d-c3b0ee3dbc4a)
+
### Optional deployment share configuration
-If your organization has a Microsoft Software Assurance agreement, you also can subscribe to the additional Microsoft Desktop Optimization Package (MDOP) license (at an additional cost). Included in MDOP is Microsoft Diagnostics and Recovery Toolkit (DaRT), which contains tools that can help you troubleshoot MDT deployments, as well as troubleshoot Windows itself.
+If your organization has a Microsoft Software Assurance agreement, you also can subscribe to another Microsoft Desktop Optimization Package (MDOP) license (at an extra cost). Included in MDOP is Microsoft Diagnostics and Recovery Toolkit (DaRT), which contains tools that can help you troubleshoot MDT deployments, and troubleshoot Windows itself.
### Add DaRT 10 to the boot images
-If you have licensing for MDOP and DaRT, you can add DaRT to the boot images using the steps in this section. If you do not have DaRT licensing, or don't want to use it, simply skip to the next section, [Update the Deployment Share](#update-the-deployment-share). To enable the remote connection feature in MDT, you need to do the following:
+If you've licensing for MDOP and DaRT, you can add DaRT to the boot images using the steps in this section. If you don't have DaRT licensing, or don't want to use it, skip to the next section, [Update the Deployment Share](#update-the-deployment-share). To enable the remote connection feature in MDT, you need to do the following steps:
> [!NOTE]
@@ -608,7 +608,7 @@ On **MDT01**:
### Update the deployment share
-Like the MDT Build Lab deployment share, the MDT Production deployment share needs to be updated after it has been configured. This is the process during which the Windows PE boot images are created.
+Like the MDT Build Lab deployment share, the MDT Production deployment share needs to be updated after it has been configured. This update-process is the one during which the Windows PE boot images are created.
1. Right-click the **MDT Production** deployment share and select **Update Deployment Share**.
@@ -639,7 +639,7 @@ On **MDT01**:
### Deploy the Windows 10 client
-At this point, you should have a solution ready for deploying the Windows 10 client. We recommend starting by trying a few deployments at a time until you are confident that your configuration works as expected. We find it useful to try some initial tests on virtual machines before testing on physical hardware. This helps rule out hardware issues when testing or troubleshooting. Here are the steps to deploy your Windows 10 image to a virtual machine:
+At this point, you should have a solution ready for deploying the Windows 10 client. We recommend starting by trying a few deployments at a time until you're confident that your configuration works as expected. We find it useful to try some initial tests on virtual machines before testing on physical hardware. These tests help rule out hardware issues when testing or troubleshooting. Here are the steps to deploy your Windows 10 image to a virtual machine:
On **HV01**:
@@ -665,7 +665,7 @@ On **HV01**:
- Computer Name: **PC0005**
- Applications: Select the **Install - Adobe Reader** checkbox.
-4. Setup now begins and does the following:
+4. Setup now begins and does the following steps:
- Installs the Windows 10 Enterprise operating system.
- Installs the added application.
@@ -681,7 +681,7 @@ Following OS installation, Microsoft Office 365 Pro Plus - x64 is installed auto
### Use the MDT monitoring feature
-Since you have enabled the monitoring on the MDT Production deployment share, you can follow your deployment of PC0005 via the monitoring node.
+Since you've enabled the monitoring on the MDT Production deployment share, you can follow your deployment of PC0005 via the monitoring node.
On **MDT01**:
@@ -705,12 +705,11 @@ The Event Viewer showing a successful deployment of PC0005.
## Multicast deployments
-Multicast deployment allows for image deployment with reduced network load during simultaneous deployments. Multicast is a useful operating system deployment feature in MDT deployments, however it is important to ensure that your network supports it and is designed for it. If you have a limited number of simultaneous deployments, you probably do not need to enable multicast.
+Multicast deployment allows for image deployment with reduced network load during simultaneous deployments. Multicast is a useful operating system deployment feature in MDT deployments, however it's important to ensure that your network supports it and is designed for it. If you've a limited number of simultaneous deployments, you probably don't need to enable multicast.
### Requirements
-Multicast requires that Windows Deployment Services (WDS) is running on Windows Server 2008 or later. In addition to the core MDT setup for multicast, the network needs to be configured to support multicast. In general, this means involving the organization networking team to make sure that
-Internet Group Management Protocol (IGMP) snooping is turned on and that the network is designed for multicast traffic. The multicast solution uses IGMPv3.
+Multicast requires that Windows Deployment Services (WDS) is running on Windows Server 2008 or later. In addition to the core MDT setup for multicast, the network needs to be configured to support multicast. In general, this configuration means involvement of the organization networking team to ensure that Internet Group Management Protocol (IGMP) snooping is turned on and that the network is designed for multicast traffic. The multicast solution uses IGMPv3.
### Set up MDT for multicast
@@ -729,9 +728,9 @@ On **MDT01**:
## Use offline media to deploy Windows 10
-In addition to network-based deployments, MDT supports the use of offline media-based deployments of Windows 10. You can very easily generate an offline version of your deployment share - either the full deployment share or a subset of it - through the use of selection profiles. The generated offline media can be burned to a DVD or copied to a USB stick for deployment.
+In addition to network-based deployments, MDT supports the use of offline media-based deployments of Windows 10. You can easily generate an offline version of your deployment share - either the full deployment share or a subset of it - by using selection profiles. The generated offline media can be burned to a DVD or copied to a USB stick for deployment.
-Offline media are useful not only when you do not have network connectivity to the deployment share, but also when you have limited connection to the deployment share and do not want to copy 5 GB of data over the wire. Offline media can still join the domain, but you save the transfer of operating system images, drivers, and applications over the wire.
+Offline media are useful not only when you don't have network connectivity to the deployment share, but also when you've limited connection to the deployment share and don't want to copy 5 GB of data over the wire. Offline media can still join the domain, but you save the transfer of operating system images, drivers, and applications over the wire.
### Create the offline media selection profile
@@ -762,7 +761,7 @@ In these steps, you generate offline media from the MDT Production deployment sh
1. On MDT01, using File Explorer, create the **D:\\MDTOfflineMedia** folder.
>[!NOTE]
- >When creating offline media, you need to create the target folder first. It is crucial that you do not create a subfolder inside the deployment share folder because it will break the offline media.
+ >When creating offline media, you need to create the target folder first. It's crucial that you don't create a subfolder inside the deployment share folder because it will break the offline media.
2. In the Deployment Workbench, under the **MDT Production / Advanced Configuration** node, right-click the **Media** node, and select **New Media**.
@@ -798,7 +797,7 @@ On **MDT01**:
### Generate the offline media
-You have now configured the offline media deployment share, however the share has not yet been populated with the files required for deployment. Now everything is ready you populate the deployment share content folder and generate the offline media ISO.
+You've now configured the offline media deployment share, however the share hasn't yet been populated with the files required for deployment. Now everything is ready you populate the deployment share content folder and generate the offline media ISO.
On **MDT01**:
@@ -808,7 +807,7 @@ On **MDT01**:
### Create a bootable USB stick
-The ISO that you got when updating the offline media item can be burned to a DVD and used directly (it will be bootable), but it is often more efficient to use USB sticks instead since they are faster and can hold more data. (A dual-layer DVD is limited to 8.5 GB.)
+The ISO that you got when updating the offline media item can be burned to a DVD and used directly (it will be bootable), but it's often more efficient to use USB sticks instead since they're faster and can hold more data. (A dual-layer DVD is limited to 8.5 GB.)
>[!TIP]
>In this example, the .wim file is 5.5 GB in size. However, bootable USB sticks are formatted with the FAT32 file system which limits file size to 4.0 GB. You can place the image on a different drive (ex: E:\Deploy\Operating Systems\W10EX64RTM\REFW10X64-001.swm) and then modify E:\Deploy\Control\OperatingSystems.xml to point to it. Alternatively to keep using the USB you must split the .wim file, which can be done using DISM:
Windows Setup automatically installs from this file, provided you name it install.swm. The file names for the next files include numbers, for example: install2.swm, install3.swm.
To enable split image in MDT, the Settings.xml file in your deployment share (ex: D:\MDTProduction\Control\Settings.xml) must have the **SkipWimSplit** value set to **False**. By default this value is set to True (`True`), so this must be changed and the offline media content updated.
@@ -821,7 +820,7 @@ Follow these steps to create a bootable USB stick from the offline media content
3. Start an elevated command prompt (run as Administrator), and start the Diskpart utility by typing **Diskpart** and pressing **Enter**.
-4. In the Diskpart utility, you can type **list volume** (or the shorter **list vol**) to list the volumes, but you really only need to remember the drive letter of the USB stick to which you copied the content. In our example, the USB stick had the drive letter F.
+4. In the Diskpart utility, you can type **list volume** (or the shorter **list vol**) to list the volumes, but you only need to remember the drive letter of the USB stick to which you copied the content. In our example, the USB stick had the drive letter F.
5. In the Diskpart utility, type **select volume F** (replace F with your USB stick drive letter).
@@ -829,7 +828,7 @@ Follow these steps to create a bootable USB stick from the offline media content
## Unified Extensible Firmware Interface (UEFI)-based deployments
-As referenced in [Windows 10 deployment scenarios and tools](../windows-deployment-scenarios-and-tools.md), Unified Extensible Firmware Interface (UEFI)-based deployments are becoming more common. In fact, when you create a generation 2 virtual machine in Hyper-V, you get a UEFI-based computer. During deployment, MDT automatically detects that you have an UEFI-based machine and creates the partitions UEFI requires. You do not need to update or change your task sequences in any way to accommodate UEFI.
+As referenced in [Windows 10 deployment scenarios and tools](../windows-deployment-scenarios-and-tools.md), Unified Extensible Firmware Interface (UEFI)-based deployments are becoming more common. In fact, when you create a generation 2 virtual machine in Hyper-V, you get a UEFI-based computer. During deployment, MDT automatically detects that you've an UEFI-based machine and creates the partitions UEFI requires. You don't need to update or change your task sequences in any way to accommodate UEFI.
diff --git a/windows/deployment/deploy-windows-mdt/get-started-with-the-microsoft-deployment-toolkit.md b/windows/deployment/deploy-windows-mdt/get-started-with-the-microsoft-deployment-toolkit.md
index 613c9a5f72..9667f4a047 100644
--- a/windows/deployment/deploy-windows-mdt/get-started-with-the-microsoft-deployment-toolkit.md
+++ b/windows/deployment/deploy-windows-mdt/get-started-with-the-microsoft-deployment-toolkit.md
@@ -1,17 +1,11 @@
---
title: Get started with the Microsoft Deployment Toolkit (MDT) (Windows 10)
description: This topic will help you gain a better understanding of how to use the Microsoft Deployment Toolkit (MDT), as part of a Windows operating system deployment.
-ms.assetid: a256442c-be47-4bb9-a105-c831f58ce3ee
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-keywords: deploy, image, feature, install, tools
ms.prod: w10
-ms.mktglfcycl: deploy
ms.localizationpriority: medium
-ms.sitesec: library
-ms.pagetype: mdt
-audience: itpro
author: aczechowski
ms.topic: article
---
@@ -27,23 +21,23 @@ This article provides an overview of the features, components, and capabilities
MDT is a unified collection of tools, processes, and guidance for automating desktop and server deployment. You can use it to create reference images or as a complete deployment solution. MDT is one of the most important tools available to IT professionals today.
