deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'main' into American-Dipper-patch-2

Browse Source
This commit is contained in:
Aaron Czechowski 2023-04-10 10:39:39 -07:00 committed by GitHub
commit 5d3e2185fc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
625 changed files with 10579 additions and 5945 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

106
.openpublishing.redirection.json
View File

@ -19697,7 +19697,12 @@
}, },
{ {
"source_path": "windows/client-management/mdm/change-history-for-mdm-documentation.md", "source_path": "windows/client-management/mdm/change-history-for-mdm-documentation.md",
"redirect_url": "/windows/client-management/change-history-for-mdm-documentation", "redirect_url": "/windows/client-management/new-in-windows-mdm-enrollment-management",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/change-history-for-mdm-documentation.md",
"redirect_url": "/windows/client-management/new-in-windows-mdm-enrollment-management",
"redirect_document_id": false "redirect_document_id": false
}, },
{ {
@ -19944,8 +19949,8 @@
"source_path": "windows/client-management/mdm/wmi-providers-supported-in-windows.md", "source_path": "windows/client-management/mdm/wmi-providers-supported-in-windows.md",
"redirect_url": "/windows/client-management/wmi-providers-supported-in-windows", "redirect_url": "/windows/client-management/wmi-providers-supported-in-windows",
"redirect_document_id": false "redirect_document_id": false
}, },
{ {
"source_path": "windows/deployment/do/mcc-enterprise.md", "source_path": "windows/deployment/do/mcc-enterprise.md",
"redirect_url": "/windows/deployment/do/waas-microsoft-connected-cache", "redirect_url": "/windows/deployment/do/waas-microsoft-connected-cache",
"redirect_document_id": false "redirect_document_id": false
@ -20055,6 +20060,81 @@
"redirect_url": "/troubleshoot/windows-client/welcome-windows-client", "redirect_url": "/troubleshoot/windows-client/welcome-windows-client",
"redirect_document_id": false "redirect_document_id": false
}, },
{
"source_path": "windows/client-management/management-tool-for-windows-store-for-business.md",
"redirect_url": "https://aka.ms/windows/msfb_evolution",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/rest-api-reference-windows-store-for-business.md",
"redirect_url": "https://aka.ms/windows/msfb_evolution",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/data-structures-windows-store-for-business.md",
"redirect_url": "https://aka.ms/windows/msfb_evolution",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/get-inventory.md",
"redirect_url": "https://aka.ms/windows/msfb_evolution",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/get-product-details.md",
"redirect_url": "https://aka.ms/windows/msfb_evolution",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/get-localized-product-details.md",
"redirect_url": "https://aka.ms/windows/msfb_evolution",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/get-offline-license.md",
"redirect_url": "https://aka.ms/windows/msfb_evolution",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/get-product-packages.md",
"redirect_url": "https://aka.ms/windows/msfb_evolution",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/get-product-package.md",
"redirect_url": "https://aka.ms/windows/msfb_evolution",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/get-seats.md",
"redirect_url": "https://aka.ms/windows/msfb_evolution",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/get-seat.md",
"redirect_url": "https://aka.ms/windows/msfb_evolution",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/assign-seats.md",
"redirect_url": "https://aka.ms/windows/msfb_evolution",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/reclaim-seat-from-user.md",
"redirect_url": "https://aka.ms/windows/msfb_evolution",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/bulk-assign-and-reclaim-seats-from-user.md",
"redirect_url": "https://aka.ms/windows/msfb_evolution",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/get-seats-assigned-to-a-user.md",
"redirect_url": "https://aka.ms/windows/msfb_evolution",
"redirect_document_id": false
},
{ {
"source_path": "education/windows/set-up-school-pcs-shared-pc-mode.md", "source_path": "education/windows/set-up-school-pcs-shared-pc-mode.md",
"redirect_url": "/windows/configuration/set-up-shared-or-guest-pc", "redirect_url": "/windows/configuration/set-up-shared-or-guest-pc",
@ -20570,11 +20650,6 @@
"redirect_url": "/windows/security", "redirect_url": "/windows/security",
"redirect_document_id": false "redirect_document_id": false
}, },
{
"source_path": "windows/security/threat-protection/mbsa-removal-and-guidance.md",
"redirect_url": "/windows/security",
"redirect_document_id": false
},
{ {
"source_path": "windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md", "source_path": "windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md",
"redirect_url": "/windows/security", "redirect_url": "/windows/security",
@ -20650,10 +20725,25 @@
"redirect_url": "/windows/deployment/s-mode", "redirect_url": "/windows/deployment/s-mode",
"redirect_document_id": false "redirect_document_id": false
}, },
{
"source_path": "windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md",
"redirect_url": "https://aka.ms/AzureCodeSigning",
"redirect_document_id": false
},
{
"source_path": "windows/deployment/update/quality-updates.md",
"redirect_url": "/windows/deployment/update/release-cycle",
"redirect_document_id": false
},
{ {
"source_path": "windows/deployment/windows-autopatch/references/windows-autopatch-privacy.md", "source_path": "windows/deployment/windows-autopatch/references/windows-autopatch-privacy.md",
"redirect_url": "/windows/deployment/windows-autopatch/overview/windows-autopatch-privacy", "redirect_url": "/windows/deployment/windows-autopatch/overview/windows-autopatch-privacy",
"redirect_document_id": true "redirect_document_id": true
},
{
"source_path": "store-for-business/sign-up-microsoft-store-for-business.md",
"redirect_url": "/microsoft-store",
"redirect_document_id": false
} }
] ]
} }

5
browsers/edge/docfx.json
View File

@ -27,7 +27,9 @@
} }
], ],
"globalMetadata": { "globalMetadata": {
"uhfHeaderId": "MSDocsHeader-MSEdge",
"recommendations": true, "recommendations": true,
"adobe-target": true,
"ms.collection": [ "ms.collection": [
"tier3" "tier3"
], ],
@ -54,7 +56,8 @@
"claydetels19", "claydetels19",
"jborsecnik", "jborsecnik",
"tiburd", "tiburd",
"garycentric" "garycentric",
"beccarobins"
] ]
}, },
"fileMetadata": {}, "fileMetadata": {},

4
browsers/internet-explorer/docfx.json
View File

@ -24,6 +24,7 @@
], ],
"globalMetadata": { "globalMetadata": {
"recommendations": true, "recommendations": true,
"adobe-target": true,
"ms.collection": [ "ms.collection": [
"tier3" "tier3"
], ],
@ -46,7 +47,8 @@
"claydetels19", "claydetels19",
"jborsecnik", "jborsecnik",
"tiburd", "tiburd",
"garycentric" "garycentric",
"beccarobins"
] ]
}, },
"externalReference": [], "externalReference": [],

15
education/docfx.json
View File

@ -28,6 +28,7 @@
], ],
"globalMetadata": { "globalMetadata": {
"recommendations": true, "recommendations": true,
"adobe-target": true,
"ms.topic": "article", "ms.topic": "article",
"ms.collection": [ "ms.collection": [
"education", "education",
@ -63,12 +64,22 @@
"dstrome", "dstrome",
"v-dihans", "v-dihans",
"garycentric", "garycentric",
"v-stsavell" "v-stsavell",
"beccarobins"
] ]
}, },
"fileMetadata": {
"appliesto":{
"windows/**/*.md": [
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11</a>",
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11 SE</a>",
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 10</a>"
]
}
},
"externalReference": [], "externalReference": [],
"template": "op.html", "template": "op.html",
"dest": "education", "dest": "education",
"markdownEngineName": "markdig" "markdownEngineName": "markdig"
} }
} }

15
education/includes/education-content-updates.md
View File

@ -2,6 +2,21 @@
## Week of March 20, 2023
| Published On |Topic title | Change |
|------|------------|--------|
| 3/21/2023 | [Windows 11 SE Overview](/education/windows/windows-11-se-overview) | modified |
| 3/22/2023 | [Configure Stickers for Windows 11 SE](/education/windows/edu-stickers) | modified |
| 3/22/2023 | [Configure Take a Test in kiosk mode](/education/windows/edu-take-a-test-kiosk-mode) | modified |
| 3/22/2023 | [Configure federated sign-in for Windows devices](/education/windows/federated-sign-in) | modified |
| 3/22/2023 | [Reset devices with Autopilot Reset](/education/windows/autopilot-reset) | modified |
| 3/22/2023 | [Deploy Windows 10 in a school district (Windows 10)](/education/windows/deploy-windows-10-in-a-school-district) | modified |
| 3/22/2023 | [Deploy Windows 10 in a school (Windows 10)](/education/windows/deploy-windows-10-in-a-school) | modified |
| 3/22/2023 | [Deployment recommendations for school IT administrators](/education/windows/edu-deployment-recommendations) | modified |
## Week of March 06, 2023 ## Week of March 06, 2023

2
education/windows/autopilot-reset.md
View File

@ -15,7 +15,7 @@ ms.collection:
IT admins or technical teachers can use Autopilot Reset to quickly remove personal files, apps, and settings, and reset Windows 10 devices from the lock screen anytime and apply original settings and management enrollment (Azure Active Directory and device management) so the devices are ready to use. With Autopilot Reset, devices are returned to a fully configured or known IT-approved state. IT admins or technical teachers can use Autopilot Reset to quickly remove personal files, apps, and settings, and reset Windows 10 devices from the lock screen anytime and apply original settings and management enrollment (Azure Active Directory and device management) so the devices are ready to use. With Autopilot Reset, devices are returned to a fully configured or known IT-approved state.
To enable Autopilot Reset in Windows 10, version 1709 (Fall Creators Update), you must: To enable Autopilot Reset you must:
1. [Enable the policy for the feature](#enable-autopilot-reset) 1. [Enable the policy for the feature](#enable-autopilot-reset)
2. [Trigger a reset for each device](#trigger-autopilot-reset) 2. [Trigger a reset for each device](#trigger-autopilot-reset)

2
education/windows/change-home-to-edu.md
View File

@ -10,8 +10,6 @@ manager: jeffbu
ms.collection: ms.collection:
- tier3 - tier3
- education - education
appliesto:
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
--- ---
# Upgrade Windows Home to Windows Education on student-owned devices # Upgrade Windows Home to Windows Education on student-owned devices

68
education/windows/configure-aad-google-trust.md
View File

@ -1,8 +1,9 @@
--- ---
title: Configure federation between Google Workspace and Azure AD title: Configure federation between Google Workspace and Azure AD
description: Configuration of a federated trust between Google Workspace and Azure AD, with Google Workspace acting as an identity provider (IdP) for Azure AD. description: Configuration of a federated trust between Google Workspace and Azure AD, with Google Workspace acting as an identity provider (IdP) for Azure AD.
ms.date: 02/24/2023 ms.date: 04/04/2023
ms.topic: how-to ms.topic: how-to
appliesto:
--- ---
# Configure federation between Google Workspace and Azure AD # Configure federation between Google Workspace and Azure AD
@ -71,51 +72,56 @@ The configuration of Azure AD consists of changing the authentication method for
Using the **IdP metadata** XML file downloaded from Google Workspace, modify the *$DomainName* variable of the following script to match your environment, and then run it in an elevated PowerShell session. When prompted to authenticate to Azure AD, use the credentials of an account with the *Global Administrator* role. Using the **IdP metadata** XML file downloaded from Google Workspace, modify the *$DomainName* variable of the following script to match your environment, and then run it in an elevated PowerShell session. When prompted to authenticate to Azure AD, use the credentials of an account with the *Global Administrator* role.
```powershell ```powershell
Install-Module -Name MSOnline Install-Module Microsoft.Graph
Import-Module MSOnline Import-Module Microsoft.Graph
$DomainName = "<your domain name>" $domainId = "<your domain name>"
$xml = [Xml](Get-Content GoogleIDPMetadata.xml) $xml = [Xml](Get-Content GoogleIDPMetadata.xml)
$cert = -join $xml.EntityDescriptor.IDPSSODescriptor.KeyDescriptor.KeyInfo.X509Data.X509Certificate.Split() $cert = -join $xml.EntityDescriptor.IDPSSODescriptor.KeyDescriptor.KeyInfo.X509Data.X509Certificate.Split()
$issuerUri = $xml.EntityDescriptor.entityID $issuerUri = $xml.EntityDescriptor.entityID
$logOnUri = $xml.EntityDescriptor.IDPSSODescriptor.SingleSignOnService | ? { $_.Binding.Contains('Redirect') } | % { $_.Location } $signinUri = $xml.EntityDescriptor.IDPSSODescriptor.SingleSignOnService | ? { $_.Binding.Contains('Redirect') } | % { $_.Location }
$LogOffUri = "https://accounts.google.com/logout" $signoutUri = "https://accounts.google.com/logout"
$brand = "Google Workspace Identity" $displayName = "Google Workspace Identity"
Connect-MsolService Connect-MGGraph -Scopes "Domain.ReadWrite.All", "Directory.AccessAsUser.All"
$DomainAuthParams = @{
DomainName = $DomainName $domainAuthParams = @{
Authentication = "Federated" DomainId = $domainId
IssuerUri = $issuerUri IssuerUri = $issuerUri
FederationBrandName = $brand DisplayName = $displayName
ActiveLogOnUri = $logOnUri ActiveSignInUri = $signinUri
PassiveLogOnUri = $logOnUri PassiveSignInUri = $signinUri
LogOffUri = $LogOffUri SignOutUri = $signoutUri
SigningCertificate = $cert SigningCertificate = $cert
PreferredAuthenticationProtocol = "SAMLP" PreferredAuthenticationProtocol = "saml"
federatedIdpMfaBehavior = "acceptIfMfaDoneByFederatedIdp"
} }
Set-MsolDomainAuthentication @DomainAuthParams
New-MgDomainFederationConfiguration @domainAuthParams
``` ```
To verify that the configuration is correct, you can use the following PowerShell command: To verify that the configuration is correct, you can use the following PowerShell command:
```powershell ```powershell
Get-MsolDomainFederationSettings -DomainName $DomainName Get-MgDomainFederationConfiguration -DomainId $domainId |fl
``` ```
```output ```output
ActiveLogOnUri : https://accounts.google.com/o/saml2/idp?<GUID> ActiveSignInUri : https://accounts.google.com/o/saml2/idp?idpid=<GUID>
DefaultInteractiveAuthenticationMethod : DisplayName : Google Workspace Identity
FederationBrandName : Google Workspace Identity FederatedIdpMfaBehavior : acceptIfMfaDoneByFederatedIdp
IssuerUri : https://accounts.google.com/o/saml2?idpid=<GUID> Id : 3f600dce-ab37-4798-9341-ffd34b147f70
LogOffUri : https://accounts.google.com/logout IsSignedAuthenticationRequestRequired :
MetadataExchangeUri : IssuerUri : https://accounts.google.com/o/saml2?idpid=<GUID>
NextSigningCertificate : MetadataExchangeUri :
OpenIdConnectDiscoveryEndpoint : NextSigningCertificate :
PassiveLogOnUri : https://accounts.google.com/o/saml2/idp?idpid=<GUID> PassiveSignInUri : https://accounts.google.com/o/saml2/idp?idpid=<GUID>
SigningCertificate : <BASE64 encoded certificate> PreferredAuthenticationProtocol : saml
SupportsMfa : PromptLoginBehavior :
SignOutUri : https://accounts.google.com/logout
SigningCertificate : <BASE64 encoded certificate>
AdditionalProperties : {}
``` ```
## Verify federated authentication between Google Workspace and Azure AD ## Verify federated authentication between Google Workspace and Azure AD

2
education/windows/edu-take-a-test-kiosk-mode.md
View File

@ -3,8 +3,6 @@ title: Configure Take a Test in kiosk mode
description: Learn how to configure Windows to execute the Take a Test app in kiosk mode, using Intune and provisioning packages. description: Learn how to configure Windows to execute the Take a Test app in kiosk mode, using Intune and provisioning packages.
ms.date: 09/30/2022 ms.date: 09/30/2022
ms.topic: how-to ms.topic: how-to
appliesto:
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
--- ---
# Configure Take a Test in kiosk mode # Configure Take a Test in kiosk mode

1
education/windows/edu-themes.md
View File

@ -5,6 +5,7 @@ ms.date: 09/15/2022
ms.topic: how-to ms.topic: how-to
appliesto: appliesto:
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a> - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11 SE</a>
--- ---
# Configure education themes for Windows 11 # Configure education themes for Windows 11

3
education/windows/federated-sign-in.md
View File

@ -1,10 +1,11 @@
--- ---
title: Configure federated sign-in for Windows devices title: Configure federated sign-in for Windows devices
description: Description of federated sign-in feature for the Education SKUs of Windows 11 and how to configure it via Intune or provisioning packages. description: Description of federated sign-in feature for the Education SKUs of Windows 11 and how to configure it via Intune or provisioning packages.
ms.date: 02/24/2023 ms.date: 04/04/2023
ms.topic: how-to ms.topic: how-to
appliesto: appliesto:
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a> - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11 SE</a>
ms.collection: ms.collection:
- highpri - highpri
- tier1 - tier1

12
education/windows/get-minecraft-for-education.md
View File

@ -3,8 +3,6 @@ title: Get and deploy Minecraft Education
description: Learn how to obtain and distribute Minecraft Education to Windows devices. description: Learn how to obtain and distribute Minecraft Education to Windows devices.
ms.topic: how-to ms.topic: how-to
ms.date: 02/23/2023 ms.date: 02/23/2023
appliesto:
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
ms.collection: ms.collection:
- highpri - highpri
- education - education
@ -44,9 +42,9 @@ When you sign up for a Minecraft Education trial, or purchase a subscription, Mi
To purchase direct licenses: To purchase direct licenses:
1. Go to [https://education.minecraft.net/](https://education.minecraft.net/) and select **How to Buy** in the top navigation bar 1. Go to [https://education.minecraft.net/licensing](https://education.minecraft.net/licensing)
1. Scroll down and select **Buy Now** under **Direct Purchase** 1. Under **Direct Purchase**, select **Buy Now**
1. In the *purchase* page, sign in with an account that has *Billing Admin* privileges in your organization 1. Sign in to the Admin Center purchase page with an account that has *Billing Admin* privileges in your organization
1. If necessary, fill in any requested organization or payment information 1. If necessary, fill in any requested organization or payment information
1. Select the quantity of licenses you'd like to purchase and select **Place Order** 1. Select the quantity of licenses you'd like to purchase and select **Place Order**
1. After you've purchased licenses, you'll need to [assign Minecraft Education licenses to your users](#assign-minecraft-education-licenses) 1. After you've purchased licenses, you'll need to [assign Minecraft Education licenses to your users](#assign-minecraft-education-licenses)
@ -112,7 +110,9 @@ If you're using Microsoft Intune to manage your devices, follow these steps to d
1. Under *App type*, select **Microsoft Store app (new)** and choose **Select** 1. Under *App type*, select **Microsoft Store app (new)** and choose **Select**
1. Select **Search the Microsoft Store app (new)** and search for **Minecraft Education** 1. Select **Search the Microsoft Store app (new)** and search for **Minecraft Education**
1. Select the app and choose **Select** 1. Select the app and choose **Select**
1. On the *App information* screen, select **Next** 1. On the *App information* screen, select the *install behavior*, then select **Next**
- *System* means install for all users (recommended for most scenarios)
- *User* means only install for the targeted user or current user of a device
1. On the *Assignments* screen, choose how you want to target the installation of Minecraft Education 1. On the *Assignments* screen, choose how you want to target the installation of Minecraft Education
- *Required* means that Intune installs the app without user interaction - *Required* means that Intune installs the app without user interaction
- *Available* enables Minecraft Education in the Company Portal, where users can install the app on-demand - *Available* enables Minecraft Education in the Company Portal, where users can install the app on-demand

4
education/windows/includes/intune-custom-settings-1.md
View File

@ -1,13 +1,11 @@
--- ---
author: paolomatarazzo
ms.author: paoloma
ms.date: 02/22/2022 ms.date: 02/22/2022
ms.topic: include ms.topic: include
--- ---
To configure devices with Microsoft Intune, use a custom policy: To configure devices with Microsoft Intune, use a custom policy:
1. Go to the <a href="https://intune.micorsoft.com" target="_blank"><b>Microsoft Intune admin center</b></a> 1. Go to the <a href="https://intune.microsoft.com" target="_blank"><b>Microsoft Intune admin center</b></a>
2. Select **Devices > Configuration profiles > Create profile** 2. Select **Devices > Configuration profiles > Create profile**
3. Select **Platform > Windows 10 and later** and **Profile type > Templates > Custom** 3. Select **Platform > Windows 10 and later** and **Profile type > Templates > Custom**
4. Select **Create** 4. Select **Create**

2
education/windows/includes/intune-custom-settings-2.md
View File

@ -1,6 +1,4 @@
--- ---
author: paolomatarazzo
ms.author: paoloma
ms.date: 11/08/2022 ms.date: 11/08/2022
ms.topic: include ms.topic: include
--- ---

2
education/windows/includes/intune-custom-settings-info.md
View File

@ -1,6 +1,4 @@
--- ---
author: paolomatarazzo
ms.author: paoloma
ms.date: 11/08/2022 ms.date: 11/08/2022
ms.topic: include ms.topic: include
--- ---

2
education/windows/set-up-school-pcs-whats-new.md
View File

@ -3,8 +3,6 @@ title: What's new in the Windows Set up School PCs app
description: Find out about app updates and new features in Set up School PCs. description: Find out about app updates and new features in Set up School PCs.
ms.topic: whats-new ms.topic: whats-new
ms.date: 08/10/2022 ms.date: 08/10/2022
appliesto:
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
--- ---
# What's new in Set up School PCs # What's new in Set up School PCs

4
education/windows/take-a-test-app-technical.md
View File

@ -1,10 +1,8 @@
--- ---
title: Take a Test app technical reference title: Take a Test app technical reference
description: List of policies and settings applied by the Take a Test app. description: List of policies and settings applied by the Take a Test app.
ms.date: 09/30/2022 ms.date: 03/31/2023
ms.topic: reference ms.topic: reference
appliesto:
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
--- ---
# Take a Test app technical reference # Take a Test app technical reference

4
education/windows/take-tests-in-windows.md
View File

@ -1,10 +1,8 @@
--- ---
title: Take tests and assessments in Windows title: Take tests and assessments in Windows
description: Learn about the built-in Take a Test app for Windows and how to use it. description: Learn about the built-in Take a Test app for Windows and how to use it.
ms.date: 09/30/2022 ms.date: 03/31/2023
ms.topic: conceptual ms.topic: conceptual
appliesto:
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
--- ---
# Take tests and assessments in Windows # Take tests and assessments in Windows

2
education/windows/tutorial-school-deployment/configure-device-apps.md
View File

@ -3,8 +3,6 @@ title: Configure applications with Microsoft Intune
description: Learn how to configure applications with Microsoft Intune in preparation for device deployment. description: Learn how to configure applications with Microsoft Intune in preparation for device deployment.
ms.date: 08/31/2022 ms.date: 08/31/2022
ms.topic: tutorial ms.topic: tutorial
appliesto:
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
--- ---
# Configure applications with Microsoft Intune # Configure applications with Microsoft Intune

2
education/windows/tutorial-school-deployment/configure-device-settings.md
View File

@ -3,8 +3,6 @@ title: Configure and secure devices with Microsoft Intune
description: Learn how to configure policies with Microsoft Intune in preparation for device deployment. description: Learn how to configure policies with Microsoft Intune in preparation for device deployment.
ms.date: 08/31/2022 ms.date: 08/31/2022
ms.topic: tutorial ms.topic: tutorial
appliesto:
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
--- ---
# Configure and secure devices with Microsoft Intune # Configure and secure devices with Microsoft Intune

2
education/windows/tutorial-school-deployment/configure-devices-overview.md
View File

@ -3,8 +3,6 @@ title: Configure devices with Microsoft Intune
description: Learn how to configure policies and applications in preparation for device deployment. description: Learn how to configure policies and applications in preparation for device deployment.
ms.date: 08/31/2022 ms.date: 08/31/2022
ms.topic: tutorial ms.topic: tutorial
appliesto:
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
--- ---
# Configure settings and applications with Microsoft Intune # Configure settings and applications with Microsoft Intune

2
education/windows/tutorial-school-deployment/enroll-aadj.md
View File

@ -3,8 +3,6 @@ title: Enrollment in Intune with standard out-of-box experience (OOBE)
description: Learn how to join devices to Azure AD from OOBE and automatically get them enrolled in Intune. description: Learn how to join devices to Azure AD from OOBE and automatically get them enrolled in Intune.
ms.date: 08/31/2022 ms.date: 08/31/2022
ms.topic: tutorial ms.topic: tutorial
appliesto:
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
--- ---
# Automatic Intune enrollment via Azure AD join # Automatic Intune enrollment via Azure AD join

2
education/windows/tutorial-school-deployment/enroll-autopilot.md
View File

@ -3,8 +3,6 @@ title: Enrollment in Intune with Windows Autopilot
description: Learn how to join Azure AD and enroll in Intune using Windows Autopilot. description: Learn how to join Azure AD and enroll in Intune using Windows Autopilot.
ms.date: 08/31/2022 ms.date: 08/31/2022
ms.topic: tutorial ms.topic: tutorial
appliesto:
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
--- ---
# Windows Autopilot # Windows Autopilot

2
education/windows/tutorial-school-deployment/enroll-overview.md
View File

@ -3,8 +3,6 @@ title: Device enrollment overview
description: Learn about the different options to enroll Windows devices in Microsoft Intune description: Learn about the different options to enroll Windows devices in Microsoft Intune
ms.date: 08/31/2022 ms.date: 08/31/2022
ms.topic: overview ms.topic: overview
appliesto:
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
--- ---
# Device enrollment overview # Device enrollment overview

2
education/windows/tutorial-school-deployment/enroll-package.md
View File

@ -3,8 +3,6 @@ title: Enrollment of Windows devices with provisioning packages
description: Learn about how to enroll Windows devices with provisioning packages using SUSPCs and Windows Configuration Designer. description: Learn about how to enroll Windows devices with provisioning packages using SUSPCs and Windows Configuration Designer.
ms.date: 08/31/2022 ms.date: 08/31/2022
ms.topic: tutorial ms.topic: tutorial
appliesto:
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
--- ---
# Enrollment with provisioning packages # Enrollment with provisioning packages

2
education/windows/tutorial-school-deployment/index.md
View File

@ -3,8 +3,6 @@ title: Introduction to the tutorial deploy and manage Windows devices in a schoo
description: Introduction to deployment and management of Windows devices in education environments. description: Introduction to deployment and management of Windows devices in education environments.
ms.date: 08/31/2022 ms.date: 08/31/2022
ms.topic: conceptual ms.topic: conceptual
appliesto:
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
--- ---
# Tutorial: deploy and manage Windows devices in a school # Tutorial: deploy and manage Windows devices in a school

2
education/windows/tutorial-school-deployment/manage-overview.md
View File

@ -3,8 +3,6 @@ title: Manage devices with Microsoft Intune
description: Overview of device management capabilities in Intune for Education, including remote actions, remote assistance and inventory/reporting. description: Overview of device management capabilities in Intune for Education, including remote actions, remote assistance and inventory/reporting.
ms.date: 08/31/2022 ms.date: 08/31/2022
ms.topic: tutorial ms.topic: tutorial
appliesto:
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
--- ---
# Manage devices with Microsoft Intune # Manage devices with Microsoft Intune

2
education/windows/tutorial-school-deployment/reset-wipe.md
View File

@ -3,8 +3,6 @@ title: Reset and wipe Windows devices
description: Learn about the reset and wipe options for Windows devices using Intune for Education, including scenarios when to delete devices. description: Learn about the reset and wipe options for Windows devices using Intune for Education, including scenarios when to delete devices.
ms.date: 08/31/2022 ms.date: 08/31/2022
ms.topic: tutorial ms.topic: tutorial
appliesto:
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
--- ---
# Device reset options # Device reset options

1
education/windows/tutorial-school-deployment/set-up-azure-ad.md
View File

@ -3,6 +3,7 @@ title: Set up Azure Active Directory
description: Learn how to create and prepare your Azure AD tenant for an education environment. description: Learn how to create and prepare your Azure AD tenant for an education environment.
ms.date: 08/31/2022 ms.date: 08/31/2022
ms.topic: tutorial ms.topic: tutorial
appliesto:
--- ---
# Set up Azure Active Directory # Set up Azure Active Directory

1
education/windows/tutorial-school-deployment/set-up-microsoft-intune.md
View File

@ -3,6 +3,7 @@ title: Set up device management
description: Learn how to configure the Intune service and set up the environment for education. description: Learn how to configure the Intune service and set up the environment for education.
ms.date: 08/31/2022 ms.date: 08/31/2022
ms.topic: tutorial ms.topic: tutorial
appliesto:
--- ---
# Set up Microsoft Intune # Set up Microsoft Intune

2
education/windows/tutorial-school-deployment/troubleshoot-overview.md
View File

@ -3,8 +3,6 @@ title: Troubleshoot Windows devices
description: Learn how to troubleshoot Windows devices from Intune and contact Microsoft Support for issues related to Intune and other services. description: Learn how to troubleshoot Windows devices from Intune and contact Microsoft Support for issues related to Intune and other services.
ms.date: 08/31/2022 ms.date: 08/31/2022
ms.topic: tutorial ms.topic: tutorial
appliesto:
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
--- ---
# Troubleshoot Windows devices # Troubleshoot Windows devices

14
education/windows/windows-11-se-overview.md
View File

@ -90,19 +90,20 @@ The following applications can also run on Windows 11 SE, and can be deployed us
| `Bulb Digital Portfolio` | 0.0.7.0 | `Store` | `Bulb` | | `Bulb Digital Portfolio` | 0.0.7.0 | `Store` | `Bulb` |
| `CA Secure Browser` | 14.0.0 | Win32 | `Cambium Development` | | `CA Secure Browser` | 14.0.0 | Win32 | `Cambium Development` |
| `Cisco Umbrella` | 3.0.110.0 | Win32 | `Cisco` | | `Cisco Umbrella` | 3.0.110.0 | Win32 | `Cisco` |
| `CKAuthenticator` | 3.6+ | Win32 | `Content Keeper` | | `CKAuthenticator` | 3.6+ | Win32 | `ContentKeeper` |
| `Class Policy` | 114.0.0 | Win32 | `Class Policy` | | `Class Policy` | 116.0.0 | Win32 | `Class Policy` |
| `Classroom.cloud` | 1.40.0004 | Win32 | `NetSupport` | | `Classroom.cloud` | 1.40.0004 | Win32 | `NetSupport` |
| `CoGat Secure Browser` | 11.0.0.19 | Win32 | `Riverside Insights` | | `CoGat Secure Browser` | 11.0.0.19 | Win32 | `Riverside Insights` |
| `ColorVeil` | 4.0.0.175 | Win32 | `East-Tec` | | `ColorVeil` | 4.0.0.175 | Win32 | `East-Tec` |
| `ContentKeeper Cloud` | 9.01.45 | Win32 | `ContentKeeper Technologies` | | `ContentKeeper Cloud` | 9.01.45 | Win32 | `ContentKeeper Technologies` |
| `Dragon Professional Individual` | 15.00.100 | Win32 | `Nuance Communications` | | `Dragon Professional Individual` | 15.00.100 | Win32 | `Nuance Communications` |
| `DRC INSIGHT Online Assessments` | 12.0.0.0 | `Store` | `Data recognition Corporation` | | `DRC INSIGHT Online Assessments` | 13.0.0.0 | `Store` | `Data recognition Corporation` |
| `Duo from Cisco` | 3.0.0 | Win32 | `Cisco` | | `Duo from Cisco` | 3.0.0 | Win32 | `Cisco` |
| `e-Speaking Voice and Speech recognition` | 4.4.0.8 | Win32 | `e-speaking` | | `e-Speaking Voice and Speech recognition` | 4.4.0.8 | Win32 | `e-speaking` |
| `EasyReader` | 10.0.3.481 | Win32 | `Dolphin Computer Access` | | `EasyReader` | 10.0.3.481 | Win32 | `Dolphin Computer Access` |
| `Epson iProjection` | 3.31 | Win32 | `Epson` | | `Epson iProjection` | 3.31 | Win32 | `Epson` |
| `eTests` | 4.0.25 | Win32 | `CASAS` | | `eTests` | 4.0.25 | Win32 | `CASAS` |
| `FirstVoices Keyboard` | 15.0.270 | Win32 | `SIL International` |
| `FortiClient` | 7.2.0.4034+ | Win32 | `Fortinet` | | `FortiClient` | 7.2.0.4034+ | Win32 | `Fortinet` |
| `Free NaturalReader` | 16.1.2 | Win32 | `Natural Soft` | | `Free NaturalReader` | 16.1.2 | Win32 | `Natural Soft` |
| `Ghotit Real Writer & Reader` | 10.14.2.3 | Win32 | `Ghotit Ltd` | | `Ghotit Real Writer & Reader` | 10.14.2.3 | Win32 | `Ghotit Ltd` |
@ -116,6 +117,7 @@ The following applications can also run on Windows 11 SE, and can be deployed us
| `Inspiration 10` | 10.11 | Win32 | `TechEdology Ltd` | | `Inspiration 10` | 10.11 | Win32 | `TechEdology Ltd` |
| `JAWS for Windows` | 2022.2112.24 | Win32 | `Freedom Scientific` | | `JAWS for Windows` | 2022.2112.24 | Win32 | `Freedom Scientific` |
| `Kite Student Portal` | 9.0.0.0 | Win32 | `Dynamic Learning Maps` | | `Kite Student Portal` | 9.0.0.0 | Win32 | `Dynamic Learning Maps` |
| `Keyman` | 16.0.138 | Win32 | `SIL International`
| `Kortext` | 2.3.433.0 | `Store` | `Kortext` | | `Kortext` | 2.3.433.0 | `Store` | `Kortext` |
| `Kurzweil 3000 Assistive Learning` | 20.13.0000 | Win32 | `Kurzweil Educational Systems` | | `Kurzweil 3000 Assistive Learning` | 20.13.0000 | Win32 | `Kurzweil Educational Systems` |
| `LanSchool Classic` | 9.1.0.46 | Win32 | `Stoneware, Inc.` | | `LanSchool Classic` | 9.1.0.46 | Win32 | `Stoneware, Inc.` |
@ -125,7 +127,7 @@ The following applications can also run on Windows 11 SE, and can be deployed us
| `Microsoft Connect` | 10.0.22000.1 | `Store` | `Microsoft` | | `Microsoft Connect` | 10.0.22000.1 | `Store` | `Microsoft` |
| `Mozilla Firefox` | 105.0.0 | Win32 | `Mozilla` | | `Mozilla Firefox` | 105.0.0 | Win32 | `Mozilla` |
| `NAPLAN` | 2.5.0 | Win32 | `NAP` | | `NAPLAN` | 2.5.0 | Win32 | `NAP` |
| `Netref Student` | 22.2.0 | Win32 | `NetRef` | | `Netref Student` | 23.1.0 | Win32 | `NetRef` |
| `NetSupport Manager` | 12.01.0014 | Win32 | `NetSupport` | | `NetSupport Manager` | 12.01.0014 | Win32 | `NetSupport` |
| `NetSupport Notify` | 5.10.1.215 | Win32 | `NetSupport` | | `NetSupport Notify` | 5.10.1.215 | Win32 | `NetSupport` |
| `NetSupport School` | 14.00.0012 | Win32 | `NetSupport` | | `NetSupport School` | 14.00.0012 | Win32 | `NetSupport` |
@ -143,11 +145,11 @@ The following applications can also run on Windows 11 SE, and can be deployed us
| `Senso.Cloud` | 2021.11.15.0 | Win32 | `Senso.Cloud` | | `Senso.Cloud` | 2021.11.15.0 | Win32 | `Senso.Cloud` |
| `Smoothwall Monitor` | 2.9.2 | Win32 | `Smoothwall Ltd` | | `Smoothwall Monitor` | 2.9.2 | Win32 | `Smoothwall Ltd` |
| `SuperNova Magnifier & Screen Reader` | 21.02 | Win32 | `Dolphin Computer Access` | | `SuperNova Magnifier & Screen Reader` | 21.02 | Win32 | `Dolphin Computer Access` |
| `SuperNova Magnifier & Speech` | 21.02 | Win32 | `Dolphin Computer Access` | | `SuperNova Magnifier & Speech` | 21.03 | Win32 | `Dolphin Computer Access` |
|`TX Secure Browser` | 15.0.0 | Win32 | `Cambium Development` | |`TX Secure Browser` | 15.0.0 | Win32 | `Cambium Development` |
| `VitalSourceBookShelf` | 10.2.26.0 | Win32 | `VitalSource Technologies Inc` | | `VitalSourceBookShelf` | 10.2.26.0 | Win32 | `VitalSource Technologies Inc` |
| `Winbird` | 19 | Win32 | `Winbird Co., Ltd.` | | `Winbird` | 19 | Win32 | `Winbird Co., Ltd.` |
| `WordQ` | 5.4.23 | Win32 | `Mathetmots` | | `WordQ` | 5.4.23 | Win32 | `WordQ` |
| `Zoom` | 5.12.8 (10232) | Win32 | `Zoom` | | `Zoom` | 5.12.8 (10232) | Win32 | `Zoom` |
| `ZoomText Fusion` | 2022.2109.10 | Win32 | `Freedom Scientific` | | `ZoomText Fusion` | 2022.2109.10 | Win32 | `Freedom Scientific` |
| `ZoomText Magnifier/Reader` | 2022.2109.25 | Win32 | `Freedom Scientific` | | `ZoomText Magnifier/Reader` | 2022.2109.25 | Win32 | `Freedom Scientific` |

10
includes/ai-disclaimer-generic.md Normal file
View File

@ -0,0 +1,10 @@
---
author: aczechowski
ms.author: aaroncz
ms.date: 03/31/2023
ms.topic: include
ms.prod: windows-client
---
> [!NOTE]
> This article was partially created with the help of artificial intelligence. Before publishing, an author reviewed and revised the content as needed. For more information, see [Our principles for using AI-generated content in Microsoft Learn](/azure/principles-for-ai-generated-content).

