diff --git a/windows/client-management/mdm/activesync-ddf-file.md b/windows/client-management/mdm/activesync-ddf-file.md
index b32ae659db..b48213ce4d 100644
--- a/windows/client-management/mdm/activesync-ddf-file.md
+++ b/windows/client-management/mdm/activesync-ddf-file.md
@@ -1,7 +1,7 @@
---
title: ActiveSync DDF file
description: View the XML file containing the device description framework (DDF) for the ActiveSync configuration service provider.
-ms.date: 01/18/2024
+ms.date: 04/10/2024
---
@@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the A
10.0.10240
1.0
- 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;
+ 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;
diff --git a/windows/client-management/mdm/applocker-ddf-file.md b/windows/client-management/mdm/applocker-ddf-file.md
index 11f10bf906..f712663818 100644
--- a/windows/client-management/mdm/applocker-ddf-file.md
+++ b/windows/client-management/mdm/applocker-ddf-file.md
@@ -1,7 +1,7 @@
---
title: AppLocker DDF file
description: View the XML file containing the device description framework (DDF) for the AppLocker configuration service provider.
-ms.date: 01/18/2024
+ms.date: 04/10/2024
---
@@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the A
10.0.10586
1.0
- 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;
+ 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;
diff --git a/windows/client-management/mdm/assignedaccess-csp.md b/windows/client-management/mdm/assignedaccess-csp.md
index df25725c5a..cc69b6bb5a 100644
--- a/windows/client-management/mdm/assignedaccess-csp.md
+++ b/windows/client-management/mdm/assignedaccess-csp.md
@@ -1,7 +1,7 @@
---
title: AssignedAccess CSP
description: Learn more about the AssignedAccess CSP.
-ms.date: 02/29/2024
+ms.date: 04/10/2024
---
@@ -14,7 +14,6 @@ ms.date: 02/29/2024
The AssignedAccess configuration service provider (CSP) is used to configure a kiosk or restricted user experience. Once the CSP is executed, the next user login that is associated with the Assigned Access profile puts the device into the kiosk mode specified in the CSP configuration.
To learn more about how to configure Assigned Access, see [Configure kiosks and restricted user experiences](/windows/configuration/assigned-access).
-
@@ -51,7 +50,6 @@ This node accepts an AssignedAccessConfiguration xml as input.
To learn how to configure xml file, see [Create an Assigned Access configuration XML file](/windows/configuration/assigned-access/configuration-file)
-
diff --git a/windows/client-management/mdm/assignedaccess-ddf.md b/windows/client-management/mdm/assignedaccess-ddf.md
index f5e0e84d26..5b113fb30f 100644
--- a/windows/client-management/mdm/assignedaccess-ddf.md
+++ b/windows/client-management/mdm/assignedaccess-ddf.md
@@ -1,7 +1,7 @@
---
title: AssignedAccess DDF file
description: View the XML file containing the device description framework (DDF) for the AssignedAccess configuration service provider.
-ms.date: 01/18/2024
+ms.date: 04/10/2024
---
@@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the A
10.0.10240
1.0
- 0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;
+ 0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;
@@ -54,7 +54,7 @@ The following XML file contains the device description framework (DDF) for the A
This node can accept and return json string which comprises of account name, and AUMID for Kiosk mode app.
-Example: {"User":"domain\\user", "AUMID":"Microsoft.WindowsCalculator_8wekyb3d8bbwe!App"}.
+Example: {"User":"domain\\user", "AUMID":"Microsoft.WindowsCalculator_8wekyb3d8bbwe!App"}.
When configuring kiosk mode app, account name will be used to find the target user. Account name includes domain name and user name. Domain name can be optional if user name is unique across the system. For a local account, domain name should be machine name. When "Get" is executed on this node, domain name is always returned in the output.
diff --git a/windows/client-management/mdm/bitlocker-ddf-file.md b/windows/client-management/mdm/bitlocker-ddf-file.md
index 5f89c0bace..738dea71d0 100644
--- a/windows/client-management/mdm/bitlocker-ddf-file.md
+++ b/windows/client-management/mdm/bitlocker-ddf-file.md
@@ -1,7 +1,7 @@
---
title: BitLocker DDF file
description: View the XML file containing the device description framework (DDF) for the BitLocker configuration service provider.
-ms.date: 01/18/2024
+ms.date: 04/10/2024
---
@@ -39,7 +39,7 @@ The following XML file contains the device description framework (DDF) for the B
10.0.15063
1.0
- 0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;
+ 0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;
@@ -142,7 +142,7 @@ The following XML file contains the device description framework (DDF) for the B
If you disable or do not configure this policy setting, BitLocker will use the default encryption method of XTS-AES 128-bit or the encryption method specified by any setup script.”
The format is string.
Sample value for this node to enable this policy and set the encryption methods is:
-
+
EncryptionMethodWithXtsOsDropDown_Name = Select the encryption method for operating system drives.
EncryptionMethodWithXtsFdvDropDown_Name = Select the encryption method for fixed data drives.
@@ -194,7 +194,7 @@ The following XML file contains the device description framework (DDF) for the B
Note: If you want to require the use of a startup PIN and a USB flash drive, you must configure BitLocker settings using the command-line tool manage-bde instead of the BitLocker Drive Encryption setup wizard.
The format is string.
Sample value for this node to enable this policy is:
-
+
ConfigureNonTPMStartupKeyUsage_Name = Allow BitLocker without a compatible TPM (requires a password or a startup key on a USB flash drive)
All of the below settings are for computers with a TPM.
@@ -250,7 +250,7 @@ The following XML file contains the device description framework (DDF) for the B
NOTE: If minimum PIN length is set below 6 digits, Windows will attempt to update the TPM 2.0 lockout period to be greater than the default when a PIN is changed. If successful, Windows will only reset the TPM lockout period back to default if the TPM is reset.
The format is string.
Sample value for this node to enable this policy is:
-
+
Disabling the policy will let the system choose the default behaviors.
If you want to disable this policy use the following SyncML:
@@ -291,7 +291,7 @@ The following XML file contains the device description framework (DDF) for the B
Note: Not all characters and languages are supported in pre-boot. It is strongly recommended that you test that the characters you use for the custom message or URL appear correctly on the pre-boot recovery screen.
The format is string.
Sample value for this node to enable this policy is:
-
+
The possible values for 'xx' are:
0 = Empty
@@ -344,7 +344,7 @@ The following XML file contains the device description framework (DDF) for the B
If this policy setting is disabled or not configured, the default recovery options are supported for BitLocker recovery. By default a DRA is allowed, the recovery options can be specified by the user including the recovery password and recovery key, and recovery information is not backed up to AD DS.
The format is string.
Sample value for this node to enable this policy is:
-
+
The possible values for 'xx' are:
true = Explicitly allow
@@ -402,7 +402,7 @@ The following XML file contains the device description framework (DDF) for the B
If you enable this policy setting, you can control the methods available to users to recover data from BitLocker-protected fixed data drives.
The format is string.
Sample value for this node to enable this policy is:
-
+
The possible values for 'xx' are:
true = Explicitly allow
@@ -454,7 +454,7 @@ The following XML file contains the device description framework (DDF) for the B
If you disable or do not configure this policy setting, all fixed data drives on the computer will be mounted with read and write access.
The format is string.
Sample value for this node to enable this policy is:
-
+
Disabling the policy will let the system choose the default behaviors.
If you want to disable this policy use the following SyncML:
@@ -495,7 +495,7 @@ The following XML file contains the device description framework (DDF) for the B
Note: This policy setting can be overridden by the group policy settings under User Configuration\Administrative Templates\System\Removable Storage Access. If the "Removable Disks: Deny write access" group policy setting is enabled this policy setting will be ignored.
The format is string.
Sample value for this node to enable this policy is:
-
+
The possible values for 'xx' are:
true = Explicitly allow
@@ -575,7 +575,7 @@ The following XML file contains the device description framework (DDF) for the B
require reinstallation of Windows.
Note: This policy takes effect only if "RequireDeviceEncryption" policy is set to 1.
The format is integer.
- The expected values for this policy are:
+ The expected values for this policy are:
1 = This is the default, when the policy is not set. Warning prompt and encryption notification is allowed.
0 = Disables the warning prompt and encryption notification. Starting in Windows 10, next major update,
@@ -623,7 +623,7 @@ The following XML file contains the device description framework (DDF) for the B
If "AllowWarningForOtherDiskEncryption" is not set, or is set to "1", "RequireDeviceEncryption" policy will not try to encrypt drive(s) if a standard user
is the current logged on user in the system.
- The expected values for this policy are:
+ The expected values for this policy are:
1 = "RequireDeviceEncryption" policy will try to enable encryption on all fixed drives even if a current logged in user is standard user.
0 = This is the default, when the policy is not set. If current logged on user is a standard user, "RequireDeviceEncryption" policy
@@ -741,7 +741,7 @@ The policy only comes into effect when Active Directory backup for a recovery pa
* status\RotateRecoveryPasswordsStatus
* status\RotateRecoveryPasswordsRequestID
-
+
Supported Values: String form of request ID. Example format of request ID is GUID. Server can choose the format as needed according to the management tools.\
diff --git a/windows/client-management/mdm/clientcertificateinstall-csp.md b/windows/client-management/mdm/clientcertificateinstall-csp.md
index af84e44ec7..89b0a33e28 100644
--- a/windows/client-management/mdm/clientcertificateinstall-csp.md
+++ b/windows/client-management/mdm/clientcertificateinstall-csp.md
@@ -1,7 +1,7 @@
---
title: ClientCertificateInstall CSP
description: Learn more about the ClientCertificateInstall CSP.
-ms.date: 01/31/2024
+ms.date: 04/10/2024
---
@@ -9,6 +9,8 @@ ms.date: 01/31/2024
# ClientCertificateInstall CSP
+[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
+
The ClientCertificateInstall configuration service provider enables the enterprise to install client certificates. A client certificate has a unique ID, which is the *\[UniqueID\]* for this configuration. Each client certificate must have different UniqueIDs for the SCEP enrollment request.