-In addition to reducing deployment time and standardizing desktop and server images, MDT enables you to more easily manage security and ongoing configurations. MDT builds on top of the core deployment tools in the [Windows Assessment and Deployment Kit](/windows-hardware/get-started/adk-install) (Windows ADK) with additional guidance and features designed to reduce the complexity and time required for deployment in an enterprise environment.
+In addition to reducing deployment time and standardizing desktop and server images, MDT enables you to more easily manage security and ongoing configurations. MDT builds on top of the core deployment tools in the [Windows Assessment and Deployment Kit](/windows-hardware/get-started/adk-install) (Windows ADK) with more guidance and features designed to reduce the complexity and time required for deployment in an enterprise environment.
-MDT supports the deployment of Windows 10, as well as Windows 7, Windows 8.1, and Windows Server. It also includes support for zero-touch installation (ZTI) with [Microsoft Endpoint Configuration Manager](/configmgr/).
+MDT supports the deployment of Windows 10, and Windows 7, Windows 8.1, and Windows Server. It also includes support for zero-touch installation (ZTI) with [Microsoft Endpoint Configuration Manager](/configmgr/).
> [!IMPORTANT]
> For more information about MDT supported platforms, see [MDT Release Notes](/mem/configmgr/mdt/release-notes#supported-platforms) and [MDT FAQ](/mem/configmgr/mdt/faq#is-this-release-only-supported-with-version--x--of-windows-client--windows-adk--or-configuration-manager-).
## Key features in MDT
-MDT has been in existence since 2003, when it was first introduced as Business Desktop Deployment (BDD) 1.0. The toolkit has evolved, both in functionality and popularity, and today it is considered fundamental to Windows operating system and enterprise application deployment.
+MDT has been in existence since 2003, when it was first introduced as Business Desktop Deployment (BDD) 1.0. The toolkit has evolved, both in functionality and popularity, and today it's considered fundamental to Windows operating system and enterprise application deployment.
MDT has many useful features, such as:
- **Windows Client support.** Supports Windows 7, Windows 8.1, and Windows 10.
- **Windows Server support.** Supports Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019.
-- **Additional operating systems support.** Supports Windows Thin PC and [Windows Embedded POSReady 7](https://www.microsoft.com/en-us/download/details.aspx?id=26558), as well as Windows 8.1 Embedded Industry.
+- **Additional operating systems support.** Supports Windows Thin PC and [Windows Embedded POSReady 7](https://www.microsoft.com/en-us/download/details.aspx?id=26558), and Windows 8.1 Embedded Industry.
- **UEFI support.** Supports deployment to machines using Unified Extensible Firmware Interface (UEFI) version 2.3.1.
-- **GPT support.** Supports deployment to machines that require the new GPT partition table format. This is related to UEFI.
+- **GPT support.** Supports deployment to machines that require the new GPT partition table format. This feature is related to UEFI.
- **Enhanced Windows PowerShell support.** Provides support for running PowerShell scripts.
@@ -54,7 +48,7 @@ MDT has many useful features, such as:
- **Automated participation in CEIP and WER.** Provides configuration for participation in Windows Customer Experience Improvement Program (CEIP) and Windows Error Reporting (WER).
- **Deploy Windows RE.** Enables deployment of a customized Windows Recovery Environment (Windows RE) as part of the task sequence.
- **Deploy to VHD.** Provides ready-made task sequence templates for deploying Windows into a virtual hard disk (VHD) file.
-- **Improved deployment wizard.** Provides additional progress information and a cleaner UI for the Lite Touch Deployment Wizard.
+- **Improved deployment wizard.** Provides more progress information and a cleaner UI for the Lite Touch Deployment Wizard.
- **Monitoring.** Allows you to see the status of currently running deployments.
- **Apply GPO Pack.** Allows you to deploy local group policy objects created by Microsoft Security Compliance Manager (SCM).
- **Partitioning routines.** Provides improved partitioning routines to ensure that deployments work regardless of the current hard drive structure.
@@ -71,21 +65,21 @@ MDT has many useful features, such as:
- **Support for Microsoft Office.** Provides added support for deploying Microsoft Office.
- **Support for Modern UI app package provisioning.** Provisions applications based on the new Windows app package standard, which is used in Windows 8 and later.
- **Extensibility.** Provides the capability to extend MDT far beyond the built-in features by adding custom scripts, web services, System Center Orchestrator runbooks, PowerShell scripts, and VBScripts.
-- **Upgrade task sequence.** Provides a new upgrade task sequence template that you can use to upgrade existing Windows 7, Windows 8, and Windows 8.1 systems directly to Windows 10, automatically preserving all data, settings, applications, and drivers. For more information about using this new upgrade task sequence, refer to the [Microsoft Deployment Toolkit resource page](/mem/configmgr/mdt/).
+- **Upgrade task sequence.** Provides a new upgrade task sequence template that you can use to upgrade existing Windows 7, Windows 8, and Windows 8.1 systems directly to Windows 10, automatically preserving all data, settings, applications, and drivers. For more information about using this new upgrade task sequence, see the [Microsoft Deployment Toolkit resource page](/mem/configmgr/mdt/).
## MDT Lite Touch components
-Many features in MDT support Lite Touch Installation (LTI) for Windows 10. An LTI deployment strategy requires very little infrastructure or user interaction, and can be used to deploy an operating system from a network share or from a physical media, such as a USB flash drive or disc.
+Many features in MDT support Lite Touch Installation (LTI) for Windows 10. An LTI deployment strategy requires little infrastructure or user interaction, and can be used to deploy an operating system from a network share or from a physical media, such as a USB flash drive or disk.
-When deploying the Windows operating system using MDT, most of the administration and configuration is done through the Deployment Workbench, but you also can perform many of the tasks using Windows PowerShell. The easiest way to find out how to use PowerShell in MDT is to use the Deployment Workbench to perform an operation and at the end of that task, click View Script. That will give you the PowerShell command.
+When the Windows operating system is being deployed using MDT, most of the administration and configuration is done through the Deployment Workbench, but you also can perform many of the tasks using Windows PowerShell. The easiest way to find out how to use PowerShell in MDT is to use the Deployment Workbench to perform an operation and at the end of that task, click **View Script**. You're provided the PowerShell command.
-If you click **View Script** on the right side, you will get the PowerShell code that was used to perform the task.
+If you click **View Script** on the right side, you'll get the PowerShell code that was used to perform the task.
## Deployment shares
-A deployment share is essentially a folder on the server that is shared and contains all the setup files and scripts needed for the deployment solution. It also holds the configuration files (called rules) that are gathered when a machine is deployed. These configuration files can reach out to other sources, like a database, external script, or web server to get additional settings for the deployment. For Lite Touch deployments, it is common to have two deployment shares: one for creating the reference images and one for deployment. For Zero Touch, it is common to have only the deployment share for creating reference images because Configuration Manager deploys the image in the production environment.
+A deployment share is essentially a folder on the server that is shared and contains all the setup files and scripts needed for the deployment solution. It also holds the configuration files (called rules) that are gathered when a machine is deployed. These configuration files can reach out to other sources, like a database, external script, or web server to get more settings for the deployment. For Lite Touch deployments, it's common to have two deployment shares: one for creating the reference images and one for deployment. For Zero Touch, it's common to have only the deployment share for creating reference images because Configuration Manager deploys the image in the production environment.
## Rules
@@ -98,7 +92,7 @@ You can manage hundreds of settings in the rules. For more information, see the
-Example of a MDT rule. In this example, the new computer name is being calculated based on PC- plus the first seven (Left) characters from the serial number
+Example of an MDT rule. In this example, the new computer name is being calculated based on PC- plus the first seven (Left) characters from the serial number
## Boot images
@@ -107,7 +101,7 @@ share on the server and start the deployment.
## Operating systems
-Using the Deployment Workbench, you import the operating systems you want to deploy. You can import either the full source (like the full Windows 10 DVD/ISO) or a custom image that you have created. The full-source operating systems are primarily used to create reference images; however, they also can be used for normal deployments.
+Using the Deployment Workbench, you import the operating systems you want to deploy. You can import either the full source (like the full Windows 10 DVD/ISO) or a custom image that you've created. The full-source operating systems are primarily used to create reference images; however, they also can be used for normal deployments.
## Applications
@@ -119,7 +113,7 @@ You also use the Deployment Workbench to import the drivers your hardware needs
## Packages
-With the Deployment Workbench, you can add any Microsoft packages that you want to use. The most commonly added packages are language packs, and the Deployment Workbench Packages node works well for those. You also can add security and other updates this way. However, we generally recommend that you use Windows Server Update Services (WSUS) for operating system updates. The rare exceptions are critical hotfixes that are not available via WSUS, packages for the boot image, or any other package that needs to be deployed before the WSUS update process starts.
+With the Deployment Workbench, you can add any Microsoft packages that you want to use. The most commonly added packages are language packs, and the Deployment Workbench Packages node works well for those packages. You also can add security and other updates this way. However, we generally recommend that you use Windows Server Update Services (WSUS) for operating system updates. The rare exceptions are critical hotfixes that aren't available via WSUS, packages for the boot image, or any other package that needs to be deployed before the WSUS update process starts.
## Task sequences
@@ -134,17 +128,18 @@ You can think of a task sequence as a list of actions that need to be executed i
## Task sequence templates
-MDT comes with nine default task sequence templates. You can also create your own templates. As long as you store them in the Templates folder, they will be available when you create a new task sequence.
+MDT comes with nine default task sequence templates. You can also create your own templates. As long as you store them in the Templates folder, they'll be available when you create a new task sequence.
- **Sysprep and Capture task sequence.** Used to run the System Preparation (Sysprep) tool and capture an image of a reference computer.
- **Note**: It is preferable to use a complete build and capture instead of the Sysprep and Capture task sequence. A complete build and capture can be automated, whereas Sysprep and Capture cannot.
+ > [!NOTE]
+ > It's preferable to use a complete build and capture instead of the Sysprep and Capture task sequence. A complete build and capture can be automated, whereas Sysprep and Capture can't.
- **Standard Client task sequence.** The most frequently used task sequence. Used for creating reference images and for deploying clients in production.
- **Standard Client Replace task sequence.** Used to run User State Migration Tool (USMT) backup and the optional full Windows Imaging (WIM) backup action. Can also be used to do a secure wipe of a machine that is going to be decommissioned.
- **Custom task sequence.** As the name implies, a custom task sequence with only one default action (one Install Application action).
-- **Standard Server task sequence.** The default task sequence for deploying operating system images to servers. The main difference between this template and the Standard Client task sequence template is that it does not contain any USMT actions because USMT is not supported on servers.
+- **Standard Server task sequence.** The default task sequence for deploying operating system images to servers. The main difference between this template and the Standard Client task sequence template is that it doesn't contain any USMT actions because USMT isn't supported on servers.
- **Lite Touch OEM task sequence.** Used to preload operating systems images on the computer hard drive. Typically used by computer original equipment manufacturers (OEMs) but some enterprise organizations also use this feature.
-- **Post OS Installation task sequence.** A task sequence prepared to run actions after the operating system has been deployed. Very useful for server deployments but not often used for client deployments.
+- **Post OS Installation task sequence.** A task sequence prepared to run actions after the operating system has been deployed. Useful for server deployments but not often used for client deployments.
- **Deploy to VHD Client task sequence.** Similar to the Standard Client task sequence template but also creates a virtual hard disk (VHD) file on the target computer and deploys the image to the VHD file.
- **Deploy to VHD Server task sequence.** Same as the Deploy to VHD Client task sequence but for servers.