2
store-for-business/acquire-apps-microsoft-store-for-business.md
View File

@ -16,7 +16,7 @@ ms.date: 07/21/2021
# Acquire apps in Microsoft Store for Business and Education # Acquire apps in Microsoft Store for Business and Education
> [!IMPORTANT] > [!IMPORTANT]
> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286). > The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
> [!IMPORTANT] > [!IMPORTANT]
> Starting on April 14th, 2021, only free apps will be available in Microsoft Store for Business and Education. For more information, see [Microsoft Store for Business and Education](index.md). > Starting on April 14th, 2021, only free apps will be available in Microsoft Store for Business and Education. For more information, see [Microsoft Store for Business and Education](index.md).

2
store-for-business/add-profile-to-devices.md
View File

@ -19,7 +19,7 @@ ms.localizationpriority: medium
- Windows 10 - Windows 10
> [!IMPORTANT] > [!IMPORTANT]
> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286). > The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
Windows Autopilot simplifies device set up for IT Admins. For an overview of benefits, scenarios, and prerequisites, see [Overview of Windows Autopilot](/windows/deployment/windows-autopilot/windows-10-autopilot). Windows Autopilot simplifies device set up for IT Admins. For an overview of benefits, scenarios, and prerequisites, see [Overview of Windows Autopilot](/windows/deployment/windows-autopilot/windows-10-autopilot).

8
store-for-business/app-inventory-management-microsoft-store-for-business.md
View File

@ -3,12 +3,12 @@ title: App inventory management for Microsoft Store for Business and Microsoft S
description: You can manage all apps that you've acquired on your Apps & Software page. description: You can manage all apps that you've acquired on your Apps & Software page.
ms.assetid: 44211937-801B-4B85-8810-9CA055CDB1B2 ms.assetid: 44211937-801B-4B85-8810-9CA055CDB1B2
ms.reviewer: ms.reviewer:
manager: dansimp
ms.mktglfcycl: manage ms.mktglfcycl: manage
ms.sitesec: library ms.sitesec: library
ms.pagetype: store ms.pagetype: store
author: TrudyHa ms.author: cmcatee
ms.author: TrudyHa author: cmcatee-MSFT
manager: scotv
ms.topic: conceptual ms.topic: conceptual
ms.date: 07/21/2021 ms.date: 07/21/2021
--- ---
@ -20,7 +20,7 @@ ms.date: 07/21/2021
- Windows 10 - Windows 10
> [!IMPORTANT] > [!IMPORTANT]
> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286). > The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
You can manage all apps that you've acquired on your **Apps & software** page. This page shows all of the content you've acquired, including apps that from Microsoft Store, and line-of-business (LOB) apps that you've accepted into your inventory. After LOB apps are submitted to your organization, you'll see a notification on your **Apps & software** page. On the **New LOB apps** tab, you can accept, or reject the LOB apps. For more information on LOB apps, see [Working with line-of-business apps](working-with-line-of-business-apps.md). The inventory page includes apps acquired by all people in your organization with the Store for Business Admin role. You can manage all apps that you've acquired on your **Apps & software** page. This page shows all of the content you've acquired, including apps that from Microsoft Store, and line-of-business (LOB) apps that you've accepted into your inventory. After LOB apps are submitted to your organization, you'll see a notification on your **Apps & software** page. On the **New LOB apps** tab, you can accept, or reject the LOB apps. For more information on LOB apps, see [Working with line-of-business apps](working-with-line-of-business-apps.md). The inventory page includes apps acquired by all people in your organization with the Store for Business Admin role.

8
store-for-business/apps-in-microsoft-store-for-business.md
View File

@ -3,12 +3,12 @@ title: Apps in Microsoft Store for Business and Education (Windows 10)
description: Microsoft Store for Business has thousands of apps from many different categories. description: Microsoft Store for Business has thousands of apps from many different categories.
ms.assetid: CC5641DA-3CEA-4950-AD81-1AF1AE876926 ms.assetid: CC5641DA-3CEA-4950-AD81-1AF1AE876926
ms.reviewer: ms.reviewer:
manager: dansimp
ms.mktglfcycl: manage ms.mktglfcycl: manage
ms.sitesec: library ms.sitesec: library
ms.pagetype: store ms.pagetype: store
author: TrudyHa ms.author: cmcatee
ms.author: TrudyHa author: cmcatee-MSFT
manager: scotv
ms.topic: conceptual ms.topic: conceptual
ms.localizationpriority: medium ms.localizationpriority: medium
ms.date: 07/21/2021 ms.date: 07/21/2021
@ -22,7 +22,7 @@ ms.date: 07/21/2021
- Windows 10 - Windows 10
> [!IMPORTANT] > [!IMPORTANT]
> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286). > The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
Microsoft Store for Business and Education has thousands of apps from many different categories. Microsoft Store for Business and Education has thousands of apps from many different categories.

8
store-for-business/assign-apps-to-employees.md
View File

@ -3,12 +3,12 @@ title: Assign apps to employees (Windows 10)
description: Administrators can assign online-licensed apps to employees and students in their organization. description: Administrators can assign online-licensed apps to employees and students in their organization.
ms.assetid: A0DF4EC2-BE33-41E1-8832-DBB0EBECA31A ms.assetid: A0DF4EC2-BE33-41E1-8832-DBB0EBECA31A
ms.reviewer: ms.reviewer:
manager: dansimp
ms.mktglfcycl: manage ms.mktglfcycl: manage
ms.sitesec: library ms.sitesec: library
ms.pagetype: store ms.pagetype: store
author: TrudyHa ms.author: cmcatee
ms.author: TrudyHa author: cmcatee-MSFT
manager: scotv
ms.topic: conceptual ms.topic: conceptual
ms.localizationpriority: medium ms.localizationpriority: medium
ms.date: 07/21/2021 ms.date: 07/21/2021
@ -22,7 +22,7 @@ ms.date: 07/21/2021
- Windows 10 - Windows 10
> [!IMPORTANT] > [!IMPORTANT]
> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286). > The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
Admins, Purchasers, and Basic Purchasers can assign online-licensed apps to employees or students in their organization. Admins, Purchasers, and Basic Purchasers can assign online-licensed apps to employees or students in their organization.

8
store-for-business/billing-payments-overview.md
View File

@ -5,19 +5,19 @@ keywords: billing, payment methods, invoices, credit card, debit card
ms.mktglfcycl: manage ms.mktglfcycl: manage
ms.sitesec: library ms.sitesec: library
ms.pagetype: store ms.pagetype: store
author: TrudyHa ms.author: cmcatee
ms.author: TrudyHa author: cmcatee-MSFT
manager: scotv
ms.topic: conceptual ms.topic: conceptual
ms.localizationpriority: medium ms.localizationpriority: medium
ms.date: 07/21/2021 ms.date: 07/21/2021
ms.reviewer: ms.reviewer:
manager: dansimp
--- ---
# Billing and payments # Billing and payments
> [!IMPORTANT] > [!IMPORTANT]
> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286). > The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
Access invoices and managed your payment methods. Access invoices and managed your payment methods.

8
store-for-business/billing-profile.md
View File

@ -5,19 +5,19 @@ keywords: billing profile, invoices, charges, managed charges
ms.mktglfcycl: manage ms.mktglfcycl: manage
ms.sitesec: library ms.sitesec: library
ms.pagetype: store ms.pagetype: store
author: trudyha ms.author: cmcatee
ms.author: TrudyHa author: cmcatee-MSFT
manager: scotv
ms.topic: conceptual ms.topic: conceptual
ms.localizationpriority: medium ms.localizationpriority: medium
ms.date: 07/21/2021 ms.date: 07/21/2021
ms.reviewer: ms.reviewer:
manager: dansimp
--- ---
# Understand billing profiles # Understand billing profiles
> [!IMPORTANT] > [!IMPORTANT]
> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286). > The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
For commercial customers purchasing software or hardware products from Microsoft using a Microsoft customer agreement, billing profiles let you customize what products are included on your invoice, and how you pay your invoices. For commercial customers purchasing software or hardware products from Microsoft using a Microsoft customer agreement, billing profiles let you customize what products are included on your invoice, and how you pay your invoices.

8
store-for-business/billing-understand-your-invoice-msfb.md
View File

@ -4,19 +4,19 @@ description: Learn how to read and understand your MCA bill
ms.mktglfcycl: manage ms.mktglfcycl: manage
ms.sitesec: library ms.sitesec: library
ms.pagetype: store ms.pagetype: store
author: trudyha ms.author: cmcatee
ms.author: TrudyHa author: cmcatee-MSFT
manager: scotv
ms.topic: conceptual ms.topic: conceptual
ms.localizationpriority: medium ms.localizationpriority: medium
ms.date: 07/21/2021 ms.date: 07/21/2021
ms.reviewer: ms.reviewer:
manager: dansimp
--- ---
# Understand your Microsoft Customer Agreement invoice # Understand your Microsoft Customer Agreement invoice
> [!IMPORTANT] > [!IMPORTANT]
> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286). > The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
The invoice provides a summary of your charges and provides instructions for payment. It's available for The invoice provides a summary of your charges and provides instructions for payment. It's available for
download in the Portable Document Format (.pdf) for commercial customers from Microsoft Store for Business [Microsoft Store for Business - Invoice](https://businessstore.microsoft.com/manage/payments-billing/invoices) or can be sent via email. This article applies to invoices generated for a Microsoft Customer Agreement billing account. Check if you have a [Microsoft Customer Agreement](https://businessstore.microsoft.com/manage/organization/agreements). download in the Portable Document Format (.pdf) for commercial customers from Microsoft Store for Business [Microsoft Store for Business - Invoice](https://businessstore.microsoft.com/manage/payments-billing/invoices) or can be sent via email. This article applies to invoices generated for a Microsoft Customer Agreement billing account. Check if you have a [Microsoft Customer Agreement](https://businessstore.microsoft.com/manage/organization/agreements).

8
store-for-business/configure-mdm-provider-microsoft-store-for-business.md
View File

@ -3,12 +3,12 @@ title: Configure an MDM provider (Windows 10)
description: For companies or organizations using mobile device management (MDM) tools, those tools can synchronize with Microsoft Store for Business inventory to manage apps with offline licenses. description: For companies or organizations using mobile device management (MDM) tools, those tools can synchronize with Microsoft Store for Business inventory to manage apps with offline licenses.
ms.assetid: B3A45C8C-A96C-4254-9659-A9B364784673 ms.assetid: B3A45C8C-A96C-4254-9659-A9B364784673
ms.reviewer: ms.reviewer:
manager: dansimp
ms.mktglfcycl: manage ms.mktglfcycl: manage
ms.sitesec: library ms.sitesec: library
ms.pagetype: store ms.pagetype: store
author: TrudyHa ms.author: cmcatee
ms.author: TrudyHa author: cmcatee-MSFT
manager: scotv
ms.topic: conceptual ms.topic: conceptual
ms.localizationpriority: medium ms.localizationpriority: medium
ms.date: 07/21/2021 ms.date: 07/21/2021
@ -21,7 +21,7 @@ ms.date: 07/21/2021
- Windows 10 - Windows 10
> [!IMPORTANT] > [!IMPORTANT]
> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286). > The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
For companies or organizations using mobile device management (MDM) tools, those tools can synchronize with Microsoft Store for Business inventory to manage apps with offline licenses. Store for Business management tool services work with your third-party management tool to manage content. For companies or organizations using mobile device management (MDM) tools, those tools can synchronize with Microsoft Store for Business inventory to manage apps with offline licenses. Store for Business management tool services work with your third-party management tool to manage content.

8
store-for-business/distribute-apps-from-your-private-store.md
View File

@ -3,12 +3,12 @@ title: Distribute apps using your private store (Windows 10)
description: The private store is a feature in Microsoft Store for Business and Microsoft Store for Education that organizations receive during the signup process. description: The private store is a feature in Microsoft Store for Business and Microsoft Store for Education that organizations receive during the signup process.
ms.assetid: C4644035-845C-4C84-87F0-D87EA8F5BA19 ms.assetid: C4644035-845C-4C84-87F0-D87EA8F5BA19
ms.reviewer: ms.reviewer:
manager: dansimp
ms.mktglfcycl: manage ms.mktglfcycl: manage
ms.sitesec: library ms.sitesec: library
ms.pagetype: store ms.pagetype: store
author: TrudyHa ms.author: cmcatee
ms.author: TrudyHa author: cmcatee-MSFT
manager: scotv
ms.topic: conceptual ms.topic: conceptual
ms.localizationpriority: medium ms.localizationpriority: medium
ms.date: 07/21/2021 ms.date: 07/21/2021
@ -21,7 +21,7 @@ ms.date: 07/21/2021
- Windows 10 - Windows 10
> [!IMPORTANT] > [!IMPORTANT]
> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286). > The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
The private store is a feature in Microsoft Store for Business and Education that organizations receive during the signup process. When admins add apps to the private store, all employees in the organization can view and download the apps. Your private store is available as a tab in Microsoft Store app, and is usually named for your company or organization. Only apps with online licenses can be added to the private store. The private store is a feature in Microsoft Store for Business and Education that organizations receive during the signup process. When admins add apps to the private store, all employees in the organization can view and download the apps. Your private store is available as a tab in Microsoft Store app, and is usually named for your company or organization. Only apps with online licenses can be added to the private store.

8
store-for-business/distribute-apps-to-your-employees-microsoft-store-for-business.md
View File

@ -3,12 +3,12 @@ title: Distribute apps to your employees from the Microsoft Store for Business a
description: Distribute apps to your employees from Microsoft Store for Business or Microsoft Store for Education. You can assign apps to employees,or let employees install them from your private store. description: Distribute apps to your employees from Microsoft Store for Business or Microsoft Store for Education. You can assign apps to employees,or let employees install them from your private store.
ms.assetid: E591497C-6DFA-49C1-8329-4670F2164E9E ms.assetid: E591497C-6DFA-49C1-8329-4670F2164E9E
ms.reviewer: ms.reviewer:
manager: dansimp
ms.mktglfcycl: manage ms.mktglfcycl: manage
ms.sitesec: library ms.sitesec: library
ms.pagetype: store ms.pagetype: store
author: TrudyHa ms.author: cmcatee
ms.author: TrudyHa author: cmcatee-MSFT
manager: scotv
ms.topic: conceptual ms.topic: conceptual
ms.localizationpriority: medium ms.localizationpriority: medium
ms.date: 07/21/2021 ms.date: 07/21/2021
@ -22,7 +22,7 @@ ms.date: 07/21/2021
- Windows 10 - Windows 10
> [!IMPORTANT] > [!IMPORTANT]
> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286). > The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
Distribute apps to your employees from Microsoft Store for Business and Microsoft Store for Education. You can assign apps to employees, or let employees install them from your private store. Distribute apps to your employees from Microsoft Store for Business and Microsoft Store for Education. You can assign apps to employees, or let employees install them from your private store.

8
store-for-business/distribute-apps-with-management-tool.md
View File

@ -3,12 +3,12 @@ title: Distribute apps with a management tool (Windows 10)
description: You can configure a mobile device management (MDM) tool to synchronize your Microsoft Store for Business or Microsoft Store for Education inventory. Microsoft Store management tool services work with MDM tools to manage content. description: You can configure a mobile device management (MDM) tool to synchronize your Microsoft Store for Business or Microsoft Store for Education inventory. Microsoft Store management tool services work with MDM tools to manage content.
ms.assetid: 006F5FB1-E688-4769-BD9A-CFA6F5829016 ms.assetid: 006F5FB1-E688-4769-BD9A-CFA6F5829016
ms.reviewer: ms.reviewer:
manager: dansimp
ms.mktglfcycl: manage ms.mktglfcycl: manage
ms.sitesec: library ms.sitesec: library
ms.pagetype: store ms.pagetype: store
author: TrudyHa ms.author: cmcatee
ms.author: TrudyHa author: cmcatee-MSFT
manager: scotv
ms.topic: conceptual ms.topic: conceptual
ms.localizationpriority: medium ms.localizationpriority: medium
ms.date: 07/21/2021 ms.date: 07/21/2021
@ -22,7 +22,7 @@ ms.date: 07/21/2021
- Windows 10 - Windows 10
> [!IMPORTANT] > [!IMPORTANT]
> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286). > The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
You can configure a mobile device management (MDM) tool to synchronize your Microsoft Store for Business or Microsoft Store for Education inventory. Microsoft Store management tool services work with MDM tools to manage content. You can configure a mobile device management (MDM) tool to synchronize your Microsoft Store for Business or Microsoft Store for Education inventory. Microsoft Store management tool services work with MDM tools to manage content.

8
store-for-business/distribute-offline-apps.md
View File

@ -3,12 +3,12 @@ title: Distribute offline apps (Windows 10)
description: Offline licensing is a new licensing option for Windows 10. description: Offline licensing is a new licensing option for Windows 10.
ms.assetid: 6B9F6876-AA66-4EE4-A448-1371511AC95E ms.assetid: 6B9F6876-AA66-4EE4-A448-1371511AC95E
ms.reviewer: ms.reviewer:
manager: dansimp
ms.mktglfcycl: manage ms.mktglfcycl: manage
ms.sitesec: library ms.sitesec: library
ms.pagetype: store ms.pagetype: store
author: TrudyHa ms.author: cmcatee
ms.author: TrudyHa author: cmcatee-MSFT
manager: scotv
ms.topic: conceptual ms.topic: conceptual
ms.localizationpriority: medium ms.localizationpriority: medium
ms.date: 07/21/2021 ms.date: 07/21/2021
@ -22,7 +22,7 @@ ms.date: 07/21/2021
- Windows 10 - Windows 10
> [!IMPORTANT] > [!IMPORTANT]
> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286). > The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
> >
Offline licensing is a new licensing option for Windows 10 with Microsoft Store for Business and Microsoft Store for Education. With offline licenses, organizations can download apps and their licenses to deploy within their network, or on devices that are not connected to the Internet. ISVs or devs can opt-in their apps for offline licensing when they submit them to the Windows Dev Center. Only apps that are opted in to offline licensing will show that they are available for offline licensing in Microsoft Store for Business and Microsoft Store for Education. This model allows organizations to deploy apps when users or devices do not have connectivity to the Store. Offline licensing is a new licensing option for Windows 10 with Microsoft Store for Business and Microsoft Store for Education. With offline licenses, organizations can download apps and their licenses to deploy within their network, or on devices that are not connected to the Internet. ISVs or devs can opt-in their apps for offline licensing when they submit them to the Windows Dev Center. Only apps that are opted in to offline licensing will show that they are available for offline licensing in Microsoft Store for Business and Microsoft Store for Education. This model allows organizations to deploy apps when users or devices do not have connectivity to the Store.

4
store-for-business/docfx.json
View File

@ -32,6 +32,7 @@
"externalReference": [], "externalReference": [],
"globalMetadata": { "globalMetadata": {
"recommendations": true, "recommendations": true,
"adobe-target": true,
"ms.collection": [ "ms.collection": [
"tier2" "tier2"
], ],
@ -64,7 +65,8 @@
"dstrome", "dstrome",
"v-dihans", "v-dihans",
"garycentric", "garycentric",
"v-stsavell" "v-stsavell",
"beccarobins"
] ]
}, },
"fileMetadata": {}, "fileMetadata": {},

8
store-for-business/find-and-acquire-apps-overview.md
View File

@ -3,12 +3,12 @@ title: Find and acquire apps (Windows 10)
description: Use the Microsoft Store for Business and Education to find apps for your organization. You can also work with developers to create line-of-business apps that are only available to your organization. description: Use the Microsoft Store for Business and Education to find apps for your organization. You can also work with developers to create line-of-business apps that are only available to your organization.
ms.assetid: 274A5003-5F15-4635-BB8B-953953FD209A ms.assetid: 274A5003-5F15-4635-BB8B-953953FD209A
ms.reviewer: ms.reviewer:
manager: dansimp
ms.mktglfcycl: manage ms.mktglfcycl: manage
ms.sitesec: library ms.sitesec: library
ms.pagetype: store ms.pagetype: store
author: TrudyHa ms.author: cmcatee
ms.author: TrudyHa author: cmcatee-MSFT
manager: scotv
ms.topic: conceptual ms.topic: conceptual
ms.localizationpriority: medium ms.localizationpriority: medium
ms.date: 07/21/2021 ms.date: 07/21/2021
@ -22,7 +22,7 @@ ms.date: 07/21/2021
- Windows 10 - Windows 10
> [!IMPORTANT] > [!IMPORTANT]
> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286). > The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
Use the Microsoft Store for Business and Education to find apps for your organization. You can also work with developers to create line-of-business apps that are only available to your organization. Use the Microsoft Store for Business and Education to find apps for your organization. You can also work with developers to create line-of-business apps that are only available to your organization.

2
store-for-business/index.md
View File

@ -20,7 +20,7 @@ ms.date: 07/21/2021
- Windows 10 - Windows 10
> [!IMPORTANT] > [!IMPORTANT]
> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286). > The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
Welcome to the Microsoft Store for Business and Education! You can use Microsoft Store to find, acquire, distribute, and manage apps for your organization or school. Welcome to the Microsoft Store for Business and Education! You can use Microsoft Store to find, acquire, distribute, and manage apps for your organization or school.

8
store-for-business/manage-access-to-private-store.md
View File

@ -3,12 +3,12 @@ title: Manage access to private store (Windows 10)
description: You can manage access to your private store in Microsoft Store for Business and Microsoft Store for Education. description: You can manage access to your private store in Microsoft Store for Business and Microsoft Store for Education.
ms.assetid: 4E00109C-2782-474D-98C0-02A05BE613A5 ms.assetid: 4E00109C-2782-474D-98C0-02A05BE613A5
ms.reviewer: ms.reviewer:
manager: dansimp
ms.mktglfcycl: manage ms.mktglfcycl: manage
ms.sitesec: library ms.sitesec: library
ms.pagetype: store ms.pagetype: store
author: TrudyHa ms.author: cmcatee
ms.author: TrudyHa author: cmcatee-MSFT
manager: scotv
ms.topic: conceptual ms.topic: conceptual
ms.date: 07/21/2021 ms.date: 07/21/2021
--- ---
@ -21,7 +21,7 @@ ms.date: 07/21/2021
- Windows 10 - Windows 10
> [!IMPORTANT] > [!IMPORTANT]
> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286). > The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
You can manage access to your private store in Microsoft Store for Business and Microsoft Store for Education. You can manage access to your private store in Microsoft Store for Business and Microsoft Store for Education.

8
store-for-business/manage-apps-microsoft-store-for-business-overview.md
View File

@ -3,12 +3,12 @@ title: Manage products and services in Microsoft Store for Business (Windows 10)
description: Manage apps, software, devices, products and services in Microsoft Store for Business. description: Manage apps, software, devices, products and services in Microsoft Store for Business.
ms.assetid: 2F65D4C3-B02C-41CC-92F0-5D9937228202 ms.assetid: 2F65D4C3-B02C-41CC-92F0-5D9937228202
ms.reviewer: ms.reviewer:
manager: dansimp
ms.mktglfcycl: manage ms.mktglfcycl: manage
ms.sitesec: library ms.sitesec: library
ms.pagetype: store ms.pagetype: store
author: TrudyHa ms.author: cmcatee
ms.author: TrudyHa author: cmcatee-MSFT
manager: scotv
ms.topic: conceptual ms.topic: conceptual
ms.localizationpriority: medium ms.localizationpriority: medium
ms.date: 07/21/2021 ms.date: 07/21/2021
@ -21,7 +21,7 @@ ms.date: 07/21/2021
- Windows 10 - Windows 10
> [!IMPORTANT] > [!IMPORTANT]
> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286). > The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
Manage products and services in Microsoft Store for Business and Microsoft Store for Education. This includes apps, software, products, devices, and services available under **Products & services**. Manage products and services in Microsoft Store for Business and Microsoft Store for Education. This includes apps, software, products, devices, and services available under **Products & services**.

8
store-for-business/manage-orders-microsoft-store-for-business.md
View File

@ -4,19 +4,19 @@ description: You can view your order history with Microsoft Store for Business o
ms.mktglfcycl: manage ms.mktglfcycl: manage
ms.sitesec: library ms.sitesec: library
ms.pagetype: store ms.pagetype: store
author: TrudyHa ms.author: cmcatee
ms.author: TrudyHa author: cmcatee-MSFT
manager: scotv
ms.topic: conceptual ms.topic: conceptual
ms.localizationpriority: medium ms.localizationpriority: medium
ms.date: 07/21/2021 ms.date: 07/21/2021
ms.reviewer: ms.reviewer:
manager: dansimp
--- ---
# Manage app orders in Microsoft Store for Business and Education # Manage app orders in Microsoft Store for Business and Education
> [!IMPORTANT] > [!IMPORTANT]
> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286). > The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
After you've acquired apps, you can review order information and invoices on **Order history**. On this page, you can view invoices, and request refunds. After you've acquired apps, you can review order information and invoices on **Order history**. On this page, you can view invoices, and request refunds.

8
store-for-business/manage-private-store-settings.md
View File

@ -3,12 +3,12 @@ title: Manage private store settings (Windows 10)
description: The private store is a feature in the Microsoft Store for Business and Microsoft Store for Education that organizations receive during the sign up process. description: The private store is a feature in the Microsoft Store for Business and Microsoft Store for Education that organizations receive during the sign up process.
ms.assetid: 2D501538-0C6E-4408-948A-2BF5B05F7A0C ms.assetid: 2D501538-0C6E-4408-948A-2BF5B05F7A0C
ms.reviewer: ms.reviewer:
manager: dansimp
ms.mktglfcycl: manage ms.mktglfcycl: manage
ms.sitesec: library ms.sitesec: library
ms.pagetype: store ms.pagetype: store
author: TrudyHa ms.author: cmcatee
ms.author: TrudyHa author: cmcatee-MSFT
manager: scotv
ms.topic: conceptual ms.topic: conceptual
ms.date: 07/21/2021 ms.date: 07/21/2021
ms.localizationpriority: medium ms.localizationpriority: medium
@ -21,7 +21,7 @@ ms.localizationpriority: medium
- Windows 10 - Windows 10
> [!IMPORTANT] > [!IMPORTANT]
> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286). > The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
The private store is a feature in Microsoft Store for Business and Education that organizations receive during the sign up process. When admins add apps to the private store, all people in the organization can view and download the apps. Only online-licensed apps can be distributed from your private store. The private store is a feature in Microsoft Store for Business and Education that organizations receive during the sign up process. When admins add apps to the private store, all people in the organization can view and download the apps. Only online-licensed apps can be distributed from your private store.

8
store-for-business/manage-settings-microsoft-store-for-business.md
View File

@ -3,12 +3,12 @@ title: Manage settings for Microsoft Store for Business and Microsoft Store for
description: You can add users and groups, as well as update some of the settings associated with the Azure Active Directory (AD) tenant. description: You can add users and groups, as well as update some of the settings associated with the Azure Active Directory (AD) tenant.
ms.assetid: E3283D77-4DB2-40A9-9479-DDBC33D5A895 ms.assetid: E3283D77-4DB2-40A9-9479-DDBC33D5A895
ms.reviewer: ms.reviewer:
manager: dansimp
ms.mktglfcycl: manage ms.mktglfcycl: manage
ms.sitesec: library ms.sitesec: library
ms.pagetype: store ms.pagetype: store
author: TrudyHa ms.author: cmcatee
ms.author: TrudyHa author: cmcatee-MSFT
manager: scotv
ms.topic: conceptual ms.topic: conceptual
ms.localizationpriority: medium ms.localizationpriority: medium
ms.date: 07/21/2021 ms.date: 07/21/2021
@ -21,7 +21,7 @@ ms.date: 07/21/2021
- Windows 10 - Windows 10
> [!IMPORTANT] > [!IMPORTANT]
> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286). > The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
You can add users and groups, as well as update some of the settings associated with the Azure Active Directory (AD) tenant. You can add users and groups, as well as update some of the settings associated with the Azure Active Directory (AD) tenant.

8
store-for-business/manage-users-and-groups-microsoft-store-for-business.md
View File

@ -3,12 +3,12 @@ title: Manage user accounts in Microsoft Store for Business and Microsoft Store
description: Microsoft Store for Business and Microsoft Store for Education manages permissions with a set of roles. Currently, you can assign these roles to individuals in your organization, but not to groups. description: Microsoft Store for Business and Microsoft Store for Education manages permissions with a set of roles. Currently, you can assign these roles to individuals in your organization, but not to groups.
ms.assetid: 5E7FA071-CABD-4ACA-8AAE-F549EFCE922F ms.assetid: 5E7FA071-CABD-4ACA-8AAE-F549EFCE922F
ms.reviewer: ms.reviewer:
manager: dansimp
ms.mktglfcycl: manage ms.mktglfcycl: manage
ms.sitesec: library ms.sitesec: library
ms.pagetype: store ms.pagetype: store
author: TrudyHa ms.author: cmcatee
ms.author: TrudyHa author: cmcatee-MSFT
manager: scotv
ms.topic: conceptual ms.topic: conceptual
ms.localizationpriority: medium ms.localizationpriority: medium
ms.date: 07/21/2021 ms.date: 07/21/2021
@ -22,7 +22,7 @@ ms.date: 07/21/2021
- Windows 10 - Windows 10
> [!IMPORTANT] > [!IMPORTANT]
> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286). > The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
Microsoft Store for Business and Education manages permissions with a set of roles. Currently, you can [assign these roles to individuals in your organization](roles-and-permissions-microsoft-store-for-business.md), but not to groups. Microsoft Store for Business and Education manages permissions with a set of roles. Currently, you can [assign these roles to individuals in your organization](roles-and-permissions-microsoft-store-for-business.md), but not to groups.

8
store-for-business/microsoft-store-for-business-education-powershell-module.md
View File

@ -4,13 +4,13 @@ description: Preview version of PowerShell module
ms.mktglfcycl: manage ms.mktglfcycl: manage
ms.sitesec: library ms.sitesec: library
ms.pagetype: store ms.pagetype: store
author: TrudyHa ms.author: cmcatee
ms.author: TrudyHa author: cmcatee-MSFT
manager: scotv
ms.topic: conceptual ms.topic: conceptual
ms.localizationpriority: medium ms.localizationpriority: medium
ms.date: 07/21/2021 ms.date: 07/21/2021
ms.reviewer: ms.reviewer:
manager: dansimp
--- ---
# Microsoft Store for Business and Education PowerShell module - preview # Microsoft Store for Business and Education PowerShell module - preview
@ -19,7 +19,7 @@ manager: dansimp
- Windows 10 - Windows 10
> [!IMPORTANT] > [!IMPORTANT]
> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286). > The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
Microsoft Store for Business and Education PowerShell module (preview) is now available on [PowerShell Gallery](https://go.microsoft.com/fwlink/?linkid=853459). Microsoft Store for Business and Education PowerShell module (preview) is now available on [PowerShell Gallery](https://go.microsoft.com/fwlink/?linkid=853459).

2
store-for-business/microsoft-store-for-business-overview.md
View File

@ -21,7 +21,7 @@ ms.date: 07/21/2021
- Windows 10 - Windows 10
> [!IMPORTANT] > [!IMPORTANT]
> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286). > The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
> [!IMPORTANT] > [!IMPORTANT]
> Starting on April 14th, 2021, only free apps will be available in Microsoft Store for Business and Education. For more information, see [Microsoft Store for Business and Education](index.md). > Starting on April 14th, 2021, only free apps will be available in Microsoft Store for Business and Education. For more information, see [Microsoft Store for Business and Education](index.md).