@@ -38,6 +40,7 @@ The following list shows the ClientCertificateInstall configuration service prov
- [ErrorCode](#devicescepuniqueiderrorcode)
- [Install](#devicescepuniqueidinstall)
- [AADKeyIdentifierList](#devicescepuniqueidinstallaadkeyidentifierlist)
+ - [AttestPrivateKey](#devicescepuniqueidinstallattestprivatekey)
- [CAThumbprint](#devicescepuniqueidinstallcathumbprint)
- [Challenge](#devicescepuniqueidinstallchallenge)
- [ContainerName](#devicescepuniqueidinstallcontainername)
@@ -76,6 +79,7 @@ The following list shows the ClientCertificateInstall configuration service prov
- [ErrorCode](#userscepuniqueiderrorcode)
- [Install](#userscepuniqueidinstall)
- [AADKeyIdentifierList](#userscepuniqueidinstallaadkeyidentifierlist)
+ - [AttestPrivateKey](#userscepuniqueidinstallattestprivatekey)
- [CAThumbprint](#userscepuniqueidinstallcathumbprint)
- [Challenge](#userscepuniqueidinstallchallenge)
- [ContainerName](#userscepuniqueidinstallcontainername)
@@ -828,6 +832,45 @@ Optional. Specify the Microsoft Entra ID Key Identifier List as a semicolon sepa
+
+##### Device/SCEP/{UniqueID}/Install/AttestPrivateKey
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```Device
+./Device/Vendor/MSFT/ClientCertificateInstall/SCEP/{UniqueID}/Install/AttestPrivateKey
+```
+
+
+
+
+Defines the attest SCEP private key behavior 0 - normal, 1 - best effort, 2 - on error, fail the installation.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Get |
+
+
+
+
+
+
+
+
##### Device/SCEP/{UniqueID}/Install/CAThumbprint
@@ -2402,6 +2445,55 @@ Optional. Specify the Microsoft Entra ID Key Identifier List as a semicolon sepa
+
+##### User/SCEP/{UniqueID}/Install/AttestPrivateKey
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```User
+./User/Vendor/MSFT/ClientCertificateInstall/SCEP/{UniqueID}/Install/AttestPrivateKey
+```
+
+
+
+
+Defines the attest SCEP private key behavior 0 - normal, 1 - best effort, 2 - on error, fail the installation.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Get |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 | Don't attest private key. |
+| 1 | Attest key, but in case attestation failed, best effort approach - CSR is sent to the server. |
+| 2 | Attest key, but in case attestation failed, fail fast (i.e release the key and not issue a CSR to the server). |
+
+
+
+
+
+
+
+
##### User/SCEP/{UniqueID}/Install/CAThumbprint
diff --git a/windows/client-management/mdm/clientcertificateinstall-ddf-file.md b/windows/client-management/mdm/clientcertificateinstall-ddf-file.md
index 7648af9a26..2d9b0700a3 100644
--- a/windows/client-management/mdm/clientcertificateinstall-ddf-file.md
+++ b/windows/client-management/mdm/clientcertificateinstall-ddf-file.md
@@ -1,7 +1,7 @@
---
title: ClientCertificateInstall DDF file
description: View the XML file containing the device description framework (DDF) for the ClientCertificateInstall configuration service provider.
-ms.date: 01/31/2024
+ms.date: 04/10/2024
---
@@ -72,8 +72,8 @@ The following XML file contains the device description framework (DDF) for the C
- Required for PFX certificate installation. A unique ID to differentiate different certificate install requests.
-Format is node.
+ Required for PFX certificate installation. A unique ID to differentiate different certificate install requests.
+Format is node.
Calling Delete on the this node, should delete the certificates and the keys that were installed by the corresponding PFX blob.
@@ -143,7 +143,7 @@ Calling Delete on the this node, should delete the certificates and the keys tha
- Optional.
+ Optional.
Specifies the NGC container name (if NGC KSP is chosen for above node). If this node is not specified when NGC KSP is chosen, enrollment will fail.
@@ -169,7 +169,7 @@ Specifies the NGC container name (if NGC KSP is chosen for above node). If this
- Required.
+ Required.
CRYPT_DATA_BLOB structure that contains a PFX packet with the exported and encrypted certificates and keys. Add on this node will trigger the addition to the PFX certificate. This requires that all the other nodes under UniqueID that are parameters for PFX installation (Container Name, KeyLocation, CertPassword, fKeyExportable) are present before this is called. This will also set the Status node to the current Status of the operation.
If Add is called on this node and a blob already exists, it will fail. If Replace is called on this node, the certificates will be overwritten.
If Add is called on this node for a new PFX, the certificate will be added. If Replace is called on this node when it does not exist, this will fail.
@@ -227,7 +227,7 @@ CRYPT_DATA_BLOB on MSDN can be found at http://msdn.microsoft.com/en-us/library/
0
Optional. Used to specify if the PFX certificate password is encrypted with a certificate.
-If the value is
+If the value is
0 - Password is not encrypted
1- Password is encrypted using the MDM certificate by the MDM server
2 - Password is encrypted by a Custom Certificate by the MDM server. When this value is used here, also specify the custom store name in the PFXCertPasswordEncryptionStore node.
@@ -353,7 +353,7 @@ If the value is
- Optional.
+ Optional.
When a value of "2" is contained iin PFXCertPasswordEncryptionType, specify the store name where the certificate for decrypting the PFXCertPassword is stored.
@@ -413,7 +413,7 @@ When a value of "2" is contained iin PFXCertPasswordEncryptionType, specify the
- Required for SCEP certificate installation. A unique ID to differentiate different certificate install requests.
+ Required for SCEP certificate installation. A unique ID to differentiate different certificate install requests.
Calling Delete on the this node, should delete the corresponding SCEP certificate
@@ -560,6 +560,46 @@ Calling Delete on the this node, should delete the corresponding SCEP certificat
+
+ AttestPrivateKey
+
+
+
+
+
+ Defines the attest SCEP private key behavior 0 - normal, 1 - best effort, 2 - on error, fail the installation
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 99.9.99999
+ 9.9
+
+
+
+ 0
+ Do not attest private key
+
+
+ 1
+ Attest key, but in case attestation failed, best effort approach - CSR is sent to the server
+
+
+ 2
+ Attest key, but in case attestation failed, fail fast (i.e release the key and not issue a CSR to the server)
+
+
+
+
SubjectName
@@ -596,7 +636,7 @@ Calling Delete on the this node, should delete the corresponding SCEP certificat
3
- Optional. Specify where to keep the private key. Note that even it is protected by TPM, it is not guarded with TPM PIN.
+ Optional. Specify where to keep the private key. Note that even it is protected by TPM, it is not guarded with TPM PIN.
SCEP enrolled cert doesn’t support TPM PIN protection.
@@ -640,7 +680,7 @@ SCEP enrolled cert doesn’t support TPM PIN protection.
5
- Optional. When the SCEP server sends pending status, specify device retry waiting time in minutes.
+ Optional. When the SCEP server sends pending status, specify device retry waiting time in minutes.
Default value is: 5
The min value is 1.
@@ -725,7 +765,7 @@ The min value is 0 which means no retry.
- Required for enrollment. Specify private key length (RSA).
+ Required for enrollment. Specify private key length (RSA).
Valid value: 1024, 2048, 4096. For NGC, only 2048 is the supported keylength.
@@ -764,7 +804,7 @@ Valid value: 1024, 2048, 4096. For NGC, only 2048 is the supported keylength.
- Required for enrollment. Hash algorithm family (SHA-1, SHA-2, SHA-3) specified by MDM server. If multiple hash algorithm families are specified, they must be separated via +.
+ Required for enrollment. Hash algorithm family (SHA-1, SHA-2, SHA-3) specified by MDM server. If multiple hash algorithm families are specified, they must be separated via +.
For NGC, only SHA256 is supported as the supported algorithm
@@ -845,7 +885,7 @@ For NGC, only SHA256 is supported as the supported algorithm
Days
- Optional. Specify the units for valid period. Valid values are: Days(Default), Months, Years.
+ Optional. Specify the units for valid period. Valid values are: Days(Default), Months, Years.
MDM server expected certificate validation period (ValidPeriodUnits + ValidPerio) the SCEP server as part of certificate enrollment request. It is the server’s decision on how to use this valid period to create the certificate.
@@ -885,7 +925,7 @@ MDM server expected certificate validation period (ValidPeriodUnits + ValidPerio
0
- Optional. Specify desired number of units used in validity period. Subjected to SCEP server configuration. Default is 0. The units are defined in ValidPeriod node. Note the valid period specified by MDM will overwrite the valid period specified in cert template. For example, if ValidPeriod is days and ValidPeriodUnits is 30, it means the total valid duration is 30 days.
+ Optional. Specify desired number of units used in validity period. Subjected to SCEP server configuration. Default is 0. The units are defined in ValidPeriod node. Note the valid period specified by MDM will overwrite the valid period specified in cert template. For example, if ValidPeriod is days and ValidPeriodUnits is 30, it means the total valid duration is 30 days.
NOTE: The device only sends the MDM server expected certificate validation period (ValidPeriodUnits + ValidPerio) the SCEP server as part of certificate enrollment request. It is the server’s decision on how to use this valid period to create the certificate.
@@ -912,7 +952,7 @@ NOTE: The device only sends the MDM server expected certificate validation perio
- Optional.
+ Optional.
Specifies the NGC container name (if NGC KSP is chosen for above node). If this node is not specified when NGC KSP is chosen, enrollment will fail.
@@ -1155,8 +1195,8 @@ Valid values are:
- Required for PFX certificate installation. A unique ID to differentiate different certificate install requests.
-Format is node.
+ Required for PFX certificate installation. A unique ID to differentiate different certificate install requests.
+Format is node.
Calling Delete on the this node, should delete the certificates and the keys that were installed by the corresponding PFX blob.
@@ -1226,7 +1266,7 @@ Calling Delete on the this node, should delete the certificates and the keys tha
- Optional.
+ Optional.
Specifies the NGC container name (if NGC KSP is chosen for above node). If this node is not specified when NGC KSP is chosen, enrollment will fail.