- **Standard Client Upgrade task sequence.** A simple task sequence template used to perform an in-place upgrade from Windows 7, Windows 8, or Windows 8.1 directly to Windows 10, automatically preserving existing data, settings, applications, and drivers.
@@ -163,11 +158,11 @@ Selection profiles, which are available in the Advanced Configuration node, prov
MDT uses many log files during operating system deployments. By default the logs are client side, but by configuring the deployment settings, you can have MDT store them on the server, as well.
**Note**
-The easiest way to view log files is to use Configuration Manager Trace (CMTrace), which is included in the [System Center 2012 R2 Configuration Manager Toolkit](https://go.microsoft.com/fwlink/p/?LinkId=734717).
+The easiest way to view log files is to use Configuration Manager Trace (CMTrace), which is included in the [Configuration Manager Toolkit](https://go.microsoft.com/fwlink/p/?LinkId=734717).
## Monitoring
-On the deployment share, you also can enable monitoring. After you enable monitoring, you will see all running deployments in the Monitor node in the Deployment Workbench.
+On the deployment share, you also can enable monitoring. After you enable monitoring, you'll see all running deployments in the Monitor node in the Deployment Workbench.
## See next
diff --git a/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md b/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md
index 207071b157..e691b3677b 100644
--- a/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md
+++ b/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md
@@ -1,17 +1,11 @@
---
title: Prepare for deployment with MDT (Windows 10)
description: This topic will walk you through the steps necessary to create the server structure required to deploy the Windows 10 operating system using the Microsoft Deployment Toolkit (MDT).
-ms.assetid: 5103c418-0c61-414b-b93c-a8e8207d1226
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-keywords: deploy, system requirements
ms.prod: w10
-ms.mktglfcycl: deploy
ms.localizationpriority: medium
-ms.sitesec: library
-ms.pagetype: mdt
-audience: itpro
author: aczechowski
ms.topic: article
---
diff --git a/windows/deployment/deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10.md b/windows/deployment/deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10.md
index 1fe4b7457c..356ba70dcc 100644
--- a/windows/deployment/deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10.md
+++ b/windows/deployment/deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10.md
@@ -1,17 +1,11 @@
---
title: Refresh a Windows 7 computer with Windows 10 (Windows 10)
description: This topic will show you how to use MDT Lite Touch Installation (LTI) to upgrade a Windows 7 computer to a Windows 10 computer using the computer refresh process.
-ms.assetid: 2866fb3c-4909-4c25-b083-6fc1f7869f6f
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-keywords: reinstallation, customize, template, script, restore
ms.prod: w10
-ms.mktglfcycl: deploy
ms.localizationpriority: medium
-ms.sitesec: library
-ms.pagetype: mdt
-audience: itpro
author: aczechowski
ms.topic: article
---
@@ -23,12 +17,12 @@ ms.topic: article
This topic will show you how to use MDT Lite Touch Installation (LTI) to upgrade a Windows 7 computer to a Windows 10 computer using the online computer refresh process. The computer refresh scenario is a reinstallation of an updated operating system on the same computer. You can also use this procedure to reinstall the same OS version. In this article, the computer refresh will be done while the computer is online. MDT also supports an offline computer refresh. For more info on that scenario, see the USMTOfflineMigration property on the [MDT resource page](/mem/configmgr/mdt/).
-For the purposes of this topic, we will use three computers: DC01, MDT01, and PC0001.
+For the purposes of this topic, we'll use three computers: DC01, MDT01, and PC0001.
- DC01 is a domain controller for the contoso.com domain.
- MDT01 is domain member server that hosts your deployment share.
- PC0001 is a domain member computer running a previous version of Windows that is going to be refreshed to a new version of Windows 10, with data and settings restored. The example used here is a computer running Windows 7 SP1.
-Both DC01 and MDT01 are running Windows Server 2019; however any supported version of Windows Server can be used. For more details on the setup for this topic, please see [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md).
+Both DC01 and MDT01 are running Windows Server 2019; however any supported version of Windows Server can be used. For more details on the setup for this topic, see [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md).
@@ -36,9 +30,9 @@ The computers used in this topic.
## The computer refresh process
-A computer refresh is not the same as an in-place upgrade because a computer refresh involves exporting user data and settings then wiping the device before installing a fresh OS and restoring the user's data and settings.
+A computer refresh isn't the same as an in-place upgrade because a computer refresh involves exporting user data and settings then wiping the device before installing a fresh OS and restoring the user's data and settings.
-For a computer refresh with MDT, you use the User State Migration Tool (USMT), which is part of the Windows Assessment and Deployment Kit (ADK) for Windows 10, to migrate user data and settings. To complete a computer refresh you will:
+For a computer refresh with MDT, you use the User State Migration Tool (USMT), which is part of the Windows Assessment and Deployment Kit (ADK) for Windows 10, to migrate user data and settings. To complete a computer refresh, you will:
1. Back up data and settings locally, in a backup folder.
2. Wipe the partition, except for the backup folder.
@@ -46,7 +40,7 @@ For a computer refresh with MDT, you use the User State Migration Tool (USMT), w
4. Install other applications.
5. Restore data and settings.
-During the computer refresh, USMT uses a feature called Hard-Link Migration Store. When you use this feature, the files are simply linked in the file system, which allows for fast migration, even when there is a lot of data.
+During the computer refresh, USMT uses a feature called Hard-Link Migration Store. When you use this feature, the files are linked in the file system, which allows for fast migration, even when there's a lot of data.
>[!NOTE]
>In addition to the USMT backup, you can enable an optional full Windows Imaging (WIM) backup of the machine by configuring the MDT rules. If you do this, a .wim file is created in addition to the USMT backup. The .wim file contains the entire volume from the computer and helpdesk personnel can extract content from it if needed. Please note that this is a data WIM backup only. Using this backup to restore the entire computer is not a supported scenario.
@@ -66,17 +60,17 @@ In addition to the command-line switches that control which profiles to migrate,
### Multicast
-Multicast is a technology designed to optimize simultaneous deployment to multiple devices. If you have a limited number of simultaneous deployments, you should disable multicast which was [configured in a previous procedure](deploy-a-windows-10-image-using-mdt.md#set-up-mdt-for-multicast) in this guide. Disabling multicast will speed up deployment for a small number of computers. You will need to update the deployment share after changing this setting.
+Multicast is a technology designed to optimize simultaneous deployment to multiple devices. If you have a limited number of simultaneous deployments, you should disable multicast which was [configured in a previous procedure](deploy-a-windows-10-image-using-mdt.md#set-up-mdt-for-multicast) in this guide. Disabling multicast will speed up deployment for a small number of computers. You'll need to update the deployment share after changing this setting.
## Refresh a Windows 7 SP1 client
-In these section, we assume that you have already performed the prerequisite procedures in the following topics, so that you have a deployment share named **MDTProduction$** on MDT01:
+In this section, we assume that you've already performed the prerequisite procedures in the following topics, so that you have a deployment share named **MDTProduction$** on MDT01:
- [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md)
- [Create a Windows 10 reference image](create-a-windows-10-reference-image.md)
- [Deploy a Windows 10 image using MDT](deploy-a-windows-10-image-using-mdt.md)
-It is also assumed that you have a domain member client computer named PC0001 in your environment running Windows 7, 8.1 or 10 that is ready for a refresh to the latest version of Windows 10. For demonstration purposes, we will refreshing a Windows 7 SP1 PC to Windows 10, version 1909.
+It is also assumed that you have a domain member client computer named PC0001 in your environment running Windows 7, 8.1 or 10 that is ready for a refresh to the latest version of Windows 10. For demonstration purposes, we'll be refreshing a Windows 7 SP1 PC to Windows 10, version 1909.
### Upgrade (refresh) a Windows 7 SP1 client
diff --git a/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md b/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md
index 98bf1c01e1..30ca655b46 100644
--- a/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md
+++ b/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md
@@ -1,18 +1,12 @@
---
title: Replace a Windows 7 computer with a Windows 10 computer (Windows 10)
-description: In this article, you will learn how to replace a Windows 7 device with a Windows 10 device.
+description: In this article, you'll learn how to replace a Windows 7 device with a Windows 10 device.
ms.custom: seo-marvel-apr2020
-ms.assetid: acf091c9-f8f4-4131-9845-625691c09a2a
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-keywords: deploy, deployment, replace
ms.prod: w10
-ms.mktglfcycl: deploy
ms.localizationpriority: medium
-ms.sitesec: library
-ms.pagetype: mdt
-audience: itpro
author: aczechowski
ms.topic: article
---
@@ -22,15 +16,15 @@ ms.topic: article
**Applies to**
- Windows 10
-A computer replace scenario for Windows 10 is quite similar to a computer refresh for Windows 10. However, because you are replacing a device, you cannot store the backup on the old computer. Instead you need to store the backup to a location where the new computer can read it. The User State Migration Tool (USMT) will be used to back up and restore data and settings.
+A computer replace scenario for Windows 10 is similar to a computer refresh for Windows 10. However, because you're replacing a device, you can't store the backup on the old computer. Instead you need to store the backup to a location where the new computer can read it. The User State Migration Tool (USMT) will be used to back up and restore data and settings.
-For the purposes of this topic, we will use four computers: DC01, MDT01, PC0002, and PC0007.
+For the purposes of this topic, we'll use four computers: DC01, MDT01, PC0002, and PC0007.
- DC01 is a domain controller for the contoso.com domain.
- MDT01 is domain member server that hosts your deployment share.
- PC0002 is an old computer running Windows 7 SP1 that will be replaced by PC0007.
- PC0007 is a new computer will have the Windows 10 OS installed prior to data from PC0002 being migrated. Both PC0002 and PC0007 are members of the contoso.com domain.
-For more details on the setup for this topic, please see [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md).
+For more details on the setup for this topic, see [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md).
@@ -46,9 +40,9 @@ The computers used in this topic.
On **MDT01**:
-1. Open the Deployment Workbench, under **Deployment Shares** right-click **MDT Production**, click **Properties**, and then click the **Rules** tab.
-2. Change the **SkipUserData=YES** option to **NO**, and click **OK**.
-3. Right-click **MDT Production** and click **Update Deployment Share**. Click **Next**, **Next**, and **Finish** to complete the Update Deployment Share Wizard with the default settings.
+1. Open the Deployment Workbench, under **Deployment Shares** right-click **MDT Production**, select **Properties**, and then select the **Rules** tab.
+2. Change the **SkipUserData=YES** option to **NO**, and select **OK**.
+3. Right-click on **MDT Production** and select **Update Deployment Share**. Then select **Next**, **Next**, and **Finish** to complete the Update Deployment Share Wizard with the default settings.
### Create and share the MigData folder
@@ -81,7 +75,7 @@ On **MDT01**:
During a computer replace, these are the high-level steps that occur:
-1. On the computer you are replacing, a special replace task sequence runs the USMT backup and, if you configured it, runs the optional full Windows Imaging (WIM) backup.
+1. On the computer you're replacing, a special replace task sequence runs the USMT backup and, if you configured it, runs the optional full Windows Imaging (WIM) backup.
2. On the new computer, you perform a standard bare-metal deployment. At the end of the bare-metal deployment, the USMT backup from the old computer is restored.
### Run the replace task sequence
diff --git a/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md b/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md
index e0cce7674c..e2976790e7 100644
--- a/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md
+++ b/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md
@@ -1,17 +1,11 @@
---
title: Set up MDT for BitLocker (Windows 10)
-ms.assetid: 386e6713-5c20-4d2a-a220-a38d94671a38
ms.reviewer:
manager: dougeby
ms.author: aaroncz
description: Learn how to configure your environment for BitLocker, the disk volume encryption built into Windows 10 Enterprise and Windows 10 Pro, using MDT.