8
store-for-business/notifications-microsoft-store-business.md
View File

@ -4,12 +4,12 @@ description: Notifications alert you to issues or outages with Microsoft Store f
keywords: notifications, alerts keywords: notifications, alerts
ms.assetid: ms.assetid:
ms.reviewer: ms.reviewer:
manager: dansimp
ms.mktglfcycl: manage ms.mktglfcycl: manage
ms.sitesec: library ms.sitesec: library
ms.pagetype: store ms.pagetype: store
author: TrudyHa ms.author: cmcatee
ms.author: TrudyHa author: cmcatee-MSFT
manager: scotv
ms.topic: conceptual ms.topic: conceptual
ms.localizationpriority: medium ms.localizationpriority: medium
ms.date: 07/21/2021 ms.date: 07/21/2021
@ -23,7 +23,7 @@ ms.date: 07/21/2021
- Windows 10 - Windows 10
> [!IMPORTANT] > [!IMPORTANT]
> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286). > The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
Microsoft Store for Business and Microsoft Store for Education use a set of notifications to alert admins if there is an issue or outage with Microsoft Store. Microsoft Store for Business and Microsoft Store for Education use a set of notifications to alert admins if there is an issue or outage with Microsoft Store.

8
store-for-business/payment-methods.md
View File

@ -5,19 +5,19 @@ keywords: payment method, credit card, debit card, add credit card, update payme
ms.mktglfcycl: manage ms.mktglfcycl: manage
ms.sitesec: library ms.sitesec: library
ms.pagetype: store ms.pagetype: store
author: trudyha ms.author: cmcatee
ms.author: TrudyHa author: cmcatee-MSFT
manager: scotv
ms.topic: conceptual ms.topic: conceptual
ms.localizationpriority: medium ms.localizationpriority: medium
ms.date: 07/21/2021 ms.date: 07/21/2021
ms.reviewer: ms.reviewer:
manager: dansimp
--- ---
# Payment methods # Payment methods
> [!IMPORTANT] > [!IMPORTANT]
> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286). > The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
You can purchase products and services from Microsoft Store for Business using your credit card. You can enter your credit card information on **Payment methods**, or when you purchase an app. We currently accept these credit cards: You can purchase products and services from Microsoft Store for Business using your credit card. You can enter your credit card information on **Payment methods**, or when you purchase an app. We currently accept these credit cards:
- VISA - VISA

2
store-for-business/prerequisites-microsoft-store-for-business.md
View File

@ -21,7 +21,7 @@ ms.date: 07/21/2021
- Windows 10 - Windows 10
> [!IMPORTANT] > [!IMPORTANT]
> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286). > The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
> [!IMPORTANT] > [!IMPORTANT]
> Starting on April 14th, 2021, only free apps will be available in Microsoft Store for Business and Education. For more information, see [Microsoft Store for Business and Education](index.md). > Starting on April 14th, 2021, only free apps will be available in Microsoft Store for Business and Education. For more information, see [Microsoft Store for Business and Education](index.md).

8
store-for-business/release-history-microsoft-store-business-education.md
View File

@ -4,18 +4,18 @@ description: Know the release history of Microsoft Store for Business and Micros
ms.mktglfcycl: manage ms.mktglfcycl: manage
ms.sitesec: library ms.sitesec: library
ms.pagetype: store ms.pagetype: store
author: TrudyHa ms.author: cmcatee
ms.author: TrudyHa author: cmcatee-MSFT
manager: scotv
ms.topic: conceptual ms.topic: conceptual
ms.date: 07/21/2021 ms.date: 07/21/2021
ms.reviewer: ms.reviewer:
manager: dansimp
--- ---
# Microsoft Store for Business and Education release history # Microsoft Store for Business and Education release history
> [!IMPORTANT] > [!IMPORTANT]
> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286). > The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
Microsoft Store for Business and Education regularly releases new and improved features. Here's a summary of new or updated features in previous releases. Microsoft Store for Business and Education regularly releases new and improved features. Here's a summary of new or updated features in previous releases.

2
store-for-business/roles-and-permissions-microsoft-store-for-business.md
View File

@ -22,7 +22,7 @@ ms.date: 07/21/2021
- Windows 10 - Windows 10
> [!IMPORTANT] > [!IMPORTANT]
> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286). > The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
> [!IMPORTANT] > [!IMPORTANT]
> Starting on April 14th, 2021, only free apps will be available in Microsoft Store for Business and Education. For more information, see [Microsoft Store for Business and Education](index.md). > Starting on April 14th, 2021, only free apps will be available in Microsoft Store for Business and Education. For more information, see [Microsoft Store for Business and Education](index.md).

8
store-for-business/settings-reference-microsoft-store-for-business.md
View File

@ -3,12 +3,12 @@ title: Settings reference Microsoft Store for Business and Education (Windows 10
description: The Microsoft Store for Business and Education has a group of settings that admins use to manage the store. description: The Microsoft Store for Business and Education has a group of settings that admins use to manage the store.
ms.assetid: 34F7FA2B-B848-454B-AC00-ECA49D87B678 ms.assetid: 34F7FA2B-B848-454B-AC00-ECA49D87B678
ms.reviewer: ms.reviewer:
manager: dansimp
ms.mktglfcycl: manage ms.mktglfcycl: manage
ms.sitesec: library ms.sitesec: library
ms.pagetype: store ms.pagetype: store
author: TrudyHa ms.author: cmcatee
ms.author: TrudyHa author: cmcatee-MSFT
manager: scotv
ms.topic: conceptual ms.topic: conceptual
ms.localizationpriority: medium ms.localizationpriority: medium
ms.date: 07/21/2021 ms.date: 07/21/2021
@ -17,7 +17,7 @@ ms.date: 07/21/2021
# Settings reference: Microsoft Store for Business and Education # Settings reference: Microsoft Store for Business and Education
> [!IMPORTANT] > [!IMPORTANT]
> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286). > The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
The Microsoft Store for Business and Education has a group of settings that admins use to manage the store. The Microsoft Store for Business and Education has a group of settings that admins use to manage the store.

2
store-for-business/sign-up-microsoft-store-for-business-overview.md
View File

@ -21,7 +21,7 @@ ms.date: 07/21/2021
- Windows 10 - Windows 10
> [!IMPORTANT] > [!IMPORTANT]
> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286). > The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
IT admins can sign up for Microsoft Store for Business and Education, and get started working with apps. IT admins can sign up for Microsoft Store for Business and Education, and get started working with apps.

8
store-for-business/troubleshoot-microsoft-store-for-business.md
View File

@ -3,12 +3,12 @@ title: Troubleshoot Microsoft Store for Business (Windows 10)
description: Troubleshooting topics for Microsoft Store for Business. description: Troubleshooting topics for Microsoft Store for Business.
ms.assetid: 243755A3-9B20-4032-9A77-2207320A242A ms.assetid: 243755A3-9B20-4032-9A77-2207320A242A
ms.reviewer: ms.reviewer:
manager: dansimp
ms.mktglfcycl: manage ms.mktglfcycl: manage
ms.sitesec: library ms.sitesec: library
ms.pagetype: store ms.pagetype: store
author: TrudyHa ms.author: cmcatee
ms.author: TrudyHa author: cmcatee-MSFT
manager: scotv
ms.topic: conceptual ms.topic: conceptual
ms.localizationpriority: medium ms.localizationpriority: medium
ms.date: 07/21/2021 ms.date: 07/21/2021
@ -21,7 +21,7 @@ ms.date: 07/21/2021
- Windows 10 - Windows 10
> [!IMPORTANT] > [!IMPORTANT]
> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286). > The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
Troubleshooting topics for Microsoft Store for Business. Troubleshooting topics for Microsoft Store for Business.

9
store-for-business/update-microsoft-store-for-business-account-settings.md
View File

@ -5,19 +5,18 @@ keywords: billing accounts, organization info
ms.mktglfcycl: manage ms.mktglfcycl: manage
ms.sitesec: library ms.sitesec: library
ms.pagetype: store ms.pagetype: store
author: TrudyHa ms.author: cmcatee
ms.author: TrudyHa author: cmcatee-MSFT
manager: scotv
ms.topic: conceptual ms.topic: conceptual
ms.localizationpriority: medium ms.localizationpriority: medium
ms.date: 07/21/2021 ms.date: 07/21/2021
ms.reviewer:
manager: dansimp
--- ---
# Update Billing account settings # Update Billing account settings
> [!IMPORTANT] > [!IMPORTANT]
> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286). > The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
A billing account contains defining information about your organization. A billing account contains defining information about your organization.

8
store-for-business/whats-new-microsoft-store-business-education.md
View File

@ -4,18 +4,18 @@ description: Learn about newest features in Microsoft Store for Business and Mic
ms.mktglfcycl: manage ms.mktglfcycl: manage
ms.sitesec: library ms.sitesec: library
ms.pagetype: store ms.pagetype: store
author: TrudyHa ms.author: cmcatee
ms.author: TrudyHa author: cmcatee-MSFT
manager: scotv
ms.topic: conceptual ms.topic: conceptual
ms.date: 07/21/2021 ms.date: 07/21/2021
ms.reviewer: ms.reviewer:
manager: dansimp
--- ---
# What's new in Microsoft Store for Business and Education # What's new in Microsoft Store for Business and Education
> [!IMPORTANT] > [!IMPORTANT]
> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286). > The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
Microsoft Store for Business and Education regularly releases new and improved features. Microsoft Store for Business and Education regularly releases new and improved features.

8
store-for-business/working-with-line-of-business-apps.md
View File

@ -3,12 +3,12 @@ title: Working with line-of-business apps (Windows 10)
description: Your company or school can make line-of-business (LOB) applications available through Microsoft Store for Business or Microsoft Store for Education. These apps are custom to your organization they might be internal business apps, or apps specific to your school, business, or industry. description: Your company or school can make line-of-business (LOB) applications available through Microsoft Store for Business or Microsoft Store for Education. These apps are custom to your organization they might be internal business apps, or apps specific to your school, business, or industry.
ms.assetid: 95EB7085-335A-447B-84BA-39C26AEB5AC7 ms.assetid: 95EB7085-335A-447B-84BA-39C26AEB5AC7
ms.reviewer: ms.reviewer:
manager: dansimp
ms.mktglfcycl: manage ms.mktglfcycl: manage
ms.sitesec: library ms.sitesec: library
ms.pagetype: store ms.pagetype: store
author: TrudyHa ms.author: cmcatee
ms.author: TrudyHa author: cmcatee-MSFT
manager: scotv
ms.topic: conceptual ms.topic: conceptual
ms.localizationpriority: medium ms.localizationpriority: medium
ms.date: 07/21/2021 ms.date: 07/21/2021
@ -21,7 +21,7 @@ ms.date: 07/21/2021
- Windows 10 - Windows 10
> [!IMPORTANT] > [!IMPORTANT]
> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286). > The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
Your company or school can make line-of-business (LOB) applications available through Microsoft Store for Business or Microsoft Store for Education. These apps are custom to your school or organization they might be internal apps, or apps specific to your school, business, or industry. Your company or school can make line-of-business (LOB) applications available through Microsoft Store for Business or Microsoft Store for Education. These apps are custom to your school or organization they might be internal apps, or apps specific to your school, business, or industry.

44
windows/application-management/app-v/appv-release-notes-for-appv-for-windows.md
View File

@ -18,17 +18,17 @@ ms.technology: itpro-apps
The following are known issues and workarounds for Application Virtualization (App-V) running on Windows 10, version 1607. The following are known issues and workarounds for Application Virtualization (App-V) running on Windows 10, version 1607.
## Windows Installer packages (.msi files) generated by the App-V sequencer (version 5.1 and earlier) fail to install on computers with the in-box App-V client ## Windows Installer packages (.msi files) generated by the App-V sequencer (version 5.1 and earlier) fail to install on computers with the in-box App-V client
There are MSI packages generated by an App-V sequencer from previous versions of App-V (Versions 5.1 and earlier). These packages include a check to validate whether the App-V client is installed on client devices, before allowing the MSI package to be installed. As the App-V client gets installed automatically when you upgrade user devices to Windows 10, version 1607, the pre-requisite check fails and causes the MSI to fail. There are MSI packages generated by an App-V sequencer from previous versions of App-V (Versions 5.1 and earlier). These packages include a check to validate whether the App-V client is installed on client devices, before allowing the MSI package to be installed. As the App-V client gets installed automatically when you upgrade user devices to Windows 10, version 1607, the prerequisite check fails and causes the MSI to fail.
**Workaround**: **Workaround**:
1. Install the latest App-V sequencer, which you can get from the Windows Assessment and Deployment Kit (ADK) for Windows 10, version 1607. See [Download the Windows ADK](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit). For more information, see [Install the App-V Sequencer](appv-install-the-sequencer.md). 1. Install the latest App-V sequencer, which you can get from the Windows Assessment and Deployment Kit (ADK) for Windows 10, version 1607. See [Download the Windows ADK](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit). For more information, see [Install the App-V Sequencer](appv-install-the-sequencer.md).
2. Ensure that you've installed the **MSI Tools** included in the Windows 10 SDK, available as follows: 2. Ensure that you've installed the **MSI Tools** included in the Windows 10 SDK, available as follows:
- For the **Visual Studio Community 2015 with Update 3** client, which includes the latest Windows 10 SDK and developer tools, see [Downloads and tools for Windows 10](https://developer.microsoft.com/en-us/windows/downloads). - For the **Visual Studio Community 2015 with Update 3** client, which includes the latest Windows 10 SDK and developer tools, see [Downloads and tools for Windows 10](https://developer.microsoft.com/windows/downloads).
- For the standalone Windows 10 SDK without other tools, see [Standalone Windows 10 SDK](https://developer.microsoft.com/en-US/windows/downloads/windows-10-sdk). - For the standalone Windows 10 SDK without other tools, see [Standalone Windows SDK](https://developer.microsoft.com/windows/downloads/windows-sdk).
3. Copy msidb.exe from the default path of the Windows SDK installation (**C:\Program Files (x86)\Windows Kits\10**) to a different directory. For example: **C:\MyMsiTools\bin** 3. Copy msidb.exe from the default path of the Windows SDK installation (**C:\Program Files (x86)\Windows Kits\10**) to a different directory. For example: **C:\MyMsiTools\bin**
@ -36,7 +36,7 @@ There are MSI packages generated by an App-V sequencer from previous versions of
&lt;Windows Kits 10 installation folder&gt;**\Microsoft Application Virtualization\Sequencer\\** &lt;Windows Kits 10 installation folder&gt;**\Microsoft Application Virtualization\Sequencer\\**
By default, this path will be:<br>**C:\Program Files (x86)\Windows Kits\10\Microsoft Application Virtualization\Sequencer** By default, this path is:<br>**C:\Program Files (x86)\Windows Kits\10\Microsoft Application Virtualization\Sequencer**
5. Run the following command: 5. Run the following command:
@ -51,7 +51,7 @@ An error is generated during publishing refresh when synchronizing packages from
**Workaround**: Upgrade the App-V 5.0 Management server to the App-V Management server for Windows 10 Clients. **Workaround**: Upgrade the App-V 5.0 Management server to the App-V Management server for Windows 10 Clients.
## Custom configurations don't get applied for packages that will be published globally if they're set using the App-V Server ## Custom configurations don't get applied for packages that will be published globally if they're set using the App-V Server
If you assign a package to an AD group that contains machine accounts and apply a custom configuration to that group using the App-V Server, the custom configuration won't be applied to those machines. The App-V Client will publish packages assigned to a machine account globally. However, it stores custom configuration files per user in each users profile. Globally published packages won't have access to this custom configuration. If you assign a package to an AD group that contains machine accounts and apply a custom configuration to that group using the App-V Server, the custom configuration won't be applied to those machines. The App-V Client publishes packages assigned to a machine account globally. However, it stores custom configuration files per user in each users profile. Globally published packages won't have access to this custom configuration.
**Workaround**: Implement one of the following tasks: **Workaround**: Implement one of the following tasks:
@ -69,23 +69,23 @@ If you uninstall the App-V 5.0 SP1 Server and then install the App-V Server, the
Under HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall, locate and delete the installation GUID key that contains the DWORD value "DisplayName" with value data "Microsoft Application Virtualization (App-V) Server". This is the only key that should be deleted. Under HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall, locate and delete the installation GUID key that contains the DWORD value "DisplayName" with value data "Microsoft Application Virtualization (App-V) Server". This is the only key that should be deleted.
## File type associations added manually are not saved correctly ## File type associations added manually aren't saved correctly
File type associations added to an application package manually using the Shortcuts and FTAs tab at the end of the application upgrade wizard aren't saved correctly. They won't be available to the App-V Client or to the Sequencer when updating the saved package again. File type associations added to an application package manually using the Shortcuts and FTAs tab at the end of the application upgrade wizard aren't saved correctly. They won't be available to the App-V Client or to the Sequencer when updating the saved package again.
**Workaround**: To add a file type association, open the package for modification and run the update wizard. During the Installation step, add the new file type association through the operating system. The sequencer will detect the new association in the system registry and add it to the packages virtual registry, where it will be available to the client. **Workaround**: To add a file type association, open the package for modification and run the update wizard. During the Installation step, add the new file type association through the operating system. The sequencer detects the new association in the system registry and adds it to the packages virtual registry, where it is available to the client.
## When streaming packages in Shared Content Store (SCS) mode to a client that is also managed with AppLocker, additional data is written to the local disk. ## When streaming packages in Shared Content Store (SCS) mode to a client that is also managed with AppLocker, extra data is written to the local disk.
To decrease the amount of data written to a clients local disk, you can enable SCS mode on the App-V Client to stream the contents of a package on demand. However, if AppLocker manages an application within the package, some data might be written to the clients local disk that wouldn't otherwise be written. To decrease the amount of data written to a clients local disk, you can enable SCS mode on the App-V Client to stream the contents of a package on demand. However, if AppLocker manages an application within the package, some data might be written to the clients local disk that wouldn't otherwise be written.
**Workaround**: None **Workaround**: None
## In the Management Console Add Package dialog box, the Browse button is not available when using Chrome or Firefox ## In the Management Console Add Package dialog box, the Browse button isn't available when using Chrome or Firefox
On the Packages page of the Management Console, if you click **Add or Upgrade** in the lower-right corner, the **Add Package** dialog box appears. If you're accessing the Management Console using Chrome or Firefox as your browser, you will not be able to browse to the location of the package. On the Packages page of the Management Console, if you select **Add or Upgrade** in the lower-right corner, the **Add Package** dialog box appears. If you're accessing the Management Console using Chrome or Firefox as your browser, you won't be able to browse to the location of the package.
**Workaround**: Type or copy and paste the path to the package into the **Add Package** input field. If the Management Console has access to this path, you will be able to add the package. If the package is on a network share, you can browse to the location using File Explorer by doing these steps: **Workaround**: Type or copy and paste the path to the package into the **Add Package** input field. If the Management Console has access to this path, you'll be able to add the package. If the package is on a network share, you can browse to the location using File Explorer by doing these steps:
1. While pressing **Shift**, right-click on the package file 1. While pressing **Shift**, right-click on the package file
@ -102,10 +102,10 @@ If you install the App-V 5.0 SP1 Management Server, and then try to upgrade to A
where “AppVManagement” is the name of the database. where “AppVManagement” is the name of the database.
## Users cannot open a package in a user-published connection group if you add or remove an optional package ## Users can't open a package in a user-published connection group if you add or remove an optional package
In environments that are running the RDS Client or that have multiple concurrent users per computer, logged-in users cannot open applications in packages that are in a user-published connection group if an optional package is added to or removed from the connection group. In environments that are running the RDS Client or that have multiple concurrent users per computer, logged-in users can't open applications in packages that are in a user-published connection group if an optional package is added to or removed from the connection group.
**Workaround**: Have users log out and then log back in. **Workaround**: Have users sign out and then log back in.
## Error message is erroneously displayed when the connection group is published only to the user ## Error message is erroneously displayed when the connection group is published only to the user
When you run Repair-AppvClientConnectionGroup, the following error is displayed, even when the connection group is published only to the user: “Internal App-V Integration error: Package not integrated for the user. Ensure that the package is added to the machine and published to the user.” When you run Repair-AppvClientConnectionGroup, the following error is displayed, even when the connection group is published only to the user: “Internal App-V Integration error: Package not integrated for the user. Ensure that the package is added to the machine and published to the user.”
@ -114,7 +114,7 @@ When you run Repair-AppvClientConnectionGroup, the following error is displayed,
- Publish all packages in a connection group. - Publish all packages in a connection group.
The problem arises when the connection group being repaired has packages that are missing or not available to the user (that is, not published globally or to the user). However, the repair will work if all of the connection groups packages are available, so ensure that all packages are published. The problem arises when the connection group being repaired has packages that are missing or not available to the user (that is, not published globally or to the user). However, the repair works if all of the connection groups packages are available, so ensure that all packages are published.
- Repair packages individually using the Repair-AppvClientPackage command rather than the Repair-AppvClientConnectionGroup command. - Repair packages individually using the Repair-AppvClientPackage command rather than the Repair-AppvClientConnectionGroup command.
@ -128,22 +128,22 @@ When you run Repair-AppvClientConnectionGroup, the following error is displayed,
## Icons not displayed properly in Sequencer ## Icons not displayed properly in Sequencer
Icons in the Shortcuts and File Type Associations tab are not displayed correctly when modifying a package in the App-V Sequencer. This problem occurs when the size of the icons is not 16x16 or 32x32. Icons in the Shortcuts and File Type Associations tab aren't displayed correctly when modifying a package in the App-V Sequencer. This problem occurs when the size of the icons isn't 16x16 or 32x32.
**Workaround**: Only use icons that are 16x16 or 32x32. **Workaround**: Only use icons that are 16x16 or 32x32.
## InsertVersionInfo.sql script no longer required for the Management Database ## InsertVersionInfo.sql script no longer required for the Management Database
The InsertVersionInfo.sql script is not required for versions of the App-V management database later than App-V 5.0 SP3. The InsertVersionInfo.sql script isn't required for versions of the App-V management database later than App-V 5.0 SP3.
## Microsoft Visual Studio 2012 not supported ## Microsoft Visual Studio 2012 not supported
App-V doesn't support Visual Studio 2012. App-V doesn't support Visual Studio 2012.
**Workaround**: Use a newer version of Microsoft Visual Studio. **Workaround**: Use a newer version of Microsoft Visual Studio.
Currently, Visual Studio 2012 doesn't support app virtualization, whether using Microsoft App-V or third party solutions such as VMWare ThinApp. While it is possible you might find that Visual Studio works well enough for your purposes when running within one of these environments, we are unable to address any bugs or issues found when running in a virtualized environment at this time. Currently, Visual Studio 2012 doesn't support app virtualization, whether using Microsoft App-V or third party solutions such as VMware ThinApp. While it's possible you might find that Visual Studio works well for your purposes when running within one of these environments, we're unable to address any bugs or issues found when running in a virtualized environment at this time.
## Application filename restrictions for App-V Sequencer ## Application filename restrictions for App-V Sequencer
The App-V Sequencer cannot sequence applications with filenames matching "CO_&lt;x&gt;" where x is any numeral. Error 0x8007139F will be generated. The App-V Sequencer can't sequence applications with filenames matching "CO_&lt;x&gt;" where x is any numeral. Error 0x8007139F will be generated.
**Workaround**: Use a different filename **Workaround**: Use a different filename
@ -152,9 +152,9 @@ For information that can help with troubleshooting App-V for Windows 10, see:
- [Application Virtualization (App-V): List of Microsoft Support Knowledge Base Articles](https://social.technet.microsoft.com/wiki/contents/articles/14272.app-v-v5-x-list-of-microsoft-support-knowledge-base-articles.aspx) - [Application Virtualization (App-V): List of Microsoft Support Knowledge Base Articles](https://social.technet.microsoft.com/wiki/contents/articles/14272.app-v-v5-x-list-of-microsoft-support-knowledge-base-articles.aspx)
- [The Official Microsoft App-V Team Blog](/archive/blogs/appv/) - [The Official Microsoft App-V Team Blog](/archive/blogs/appv/)
- [Technical Reference for App-V](./appv-technical-reference.md) - [Technical Reference for App-V](./appv-technical-reference.md)
- [App-V TechNet Forum](https://social.technet.microsoft.com/forums/en-us/home?forum=mdopappv) - [App-V TechNet Forum](https://social.technet.microsoft.com/forums/en-us/home?forum=mdopappv) <!-- locale required by target site :( -->
<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). <br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). <!-- locale required by target site :( -->
<a href="https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md" class="button big">Help us to improve</a> <a href="https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md" class="button big">Help us to improve</a>

6
windows/application-management/apps-in-windows-10.md
View File

@ -71,9 +71,9 @@ There are different types of apps that can run on your Windows client devices. T
Using an MDM provider, you can create shortcuts to your web apps and progressive web apps on devices. Using an MDM provider, you can create shortcuts to your web apps and progressive web apps on devices.
## Android apps ## Android&trade; apps
Starting with Windows 11, users in the [Windows Insider program](https://insider.windows.com/) can use the Microsoft Store to search, download, and install Android apps. This feature uses the Windows Subsystem for Android, and allows users to interact with Android apps, just like others apps installed from the Microsoft Store. Starting with Windows 11, users in the [Windows Insider program](https://insider.windows.com/) can use the Microsoft Store to search, download, and install Android&trade; apps. This feature uses the Windows Subsystem for Android, and allows users to interact with Android apps, just like others apps installed from the Microsoft Store.
For more information, see: For more information, see:
@ -85,7 +85,7 @@ For more information, see:
When your apps are ready, you can add or deploy these apps to your Windows devices. This section lists some common options. When your apps are ready, you can add or deploy these apps to your Windows devices. This section lists some common options.
> [!NOTE] > [!NOTE]
> Microsoft Store for Business and Microsoft Store for Education will be retired on March 31, 2023. Customers may continue to use the current capabilities for free apps until that time. There will be no support for Microsoft Store for Business and Education for Windows 11. > The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. Customers may continue to use the current capabilities for free apps until that time. There will be no support for Microsoft Store for Business and Education for Windows 11.
>Visit [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution) for more information about the new Microsoft Store experience for both Windows 11 and Windows 10, and learn about other options for getting and managing apps. >Visit [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution) for more information about the new Microsoft Store experience for both Windows 11 and Windows 10, and learn about other options for getting and managing apps.
- **Manually install**: On your devices, users can install apps from the Microsoft Store, from the internet, and from an organization shared drive. These apps, and more, are listed in **Settings** > **Apps** > **Apps and Features**. - **Manually install**: On your devices, users can install apps from the Microsoft Store, from the internet, and from an organization shared drive. These apps, and more, are listed in **Settings** > **Apps** > **Apps and Features**.

4
windows/application-management/docfx.json
View File

@ -34,6 +34,7 @@
"externalReference": [], "externalReference": [],
"globalMetadata": { "globalMetadata": {
"recommendations": true, "recommendations": true,
"adobe-target": true,
"breadcrumb_path": "/windows/resources/breadcrumb/toc.json", "breadcrumb_path": "/windows/resources/breadcrumb/toc.json",
"ms.collection": [ "ms.collection": [
"tier2" "tier2"
@ -58,7 +59,8 @@
"claydetels19", "claydetels19",
"jborsecnik", "jborsecnik",
"tiburd", "tiburd",
"garycentric" "garycentric",
"beccarobins"
], ],
"searchScope": ["Windows 10"] "searchScope": ["Windows 10"]
}, },

4
windows/application-management/private-app-repository-mdm-company-portal-windows-11.md
View File

@ -4,7 +4,7 @@ description: Use the Company Portal app in Windows 11 devices to access the priv
author: nicholasswhite author: nicholasswhite
ms.author: nwhite ms.author: nwhite
manager: aaroncz manager: aaroncz
ms.date: 09/15/2021 ms.date: 04/04/2023
ms.topic: article ms.topic: article
ms.prod: windows-client ms.prod: windows-client
ms.technology: itpro-apps ms.technology: itpro-apps
@ -59,7 +59,7 @@ To install the Company Portal app, you have some options:
For more information, see: For more information, see:
- [Endpoint Management at Microsoft](/mem/endpoint-manager-overview) - [Endpoint Management at Microsoft](/mem/endpoint-manager-overview)
- [Add Microsoft Store apps to Microsoft Intune](/mem/intune/apps/store-apps-windows) - [Add Microsoft Store apps to Microsoft Intune](/mem/intune/apps/store-apps-microsoft)
- [What is co-management?](/mem/configmgr/comanage/overview) - [What is co-management?](/mem/configmgr/comanage/overview)
- [Use the Company Portal app on co-managed devices](/mem/configmgr/comanage/company-portal) - [Use the Company Portal app on co-managed devices](/mem/configmgr/comanage/company-portal)

47
windows/client-management/assign-seats.md
View File

@ -1,47 +0,0 @@
---
title: Assign seat
description: The Assign seat operation assigns seat for a specified user in the Microsoft Store for Business.
ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
ms.prod: windows-client
ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 09/18/2017
---
# Assign seat
The **Assign seat** operation assigns seat for a specified user in the Microsoft Store for Business.
## Request
**POST:**
```http
https://bspmts.mp.microsoft.com/V1/Inventory/{productId}/{skuId}/Seats/{username}
```
### URI parameters
The following parameters may be specified in the request URI.
|Parameter|Type|Description|
|--- |--- |--- |
|productId|string|Required. Product identifier for an application that is used by the Store for Business.|
|skuId|string|Required. Product identifier that specifies a specific SKU of an application.|
|username|string|Requires UserPrincipalName (UPN). User name of the target user account.|
## Response
### Response body
The response body contains [SeatDetails](data-structures-windows-store-for-business.md#seatdetails).
|Error code|Description|Retry|Data field|Details|
|--- |--- |--- |--- |--- |
|400|Invalid parameters|No|Parameter name <br>Reason: Invalid parameter<br>Details: String|Invalid can include productId, skuId or userName|
|404|Not found||Item type: Inventory, User, Seat<br> <br>Values: ProductId/SkuId, UserName, ProductId/SkuId/UserName|ItemType: Inventory User Seat<br> <br>Values: ProductId/SkuId UserName ProductId/SkuId/UserName|
|409|Conflict||Reason: Not online||

48
windows/client-management/bulk-assign-and-reclaim-seats-from-user.md
View File

@ -1,48 +0,0 @@
---
title: Bulk assign and reclaim seats from users
description: The Bulk assign and reclaim seats from users operation returns reclaimed or assigned seats in the Microsoft Store for Business.
ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
ms.prod: windows-client
ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 09/18/2017
---
# Bulk assign and reclaim seats from users
The **Bulk assign and reclaim seats from users** operation returns reclaimed or assigned seats in the Microsoft Store for Business.
## Request
**POST**:
```http
https:<span></span>//bspmts.mp.microsoft.com/V1/Inventory/{productId}/{skuId}/Seats
```
### URI parameters
The following parameters may be specified in the request URI.
|Parameter|Type|Description|
|--- |--- |--- |
|productId|string|Required. Product identifier for an application that is used by the Store for Business.|
|skuId|string|Required. Product identifier that specifies a specific SKU of an application.|
|username|string|Requires UserPrincipalName (UPN). User name of the target user account.|
|seatAction|[SeatAction](data-structures-windows-store-for-business.md#seataction) ||
## Response
### Response body
The response body contains [BulkSeatOperationResultSet](data-structures-windows-store-for-business.md#bulkseatoperationresultset).
|Error code|Description|Retry|Data field|
|--- |--- |--- |--- |
|404|Not found||Item type: Inventory<br> Values: ProductId/SkuId|