@@ -1252,7 +1292,7 @@ Specifies the NGC container name (if NGC KSP is chosen for above node). If this
- Required.
+ Required.
CRYPT_DATA_BLOB structure that contains a PFX packet with the exported and encrypted certificates and keys. Add on this node will trigger the addition to the PFX certificate. This requires that all the other nodes under UniqueID that are parameters for PFX installation (Container Name, KeyLocation, CertPassword, fKeyExportable) are present before this is called. This will also set the Status node to the current Status of the operation.
If Add is called on this node and a blob already exists, it will fail. If Replace is called on this node, the certificates will be overwritten.
If Add is called on this node for a new PFX, the certificate will be added. If Replace is called on this node when it does not exist, this will fail.
@@ -1310,7 +1350,7 @@ CRYPT_DATA_BLOB on MSDN can be found at http://msdn.microsoft.com/en-us/library/
0
Optional. Used to specify if the PFX certificate password is encrypted with a certificate.
-If the value is
+If the value is
0 - Password is not encrypted
1- Password is encrypted using the MDM certificate by the MDM server
2 - Password is encrypted by a Custom Certificate by the MDM server. When this value is used here, also specify the custom store name in the PFXCertPasswordEncryptionStore node.
@@ -1436,7 +1476,7 @@ If the value is
- Optional.
+ Optional.
When a value of "2" is contained iin PFXCertPasswordEncryptionType, specify the store name where the certificate for decrypting the PFXCertPassword is stored.
@@ -1496,7 +1536,7 @@ When a value of "2" is contained iin PFXCertPasswordEncryptionType, specify the
- Required for SCEP certificate installation. A unique ID to differentiate different certificate install requests.
+ Required for SCEP certificate installation. A unique ID to differentiate different certificate install requests.
Calling Delete on the this node, should delete the corresponding SCEP certificate
@@ -1643,6 +1683,34 @@ Calling Delete on the this node, should delete the corresponding SCEP certificat
+
+ AttestPrivateKey
+
+
+
+
+
+ Defines the attest SCEP private key behavior 0 - normal, 1 - best effort, 2 - on error, fail the installation
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 99.9.99999
+ 9.9
+
+
+
+
+
SubjectName
@@ -1679,7 +1747,7 @@ Calling Delete on the this node, should delete the corresponding SCEP certificat
3
- Optional. Specify where to keep the private key. Note that even it is protected by TPM, it is not guarded with TPM PIN.
+ Optional. Specify where to keep the private key. Note that even it is protected by TPM, it is not guarded with TPM PIN.
SCEP enrolled cert doesn’t support TPM PIN protection.
@@ -1723,7 +1791,7 @@ SCEP enrolled cert doesn’t support TPM PIN protection.
5
- Optional. When the SCEP server sends pending status, specify device retry waiting time in minutes.
+ Optional. When the SCEP server sends pending status, specify device retry waiting time in minutes.
Default value is: 5
The min value is 1.
@@ -1808,7 +1876,7 @@ The min value is 0 which means no retry.
- Required for enrollment. Specify private key length (RSA).
+ Required for enrollment. Specify private key length (RSA).
Valid value: 1024, 2048, 4096. For NGC, only 2048 is the supported keylength.
@@ -1847,7 +1915,7 @@ Valid value: 1024, 2048, 4096. For NGC, only 2048 is the supported keylength.
- Required for enrollment. Hash algorithm family (SHA-1, SHA-2, SHA-3) specified by MDM server. If multiple hash algorithm families are specified, they must be separated via +.
+ Required for enrollment. Hash algorithm family (SHA-1, SHA-2, SHA-3) specified by MDM server. If multiple hash algorithm families are specified, they must be separated via +.
For NGC, only SHA256 is supported as the supported algorithm
@@ -1928,7 +1996,7 @@ For NGC, only SHA256 is supported as the supported algorithm
Days
- Optional. Specify the units for valid period. Valid values are: Days(Default), Months, Years.
+ Optional. Specify the units for valid period. Valid values are: Days(Default), Months, Years.
MDM server expected certificate validation period (ValidPeriodUnits + ValidPerio) the SCEP server as part of certificate enrollment request. It is the server’s decision on how to use this valid period to create the certificate.
@@ -1968,7 +2036,7 @@ MDM server expected certificate validation period (ValidPeriodUnits + ValidPerio
0
- Optional. Specify desired number of units used in validity period. Subjected to SCEP server configuration. Default is 0. The units are defined in ValidPeriod node. Note the valid period specified by MDM will overwrite the valid period specified in cert template. For example, if ValidPeriod is days and ValidPeriodUnits is 30, it means the total valid duration is 30 days.
+ Optional. Specify desired number of units used in validity period. Subjected to SCEP server configuration. Default is 0. The units are defined in ValidPeriod node. Note the valid period specified by MDM will overwrite the valid period specified in cert template. For example, if ValidPeriod is days and ValidPeriodUnits is 30, it means the total valid duration is 30 days.
NOTE: The device only sends the MDM server expected certificate validation period (ValidPeriodUnits + ValidPerio) the SCEP server as part of certificate enrollment request. It is the server’s decision on how to use this valid period to create the certificate.
@@ -1995,7 +2063,7 @@ NOTE: The device only sends the MDM server expected certificate validation perio
- Optional.
+ Optional.
Specifies the NGC container name (if NGC KSP is chosen for above node). If this node is not specified when NGC KSP is chosen, enrollment will fail.
diff --git a/windows/client-management/mdm/declaredconfiguration-ddf-file.md b/windows/client-management/mdm/declaredconfiguration-ddf-file.md
index 22f6c58926..95751f45be 100644
--- a/windows/client-management/mdm/declaredconfiguration-ddf-file.md
+++ b/windows/client-management/mdm/declaredconfiguration-ddf-file.md
@@ -1,7 +1,7 @@
---
title: DeclaredConfiguration DDF file
description: View the XML file containing the device description framework (DDF) for the DeclaredConfiguration configuration service provider.
-ms.date: 01/18/2024
+ms.date: 04/10/2024
---
@@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the D
99.9.99999
9.9
- 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;
+ 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;
diff --git a/windows/client-management/mdm/devdetail-ddf-file.md b/windows/client-management/mdm/devdetail-ddf-file.md
index d51d3417ab..6f562d58b4 100644
--- a/windows/client-management/mdm/devdetail-ddf-file.md
+++ b/windows/client-management/mdm/devdetail-ddf-file.md
@@ -1,7 +1,7 @@
---
title: DevDetail DDF file
description: View the XML file containing the device description framework (DDF) for the DevDetail configuration service provider.
-ms.date: 01/18/2024
+ms.date: 04/10/2024
---
@@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the D
10.0.10586
1.0
- 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;
+ 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;
diff --git a/windows/client-management/mdm/devicemanageability-ddf.md b/windows/client-management/mdm/devicemanageability-ddf.md
index e8d4b8243d..cecd7dd921 100644
--- a/windows/client-management/mdm/devicemanageability-ddf.md
+++ b/windows/client-management/mdm/devicemanageability-ddf.md
@@ -1,7 +1,7 @@
---
title: DeviceManageability DDF file
description: View the XML file containing the device description framework (DDF) for the DeviceManageability configuration service provider.
-ms.date: 01/18/2024
+ms.date: 04/10/2024
---
@@ -42,7 +42,7 @@ The following XML file contains the device description framework (DDF) for the D
10.0.14393
1.0
- 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;
+ 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;
diff --git a/windows/client-management/mdm/devicepreparation-csp.md b/windows/client-management/mdm/devicepreparation-csp.md
index fee0e44a1b..b93cdfd164 100644
--- a/windows/client-management/mdm/devicepreparation-csp.md
+++ b/windows/client-management/mdm/devicepreparation-csp.md
@@ -1,7 +1,7 @@
---
title: DevicePreparation CSP
description: Learn more about the DevicePreparation CSP.
-ms.date: 01/31/2024
+ms.date: 04/10/2024
---
@@ -184,6 +184,15 @@ This node indicates whether the MDM agent was installed or not. When set to true
| Default Value | False |
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| false (Default) | Mdm Agent Not Installed. |
+| true | Mdm Agent Installed. |
+
+
@@ -263,6 +272,15 @@ This node indicates whether an MDM policy was provisioned that requires a reboot
| Default Value | False |
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| false (Default) | No Reboot Required. |
+| true | Reboot Required. |
+
+
@@ -303,6 +321,15 @@ This node determines whether to show the Device Preparation page during OOBE.
| Default Value | false |
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| false (Default) | Disable Page. |
+| true | Enable Page. |
+
+
diff --git a/windows/client-management/mdm/devicepreparation-ddf-file.md b/windows/client-management/mdm/devicepreparation-ddf-file.md
index cdccc95934..06ec069113 100644
--- a/windows/client-management/mdm/devicepreparation-ddf-file.md
+++ b/windows/client-management/mdm/devicepreparation-ddf-file.md
@@ -1,7 +1,7 @@
---
title: DevicePreparation DDF file
description: View the XML file containing the device description framework (DDF) for the DevicePreparation configuration service provider.
-ms.date: 01/31/2024
+ms.date: 04/10/2024
---
@@ -64,6 +64,16 @@ The following XML file contains the device description framework (DDF) for the D
+
+
+ false
+ Disable Page
+
+
+ true
+ Enable Page
+
+
@@ -320,6 +330,16 @@ The following XML file contains the device description framework (DDF) for the D
+
+
+ false
+ Mdm Agent Not Installed
+
+
+ true
+ Mdm Agent Installed
+
+
@@ -342,6 +362,16 @@ The following XML file contains the device description framework (DDF) for the D
+
+
+ false
+ No Reboot Required
+
+
+ true
+ Reboot Required
+
+
diff --git a/windows/client-management/mdm/devicestatus-ddf.md b/windows/client-management/mdm/devicestatus-ddf.md
index 5ddde61818..2eaff3d375 100644
--- a/windows/client-management/mdm/devicestatus-ddf.md
+++ b/windows/client-management/mdm/devicestatus-ddf.md
@@ -1,7 +1,7 @@
---
title: DeviceStatus DDF file
description: View the XML file containing the device description framework (DDF) for the DeviceStatus configuration service provider.