-keywords: disk, encryption, TPM, configure, secure, script
ms.prod: w10
-ms.mktglfcycl: deploy
ms.localizationpriority: medium
-ms.sitesec: library
-ms.pagetype: mdt
-audience: itpro
author: aczechowski
ms.topic: article
ms.custom: seo-marvel-mar2020
diff --git a/windows/deployment/deploy-windows-mdt/simulate-a-windows-10-deployment-in-a-test-environment.md b/windows/deployment/deploy-windows-mdt/simulate-a-windows-10-deployment-in-a-test-environment.md
index c22c41830d..3b225896bf 100644
--- a/windows/deployment/deploy-windows-mdt/simulate-a-windows-10-deployment-in-a-test-environment.md
+++ b/windows/deployment/deploy-windows-mdt/simulate-a-windows-10-deployment-in-a-test-environment.md
@@ -1,17 +1,11 @@
---
title: Simulate a Windows 10 deployment in a test environment (Windows 10)
description: This topic will walk you through the process of creating a simulated environment on which to test your Windows 10 deployment using MDT.
-ms.assetid: 2de86c55-ced9-4078-b280-35e0329aea9c
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-keywords: deploy, script
ms.prod: w10
-ms.mktglfcycl: deploy
ms.localizationpriority: medium
-ms.sitesec: library
-ms.pagetype: mdt
-audience: itpro
author: aczechowski
ms.topic: article
---
@@ -51,7 +45,7 @@ On **PC0001**:
& "C:\MDT\CMTrace" C:\MININT\SMSOSD\OSDLOGS\ZTIGather.log
```
-3. Download and install the free [Microsoft System Center 2012 R2 Configuration Manager Toolkit](https://go.microsoft.com/fwlink/p/?LinkId=734717) on PC0001 so that you have access to the Configuration Manager Trace (cmtrace.exe) tool.
+3. Download and install the free [Configuration Manager Toolkit](https://go.microsoft.com/fwlink/p/?LinkId=734717) on PC0001 so that you have access to the Configuration Manager Trace (cmtrace.exe) tool.
4. Using Local Users and Groups (lusrmgr.msc), add the **contoso\\MDT\_BA** user account to the local **Administrators** group.
5. Sign off, and then sign on to PC0001 as **contoso\\MDT\_BA**.
6. Open the **\\\\MDT01\\MDTProduction$\\Scripts** folder and copy the following files to **C:\\MDT**:
diff --git a/windows/deployment/deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md b/windows/deployment/deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md
index 78849e6f4b..4f1b8456b8 100644
--- a/windows/deployment/deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md
+++ b/windows/deployment/deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md
@@ -1,17 +1,11 @@
---
title: Perform an in-place upgrade to Windows 10 with MDT (Windows 10)
description: The simplest path to upgrade PCs that are currently running Windows 7, Windows 8, or Windows 8.1 to Windows 10 is through an in-place upgrade.
-ms.assetid: B8993151-3C1E-4F22-93F4-2C5F2771A460
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-keywords: upgrade, update, task sequence, deploy
ms.prod: w10
-ms.mktglfcycl: deploy
ms.localizationpriority: medium
-ms.sitesec: library
-ms.pagetype: mdt
-audience: itpro
author: aczechowski
ms.topic: article
---
diff --git a/windows/deployment/deploy-windows-mdt/use-orchestrator-runbooks-with-mdt.md b/windows/deployment/deploy-windows-mdt/use-orchestrator-runbooks-with-mdt.md
index e6409ee3f9..12cf171f4d 100644
--- a/windows/deployment/deploy-windows-mdt/use-orchestrator-runbooks-with-mdt.md
+++ b/windows/deployment/deploy-windows-mdt/use-orchestrator-runbooks-with-mdt.md
@@ -1,17 +1,11 @@
---
title: Use Orchestrator runbooks with MDT (Windows 10)
description: Learn how to integrate Microsoft System Center 2012 R2 Orchestrator with MDT to replace the existing web services that are used in deployment solutions.
-ms.assetid: 68302780-1f6f-4a9c-9407-b14371fdce3f
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-keywords: web services, database
ms.prod: w10
-ms.mktglfcycl: deploy
ms.localizationpriority: medium
-ms.sitesec: library
-ms.pagetype: mdt
-audience: itpro
author: aczechowski
ms.topic: article
---
diff --git a/windows/deployment/deploy-windows-mdt/use-the-mdt-database-to-stage-windows-10-deployment-information.md b/windows/deployment/deploy-windows-mdt/use-the-mdt-database-to-stage-windows-10-deployment-information.md
index bbe74794a9..33cc3b4d4b 100644
--- a/windows/deployment/deploy-windows-mdt/use-the-mdt-database-to-stage-windows-10-deployment-information.md
+++ b/windows/deployment/deploy-windows-mdt/use-the-mdt-database-to-stage-windows-10-deployment-information.md
@@ -1,17 +1,11 @@
---
title: Use MDT database to stage Windows 10 deployment info (Windows 10)
description: Learn how to use the MDT database to pre-stage information on your Windows 10 deployment in a Microsoft SQL Server 2012 SP1 Express database.
-ms.assetid: 8956ab54-90ba-45d3-a384-4fdec72c4d46
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.pagetype: mdt
-keywords: database, permissions, settings, configure, deploy
ms.prod: w10
-ms.mktglfcycl: deploy
ms.localizationpriority: medium
-ms.sitesec: library
-audience: itpro
author: aczechowski
ms.topic: article
---
diff --git a/windows/deployment/deploy-windows-mdt/use-web-services-in-mdt.md b/windows/deployment/deploy-windows-mdt/use-web-services-in-mdt.md
index 6f6b6c785e..2f427ac529 100644
--- a/windows/deployment/deploy-windows-mdt/use-web-services-in-mdt.md
+++ b/windows/deployment/deploy-windows-mdt/use-web-services-in-mdt.md
@@ -1,17 +1,11 @@
---
title: Use web services in MDT (Windows 10)
description: Learn how to create a simple web service that generates computer names and then configure MDT to use that service during your Windows 10 deployment.
-ms.assetid: 8f47535e-0551-4ccb-8f02-bb97539c6522
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-keywords: deploy, web apps
ms.prod: w10
-ms.mktglfcycl: deploy
ms.localizationpriority: medium
-ms.pagetype: mdt
-ms.sitesec: library
-audience: itpro
author: aczechowski
ms.topic: article
---
@@ -23,7 +17,7 @@ Using a web service in MDT is straightforward, but it does require that you have
## Create a sample web service
-In these steps we assume you have installed Microsoft Visual Studio Express 2013 for Web on PC0001 (the Windows 10 client) and downloaded the [MDT Sample Web Service](https://go.microsoft.com/fwlink/p/?LinkId=619363) from the Microsoft Download Center and extracted it to C:\\Projects.
+In these steps we assume you have installed Microsoft Visual Studio Express 2013 for Web on PC0001 (the Windows 10 client) and downloaded the [MDT Sample Web Service](https://www.microsoft.com/download/details.aspx?id=42516) from the Microsoft Download Center and extracted it to C:\\Projects.
1. On PC0001, using Visual Studio Express 2013 for Web, open the C:\\Projects\\MDTSample\\ MDTSample.sln solution file.
2. On the ribbon bar, verify that Release is selected.
3. In the **Debug** menu, select the **Build MDTSample** action.
diff --git a/windows/deployment/deploy-windows-to-go.md b/windows/deployment/deploy-windows-to-go.md
index 9846a41bcf..d398777f84 100644
--- a/windows/deployment/deploy-windows-to-go.md
+++ b/windows/deployment/deploy-windows-to-go.md
@@ -1,18 +1,11 @@
---
title: Deploy Windows To Go in your organization (Windows 10)
description: Learn how to deploy Windows To Go in your organization through a wizard in the user interface as well as programatically with Windows PowerShell.
-ms.assetid: cfe550be-ffbd-42d1-ab4d-80efae49b07f
ms.reviewer:
manager: dougeby
-ms.audience: itpro
author: aczechowski
ms.author: aaroncz
-keywords: deployment, USB, device, BitLocker, workspace, security, data
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: mobility
-audience: itpro
ms.topic: article
ms.custom: seo-marvel-apr2020
---
@@ -20,11 +13,12 @@ ms.custom: seo-marvel-apr2020
# Deploy Windows To Go in your organization
+
**Applies to**
- Windows 10
-This topic helps you to deploy Windows To Go in your organization. Before you begin deployment, make sure that you have reviewed the topics [Windows To Go: feature overview](planning/windows-to-go-overview.md) and [Prepare your organization for Windows To Go](planning/prepare-your-organization-for-windows-to-go.md) to ensure that you have the correct hardware and are prepared to complete the deployment. You can then use the steps in this topic to start your Windows To Go deployment.
+This topic helps you to deploy Windows To Go in your organization. Before you begin deployment, make sure that you've reviewed the topics [Windows To Go: feature overview](planning/windows-to-go-overview.md) and [Prepare your organization for Windows To Go](planning/prepare-your-organization-for-windows-to-go.md) to ensure that you have the correct hardware and are prepared to complete the deployment. You can then use the steps in this topic to start your Windows To Go deployment.
> [!IMPORTANT]
> Windows To Go is removed in Windows 10, version 2004 and later operating systems. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs.
@@ -33,28 +27,28 @@ This topic helps you to deploy Windows To Go in your organization. Before you be
The following is a list of items that you should be aware of before you start the deployment process:
-* Only use recommended USB drives for Windows To Go. Use of other drives is not supported. Check the list at [Windows To Go: feature overview](planning/windows-to-go-overview.md) for the latest USB drives certified for use as Windows To Go drives.
+* Only use recommended USB drives for Windows To Go. Use of other drives isn't supported. Check the list at [Windows To Go: feature overview](planning/windows-to-go-overview.md) for the latest USB drives certified for use as Windows To Go drives.
* After you provision a new workspace, always eject a Windows To Go drive using the **Safely Remove Hardware and Eject Media** control that can be found in the notification area or in Windows Explorer. Removing the drive from the USB port without ejecting it first can cause the drive to become corrupted.
* When running a Windows To Go workspace, always shutdown the workspace before unplugging the drive.
-* System Center 2012 Configuration Manager SP1 and later includes support for user self-provisioning of Windows To Go drives. You can download Configuration Manager for evaluation from the [Microsoft TechNet Evaluation Center](https://go.microsoft.com/fwlink/p/?LinkId=618746). For more information on this deployment option, see [How to Provision Windows To Go in Configuration Manager](/previous-versions/system-center/system-center-2012-R2/jj651035(v=technet.10)).
+* Configuration Manager SP1 and later includes support for user self-provisioning of Windows To Go drives. You can download Configuration Manager for evaluation from the [Microsoft TechNet Evaluation Center](https://go.microsoft.com/fwlink/p/?LinkId=618746). For more information on this deployment option, see [How to Provision Windows To Go in Configuration Manager](/previous-versions/system-center/system-center-2012-R2/jj651035(v=technet.10)).
-* If you are planning on using a USB drive duplicator to duplicate Windows To Go drives, do not configure offline domain join or BitLocker on the drive.
+* If you're planning on using a USB drive duplicator to duplicate Windows To Go drives, don't configure offline domain join or BitLocker on the drive.