317
windows/client-management/change-history-for-mdm-documentation.md
View File

@ -1,317 +0,0 @@
---
title: Change history for MDM documentation
description: This article lists new and updated articles for Mobile Device Management.
author: vinaypamnani-msft
ms.author: vinpa
ms.reviewer:
manager: aaroncz
ms.topic: article
ms.prod: windows-client
ms.technology: itpro-manage
ms.localizationpriority: medium
ms.date: 11/06/2020
---
# Change history for Mobile Device Management documentation
As of November 2020 This page will no longer be updated. This article lists new and updated articles for the Mobile Device Management (MDM) documentation. Updated articles are those articles that had content addition, removal, or corrections—minor fixes, such as correction of typos, style, or formatting issues aren't listed.
## November 2020
|New or updated article | Description|
|--- | ---|
| [Policy CSP](mdm/policy-configuration-service-provider.md) | Added the following new policy:<br>- [Multitasking/BrowserAltTabBlowout](mdm/policy-csp-multitasking.md#browseralttabblowout) |
| [SurfaceHub CSP](mdm/surfacehub-csp.md) | Added the following new node:<br>-Properties/SleepMode |
## October 2020
|New or updated article | Description|
|--- | ---|
| [Policy CSP](mdm/policy-configuration-service-provider.md) | Added the following new policies<br>- [Experience/DisableCloudOptimizedContent](mdm/policy-csp-experience.md#disablecloudoptimizedcontent)<br>- [LocalUsersAndGroups/Configure](mdm/policy-csp-localusersandgroups.md#configure)<br>- [MixedReality/AADGroupMembershipCacheValidityInDays](mdm/policy-csp-mixedreality.md#aadgroupmembershipcachevalidityindays)<br>- [MixedReality/BrightnessButtonDisabled](mdm/policy-csp-mixedreality.md#brightnessbuttondisabled)<br>- [MixedReality/FallbackDiagnostics](mdm/policy-csp-mixedreality.md#fallbackdiagnostics)<br>- [MixedReality/MicrophoneDisabled](mdm/policy-csp-mixedreality.md#microphonedisabled)<br>- [MixedReality/VolumeButtonDisabled](mdm/policy-csp-mixedreality.md#volumebuttondisabled)<br>- [Update/DisableWUfBSafeguards](mdm/policy-csp-update.md#disablewufbsafeguards)<br>- [WindowsSandbox/AllowAudioInput](mdm/policy-csp-windowssandbox.md#allowaudioinput)<br>- [WindowsSandbox/AllowClipboardRedirection](mdm/policy-csp-windowssandbox.md#allowclipboardredirection)<br>- [WindowsSandbox/AllowNetworking](mdm/policy-csp-windowssandbox.md#allownetworking)<br>- [WindowsSandbox/AllowPrinterRedirection](mdm/policy-csp-windowssandbox.md#allowprinterredirection)<br>- [WindowsSandbox/AllowVGPU](mdm/policy-csp-windowssandbox.md#allowvgpu)<br>- [WindowsSandbox/AllowVideoInput](mdm/policy-csp-windowssandbox.md#allowvideoinput) |
## September 2020
|New or updated article | Description|
|--- | ---|
|[NetworkQoSPolicy CSP](mdm/networkqospolicy-csp.md)|Updated support information of the NetworkQoSPolicy CSP.|
|[Policy CSP - LocalPoliciesSecurityOptions](mdm/policy-csp-localpoliciessecurityoptions.md)|Removed the following unsupported LocalPoliciesSecurityOptions policy settings from the documentation:<br>- RecoveryConsole_AllowAutomaticAdministrativeLogon <br>- DomainMember_DigitallyEncryptOrSignSecureChannelDataAlways<br>- DomainMember_DigitallyEncryptSecureChannelDataWhenPossible<br>- DomainMember_DisableMachineAccountPasswordChanges<br>- SystemObjects_RequireCaseInsensitivityForNonWindowsSubsystems<br>|
## August 2020
|New or updated article | Description|
|--- | ---|
|[Policy CSP - System](mdm/policy-csp-system.md)|Removed the following policy settings:<br> - System/AllowDesktopAnalyticsProcessing <br>- System/AllowMicrosoftManagedDesktopProcessing <br> - System/AllowUpdateComplianceProcessing<br> - System/AllowWUfBCloudProcessing <br>|
## July 2020
|New or updated article | Description|
|--- | ---|
|[Policy CSP - System](mdm/policy-csp-system.md)|Added the following new policy settings:<br> - System/AllowDesktopAnalyticsProcessing <br>- System/AllowMicrosoftManagedDesktopProcessing <br> - System/AllowUpdateComplianceProcessing<br> - System/AllowWUfBCloudProcessing <br> <br><br>Updated the following policy setting:<br>- <a href="mdm/policy-csp-system.md#allowcommercialdatapipeline" id="system-allowcommercialdatapipeline">System/AllowCommercialDataPipeline</a> <br>|
## June 2020
|New or updated article | Description|
|--- | ---|
|[BitLocker CSP](mdm/bitlocker-csp.md)|Added SKU support table for **AllowStandardUserEncryption**.|
|[Policy CSP - NetworkIsolation](mdm/policy-csp-networkisolation.md)|Updated the description from Boolean to Integer for the following policy settings:<br>EnterpriseIPRangesAreAuthoritative, EnterpriseProxyServersAreAuthoritative.|
## May 2020
|New or updated article | Description|
|--- | ---|
|[BitLocker CSP](mdm/bitlocker-csp.md)|Added the bitmask table for the Status/DeviceEncryptionStatus node.|
|[Policy CSP - RestrictedGroups](mdm/policy-csp-restrictedgroups.md)| Updated the topic with more details. Added policy timeline table.
## February 2020
|New or updated article | Description|
|--- | ---|
|[CertificateStore CSP](mdm/certificatestore-csp.md)<br>[ClientCertificateInstall CSP](mdm/clientcertificateinstall-csp.md)|Added details about SubjectName value.|
## January 2020
|New or updated article | Description|
|--- | ---|
|[Policy CSP - Defender](mdm/policy-csp-defender.md)|Added descriptions for supported actions for Defender/ThreatSeverityDefaultAction.|
## November 2019
|New or updated article | Description|
|--- | ---|
|[Policy CSP - DeliveryOptimization](mdm/policy-csp-deliveryoptimization.md)|Added option 5 in the supported values list for DeliveryOptimization/DOGroupIdSource.|
|[DiagnosticLog CSP](mdm/diagnosticlog-csp.md)|Added substantial updates to this CSP doc.|
## October 2019
|New or updated article | Description|
|--- | ---|
|[BitLocker CSP](mdm/bitlocker-csp.md)|Added the following new nodes:<br>ConfigureRecoveryPasswordRotation, RotateRecoveryPasswords, RotateRecoveryPasswordsStatus, RotateRecoveryPasswordsRequestID.|
|[Defender CSP](mdm/defender-csp.md)|Added the following new nodes:<br>Health/TamperProtectionEnabled, Health/IsVirtualMachine, Configuration, Configuration/TamperProtection, Configuration/EnableFileHashComputation.|
## September 2019
|New or updated article | Description|
|--- | ---|
|[EnterpriseModernAppManagement CSP](mdm/enterprisemodernappmanagement-csp.md)|Added the following new node:<br>IsStub.|
|[Policy CSP - Defender](mdm/policy-csp-defender.md)|Updated the supported value list for Defender/ScheduleScanDay policy.|
|[Policy CSP - DeviceInstallation](mdm/policy-csp-deviceinstallation.md)|Added the following new policies: <br>DeviceInstallation/AllowInstallationOfMatchingDeviceInstanceIDs, DeviceInstallation/PreventInstallationOfMatchingDeviceInstanceIDs.|
## August 2019
|New or updated article | Description|
|--- | ---|
|[DiagnosticLog CSP](mdm/diagnosticlog-csp.md)<br>[DiagnosticLog DDF](mdm/diagnosticlog-ddf.md)|Added version 1.4 of the CSP in Windows 10, version 1903. Added the new 1.4 version of the DDF. Added the following new nodes:<br>Policy, Policy/Channels, Policy/Channels/ChannelName, Policy/Channels/ChannelName/MaximumFileSize, Policy/Channels/ChannelName/SDDL, Policy/Channels/ChannelName/ActionWhenFull, Policy/Channels/ChannelName/Enabled, DiagnosticArchive, DiagnosticArchive/ArchiveDefinition, DiagnosticArchive/ArchiveResults.|
|[Enroll a Windows 10 device automatically using Group Policy](enroll-a-windows-10-device-automatically-using-group-policy.md)|Enhanced the article to include more reference links and the following two topics:<br>Verify auto-enrollment requirements and settings, Troubleshoot auto-enrollment of devices.|
## July 2019
|New or updated article | Description|
|--- | ---|
|[Policy CSP](mdm/policy-configuration-service-provider.md)|Added the following list:<br>Policies supported by HoloLens 2|
|[ApplicationControl CSP](mdm/applicationcontrol-csp.md)|Added new CSP in Windows 10, version 1903.|
|[PassportForWork CSP](mdm/passportforwork-csp.md)|Added the following new nodes in Windows 10, version 1903:<br>SecurityKey, SecurityKey/UseSecurityKeyForSignin|
|[Policy CSP - Privacy](mdm/policy-csp-privacy.md)|Added the following new policies:<br>LetAppsActivateWithVoice, LetAppsActivateWithVoiceAboveLock|
|Create a custom configuration service provider|Deleted the following documents from the CSP reference because extensibility via CSPs isn't currently supported:<br>Create a custom configuration service provider<br>Design a custom configuration service provider<br>IConfigServiceProvider2<br>IConfigServiceProvider2::ConfigManagerNotification<br>IConfigServiceProvider2::GetNode<br>ICSPNode<br>ICSPNode::Add<br>ICSPNode::Clear<br>ICSPNode::Copy<br>ICSPNode::DeleteChild<br>ICSPNode::DeleteProperty<br>ICSPNode::Execute<br>ICSPNode::GetChildNodeNames<br>ICSPNode::GetProperty<br>ICSPNode::GetPropertyIdentifiers<br>ICSPNode::GetValue<br>ICSPNode::Move<br>ICSPNode::SetProperty<br>ICSPNode::SetValue<br>ICSPNodeTransactioning<br>ICSPValidate<br>Samples for writing a custom configuration service provider.|
## June 2019
|New or updated article | Description|
|--- | ---|
|[Policy CSP - DeviceHealthMonitoring](mdm/policy-csp-devicehealthmonitoring.md)|Added the following new policies:<br>AllowDeviceHealthMonitoring, ConfigDeviceHealthMonitoringScope, ConfigDeviceHealthMonitoringUploadDestination.|
|[Policy CSP - TimeLanguageSettings](mdm/policy-csp-timelanguagesettings.md)|Added the following new policy:<br>ConfigureTimeZone.|
## May 2019
|New or updated article | Description|
|--- | ---|
|[DeviceStatus CSP](mdm/devicestatus-csp.md)|Updated description of the following nodes:<br>DeviceStatus/Antivirus/SignatureStatus, DeviceStatus/Antispyware/SignatureStatus.|
|[EnrollmentStatusTracking CSP](mdm/enrollmentstatustracking-csp.md)|Added new CSP in Windows 10, version 1903.|
|[Policy CSP - DeliveryOptimization](mdm/policy-csp-deliveryoptimization.md)|Added the following new policies:<br> DODelayCacheServerFallbackBackground, DODelayCacheServerFallbackForeground.<br><br>Updated description of the following policies:<br>DOMinRAMAllowedToPeer, DOMinFileSizeToCache, DOMinDiskSizeAllowedToPeer.|
|[Policy CSP - Experience](mdm/policy-csp-experience.md)|Added the following new policy:<br>ShowLockOnUserTile.|
|[Policy CSP - InternetExplorer](mdm/policy-csp-internetexplorer.md)|Added the following new policies:<br>AllowEnhancedSuggestionsInAddressBar, DisableActiveXVersionListAutoDownload, DisableCompatView, DisableFeedsBackgroundSync, DisableGeolocation, DisableWebAddressAutoComplete, NewTabDefaultPage.|
|[Policy CSP - Power](mdm/policy-csp-power.md)|Added the following new policies:<br>EnergySaverBatteryThresholdOnBattery, EnergySaverBatteryThresholdPluggedIn, SelectLidCloseActionOnBattery, SelectLidCloseActionPluggedIn, SelectPowerButtonActionOnBattery, SelectPowerButtonActionPluggedIn, SelectSleepButtonActionOnBattery, SelectSleepButtonActionPluggedIn, TurnOffHybridSleepOnBattery, TurnOffHybridSleepPluggedIn, UnattendedSleepTimeoutOnBattery, UnattendedSleepTimeoutPluggedIn.|
|[Policy CSP - Search](mdm/policy-csp-search.md)|Added the following new policy:<br>AllowFindMyFiles.|
|[Policy CSP - ServiceControlManager](mdm/policy-csp-servicecontrolmanager.md)|Added the following new policy:<br>SvchostProcessMitigation.|
|[Policy CSP - System](mdm/policy-csp-system.md)|Added the following new policies:<br>AllowCommercialDataPipeline, TurnOffFileHistory.|
|[Policy CSP - Troubleshooting](mdm/policy-csp-troubleshooting.md)|Added the following new policy:<br>AllowRecommendations.|
|[Policy CSP - Update](mdm/policy-csp-update.md)|Added the following new policies:<br>AutomaticMaintenanceWakeUp, ConfigureDeadlineForFeatureUpdates, ConfigureDeadlineForQualityUpdates, ConfigureDeadlineGracePeriod, ConfigureDeadlineNoAutoReboot.|
|[Policy CSP - WindowsLogon](mdm/policy-csp-windowslogon.md)|Added the following new policies:<br>AllowAutomaticRestartSignOn, ConfigAutomaticRestartSignOn, EnableFirstLogonAnimation.<br><br>Removed the following policy:<br>SignInLastInteractiveUserAutomaticallyAfterASystemInitiatedRestart. This policy is replaced by AllowAutomaticRestartSignOn.|
## April 2019
| New or updated article | Description |
|-------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| [Win32 and Desktop Bridge app policy configuration](win32-and-centennial-app-policy-configuration.md) | Added the following warning at the end of the Overview section:<br>Some operating system components have built in functionality to check devices for domain membership. MDM enforces the configured policy values only if the devices are domain joined, otherwise it doesn't. However, you can still import ADMX files and set ADMX-backed policies regardless of whether the device is domain joined or non-domain joined. |
| [Policy CSP - UserRights](mdm/policy-csp-userrights.md) | Added a note stating if you use Intune custom profiles to assign UserRights policies, you must use the CDATA tag (<![CDATA[...]]>) to wrap the data fields. |
## March 2019
|New or updated article | Description|
|--- | ---|
|[Policy CSP - Storage](mdm/policy-csp-storage.md)|Updated ADMX Info of the following policies:<br>AllowStorageSenseGlobal, AllowStorageSenseTemporaryFilesCleanup, ConfigStorageSenseCloudContentDehydrationThreshold, ConfigStorageSenseDownloadsCleanupThreshold, ConfigStorageSenseGlobalCadence, ConfigStorageSenseRecycleBinCleanupThreshold. <br><br>Updated description of ConfigStorageSenseDownloadsCleanupThreshold.|
## February 2019
|New or updated article | Description|
|--- | ---|
|[Policy CSP](mdm/policy-configuration-service-provider.md)|Updated supported policies for Holographic.|
## January 2019
|New or updated article | Description|
|--- | ---|
|[Policy CSP - Storage](mdm/policy-csp-storage.md)|Added the following new policies: AllowStorageSenseGlobal, ConfigStorageSenseGlobalCadence, AllowStorageSenseTemporaryFilesCleanup, ConfigStorageSenseRecycleBinCleanupThreshold, ConfigStorageSenseDownloadsCleanupThreshold, and ConfigStorageSenseCloudContentCleanupThreshold.|
|[SharedPC CSP](mdm/sharedpc-csp.md)|Updated values and supported operations.|
|[Mobile device management](mdm/index.yml)|Updated information about MDM Security Baseline.|
## December 2018
|New or updated article | Description|
|--- | ---|
|[BitLocker CSP](mdm/bitlocker-csp.md)|Updated AllowWarningForOtherDiskEncryption policy description to describe silent and non-silent encryption scenarios, as well as where and how the recovery key is backed up for each scenario.|
## September 2018
|New or updated article | Description|
|--- | ---|
|[Policy CSP - DeviceGuard](mdm/policy-csp-deviceguard.md) | Updated ConfigureSystemGuardLaunch policy and replaced EnableSystemGuard with it.|
## August 2018
|New or updated article|Description|
|--- |--- |
|[BitLocker CSP](mdm/bitlocker-csp.md)|Added support for Windows 10 Pro starting in the version 1809.|
|[Office CSP](mdm/office-csp.md)|Added FinalStatus setting in Windows 10, version 1809.|
|[RemoteWipe CSP](mdm/remotewipe-csp.md)|Added new settings in Windows 10, version 1809.|
|[TenantLockdown CSP](mdm/tenantlockdown-csp.md)|Added new CSP in Windows 10, version 1809.|
|[WindowsDefenderApplicationGuard CSP](mdm/windowsdefenderapplicationguard-csp.md)|Added new settings in Windows 10, version 1809.|
|[Policy DDF file](mdm/configuration-service-provider-ddf.md)|Posted an updated version of the Policy DDF for Windows 10, version 1809.|
|[Policy CSP](mdm/policy-configuration-service-provider.md)|Added the following new policies in Windows 10, version 1809:<li>Browser/AllowFullScreenMode<li>Browser/AllowPrelaunch<li>Browser/AllowPrinting<li>Browser/AllowSavingHistory<li>Browser/AllowSideloadingOfExtensions<li>Browser/AllowTabPreloading<li>Browser/AllowWebContentOnNewTabPage<li>Browser/ConfigureFavoritesBar<li>Browser/ConfigureHomeButton<li>Browser/ConfigureKioskMode<li>Browser/ConfigureKioskResetAfterIdleTimeout<li>Browser/ConfigureOpenMicrosoftEdgeWith<li>Browser/ConfigureTelemetryForMicrosoft365Analytics<li>Browser/PreventCertErrorOverrides<li>Browser/SetHomeButtonURL<li>Browser/SetNewTabPageURL<li>Browser/UnlockHomeButton<li>Experience/DoNotSyncBrowserSettings<li>Experience/PreventUsersFromTurningOnBrowserSyncing<li>Kerberos/UPNNameHints<li>Privacy/AllowCrossDeviceClipboard<li>Privacy<li>DisablePrivacyExperience<li>Privacy/UploadUserActivities<li>System/AllowDeviceNameInDiagnosticData<li>System/ConfigureMicrosoft365UploadEndpoint<li>System/DisableDeviceDelete<li>System/DisableDiagnosticDataViewer<li>Storage/RemovableDiskDenyWriteAccess<li>Update/UpdateNotificationLevel<br/><br/>Start/DisableContextMenus - added in Windows 10, version 1803.<br/><br/>RestrictedGroups/ConfigureGroupMembership - added new schema to apply and retrieve the policy.|
## July 2018
|New or updated article|Description|
|--- |--- |
|[AssignedAccess CSP](mdm/assignedaccess-csp.md)|Added the following note:<br/><br/>You can only assign one single app kiosk profile to an individual user account on a device. The single app profile doesn't support domain groups.|
|[PassportForWork CSP](mdm/passportforwork-csp.md)|Added new settings in Windows 10, version 1809.|
|[EnterpriseModernAppManagement CSP](mdm/enterprisemodernappmanagement-csp.md)|Added NonRemovable setting under AppManagement node in Windows 10, version 1809.|
|[Win32CompatibilityAppraiser CSP](mdm/win32compatibilityappraiser-csp.md)|Added new configuration service provider in Windows 10, version 1809.|
|[WindowsLicensing CSP](mdm/windowslicensing-csp.md)|Added S mode settings and SyncML examples in Windows 10, version 1809.|
|[SUPL CSP](mdm/supl-csp.md)|Added three new certificate nodes in Windows 10, version 1809.|
|[Defender CSP](mdm/defender-csp.md)|Added a new node Health/ProductStatus in Windows 10, version 1809.|
|[BitLocker CSP](mdm/bitlocker-csp.md)|Added a new node AllowStandardUserEncryption in Windows 10, version 1809.|
|[DevDetail CSP](mdm/devdetail-csp.md)|Added a new node SMBIOSSerialNumber in Windows 10, version 1809.|
|[Policy CSP](mdm/policy-configuration-service-provider.md)|Added the following new policies in Windows 10, version 1809:<li>ApplicationManagement/LaunchAppAfterLogOn<li>ApplicationManagement/ScheduleForceRestartForUpdateFailures <li>Authentication/EnableFastFirstSignIn (Preview mode only)<li>Authentication/EnableWebSignIn (Preview mode only)<li>Authentication/PreferredAadTenantDomainName<li>Defender/CheckForSignaturesBeforeRunningScan<li>Defender/DisableCatchupFullScan <li>Defender/DisableCatchupQuickScan <li>Defender/EnableLowCPUPriority<li>Defender/SignatureUpdateFallbackOrder<li>Defender/SignatureUpdateFileSharesSources<li>DeviceGuard/ConfigureSystemGuardLaunch<li>DeviceInstallation/AllowInstallationOfMatchingDeviceIDs<li>DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses<li>DeviceInstallation/PreventDeviceMetadataFromNetwork<li>DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings<li>DmaGuard/DeviceEnumerationPolicy<li>Experience/AllowClipboardHistory<li>Security/RecoveryEnvironmentAuthentication<li>TaskManager/AllowEndTask<li>WindowsDefenderSecurityCenter/DisableClearTpmButton<li>WindowsDefenderSecurityCenter/DisableTpmFirmwareUpdateWarning<li>WindowsDefenderSecurityCenter/HideWindowsSecurityNotificationAreaControl<li>WindowsLogon/DontDisplayNetworkSelectionUI<br/><br/>Recent changes:<li>DataUsage/SetCost3G - deprecated in Windows 10, version 1809.|
## June 2018
|New or updated article|Description|
|--- |--- |
|[Wifi CSP](mdm/wifi-csp.md)|Added a new node WifiCost in Windows 10, version 1809.|
|[Diagnose MDM failures in Windows 10](diagnose-mdm-failures-in-windows-10.md)|Recent changes:<li>Added procedure for collecting logs remotely from Windows 10 Holographic.<li>Added procedure for downloading the MDM Diagnostic Information log.|
|[BitLocker CSP](mdm/bitlocker-csp.md)|Added new node AllowStandardUserEncryption in Windows 10, version 1809.|
|[Policy CSP](mdm/policy-configuration-service-provider.md)|Recent changes:<li>AccountPoliciesAccountLockoutPolicy<li>AccountLockoutDuration - removed from docs. Not supported.<li>AccountPoliciesAccountLockoutPolicy/AccountLockoutThreshold - removed from docs. Not supported.<li>AccountPoliciesAccountLockoutPolicy/ResetAccountLockoutCounterAfter - removed from docs. Not supported.<li>LocalPoliciesSecurityOptions/NetworkAccess_LetEveryonePermissionsApplyToAnonymousUsers - removed from docs. Not supported.<li>System/AllowFontProviders isn't supported in HoloLens (first gen) Commercial Suite.<li>Security/RequireDeviceEncryption is supported in the Home SKU.<li>Start/StartLayout - added a table of SKU support information.<li>Start/ImportEdgeAssets - added a table of SKU support information.<br/><br/>Added the following new policies in Windows 10, version 1809:<li>Update/EngagedRestartDeadlineForFeatureUpdates<li>Update/EngagedRestartSnoozeScheduleForFeatureUpdates<li>Update/EngagedRestartTransitionScheduleForFeatureUpdates<li>Update/SetDisablePauseUXAccess<li>Update/SetDisableUXWUAccess|
|[WiredNetwork CSP](mdm/wirednetwork-csp.md)|New CSP added in Windows 10, version 1809.|
## May 2018
|New or updated article|Description|
|--- |--- |
|[Policy DDF file](mdm/configuration-service-provider-ddf.md)|Updated the DDF files in the Windows 10 version 1703 and 1709.<li>[Download the Policy DDF file for Windows 10, version 1709](https://download.microsoft.com/download/8/C/4/8C43C116-62CB-470B-9B69-76A3E2BC32A8/PolicyDDF_all.xml)<li>[Download the Policy DDF file for Windows 10, version 1703](https://download.microsoft.com/download/7/2/C/72C36C37-20F9-41BF-8E23-721F6FFC253E/PolicyDDF_all.xml)|
## April 2018
|New or updated article|Description|
|--- |--- |
|[WindowsDefenderApplicationGuard CSP](mdm/windowsdefenderapplicationguard-csp.md)|Added the following node in Windows 10, version 1803:<li>Settings/AllowVirtualGPU<li>Settings/SaveFilesToHost|
|[NetworkProxy CSP](mdm/networkproxy-csp.md)|Added the following node in Windows 10, version 1803:<li>ProxySettingsPerUser|
|[Accounts CSP](mdm/accounts-csp.md)|Added a new CSP in Windows 10, version 1803.|
|[CSP DDF files download](mdm/configuration-service-provider-ddf.md)|Added the DDF download of Windows 10, version 1803 configuration service providers.|
|[Policy CSP](mdm/policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1803:<li>Bluetooth/AllowPromptedProximalConnections<li>KioskBrowser/EnableEndSessionButton<li>LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AddRemoteServerExceptionsForNTLMAuthentication<li>LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AuditIncomingNTLMTraffic<li>LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_IncomingNTLMTraffic<li>LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_OutgoingNTLMTrafficToRemoteServers|
## March 2018
|New or updated article|Description|
|--- |--- |
|[eUICCs CSP](mdm/euiccs-csp.md)|Added the following node in Windows 10, version 1803:<li>IsEnabled|
|[DeviceStatus CSP](mdm/devicestatus-csp.md)|Added the following node in Windows 10, version 1803:<li>OS/Mode|
|[Understanding ADMX-backed policies](understanding-admx-backed-policies.md)|Added the following videos:<li>[How to create a custom xml to enable an ADMX-backed policy and deploy the XML in Intune](https://www.microsoft.com/showcase/video.aspx?uuid=bdc9b54b-11b0-4bdb-a022-c339d16e7121)<li>[How to import a custom ADMX file to a device using Intune](https://www.microsoft.com/showcase/video.aspx?uuid=a59888b1-429f-4a49-8570-c39a143d9a73)|
|[AccountManagement CSP](mdm/accountmanagement-csp.md)|Added a new CSP in Windows 10, version 1803.|
|[RootCATrustedCertificates CSP](mdm/rootcacertificates-csp.md)|Added the following node in Windows 10, version 1803:<li>UntrustedCertificates|
|[Policy CSP](mdm/policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1803:<li>ApplicationDefaults/EnableAppUriHandlers<li>ApplicationManagement/MSIAllowUserControlOverInstall<li>ApplicationManagement/MSIAlwaysInstallWithElevatedPrivileges<li>Connectivity/AllowPhonePCLinking<li>Notifications/DisallowCloudNotification<li>Notifications/DisallowTileNotification<li>RestrictedGroups/ConfigureGroupMembership<br/><br/>The following existing policies were updated:<li>Browser/AllowCookies - updated the supported values. There are three values - 0, 1, 2.<li>InternetExplorer/AllowSiteToZoneAssignmentList - updated the description and added an example SyncML<li>TextInput/AllowIMENetworkAccess - introduced new suggestion services in Japanese IME in addition to cloud suggestion.<br/><br/>Added a new section:<li>[[Policies in Policy CSP supported by Group Policy](mdm/policies-in-policy-csp-supported-by-group-policy.md) - list of policies in Policy CSP that has corresponding Group Policy. The policy description contains the GP information, such as GP policy name and variable name.|
|[Policy CSP - Bluetooth](mdm/policy-csp-bluetooth.md)|Added new section [ServicesAllowedList usage guide](mdm/policy-csp-bluetooth.md#servicesallowedlist-usage-guide).|
|[MultiSIM CSP](mdm/multisim-csp.md)|Added SyncML examples and updated the settings descriptions.|
|[RemoteWipe CSP](mdm/remotewipe-csp.md)|Reverted back to Windows 10, version 1709. Removed previous draft documentation for version 1803.|
## February 2018
|New or updated article|Description|
|--- |--- |
|[Policy CSP](mdm/policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1803:<li>Display/DisablePerProcessDpiForApps<li>Display/EnablePerProcessDpi<li>Display/EnablePerProcessDpiForApps<li>Experience/AllowWindowsSpotlightOnSettings<li>TextInput/ForceTouchKeyboardDockedState<li>TextInput/TouchKeyboardDictationButtonAvailability<li>TextInput/TouchKeyboardEmojiButtonAvailability<li>TextInput/TouchKeyboardFullModeAvailability<li>TextInput/TouchKeyboardHandwritingModeAvailability<li>TextInput/TouchKeyboardNarrowModeAvailability<li>TextInput/TouchKeyboardSplitModeAvailability<li>TextInput/TouchKeyboardWideModeAvailability|
|[VPNv2 ProfileXML XSD](mdm/vpnv2-profile-xsd.md)|Updated the XSD and Plug-in profile example for VPNv2 CSP.|
|[AssignedAccess CSP](mdm/assignedaccess-csp.md)|Added the following nodes in Windows 10, version 1803:<li>Status<li>ShellLauncher<li>StatusConfiguration<br/><br/>Updated the AssigneAccessConfiguration schema. Starting in Windows 10, version 1803 AssignedAccess CSP is supported in HoloLens (first gen) Commercial Suite. Added example for HoloLens (first gen) Commercial Suite.|
|[MultiSIM CSP](mdm/multisim-csp.md)|Added a new CSP in Windows 10, version 1803.|
|[EnterpriseModernAppManagement CSP](mdm/enterprisemodernappmanagement-csp.md)|Added the following node in Windows 10, version 1803:<li>MaintainProcessorArchitectureOnUpdate|
## January 2018
|New or updated article|Description|
|--- |--- |
|[Policy CSP](mdm/policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1803:<li>Browser/AllowConfigurationUpdateForBooksLibrary<li>Browser/AlwaysEnableBooksLibrary<li>Browser/EnableExtendedBooksTelemetry<li>Browser/UseSharedFolderForBooks<li>DeliveryOptimization/DODelayBackgroundDownloadFromHttp<li>DeliveryOptimization/DODelayForegroundDownloadFromHttp<li>DeliveryOptimization/DOGroupIdSource<li>DeliveryOptimization/DOPercentageMaxBackDownloadBandwidth<li>DeliveryOptimization/DOPercentageMaxForeDownloadBandwidth<li>DeliveryOptimization/DORestrictPeerSelectionBy<li>DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth<li>DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth<li>KioskBrowser/BlockedUrlExceptions<li>KioskBrowser/BlockedUrls<li>KioskBrowser/DefaultURL<li>KioskBrowser/EnableHomeButton<li>KioskBrowser/EnableNavigationButtons<li>KioskBrowser/RestartOnIdleTime<li>LocalPoliciesSecurityOptions/Devices_AllowUndockWithoutHavingToLogon<li>LocalPoliciesSecurityOptions/Devices_AllowedToFormatAndEjectRemovableMedia<li>LocalPoliciesSecurityOptions/Devices_PreventUsersFromInstallingPrinterDriversWhenConnectingToSharedPrinters<li>LocalPoliciesSecurityOptions/Devices_RestrictCDROMAccessToLocallyLoggedOnUserOnly<li>LocalPoliciesSecurityOptions/InteractiveLogon_SmartCardRemovalBehavior<li>LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees<li>LocalPoliciesSecurityOptions/MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers<li>LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsAlways<li>LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsIfClientAgrees<li>LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts<li>LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares<li>LocalPoliciesSecurityOptions/NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares<li>LocalPoliciesSecurityOptions/NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM<li>LocalPoliciesSecurityOptions/NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange<li>LocalPoliciesSecurityOptions/NetworkSecurity_LANManagerAuthenticationLevel<li>LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients<li>LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers<li>LocalPoliciesSecurityOptions/Shutdown_ClearVirtualMemoryPageFile<li>LocalPoliciesSecurityOptions/UserAccountControl_DetectApplicationInstallationsAndPromptForElevation<li>LocalPoliciesSecurityOptions/UserAccountControl_UseAdminApprovalMode<li>RestrictedGroups/ConfigureGroupMembership<li>Search/AllowCortanaInAAD<li>Search/DoNotUseWebResults<li>Security/ConfigureWindowsPasswords<li>System/FeedbackHubAlwaysSaveDiagnosticsLocally<li>SystemServices/ConfigureHomeGroupListenerServiceStartupMode<li>SystemServices/ConfigureHomeGroupProviderServiceStartupMode<li>SystemServices/ConfigureXboxAccessoryManagementServiceStartupMode<li>SystemServices/ConfigureXboxLiveAuthManagerServiceStartupMode<li>SystemServices/ConfigureXboxLiveGameSaveServiceStartupMode<li>SystemServices/ConfigureXboxLiveNetworkingServiceStartupMode<li>TaskScheduler/EnableXboxGameSaveTask<li>TextInput/EnableTouchKeyboardAutoInvokeInDesktopMode<li>Update/ConfigureFeatureUpdateUninstallPeriod<li>UserRights/AccessCredentialManagerAsTrustedCaller<li>UserRights/AccessFromNetwork<li>UserRights/ActAsPartOfTheOperatingSystem<li>UserRights/AllowLocalLogOn<li>UserRights/BackupFilesAndDirectories<li>UserRights/ChangeSystemTime<li>UserRights/CreateGlobalObjects<li>UserRights/CreatePageFile<li>UserRights/CreatePermanentSharedObjects<li>UserRights/CreateSymbolicLinks<li>UserRights/CreateToken<li>UserRights/DebugPrograms<li>UserRights/DenyAccessFromNetwork<li>UserRights/DenyLocalLogOn<li>UserRights/DenyRemoteDesktopServicesLogOn<li>UserRights/EnableDelegation<li>UserRights/GenerateSecurityAudits<li>UserRights/ImpersonateClient<li>UserRights/IncreaseSchedulingPriority<li>UserRights/LoadUnloadDeviceDrivers<li>UserRights/LockMemory<li>UserRights/ManageAuditingAndSecurityLog<li>UserRights/ManageVolume<li>UserRights/ModifyFirmwareEnvironment<li>UserRights/ModifyObjectLabel<li>UserRights/ProfileSingleProcess<li>UserRights/RemoteShutdown<li>UserRights/RestoreFilesAndDirectories<li>UserRights/TakeOwnership<li>WindowsDefenderSecurityCenter/DisableAccountProtectionUI<li>WindowsDefenderSecurityCenter/DisableDeviceSecurityUI<li>WindowsDefenderSecurityCenter/HideRansomwareDataRecovery<li>WindowsDefenderSecurityCenter/HideSecureBoot<li>WindowsDefenderSecurityCenter/HideTPMTroubleshooting<br/><br/>Added the following policies in Windows 10, version 1709<li>DeviceLock/MinimumPasswordAge<li>Settings/AllowOnlineTips<li>System/DisableEnterpriseAuthProxy<br/><br/>Security/RequireDeviceEncryption - updated to show it's supported in desktop.|
|[BitLocker CSP](mdm/bitlocker-csp.md)|Updated the description for AllowWarningForOtherDiskEncryption to describe changes added in Windows 10, version 1803.|
|[EnterpriseModernAppManagement CSP](mdm/enterprisemodernappmanagement-csp.md)|Added new node MaintainProcessorArchitectureOnUpdate in Windows 10, next major update.|
|[DMClient CSP](mdm/dmclient-csp.md)|Added ./User/Vendor/MSFT/DMClient/Provider/[ProviderID]/FirstSyncStatus node. Also added the following nodes in Windows 10, version 1803:<li>AADSendDeviceToken<li>BlockInStatusPage<li>AllowCollectLogsButton<li>CustomErrorText<li>SkipDeviceStatusPage<li>SkipUserStatusPage|
|[Defender CSP](mdm/defender-csp.md)|Added new node (OfflineScan) in Windows 10, version 1803.|
|[UEFI CSP](mdm/uefi-csp.md)|Added a new CSP in Windows 10, version 1803.|
|[Update CSP](mdm/update-csp.md)|Added the following nodes in Windows 10, version 1803:<li>Rollback<li>Rollback/FeatureUpdate<li>Rollback/QualityUpdateStatus<li>Rollback/FeatureUpdateStatus|
## December 2017
|New or updated article|Description|
|--- |--- |
|[Configuration service provider reference](mdm/index.yml)|Added new section [CSP DDF files download](mdm/configuration-service-provider-ddf.md)|
## November 2017
|New or updated article|Description|
|--- |--- |
|[Policy CSP](mdm/policy-configuration-service-provider.md)|Added the following policies for Windows 10, version 1709:<li>Authentication/AllowFidoDeviceSignon<li>Cellular/LetAppsAccessCellularData<li>Cellular/LetAppsAccessCellularData_ForceAllowTheseApps<li>Cellular/LetAppsAccessCellularData_ForceDenyTheseApps<li>Cellular/LetAppsAccessCellularData_UserInControlOfTheseApps<li>Start/HidePeopleBar<li>Storage/EnhancedStorageDevices<li>Update/ManagePreviewBuilds<li>WirelessDisplay/AllowMdnsAdvertisement<li>WirelessDisplay/AllowMdnsDiscovery<br/><br/>Added missing policies from previous releases:<li>Connectivity/DisallowNetworkConnectivityActiveTest<li>Search/AllowWindowsIndexer|
## October 2017
| New or updated article | Description |
| --- | --- |
| [Policy DDF file](mdm/configuration-service-provider-ddf.md) | Updated the DDF content for Windows 10 version 1709. Added a link to the download of Policy DDF for Windows 10, version 1709. |
| [Policy CSP](mdm/policy-configuration-service-provider.md) | Updated the following policies:<br/><br/>- Defender/ControlledFolderAccessAllowedApplications - string separator is `|` <br/>- Defender/ControlledFolderAccessProtectedFolders - string separator is `|` |
| [eUICCs CSP](mdm/euiccs-csp.md) | Added new CSP in Windows 10, version 1709. |
| [AssignedAccess CSP](mdm/assignedaccess-csp.md) | Added SyncML examples for the new Configuration node. |
| [DMClient CSP](mdm/dmclient-csp.md) | Added new nodes to the DMClient CSP in Windows 10, version 1709. Updated the CSP and DDF topics. |
## September 2017
|New or updated article|Description|
|--- |--- |
|[Policy CSP](mdm/policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1709:<li>Authentication/AllowAadPasswordReset<li>Handwriting/PanelDefaultModeDocked<li>Search/AllowCloudSearch<li>System/LimitEnhancedDiagnosticDataWindowsAnalytics<br/><br/>Added new settings to Update/BranchReadinessLevel policy in Windows 10 version 1709.|
|[AssignedAccess CSP](mdm/assignedaccess-csp.md)|Starting in Windows 10, version 1709, AssignedAccess CSP is also supported in Windows 10 Pro.|
|Microsoft Store for Business and Microsoft Store|Windows Store for Business name changed to Microsoft Store for Business. Windows Store name changed to Microsoft Store.|
|The [[MS-MDE2]: Mobile Device Enrollment Protocol Version 2](/openspecs/windows_protocols/ms-mde2/4d7eadd5-3951-4f1c-8159-c39e07cbe692)|The Windows 10 enrollment protocol was updated. The following elements were added to the RequestSecurityToken message:<li>UXInitiated - boolean value that indicates whether the enrollment is user initiated from the Settings page.<li>ExternalMgmtAgentHint - a string the agent uses to give hints the enrollment server may need.<li>DomainName - fully qualified domain name if the device is domain-joined.<br/><br/>For examples, see section 4.3.1 RequestSecurityToken of the MS-MDE2 protocol documentation.|
|[EnterpriseAPN CSP](mdm/enterpriseapn-csp.md)|Added a SyncML example.|
|[VPNv2 CSP](mdm/vpnv2-csp.md)|Added RegisterDNS setting in Windows 10, version 1709.|
|[Enroll a Windows 10 device automatically using Group Policy](enroll-a-windows-10-device-automatically-using-group-policy.md)|Added new topic to introduce a new Group Policy for automatic MDM enrollment.|
|[MDM enrollment of Windows-based devices](mdm-enrollment-of-windows-devices.md)|New features in the Settings app:<li>User sees installation progress of critical policies during MDM enrollment.<li>User knows what policies, profiles, apps MDM has configured<li>IT helpdesk can get detailed MDM diagnostic information using client tools<br/><br/>For details, see [Managing connections](mdm-enrollment-of-windows-devices.md#manage-connections) and [Collecting diagnostic logs](mdm-enrollment-of-windows-devices.md#collecting-diagnostic-logs)|
## August 2017
|New or updated article|Description|
|--- |--- |
|[Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md)|Added new step-by-step guide to enable ADMX-backed policies.|
|[Mobile device enrollment](mobile-device-enrollment.md)|Added the following statement:<br/><br/>Devices that are joined to an on-premises Active Directory can enroll into MDM via the Work access page in Settings. However, the enrollment can only target the user enrolled with user-specific policies. Device targeted policies will continue to impact all users of the device.|
|[CM_CellularEntries CSP](mdm/cm-cellularentries-csp.md)|Updated the description of the PuposeGroups node to add the GUID for applications. This node is required instead of optional.|
|[EnterpriseDataProtection CSP](mdm/enterprisedataprotection-csp.md)|Updated the Settings/EDPEnforcementLevel values to the following values:<li> 0 (default) Off / No protection (decrypts previously protected data).<li> 1 Silent mode (encrypt and audit only).<li> 2 Allow override mode (encrypt, prompt and allow overrides, and audit).<li> 3 Hides overrides (encrypt, prompt but hide overrides, and audit).|
|[AppLocker CSP](mdm/applocker-csp.md)|Added two new SyncML examples (to disable the calendar app and to block usage of the map app) in [Allowlist examples](mdm/applocker-csp.md#allowlist-examples).|
|[DeviceManageability CSP](mdm/devicemanageability-csp.md)|Added the following settings in Windows 10, version 1709:<li>Provider/ProviderID/ConfigInfo<li> Provider/ProviderID/EnrollmentInfo|
|[Office CSP](mdm/office-csp.md)|Added the following setting in Windows 10, version 1709:<li>Installation/CurrentStatus|
|[BitLocker CSP](mdm/bitlocker-csp.md)|Added information to the ADMX-backed policies. Changed the minimum personal identification number (PIN) length to four digits in SystemDrivesRequireStartupAuthentication and SystemDrivesMinimumPINLength in Windows 10, version 1709.|
|[Firewall CSP](mdm/firewall-csp.md)|Updated the CSP and DDF topics. Here are the changes:<li>Removed the two settings - FirewallRules/FirewallRuleName/FriendlyName and FirewallRules/FirewallRuleName/IcmpTypesAndCodes.<li>Changed some data types from integer to bool.<li>Updated the list of supported operations for some settings.<li>Added default values.|
|[Policy DDF file](mdm/configuration-service-provider-ddf.md)|Added another Policy DDF file [download](https://download.microsoft.com/download/6/1/C/61C022FD-6F5D-4F73-9047-17F630899DC4/PolicyDDF_all_version1607_8C.xml) for the 8C release of Windows 10, version 1607, which added the following policies:<li>Browser/AllowMicrosoftCompatibilityList<li>Update/DisableDualScan<li>Update/FillEmptyContentUrls|
|[Policy CSP](mdm/policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1709:<li>Browser/ProvisionFavorites<li>Browser/LockdownFavorites<li>ExploitGuard/ExploitProtectionSettings<li>Games/AllowAdvancedGamingServices<li>LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts<li>LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly<li>LocalPoliciesSecurityOptions/Accounts_RenameAdministratorAccount<li>LocalPoliciesSecurityOptions/Accounts_RenameGuestAccount<li>LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked<li>LocalPoliciesSecurityOptions/Interactivelogon_DoNotDisplayLastSignedIn<li>LocalPoliciesSecurityOptions/Interactivelogon_DoNotDisplayUsernameAtSignIn<li>LocalPoliciesSecurityOptions/Interactivelogon_DoNotRequireCTRLALTDEL<li>LocalPoliciesSecurityOptions/InteractiveLogon_MachineInactivityLimit<li>LocalPoliciesSecurityOptions/InteractiveLogon_MessageTextForUsersAttemptingToLogOn<li>LocalPoliciesSecurityOptions/InteractiveLogon_MessageTitleForUsersAttemptingToLogOn<li>LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests<li>LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn<li>LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation<li>LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForAdministrators<li>LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers<li>LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated<li>LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations<li>LocalPoliciesSecurityOptions/UserAccountControl_RunAllAdministratorsInAdminApprovalMode<li>LocalPoliciesSecurityOptions/UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation<li>LocalPoliciesSecurityOptions/UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations<li>Privacy/EnableActivityFeed<li>Privacy/PublishUserActivities<li>Update/DisableDualScan<li>Update/AllowAutoWindowsUpdateDownloadOverMeteredNetwork<br/><br/>Changed the name of new policy to CredentialProviders/DisableAutomaticReDeploymentCredentials from CredentialProviders/EnableWindowsAutopilotResetCredentials.<br/><br/>Changed the names of the following policies:<li>Defender/GuardedFoldersAllowedApplications to Defender/ControlledFolderAccessAllowedApplications<li>Defender/GuardedFoldersList to Defender/ControlledFolderAccessProtectedFolders<li>Defender/EnableGuardMyFolders to Defender/EnableControlledFolderAccess<br/><br/>Added links to the extra [ADMX-backed BitLocker policies](mdm/policy-csp-bitlocker.md).<br/><br/>There were issues reported with the previous release of the following policies. These issues were fixed in Windows 10, version 1709:<li>Privacy/AllowAutoAcceptPairingAndPrivacyConsentPrompts<li>Start/HideAppList|