-ms.date: 01/18/2024
+ms.date: 04/10/2024
---
@@ -39,7 +39,7 @@ The following XML file contains the device description framework (DDF) for the D
10.0.10586
1.0
- 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;
+ 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;
diff --git a/windows/client-management/mdm/devinfo-ddf-file.md b/windows/client-management/mdm/devinfo-ddf-file.md
index 37290dd8ca..ff9195ba0d 100644
--- a/windows/client-management/mdm/devinfo-ddf-file.md
+++ b/windows/client-management/mdm/devinfo-ddf-file.md
@@ -1,7 +1,7 @@
---
title: DevInfo DDF file
description: View the XML file containing the device description framework (DDF) for the DevInfo configuration service provider.
-ms.date: 01/18/2024
+ms.date: 04/10/2024
---
@@ -41,7 +41,7 @@ The following XML file contains the device description framework (DDF) for the D
10.0.10586
1.0
- 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;
+ 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;
diff --git a/windows/client-management/mdm/diagnosticlog-ddf.md b/windows/client-management/mdm/diagnosticlog-ddf.md
index 4b7a116020..9603fc932a 100644
--- a/windows/client-management/mdm/diagnosticlog-ddf.md
+++ b/windows/client-management/mdm/diagnosticlog-ddf.md
@@ -1,7 +1,7 @@
---
title: DiagnosticLog DDF file
description: View the XML file containing the device description framework (DDF) for the DiagnosticLog configuration service provider.
-ms.date: 01/18/2024
+ms.date: 04/10/2024
---
@@ -39,7 +39,7 @@ The following XML file contains the device description framework (DDF) for the D
10.0.10586
1.2
- 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;
+ 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;
diff --git a/windows/client-management/mdm/dmacc-csp.md b/windows/client-management/mdm/dmacc-csp.md
index 28cbe9c4f0..271a68b16e 100644
--- a/windows/client-management/mdm/dmacc-csp.md
+++ b/windows/client-management/mdm/dmacc-csp.md
@@ -1,7 +1,7 @@
---
title: DMAcc CSP
description: Learn more about the DMAcc CSP.
-ms.date: 01/31/2024
+ms.date: 04/10/2024
---
@@ -709,7 +709,7 @@ Specifies the authentication type. If AAuthLevel is CLCRED, the supported types
|:--|:--|
| Format | `chr` (string) |
| Access Type | Add, Get, Replace |
-| Dependency [AAuthlevelDependency] | Dependency Type: `DependsOn`
Dependency URI: `Syncml/DMAcc/[AccountUID]/AppAuth/[ObjectName]/AAuthLevel`
Dependency Allowed Value: `SRVCRED`
Dependency Allowed Value Type: `ENUM`
|
+| Dependency [AAuthlevelDependency] | Dependency Type: `DependsOn`
Dependency URI: `SyncML/DMAcc/{AccountUID}/AppAuth/{ObjectName}/AAuthLevel`
Dependency Allowed Value: `SRVCRED`
Dependency Allowed Value Type: `ENUM`
|
diff --git a/windows/client-management/mdm/dmacc-ddf-file.md b/windows/client-management/mdm/dmacc-ddf-file.md
index 96ba92429a..331ce57c5d 100644
--- a/windows/client-management/mdm/dmacc-ddf-file.md
+++ b/windows/client-management/mdm/dmacc-ddf-file.md
@@ -1,7 +1,7 @@
---
title: DMAcc DDF file
description: View the XML file containing the device description framework (DDF) for the DMAcc configuration service provider.
-ms.date: 01/31/2024
+ms.date: 04/10/2024
---
@@ -527,7 +527,7 @@ The following XML file contains the device description framework (DDF) for the D
- Syncml/DMAcc/[AccountUID]/AppAuth/[ObjectName]/AAuthLevel
+ SyncML/DMAcc/{AccountUID}/AppAuth/{ObjectName}/AAuthLevel
SRVCRED
diff --git a/windows/client-management/mdm/dmclient-csp.md b/windows/client-management/mdm/dmclient-csp.md
index 535eaf637a..dec09993f5 100644
--- a/windows/client-management/mdm/dmclient-csp.md
+++ b/windows/client-management/mdm/dmclient-csp.md
@@ -1,7 +1,7 @@
---
title: DMClient CSP
description: Learn more about the DMClient CSP.
-ms.date: 01/18/2024
+ms.date: 04/10/2024
---
@@ -632,7 +632,7 @@ This node, when it's set, tells the client to set how many minutes the device sh
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000.2836] and later
✅ Windows 11, version 22H2 [10.0.22621.3235] and later
✅ Windows Insider Preview |
@@ -671,7 +671,7 @@ Parent node for ConfigRefresh nodes.
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000.2836] and later
✅ Windows 11, version 22H2 [10.0.22621.3235] and later
✅ Windows Insider Preview |
@@ -712,7 +712,7 @@ This node determines the number of minutes between refreshes.
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000.2836] and later
✅ Windows 11, version 22H2 [10.0.22621.3235] and later
✅ Windows Insider Preview |
@@ -761,7 +761,7 @@ This node determines whether or not a periodic settings refresh for MDM policies
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000.2836] and later
✅ Windows 11, version 22H2 [10.0.22621.3235] and later
✅ Windows Insider Preview |
diff --git a/windows/client-management/mdm/dmclient-ddf-file.md b/windows/client-management/mdm/dmclient-ddf-file.md
index 64dd766397..dd09a2d66f 100644
--- a/windows/client-management/mdm/dmclient-ddf-file.md
+++ b/windows/client-management/mdm/dmclient-ddf-file.md
@@ -1,7 +1,7 @@
---
title: DMClient DDF file
description: View the XML file containing the device description framework (DDF) for the DMClient configuration service provider.
-ms.date: 01/18/2024
+ms.date: 04/10/2024
---
@@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the D
10.0.10240
1.0
- 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;
+ 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;
@@ -477,7 +477,7 @@ The following XML file contains the device description framework (DDF) for the D
10.0.10240
1.0
- 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;
+ 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;
@@ -2958,7 +2958,7 @@ The following XML file contains the device description framework (DDF) for the D
- 99.9.99999
+ 99.9.99999, 10.0.22621.3235, 10.0.22000.2836
1.6
diff --git a/windows/client-management/mdm/email2-ddf-file.md b/windows/client-management/mdm/email2-ddf-file.md
index 2b9763c045..04e33d681e 100644
--- a/windows/client-management/mdm/email2-ddf-file.md
+++ b/windows/client-management/mdm/email2-ddf-file.md
@@ -1,7 +1,7 @@
---
title: EMAIL2 DDF file
description: View the XML file containing the device description framework (DDF) for the EMAIL2 configuration service provider.
-ms.date: 01/18/2024
+ms.date: 04/10/2024
---
@@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the E
10.0.10240
1.0
- 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;
+ 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;
diff --git a/windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md b/windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md
index 3392fcb317..2ca8dc6240 100644
--- a/windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md
+++ b/windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md
@@ -1,7 +1,7 @@
---
title: EnterpriseDesktopAppManagement DDF file
description: View the XML file containing the device description framework (DDF) for the EnterpriseDesktopAppManagement configuration service provider.
-ms.date: 01/18/2024
+ms.date: 04/10/2024
---
@@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the E
10.0.10586
1.0
- 0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;
+ 0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;
@@ -400,7 +400,7 @@ The following XML file contains the device description framework (DDF) for the E
10.0.10586
1.0
- 0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;
+ 0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;
diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-csp.md b/windows/client-management/mdm/enterprisemodernappmanagement-csp.md
index 4369995a2e..831a924dde 100644
--- a/windows/client-management/mdm/enterprisemodernappmanagement-csp.md
+++ b/windows/client-management/mdm/enterprisemodernappmanagement-csp.md
@@ -1,7 +1,7 @@
---
title: EnterpriseModernAppManagement CSP
description: Learn more about the EnterpriseModernAppManagement CSP.
-ms.date: 01/18/2024
+ms.date: 04/10/2024
---
@@ -4602,7 +4602,7 @@ Specifies HoursBetweenUpdateChecks for a specific package.
| Property name | Property value |
|:--|:--|
-| Format | `bool` |
+| Format | `int` |
| Access Type | Get, Replace |
| Allowed Values | Range: `[8-10000]` |
| Default Value | 8 |
diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md b/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md
index 6afb253277..e60f2f2868 100644
--- a/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md
+++ b/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md
@@ -1,7 +1,7 @@
---
title: EnterpriseModernAppManagement DDF file
description: View the XML file containing the device description framework (DDF) for the EnterpriseModernAppManagement configuration service provider.
-ms.date: 01/18/2024
+ms.date: 04/10/2024
---
@@ -39,7 +39,7 @@ The following XML file contains the device description framework (DDF) for the E
10.0.10586
1.0
- 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;
+ 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;
@@ -2587,7 +2587,7 @@ The following XML file contains the device description framework (DDF) for the E
10.0.10586
1.0
- 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;
+ 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;
@@ -4550,7 +4550,7 @@ The following XML file contains the device description framework (DDF) for the E
8
Specifies HoursBetweenUpdateChecks for a specific package
-
+
diff --git a/windows/client-management/mdm/euiccs-ddf-file.md b/windows/client-management/mdm/euiccs-ddf-file.md
index 62059a7c7d..36803e6131 100644
--- a/windows/client-management/mdm/euiccs-ddf-file.md
+++ b/windows/client-management/mdm/euiccs-ddf-file.md
@@ -1,7 +1,7 @@
---
title: eUICCs DDF file
description: View the XML file containing the device description framework (DDF) for the eUICCs configuration service provider.
-ms.date: 01/18/2024
+ms.date: 04/10/2024
---
@@ -43,7 +43,7 @@ The following XML file contains the device description framework (DDF) for the e
10.0.16299
1.0
- 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;
+ 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;
diff --git a/windows/client-management/mdm/firewall-ddf-file.md b/windows/client-management/mdm/firewall-ddf-file.md
index 580516ab56..453ee21804 100644
--- a/windows/client-management/mdm/firewall-ddf-file.md
+++ b/windows/client-management/mdm/firewall-ddf-file.md
@@ -1,7 +1,7 @@
---
title: Firewall DDF file
description: View the XML file containing the device description framework (DDF) for the Firewall configuration service provider.