## Basic deployment steps
-Unless you are using a customized operating system image, your initial Windows To Go workspace will not be domain joined and will not contain applications. This is exactly like a new installation of Windows on a desktop or laptop computer. When planning your deployment, you should develop methods to join Windows to Go drives to the domain and install the standard applications that users in your organization require. These methods probably will be similar to the ones used for setting up desktop and laptop computers with domain privileges and applications. This section describes the instructions for creating the correct disk layout on the USB drive, applying the operating system image and the core Windows To Go specific configurations to the drive. The following steps are used in both small-scale and large-scale Windows To Go deployment scenarios.
+Unless you're using a customized operating system image, your initial Windows To Go workspace won't be domain joined and won't contain applications. This is exactly like a new installation of Windows on a desktop or laptop computer. When planning your deployment, you should develop methods to join Windows to Go drives to the domain and install the standard applications that users in your organization require. These methods probably will be similar to the ones used for setting up desktop and laptop computers with domain privileges and applications. This section describes the instructions for creating the correct disk layout on the USB drive, applying the operating system image and the core Windows To Go specific configurations to the drive. The following steps are used in both small-scale and large-scale Windows To Go deployment scenarios.
-Completing these steps will give you a generic Windows To Go drive that can be distributed to your users and then customized for their usage as needed. This drive is also appropriate for use with USB drive duplicators. Your specific deployment scenarios will involve more than just these basic steps but these additional deployment considerations are similar to traditional PC deployment and can be incorporated into your Windows To Go deployment plan. For additional information, see [Windows Deployment Options](/previous-versions/windows/it-pro/windows-8.1-and-8/hh825230(v=win.10)).
+Completing these steps will give you a generic Windows To Go drive that can be distributed to your users and then customized for their usage as needed. This drive is also appropriate for use with USB drive duplicators. Your specific deployment scenarios will involve more than just these basic steps but these additional deployment considerations are similar to traditional PC deployment and can be incorporated into your Windows To Go deployment plan. For more information, see [Windows Deployment Options](/previous-versions/windows/it-pro/windows-8.1-and-8/hh825230(v=win.10)).
>[!WARNING]
>If you plan to use the generic Windows To Go drive as the master drive in a USB duplicator, the drive should not be booted. If the drive has been booted inadvertently it should be reprovisioned prior to duplication.
### Create the Windows To Go workspace
-In this step we are creating the operating system image that will be used on the Windows To Go drives. You can use the Windows To Go Creator Wizard or you can [do this manually](/previous-versions/windows/it-pro/windows-8.1-and-8/jj721578(v=ws.11)) using a combination of Windows PowerShell and command-line tools.
+In this step we're creating the operating system image that will be used on the Windows To Go drives. You can use the Windows To Go Creator Wizard or you can [do this manually](/previous-versions/windows/it-pro/windows-8.1-and-8/jj721578(v=ws.11)) using a combination of Windows PowerShell and command-line tools.
>[!WARNING]
>The preferred method to create a single Windows To Go drive is to use the Windows To Go Creator Wizard included in Windows 10 Enterprise and Windows 10 Education.
@@ -76,7 +70,7 @@ In this step we are creating the operating system image that will be used on the
6. On the **Choose a Windows image** page, click **Add Search Location** and then navigate to the .wim file location and click select folder. The wizard will display the installable images present in the folder; select the Windows 10 Enterprise or Windows 10 Education image you wish to use and then click **Next**.
-7. (Optional) On the **Set a BitLocker password (optional)** page, you can select **Use BitLocker with my Windows To Go Workspace** to encrypt your Windows To Go drive. If you do not wish to encrypt the drive at this time, click **Skip**. If you decide you want to add BitLocker protection later, see [Enable BitLocker protection for your Windows To Go drive](/previous-versions/windows/it-pro/windows-8.1-and-8/jj721578(v=ws.11)) for instructions.
+7. (Optional) On the **Set a BitLocker password (optional)** page, you can select **Use BitLocker with my Windows To Go Workspace** to encrypt your Windows To Go drive. If you don't wish to encrypt the drive at this time, click **Skip**. If you decide you want to add BitLocker protection later, see [Enable BitLocker protection for your Windows To Go drive](/previous-versions/windows/it-pro/windows-8.1-and-8/jj721578(v=ws.11)) for instructions.
r
>[!WARNING]
@@ -84,7 +78,7 @@ r
If you choose to encrypt the Windows To Go drive now:
- - Type a password that is at least eight characters long and conforms to your organizations password complexity policy. This password will be provided before the operating system is started so any characters you use must be able to be interpreted by the firmware. Some firmware does not support non-ASCII characters.
+ - Type a password that is at least eight characters long and conforms to your organizations password complexity policy. This password will be provided before the operating system is started so any characters you use must be able to be interpreted by the firmware. Some firmware doesn't support non-ASCII characters.
~~~
@@ -107,7 +101,7 @@ The following Windows PowerShell cmdlet or cmdlets perform the same function as
1. Using Cortana, search for **powershell**, right-click **Windows PowerShell**, and then select **Run as administrator**.
-2. In the Windows PowerShell session type the following commands to partition a master boot record (MBR) disk for use with a FAT32 system partition and an NTFS-formatted operating system partition. This disk layout can support computers that use either UEFI or BIOS firmware:
+2. In the Windows PowerShell session type, the following commands to partition a master boot record (MBR) disk for use with a FAT32 system partition and an NTFS-formatted operating system partition. This disk layout can support computers that use either UEFI or BIOS firmware:
```
# The following command will set $Disk to all USB drives with >20 GB of storage
diff --git a/windows/deployment/deploy.md b/windows/deployment/deploy.md
index afc608a502..8463fd9abd 100644
--- a/windows/deployment/deploy.md
+++ b/windows/deployment/deploy.md
@@ -1,17 +1,12 @@
---
title: Deploy Windows 10 (Windows 10)
description: Learn about Windows 10 upgrade options for planning, testing, and managing your production deployment.
-ms.assetid: E9E2DED5-DBA7-4300-B411-BA0FD39BE18C
ms.reviewer:
manager: dougeby
-ms.audience: itpro
author: aczechowski
ms.author: aaroncz
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
ms.localizationpriority: medium
-audience: itpro
ms.topic: article
ms.custom: seo-marvel-apr2020
---
diff --git a/windows/deployment/do/TOC.yml b/windows/deployment/do/TOC.yml
index d5374a455e..f00cde0466 100644
--- a/windows/deployment/do/TOC.yml
+++ b/windows/deployment/do/TOC.yml
@@ -1,87 +1,84 @@
-- name: Delivery Optimization for Windows client
+- name: Delivery Optimization for Windows client and Microsoft Connected Cache
href: index.yml
+- name: What's new
+ href: whats-new-do.md
items:
- - name: Get started
- items:
- - name: What is Delivery Optimization
- href: waas-delivery-optimization.md
- - name: What's new
- href: whats-new-do.md
-
-
-
- - name: Configure Delivery Optimization
+- name: Delivery Optimization
+ items:
+ - name: What is Delivery Optimization
+ href: waas-delivery-optimization.md
+ - name: Delivery Optimization Frequently Asked Questions
+ href: waas-delivery-optimization-faq.yml
+ - name: Configure Delivery Optimization for Windows clients
+ items:
+ - name: Windows client Delivery Optimization settings
+ href: waas-delivery-optimization-setup.md#recommended-delivery-optimization-settings
+ - name: Configure Delivery Optimization settings using Microsoft Intune
+ href: /mem/intune/configuration/delivery-optimization-windows
+ - name: Resources for Delivery Optimization
+ items:
+ - name: Set up Delivery Optimization for Windows
+ href: waas-delivery-optimization-setup.md
+ - name: Delivery Optimization reference
+ href: waas-delivery-optimization-reference.md
+ - name: Delivery Optimization client-service communication
+ href: delivery-optimization-workflow.md
+ - name: Using a proxy with Delivery Optimization
+ href: delivery-optimization-proxy.md
+- name: Microsoft Connected Cache
+ items:
+ - name: MCC overview
+ href: waas-microsoft-connected-cache.md
+ - name: MCC for Enterprise and Education
+ href: mcc-enterprise.md
+ - name: MCC for ISPs
items:
- - name: Configure Windows Clients
- items:
- - name: Windows Delivery Optimization settings
- href: waas-delivery-optimization-setup.md#recommended-delivery-optimization-settings
- - name: Configure Microsoft Endpoint Manager
- items:
- - name: Delivery Optimization settings in Microsoft Intune
- href: /mem/intune/configuration/delivery-optimization-windows
-
- - name: Microsoft Connected Cache
- items:
- - name: MCC overview
- href: waas-microsoft-connected-cache.md
- - name: MCC for Enterprise and Education
- href: mcc-enterprise.md
- - name: MCC for ISPs
- items:
- - name: MCC for ISP overview
- href: mcc-isp-overview.md
- - name: Concepts
- items:
- - name: Device Provisioning
- href: mcc-isp-device-provisioning.md
- - name: Client Routing
- href: mcc-isp-client-routing.md
- - name: Cache Node Configuration
- href: mcc-isp-cache-node-configuration.md
- - name: Traffic Estimation
- href: mcc-traffic-estimation.md
- - name: How-to guides
- items:
- - name: Operator sign up and service onboarding
- href: mcc-isp-signup.md
- - name: Create the MCC in Azure portal
- href: mcc-isp-create.md
- - name: Provision and deploy cache node to your server
- href: mcc-isp-provision-deploy.md
- - name: Configure client routing for cache node
- href: mcc-isp-configure-routing.md
- - name: Verify cache node functionality
- href: mcc-isp-verify-cache-node.md
- - name: Update your cache node
- href: mcc-isp-update.md
- - name: Monitor cache node health and performance
- href: mcc-isp-monitor.md
- - name: Uninstall your cache node
- href: mcc-isp-uninstall.md
- - name: Resources
- items:
- - name: Community Forum
- href: link-to-come
- - name: FAQs
- href: mcc-isp-faq.md
- - name: Enhancing VM performance
- href: mcc-isp-vm-performance.md
- - name: Support and troubleshooting
- href: mcc-isp-support.md
- - name: MCC for ISPs (Private Preview)
- href: mcc-isp.md
+ - name: Overview
+ href: mcc-isp-overview.md
+ - name: Concepts
+ items:
+ - name: Device provisioning
+ href: mcc-isp-device-provisioning.md
+ - name: Client routing
+ href: mcc-isp-client-routing.md
+ - name: Cache node configuration
+ href: mcc-isp-cache-node-configuration.md
+ - name: Traffic estimation
+ href: mcc-traffic-estimation.md
+ - name: How-to guides
+ items:
+ - name: Operator sign up and service onboarding
+ href: mcc-isp-signup.md
+ - name: Create the MCC in Azure portal
+ href: mcc-isp-create.md
+ - name: Provision and deploy cache node to your server
+ href: mcc-isp-provision-deploy.md
+ - name: Configure client routing for cache node
+ href: mcc-isp-configure-routing.md
+ - name: Verify cache node functionality
+ href: mcc-isp-verify-cache-node.md
+ - name: Update your cache node
+ href: mcc-isp-update.md
+ - name: Monitor cache node health and performance
+ href: mcc-isp-monitor.md
+ - name: Uninstall your cache node
+ href: mcc-isp-uninstall.md
+ - name: Resources
+ items:
+ - name: Community forum
+ href: link-to-come
+ - name: FAQs
+ href: mcc-isp-faq.md
+ - name: Enhancing VM performance
+ href: mcc-isp-vm-performance.md
+ - name: Support and troubleshooting
+ href: mcc-isp-support.md
+ - name: Version History
+ href: mcc-version-history.md
+ - name: MCC for ISPs (Private Preview)
+ href: mcc-isp.md
+- name: Content endpoints for Delivery Optimization and Microsoft Connected Cache
+ href: delivery-optimization-endpoints.md
-
-
- - name: Resources
- items:
- - name: Set up Delivery Optimization for Windows
- href: waas-delivery-optimization-setup.md
- - name: Delivery Optimization reference
- href: waas-delivery-optimization-reference.md
- - name: Delivery Optimization client-service communication
- href: delivery-optimization-workflow.md
- - name: Using a proxy with Delivery Optimization
- href: delivery-optimization-proxy.md
+
diff --git a/windows/deployment/do/delivery-optimization-endpoints.md b/windows/deployment/do/delivery-optimization-endpoints.md
new file mode 100644
index 0000000000..984e7fd026
--- /dev/null
+++ b/windows/deployment/do/delivery-optimization-endpoints.md
@@ -0,0 +1,37 @@
+---
+title: Delivery Optimization and Microsoft Connected Cache content endpoints
+description: List of fully qualified domain names, ports, and associated content types to use Delivery Optimization and Microsoft Connected Cache.