31
windows/client-management/connect-to-remote-aadj-pc.md
View File

@ -22,8 +22,8 @@ ms.technology: itpro-manage
From its release, Windows has supported remote connections to devices joined to Active Directory using Remote Desktop Protocol (RDP). Windows 10, version 1607 added the ability to connect to a device that is joined to Azure Active Directory (Azure AD) using RDP. From its release, Windows has supported remote connections to devices joined to Active Directory using Remote Desktop Protocol (RDP). Windows 10, version 1607 added the ability to connect to a device that is joined to Azure Active Directory (Azure AD) using RDP.
- Starting in Windows 10, version 1809, you can [use biometrics to authenticate to a remote desktop session](/windows/whats-new/whats-new-windows-10-version-1809#remote-desktop-with-biometrics). - Starting in Windows 10, version 1809, you can [use biometrics to authenticate to a remote desktop session](/windows/whats-new/whats-new-windows-10-version-1809#remote-desktop-with-biometrics).
- Starting in Windows 10/11, with 2022-09 preview update installed, you can [use Azure AD authentication to connect to the remote Azure AD device](#connect-with-azure-ad-authentication). - Starting in Windows 10/11, with 2022-10 update installed, you can [use Azure AD authentication to connect to the remote Azure AD device](#connect-with-azure-ad-authentication).
## Prerequisites ## Prerequisites
- Both devices (local and remote) must be running a supported version of Windows. - Both devices (local and remote) must be running a supported version of Windows.
@ -34,28 +34,35 @@ From its release, Windows has supported remote connections to devices joined to
## Connect with Azure AD Authentication ## Connect with Azure AD Authentication
Azure AD Authentication can be used on the following operating systems: Azure AD Authentication can be used on the following operating systems for both the local and remote device:
- Windows 11 with [2022-09 Cumulative Updates for Windows 11 Preview (KB5017383)](https://support.microsoft.com/kb/KB5017383) or later installed.
- Windows 10, version 20H2 or later with [2022-09 Cumulative Updates for Windows 10 Preview (KB5017380)](https://support.microsoft.com/kb/KB5017380) or later installed.
- Windows Server 2022 with [2022-09 Cumulative Update for Microsoft server operating system preview (KB5017381)](https://support.microsoft.com/kb/KB5017381) or later installed.
- Windows 11 with [2022-10 Cumulative Updates for Windows 11 (KB5018418)](https://support.microsoft.com/kb/KB5018418) or later installed.
- Windows 10, version 20H2 or later with [2022-10 Cumulative Updates for Windows 10 (KB5018410)](https://support.microsoft.com/kb/KB5018410) or later installed.
- Windows Server 2022 with [2022-10 Cumulative Update for Microsoft server operating system (KB5018421)](https://support.microsoft.com/kb/KB5018421) or later installed.
There's no requirement for the local device to be joined to a domain or Azure AD. As a result, this method allows you to connect to the remote Azure AD joined device from: There's no requirement for the local device to be joined to a domain or Azure AD. As a result, this method allows you to connect to the remote Azure AD joined device from:
- [Azure AD joined](/azure/active-directory/devices/concept-azure-ad-join) or [Hybrid Azure AD joined](/azure/active-directory/devices/concept-azure-ad-join-hybrid) device. - [Azure AD joined](/azure/active-directory/devices/concept-azure-ad-join) or [Hybrid Azure AD joined](/azure/active-directory/devices/concept-azure-ad-join-hybrid) device.
- Active Directory joined device. - Active Directory joined device.
- Workgroup device. - Workgroup device.
Azure AD authentication can also be used to connect to Hybrid Azure AD joined devices.
To connect to the remote computer: To connect to the remote computer:
- Launch **Remote Desktop Connection** from Windows Search, or by running `mstsc.exe`. - Launch **Remote Desktop Connection** from Windows Search, or by running `mstsc.exe`.
- Specify the name of the remote computer.
- Select **Use a web account to sign in to the remote computer** option in the **Advanced** tab. This option is equivalent to the `enablerdsaadauth` RDP property. For more information, see [Supported RDP properties with Remote Desktop Services](/windows-server/remote/remote-desktop-services/clients/rdp-files). - Select **Use a web account to sign in to the remote computer** option in the **Advanced** tab. This option is equivalent to the `enablerdsaadauth` RDP property. For more information, see [Supported RDP properties with Remote Desktop Services](/windows-server/remote/remote-desktop-services/clients/rdp-files).
- Specify the name of the remote computer and select **Connect**.
> [!NOTE]
> IP address cannot be used when **Use a web account to sign in to the remote computer** option is used.
> The name must match the hostname of the remote device in Azure AD and be network addressable, resolving to the IP address of the remote device.
- When prompted for credentials, specify your user name in `user@domain.com` format. - When prompted for credentials, specify your user name in `user@domain.com` format.
- You're then prompted to allow the remote desktop connection when connecting to a new PC. Azure AD remembers up to 15 hosts for 30 days before prompting again. If you see this dialogue, select **Yes** to connect. - You're then prompted to allow the remote desktop connection when connecting to a new PC. Azure AD remembers up to 15 hosts for 30 days before prompting again. If you see this dialogue, select **Yes** to connect.
> [!IMPORTANT] > [!IMPORTANT]
> If your organization has configured and is using [Azure AD Conditional Access](/azure/active-directory/conditional-access/overview), your device must satisfy the conditional access requirements to allow connection to the remote computer. > If your organization has configured and is using [Azure AD Conditional Access](/azure/active-directory/conditional-access/overview), your device must satisfy the conditional access requirements to allow connection to the remote computer. Conditional Access policies with [grant controls](/azure/active-directory/conditional-access/concept-conditional-access-grant) and [session controls](/azure/active-directory/conditional-access/howto-conditional-access-session-lifetime) may be applied to the application **Microsoft Remote Desktop (a4a365df-50f1-4397-bc59-1a1564b8bb9c)** for controlled access.
### Disconnection when the session is locked ### Disconnection when the session is locked
@ -87,7 +94,7 @@ To connect to the remote computer:
### Supported configurations ### Supported configurations
This table lists the supported configurations for remotely connecting to an Azure AD joined device: This table lists the supported configurations for remotely connecting to an Azure AD joined device without using Azure AD authentication:
| **Criteria** | **Client operating system** | **Supported credentials** | | **Criteria** | **Client operating system** | **Supported credentials** |
|--------------------------------------------|-----------------------------------|--------------------------------------------------------------------| |--------------------------------------------|-----------------------------------|--------------------------------------------------------------------|
@ -99,7 +106,7 @@ This table lists the supported configurations for remotely connecting to an Azur
> If the RDP client is running Windows Server 2016 or Windows Server 2019, to be able to connect to Azure AD joined devices, it must [allow Public Key Cryptography Based User-to-User (PKU2U) authentication requests to use online identities](/windows/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities). > If the RDP client is running Windows Server 2016 or Windows Server 2019, to be able to connect to Azure AD joined devices, it must [allow Public Key Cryptography Based User-to-User (PKU2U) authentication requests to use online identities](/windows/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities).
> [!NOTE] > [!NOTE]
> When an Azure AD group is added to the **Remote Desktop Users** group on a Windows device, it isn't honoured when the user that belongs to the Azure AD group logs in through RDP resulting in failure to establish the remote connection. In this scenario, Network Level Authentication should be disabled to allow the connection. > When an Azure AD group is added to the **Remote Desktop Users** group on a Windows device, it isn't honored when the user that belongs to the Azure AD group logs in through RDP, resulting in failure to establish the remote connection. In this scenario, Network Level Authentication should be disabled to allow the connection.
## Add users to Remote Desktop Users group ## Add users to Remote Desktop Users group
@ -122,3 +129,5 @@ Remote Desktop Users group is used to grant users and groups permissions to remo
## Related articles ## Related articles
[How to use Remote Desktop](https://support.microsoft.com/windows/how-to-use-remote-desktop-5fe128d5-8fb1-7a23-3b8a-41e636865e8c) [How to use Remote Desktop](https://support.microsoft.com/windows/how-to-use-remote-desktop-5fe128d5-8fb1-7a23-3b8a-41e636865e8c)

312
windows/client-management/data-structures-windows-store-for-business.md
View File

@ -1,312 +0,0 @@
---
title: Data structures for Microsoft Store for Business
description: Learn about the various data structures for Microsoft Store for Business.
MS-HAID:
- 'p\_phdevicemgmt.business\_store\_data\_structures'
- 'p\_phDeviceMgmt.data\_structures\_windows\_store\_for\_business'
ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
ms.prod: windows-client
ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 09/18/2017
---
# Data structures for Microsoft Store for Business
Here's the list of data structures used in the Microsoft Store for Business REST APIs:
- [AlternateIdentifier](#alternateidentifier)
- [BulkSeatOperationResultSet](#bulkseatoperationresultset)
- [FailedSeatRequest](#failedseatrequest)
- [FrameworkPackageDetails](#frameworkpackagedetails)
- [InventoryDistributionPolicy](#inventorydistributionpolicy)
- [InventoryEntryDetails](#inventoryentrydetails)
- [InventoryResultSet](#inventoryresultset)
- [InventoryStatus](#inventorystatus)
- [LicenseType](#licensetype)
- [LocalizedProductDetail](#localizedproductdetail)
- [OfflineLicense](#offlinelicense)
- [PackageContentInfo](#packagecontentinfo)
- [PackageLocation](#packagelocation)
- [ProductArchitectures](#productarchitectures)
- [ProductDetails](#productdetails)
- [ProductImage](#productimage)
- [ProductKey](#productkey)
- [ProductPackageDetails](#productpackagedetails)
- [ProductPackageFormat](#productpackageformat)
- [ProductPackageSet](#productpackageset)
- [ProductPlatform](#productplatform)
- [PublisherDetails](#publisherdetails)
- [SeatAction](#seataction)
- [SeatDetails](#seatdetails)
- [SeatDetailsResultSet](#seatdetailsresultset)
- [SeatState](#seatstate)
- [SupportedProductPlatform](#supportedproductplatform)
- [VersionInfo](#versioninfo)
## AlternateIdentifier
Specifies the properties of the alternate identifier.
|Name|Type|Description|
|--- |--- |--- |
|Type|String|LegacyWindowStoreProductId, LegacyWindowsPhoneProductId, RedirectToThresholdProductId|
|Value|String||
## BulkSeatOperationResultSet
|Name|Type|
|--- |--- |
|seatDetails|Collection of [SeatDetails](#seatdetails)|
|failedSeatOperations|Collection of [FailedSeatRequest](#failedseatrequest)|
## FailedSeatRequest
|Name|Type|
|--- |--- |
|failureReason|String|
|productKey|[ProductKey](#productkey)|
|userName|String|
## FrameworkPackageDetails
|Name|Type|Description|
|--- |--- |--- |
|packageId|String||
|contentId|String|Identifies a specific application.|
|Location|[PackageLocation](#packagelocation)||
|packageFullName|String||
|packageIdentityName|String||
|Architectures|Collection of [ProductArchitectures](#productarchitectures)||
|packageFormat|[ProductPackageFormat](#productpackageformat)||
|Platforms|Collection of [ProductPlatform](#productplatform)||
|fileSize|integer-64|Size of the file.|
|packageRank|integer-32|Optional|
## InventoryDistributionPolicy
|Name|Description|
|--- |--- |
|Open|Open distribution policy - licenses/seats can be assigned/consumed without limit|
|Restricted|Restricted distribution policy - licenses/seats must be assigned/consumed according to the available count|
## InventoryEntryDetails
|Name|Type|Description|
|--- |--- |--- |
|productKey|[ProductKey](#productkey)|Identifier used on subsequent requests to get more content including product descriptions, offline license, and download URLs.|
|seatCapacity|integer-64|Total number of seats that have been purchased for an application.|
|availableSeats|integer-64|Number of available seats remaining for an application.|
|lastModified|dateTime|Specifies the last modified date for an application. Modifications for an application include updated product details, updates to an application, and updates to the quantity of an application.|
|licenseType|[LicenseType](#licensetype)|Indicates whether the set of seats for a given application supports online or offline licensing.|
|distributionPolicy|[InventoryDistributionPolicy](#inventorydistributionpolicy)||
|status|[InventoryStatus](#inventorystatus)||
## InventoryResultSet
|Name|Type|Description|
|--- |--- |--- |
|continuationToken|String|Only available if there is a next page.|
|inventoryEntries|Collection of [InventoryEntryDetails](#inventoryentrydetails)||
## InventoryStatus
|Name|Description|
|--- |--- |
|Active|Entry is available in the organizations inventory.|
|Removed|Entry has been removed from the organizations inventory.|
## LicenseType
|Name|Description|
|--- |--- |
|Online|Online license application.|
|Offline|Offline license application.|
## LocalizedProductDetail
Specifies the properties of the localized product.
|Name|Type|Description|
|--- |--- |--- |
|Language|String|Language or fallback language if the specified language is not available.|
|displayName|String|Display name of the application.|
|Description|String|App description provided by developer can be up to 10,000 characters.|
|Images|Collection of [ProductImage](#productimage)|Artwork and icon associated with the application.|
|Publisher|[PublisherDetails](#publisherdetails)|Publisher of the application.|
## OfflineLicense
|Name|Type|Description|
|--- |--- |--- |
|productKey|[ProductKey](#productkey)|Identifies a set of seats associated with an application.|
|licenseBlob|String|Base-64 encoded offline license that can be installed via a CSP.|
|licenseInstanceId|String|Version of the license.|
|requestorId|String|Organization requesting the license.|
|contentId|String|Identifies the specific license required by an application.|
## PackageContentInfo
|Name|Type|
|--- |--- |
|productPlatforms|Collection of ProductPlatform|
|packageFormat|String|
## PackageLocation
|Name|Type|Description|
|--- |--- |--- |
|Url|URI|CDN location of the packages. URL expiration is based on the estimated time to download the package.|
## ProductArchitectures
|Name|
|--- |
|Neutral|
|Arm|
|x86|
|x64|
## ProductDetails
|Name|Type|Description|
|--- |--- |--- |
|productKey|[ProductKey](#productkey)|Identifier used on subsequent requests to get more content including product descriptions, offline license, and download URLs.|
|productType|String|Type of product.|
|supportedLanguages|Collection of string|The set of localized languages for an application.|
|publisherId|String|Publisher identifier.|
|Category|String|Application category.|
|alternateIds|Collection of [AlternateIdentifier](#alternateidentifier)|The identifiers that can be used to instantiate the installation of on online application.|
|packageFamilyName|String||
|supportedPlatforms|Collection of [ProductPlatform](#productplatform)||
## ProductImage
Specifies the properties of the product image.
|Name|Type|Description|
|--- |--- |--- |
|location|URI|Location of the download image.|
|purpose|string|Tag for the image, for example "screenshot" or "logo".|
|height|string|Height of the image in pixels.|
|width|string|Width of the image in pixels.|
|caption|string|Unlimited length.|
|backgroundColor|string|Format "#RRGGBB"|
|foregroundColor|string|Format "#RRGGBB"|
|fileSize|integer-64|Size of the file.|
## ProductKey
Specifies the properties of the product key.
|Name|Type|Description|
|--- |--- |--- |
|productId|String|Product identifier for an application that is used by the Store for Business.|
|skuId|String|Product identifier that specifies a specific SKU of an application.|
## ProductPackageDetails
|Name|Type|Description|
|--- |--- |--- |
|frameworkDependencyPackages|Collection of [FrameworkPackageDetails](#frameworkpackagedetails)||
|packageId|String||
|contentId|String|Identifies a specific application.|
|Location|[PackageLocation](#packagelocation)||
|packageFullName|String|Example, Microsoft.BingTranslator_1.1.10917.2059_x86__8wekyb3d8bbwe|
|packageIdentityName|String|Example, Microsoft.BingTranslator|
|Architectures|Collection of [ProductArchitectures](#productarchitectures)|Values {x86, x64, arm, neutral}|
|packageFormat|[ProductPackageFormat](#productpackageformat)|Extension of the package file.|
|Platforms|Collection of [ProductPlatform](#productplatform)||
|fileSize|integer-64|Size of the file.|
|packageRank|integer-32|Optional|
## ProductPackageFormat
|Name|
|--- |
|Appx|
|appxBundle|
|Xap|
## ProductPackageSet
|Name|Type|Description|
|--- |--- |--- |
|packageSetId|String|An identifier for the particular combination of application packages.|
|productPackages|Collection of [ProductPackageDetails](#productpackagedetails)|A collection of application packages.|
## ProductPlatform
|Name|Type|
|--- |--- |
|platformName|String|
|minVersion|[VersionInfo](#versioninfo)|
|maxTestedVersion|[VersionInfo](#versioninfo)|
## PublisherDetails
Specifies the properties of the publisher details.
|Name|Type|Description|
|--- |--- |--- |
|publisherName|String|Name of the publisher.|
|publisherWebsite|String|Website of the publisher.|
## SeatAction
|Name|
|--- |
|Assign|
|Reclaim|
## SeatDetails
|Name|Type|Description|
|--- |--- |--- |
|assignedTo|String|Format = UPN (user@domain)|
|dateAssigned|Datetime||
|State|[SeatState](#seatstate)||
|productKey|[ProductKey](#productkey)||
## SeatDetailsResultSet
|Name|Type|
|--- |--- |
|Seats|Collection of [SeatDetails](#seatdetails)|
|continuationToken|String|
## SeatState
|Name|
|--- |
|Active|
|Revoked|
## SupportedProductPlatform
|Name|Type|
|--- |--- |
|platformName|String|
|minVersion|[VersionInfo](#versioninfo)|
|maxTestedVersion|[VersionInfo](#versioninfo)|
|Architectures|Collection of [ProductArchitectures](#productarchitectures)|
## VersionInfo
|Name|Type|
|--- |--- |
|Major|integer-32|
|Minor|integer-32|
|Build|integer-32|
|Revision|integer-32|

4
windows/client-management/docfx.json
View File

@ -34,6 +34,7 @@
"externalReference": [], "externalReference": [],
"globalMetadata": { "globalMetadata": {
"recommendations": true, "recommendations": true,
"adobe-target": true,
"ms.collection": [ "ms.collection": [
"tier2" "tier2"
], ],
@ -60,7 +61,8 @@
"claydetels19", "claydetels19",
"jborsecnik", "jborsecnik",
"tiburd", "tiburd",
"garycentric" "garycentric",
"beccarobins"
], ],
"searchScope": ["Windows 10"] "searchScope": ["Windows 10"]
}, },

64
windows/client-management/get-inventory.md
View File

@ -1,64 +0,0 @@
---
title: Get Inventory
description: The Get Inventory operation retrieves information from the Microsoft Store for Business to determine if new or updated applications are available.
MS-HAID:
- 'p\_phdevicemgmt.get\_seatblock'
- 'p\_phDeviceMgmt.get\_inventory'
ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
ms.prod: windows-client
ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 09/18/2017
---
# Get Inventory
The **Get Inventory** operation retrieves information from the Microsoft Store for Business to determine if new or updated applications are available.
## Request
**GET:**
```http
https://bspmts.mp.microsoft.com/V1/Inventory?continuationToken={ContinuationToken}&amp;modifiedSince={ModifiedSince}&amp;licenseTypes={LicenseType}&amp;maxResults={MaxResults}
```
### URI parameters
The following parameters may be specified in the request URI.
|Parameter|Type|Default value|Description|
|--- |--- |--- |--- |
|continuationToken|string|Null||
|modifiedSince|datetime|Null|Optional. Used to determine changes since a specific date.|
|licenseTypes|collection of [LicenseType](data-structures-windows-store-for-business.md#licensetype)|{online,offline}|Optional. A collection of license types|
|maxResults|integer-32|25|Optional. Specifies the maximum number of applications returned in a single query.|
Here are some examples.
|Query type|Example query|
|--- |--- |
|Online and offline|[https://bspmts.mp.microsoft.com/V1/Inventory?licenseTypes=online&licenseTypes=offline&maxResults=25](https://bspmts.mp.microsoft.com/V1/Inventory?licenseTypes=online&licenseTypes=offline&maxResults=25)|
|Online only|[https://bspmts.mp.microsoft.com/V1/Inventory?licenseTypes=online&maxResults=25](https://bspmts.mp.microsoft.com/V1/Inventory?licenseTypes=online&maxResults=25)|
|Offline only|[https://bspmts.mp.microsoft.com/V1/Inventory?licenseTypes=offline&maxResults=25](https://bspmts.mp.microsoft.com/V1/Inventory?licenseTypes=offline&maxResults=25)|
|Both license types and a time filter|[https://bspmts.mp.microsoft.com/V1/Inventory?modifiedSince=2015-07-13T14%3a02%3a25.6863382-07%3a00&licenseTypes=online&licenseTypes=offline&maxResults=25](https://bspmts.mp.microsoft.com/V1/Inventory?modifiedSince=2015-07-13T14%3a02%3a25.6863382-07%3a00&licenseTypes=online&licenseTypes=offline&maxResults=25)|
|Error code|Description|Retry|Data field|
|--- |--- |--- |--- |
|400|Invalid parameters|No|Parameter name<br><br>Invalid modified date, license, or continuationToken<br><br>Details: String|
## Response
### Response body
The response contains [InventoryResultSet](data-structures-windows-store-for-business.md#inventoryresultset).

52
windows/client-management/get-localized-product-details.md
View File

@ -1,52 +0,0 @@
---
title: Get localized product details
description: The Get localized product details operation retrieves the localization information of a product from the Microsoft Store for Business.
ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
ms.prod: windows-client
ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 12/07/2020
---
# Get localized product details
The **Get localized product details** operation retrieves the localization information of a product from the Microsoft Store for Business.
## Request
**GET:**
```http
https://bspmts.mp.microsoft.com/V1/Products/{ProductId}/{SkuId}/LocalizedDetails/{language}
```
### URI parameters
The following parameters may be specified in the request URI.
|Parameter|Type|Description|
|--- |--- |--- |
|productId|string|Required. Product identifier for an application that is used by the Store for Business.|
|skuId|string|Required. Product identifier that specifies a specific SKU of an application.|
|language|string|Required. Language in ISO format, such as en-us, en-ca.|
|Error code|Description|Retry|Data field|
|--- |--- |--- |--- |
|400|Invalid parameters|No|Parameter name<br>Reason: Missing parameter or invalid parameter<br>Details: String|
|404|Not found||Item type: productId, skuId, language|
## Response
The response contains [LocalizedProductDetail](data-structures-windows-store-for-business.md#localizedproductdetail).
 

54
windows/client-management/get-offline-license.md
View File

@ -1,54 +0,0 @@
---
title: Get offline license
description: The Get offline license operation retrieves the offline license information of a product from the Microsoft Store for Business.
ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
ms.prod: windows-client
ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 09/18/2017
---
# Get offline license
The **Get offline license** operation retrieves the offline license information of a product from the Microsoft Store for Business.
## Request
**POST:**
```http
https://bspmts.mp.microsoft.com/V1/Products/{productId}/{skuId}/OfflineLicense/{contentId}
```
### URI parameters
The following parameters may be specified in the request URI.
|Parameter|Type|Description|
|--- |--- |--- |
|productId|string|Required. Identifies a specific product that has been acquired.|
|skuId|string|Required. The SKU identifier.|
|contentId|string|Required. Identifies a specific application.|
|Error code|Description|Retry|Data field|
|--- |--- |--- |--- |
|400|Invalid parameters|No|Parameter name<br>Reason: Missing parameter or invalid parameter<br>Details: String|
|404|Not found|||
|409|Conflict||Reason: Not owned, Not offline|
## Response
### Response body
The response contains [OfflineLicense](data-structures-windows-store-for-business.md#offlinelicense).
 

52
windows/client-management/get-product-details.md
View File

@ -1,52 +0,0 @@
---
title: Get product details
description: The Get product details operation retrieves the product information from the Microsoft Store for Business for a specific application.
ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
ms.prod: windows-client
ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 09/18/2017
---
# Get product details
The **Get product details** operation retrieves the product information from the Microsoft Store for Business for a specific application.
## Request
**GET:**
```http
https://bspmts.mp.microsoft.com/V1/Products/{productId}/{skuId}
```
### URI parameters
The following parameters may be specified in the request URI.
|Parameter|Type|Description|
|--- |--- |--- |
|productId|string|Required. Product identifier for an application that is used by the Store for Business.|
|skuId|string|Required. Product identifier that specifies a specific SKU of an application.|
|Error code|Description|Retry|Data field|
|--- |--- |--- |--- |
|400|Invalid parameters|No|Parameter name<br>Reason: Missing parameter or invalid parameter<br>Details: String|
|404|Not found|||
## Response
### Response body
The response contains [ProductDetails](data-structures-windows-store-for-business.md#productdetails).
 

54
windows/client-management/get-product-package.md
View File

@ -1,54 +0,0 @@
---
title: Get product package
description: The Get product package operation retrieves the information about a specific application in the Microsoft Store for Business.
ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
ms.prod: windows-client
ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 09/18/2017
---
# Get product package
The **Get product package** operation retrieves the information about a specific application in the Microsoft Store for Business.
## Request
**GET:**
```http
https://bspmts.mp.microsoft.com/V1/Products/{productId}/{skuId}/Packages/{packageId}
```
### URI parameters
The following parameters may be specified in the request URI.
|Parameter|Type|Description|
|--- |--- |--- |
|productId|string|Required. Product identifier for an application that is used by the Store for Business.|
|skuId|string|Required. Product identifier that specifies a specific SKU of an application.|
|packageId|string|Required.|
|Error code|Description|Retry|Data field|Details|
|--- |--- |--- |--- |--- |
|400|Invalid parameters|No|Parameter name <br/> <br/>Reason: Invalid parameter <br/> <br/>Details: String|Can be productId, skuId, or packageId|
|404|Not found|||Item type: Product/SKU|
|409|Conflict||Reason: Not owned||
## Response
### Response body
The response body contains [ProductPackageDetails](data-structures-windows-store-for-business.md#productpackagedetails).
 