-ms.date: 01/18/2024
+ms.date: 04/10/2024
---
@@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the F
10.0.16299
1.0
- 0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;
+ 0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;
@@ -4337,6 +4337,7 @@ This is a string in Security Descriptor Definition Language (SDDL) format..
+
diff --git a/windows/client-management/mdm/language-pack-management-ddf-file.md b/windows/client-management/mdm/language-pack-management-ddf-file.md
index d2589cc4a8..af5086a30c 100644
--- a/windows/client-management/mdm/language-pack-management-ddf-file.md
+++ b/windows/client-management/mdm/language-pack-management-ddf-file.md
@@ -1,7 +1,7 @@
---
title: LanguagePackManagement DDF file
description: View the XML file containing the device description framework (DDF) for the LanguagePackManagement configuration service provider.
-ms.date: 01/18/2024
+ms.date: 04/10/2024
---
@@ -42,7 +42,7 @@ The following XML file contains the device description framework (DDF) for the L
99.9.9999
1.0
- 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;
+ 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;
diff --git a/windows/client-management/mdm/laps-ddf-file.md b/windows/client-management/mdm/laps-ddf-file.md
index d347e57374..8ed3954967 100644
--- a/windows/client-management/mdm/laps-ddf-file.md
+++ b/windows/client-management/mdm/laps-ddf-file.md
@@ -1,7 +1,7 @@
---
title: LAPS DDF file
description: View the XML file containing the device description framework (DDF) for the LAPS configuration service provider.
-ms.date: 01/31/2024
+ms.date: 04/10/2024
---
@@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the L
10.0.25145, 10.0.22621.1480, 10.0.22000.1754, 10.0.20348.1663, 10.0.19041.2784, 10.0.17763.4244
1.0
- 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBF;0xCA;0xCB;0xCD;
+ 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;
diff --git a/windows/client-management/mdm/networkproxy-ddf.md b/windows/client-management/mdm/networkproxy-ddf.md
index a7ee14b7ab..77e03cd531 100644
--- a/windows/client-management/mdm/networkproxy-ddf.md
+++ b/windows/client-management/mdm/networkproxy-ddf.md
@@ -1,7 +1,7 @@
---
title: NetworkProxy DDF file
description: View the XML file containing the device description framework (DDF) for the NetworkProxy configuration service provider.
-ms.date: 01/18/2024
+ms.date: 04/10/2024
---
@@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the N
10.0.15063
1.0
- 0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;
+ 0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;
diff --git a/windows/client-management/mdm/networkqospolicy-ddf.md b/windows/client-management/mdm/networkqospolicy-ddf.md
index 16220bc01f..0a77596722 100644
--- a/windows/client-management/mdm/networkqospolicy-ddf.md
+++ b/windows/client-management/mdm/networkqospolicy-ddf.md
@@ -1,7 +1,7 @@
---
title: NetworkQoSPolicy DDF file
description: View the XML file containing the device description framework (DDF) for the NetworkQoSPolicy configuration service provider.
-ms.date: 01/18/2024
+ms.date: 04/10/2024
---
@@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the N
10.0.19042
1.0
- 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;
+ 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;
diff --git a/windows/client-management/mdm/nodecache-ddf-file.md b/windows/client-management/mdm/nodecache-ddf-file.md
index 0dd13ab94a..80a2ad5119 100644
--- a/windows/client-management/mdm/nodecache-ddf-file.md
+++ b/windows/client-management/mdm/nodecache-ddf-file.md
@@ -1,7 +1,7 @@
---
title: NodeCache DDF file
description: View the XML file containing the device description framework (DDF) for the NodeCache configuration service provider.
-ms.date: 01/18/2024
+ms.date: 04/10/2024
---
@@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the N
10.0.15063
1.1
- 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;
+ 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;
@@ -294,7 +294,7 @@ The following XML file contains the device description framework (DDF) for the N
10.0.10586
1.0
- 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;
+ 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;
diff --git a/windows/client-management/mdm/office-ddf.md b/windows/client-management/mdm/office-ddf.md
index 1453b24f55..7714d02e5e 100644
--- a/windows/client-management/mdm/office-ddf.md
+++ b/windows/client-management/mdm/office-ddf.md
@@ -1,7 +1,7 @@
---
title: Office DDF file
description: View the XML file containing the device description framework (DDF) for the Office configuration service provider.
-ms.date: 01/18/2024
+ms.date: 04/10/2024
---
@@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the O
10.0.15063
1.0
- 0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;
+ 0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;
@@ -211,7 +211,7 @@ The following XML file contains the device description framework (DDF) for the O
10.0.15063
1.0
- 0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;
+ 0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;
diff --git a/windows/client-management/mdm/passportforwork-csp.md b/windows/client-management/mdm/passportforwork-csp.md
index 6c581a7335..d9bd9dba10 100644
--- a/windows/client-management/mdm/passportforwork-csp.md
+++ b/windows/client-management/mdm/passportforwork-csp.md
@@ -1,7 +1,7 @@
---
title: PassportForWork CSP
description: Learn more about the PassportForWork CSP.
-ms.date: 01/18/2024
+ms.date: 04/10/2024
---
@@ -197,8 +197,8 @@ Disable caching of the Windows Hello for Business credential after sign-in.
| Value | Description |
|:--|:--|
-| false (Default) | Disabled. |
-| true | Enabled. |
+| false (Default) | Credential Caching Enabled. |
+| true | Credential Caching Disabled. |
@@ -246,8 +246,8 @@ Don't start Windows Hello provisioning after sign-in.
| Value | Description |
|:--|:--|
-| false (Default) | Post Logon Provisioning Enabled. |
-| true | Post Logon Provisioning Disabled. |
+| false (Default) | Provisioning Enabled. |
+| true | Provisioning Disabled. |
diff --git a/windows/client-management/mdm/passportforwork-ddf.md b/windows/client-management/mdm/passportforwork-ddf.md
index 92e080ba93..0c1cf45b97 100644
--- a/windows/client-management/mdm/passportforwork-ddf.md
+++ b/windows/client-management/mdm/passportforwork-ddf.md
@@ -1,7 +1,7 @@
---
title: PassportForWork DDF file
description: View the XML file containing the device description framework (DDF) for the PassportForWork configuration service provider.
-ms.date: 01/18/2024
+ms.date: 04/10/2024
---
@@ -39,7 +39,7 @@ The following XML file contains the device description framework (DDF) for the P
10.0.10586
1.2
- 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;
+ 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;
@@ -565,7 +565,7 @@ If you do not configure this policy setting, Windows Hello for Business requires
10.0.10586
1.2
- 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;
+ 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;
@@ -876,11 +876,11 @@ If you disable or do not configure this policy setting, the PIN recovery secret
false
- Post Logon Provisioning Enabled
+ Provisioning Enabled
true
- Post Logon Provisioning Disabled
+ Provisioning Disabled
@@ -915,11 +915,11 @@ If you disable or do not configure this policy setting, the PIN recovery secret
false
- Disabled
+ Credential Caching Enabled
true
- Enabled
+ Credential Caching Disabled
@@ -934,7 +934,7 @@ If you disable or do not configure this policy setting, the PIN recovery secret
False
- Windows Hello for Business can use certificates to authenticate to on-premise resources.
+ Windows Hello for Business can use certificates to authenticate to on-premise resources.
If you enable this policy setting, Windows Hello for Business will wait until the device has received a certificate payload from the mobile device management server before provisioning a PIN.
diff --git a/windows/client-management/mdm/personaldataencryption-ddf-file.md b/windows/client-management/mdm/personaldataencryption-ddf-file.md
index 8cd2a70919..f4f4cd55fc 100644
--- a/windows/client-management/mdm/personaldataencryption-ddf-file.md
+++ b/windows/client-management/mdm/personaldataencryption-ddf-file.md
@@ -1,7 +1,7 @@
---
title: PDE DDF file
description: View the XML file containing the device description framework (DDF) for the PDE configuration service provider.
-ms.date: 01/18/2024
+ms.date: 04/10/2024
---
@@ -39,7 +39,7 @@ The following XML file contains the device description framework (DDF) for the P
10.0.22621
1.0
- 0x4;0x1B;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0xAB;0xAC;0xBC;0xBF;0xCD;0xCF;
+ 0x4;0x1B;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0xAB;0xAC;0xBC;0xBF;0xCD;0xCF;0xD2;
diff --git a/windows/client-management/mdm/personalization-csp.md b/windows/client-management/mdm/personalization-csp.md
index 614e47b8a9..bf0dff0947 100644
--- a/windows/client-management/mdm/personalization-csp.md
+++ b/windows/client-management/mdm/personalization-csp.md
@@ -1,7 +1,7 @@
---
title: Personalization CSP
description: Learn more about the Personalization CSP.
-ms.date: 03/05/2024
+ms.date: 04/10/2024
---
@@ -9,6 +9,8 @@ ms.date: 03/05/2024
# Personalization CSP
+[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
+
The Personalization CSP can set the lock screen, desktop background images and company branding on sign-in screen ([BootToCloud mode](policy-csp-clouddesktop.md#boottocloudmode) only). Setting these policies also prevents the user from changing the image. You can also use the Personalization settings in a provisioning package.
@@ -36,7 +38,7 @@ The following list shows the Personalization configuration service provider node
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621.3235] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -75,7 +77,7 @@ This represents the status of the Company Logo. 1 - Successfully downloaded or c
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621.3235] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -114,7 +116,7 @@ An http or https Url to a jpg, jpeg or png image that needs to be downloaded and
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621.3235] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -125,7 +127,7 @@ An http or https Url to a jpg, jpeg or png image that needs to be downloaded and
-The name of the company to be displayed on the sign-in screen. This setting is currently available for boot to cloud shared pc mode only.