+ms.date: 07/26/2022
+ms.prod: w10
+ms.technology: windows
+ms.topic: reference
+ms.localizationpriority: medium
+author: cmknox
+ms.author: carmenf
+ms.reviewer: mstewart
+manager: naengler
+---
+
+# Delivery Optimization and Microsoft Connected Cache content type endpoints
+
+_Applies to:_
+
+- Windows 11
+- Windows 10
+
+> [!NOTE]
+> All ports are outbound.
+
+This article lists the endpoints that need to be allowed through the firewall to ensure that content from Delivery Optimization and Microsoft Connected cache is properly delivered. Use the table below to reference any particular content types supported by Delivery Optimization and Microsoft Connected Cache:
+
+|Domain Name |Protocol/Port(s) | Content Type | Additional Information | Version |
+|---------|---------|---------------|-------------------|-----------------|
+| *.b1.download.windowsupdate.com, *.dl.delivery.mp.microsoft.com, *.download.windowsupdate.com, *.au.download.windowsupdate.com, *.au.b1.download.windowsupdate.com, *.tlu.dl.delivery.mp.microsoft.com, *.emdl.ws.microsoft.com, *.ctldl.windowsupdate.com | HTTP / 80 | Windows Update Windows Defender Windows Drivers | [Complete list](/windows/privacy/manage-windows-2004-endpoints) of endpoints for Windows Update services and payload. | Microsoft Endpoint Configuration Manager Distribution Point |
+| *.delivery.mp.microsoft.com | HTTP / 80 | Edge Browser | [Complete list](/deployedge/microsoft-edge-security-endpoints) of endpoints for Edge Browser. | Microsoft Endpoint Configuration Manager Distribution Point |
+| *.officecdn.microsoft.com.edgesuite.net, *.officecdn.microsoft.com, *.cdn.office.net | HTTP / 80 | Office CDN updates | [Complete list](/office365/enterprise/office-365-endpoints) of endpoints for Office CDN updates. | Microsoft Endpoint Configuration Manager Distribution Point |
+| *.manage.microsoft.com, *.swda01.manage.microsoft.com, *.swda02.manage.microsoft.com, *.swdb01.manage.microsoft.com, *.swdb02.manage.microsoft.com, *.swdc01.manage.microsoft.com, *.swdc02.manage.microsoft.com, *.swdd01.manage.microsoft.com, *.swdd02.manage.microsoft.com, *.swda01-mscdn.manage.microsoft.com, *.swda02-mscdn.manage.microsoft.com, *.swdb01-mscdn.manage.microsoft.com, *.swdb02-mscdn.manage.microsoft.com, *.swdc01-mscdn.manage.microsoft.com, *.swdc02-mscdn.manage.microsoft.com, *.swdd01-mscdn.manage.microsoft.com, *.swdd02-mscdn.manage.microsoft.com | HTTP / 80 HTTPs / 443 | Intune Win32 Apps | [Complete list](/mem/intune/fundamentals/intune-endpoints) of endpoints for Intune Win32 Apps updates. | Microsoft Endpoint Configuration Manager Distribution Point |
+| *.statics.teams.cdn.office.net | HTTP / 80 HTTPs / 443 | Teams | | Microsoft Endpoint Configuration Manager Distribution Point |
+| *.assets1.xboxlive.com, *.assets2.xboxlive.com, *.dlassets.xboxlive.com, *.dlassets2.xboxlive.com, *.d1.xboxlive.com, *.d2.xboxlive.com, *.assets.xbox.com, *.xbl-dlassets-origin.xboxlive.com, *.assets-origin.xboxlive.com, *.xvcb1.xboxlive.com, *.xvcb2.xboxlive.com, *.xvcf1.xboxlive.com, *.xvcf2.xboxlive.com | HTTP / 80 | Xbox | | Microsoft Endpoint Configuration Manager Distribution Point |
+| *.tlu.dl.adu.microsoft.com, *.nlu.dl.adu.microsoft.com, *.dcsfe.prod.adu.microsoft.com | HTTP / 80 | Device Update | [Complete list](/azure/iot-hub-device-update/) of endpoints for Device Update updates. | Microsoft Endpoint Configuration Manager Distribution Point |
+| *.do.dsp.mp.microsoft.com | HTTP / 80 HTTPs / 443 | Microsoft Connected Cache -> Delivery Optimization Services communication | [Complete list](../do/waas-delivery-optimization-faq.yml) of endpoints for Delivery Optimization only. | Microsoft Connected Cache Managed in Azure |
+| *.azure-devices.net, *.global.azure-devices-provisioning.net, *.azurecr.io, *.blob.core.windows.net, *.mcr.microsoft.com | AMQP / 5671 MQTT / 8883 HTTPs / 443 | IoT Edge / IoT Hub communication| [Complete list](/azure/iot-hub/iot-hub-devguide-protocols) of Azure IoT Hub communication protocols and ports. [Azure IoT Guide](/azure/iot-hub/iot-hub-devguide-endpoints) to understanding Azure IoT Hub endpoints. | Microsoft Connected Cache Managed in Azure |
diff --git a/windows/deployment/do/delivery-optimization-proxy.md b/windows/deployment/do/delivery-optimization-proxy.md
index d2a8c14908..15bd6957d3 100644
--- a/windows/deployment/do/delivery-optimization-proxy.md
+++ b/windows/deployment/do/delivery-optimization-proxy.md
@@ -2,10 +2,7 @@
title: Using a proxy with Delivery Optimization
manager: dansimp
description: Settings to use with various proxy configurations to allow Delivery Optimization to work
-keywords: updates, downloads, network, bandwidth
ms.prod: w10
-ms.mktglfcycl: deploy
-audience: itpro
author: carmenf
ms.localizationpriority: medium
ms.author: carmenf
@@ -15,27 +12,27 @@ ms.topic: article
# Using a proxy with Delivery Optimization
-**Applies to**
+**Applies to:**
-- Windows 10
- Windows 11
+- Windows 10
-When Delivery Optimization downloads content from HTTP sources, it uses the automatic proxy discovery capability of WinHttp to streamline and maximize the support for complex proxy configurations as it makes range requests from the content server. It does this by setting the **WINHTTP_ACCESS_TYPE_AUTOMATIC_PROXY** flag in all HTTP calls.
+When Delivery Optimization downloads content from HTTP sources, it uses the automatic proxy discovery capability of WinHttp to streamline and maximize the support for complex proxy configurations as it makes range requests from the content server. It does this by setting the **WINHTTP_ACCESS_TYPE_AUTOMATIC_PROXY** flag in all HTTP calls.
Delivery Optimization provides a token to WinHttp that corresponds to the user that is signed in currently. In turn, WinHttp automatically authenticates the user against the proxy server set either in Internet Explorer or in the **Proxy Settings** menu in Windows.
For downloads that use Delivery Optimization to successfully use the proxy, you should set the proxy via Windows **Proxy Settings** or the Internet Explorer proxy settings.
-Setting the Internet Explorer proxy to apply device-wide will ensure that the device can access the proxy server even when no user is signed in. In this case, the proxy is accessed with the “NetworkService” context if proxy authentication is required.
+Setting the Internet Explorer proxy to apply device-wide will ensure that the device can access the proxy server even when no user is signed in. In this case, the proxy is accessed with the “NetworkService” context if proxy authentication is required.
> [!NOTE]
> We don't recommend that you use `netsh winhttp set proxy ProxyServerName:PortNumber`. Using this offers no auto-detection of the proxy, no support for an explicit PAC URL, and no authentication to the proxy. This setting is ignored by WinHTTP for requests that use auto-discovery (if an interactive user token is used).
If a user is signed in, the system uses the Internet Explorer proxy.
-If no user is signed in, even if both the Internet Explorer proxy and netsh configuration are set, the netsh configuration will take precedence over the Internet Explorer proxy. This can result in download failures. For example, you might receive HTTP_E_STATUS_PROXY_AUTH_REQ or HTTP_E_STATUS_DENIED errors.
+If no user is signed in, even if both the Internet Explorer proxy and netsh configuration are set, the netsh configuration will take precedence over the Internet Explorer proxy. This can result in download failures. For example, you might receive HTTP_E_STATUS_PROXY_AUTH_REQ or HTTP_E_STATUS_DENIED errors.
-You can still use netsh to import the proxy setting from Internet Explorer (`netsh winhttp import proxy source=ie `) if your proxy configuration is a static *proxyServerName:Port*. However, the same limitations mentioned previously apply.
+You can still use netsh to import the proxy setting from Internet Explorer (`netsh winhttp import proxy source=ie `) if your proxy configuration is a static *proxyServerName:Port*. However, the same limitations mentioned previously apply.
### Summary of settings behavior
@@ -46,7 +43,7 @@ With an interactive user signed in:
|Named proxy set by using: |Delivery Optimization successfully uses proxy |
|---------|---------|
|Internet Explorer proxy, current user | Yes |
-|Internet Explorer proxy, device-wide | Yes |
+|Internet Explorer proxy, device-wide | Yes |
|netsh proxy | No |
|Both Internet Explorer proxy (current user) *and* netsh proxy | Yes, Internet Explorer proxy is used |
|Both Internet Explorer proxy (device-wide) *and* netsh proxy | Yes, Internet Explorer proxy is used |
@@ -56,7 +53,7 @@ With NetworkService (if unable to obtain a user token from a signed-in user):
|Named proxy set by using: |Delivery Optimization successfully uses proxy |
|---------|---------|
|Internet Explorer proxy, current user | No |
-|Internet Explorer proxy, device-wide | Yes |
+|Internet Explorer proxy, device-wide | Yes |
|netsh proxy | Yes |
|Both Internet Explorer proxy (current user) *and* netsh proxy | Yes, netsh proxy is used |
|Both Internet Explorer proxy (device-wide) *and* netsh proxy | Yes, netsh proxy is used |
@@ -73,10 +70,10 @@ This policy is meant to ensure that proxy settings apply uniformly to the same c
Starting with Windows 10, version 2004, you can use Connected Cache behind a proxy. In older versions, when you set Delivery Optimization to download from Connected Cache, it will bypass the proxy and try to connect directly to the Connected Cache server. This can cause failure to download.
-However, you can set the Connected Cache server to use an unauthenticated proxy. For more information, see [Microsoft Connected Cache in Configuration Manager](/mem/configmgr/core/plan-design/hierarchy/microsoft-connected-cache#prerequisites-and-limitations).