53
windows/client-management/get-product-packages.md
View File

@ -1,53 +0,0 @@
---
title: Get product packages
description: The Get product packages operation retrieves the information about applications in the Microsoft Store for Business.
ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
ms.prod: windows-client
ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 09/18/2017
---
# Get product packages
The **Get product packages** operation retrieves the information about applications in the Microsoft Store for Business.
## Request
**GET:**
```http
https://bspmts.mp.microsoft.com/V1/Products/{productId}/{skuId}/Packages
```
 
### URI parameters
The following parameters may be specified in the request URI.
|Parameter|Type|Description|
|--- |--- |--- |
|productId|string|Required. Product identifier for an application that is used by the Store for Business.|
|skuId|string|Required. Product identifier that specifies a specific SKU of an application.|
|Error code|Description|Retry|Data field|
|--- |--- |--- |--- |
|400|Invalid parameters|No|Parameter name <br/> <br/>Reason: Missing parameter or invalid parameter <br/> <br/>Details: String|
|404|Not found|||
|409|Conflict||Reason: Not owned|
## Response
### Response body
The response body contains [ProductPackageSet](data-structures-windows-store-for-business.md#productpackageset).
 

47
windows/client-management/get-seat.md
View File

@ -1,47 +0,0 @@
---
title: Get seat
description: The Get seat operation retrieves the information about an active seat for a specified user in the Microsoft Store for Business.
ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
ms.prod: windows-client
ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 09/18/2017
---
# Get seat
The **Get seat** operation retrieves the information about an active seat for a specified user in the Microsoft Store for Business.
## Request
**GET:**
```http
https://bspmts.mp.microsoft.com/V1/Inventory/{productId}/{skuId}/Seats/{username}
```
### URI parameters
The following parameters may be specified in the request URI.
|Parameter|Type|Description|
|--- |--- |--- |
|productId|string|Required. Product identifier for an application that is used by the Store for Business.|
|skuId|string|Required. Product identifier that specifies a specific SKU of an application.|
|username|string|Requires UserPrincipalName (UPN). User name of the target user account.|
 
## Response
### Response body
The response body contains [SeatDetails](data-structures-windows-store-for-business.md#seatdetails).
|Error code|Description|Retry|Data field|Details|
|--- |--- |--- |--- |--- |
|400|Invalid parameters|No|Parameter name <br/><br/>Reason: Missing parameter or invalid parameter<br/><br/>Details: String|Invalid can include productId, skuId or username|
|404|Not found|||ItemType: Inventory, User, Seat<br/><br/>Values: ProductId/SkuId, UserName, ProductId/SkuId/Username|
|409|Conflict||Reason: Not online||

55
windows/client-management/get-seats-assigned-to-a-user.md
View File

@ -1,55 +0,0 @@
---
title: Get seats assigned to a user
description: The Get seats assigned to a user operation retrieves information about assigned seats in the Microsoft Store for Business.
ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
ms.prod: windows-client
ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 09/18/2017
---
# Get seats assigned to a user
The **Get seats assigned to a user** operation retrieves information about assigned seats in the Microsoft Store for Business.
## Request
**GET:**
```http
https:<span></span>//bspmts.mp.microsoft.com/V1/Users/{username}/Seats?continuationToken={ContinuationToken}&amp;maxResults={MaxResults}
```
### URI parameters
The following parameters may be specified in the request URI.
|Parameter|Type|Description|
|--- |--- |--- |
|useName|string|Requires UserPrincipalName (UPN). User name of the target user account.|
|continuationToken|string|Optional.|
|maxResults|inteter-32|Optional. Default = 25, Maximum = 100|
 
## Response
### Response body
The response body contains [SeatDetailsResultSet](data-structures-windows-store-for-business.md#seatdetailsresultset).
|Error code|Description|Retry|Data field|
|--- |--- |--- |--- |
|400|Invalid parameters|No|Parameter name<br><br>Reason: Invalid parameter<br><br>Details: String|
|404|Not found||Item type: User<br><br>Values: UserName|
 
 

50
windows/client-management/get-seats.md
View File

@ -1,50 +0,0 @@
---
title: Get seats
description: The Get seats operation retrieves the information about active seats in the Microsoft Store for Business.
ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
ms.prod: windows-client
ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 09/18/2017
---
# Get seats
The **Get seats** operation retrieves the information about active seats in the Microsoft Store for Business.
## Request
**GET:**
```http
https://bspmts.mp.microsoft.com/V1/Inventory/{productId}/{skuId}/Seats?continuationToken={ContinuationToken}&amp;maxResults={MaxResults}
```
### URI parameters
The following parameters may be specified in the request URI.
|Parameter|Type|Description|
|--- |--- |--- |
|productId|string|Required. Product identifier for an application that is used by the Store for Business.|
|skuId|string|Required. Product identifier that specifies a specific SKU of an application.|
|continuationToken|string|Optional.|
|maxResults|int32|Optional. Default = 25, Maximum = 100|
## Response
### Response body
The response body contains [SeatDetailsResultSet](data-structures-windows-store-for-business.md#seatdetailsresultset).
|Error code|Description|Retry|Data field|
|--- |--- |--- |--- |
|400|Invalid parameters|No|Parameter name <br> Reason: Missing parameter or invalid parameter <br> Details: String|
|404|Not found|||
|409|Conflict||Reason: Not online|

110
windows/client-management/management-tool-for-windows-store-for-business.md
View File

@ -1,110 +0,0 @@
---
title: Management tool for the Microsoft Store for Business
description: The Microsoft Store for Business has a new web service designed for the enterprise to acquire, manage, and distribute applications in bulk.
MS-HAID:
- 'p\_phdevicemgmt.business\_store\_portal\_management\_tool'
- 'p\_phDeviceMgmt.management\_tool\_for\_windows\_store\_for\_business'
ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
ms.prod: windows-client
ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 10/27/2017
---
# Management tool for the Microsoft Store for Business
The Microsoft Store for Business has a new web service designed for the enterprise to acquire, manage, and distribute applications in bulk. The Store for Business enables several capabilities that are required for the enterprise to manage the lifecycle of applications from acquisition to updates.
Here's the list of the available capabilities:
- Support for enterprise identities Enables end users within an organization to use the identity that has been provided to them within the organization. This feature enables an organization to keep control of the application and eliminates the need for an organization to maintain another set of identities for their users.
- Bulk acquisition support of applications Enables an IT administrator to acquire applications in bulk. IT departments can now take control over the procurement and distribution of applications. Previously, users acquire applications manually.
- License reclaim and reuse Enables an enterprise to keep value in their purchases by allowing the ability to unassign access to an application, and then reassign the application to another user. In Microsoft Store today, when a user with a Microsoft account leaves the organization, they keep ownership of the application.
- Flexible distribution models for Microsoft Store apps Allows enterprises to integrate with an organization's infrastructure. It also allows the processes to distribute applications to devices that are connected to Store for Business services and to devices without connectivity to the Store for Business services.
- Custom Line of Business app support Enables management and distribution of enterprise applications through the Store for Business.
- Support for Windows client devices - The Store for Business supports client devices.
For more information, see [Microsoft Store for Business and Education](/microsoft-store/).
## Management services
The Store for Business provides services that enable a management tool to synchronize new and updated applications for an organization. Once synchronized, you can distribute new and updated applications using the Windows Management framework. The services provide several features, including providing application data, can assign and reclaim applications, and can download offline-licensed application packages.
- **Application data**: The Store for Business service provides metadata for the applications that have been acquired via the Store for Business. This metadata includes:
- The application identifier that's used to deploy online license applications
- Artwork for an application that's used to create a company portal
- Localized descriptions for applications
- **Licensing models**:
- **Online-licensed** applications require connectivity to the Microsoft Store. Users require an Azure Active Directory identity, and rely on the store services on the device to get an application from the store. It's similar to how applications are acquired from the Microsoft Store using a Microsoft account. Assigning or reclaiming seats for an application require a call to the Store for Business services.
- **Offline-licensed** applications enable an organization to use the application for imaging and for devices that may not have connectivity to the store or may not have Azure Active Directory. Offline-licensed applications don't require connectivity to the store. It can be updated directly from the store if the device has connectivity, and the app update policies allow updates to be distributed using the store.
### Offline-licensed application distribution
The following diagram is an overview of app distribution, from getting an offline-licensed application to distributing to clients. Once the applications are synchronized from the Store for Business, the management tool can use the Windows management framework to distribute applications to devices.
![business store offline app distribution.](images/businessstoreportalservices2.png)
### Online-licensed application distribution
The following diagram is an overview of app distribution, from getting an online-licensed application to distributing to clients. Once the applications are synchronized from the Store for Business, the management tool can use the Windows management framework to distribute applications to devices. For online-licensed applications, the management tool calls back into the Store for Business management services to assign an application before issuing the policy to install the application.
![business store online app distribution.](images/businessstoreportalservices3.png)
## Integrate with Azure Active Directory
The Store for Business services use Azure Active Directory for authentication. The management tool must be registered as an Azure AD application within an organization tenant to authenticate against the Store for Business.
The following articles have more information about Azure AD, and how to register your application within Azure AD:
- Adding an application to Azure Active Directory - [Azure Active Directory integration with MDM](azure-active-directory-integration-with-mdm.md)
- Accessing other Web applications and configuring your application to access other APIs - [Integrating Applications with Azure Active Directory](/azure/active-directory/develop/quickstart-register-app)
- Authenticating to the Store for Business services via Azure AD - [Authentication Scenarios for Azure Active Directory](/azure/active-directory/develop/authentication-vs-authorization)
For code samples, see [Microsoft Azure Active Directory Samples and Documentation](https://go.microsoft.com/fwlink/p/?LinkId=623024) in GitHub. Patterns are similar to [Daemon-DotNet](https://go.microsoft.com/fwlink/p/?LinkId=623025) and [ConsoleApp-GraphAPI-DotNet](https://go.microsoft.com/fwlink/p/?LinkId=623026).
## Configure your Azure AD application
See [Quickstart: Register an application with the Microsoft identity platform](/azure/active-directory/develop/quickstart-register-app) for the steps to configure your Azure AD app.
## Azure AD Authentication for MTS
MTS requires calls to be authenticated using an Azure AD OAuth bearer token. The authorization token is for the Azure AD application representing the MDM component (service/daemon/on-prem instance) within the context of the directory/tenant it will be working on behalf-of.
Here are the details for requesting an authorization token:
- Login Authority = `https://login.windows.net/<TargetTenantId>`
- Resource/audience = `https://onestore.microsoft.com`: The token audience URI is an application identifier for which the token is being generated. It's not a URL for a service endpoint or a web page.
- ClientId = your Azure AD application client ID
- ClientSecret = your Azure AD application client secret/key
## Using the management tool
After you register your management tool with Azure AD, the management tool can call into the management services. There are a couple of call patterns:
- First the ability to get new or updated applications.
- Second the ability to assign or reclaim applications.
The diagram below shows the call patterns for acquiring a new or updated application.
![business store portal service flow diagram.](images/businessstoreportalservicesflow.png)
**Here is the list of available operations**:
- [Get Inventory](get-inventory.md)
- [Get product details](get-product-details.md)
- [Get localized product details](get-localized-product-details.md)
- [Get offline license](get-offline-license.md)
- [Get product packages](get-product-packages.md)
- [Get product package](get-product-package.md)
- [Get seats](get-seats.md)
- [Get seat](get-seat.md)
- [Assign seats](assign-seats.md)
- [Reclaim seat from user](reclaim-seat-from-user.md)
- [Bulk assign and reclaim seats for users](bulk-assign-and-reclaim-seats-from-user.md)
- [Get seats assigned to a user](get-seats-assigned-to-a-user.md)

6
windows/client-management/mdm/applicationcontrol-csp.md
View File

@ -946,9 +946,9 @@ The ApplicationControl CSP can also be managed locally from PowerShell or via Co
3. Use WMI Interface: 3. Use WMI Interface:
```powershell ```powershell
$namespace = "root\cimv2\mdm\dmmap" $namespace = "root\cimv2\mdm\dmmap"
$policyClassName = "MDM_AppControl_Policies" $policyClassName = "MDM_ApplicationControl_Policies01_01"
$policyBase64 = … $policyBase64 = "<base64policy>"
``` ```
### Deploying a policy via WMI Bridge ### Deploying a policy via WMI Bridge

32
windows/client-management/mdm/bitlocker-csp.md
View File

@ -4,7 +4,7 @@ description: Learn more about the BitLocker CSP.
author: vinaypamnani-msft author: vinaypamnani-msft
manager: aaroncz manager: aaroncz
ms.author: vinpa ms.author: vinpa
ms.date: 02/28/2023 ms.date: 03/23/2023
ms.localizationpriority: medium ms.localizationpriority: medium
ms.prod: windows-client ms.prod: windows-client
ms.technology: itpro-manage ms.technology: itpro-manage
@ -176,7 +176,7 @@ require reinstallation of Windows.
> [!NOTE] > [!NOTE]
> This policy takes effect only if "RequireDeviceEncryption" policy is set to 1. > This policy takes effect only if "RequireDeviceEncryption" policy is set to 1.
The expected values for this policy are The expected values for this policy are:
1 = This is the default, when the policy is not set. **Warning** prompt and encryption notification is allowed. 1 = This is the default, when the policy is not set. **Warning** prompt and encryption notification is allowed.
0 = Disables the warning prompt and encryption notification. Starting in Windows 10, next major update, 0 = Disables the warning prompt and encryption notification. Starting in Windows 10, next major update,
@ -317,11 +317,16 @@ Supported Values: 0 - Numeric Recovery Passwords rotation OFF.
<!-- Device-EncryptionMethodByDriveType-Description-Begin --> <!-- Device-EncryptionMethodByDriveType-Description-Begin -->
<!-- Description-Source-ADMX --> <!-- Description-Source-ADMX -->
This policy setting allows you to configure the algorithm and cipher strength used by BitLocker Drive Encryption. This policy setting is applied when you turn on BitLocker. Changing the encryption method has no effect if the drive is already encrypted, or if encryption is in progress. This policy setting configures whether BitLocker protection is required for a computer to be able to write data to a removable data drive.
- If you enable this policy setting you will be able to configure an encryption algorithm and key cipher strength for fixed data drives, operating system drives, and removable data drives individually. For fixed and operating system drives, we recommend that you use the XTS-AES algorithm. For removable drives, you should use AES-CBC 128-bit or AES-CBC 256-bit if the drive will be used in other devices that are not running Windows 10 (Version 1511). - If you enable this policy setting, all removable data drives that are not BitLocker-protected will be mounted as read-only. If the drive is protected by BitLocker, it will be mounted with read and write access.
- If you disable or do not configure this policy setting, BitLocker will use AES with the same bit strength (128-bit or 256-bit) as the "Choose drive encryption method and cipher strength (Windows Vista, Windows Server 2008, Windows 7)" and "Choose drive encryption method and cipher strength" policy settings (in that order), if they are set. If none of the policies are set, BitLocker will use the default encryption method of XTS-AES 128-bit or the encryption method specified by the setup script." If the "Deny write access to devices configured in another organization" option is selected, only drives with identification fields matching the computer's identification fields will be given write access. When a removable data drive is accessed it will be checked for valid identification field and allowed identification fields. These fields are defined by the "Provide the unique identifiers for your organization" policy setting.
- If you disable or do not configure this policy setting, all removable data drives on the computer will be mounted with read and write access.
> [!NOTE]
> This policy setting can be overridden by the policy settings under User Configuration\Administrative Templates\System\Removable Storage Access. If the "Removable Disks: Deny write access" policy setting is enabled this policy setting will be ignored.
<!-- Device-EncryptionMethodByDriveType-Description-End --> <!-- Device-EncryptionMethodByDriveType-Description-End -->
<!-- Device-EncryptionMethodByDriveType-Editable-Begin --> <!-- Device-EncryptionMethodByDriveType-Editable-Begin -->
@ -369,11 +374,12 @@ Sample value for this node to enable this policy and set the encryption methods
| Name | Value | | Name | Value |
|:--|:--| |:--|:--|
| Name | EncryptionMethodWithXts_Name | | Name | RDVDenyWriteAccess_Name |
| Friendly Name | Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later) | | Friendly Name | Deny write access to removable drives not protected by BitLocker |
| Location | Computer Configuration | | Location | Computer Configuration |
| Path | Windows Components > BitLocker Drive Encryption | | Path | Windows Components > BitLocker Drive Encryption > Removable Data Drives |
| Registry Key Name | SOFTWARE\Policies\Microsoft\FVE | | Registry Key Name | System\CurrentControlSet\Policies\Microsoft\FVE |
| Registry Value Name | RDVDenyWriteAccess |
| ADMX File Name | VolumeEncryption.admx | | ADMX File Name | VolumeEncryption.admx |
<!-- Device-EncryptionMethodByDriveType-AdmxBacked-End --> <!-- Device-EncryptionMethodByDriveType-AdmxBacked-End -->
@ -1578,10 +1584,10 @@ The Windows touch keyboard (such as that used by tablets) isn't available in the
- If this policy is not enabled, the Windows Recovery Environment must be enabled on tablets to support the entry of the BitLocker recovery password. When the Windows Recovery Environment is not enabled and this policy is not enabled, you cannot turn on BitLocker on a device that uses the Windows touch keyboard. - If this policy is not enabled, the Windows Recovery Environment must be enabled on tablets to support the entry of the BitLocker recovery password. When the Windows Recovery Environment is not enabled and this policy is not enabled, you cannot turn on BitLocker on a device that uses the Windows touch keyboard.
**Note** that if you do not enable this policy setting, options in the "Require additional authentication at startup" policy might not be available on such devices. These options include **Note** that if you do not enable this policy setting, options in the "Require additional authentication at startup" policy might not be available on such devices. These options include:
- Configure TPM startup PIN Required/Allowed - Configure TPM startup PIN: Required/Allowed
- Configure TPM startup key and PIN Required/Allowed - Configure TPM startup key and PIN: Required/Allowed
- Configure use of passwords for operating system drives. - Configure use of passwords for operating system drives.
<!-- Device-SystemDrivesEnablePrebootInputProtectorsOnSlates-Description-End --> <!-- Device-SystemDrivesEnablePrebootInputProtectorsOnSlates-Description-End -->
<!-- Device-SystemDrivesEnablePrebootInputProtectorsOnSlates-Editable-Begin --> <!-- Device-SystemDrivesEnablePrebootInputProtectorsOnSlates-Editable-Begin -->

64
windows/client-management/mdm/bitlocker-ddf-file.md
View File

@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
author: vinaypamnani-msft author: vinaypamnani-msft
manager: aaroncz manager: aaroncz
ms.author: vinpa ms.author: vinpa
ms.date: 02/22/2023 ms.date: 03/23/2023
ms.localizationpriority: medium ms.localizationpriority: medium
ms.prod: windows-client ms.prod: windows-client
ms.technology: itpro-manage ms.technology: itpro-manage
@ -149,7 +149,7 @@ The following XML file contains the device description framework (DDF) for the B
If you disable or do not configure this policy setting, BitLocker will use the default encryption method of XTS-AES 128-bit or the encryption method specified by any setup script.” If you disable or do not configure this policy setting, BitLocker will use the default encryption method of XTS-AES 128-bit or the encryption method specified by any setup script.”
The format is string. The format is string.
Sample value for this node to enable this policy and set the encryption methods is: Sample value for this node to enable this policy and set the encryption methods is:
EncryptionMethodWithXtsOsDropDown_Name = Select the encryption method for operating system drives. EncryptionMethodWithXtsOsDropDown_Name = Select the encryption method for operating system drives.
EncryptionMethodWithXtsFdvDropDown_Name = Select the encryption method for fixed data drives. EncryptionMethodWithXtsFdvDropDown_Name = Select the encryption method for fixed data drives.
@ -179,7 +179,7 @@ The following XML file contains the device description framework (DDF) for the B
<MIME /> <MIME />
</DFType> </DFType>
<MSFT:AllowedValues ValueType="ADMX"> <MSFT:AllowedValues ValueType="ADMX">
<MSFT:AdmxBacked Area="VolumeEncryption~AT~WindowsComponents~FVECategory~FVERDVCategory" Name="EncryptionMethodWithXts_Name" File="VolumeEncryption.admx" /> <MSFT:AdmxBacked Area="VolumeEncryption~AT~WindowsComponents~FVECategory~FVERDVCategory" Name="RDVDenyWriteAccess_Name" File="VolumeEncryption.admx" />
</MSFT:AllowedValues> </MSFT:AllowedValues>
</DFProperties> </DFProperties>
</Node> </Node>
@ -201,7 +201,7 @@ The following XML file contains the device description framework (DDF) for the B
Note: If you want to require the use of a startup PIN and a USB flash drive, you must configure BitLocker settings using the command-line tool manage-bde instead of the BitLocker Drive Encryption setup wizard. Note: If you want to require the use of a startup PIN and a USB flash drive, you must configure BitLocker settings using the command-line tool manage-bde instead of the BitLocker Drive Encryption setup wizard.
The format is string. The format is string.
Sample value for this node to enable this policy is: Sample value for this node to enable this policy is:
ConfigureNonTPMStartupKeyUsage_Name = Allow BitLocker without a compatible TPM (requires a password or a startup key on a USB flash drive) ConfigureNonTPMStartupKeyUsage_Name = Allow BitLocker without a compatible TPM (requires a password or a startup key on a USB flash drive)
All of the below settings are for computers with a TPM. All of the below settings are for computers with a TPM.
@ -257,7 +257,7 @@ The following XML file contains the device description framework (DDF) for the B
NOTE: If minimum PIN length is set below 6 digits, Windows will attempt to update the TPM 2.0 lockout period to be greater than the default when a PIN is changed. If successful, Windows will only reset the TPM lockout period back to default if the TPM is reset. NOTE: If minimum PIN length is set below 6 digits, Windows will attempt to update the TPM 2.0 lockout period to be greater than the default when a PIN is changed. If successful, Windows will only reset the TPM lockout period back to default if the TPM is reset.
The format is string. The format is string.
Sample value for this node to enable this policy is: Sample value for this node to enable this policy is:
Disabling the policy will let the system choose the default behaviors. Disabling the policy will let the system choose the default behaviors.
If you want to disable this policy use the following SyncML: If you want to disable this policy use the following SyncML:
@ -298,7 +298,7 @@ The following XML file contains the device description framework (DDF) for the B
Note: Not all characters and languages are supported in pre-boot. It is strongly recommended that you test that the characters you use for the custom message or URL appear correctly on the pre-boot recovery screen. Note: Not all characters and languages are supported in pre-boot. It is strongly recommended that you test that the characters you use for the custom message or URL appear correctly on the pre-boot recovery screen.
The format is string. The format is string.
Sample value for this node to enable this policy is: Sample value for this node to enable this policy is:
The possible values for 'xx' are: The possible values for 'xx' are:
0 = Empty 0 = Empty
@ -351,7 +351,7 @@ The following XML file contains the device description framework (DDF) for the B
If this policy setting is disabled or not configured, the default recovery options are supported for BitLocker recovery. By default a DRA is allowed, the recovery options can be specified by the user including the recovery password and recovery key, and recovery information is not backed up to AD DS. If this policy setting is disabled or not configured, the default recovery options are supported for BitLocker recovery. By default a DRA is allowed, the recovery options can be specified by the user including the recovery password and recovery key, and recovery information is not backed up to AD DS.
The format is string. The format is string.
Sample value for this node to enable this policy is: Sample value for this node to enable this policy is:
The possible values for 'xx' are: The possible values for 'xx' are:
true = Explicitly allow true = Explicitly allow
@ -409,7 +409,7 @@ The following XML file contains the device description framework (DDF) for the B
If you enable this policy setting, you can control the methods available to users to recover data from BitLocker-protected fixed data drives. If you enable this policy setting, you can control the methods available to users to recover data from BitLocker-protected fixed data drives.
The format is string. The format is string.
Sample value for this node to enable this policy is: Sample value for this node to enable this policy is:
The possible values for 'xx' are: The possible values for 'xx' are:
true = Explicitly allow true = Explicitly allow
@ -461,7 +461,7 @@ The following XML file contains the device description framework (DDF) for the B
If you disable or do not configure this policy setting, all fixed data drives on the computer will be mounted with read and write access. If you disable or do not configure this policy setting, all fixed data drives on the computer will be mounted with read and write access.
The format is string. The format is string.
Sample value for this node to enable this policy is: Sample value for this node to enable this policy is:
Disabling the policy will let the system choose the default behaviors. Disabling the policy will let the system choose the default behaviors.
If you want to disable this policy use the following SyncML: If you want to disable this policy use the following SyncML:
@ -502,7 +502,7 @@ The following XML file contains the device description framework (DDF) for the B
Note: This policy setting can be overridden by the group policy settings under User Configuration\Administrative Templates\System\Removable Storage Access. If the "Removable Disks: Deny write access" group policy setting is enabled this policy setting will be ignored. Note: This policy setting can be overridden by the group policy settings under User Configuration\Administrative Templates\System\Removable Storage Access. If the "Removable Disks: Deny write access" group policy setting is enabled this policy setting will be ignored.
The format is string. The format is string.
Sample value for this node to enable this policy is: Sample value for this node to enable this policy is:
The possible values for 'xx' are: The possible values for 'xx' are:
true = Explicitly allow true = Explicitly allow
@ -582,11 +582,11 @@ The following XML file contains the device description framework (DDF) for the B
require reinstallation of Windows. require reinstallation of Windows.
Note: This policy takes effect only if "RequireDeviceEncryption" policy is set to 1. Note: This policy takes effect only if "RequireDeviceEncryption" policy is set to 1.
The format is integer. The format is integer.
The expected values for this policy are: The expected values for this policy are:
1 = This is the default, when the policy is not set. Warning prompt and encryption notification is allowed. 1 = This is the default, when the policy is not set. Warning prompt and encryption notification is allowed.
0 = Disables the warning prompt and encryption notification. Starting in Windows 10, next major update, 0 = Disables the warning prompt and encryption notification. Starting in Windows 10, next major update,
the value 0 only takes affect on Azure Active Directory joined devices. the value 0 only takes affect on Azure Active Directory joined devices.
Windows will attempt to silently enable BitLocker for value 0. Windows will attempt to silently enable BitLocker for value 0.
If you want to disable this policy use the following SyncML: If you want to disable this policy use the following SyncML:
@ -630,7 +630,7 @@ The following XML file contains the device description framework (DDF) for the B
If "AllowWarningForOtherDiskEncryption" is not set, or is set to "1", "RequireDeviceEncryption" policy will not try to encrypt drive(s) if a standard user If "AllowWarningForOtherDiskEncryption" is not set, or is set to "1", "RequireDeviceEncryption" policy will not try to encrypt drive(s) if a standard user
is the current logged on user in the system. is the current logged on user in the system.
The expected values for this policy are: The expected values for this policy are:
1 = "RequireDeviceEncryption" policy will try to enable encryption on all fixed drives even if a current logged in user is standard user. 1 = "RequireDeviceEncryption" policy will try to enable encryption on all fixed drives even if a current logged in user is standard user.
0 = This is the default, when the policy is not set. If current logged on user is a standard user, "RequireDeviceEncryption" policy 0 = This is the default, when the policy is not set. If current logged on user is a standard user, "RequireDeviceEncryption" policy
@ -687,17 +687,17 @@ The following XML file contains the device description framework (DDF) for the B
</AccessType> </AccessType>
<DefaultValue>0</DefaultValue> <DefaultValue>0</DefaultValue>
<Description> Allows Admin to configure Numeric Recovery Password Rotation upon use for OS and fixed drives on AAD and Hybrid domain joined devices. <Description> Allows Admin to configure Numeric Recovery Password Rotation upon use for OS and fixed drives on AAD and Hybrid domain joined devices.
When not configured, Rotation is turned on by default for AAD only and off on Hybrid. The Policy will be effective only when When not configured, Rotation is turned on by default for AAD only and off on Hybrid. The Policy will be effective only when
Active Directory back up for recovery password is configured to required. Active Directory back up for recovery password is configured to required.
For OS drive: Turn on "Do not enable Bitlocker until recovery information is stored to AD DS for operating system drives" For OS drive: Turn on "Do not enable Bitlocker until recovery information is stored to AD DS for operating system drives"
For Fixed drives: Turn on "Do not enable Bitlocker until recovery information is stored to AD DS for fixed data drives" For Fixed drives: Turn on "Do not enable Bitlocker until recovery information is stored to AD DS for fixed data drives"
Supported Values: 0 - Numeric Recovery Passwords rotation OFF. Supported Values: 0 - Numeric Recovery Passwords rotation OFF.
1 - Numeric Recovery Passwords Rotation upon use ON for AAD joined devices. Default value 1 - Numeric Recovery Passwords Rotation upon use ON for AAD joined devices. Default value
2 - Numeric Recovery Passwords Rotation upon use ON for both AAD and Hybrid devices 2 - Numeric Recovery Passwords Rotation upon use ON for both AAD and Hybrid devices
If you want to disable this policy use the following SyncML: If you want to disable this policy use the following SyncML:
112./Device/Vendor/MSFT/BitLocker/ConfigureRecoveryPasswordRotationint0</Description> 112./Device/Vendor/MSFT/BitLocker/ConfigureRecoveryPasswordRotationint0</Description>
<DFFormat> <DFFormat>
<int /> <int />
@ -739,20 +739,20 @@ The following XML file contains the device description framework (DDF) for the B
</AccessType> </AccessType>
<Description> Allows admin to push one-time rotation of all numeric recovery passwords for OS and Fixed Data drives on an Azure Active Directory or hybrid-joined device. <Description> Allows admin to push one-time rotation of all numeric recovery passwords for OS and Fixed Data drives on an Azure Active Directory or hybrid-joined device.
This policy is Execute type and rotates all numeric passwords when issued from MDM tools. This policy is Execute type and rotates all numeric passwords when issued from MDM tools.
The policy only comes into effect when Active Directory backup for a recovery password is configured to "required." The policy only comes into effect when Active Directory backup for a recovery password is configured to "required."
* For OS drives, enable "Do not enable BitLocker until recovery information is stored to Active Directory Domain Services for operating system drives." * For OS drives, enable "Do not enable BitLocker until recovery information is stored to Active Directory Domain Services for operating system drives."
*For fixed drives, enable "Do not enable BitLocker until recovery information is stored to Active Directory Domain Services for fixed data drives." *For fixed drives, enable "Do not enable BitLocker until recovery information is stored to Active Directory Domain Services for fixed data drives."
Client returns status DM_S_ACCEPTED_FOR_PROCESSING to indicate the rotation has started. Server can query status with the following status nodes: Client returns status DM_S_ACCEPTED_FOR_PROCESSING to indicate the rotation has started. Server can query status with the following status nodes:
* status\RotateRecoveryPasswordsStatus * status\RotateRecoveryPasswordsStatus
* status\RotateRecoveryPasswordsRequestID * status\RotateRecoveryPasswordsRequestID
Supported Values: String form of request ID. Example format of request ID is GUID. Server can choose the format as needed according to the management tools.\ Supported Values: String form of request ID. Example format of request ID is GUID. Server can choose the format as needed according to the management tools.\
113./Device/Vendor/MSFT/BitLocker/RotateRecoveryPasswordschr</Description> 113./Device/Vendor/MSFT/BitLocker/RotateRecoveryPasswordschr</Description>
<DFFormat> <DFFormat>
<chr /> <chr />
@ -824,10 +824,10 @@ Supported Values: String form of request ID. Example format of request ID is GUI
<AccessType> <AccessType>
<Get /> <Get />
</AccessType> </AccessType>
<Description> This Node reports the status of RotateRecoveryPasswords request. <Description> This Node reports the status of RotateRecoveryPasswords request.
Status code can be one of the following: Status code can be one of the following:
NotStarted(2), Pending (1), Pass (0), Other error codes in case of failure NotStarted(2), Pending (1), Pass (0), Other error codes in case of failure
</Description> </Description>
<DFFormat> <DFFormat>
<int /> <int />
@ -853,10 +853,10 @@ Supported Values: String form of request ID. Example format of request ID is GUI
<AccessType> <AccessType>
<Get /> <Get />
</AccessType> </AccessType>
<Description> This Node reports the RequestID corresponding to RotateRecoveryPasswordsStatus. <Description> This Node reports the RequestID corresponding to RotateRecoveryPasswordsStatus.
This node needs to be queried in synchronization with RotateRecoveryPasswordsStatus This node needs to be queried in synchronization with RotateRecoveryPasswordsStatus
To ensure the status is correctly matched to the request ID. To ensure the status is correctly matched to the request ID.
</Description> </Description>
<DFFormat> <DFFormat>
<chr /> <chr />