+This represents the name of the company. It can be at most 30 characters long. This setting is currently available only for boot to cloud shared pc mode to display the company name on sign-in screen.
diff --git a/windows/client-management/mdm/personalization-ddf.md b/windows/client-management/mdm/personalization-ddf.md
index 87ccb6cf93..6c5af077dd 100644
--- a/windows/client-management/mdm/personalization-ddf.md
+++ b/windows/client-management/mdm/personalization-ddf.md
@@ -1,7 +1,7 @@
---
title: Personalization DDF file
description: View the XML file containing the device description framework (DDF) for the Personalization configuration service provider.
-ms.date: 03/05/2024
+ms.date: 04/10/2024
---
@@ -42,7 +42,7 @@ The following XML file contains the device description framework (DDF) for the P
10.0.16299
1.0
- 0x4;0x1B;0x30;0x31;0x48;0x54;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;
+ 0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;
@@ -101,7 +101,7 @@ The following XML file contains the device description framework (DDF) for the P
- A http or https Url to a jpg, jpeg or png image that needs to be downloaded and used as the Lock Screen Image or a file Url to a local image on the file system that needs to be used as the Lock Screen Image.
+ A http or https Url to a jpg, jpeg or png image that neeeds to be downloaded and used as the Lock Screen Image or a file Url to a local image on the file system that needs to be used as the Lock Screen Image.
@@ -148,7 +148,7 @@ The following XML file contains the device description framework (DDF) for the P
- A http or https Url to a jpg, jpeg or png image that needs to be downloaded and used as the Company Logo or a file Url to a local image on the file system that needs to be used as the Company Logo. This setting is currently available for boot to cloud shared pc mode only.
+ A http or https Url to a jpg, jpeg or png image that neeeds to be downloaded and used as the Company Logo or a file Url to a local image on the file system that needs to be used as the Company Logo. This setting is currently available for boot to cloud shared pc mode only.
@@ -162,7 +162,7 @@ The following XML file contains the device description framework (DDF) for the P
- 10.0.22621.3235
+ 99.9.99999
2.0
@@ -189,7 +189,7 @@ The following XML file contains the device description framework (DDF) for the P
- 10.0.22621.3235
+ 99.9.99999
2.0
@@ -203,7 +203,7 @@ The following XML file contains the device description framework (DDF) for the P
- The name of the company to be displayed on the sign-in screen. This setting is currently available for boot to cloud shared pc mode only.
+ This represents the name of the company. It can be at most 30 characters long. This setting is currently available only for boot to cloud shared pc mode to display the company name on sign-in screen.
@@ -217,7 +217,7 @@ The following XML file contains the device description framework (DDF) for the P
- 10.0.22621.3235
+ 99.9.99999
2.0
diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index 254cb8d7aa..d24e808921 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -1,7 +1,7 @@
---
title: ADMX-backed policies in Policy CSP
description: Learn about the ADMX-backed policies in Policy CSP.
-ms.date: 01/31/2024
+ms.date: 04/10/2024
---
@@ -539,8 +539,6 @@ This article lists the ADMX-backed policies in Policy CSP.
- [HelpQualifiedRootDir_Comp](policy-csp-admx-help.md)
- [RestrictRunFromHelp_Comp](policy-csp-admx-help.md)
- [DisableHHDEP](policy-csp-admx-help.md)
-- [AllowChildProcesses](policy-csp-admx-help.md)
-- [HideChildProcessMessageBox](policy-csp-admx-help.md)
## ADMX_HelpAndSupport
@@ -2537,8 +2535,8 @@ This article lists the ADMX-backed policies in Policy CSP.
- [RequireSecureRPCCommunication](policy-csp-remotedesktopservices.md)
- [ClientConnectionEncryptionLevel](policy-csp-remotedesktopservices.md)
- [DoNotAllowWebAuthnRedirection](policy-csp-remotedesktopservices.md)
-- [DisconnectOnLockBasicAuthn](policy-csp-remotedesktopservices.md)
-- [DisconnectOnLockWebAccountAuthn](policy-csp-remotedesktopservices.md)
+- [DisconnectOnLockLegacyAuthn](policy-csp-remotedesktopservices.md)
+- [DisconnectOnLockMicrosoftIdentityAuthn](policy-csp-remotedesktopservices.md)
## RemoteManagement
@@ -2590,10 +2588,6 @@ This article lists the ADMX-backed policies in Policy CSP.
- [WPDDevicesDenyReadAccessPerDevice](policy-csp-storage.md)
- [WPDDevicesDenyWriteAccessPerDevice](policy-csp-storage.md)
-## Sudo
-
-- [EnableSudo](policy-csp-sudo.md)
-
## System
- [BootStartDriverInitialization](policy-csp-system.md)
diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md
index 40ec4c37e3..49d00a03bf 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md
@@ -1,7 +1,7 @@
---
title: Policies in Policy CSP supported by Group Policy
description: Learn about the policies in Policy CSP supported by Group Policy.
-ms.date: 01/31/2024
+ms.date: 04/10/2024
---
@@ -659,6 +659,10 @@ This article lists the policies in Policy CSP that have a group policy mapping.
- [ConfigStorageSenseDownloadsCleanupThreshold](policy-csp-storage.md)
- [ConfigStorageSenseCloudContentDehydrationThreshold](policy-csp-storage.md)
+## Sudo
+
+- [EnableSudo](policy-csp-sudo.md)
+
## System
- [AllowTelemetry](policy-csp-system.md)
diff --git a/windows/client-management/mdm/policy-csp-abovelock.md b/windows/client-management/mdm/policy-csp-abovelock.md
index 0c304bbebb..814a56440e 100644
--- a/windows/client-management/mdm/policy-csp-abovelock.md
+++ b/windows/client-management/mdm/policy-csp-abovelock.md
@@ -1,7 +1,7 @@
---
title: AboveLock Policy CSP
description: Learn more about the AboveLock Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 04/10/2024
---
@@ -22,7 +22,7 @@ ms.date: 01/18/2024
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device
❌ User | Deprecated | ✅ Windows 10, version 1507 [10.0.10240] and later |
diff --git a/windows/client-management/mdm/policy-csp-admx-help.md b/windows/client-management/mdm/policy-csp-admx-help.md
index ee3e45f1c6..b51b3ad8ab 100644
--- a/windows/client-management/mdm/policy-csp-admx-help.md
+++ b/windows/client-management/mdm/policy-csp-admx-help.md
@@ -1,7 +1,7 @@
---
title: ADMX_Help Policy CSP
description: Learn more about the ADMX_Help Area in Policy CSP.
-ms.date: 01/31/2024
+ms.date: 04/10/2024
---
@@ -11,62 +11,10 @@ ms.date: 01/31/2024
[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)]
-[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
-
-
-## AllowChildProcesses
-
-
-| Scope | Editions | Applicable OS |
-|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
-
-
-
-```Device
-./Device/Vendor/MSFT/Policy/Config/ADMX_Help/AllowChildProcesses
-```
-
-
-
-
-
-
-
-
-
-
-
-**Description framework properties**:
-
-| Property name | Property value |
-|:--|:--|
-| Format | `chr` (string) |
-| Access Type | Add, Delete, Get, Replace |
-
-
-
-
-[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
-
-**ADMX mapping**:
-
-| Name | Value |
-|:--|:--|
-| Name | AllowChildProcesses |
-| ADMX File Name | Help.admx |
-
-
-
-
-
-
-
-
## DisableHHDEP
@@ -200,56 +148,6 @@ For additional options, see the "Restrict these programs from being launched fro
-
-## HideChildProcessMessageBox
-
-
-| Scope | Editions | Applicable OS |
-|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
-
-
-
-```Device
-./Device/Vendor/MSFT/Policy/Config/ADMX_Help/HideChildProcessMessageBox
-```
-
-
-
-
-
-
-
-
-
-
-
-**Description framework properties**:
-
-| Property name | Property value |
-|:--|:--|
-| Format | `chr` (string) |
-| Access Type | Add, Delete, Get, Replace |
-
-
-
-
-[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
-
-**ADMX mapping**:
-
-| Name | Value |
-|:--|:--|
-| Name | HideChildProcessMessageBox |
-| ADMX File Name | Help.admx |
-
-
-
-
-
-
-
-
## RestrictRunFromHelp
diff --git a/windows/client-management/mdm/policy-csp-admx-startmenu.md b/windows/client-management/mdm/policy-csp-admx-startmenu.md
index 0a223d43d0..387bcff31c 100644
--- a/windows/client-management/mdm/policy-csp-admx-startmenu.md
+++ b/windows/client-management/mdm/policy-csp-admx-startmenu.md
@@ -1,7 +1,7 @@
---
title: ADMX_StartMenu Policy CSP
description: Learn more about the ADMX_StartMenu Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 04/10/2024
---
@@ -3577,7 +3577,7 @@ This policy setting allows you to remove links and access to Windows Update.
- If you enable this policy setting, users are prevented from connecting to the Windows Update Web site.
-Enabling this policy setting blocks user access to the Windows Update Web site at< https://windowsupdate.microsoft.com>. Also, the policy setting removes the Windows Update hyperlink from the Start menu and from the Tools menu in Internet Explorer.
+Enabling this policy setting blocks user access to the Windows Update Web site at `https://windowsupdate.microsoft.com`. Also, the policy setting removes the Windows Update hyperlink from the Start menu and from the Tools menu in Internet Explorer.
Windows Update, the online extension of Windows, offers software updates to keep a user's system up-to-date. The Windows Update Product Catalog determines any system files, security fixes, and Microsoft updates that users need and shows the newest versions available for download.
diff --git a/windows/client-management/mdm/policy-csp-applicationmanagement.md b/windows/client-management/mdm/policy-csp-applicationmanagement.md
index ba4fc8b016..bd2f581667 100644
--- a/windows/client-management/mdm/policy-csp-applicationmanagement.md
+++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md
@@ -1,7 +1,7 @@
---
title: ApplicationManagement Policy CSP
description: Learn more about the ApplicationManagement Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 04/10/2024
---
@@ -428,7 +428,7 @@ Manages a Windows app's ability to share data between users who have installed t
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device
❌ User | Deprecated | ✅ Windows 10, version 1507 [10.0.10240] and later |
@@ -480,7 +480,7 @@ This policy is deprecated.