+However, you can set the Connected Cache server to use an unauthenticated proxy. For more information, see [Microsoft Connected Cache in Configuration Manager](/mem/configmgr/core/plan-design/hierarchy/microsoft-connected-cache#prerequisites-and-limitations).
- ## Related articles
+## Related articles
-- [How can I configure Proxy AutoConfigURL Setting using Group Policy Preference (GPP)?](/archive/blogs/askie/how-can-i-configure-proxy-autoconfigurl-setting-using-group-policy-preference-gpp)
-- [How to use GPP Registry to uncheck automatically detect settings? ](/archive/blogs/askie/how-to-use-gpp-registry-to-uncheck-automatically-detect-settings)
-- [How to configure a proxy server URL and Port using GPP Registry?](/archive/blogs/askie/how-to-configure-a-proxy-server-url-and-port-using-gpp-registry)
\ No newline at end of file
+- [How can I configure Proxy AutoConfigURL Setting using Group Policy Preference (GPP)?](/archive/blogs/askie/how-can-i-configure-proxy-autoconfigurl-setting-using-group-policy-preference-gpp)
+- [How to use GPP Registry to uncheck automatically detect settings?](/archive/blogs/askie/how-to-use-gpp-registry-to-uncheck-automatically-detect-settings)
+- [How to configure a proxy server URL and Port using GPP Registry?](/archive/blogs/askie/how-to-configure-a-proxy-server-url-and-port-using-gpp-registry)
diff --git a/windows/deployment/do/delivery-optimization-workflow.md b/windows/deployment/do/delivery-optimization-workflow.md
index f3c6ba9095..0edb9f9ba1 100644
--- a/windows/deployment/do/delivery-optimization-workflow.md
+++ b/windows/deployment/do/delivery-optimization-workflow.md
@@ -2,10 +2,7 @@
title: Delivery Optimization client-service communication explained
manager: dougeby
description: Details of how Delivery Optimization communicates with the server when content is requested to download.
-keywords: updates, downloads, network, bandwidth
ms.prod: w10
-ms.mktglfcycl: deploy
-audience: itpro
author: carmenf
ms.localizationpriority: medium
ms.author: carmenf
diff --git a/windows/deployment/do/includes/waas-delivery-optimization-monitor.md b/windows/deployment/do/includes/waas-delivery-optimization-monitor.md
new file mode 100644
index 0000000000..2828da9932
--- /dev/null
+++ b/windows/deployment/do/includes/waas-delivery-optimization-monitor.md
@@ -0,0 +1,160 @@
+---
+author: mestew
+ms.author: mstewart
+manager: dougeby
+ms.prod: w10
+ms.collection: M365-modern-desktop
+ms.topic: include
+ms.date: 04/06/2022
+ms.localizationpriority: medium
+---
+
+
+## Monitor Delivery Optimization
+
+### Windows PowerShell cmdlets
+
+**Starting in Windows 10, version 1703**, you can use new PowerShell cmdlets to check the performance of Delivery Optimization.
+
+#### Analyze usage
+
+`Get-DeliveryOptimizationStatus` returns a real-time snapshot of all current Delivery Optimization jobs.
+
+| Key | Value |
+| --- | --- |
+| File ID | A GUID that identifies the file being processed |
+| FileSize | Size of the file |
+| FileSizeInCache | Size of the file in the cache |
+| TotalBytesDownloaded | The number of bytes from any source downloaded so far |
+| PercentPeerCaching |The percentage of bytes downloaded from peers versus over HTTP |
+| BytesFromPeers | Total bytes downloaded from peer devices (sum of bytes downloaded from LAN, Group, and Internet Peers) |
+| BytesfromHTTP | Total number of bytes received over HTTP |
+| Status | Current state of the operation. Possible values are: **Downloading** (download in progress); **Complete** (download completed, but is not uploading yet); **Caching** (download completed successfully and is ready to upload or uploading); **Paused** (download/upload paused by caller) |
+| Priority | Priority of the download; values are **foreground** or **background** |
+| BytesFromCacheServer | Total number of bytes received from cache server |
+| BytesFromLanPeers | Total number of bytes received from peers found on the LAN |
+| BytesFromGroupPeers | Total number of bytes received from peers found in the group |
+| BytesFromInternetPeers | Total number of bytes received from internet peers |
+| BytesToLanPeers | Total number of bytes delivered from peers found on the LAN |
+| BytesToGroupPeers | Total number of bytes delivered from peers found in the group |
+| BytesToInternetPeers | Total number of bytes delivered from peers found on the LAN |
+| DownloadDuration | Total download time in seconds |
+| HttpConnectionCount | |
+| LanConnectionCount | |
+| GroupConnectionCount | |
+| InternetConnectionCount | |
+| DownloadMode | |
+| SourceURL | Http source for the file |
+| CacheHost | IP address for the cache server |
+| NumPeers | Indicates the total number of peers returned from the service. |
+| PredefinedCallerApplication | Indicates the last caller that initiated a request for the file. |
+| ExpireOn | The target expiration date and time for the file. |
+| IsPinned | A yes/no value indicating whether an item has been "pinned" in the cache (see `setDeliveryOptmizationStatus`). |
+
+`Get-DeliveryOptimizationPerfSnap` returns a list of key performance data:
+
+| Key | Value |
+| --- | --- |
+| FilesDownloaded | Number of files downloaded |
+| FilesUploaded | Number of files uploaded |
+| Files | |
+| TotalBytesDownloaded | Total bytes downloaded |
+| TotalBytesUploaded | Total bytes uploaded |
+| AverageDownloadSize | Average transfer size (download); that is, the number bytes downloaded divided by the number of files |
+| AverageUploadSize | Average transfer size (upload); the number of bytes uploaded divided by the number of files |
+| DownloadMode | Delivery Optimization Download mode used to deliver file |
+| CacheSizeBytes | |
+| TotalDiskBytes | |
+| AvailableDiskBytes | |
+| CpuUsagePct | |
+| MemUsageKB | |
+| NumberOfPeers | |
+| CacheHostConnections | |
+| CdnConnections | |
+| LanConnections | |
+| LinkLocalConnections | |
+| GroupConnections | |
+| InternetConnections | |
+| DownlinkBps | |
+| DownlinkUsageBps | |
+| UplinkBps | |
+| UplinkUsageBps | |
+| ForegroundDownloadRatePct | |
+| BackgroundDownloadRatePct | |
+| UploadRatePct | |
+| UplinkUsageBps | |
+| ForegroundDownloadRatePct | |
+| BackgroundDownloadRatePct | |
+| UploadRatePct | |
+| UploadCount | |
+| ForegroundDownloadCount | |
+| ForegroundDownloadsPending | |
+| BackgroundDownloadCount | |
+| BackgroundDownloadsPending | |
+
+Using the `-Verbose` option returns additional information:
+
+- Bytes from peers (per type)
+- Bytes from CDN (the number of bytes received over HTTP)
+- Average number of peer connections per download
+
+**Starting in Windows 10, version 2004**, `Get-DeliveryOptimizationStatus` has a new option `-PeerInfo` which returns a real-time list of the connected peers.
+
+Starting in Windows 10, version 1803, `Get-DeliveryOptimizationPerfSnapThisMonth` returns data similar to that from `Get-DeliveryOptimizationPerfSnap` but limited to the current calendar month.
+
+#### Manage the Delivery Optimization cache
+
+**Starting in Windows 10, version 1903:**
+
+`set-DeliveryOptimizationStatus -ExpireOn [date time]` extends the expiration of all files in the cache. You can set the expiration immediately for all files that are in the "caching" state. For files in progress ("downloading"), the expiration is applied once the download is complete. You can set the expiration up to one year from the current date and time.
+
+`set-DeliveryOptimizationStatus -ExpireOn [date time] -FileID [FileID]` extends expiration for a single specific file in the cache.
+
+You can now "pin" files to keep them persistent in the cache. You can only do this with files that are downloaded in modes 1, 2, or 3.
+
+`set-DeliveryOptimizationStatus -Pin [True] -File ID [FileID]` keeps a specific file in the cache such that it won't be deleted until the expiration date and time (which you set with `set-DeliveryOptimizationStatus -ExpireOn [date time] -FileID [FileID]`). The file is also excluded from the cache quota calculation.
+
+`set-DeliveryOptimizationStatus -Pin [False] -File ID [FileID]` "unpins" a file, so that it will be deleted when the expiration date and time are reached. The file is included in the cache quota calculation.
+
+`delete-DeliveryOptimizationCache` lets you clear files from the cache and remove all persisted data related to them. You can use these options with this cmdlet:
+
+- `-FileID` specifies a particular file to delete.
+- `-IncludePinnedFiles` deletes all files that are pinned.
+- `-Force` deletes the cache with no prompts.
+
+#### Work with Delivery Optimization logs
+
+**Starting in Windows 10, version 2004:**
+
+- `Enable-DeliveryOptimizationVerboseLogs`
+- `Disable-DeliveryOptimizationVerboseLogs`
+
+- `Get-DeliveryOptimizationLogAnalysis [ETL Logfile path] [-ListConnections]`
+
+With no options, this cmdlet returns these data:
+
+- total number of files
+- number of foreground files
+- minimum file size for it to be cached
+- number of eligible (larger than the minimum size for peering) files
+- number of files that found peers
+- number of peering files (the number of files that got at least 1 byte from peers)
+- overall efficiency
+- efficiency in the peered files
+
+Using the `-ListConnections` option returns these details about peers:
+
+- destination IP address
+- peer type
+- status code
+- bytes sent
+- bytes received
+- file ID
+
+**Starting in Windows 10, version 1803:**
+
+`Get-DeliveryOptimizationLog [-Path ] [-Flush]`
+
+If `Path` is not specified, this cmdlet reads all logs from the DoSvc log directory, which requires administrator permissions. If `Flush` is specified, the cmdlet stops DoSvc before reading logs.
+
+Log entries are written to the PowerShell pipeline as objects. To dump logs to a text file, run `Get-DeliveryOptimizationLog | Set-Content
+:::image type="content" source="images/windows-10-management-range-of-options.png" alt-text="Diagram of the path to modern IT." lightbox="images/windows-10-management-range-of-options.png":::
-As indicated in the diagram, Microsoft continues to provide support for deep manageability and security through technologies like Group Policy, Active Directory, and Microsoft Configuration Manager. It also delivers a “mobile-first, cloud-first” approach of simplified, modern management using cloud-based device management solutions such as Microsoft Enterprise Mobility + Security (EMS). Future Windows innovations, delivered through Windows as a Service, are complemented by cloud services like Microsoft Intune, Azure Active Directory, Azure Information Protection, Office 365, and the Microsoft Store for Business.
+As indicated in the diagram, Microsoft continues to provide support for deep manageability and security through technologies like group Policy, Active Directory, and Configuration Manager. It also delivers a "mobile-first, cloud-first" approach of simplified, modern management using cloud-based device management solutions such as Microsoft Enterprise Mobility + Security (EMS). Future Windows innovations, delivered through Windows as a Service, are complemented by cloud services like Microsoft Intune, Azure Active Directory, Azure Information Protection, Office 365, and the Microsoft Store for Business.
-## Deployment and Provisioning
+## Deployment and provisioning
-With Windows 10, you can continue to use traditional OS deployment, but you can also “manage out of the box.” To transform new devices into fully configured, fully managed devices, you can:
+With Windows 10, you can continue to use traditional OS deployment, but you can also "manage out of the box." To transform new devices into fully configured, fully managed devices, you can:
+- Avoid reimaging by using dynamic provisioning, enabled by a cloud-based device management service such as [Windows Autopilot](/mem/autopilot/windows-autopilot) or [Microsoft Intune](/mem/intune/fundamentals/).