95
windows/client-management/mdm/defender-csp.md
View File

@ -4,7 +4,7 @@ description: Learn more about the Defender CSP.
author: vinaypamnani-msft author: vinaypamnani-msft
manager: aaroncz manager: aaroncz
ms.author: vinpa ms.author: vinpa
ms.date: 02/28/2023 ms.date: 03/23/2023
ms.localizationpriority: medium ms.localizationpriority: medium
ms.prod: windows-client ms.prod: windows-client
ms.technology: itpro-manage ms.technology: itpro-manage
@ -58,6 +58,7 @@ The following list shows the Defender configuration service provider nodes:
- [EnableFileHashComputation](#configurationenablefilehashcomputation) - [EnableFileHashComputation](#configurationenablefilehashcomputation)
- [EngineUpdatesChannel](#configurationengineupdateschannel) - [EngineUpdatesChannel](#configurationengineupdateschannel)
- [HideExclusionsFromLocalAdmins](#configurationhideexclusionsfromlocaladmins) - [HideExclusionsFromLocalAdmins](#configurationhideexclusionsfromlocaladmins)
- [HideExclusionsFromLocalUsers](#configurationhideexclusionsfromlocalusers)
- [IntelTDTEnabled](#configurationinteltdtenabled) - [IntelTDTEnabled](#configurationinteltdtenabled)
- [MeteredConnectionUpdates](#configurationmeteredconnectionupdates) - [MeteredConnectionUpdates](#configurationmeteredconnectionupdates)
- [PassiveRemediation](#configurationpassiveremediation) - [PassiveRemediation](#configurationpassiveremediation)
@ -65,6 +66,7 @@ The following list shows the Defender configuration service provider nodes:
- [RandomizeScheduleTaskTimes](#configurationrandomizescheduletasktimes) - [RandomizeScheduleTaskTimes](#configurationrandomizescheduletasktimes)
- [ScanOnlyIfIdleEnabled](#configurationscanonlyifidleenabled) - [ScanOnlyIfIdleEnabled](#configurationscanonlyifidleenabled)
- [SchedulerRandomizationTime](#configurationschedulerrandomizationtime) - [SchedulerRandomizationTime](#configurationschedulerrandomizationtime)
- [SecuredDevicesConfiguration](#configurationsecureddevicesconfiguration)
- [SecurityIntelligenceUpdatesChannel](#configurationsecurityintelligenceupdateschannel) - [SecurityIntelligenceUpdatesChannel](#configurationsecurityintelligenceupdateschannel)
- [SupportLogLocation](#configurationsupportloglocation) - [SupportLogLocation](#configurationsupportloglocation)
- [TamperProtection](#configurationtamperprotection) - [TamperProtection](#configurationtamperprotection)
@ -1622,7 +1624,7 @@ Enable this policy to specify when devices receive Microsoft Defender engine upd
<!-- Device-Configuration-HideExclusionsFromLocalAdmins-Description-Begin --> <!-- Device-Configuration-HideExclusionsFromLocalAdmins-Description-Begin -->
<!-- Description-Source-DDF --> <!-- Description-Source-DDF -->
This policy setting controls whether or not exclusions are visible to local admins. For end users (that are not local admins) exclusions are not visible, whether or not this setting is enabled. This policy setting controls whether or not exclusions are visible to local admins. To control local users exclusions visibility use HideExclusionsFromLocalUsers. If HideExclusionsFromLocalAdmins is set then HideExclusionsFromLocalUsers will be implicitly set.
<!-- Device-Configuration-HideExclusionsFromLocalAdmins-Description-End --> <!-- Device-Configuration-HideExclusionsFromLocalAdmins-Description-End -->
<!-- Device-Configuration-HideExclusionsFromLocalAdmins-Editable-Begin --> <!-- Device-Configuration-HideExclusionsFromLocalAdmins-Editable-Begin -->
@ -1656,6 +1658,55 @@ This policy setting controls whether or not exclusions are visible to local admi
<!-- Device-Configuration-HideExclusionsFromLocalAdmins-End --> <!-- Device-Configuration-HideExclusionsFromLocalAdmins-End -->
<!-- Device-Configuration-HideExclusionsFromLocalUsers-Begin -->
### Configuration/HideExclusionsFromLocalUsers
<!-- Device-Configuration-HideExclusionsFromLocalUsers-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later |
<!-- Device-Configuration-HideExclusionsFromLocalUsers-Applicability-End -->
<!-- Device-Configuration-HideExclusionsFromLocalUsers-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/Defender/Configuration/HideExclusionsFromLocalUsers
```
<!-- Device-Configuration-HideExclusionsFromLocalUsers-OmaUri-End -->
<!-- Device-Configuration-HideExclusionsFromLocalUsers-Description-Begin -->
<!-- Description-Source-DDF -->
This policy setting controls whether or not exclusions are visible to local users. If HideExclusionsFromLocalAdmins is set then this policy will be implicitly set.
<!-- Device-Configuration-HideExclusionsFromLocalUsers-Description-End -->
<!-- Device-Configuration-HideExclusionsFromLocalUsers-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- Device-Configuration-HideExclusionsFromLocalUsers-Editable-End -->
<!-- Device-Configuration-HideExclusionsFromLocalUsers-DFProperties-Begin -->
**Description framework properties**:
| Property name | Property value |
|:--|:--|
| Format | int |
| Access Type | Add, Delete, Get, Replace |
| Default Value | 0 |
<!-- Device-Configuration-HideExclusionsFromLocalUsers-DFProperties-End -->
<!-- Device-Configuration-HideExclusionsFromLocalUsers-AllowedValues-Begin -->
**Allowed values**:
| Value | Description |
|:--|:--|
| 1 | If you enable this setting, local users will no longer be able to see the exclusion list in Windows Security App or via PowerShell. |
| 0 (Default) | If you disable or do not configure this setting, local users will be able to see exclusions in the Windows Security App and via PowerShell. |
<!-- Device-Configuration-HideExclusionsFromLocalUsers-AllowedValues-End -->
<!-- Device-Configuration-HideExclusionsFromLocalUsers-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- Device-Configuration-HideExclusionsFromLocalUsers-Examples-End -->
<!-- Device-Configuration-HideExclusionsFromLocalUsers-End -->
<!-- Device-Configuration-IntelTDTEnabled-Begin --> <!-- Device-Configuration-IntelTDTEnabled-Begin -->
### Configuration/IntelTDTEnabled ### Configuration/IntelTDTEnabled
@ -1696,6 +1747,7 @@ This policy setting configures the Intel TDT integration level for Intel TDT-cap
| Value | Description | | Value | Description |
|:--|:--| |:--|:--|
| 0 (Default) | If you do not configure this setting, the default value will be applied. The default value is controlled by Microsoft security intelligence updates. Microsoft will enable Intel TDT if there is a known threat. | | 0 (Default) | If you do not configure this setting, the default value will be applied. The default value is controlled by Microsoft security intelligence updates. Microsoft will enable Intel TDT if there is a known threat. |
| 1 | If you configure this setting to enabled, Intel TDT integration will turn on. |
| 2 | If you configure this setting to disabled, Intel TDT integration will turn off. | | 2 | If you configure this setting to disabled, Intel TDT integration will turn off. |
<!-- Device-Configuration-IntelTDTEnabled-AllowedValues-End --> <!-- Device-Configuration-IntelTDTEnabled-AllowedValues-End -->
@ -1996,6 +2048,45 @@ This setting allows you to configure the scheduler randomization in hours. The r
<!-- Device-Configuration-SchedulerRandomizationTime-End --> <!-- Device-Configuration-SchedulerRandomizationTime-End -->
<!-- Device-Configuration-SecuredDevicesConfiguration-Begin -->
### Configuration/SecuredDevicesConfiguration
<!-- Device-Configuration-SecuredDevicesConfiguration-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later |
<!-- Device-Configuration-SecuredDevicesConfiguration-Applicability-End -->
<!-- Device-Configuration-SecuredDevicesConfiguration-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/Defender/Configuration/SecuredDevicesConfiguration
```
<!-- Device-Configuration-SecuredDevicesConfiguration-OmaUri-End -->
<!-- Device-Configuration-SecuredDevicesConfiguration-Description-Begin -->
<!-- Description-Source-DDF -->
Defines what are the devices primary ids that should be secured by Defender Device Control. The primary id values should be pipe (|) separated. Example: RemovableMediaDevices|CdRomDevices. If this configuration is not set the default value will be applied, meaning all of the supported devices will be secured.
<!-- Device-Configuration-SecuredDevicesConfiguration-Description-End -->
<!-- Device-Configuration-SecuredDevicesConfiguration-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- Device-Configuration-SecuredDevicesConfiguration-Editable-End -->
<!-- Device-Configuration-SecuredDevicesConfiguration-DFProperties-Begin -->
**Description framework properties**:
| Property name | Property value |
|:--|:--|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
<!-- Device-Configuration-SecuredDevicesConfiguration-DFProperties-End -->
<!-- Device-Configuration-SecuredDevicesConfiguration-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- Device-Configuration-SecuredDevicesConfiguration-Examples-End -->
<!-- Device-Configuration-SecuredDevicesConfiguration-End -->
<!-- Device-Configuration-SecurityIntelligenceUpdatesChannel-Begin --> <!-- Device-Configuration-SecurityIntelligenceUpdatesChannel-Begin -->
### Configuration/SecurityIntelligenceUpdatesChannel ### Configuration/SecurityIntelligenceUpdatesChannel

77
windows/client-management/mdm/defender-ddf.md
View File

@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
author: vinaypamnani-msft author: vinaypamnani-msft
manager: aaroncz manager: aaroncz
ms.author: vinpa ms.author: vinpa
ms.date: 02/17/2023 ms.date: 03/23/2023
ms.localizationpriority: medium ms.localizationpriority: medium
ms.prod: windows-client ms.prod: windows-client
ms.technology: itpro-manage ms.technology: itpro-manage
@ -1852,7 +1852,7 @@ The following XML file contains the device description framework (DDF) for the D
<Replace /> <Replace />
</AccessType> </AccessType>
<DefaultValue>0</DefaultValue> <DefaultValue>0</DefaultValue>
<Description>This policy setting controls whether or not exclusions are visible to local admins. For end users (that are not local admins) exclusions are not visible, whether or not this setting is enabled.</Description> <Description>This policy setting controls whether or not exclusions are visible to local admins. To control local users exlcusions visibility use HideExclusionsFromLocalUsers. If HideExclusionsFromLocalAdmins is set then HideExclusionsFromLocalUsers will be implicitly set.</Description>
<DFFormat> <DFFormat>
<int /> <int />
</DFFormat> </DFFormat>
@ -1881,6 +1881,45 @@ The following XML file contains the device description framework (DDF) for the D
</MSFT:AllowedValues> </MSFT:AllowedValues>
</DFProperties> </DFProperties>
</Node> </Node>
<Node>
<NodeName>HideExclusionsFromLocalUsers</NodeName>
<DFProperties>
<AccessType>
<Add />
<Delete />
<Get />
<Replace />
</AccessType>
<DefaultValue>0</DefaultValue>
<Description>This policy setting controls whether or not exclusions are visible to local users. If HideExclusionsFromLocalAdmins is set then this policy will be implicitly set.</Description>
<DFFormat>
<int />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME />
</DFType>
<MSFT:Applicability>
<MSFT:OsBuildVersion>10.0.17763</MSFT:OsBuildVersion>
<MSFT:CspVersion>1.3</MSFT:CspVersion>
</MSFT:Applicability>
<MSFT:AllowedValues ValueType="ENUM">
<MSFT:Enum>
<MSFT:Value>1</MSFT:Value>
<MSFT:ValueDescription>If you enable this setting, local users will no longer be able to see the exclusion list in Windows Security App or via PowerShell.</MSFT:ValueDescription>
</MSFT:Enum>
<MSFT:Enum>
<MSFT:Value>0</MSFT:Value>
<MSFT:ValueDescription>If you disable or do not configure this setting, local users will be able to see exclusions in the Windows Security App and via PowerShell.</MSFT:ValueDescription>
</MSFT:Enum>
</MSFT:AllowedValues>
</DFProperties>
</Node>
<Node> <Node>
<NodeName>ThrottleForScheduledScanOnly</NodeName> <NodeName>ThrottleForScheduledScanOnly</NodeName>
<DFProperties> <DFProperties>
@ -2010,6 +2049,36 @@ The following XML file contains the device description framework (DDF) for the D
</MSFT:AllowedValues> </MSFT:AllowedValues>
</DFProperties> </DFProperties>
</Node> </Node>
<Node>
<NodeName>SecuredDevicesConfiguration</NodeName>
<DFProperties>
<AccessType>
<Add />
<Delete />
<Get />
<Replace />
</AccessType>
<Description>Defines what are the devices primary ids that should be secured by Defender Device Control. The primary id values should be pipe (|) separated. Example: RemovableMediaDevices|CdRomDevices. If this configuration is not set the default value will be applied, meaning all of the supported devices will be secured.</Description>
<DFFormat>
<chr />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME />
</DFType>
<MSFT:Applicability>
<MSFT:OsBuildVersion>10.0.17763</MSFT:OsBuildVersion>
<MSFT:CspVersion>1.3</MSFT:CspVersion>
</MSFT:Applicability>
<MSFT:AllowedValues ValueType="None">
</MSFT:AllowedValues>
</DFProperties>
</Node>
<Node> <Node>
<NodeName>DataDuplicationLocalRetentionPeriod</NodeName> <NodeName>DataDuplicationLocalRetentionPeriod</NodeName>
<DFProperties> <DFProperties>
@ -2197,6 +2266,10 @@ The following XML file contains the device description framework (DDF) for the D
<MSFT:Value>0</MSFT:Value> <MSFT:Value>0</MSFT:Value>
<MSFT:ValueDescription>If you do not configure this setting, the default value will be applied. The default value is controlled by Microsoft security intelligence updates. Microsoft will enable Intel TDT if there is a known threat.</MSFT:ValueDescription> <MSFT:ValueDescription>If you do not configure this setting, the default value will be applied. The default value is controlled by Microsoft security intelligence updates. Microsoft will enable Intel TDT if there is a known threat.</MSFT:ValueDescription>
</MSFT:Enum> </MSFT:Enum>
<MSFT:Enum>
<MSFT:Value>1</MSFT:Value>
<MSFT:ValueDescription>If you configure this setting to enabled, Intel TDT integration will turn on.</MSFT:ValueDescription>
</MSFT:Enum>
<MSFT:Enum> <MSFT:Enum>
<MSFT:Value>2</MSFT:Value> <MSFT:Value>2</MSFT:Value>
<MSFT:ValueDescription>If you configure this setting to disabled, Intel TDT integration will turn off.</MSFT:ValueDescription> <MSFT:ValueDescription>If you configure this setting to disabled, Intel TDT integration will turn off.</MSFT:ValueDescription>

84
windows/client-management/mdm/devicepreparation-csp.md
View File

@ -4,7 +4,7 @@ description: Learn more about the DevicePreparation CSP.
author: vinaypamnani-msft author: vinaypamnani-msft
manager: aaroncz manager: aaroncz
ms.author: vinpa ms.author: vinpa
ms.date: 02/28/2023 ms.date: 03/23/2023
ms.localizationpriority: medium ms.localizationpriority: medium
ms.prod: windows-client ms.prod: windows-client
ms.technology: itpro-manage ms.technology: itpro-manage
@ -31,6 +31,8 @@ The following list shows the DevicePreparation configuration service provider no
- [ClassID](#bootstrapperagentclassid) - [ClassID](#bootstrapperagentclassid)
- [ExecutionContext](#bootstrapperagentexecutioncontext) - [ExecutionContext](#bootstrapperagentexecutioncontext)
- [InstallationStatusUri](#bootstrapperagentinstallationstatusuri) - [InstallationStatusUri](#bootstrapperagentinstallationstatusuri)
- [MDMProvider](#mdmprovider)
- [Progress](#mdmproviderprogress)
- [PageEnabled](#pageenabled) - [PageEnabled](#pageenabled)
- [PageSettings](#pagesettings) - [PageSettings](#pagesettings)
- [PageStatus](#pagestatus) - [PageStatus](#pagestatus)
@ -192,6 +194,84 @@ This node holds a URI that can be queried for the status of the Bootstrapper Age
<!-- Device-BootstrapperAgent-InstallationStatusUri-End --> <!-- Device-BootstrapperAgent-InstallationStatusUri-End -->
<!-- Device-MDMProvider-Begin -->
## MDMProvider
<!-- Device-MDMProvider-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview |
<!-- Device-MDMProvider-Applicability-End -->
<!-- Device-MDMProvider-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/DevicePreparation/MDMProvider
```
<!-- Device-MDMProvider-OmaUri-End -->
<!-- Device-MDMProvider-Description-Begin -->
<!-- Description-Source-DDF -->
The subnode configures the settings for the MDMProvider.
<!-- Device-MDMProvider-Description-End -->
<!-- Device-MDMProvider-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- Device-MDMProvider-Editable-End -->
<!-- Device-MDMProvider-DFProperties-Begin -->
**Description framework properties**:
| Property name | Property value |
|:--|:--|
| Format | node |
| Access Type | Get |
<!-- Device-MDMProvider-DFProperties-End -->
<!-- Device-MDMProvider-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- Device-MDMProvider-Examples-End -->
<!-- Device-MDMProvider-End -->
<!-- Device-MDMProvider-Progress-Begin -->
### MDMProvider/Progress
<!-- Device-MDMProvider-Progress-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview |
<!-- Device-MDMProvider-Progress-Applicability-End -->
<!-- Device-MDMProvider-Progress-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/DevicePreparation/MDMProvider/Progress
```
<!-- Device-MDMProvider-Progress-OmaUri-End -->
<!-- Device-MDMProvider-Progress-Description-Begin -->
<!-- Description-Source-DDF -->
Noode for reporting progress status as opaque data.
<!-- Device-MDMProvider-Progress-Description-End -->
<!-- Device-MDMProvider-Progress-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- Device-MDMProvider-Progress-Editable-End -->
<!-- Device-MDMProvider-Progress-DFProperties-Begin -->
**Description framework properties**:
| Property name | Property value |
|:--|:--|
| Format | chr (string) |
| Access Type | Get, Replace |
<!-- Device-MDMProvider-Progress-DFProperties-End -->
<!-- Device-MDMProvider-Progress-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- Device-MDMProvider-Progress-Examples-End -->
<!-- Device-MDMProvider-Progress-End -->
<!-- Device-PageEnabled-Begin --> <!-- Device-PageEnabled-Begin -->
## PageEnabled ## PageEnabled
@ -297,7 +377,7 @@ This node configures specific settings for the Device Preparation page.
<!-- Device-PageStatus-Description-Begin --> <!-- Device-PageStatus-Description-Begin -->
<!-- Description-Source-DDF --> <!-- Description-Source-DDF -->
This node provides status of the Device Preparation page. Values are an enum: 0 = Disabled; 1 = Enabled; 2 = InProgress; 3 = Succeeded; 4 = Failed. This node provides status of the Device Preparation page. Values are an enum: 0 = Disabled; 1 = Enabled; 2 = InProgress; 3 = ExitedOnSuccess; 4 = ExitedOnFailure.
<!-- Device-PageStatus-Description-End --> <!-- Device-PageStatus-Description-End -->
<!-- Device-PageStatus-Editable-Begin --> <!-- Device-PageStatus-Editable-Begin -->