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device
❌ User | Deprecated | ✅ Windows 10, version 1507 [10.0.10240] and later |
diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md
index 0831538391..da67e34879 100644
--- a/windows/client-management/mdm/policy-csp-browser.md
+++ b/windows/client-management/mdm/policy-csp-browser.md
@@ -1,7 +1,7 @@
---
title: Browser Policy CSP
description: Learn more about the Browser Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 04/10/2024
---
@@ -178,7 +178,7 @@ To verify AllowAutofill is set to 0 (not allowed):
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device
✅ User | Deprecated | ✅ Windows 10, version 1507 [10.0.10240] and later |
@@ -2713,7 +2713,7 @@ Important. Discontinued in Windows 10, version 1511. Use the Browser/EnterpriseM
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device
✅ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
diff --git a/windows/client-management/mdm/policy-csp-connectivity.md b/windows/client-management/mdm/policy-csp-connectivity.md
index 26b96531e8..f15674c986 100644
--- a/windows/client-management/mdm/policy-csp-connectivity.md
+++ b/windows/client-management/mdm/policy-csp-connectivity.md
@@ -1,7 +1,7 @@
---
title: Connectivity Policy CSP
description: Learn more about the Connectivity Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 04/10/2024
---
@@ -252,7 +252,7 @@ To validate, the enterprise can confirm by observing the roaming enable switch i
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device
❌ User | Deprecated | ✅ Windows 10, version 1507 [10.0.10240] and later |
@@ -375,7 +375,7 @@ Device that has previously opt-in to MMX will also stop showing on the device li
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
diff --git a/windows/client-management/mdm/policy-csp-devicelock.md b/windows/client-management/mdm/policy-csp-devicelock.md
index 649a6dada2..1dea6a8e0c 100644
--- a/windows/client-management/mdm/policy-csp-devicelock.md
+++ b/windows/client-management/mdm/policy-csp-devicelock.md
@@ -1,7 +1,7 @@
---
title: DeviceLock Policy CSP
description: Learn more about the DeviceLock Area in Policy CSP.
-ms.date: 01/31/2024
+ms.date: 04/10/2024
---
@@ -114,7 +114,7 @@ Allow Administrator account lockout This security setting determines whether the
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
@@ -782,7 +782,7 @@ On HoloLens, this timeout is controlled by the device's system sleep timeout, re
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md
index f7ecf4bf2a..7b2949f96c 100644
--- a/windows/client-management/mdm/policy-csp-experience.md
+++ b/windows/client-management/mdm/policy-csp-experience.md
@@ -1,7 +1,7 @@
---
title: Experience Policy CSP
description: Learn more about the Experience Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 04/10/2024
---
@@ -100,7 +100,7 @@ Policy change takes effect immediately.
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device
❌ User | Deprecated | ✅ Windows 10, version 1507 [10.0.10240] and later |
@@ -833,7 +833,7 @@ This policy allows you to prevent Windows from using diagnostic data to provide
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device
❌ User | Deprecated | ✅ Windows 10, version 1507 [10.0.10240] and later |
@@ -949,7 +949,7 @@ Specifies whether to allow app and content suggestions from third-party software
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device
❌ User | Deprecated | ✅ Windows 10, version 1507 [10.0.10240] and later |
@@ -1887,7 +1887,7 @@ _**Turn syncing off by default but don’t disable**_
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ❌ Device
✅ User | ❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ❌ Device
✅ User | ❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621.900] and later
✅ Windows Insider Preview |
diff --git a/windows/client-management/mdm/policy-csp-remotedesktopservices.md b/windows/client-management/mdm/policy-csp-remotedesktopservices.md
index 2e7833047e..1af96611e4 100644
--- a/windows/client-management/mdm/policy-csp-remotedesktopservices.md
+++ b/windows/client-management/mdm/policy-csp-remotedesktopservices.md
@@ -1,7 +1,7 @@
---
title: RemoteDesktopServices Policy CSP
description: Learn more about the RemoteDesktopServices Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 04/10/2024
---
@@ -150,39 +150,39 @@ FIPS compliance can be configured through the System cryptography. Use FIPS comp
-
-## DisconnectOnLockBasicAuthn
+
+## DisconnectOnLockLegacyAuthn
-
+
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
-
+
-
+
```Device
-./Device/Vendor/MSFT/Policy/Config/RemoteDesktopServices/DisconnectOnLockBasicAuthn
+./Device/Vendor/MSFT/Policy/Config/RemoteDesktopServices/DisconnectOnLockLegacyAuthn
```
-
+
-
+
-
+
-
+
-
+
-
+
**Description framework properties**:
| Property name | Property value |
|:--|:--|
| Format | `chr` (string) |
| Access Type | Add, Delete, Get, Replace |
-
+
-
+
[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
@@ -192,47 +192,47 @@ FIPS compliance can be configured through the System cryptography. Use FIPS comp
|:--|:--|
| Name | TS_DISCONNECT_ON_LOCK_POLICY |
| ADMX File Name | terminalserver.admx |
-
+
-
+
-
+
-
+
-
-## DisconnectOnLockWebAccountAuthn
+
+## DisconnectOnLockMicrosoftIdentityAuthn
-
+
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
-
+
-
+
```Device
-./Device/Vendor/MSFT/Policy/Config/RemoteDesktopServices/DisconnectOnLockWebAccountAuthn
+./Device/Vendor/MSFT/Policy/Config/RemoteDesktopServices/DisconnectOnLockMicrosoftIdentityAuthn
```
-
+
-
+
-
+
-
+
-
+
-
+
**Description framework properties**:
| Property name | Property value |
|:--|:--|
| Format | `chr` (string) |
| Access Type | Add, Delete, Get, Replace |
-
+
-
+
[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
@@ -242,13 +242,13 @@ FIPS compliance can be configured through the System cryptography. Use FIPS comp
|:--|:--|
| Name | TS_DISCONNECT_ON_LOCK_AAD_POLICY |
| ADMX File Name | terminalserver.admx |
-
+
-
+
-
+
-
+
## DoNotAllowDriveRedirection
diff --git a/windows/client-management/mdm/policy-csp-search.md b/windows/client-management/mdm/policy-csp-search.md
index ba702af769..5dfed52c87 100644
--- a/windows/client-management/mdm/policy-csp-search.md
+++ b/windows/client-management/mdm/policy-csp-search.md
@@ -1,7 +1,7 @@
---
title: Search Policy CSP
description: Learn more about the Search Area in Policy CSP.
-ms.date: 01/31/2024
+ms.date: 04/10/2024
---
@@ -1116,7 +1116,7 @@ If enabled, clients will be unable to query this computer's index remotely. Thus
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device
❌ User | Deprecated | ✅ Windows 10, version 1607 [10.0.14393] and later |
diff --git a/windows/client-management/mdm/policy-csp-security.md b/windows/client-management/mdm/policy-csp-security.md
index b1093ffddc..1a2bd22a61 100644
--- a/windows/client-management/mdm/policy-csp-security.md
+++ b/windows/client-management/mdm/policy-csp-security.md
@@ -1,7 +1,7 @@
---
title: Security Policy CSP
description: Learn more about the Security Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 04/10/2024
---
@@ -71,7 +71,7 @@ Specifies whether to allow the runtime configuration agent to install provisioni
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
@@ -172,7 +172,7 @@ Specifies whether to allow the runtime configuration agent to remove provisionin
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device
❌ User | Deprecated | ✅ Windows 10, version 1507 [10.0.10240] and later |
diff --git a/windows/client-management/mdm/policy-csp-sudo.md b/windows/client-management/mdm/policy-csp-sudo.md
index 13be1bd00e..09a4e3c938 100644
--- a/windows/client-management/mdm/policy-csp-sudo.md
+++ b/windows/client-management/mdm/policy-csp-sudo.md
@@ -1,7 +1,7 @@
---
title: Sudo Policy CSP
description: Learn more about the Sudo Area in Policy CSP.
-ms.date: 01/31/2024
+ms.date: 04/10/2024
---
@@ -9,8 +9,6 @@ ms.date: 01/31/2024
# Policy CSP - Sudo
-[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)]
-
[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
@@ -45,21 +43,30 @@ ms.date: 01/31/2024
| Property name | Property value |
|:--|:--|
-| Format | `chr` (string) |
+| Format | `int` |
| Access Type | Add, Delete, Get, Replace |
+| Default Value | 3 |
-
-
-[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
+
+**Allowed values**:
-**ADMX mapping**:
+| Value | Description |
+|:--|:--|
+| 0 | Sudo is disabled. |
+| 1 | Sudo is allowed in 'force new window' mode. |
+| 2 | Sudo is allowed in 'disable input' mode. |
+| 3 (Default) | Sudo is allowed in 'inline' mode. |
+
+
+
+**Group policy mapping**:
| Name | Value |
|:--|:--|
| Name | EnableSudo |
-| ADMX File Name | Sudo.admx |
-
+| Path | Sudo > AT > System |
+
diff --git a/windows/client-management/mdm/policy-csp-systemservices.md b/windows/client-management/mdm/policy-csp-systemservices.md
index b08d9a0c2d..2d9c9595f5 100644
--- a/windows/client-management/mdm/policy-csp-systemservices.md
+++ b/windows/client-management/mdm/policy-csp-systemservices.md
@@ -1,7 +1,7 @@
---
title: SystemServices Policy CSP
description: Learn more about the SystemServices Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 04/10/2024
---
@@ -9,6 +9,8 @@ ms.date: 01/18/2024
# Policy CSP - SystemServices
+[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
+
@@ -19,7 +21,7 @@ ms.date: 01/18/2024
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -169,7 +171,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -219,7 +221,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -269,7 +271,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -319,7 +321,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -369,7 +371,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -419,7 +421,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -469,7 +471,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -519,7 +521,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -569,7 +571,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -619,7 +621,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -669,7 +671,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -719,7 +721,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -769,7 +771,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -819,7 +821,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -869,7 +871,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
diff --git a/windows/client-management/mdm/policy-csp-timelanguagesettings.md b/windows/client-management/mdm/policy-csp-timelanguagesettings.md
index ec0faa2924..7da176086f 100644
--- a/windows/client-management/mdm/policy-csp-timelanguagesettings.md
+++ b/windows/client-management/mdm/policy-csp-timelanguagesettings.md
@@ -1,7 +1,7 @@
---
title: TimeLanguageSettings Policy CSP
description: Learn more about the TimeLanguageSettings Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 04/10/2024
---
@@ -22,7 +22,7 @@ ms.date: 01/18/2024
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device
❌ User | Deprecated | ✅ Windows 10, version 1703 [10.0.15063] and later |
diff --git a/windows/client-management/mdm/policy-csp-windowslogon.md b/windows/client-management/mdm/policy-csp-windowslogon.md
index 8af407de72..d9c4d40da1 100644
--- a/windows/client-management/mdm/policy-csp-windowslogon.md
+++ b/windows/client-management/mdm/policy-csp-windowslogon.md
@@ -1,7 +1,7 @@
---
title: WindowsLogon Policy CSP
description: Learn more about the WindowsLogon Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 04/10/2024
---
@@ -34,11 +34,11 @@ ms.date: 01/18/2024
This policy setting controls whether a device will automatically sign in and lock the last interactive user after the system restarts or after a shutdown and cold boot.