-- Avoid reimaging by using dynamic provisioning, enabled by a cloud-based device management services such as [Microsoft Autopilot](/windows/deployment/windows-10-auto-pilot) or [Microsoft Intune](/mem/intune/fundamentals/).
+- Create self-contained provisioning packages built with the Windows Configuration Designer. For more information, see [Provisioning packages for Windows](/windows/configuration/provisioning-packages/provisioning-packages).
-- Create self-contained provisioning packages built with the [Windows Configuration Designer](/windows/configuration/provisioning-packages/provisioning-packages).
+- Use traditional imaging techniques such as deploying custom images using [Configuration Manager](/mem/configmgr/core/understand/introduction).
-- Use traditional imaging techniques such as deploying custom images using [Microsoft Endpoint Configuration Manager](/configmgr/core/understand/introduction).
+You have multiple options for [upgrading to Windows 10](/windows/deployment/windows-10-deployment-scenarios). For existing devices running Windows 8.1, you can use the robust in-place upgrade process for a fast, reliable move to Windows 10 while automatically preserving all the existing apps, data, and settings. This process usage can mean lower deployment costs, and improved productivity as end users can be immediately productive - everything is right where they left it. You can also use a traditional wipe-and-load approach if you prefer, using the same tools that you use today.
-You have multiple options for [upgrading to Windows 10](/windows/deployment/windows-10-deployment-scenarios). For existing devices running Windows 7 or Windows 8.1, you can use the robust in-place upgrade process for a fast, reliable move to Windows 10 while automatically preserving all the existing apps, data, and settings. This process usage can mean lower deployment costs, and improved productivity as end users can be immediately productive – everything is right where they left it. You can also use a traditional wipe-and-load approach if you prefer, using the same tools that you use today with Windows 7.
+## Identity and authentication
-## Identity and Authentication
-
-You can use Windows 10 and services like [Azure Active Directory](/azure/active-directory/fundamentals/active-directory-whatis) in new ways for cloud-based identity, authentication, and management. You can offer your users the ability to **“bring your own device” (BYOD)** or to **“choose your own device” (CYOD)** from a selection you make available. At the same time, you might be managing PCs and tablets that must be domain-joined because of specific applications or resources that are used on them.
+You can use Windows 10 and services like [Azure Active Directory](/azure/active-directory/fundamentals/active-directory-whatis) in new ways for cloud-based identity, authentication, and management. You can offer your users the ability to **"bring your own device" (BYOD)** or to **"choose your own device" (CYOD)** from a selection you make available. At the same time, you might be managing PCs and tablets that must be domain-joined because of specific applications or resources that are used on them.
You can envision user and device management as falling into these two categories:
-- **Corporate (CYOD) or personal (BYOD) devices used by mobile users for SaaS apps such as Office 365.** With Windows 10, your employees can self-provision their devices:
+- **Corporate (CYOD) or personal (BYOD) devices used by mobile users for SaaS apps such as Office 365.** With Windows 10, your employees can self-provision their devices:
- - For corporate devices, they can set up corporate access with [Azure AD Join](/azure/active-directory/devices/overview). When you offer them Azure AD Join with automatic Intune MDM enrollment, they can bring devices into a corporate-managed state in [*one step*](https://techcommunity.microsoft.com/t5/azure-active-directory-identity/windows-10-azure-ad-and-microsoft-intune-automatic-mdm/ba-p/244067), all from the cloud.
@@ -214,14 +208,14 @@ Virtual machines (VMs) must be configured to enable Windows 10 Enterprise subscr
In some instances, users may experience problems with the Windows 10/11 Enterprise E3 or E5 subscription. The most common problems that users may experience are as follows:
-- The existing Windows 10 Pro, version 1703 or 1709 operating system is not activated. This problem does not apply to Windows 10, version 1803 or later.
+- The existing Windows 10 Pro, version 1703 or 1709 operating system isn't activated. This problem doesn't apply to Windows 10, version 1803 or later.
- The Windows 10/11 Enterprise E3 or E5 subscription has lapsed or has been removed.
Use the following figures to help you troubleshoot when users experience these common problems:
- [Figure 9](#win-10-activated-subscription-active) (see the section above) illustrates a device in a healthy state, where Windows 10 Pro is activated and the Windows 10 Enterprise subscription is active.
-- [Figure 10](#win-10-not-activated) (below) illustrates a device on which Windows 10 Pro is not activated, but the Windows 10 Enterprise subscription is active.
+- [Figure 10](#win-10-not-activated) (below) illustrates a device on which Windows 10 Pro isn't activated, but the Windows 10 Enterprise subscription is active.
@@ -233,7 +227,7 @@ Use the following figures to help you troubleshoot when users experience these c
@@ -241,12 +235,12 @@ Use the following figures to help you troubleshoot when users experience these c
### Review requirements on devices
-Devices must be running Windows 10 Pro, version 1703 (or later), and be Azure Active Directory joined, or hybrid domain joined with Azure AD Connect. Customers who are federated with Azure Active Directory are also eligible. You can use the following procedures to review whether a particular device meets requirements.
+Devices must be running Windows 10 Pro, version 1703 (or later), and be Azure Active Directory-joined, or hybrid domain joined with Azure AD Connect. Customers who are federated with Azure Active Directory are also eligible. You can use the following procedures to review whether a particular device meets requirements.
-**To determine if a device is Azure Active Directory joined:**
+**To determine if a device is Azure Active Directory-joined:**
1. Open a command prompt and type **dsregcmd /status**.
-2. Review the output under Device State. If the **AzureAdJoined** status is YES, the device is Azure Active Directory joined.
+2. Review the output under Device State. If the **AzureAdJoined** status is YES, the device is Azure Active Directory-joined.
**To determine the version of Windows 10:**
@@ -258,5 +252,5 @@ If a device is running a version of Windows 10 Pro prior to version 1703 (for ex
### Delay in the activation of Enterprise License of Windows 10
-This is by design. Windows 10 and Windows 11 include a built-in cache that is used when determining upgrade eligibility, including responses that indicate that the device is not eligible for an upgrade. It can take up to four days after a qualifying purchase before the upgrade eligibility is enabled and the cache expires.
+This delay is by design. Windows 10 and Windows 11 include a built-in cache that is used when determining upgrade eligibility, including responses that indicate that the device isn't eligible for an upgrade. It can take up to four days after a qualifying purchase before the upgrade eligibility is enabled and the cache expires.
diff --git a/windows/deployment/deploy-m365.md b/windows/deployment/deploy-m365.md
index d5c45465ba..778cc5f140 100644
--- a/windows/deployment/deploy-m365.md
+++ b/windows/deployment/deploy-m365.md
@@ -5,12 +5,7 @@ manager: dougeby
ms.author: aaroncz
description: Learn about deploying Windows 10 with Microsoft 365 and how to use a free 90-day trial account to review some of the benefits of Microsoft 365.
ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: deploy
-keywords: deployment, automate, tools, configure, mdt, sccm, M365
ms.localizationpriority: medium
-audience: itpro
author: aczechowski
ms.topic: article
ms.collection: M365-modern-desktop
@@ -25,7 +20,7 @@ ms.custom: seo-marvel-apr2020
This topic provides a brief overview of Microsoft 365 and describes how to use a free 90-day trial account to review some of the benefits of Microsoft 365.
-[Microsoft 365](https://www.microsoft.com/microsoft-365) is a new offering from Microsoft that combines [Windows 10](https://www.microsoft.com/windows/features) with [Office 365](https://www.microsoft.com/microsoft-365/office-365), and [Enterprise Mobility and Security](https://www.microsoft.com/cloud-platform/enterprise-mobility-security) (EMS). See the [M365 Enterprise poster](#m365-enterprise-poster) for an overview.
+[Microsoft 365](https://www.microsoft.com/microsoft-365) is a new offering from Microsoft that combines [Windows 10](https://www.microsoft.com/windows/features) with [Office 365](https://www.microsoft.com/microsoft-365/office-365), and [Enterprise Mobility and Security](https://www.microsoft.com/cloud-platform/enterprise-mobility-security) (EMS). See the [Microsoft 365 Enterprise poster](#microsoft-365-enterprise-poster) for an overview.
For Windows 10 deployment, Microsoft 365 includes a fantastic deployment advisor that can walk you through the entire process of deploying Windows 10. The wizard supports multiple Windows 10 deployment methods, including:
@@ -40,7 +35,7 @@ For Windows 10 deployment, Microsoft 365 includes a fantastic deployment advisor
**If you already have a Microsoft services subscription account and access to the Microsoft 365 Admin Center**
From the [Microsoft 365 Admin Center](https://portal.office.com), go to Billing and then Purchase services.
-In the Enterprise Suites section of the service offerings, you will find Microsoft 365 E3 and Microsoft 365 E5 tiles.
+In the Enterprise Suites section of the service offerings, you'll find Microsoft 365 E3 and Microsoft 365 E5 tiles.
There are "Start Free Trial" options available for your selection by hovering your mouse over the tiles.
**If you do not already have a Microsoft services subscription**
@@ -50,11 +45,11 @@ You can check out the Microsoft 365 deployment advisor and other resources for f
>[!NOTE]
>If you have not run a setup guide before, you will see the **Prepare your environment** guide first. This is to make sure you have basics covered like domain verification and a method for adding users. At the end of the "Prepare your environment" guide, there will be a **Ready to continue** button that sends you to the original guide that was selected.
-1. [Obtain a free M365 trial](/office365/admin/try-or-buy-microsoft-365).
+1. [Obtain a free Microsoft 365 trial](/microsoft-365/commerce/try-or-buy-microsoft-365).
2. Check out the [Microsoft 365 deployment advisor](https://aka.ms/microsoft365setupguide).
3. Also check out the [Windows Analytics deployment advisor](/mem/configmgr/desktop-analytics/overview). This advisor will walk you through deploying [Desktop Analytics](/mem/configmgr/desktop-analytics/overview).
-That's all there is to it!
+That's all there's to it!
Examples of these two deployment advisors are shown below.
@@ -67,9 +62,9 @@ Examples of these two deployment advisors are shown below.
## Windows Analytics deployment advisor example
-## M365 Enterprise poster
+## Microsoft 365 Enterprise poster
-[](https://aka.ms/m365eposter)
+[](https://aka.ms/m365eposter)
## Related Topics
diff --git a/windows/deployment/deploy-whats-new.md b/windows/deployment/deploy-whats-new.md
index e534cf8937..55f1a653a6 100644
--- a/windows/deployment/deploy-whats-new.md
+++ b/windows/deployment/deploy-whats-new.md
@@ -3,13 +3,8 @@ title: What's new in Windows client deployment
manager: dougeby
ms.author: aaroncz
description: Use this article to learn about new solutions and online content related to deploying Windows in your organization.
-keywords: deployment, automate, tools, configure, news
-ms.mktglfcycl: deploy
ms.localizationpriority: medium
ms.prod: w10
-ms.sitesec: library
-ms.pagetype: deploy
-audience: itpro
author: aczechowski
ms.topic: article
ms.custom: seo-marvel-apr2020
@@ -47,7 +42,7 @@ The [Windows ADK for Windows 11](/windows-hardware/get-started/adk-install) is a
New capabilities are available for [Delivery Optimization](#delivery-optimization) and [Windows Update for Business](#windows-update-for-business).