-This only occurs if the last interactive user didn't sign out before the restart or shutdown.
+This only occurs if the last interactive user didn't sign out before the restart or shutdown.
If the device is joined to Active Directory or Microsoft Entra ID, this policy only applies to Windows Update restarts. Otherwise, this will apply to both Windows Update restarts and user-initiated restarts and shutdowns.
-- If you don't configure this policy setting, it's enabled by default. When the policy is enabled, the user is automatically signed in and the session is automatically locked with all lock screen apps configured for that user after the device boots.
+- If you don't configure this policy setting, it's enabled by default. When the policy is enabled, the user is automatically signed in and the session is automatically locked with all lock screen apps configured for that user after the device boots.
After enabling this policy, you can configure its settings through the ConfigAutomaticRestartSignOn policy, which configures the mode of automatically signing in and locking the last interactive user after a restart or cold boot .
diff --git a/windows/client-management/mdm/printerprovisioning-ddf-file.md b/windows/client-management/mdm/printerprovisioning-ddf-file.md
index 3c4a974d93..21cb02133b 100644
--- a/windows/client-management/mdm/printerprovisioning-ddf-file.md
+++ b/windows/client-management/mdm/printerprovisioning-ddf-file.md
@@ -1,7 +1,7 @@
---
title: PrinterProvisioning DDF file
description: View the XML file containing the device description framework (DDF) for the PrinterProvisioning configuration service provider.
-ms.date: 01/18/2024
+ms.date: 04/10/2024
---
@@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the P
10.0.22000, 10.0.19044.1806, 10.0.19043.1806, 10.0.19042.1806
1.0
- 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;
+ 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;
diff --git a/windows/client-management/mdm/reboot-ddf-file.md b/windows/client-management/mdm/reboot-ddf-file.md
index 3b86f5316c..a1c58cf7c1 100644
--- a/windows/client-management/mdm/reboot-ddf-file.md
+++ b/windows/client-management/mdm/reboot-ddf-file.md
@@ -1,7 +1,7 @@
---
title: Reboot DDF file
description: View the XML file containing the device description framework (DDF) for the Reboot configuration service provider.
-ms.date: 01/18/2024
+ms.date: 04/10/2024
---
@@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the R
10.0.14393
1.0
- 0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;
+ 0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;
diff --git a/windows/client-management/mdm/rootcacertificates-ddf-file.md b/windows/client-management/mdm/rootcacertificates-ddf-file.md
index d5a746496d..5ae45109b0 100644
--- a/windows/client-management/mdm/rootcacertificates-ddf-file.md
+++ b/windows/client-management/mdm/rootcacertificates-ddf-file.md
@@ -1,7 +1,7 @@
---
title: RootCATrustedCertificates DDF file
description: View the XML file containing the device description framework (DDF) for the RootCATrustedCertificates configuration service provider.
-ms.date: 01/18/2024
+ms.date: 04/10/2024
---
@@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the R
10.0.10586
1.0
- 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;
+ 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;
@@ -1067,7 +1067,7 @@ The following XML file contains the device description framework (DDF) for the R
10.0.10586
1.0
- 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;
+ 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;
diff --git a/windows/client-management/mdm/secureassessment-ddf-file.md b/windows/client-management/mdm/secureassessment-ddf-file.md
index ef8d526873..c4e5cf2830 100644
--- a/windows/client-management/mdm/secureassessment-ddf-file.md
+++ b/windows/client-management/mdm/secureassessment-ddf-file.md
@@ -1,7 +1,7 @@
---
title: SecureAssessment DDF file
description: View the XML file containing the device description framework (DDF) for the SecureAssessment configuration service provider.
-ms.date: 01/18/2024
+ms.date: 04/10/2024
---
@@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the S
10.0.15063
1.0
- 0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;
+ 0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;
diff --git a/windows/client-management/mdm/sharedpc-ddf-file.md b/windows/client-management/mdm/sharedpc-ddf-file.md
index fd1f225e74..710f837864 100644
--- a/windows/client-management/mdm/sharedpc-ddf-file.md
+++ b/windows/client-management/mdm/sharedpc-ddf-file.md
@@ -1,7 +1,7 @@
---
title: SharedPC DDF file
description: View the XML file containing the device description framework (DDF) for the SharedPC configuration service provider.
-ms.date: 01/18/2024
+ms.date: 04/10/2024
---
@@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the S
10.0.14393
1.0
- 0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;
+ 0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;
diff --git a/windows/client-management/mdm/supl-ddf-file.md b/windows/client-management/mdm/supl-ddf-file.md
index e489dea63b..3f4964bf42 100644
--- a/windows/client-management/mdm/supl-ddf-file.md
+++ b/windows/client-management/mdm/supl-ddf-file.md
@@ -1,7 +1,7 @@
---
title: SUPL DDF file
description: View the XML file containing the device description framework (DDF) for the SUPL configuration service provider.
-ms.date: 01/18/2024
+ms.date: 04/10/2024
---
@@ -42,7 +42,7 @@ The following XML file contains the device description framework (DDF) for the S
10.0.10240
1.0
- 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;
+ 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;
diff --git a/windows/client-management/mdm/vpnv2-ddf-file.md b/windows/client-management/mdm/vpnv2-ddf-file.md
index badf9f29e6..601a0363a7 100644
--- a/windows/client-management/mdm/vpnv2-ddf-file.md
+++ b/windows/client-management/mdm/vpnv2-ddf-file.md
@@ -1,7 +1,7 @@
---
title: VPNv2 DDF file
description: View the XML file containing the device description framework (DDF) for the VPNv2 configuration service provider.
-ms.date: 01/18/2024
+ms.date: 04/10/2024
---
@@ -39,7 +39,7 @@ The following XML file contains the device description framework (DDF) for the V
10.0.10586
1.0
- 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;
+ 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;
@@ -3265,7 +3265,7 @@ The following XML file contains the device description framework (DDF) for the V
10.0.10586
1.0
- 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;
+ 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;
diff --git a/windows/client-management/mdm/wifi-ddf-file.md b/windows/client-management/mdm/wifi-ddf-file.md
index a0ff37f35e..a43971553f 100644
--- a/windows/client-management/mdm/wifi-ddf-file.md
+++ b/windows/client-management/mdm/wifi-ddf-file.md
@@ -1,7 +1,7 @@
---
title: WiFi DDF file
description: View the XML file containing the device description framework (DDF) for the WiFi configuration service provider.
-ms.date: 01/18/2024
+ms.date: 04/10/2024
---
@@ -39,7 +39,7 @@ The following XML file contains the device description framework (DDF) for the W
10.0.10586
1.0
- 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;
+ 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;
@@ -322,7 +322,7 @@ The following XML file contains the device description framework (DDF) for the W
10.0.10586
1.0
- 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;
+ 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;
diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md b/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md
index bdee83a712..83c52f17cc 100644
--- a/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md
+++ b/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md
@@ -1,7 +1,7 @@
---
title: WindowsDefenderApplicationGuard DDF file
description: View the XML file containing the device description framework (DDF) for the WindowsDefenderApplicationGuard configuration service provider.
-ms.date: 01/18/2024
+ms.date: 04/10/2024
---
@@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the W
10.0.16299
1.1
- 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;
+ 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;
diff --git a/windows/client-management/mdm/windowslicensing-ddf-file.md b/windows/client-management/mdm/windowslicensing-ddf-file.md
index 2830112994..a8bb624a6b 100644
--- a/windows/client-management/mdm/windowslicensing-ddf-file.md
+++ b/windows/client-management/mdm/windowslicensing-ddf-file.md
@@ -1,7 +1,7 @@
---
title: WindowsLicensing DDF file
description: View the XML file containing the device description framework (DDF) for the WindowsLicensing configuration service provider.
-ms.date: 01/18/2024
+ms.date: 04/10/2024
---
@@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the W
10.0.10586
1.0
- 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xBC;0xBF;0xCD;0xCF;
+ 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xBC;0xBF;0xCD;0xCF;0xD2;
diff --git a/windows/client-management/mdm/wirednetwork-ddf-file.md b/windows/client-management/mdm/wirednetwork-ddf-file.md
index ba3a3845ed..ddb1f28855 100644
--- a/windows/client-management/mdm/wirednetwork-ddf-file.md
+++ b/windows/client-management/mdm/wirednetwork-ddf-file.md
@@ -1,7 +1,7 @@
---
title: WiredNetwork DDF file
description: View the XML file containing the device description framework (DDF) for the WiredNetwork configuration service provider.
-ms.date: 01/18/2024
+ms.date: 04/10/2024
---
@@ -39,7 +39,7 @@ The following XML file contains the device description framework (DDF) for the W
10.0.17763
1.0
- 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;
+ 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;
@@ -118,7 +118,7 @@ The following XML file contains the device description framework (DDF) for the W
10.0.17763
1.0
- 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;
+ 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;