47
windows/client-management/mdm/devicepreparation-ddf-file.md
View File

@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
author: vinaypamnani-msft author: vinaypamnani-msft
manager: aaroncz manager: aaroncz
ms.author: vinpa ms.author: vinpa
ms.date: 02/17/2023 ms.date: 03/23/2023
ms.localizationpriority: medium ms.localizationpriority: medium
ms.prod: windows-client ms.prod: windows-client
ms.technology: itpro-manage ms.technology: itpro-manage
@ -89,7 +89,7 @@ The following XML file contains the device description framework (DDF) for the D
<AccessType> <AccessType>
<Get /> <Get />
</AccessType> </AccessType>
<Description>This node provides status of the Device Preparation page. Values are an enum: 0 = Disabled; 1 = Enabled; 2 = InProgress; 3 = Succeeded; 4 = Failed.</Description> <Description>This node provides status of the Device Preparation page. Values are an enum: 0 = Disabled; 1 = Enabled; 2 = InProgress; 3 = ExitedOnSuccess; 4 = ExitedOnFailure.</Description>
<DFFormat> <DFFormat>
<int /> <int />
</DFFormat> </DFFormat>
@ -243,6 +243,49 @@ The following XML file contains the device description framework (DDF) for the D
</DFProperties> </DFProperties>
</Node> </Node>
</Node> </Node>
<Node>
<NodeName>MDMProvider</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<Description>The subnode configures the settings for the MDMProvider.</Description>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<DDFName />
</DFType>
</DFProperties>
<Node>
<NodeName>Progress</NodeName>
<DFProperties>
<AccessType>
<Get />
<Replace />
</AccessType>
<Description>Noode for reporting progress status as opaque data.</Description>
<DFFormat>
<chr />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME />
</DFType>
</DFProperties>
</Node>
</Node>
</Node> </Node>
</MgmtTree> </MgmtTree>
``` ```

5
windows/client-management/mdm/dynamicmanagement-csp.md
View File

@ -9,9 +9,6 @@ author: vinaypamnani-msft
ms.date: 06/26/2017 ms.date: 06/26/2017
ms.reviewer: ms.reviewer:
manager: aaroncz manager: aaroncz
ms.collection:
- highpri
- tier2
--- ---
# DynamicManagement CSP # DynamicManagement CSP
@ -276,4 +273,4 @@ Get ContextStatus and SignalDefinition from a specific context:
## Related articles ## Related articles
[Configuration service provider reference](index.yml) [Configuration service provider reference](index.yml)

1153
windows/client-management/mdm/firewall-csp.md
View File

File diff suppressed because it is too large Load Diff

819
windows/client-management/mdm/firewall-ddf-file.md
View File

@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
author: vinaypamnani-msft author: vinaypamnani-msft
manager: aaroncz manager: aaroncz
ms.author: vinpa ms.author: vinpa
ms.date: 02/27/2023 ms.date: 03/23/2023
ms.localizationpriority: medium ms.localizationpriority: medium
ms.prod: windows-client ms.prod: windows-client
ms.technology: itpro-manage ms.technology: itpro-manage
@ -2855,7 +2855,7 @@ The following XML file contains the device description framework (DDF) for the F
<Replace /> <Replace />
</AccessType> </AccessType>
<DefaultValue>true</DefaultValue> <DefaultValue>true</DefaultValue>
<Description>This value is an on/off switch for the firewall and advanced security enforcement.</Description> <Description>This value is an on/off switch for the firewall and advanced security enforcement. This value controls the settings for all profiles. It is recommended to instead use the profile setting value under the profile subtree.</Description>
<DFFormat> <DFFormat>
<bool /> <bool />
</DFFormat> </DFFormat>
@ -2888,7 +2888,7 @@ The following XML file contains the device description framework (DDF) for the F
<Replace /> <Replace />
</AccessType> </AccessType>
<DefaultValue>0</DefaultValue> <DefaultValue>0</DefaultValue>
<Description>This value is the action that the firewall does by default (and evaluates at the very end) on outbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 0 [Allow].</Description> <Description>This value is the action that the firewall does by default (and evaluates at the very end) on outbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 0 [Allow]. This value controls the settings for all profiles. It is recommended to instead use the profile setting value under the profile subtree.</Description>
<DFFormat> <DFFormat>
<int /> <int />
</DFFormat> </DFFormat>
@ -2934,7 +2934,7 @@ The following XML file contains the device description framework (DDF) for the F
<Replace /> <Replace />
</AccessType> </AccessType>
<DefaultValue>1</DefaultValue> <DefaultValue>1</DefaultValue>
<Description>This value is the action that the firewall does by default (and evaluates at the very end) on inbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 1 [Block].</Description> <Description>This value is the action that the firewall does by default (and evaluates at the very end) on inbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 1 [Block]. This value controls the settings for all profiles. It is recommended to instead use the profile setting value under the profile subtree.</Description>
<DFFormat> <DFFormat>
<int /> <int />
</DFFormat> </DFFormat>
@ -2979,7 +2979,7 @@ The following XML file contains the device description framework (DDF) for the F
<Replace /> <Replace />
</AccessType> </AccessType>
<DefaultValue>false</DefaultValue> <DefaultValue>false</DefaultValue>
<Description>This value is an on/off switch for loopback traffic. This determines if this VM type is able to send/receive loopback traffic.</Description> <Description>This value is an on/off switch for loopback traffic. This determines if this VM is able to send/receive loopback traffic to other VMs or the host.</Description>
<DFFormat> <DFFormat>
<bool /> <bool />
</DFFormat> </DFFormat>
@ -3004,6 +3004,606 @@ The following XML file contains the device description framework (DDF) for the F
</MSFT:AllowedValues> </MSFT:AllowedValues>
</DFProperties> </DFProperties>
</Node> </Node>
<Node>
<NodeName>AllowHostPolicyMerge</NodeName>
<DFProperties>
<AccessType>
<Get />
<Replace />
</AccessType>
<DefaultValue>true</DefaultValue>
<Description>This value is used as an on/off switch. If this value is true, applicable host firewall rules and settings will be applied to Hyper-V firewall.</Description>
<DFFormat>
<bool />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME />
</DFType>
<MSFT:AllowedValues ValueType="ENUM">
<MSFT:Enum>
<MSFT:Value>false</MSFT:Value>
<MSFT:ValueDescription>AllowHostPolicyMerge Off</MSFT:ValueDescription>
</MSFT:Enum>
<MSFT:Enum>
<MSFT:Value>true</MSFT:Value>
<MSFT:ValueDescription>AllowHostPolicyMerge On</MSFT:ValueDescription>
</MSFT:Enum>
</MSFT:AllowedValues>
</DFProperties>
</Node>
<Node>
<NodeName>DomainProfile</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<DDFName />
</DFType>
</DFProperties>
<Node>
<NodeName>EnableFirewall</NodeName>
<DFProperties>
<AccessType>
<Replace />
</AccessType>
<DefaultValue>true</DefaultValue>
<Description>This value is an on/off switch for the firewall and advanced security enforcement.</Description>
<DFFormat>
<bool />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME />
</DFType>
<MSFT:AllowedValues ValueType="ENUM">
<MSFT:Enum>
<MSFT:Value>false</MSFT:Value>
<MSFT:ValueDescription>Disable Firewall</MSFT:ValueDescription>
</MSFT:Enum>
<MSFT:Enum>
<MSFT:Value>true</MSFT:Value>
<MSFT:ValueDescription>Enable Firewall</MSFT:ValueDescription>
</MSFT:Enum>
</MSFT:AllowedValues>
</DFProperties>
</Node>
<Node>
<NodeName>DefaultOutboundAction</NodeName>
<DFProperties>
<AccessType>
<Get />
<Replace />
</AccessType>
<DefaultValue>0</DefaultValue>
<Description>This value is the action that the firewall does by default (and evaluates at the very end) on outbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 0 [Allow].</Description>
<DFFormat>
<int />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME />
</DFType>
<MSFT:AllowedValues ValueType="ENUM">
<MSFT:Enum>
<MSFT:Value>0</MSFT:Value>
<MSFT:ValueDescription>Allow Outbound By Default</MSFT:ValueDescription>
</MSFT:Enum>
<MSFT:Enum>
<MSFT:Value>1</MSFT:Value>
<MSFT:ValueDescription>Block Outbound By Default</MSFT:ValueDescription>
</MSFT:Enum>
</MSFT:AllowedValues>
<MSFT:DependencyBehavior>
<MSFT:DependencyGroup FriendlyId="Enable Firewall">
<MSFT:Dependency Type="DependsOn">
<MSFT:DependencyUri>Vendor/MSFT/Firewall/MdmStore/HyperVVMSettings/[VMCreatorId]/DomainProfile/EnableFirewall</MSFT:DependencyUri>
<MSFT:DependencyAllowedValue ValueType="ENUM">
<MSFT:Enum>
<MSFT:Value>true</MSFT:Value>
<MSFT:ValueDescription>Enable Firewall</MSFT:ValueDescription>
</MSFT:Enum>
</MSFT:DependencyAllowedValue>
</MSFT:Dependency>
</MSFT:DependencyGroup>
</MSFT:DependencyBehavior>
</DFProperties>
</Node>
<Node>
<NodeName>DefaultInboundAction</NodeName>
<DFProperties>
<AccessType>
<Get />
<Replace />
</AccessType>
<DefaultValue>1</DefaultValue>
<Description>This value is the action that the firewall does by default (and evaluates at the very end) on inbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 1 [Block].</Description>
<DFFormat>
<int />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME />
</DFType>
<MSFT:AllowedValues ValueType="ENUM">
<MSFT:Enum>
<MSFT:Value>0</MSFT:Value>
<MSFT:ValueDescription>Allow Inbound By Default</MSFT:ValueDescription>
</MSFT:Enum>
<MSFT:Enum>
<MSFT:Value>1</MSFT:Value>
<MSFT:ValueDescription>Block Inbound By Default</MSFT:ValueDescription>
</MSFT:Enum>
</MSFT:AllowedValues>
<MSFT:DependencyBehavior>
<MSFT:DependencyGroup FriendlyId="Enable Firewall">
<MSFT:Dependency Type="DependsOn">
<MSFT:DependencyUri>Vendor/MSFT/Firewall/MdmStore/HyperVVMSettings/[VMCreatorId]/DomainProfile/EnableFirewall</MSFT:DependencyUri>
<MSFT:DependencyAllowedValue ValueType="ENUM">
<MSFT:Enum>
<MSFT:Value>true</MSFT:Value>
<MSFT:ValueDescription>Enable Firewall</MSFT:ValueDescription>
</MSFT:Enum>
</MSFT:DependencyAllowedValue>
</MSFT:Dependency>
</MSFT:DependencyGroup>
</MSFT:DependencyBehavior>
</DFProperties>
</Node>
<Node>
<NodeName>AllowLocalPolicyMerge</NodeName>
<DFProperties>
<AccessType>
<Replace />
</AccessType>
<DefaultValue>true</DefaultValue>
<Description>This value is used as an on/off switch. If this value is false, firewall rules from the local store are ignored and not enforced. The merge law for this option is to always use the value of the GroupPolicyRSoPStore. This value is valid for all schema versions.</Description>
<DFFormat>
<bool />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME />
</DFType>
<MSFT:AllowedValues ValueType="ENUM">
<MSFT:Enum>
<MSFT:Value>false</MSFT:Value>
<MSFT:ValueDescription>AllowLocalPolicyMerge Off</MSFT:ValueDescription>
</MSFT:Enum>
<MSFT:Enum>
<MSFT:Value>true</MSFT:Value>
<MSFT:ValueDescription>AllowLocalPolicyMerge On</MSFT:ValueDescription>
</MSFT:Enum>
</MSFT:AllowedValues>
<MSFT:DependencyBehavior>
<MSFT:DependencyGroup FriendlyId="Enable Firewall">
<MSFT:Dependency Type="DependsOn">
<MSFT:DependencyUri>Vendor/MSFT/Firewall/MdmStore/HyperVVMSettings/[VMCreatorId]/DomainProfile/EnableFirewall</MSFT:DependencyUri>
<MSFT:DependencyAllowedValue ValueType="ENUM">
<MSFT:Enum>
<MSFT:Value>true</MSFT:Value>
<MSFT:ValueDescription>Enable Firewall</MSFT:ValueDescription>
</MSFT:Enum>
</MSFT:DependencyAllowedValue>
</MSFT:Dependency>
</MSFT:DependencyGroup>
</MSFT:DependencyBehavior>
</DFProperties>
</Node>
</Node>
<Node>
<NodeName>PrivateProfile</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<DDFName />
</DFType>
</DFProperties>
<Node>
<NodeName>EnableFirewall</NodeName>
<DFProperties>
<AccessType>
<Replace />
</AccessType>
<DefaultValue>true</DefaultValue>
<Description>This value is an on/off switch for the firewall and advanced security enforcement.</Description>
<DFFormat>
<bool />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME />
</DFType>
<MSFT:AllowedValues ValueType="ENUM">
<MSFT:Enum>
<MSFT:Value>false</MSFT:Value>
<MSFT:ValueDescription>Disable Firewall</MSFT:ValueDescription>
</MSFT:Enum>
<MSFT:Enum>
<MSFT:Value>true</MSFT:Value>
<MSFT:ValueDescription>Enable Firewall</MSFT:ValueDescription>
</MSFT:Enum>
</MSFT:AllowedValues>
</DFProperties>
</Node>
<Node>
<NodeName>DefaultOutboundAction</NodeName>
<DFProperties>
<AccessType>
<Get />
<Replace />
</AccessType>
<DefaultValue>0</DefaultValue>
<Description>This value is the action that the firewall does by default (and evaluates at the very end) on outbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 0 [Allow].</Description>
<DFFormat>
<int />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME />
</DFType>
<MSFT:AllowedValues ValueType="ENUM">
<MSFT:Enum>
<MSFT:Value>0</MSFT:Value>
<MSFT:ValueDescription>Allow Outbound By Default</MSFT:ValueDescription>
</MSFT:Enum>
<MSFT:Enum>
<MSFT:Value>1</MSFT:Value>
<MSFT:ValueDescription>Block Outbound By Default</MSFT:ValueDescription>
</MSFT:Enum>
</MSFT:AllowedValues>
<MSFT:DependencyBehavior>
<MSFT:DependencyGroup FriendlyId="Enable Firewall">
<MSFT:Dependency Type="DependsOn">
<MSFT:DependencyUri>Vendor/MSFT/Firewall/MdmStore/HyperVVMSettings/[VMCreatorId]/PrivateProfile/EnableFirewall</MSFT:DependencyUri>
<MSFT:DependencyAllowedValue ValueType="ENUM">
<MSFT:Enum>
<MSFT:Value>true</MSFT:Value>
<MSFT:ValueDescription>Enable Firewall</MSFT:ValueDescription>
</MSFT:Enum>
</MSFT:DependencyAllowedValue>
</MSFT:Dependency>
</MSFT:DependencyGroup>
</MSFT:DependencyBehavior>
</DFProperties>
</Node>
<Node>
<NodeName>DefaultInboundAction</NodeName>
<DFProperties>
<AccessType>
<Get />
<Replace />
</AccessType>
<DefaultValue>1</DefaultValue>
<Description>This value is the action that the firewall does by default (and evaluates at the very end) on inbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 1 [Block].</Description>
<DFFormat>
<int />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME />
</DFType>
<MSFT:AllowedValues ValueType="ENUM">
<MSFT:Enum>
<MSFT:Value>0</MSFT:Value>
<MSFT:ValueDescription>Allow Inbound By Default</MSFT:ValueDescription>
</MSFT:Enum>
<MSFT:Enum>
<MSFT:Value>1</MSFT:Value>
<MSFT:ValueDescription>Block Inbound By Default</MSFT:ValueDescription>
</MSFT:Enum>
</MSFT:AllowedValues>
<MSFT:DependencyBehavior>
<MSFT:DependencyGroup FriendlyId="Enable Firewall">
<MSFT:Dependency Type="DependsOn">
<MSFT:DependencyUri>Vendor/MSFT/Firewall/MdmStore/HyperVVMSettings/[VMCreatorId]/PrivateProfile/EnableFirewall</MSFT:DependencyUri>
<MSFT:DependencyAllowedValue ValueType="ENUM">
<MSFT:Enum>
<MSFT:Value>true</MSFT:Value>
<MSFT:ValueDescription>Enable Firewall</MSFT:ValueDescription>
</MSFT:Enum>
</MSFT:DependencyAllowedValue>
</MSFT:Dependency>
</MSFT:DependencyGroup>
</MSFT:DependencyBehavior>
</DFProperties>
</Node>
<Node>
<NodeName>AllowLocalPolicyMerge</NodeName>
<DFProperties>
<AccessType>
<Replace />
</AccessType>
<DefaultValue>true</DefaultValue>
<Description>This value is used as an on/off switch. If this value is false, firewall rules from the local store are ignored and not enforced. The merge law for this option is to always use the value of the GroupPolicyRSoPStore. This value is valid for all schema versions.</Description>
<DFFormat>
<bool />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME />
</DFType>
<MSFT:AllowedValues ValueType="ENUM">
<MSFT:Enum>
<MSFT:Value>false</MSFT:Value>
<MSFT:ValueDescription>AllowLocalPolicyMerge Off</MSFT:ValueDescription>
</MSFT:Enum>
<MSFT:Enum>
<MSFT:Value>true</MSFT:Value>
<MSFT:ValueDescription>AllowLocalPolicyMerge On</MSFT:ValueDescription>
</MSFT:Enum>
</MSFT:AllowedValues>
<MSFT:DependencyBehavior>
<MSFT:DependencyGroup FriendlyId="Enable Firewall">
<MSFT:Dependency Type="DependsOn">
<MSFT:DependencyUri>Vendor/MSFT/Firewall/MdmStore/HyperVVMSettings/[VMCreatorId]/PrivateProfile/EnableFirewall</MSFT:DependencyUri>
<MSFT:DependencyAllowedValue ValueType="ENUM">
<MSFT:Enum>
<MSFT:Value>true</MSFT:Value>
<MSFT:ValueDescription>Enable Firewall</MSFT:ValueDescription>
</MSFT:Enum>
</MSFT:DependencyAllowedValue>
</MSFT:Dependency>
</MSFT:DependencyGroup>
</MSFT:DependencyBehavior>
</DFProperties>
</Node>
</Node>
<Node>
<NodeName>PublicProfile</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<DDFName />
</DFType>
</DFProperties>
<Node>
<NodeName>EnableFirewall</NodeName>
<DFProperties>
<AccessType>
<Replace />
</AccessType>
<DefaultValue>true</DefaultValue>
<Description>This value is an on/off switch for the firewall and advanced security enforcement.</Description>
<DFFormat>
<bool />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME />
</DFType>
<MSFT:AllowedValues ValueType="ENUM">
<MSFT:Enum>
<MSFT:Value>false</MSFT:Value>
<MSFT:ValueDescription>Disable Firewall</MSFT:ValueDescription>
</MSFT:Enum>
<MSFT:Enum>
<MSFT:Value>true</MSFT:Value>
<MSFT:ValueDescription>Enable Firewall</MSFT:ValueDescription>
</MSFT:Enum>
</MSFT:AllowedValues>
</DFProperties>
</Node>
<Node>
<NodeName>DefaultOutboundAction</NodeName>
<DFProperties>
<AccessType>
<Get />
<Replace />
</AccessType>
<DefaultValue>0</DefaultValue>
<Description>This value is the action that the firewall does by default (and evaluates at the very end) on outbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 0 [Allow].</Description>
<DFFormat>
<int />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME />
</DFType>
<MSFT:AllowedValues ValueType="ENUM">
<MSFT:Enum>
<MSFT:Value>0</MSFT:Value>
<MSFT:ValueDescription>Allow Outbound By Default</MSFT:ValueDescription>
</MSFT:Enum>
<MSFT:Enum>
<MSFT:Value>1</MSFT:Value>
<MSFT:ValueDescription>Block Outbound By Default</MSFT:ValueDescription>
</MSFT:Enum>
</MSFT:AllowedValues>
<MSFT:DependencyBehavior>
<MSFT:DependencyGroup FriendlyId="Enable Firewall">
<MSFT:Dependency Type="DependsOn">
<MSFT:DependencyUri>Vendor/MSFT/Firewall/MdmStore/HyperVVMSettings/[VMCreatorId]/PublicProfile/EnableFirewall</MSFT:DependencyUri>
<MSFT:DependencyAllowedValue ValueType="ENUM">
<MSFT:Enum>
<MSFT:Value>true</MSFT:Value>
<MSFT:ValueDescription>Enable Firewall</MSFT:ValueDescription>
</MSFT:Enum>
</MSFT:DependencyAllowedValue>
</MSFT:Dependency>
</MSFT:DependencyGroup>
</MSFT:DependencyBehavior>
</DFProperties>
</Node>
<Node>
<NodeName>DefaultInboundAction</NodeName>
<DFProperties>
<AccessType>
<Get />
<Replace />
</AccessType>
<DefaultValue>1</DefaultValue>
<Description>This value is the action that the firewall does by default (and evaluates at the very end) on inbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 1 [Block].</Description>
<DFFormat>
<int />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME />
</DFType>
<MSFT:AllowedValues ValueType="ENUM">
<MSFT:Enum>
<MSFT:Value>0</MSFT:Value>
<MSFT:ValueDescription>Allow Inbound By Default</MSFT:ValueDescription>
</MSFT:Enum>
<MSFT:Enum>
<MSFT:Value>1</MSFT:Value>
<MSFT:ValueDescription>Block Inbound By Default</MSFT:ValueDescription>
</MSFT:Enum>
</MSFT:AllowedValues>
<MSFT:DependencyBehavior>
<MSFT:DependencyGroup FriendlyId="Enable Firewall">
<MSFT:Dependency Type="DependsOn">
<MSFT:DependencyUri>Vendor/MSFT/Firewall/MdmStore/HyperVVMSettings/[VMCreatorId]/PublicProfile/EnableFirewall</MSFT:DependencyUri>
<MSFT:DependencyAllowedValue ValueType="ENUM">
<MSFT:Enum>
<MSFT:Value>true</MSFT:Value>
<MSFT:ValueDescription>Enable Firewall</MSFT:ValueDescription>
</MSFT:Enum>
</MSFT:DependencyAllowedValue>
</MSFT:Dependency>
</MSFT:DependencyGroup>
</MSFT:DependencyBehavior>
</DFProperties>
</Node>
<Node>
<NodeName>AllowLocalPolicyMerge</NodeName>
<DFProperties>
<AccessType>
<Replace />
</AccessType>
<DefaultValue>true</DefaultValue>
<Description>This value is used as an on/off switch. If this value is false, firewall rules from the local store are ignored and not enforced. The merge law for this option is to always use the value of the GroupPolicyRSoPStore. This value is valid for all schema versions.</Description>
<DFFormat>
<bool />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME />
</DFType>
<MSFT:AllowedValues ValueType="ENUM">
<MSFT:Enum>
<MSFT:Value>false</MSFT:Value>
<MSFT:ValueDescription>AllowLocalPolicyMerge Off</MSFT:ValueDescription>
</MSFT:Enum>
<MSFT:Enum>
<MSFT:Value>true</MSFT:Value>
<MSFT:ValueDescription>AllowLocalPolicyMerge On</MSFT:ValueDescription>
</MSFT:Enum>
</MSFT:AllowedValues>
<MSFT:DependencyBehavior>
<MSFT:DependencyGroup FriendlyId="Enable Firewall">
<MSFT:Dependency Type="DependsOn">
<MSFT:DependencyUri>Vendor/MSFT/Firewall/MdmStore/HyperVVMSettings/[VMCreatorId]/PublicProfile/EnableFirewall</MSFT:DependencyUri>
<MSFT:DependencyAllowedValue ValueType="ENUM">
<MSFT:Enum>
<MSFT:Value>true</MSFT:Value>
<MSFT:ValueDescription>Enable Firewall</MSFT:ValueDescription>
</MSFT:Enum>
</MSFT:DependencyAllowedValue>
</MSFT:Dependency>
</MSFT:DependencyGroup>
</MSFT:DependencyBehavior>
</DFProperties>
</Node>
</Node>
</Node> </Node>
</Node> </Node>
<Node> <Node>
@ -3231,7 +3831,8 @@ ServiceName</Description>
<DFType> <DFType>
<MIME /> <MIME />
</DFType> </DFType>
<MSFT:AllowedValues ValueType="None"> <MSFT:AllowedValues ValueType="RegEx">
<MSFT:Value>^[0-9,-]+$</MSFT:Value>
<MSFT:List Delimiter="," /> <MSFT:List Delimiter="," />
</MSFT:AllowedValues> </MSFT:AllowedValues>
</DFProperties> </DFProperties>
@ -3258,7 +3859,8 @@ ServiceName</Description>
<DFType> <DFType>
<MIME /> <MIME />
</DFType> </DFType>
<MSFT:AllowedValues ValueType="None"> <MSFT:AllowedValues ValueType="RegEx">
<MSFT:Value>^[0-9,-]+$</MSFT:Value>
<MSFT:List Delimiter="," /> <MSFT:List Delimiter="," />
</MSFT:AllowedValues> </MSFT:AllowedValues>
</DFProperties> </DFProperties>
@ -3396,7 +3998,7 @@ An IPv6 address range in the format of "start address - end address" with no spa
<MIME /> <MIME />
</DFType> </DFType>
<MSFT:Applicability> <MSFT:Applicability>
<MSFT:OsBuildVersion>99.9.99999</MSFT:OsBuildVersion> <MSFT:OsBuildVersion>10.0.22000, 10.0.19044.1706, 10.0.19043.1706, 10.0.19042.1706</MSFT:OsBuildVersion>
<MSFT:CspVersion>1.0</MSFT:CspVersion> <MSFT:CspVersion>1.0</MSFT:CspVersion>
</MSFT:Applicability> </MSFT:Applicability>
<MSFT:AllowedValues ValueType="RegEx"> <MSFT:AllowedValues ValueType="RegEx">
@ -4022,7 +4624,8 @@ An IPv6 address range in the format of "start address - end address" with no spa
<DFType> <DFType>
<MIME /> <MIME />
</DFType> </DFType>
<MSFT:AllowedValues ValueType="None"> <MSFT:AllowedValues ValueType="RegEx">
<MSFT:Value>^[0-9,-]+$</MSFT:Value>
<MSFT:List Delimiter="," /> <MSFT:List Delimiter="," />
</MSFT:AllowedValues> </MSFT:AllowedValues>
</DFProperties> </DFProperties>
@ -4081,7 +4684,8 @@ An IPv6 address range in the format of "start address - end address" with no spa
<DFType> <DFType>
<MIME /> <MIME />
</DFType> </DFType>
<MSFT:AllowedValues ValueType="None"> <MSFT:AllowedValues ValueType="RegEx">
<MSFT:Value>^[0-9,-]+$</MSFT:Value>
<MSFT:List Delimiter="," /> <MSFT:List Delimiter="," />
</MSFT:AllowedValues> </MSFT:AllowedValues>
</DFProperties> </DFProperties>
@ -4197,16 +4801,15 @@ If not specified - a new rule is disabled by default.</Description>
</DFProperties> </DFProperties>
</Node> </Node>
<Node> <Node>
<NodeName>Name</NodeName> <NodeName>Profiles</NodeName>
<DFProperties> <DFProperties>
<AccessType> <AccessType>
<Add />
<Delete />
<Get /> <Get />
<Replace /> <Replace />
</AccessType> </AccessType>
<Description>Specifies the profiles to which the rule belongs: Domain, Private, Public. See FW_PROFILE_TYPE for the bitmasks that are used to identify profile types. If not specified, the default is All.</Description>
<DFFormat> <DFFormat>
<chr /> <int />
</DFFormat> </DFFormat>
<Occurrence> <Occurrence>
<One /> <One />
@ -4217,6 +4820,192 @@ If not specified - a new rule is disabled by default.</Description>
<DFType> <DFType>
<MIME /> <MIME />
</DFType> </DFType>
<MSFT:AllowedValues ValueType="Flag">
<MSFT:Enum>
<MSFT:Value>0x1</MSFT:Value>
<MSFT:ValueDescription>FW_PROFILE_TYPE_DOMAIN: This value represents the profile for networks that are connected to domains.</MSFT:ValueDescription>
</MSFT:Enum>
<MSFT:Enum>
<MSFT:Value>0x2</MSFT:Value>
<MSFT:ValueDescription>FW_PROFILE_TYPE_STANDARD: This value represents the standard profile for networks. These networks are classified as private by the administrators in the server host. The classification happens the first time the host connects to the network. Usually these networks are behind Network Address Translation (NAT) devices, routers, and other edge devices, and they are in a private location, such as a home or an office. AND FW_PROFILE_TYPE_PRIVATE: This value represents the profile for private networks, which is represented by the same value as that used for FW_PROFILE_TYPE_STANDARD.</MSFT:ValueDescription>
</MSFT:Enum>
<MSFT:Enum>
<MSFT:Value>0x4</MSFT:Value>
<MSFT:ValueDescription>FW_PROFILE_TYPE_PUBLIC: This value represents the profile for public networks. These networks are classified as public by the administrators in the server host. The classification happens the first time the host connects to the network. Usually these networks are those at airports, coffee shops, and other public places where the peers in the network or the network administrator are not trusted.</MSFT:ValueDescription>
</MSFT:Enum>
<MSFT:Enum>
<MSFT:Value>0x7FFFFFFF</MSFT:Value>
<MSFT:ValueDescription>FW_PROFILE_TYPE_ALL: This value represents all these network sets and any future network sets.</MSFT:ValueDescription>
</MSFT:Enum>
</MSFT:AllowedValues>
</DFProperties>
</Node>
</Node>
</Node>
<Node>
<NodeName>HyperVLoopbackRules</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<Description>A list of rules controlling loopback traffic through the Windows Firewall. This enforcement is only for traffic from one container to another or to the host device. These rules are all allow rules.</Description>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<ZeroOrOne />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<DDFName />
</DFType>
</DFProperties>
<Node>
<NodeName>
</NodeName>
<DFProperties>
<AccessType>
<Add />
<Delete />
<Get />
<Replace />
</AccessType>
<Description>Unique alpha numeric identifier for the rule. The rule name must not include a forward slash (/).</Description>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<ZeroOrMore />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFTitle>RuleName</DFTitle>
<DFType>
<DDFName />
</DFType>
<MSFT:DynamicNodeNaming>
<MSFT:ServerGeneratedUniqueIdentifier />
</MSFT:DynamicNodeNaming>
<MSFT:AllowedValues ValueType="RegEx">
<MSFT:Value>^[^|/]*$</MSFT:Value>
</MSFT:AllowedValues>
<MSFT:AtomicRequired />
</DFProperties>
<Node>
<NodeName>SourceVMCreatorId</NodeName>
<DFProperties>
<AccessType>
<Add />
<Delete />
<Get />
<Replace />
</AccessType>
<Description>This field specifies the VM Creator ID of the source of the traffic that this rule applies to. If not specified, this applies to All.</Description>
<DFFormat>
<chr />
</DFFormat>
<Occurrence>
<ZeroOrOne />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME />
</DFType>
<MSFT:AllowedValues ValueType="RegEx">
<MSFT:Value>\{[0-9A-Fa-f]{8}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{12}\}</MSFT:Value>
</MSFT:AllowedValues>
</DFProperties>
</Node>
<Node>
<NodeName>DestinationVMCreatorId</NodeName>
<DFProperties>
<AccessType>
<Add />
<Delete />
<Get />
<Replace />
</AccessType>
<Description>This field specifies the VM Creator ID of the destination of traffic that this rule applies to. If not specified, this applies to All.</Description>
<DFFormat>
<chr />
</DFFormat>
<Occurrence>
<ZeroOrOne />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME />
</DFType>
<MSFT:AllowedValues ValueType="RegEx">
<MSFT:Value>\{[0-9A-Fa-f]{8}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{12}\}</MSFT:Value>
</MSFT:AllowedValues>
</DFProperties>
</Node>
<Node>
<NodeName>PortRanges</NodeName>
<DFProperties>
<AccessType>
<Add />
<Delete />
<Get />
<Replace />
</AccessType>
<Description>Comma Separated list of ranges for eg. 100-120,200,300-320. If not specified the default is All.</Description>
<DFFormat>
<chr />
</DFFormat>
<Occurrence>
<ZeroOrOne />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME />
</DFType>
<MSFT:AllowedValues ValueType="RegEx">
<MSFT:Value>^[0-9,-]+$</MSFT:Value>
<MSFT:List Delimiter="," />
</MSFT:AllowedValues>
</DFProperties>
</Node>
<Node>
<NodeName>Enabled</NodeName>
<DFProperties>
<AccessType>
<Get />
<Replace />
</AccessType>
<Description>Indicates whether the rule is enabled or disabled. If the rule must be enabled, this value must be set to true. If not specified - a new rule is disabled by default.</Description>
<DFFormat>
<bool />
</DFFormat>
<Occurrence>
<ZeroOrOne />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME />
</DFType>
<MSFT:AllowedValues ValueType="ENUM">
<MSFT:Enum>
<MSFT:Value>0</MSFT:Value>
<MSFT:ValueDescription>Disabled</MSFT:ValueDescription>
</MSFT:Enum>
<MSFT:Enum>
<MSFT:Value>1</MSFT:Value>
<MSFT:ValueDescription>Enabled</MSFT:ValueDescription>
</MSFT:Enum>
</MSFT:AllowedValues>
</DFProperties> </DFProperties>
</Node> </Node>
</Node> </Node>
@ -4240,7 +5029,7 @@ If not specified - a new rule is disabled by default.</Description>
<DDFName /> <DDFName />
</DFType> </DFType>
<MSFT:Applicability> <MSFT:Applicability>
<MSFT:OsBuildVersion>99.9.99999</MSFT:OsBuildVersion> <MSFT:OsBuildVersion>10.0.22000, 10.0.19044.1706, 10.0.19043.1706, 10.0.19042.1706</MSFT:OsBuildVersion>
<MSFT:CspVersion>1.0</MSFT:CspVersion> <MSFT:CspVersion>1.0</MSFT:CspVersion>
</MSFT:Applicability> </MSFT:Applicability>
</DFProperties> </DFProperties>

47
windows/client-management/mdm/laps-csp.md
View File

@ -4,7 +4,7 @@ description: Learn more about the LAPS CSP.
author: vinaypamnani-msft author: vinaypamnani-msft
manager: aaroncz manager: aaroncz
ms.author: vinpa ms.author: vinpa
ms.date: 02/28/2023 ms.date: 04/07/2023
ms.localizationpriority: medium ms.localizationpriority: medium
ms.prod: windows-client ms.prod: windows-client
ms.technology: itpro-manage ms.technology: itpro-manage
@ -16,15 +16,12 @@ ms.topic: reference
<!-- LAPS-Begin --> <!-- LAPS-Begin -->
# LAPS CSP # LAPS CSP
> [!IMPORTANT]
> This CSP contains preview policies that are under development and only applicable for [Windows Insider Preview builds](/windows-insider/). These policies are subject to change and may have dependencies on other features or services in preview.
<!-- LAPS-Editable-Begin --> <!-- LAPS-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. --> <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
The Local Administrator Password Solution (LAPS) configuration service provider (CSP) is used by the enterprise to manage back up of local administrator account passwords. Windows supports a LAPS Group Policy Object that is entirely separate from the LAPS CSP. Many of the various settings are common across both the LAPS GPO and CSP (GPO does not support any of the Action-related settings). As long as at least one LAPS setting is configured via CSP, any GPO-configured settings will be ignored. Also see [Configure policy settings for Windows LAPS](/windows-server/identity/laps/laps-management-policy-settings). The Local Administrator Password Solution (LAPS) configuration service provider (CSP) is used by the enterprise to manage back up of local administrator account passwords. Windows supports a LAPS Group Policy Object that is entirely separate from the LAPS CSP. Many of the various settings are common across both the LAPS GPO and CSP (GPO does not support any of the Action-related settings). As long as at least one LAPS setting is configured via CSP, any GPO-configured settings will be ignored. Also see [Configure policy settings for Windows LAPS](/windows-server/identity/laps/laps-management-policy-settings).
> [!NOTE] > [!NOTE]
> Windows LAPS currently is available only in [Windows 11 Insider Preview Build 25145 and later](/windows-insider/flight-hub/#active-development-builds-of-windows-11). Support for the Windows LAPS Azure Active Directory scenario is currently in private preview, and limited to a small number of customers who have a direct engagement with engineering. Once public preview is declared in 2023, all customers will be able to evaluate this AAD scenario. > For more information on specific OS updates required to use the Windows LAPS CSP and associated features, plus the current status of the Azure Active Directory LAPS scenario, see [Windows LAPS availability and Azure AD LAPS public preview status](/windows-server/identity/laps/laps-overview#windows-laps-supported-platforms-and-azure-ad-laps-preview-status).
> [!TIP] > [!TIP]
> This article covers the specific technical details of the LAPS CSP. For more information about the scenarios in which the LAPS CSP would be used, see [Windows Local Administrator Password Solution](/windows-server/identity/laps/laps). > This article covers the specific technical details of the LAPS CSP. For more information about the scenarios in which the LAPS CSP would be used, see [Windows Local Administrator Password Solution](/windows-server/identity/laps/laps).
@ -57,7 +54,7 @@ The following list shows the LAPS configuration service provider nodes:
<!-- Device-Actions-Applicability-Begin --> <!-- Device-Actions-Applicability-Begin -->
| Scope | Editions | Applicable OS | | Scope | Editions | Applicable OS |
|:--|:--|:--| |:--|:--|:--|
| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview | | :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20348.1663] and later <br> :heavy_check_mark: [10.0.25145] and later <br> :heavy_check_mark: Windows 10, version 1809 [10.0.17763.4244] and later <br> :heavy_check_mark: Windows 10, version 2004 [10.0.19041.2784] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000.1754] and later <br> :heavy_check_mark: Windows 11, version 22H2 [10.0.22621.1480] and later |
<!-- Device-Actions-Applicability-End --> <!-- Device-Actions-Applicability-End -->
<!-- Device-Actions-OmaUri-Begin --> <!-- Device-Actions-OmaUri-Begin -->
@ -96,7 +93,7 @@ Defines the parent interior node for all action-related settings in the LAPS CSP
<!-- Device-Actions-ResetPassword-Applicability-Begin --> <!-- Device-Actions-ResetPassword-Applicability-Begin -->
| Scope | Editions | Applicable OS | | Scope | Editions | Applicable OS |
|:--|:--|:--| |:--|:--|:--|
| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview | | :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20348.1663] and later <br> :heavy_check_mark: [10.0.25145] and later <br> :heavy_check_mark: Windows 10, version 1809 [10.0.17763.4244] and later <br> :heavy_check_mark: Windows 10, version 2004 [10.0.19041.2784] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000.1754] and later <br> :heavy_check_mark: Windows 11, version 22H2 [10.0.22621.1480] and later |
<!-- Device-Actions-ResetPassword-Applicability-End --> <!-- Device-Actions-ResetPassword-Applicability-End -->
<!-- Device-Actions-ResetPassword-OmaUri-Begin --> <!-- Device-Actions-ResetPassword-OmaUri-Begin -->
@ -112,7 +109,7 @@ Use this setting to tell the CSP to immediately generate and store a new passwor
<!-- Device-Actions-ResetPassword-Editable-Begin --> <!-- Device-Actions-ResetPassword-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. --> <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
This action invokes an immediate reset of the local administrator account password, ignoring the normal constraints such as PasswordLengthDays, etc This action invokes an immediate reset of the local administrator account password, ignoring the normal constraints such as PasswordLengthDays, etc.
<!-- Device-Actions-ResetPassword-Editable-End --> <!-- Device-Actions-ResetPassword-Editable-End -->
<!-- Device-Actions-ResetPassword-DFProperties-Begin --> <!-- Device-Actions-ResetPassword-DFProperties-Begin -->
@ -136,7 +133,7 @@ This action invokes an immediate reset of the local administrator account passwo
<!-- Device-Actions-ResetPasswordStatus-Applicability-Begin --> <!-- Device-Actions-ResetPasswordStatus-Applicability-Begin -->
| Scope | Editions | Applicable OS | | Scope | Editions | Applicable OS |
|:--|:--|:--| |:--|:--|:--|
| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview | | :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20348.1663] and later <br> :heavy_check_mark: [10.0.25145] and later <br> :heavy_check_mark: Windows 10, version 1809 [10.0.17763.4244] and later <br> :heavy_check_mark: Windows 10, version 2004 [10.0.19041.2784] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000.1754] and later <br> :heavy_check_mark: Windows 11, version 22H2 [10.0.22621.1480] and later |
<!-- Device-Actions-ResetPasswordStatus-Applicability-End --> <!-- Device-Actions-ResetPasswordStatus-Applicability-End -->
<!-- Device-Actions-ResetPasswordStatus-OmaUri-Begin --> <!-- Device-Actions-ResetPasswordStatus-OmaUri-Begin -->
@ -181,7 +178,7 @@ The value returned is an HRESULT code:
<!-- Device-Policies-Applicability-Begin --> <!-- Device-Policies-Applicability-Begin -->
| Scope | Editions | Applicable OS | | Scope | Editions | Applicable OS |
|:--|:--|:--| |:--|:--|:--|
| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview | | :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20348.1663] and later <br> :heavy_check_mark: [10.0.25145] and later <br> :heavy_check_mark: Windows 10, version 1809 [10.0.17763.4244] and later <br> :heavy_check_mark: Windows 10, version 2004 [10.0.19041.2784] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000.1754] and later <br> :heavy_check_mark: Windows 11, version 22H2 [10.0.22621.1480] and later |
<!-- Device-Policies-Applicability-End --> <!-- Device-Policies-Applicability-End -->
<!-- Device-Policies-OmaUri-Begin --> <!-- Device-Policies-OmaUri-Begin -->
@ -221,7 +218,7 @@ Root node for LAPS policies.
<!-- Device-Policies-ADEncryptedPasswordHistorySize-Applicability-Begin --> <!-- Device-Policies-ADEncryptedPasswordHistorySize-Applicability-Begin -->
| Scope | Editions | Applicable OS | | Scope | Editions | Applicable OS |
|:--|:--|:--| |:--|:--|:--|
| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview | | :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20348.1663] and later <br> :heavy_check_mark: [10.0.25145] and later <br> :heavy_check_mark: Windows 10, version 1809 [10.0.17763.4244] and later <br> :heavy_check_mark: Windows 10, version 2004 [10.0.19041.2784] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000.1754] and later <br> :heavy_check_mark: Windows 11, version 22H2 [10.0.22621.1480] and later |
<!-- Device-Policies-ADEncryptedPasswordHistorySize-Applicability-End --> <!-- Device-Policies-ADEncryptedPasswordHistorySize-Applicability-End -->
<!-- Device-Policies-ADEncryptedPasswordHistorySize-OmaUri-Begin --> <!-- Device-Policies-ADEncryptedPasswordHistorySize-OmaUri-Begin -->
@ -271,7 +268,7 @@ This setting has a maximum allowed value of 12 passwords.
<!-- Device-Policies-AdministratorAccountName-Applicability-Begin --> <!-- Device-Policies-AdministratorAccountName-Applicability-Begin -->
| Scope | Editions | Applicable OS | | Scope | Editions | Applicable OS |
|:--|:--|:--| |:--|:--|:--|
| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview | | :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20348.1663] and later <br> :heavy_check_mark: [10.0.25145] and later <br> :heavy_check_mark: Windows 10, version 1809 [10.0.17763.4244] and later <br> :heavy_check_mark: Windows 10, version 2004 [10.0.19041.2784] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000.1754] and later <br> :heavy_check_mark: Windows 11, version 22H2 [10.0.22621.1480] and later |
<!-- Device-Policies-AdministratorAccountName-Applicability-End --> <!-- Device-Policies-AdministratorAccountName-Applicability-End -->
<!-- Device-Policies-AdministratorAccountName-OmaUri-Begin --> <!-- Device-Policies-AdministratorAccountName-OmaUri-Begin -->
@ -316,7 +313,7 @@ If specified, the specified account's password will be managed.
<!-- Device-Policies-ADPasswordEncryptionEnabled-Applicability-Begin --> <!-- Device-Policies-ADPasswordEncryptionEnabled-Applicability-Begin -->
| Scope | Editions | Applicable OS | | Scope | Editions | Applicable OS |
|:--|:--|:--| |:--|:--|:--|
| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview | | :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20348.1663] and later <br> :heavy_check_mark: [10.0.25145] and later <br> :heavy_check_mark: Windows 10, version 1809 [10.0.17763.4244] and later <br> :heavy_check_mark: Windows 10, version 2004 [10.0.19041.2784] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000.1754] and later <br> :heavy_check_mark: Windows 11, version 22H2 [10.0.22621.1480] and later |
<!-- Device-Policies-ADPasswordEncryptionEnabled-Applicability-End --> <!-- Device-Policies-ADPasswordEncryptionEnabled-Applicability-End -->
<!-- Device-Policies-ADPasswordEncryptionEnabled-OmaUri-Begin --> <!-- Device-Policies-ADPasswordEncryptionEnabled-OmaUri-Begin -->
@ -333,7 +330,7 @@ This setting is ignored if the password is currently being stored in Azure.
This setting is only honored when the Active Directory domain is at Windows Server 2016 Domain Functional Level or higher. This setting is only honored when the Active Directory domain is at Windows Server 2016 Domain Functional Level or higher.
- If this setting is enabled, and the Active Directory domain meets the DFL prerequisite, the password will be encrypted before before being stored in Active Directory. - If this setting is enabled, and the Active Directory domain meets the DFL prerequisite, the password will be encrypted before being stored in Active Directory.
- If this setting is disabled, or the Active Directory domain does not meet the DFL prerequisite, the password will be stored as clear-text in Active Directory. - If this setting is disabled, or the Active Directory domain does not meet the DFL prerequisite, the password will be stored as clear-text in Active Directory.
@ -343,7 +340,7 @@ If not specified, this setting defaults to True.
<!-- Device-Policies-ADPasswordEncryptionEnabled-Editable-Begin --> <!-- Device-Policies-ADPasswordEncryptionEnabled-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. --> <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
> [!IMPORTANT] > [!IMPORTANT]
> This setting is ignored unless BackupDirectory is configured to back up the password to Active Directory, AND the the Active Directory domain is at Windows Server 2016 Domain Functional Level or higher. > This setting is ignored unless BackupDirectory is configured to back up the password to Active Directory, AND the Active Directory domain is at Windows Server 2016 Domain Functional Level or higher.
<!-- Device-Policies-ADPasswordEncryptionEnabled-Editable-End --> <!-- Device-Policies-ADPasswordEncryptionEnabled-Editable-End -->
<!-- Device-Policies-ADPasswordEncryptionEnabled-DFProperties-Begin --> <!-- Device-Policies-ADPasswordEncryptionEnabled-DFProperties-Begin -->
@ -378,7 +375,7 @@ If not specified, this setting defaults to True.
<!-- Device-Policies-ADPasswordEncryptionPrincipal-Applicability-Begin --> <!-- Device-Policies-ADPasswordEncryptionPrincipal-Applicability-Begin -->
| Scope | Editions | Applicable OS | | Scope | Editions | Applicable OS |
|:--|:--|:--| |:--|:--|:--|
| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview | | :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20348.1663] and later <br> :heavy_check_mark: [10.0.25145] and later <br> :heavy_check_mark: Windows 10, version 1809 [10.0.17763.4244] and later <br> :heavy_check_mark: Windows 10, version 2004 [10.0.19041.2784] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000.1754] and later <br> :heavy_check_mark: Windows 11, version 22H2 [10.0.22621.1480] and later |
<!-- Device-Policies-ADPasswordEncryptionPrincipal-Applicability-End --> <!-- Device-Policies-ADPasswordEncryptionPrincipal-Applicability-End -->
<!-- Device-Policies-ADPasswordEncryptionPrincipal-OmaUri-Begin --> <!-- Device-Policies-ADPasswordEncryptionPrincipal-OmaUri-Begin -->
@ -434,7 +431,7 @@ If the specified user or group account is invalid the device will fallback to us
<!-- Device-Policies-BackupDirectory-Applicability-Begin --> <!-- Device-Policies-BackupDirectory-Applicability-Begin -->
| Scope | Editions | Applicable OS | | Scope | Editions | Applicable OS |
|:--|:--|:--| |:--|:--|:--|
| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview | | :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20348.1663] and later <br> :heavy_check_mark: [10.0.25145] and later <br> :heavy_check_mark: Windows 10, version 1809 [10.0.17763.4244] and later <br> :heavy_check_mark: Windows 10, version 2004 [10.0.19041.2784] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000.1754] and later <br> :heavy_check_mark: Windows 11, version 22H2 [10.0.22621.1480] and later |
<!-- Device-Policies-BackupDirectory-Applicability-End --> <!-- Device-Policies-BackupDirectory-Applicability-End -->
<!-- Device-Policies-BackupDirectory-OmaUri-Begin --> <!-- Device-Policies-BackupDirectory-OmaUri-Begin -->
@ -492,7 +489,7 @@ If not specified, this setting will default to 0.
<!-- Device-Policies-PasswordAgeDays-Applicability-Begin --> <!-- Device-Policies-PasswordAgeDays-Applicability-Begin -->
| Scope | Editions | Applicable OS | | Scope | Editions | Applicable OS |
|:--|:--|:--| |:--|:--|:--|
| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview | | :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20348.1663] and later <br> :heavy_check_mark: [10.0.25145] and later <br> :heavy_check_mark: Windows 10, version 1809 [10.0.17763.4244] and later <br> :heavy_check_mark: Windows 10, version 2004 [10.0.19041.2784] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000.1754] and later <br> :heavy_check_mark: Windows 11, version 22H2 [10.0.22621.1480] and later |
<!-- Device-Policies-PasswordAgeDays-Applicability-End --> <!-- Device-Policies-PasswordAgeDays-Applicability-End -->
<!-- Device-Policies-PasswordAgeDays-OmaUri-Begin --> <!-- Device-Policies-PasswordAgeDays-OmaUri-Begin -->
@ -540,7 +537,7 @@ This setting has a maximum allowed value of 365 days.
<!-- Device-Policies-PasswordComplexity-Applicability-Begin --> <!-- Device-Policies-PasswordComplexity-Applicability-Begin -->
| Scope | Editions | Applicable OS | | Scope | Editions | Applicable OS |
|:--|:--|:--| |:--|:--|:--|
| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview | | :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20348.1663] and later <br> :heavy_check_mark: [10.0.25145] and later <br> :heavy_check_mark: Windows 10, version 1809 [10.0.17763.4244] and later <br> :heavy_check_mark: Windows 10, version 2004 [10.0.19041.2784] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000.1754] and later <br> :heavy_check_mark: Windows 11, version 22H2 [10.0.22621.1480] and later |
<!-- Device-Policies-PasswordComplexity-Applicability-End --> <!-- Device-Policies-PasswordComplexity-Applicability-End -->
<!-- Device-Policies-PasswordComplexity-OmaUri-Begin --> <!-- Device-Policies-PasswordComplexity-OmaUri-Begin -->
@ -602,7 +599,7 @@ If not specified, this setting will default to 4.
<!-- Device-Policies-PasswordExpirationProtectionEnabled-Applicability-Begin --> <!-- Device-Policies-PasswordExpirationProtectionEnabled-Applicability-Begin -->
| Scope | Editions | Applicable OS | | Scope | Editions | Applicable OS |
|:--|:--|:--| |:--|:--|:--|
| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview | | :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20348.1663] and later <br> :heavy_check_mark: [10.0.25145] and later <br> :heavy_check_mark: Windows 10, version 1809 [10.0.17763.4244] and later <br> :heavy_check_mark: Windows 10, version 2004 [10.0.19041.2784] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000.1754] and later <br> :heavy_check_mark: Windows 11, version 22H2 [10.0.22621.1480] and later |
<!-- Device-Policies-PasswordExpirationProtectionEnabled-Applicability-End --> <!-- Device-Policies-PasswordExpirationProtectionEnabled-Applicability-End -->
<!-- Device-Policies-PasswordExpirationProtectionEnabled-OmaUri-Begin --> <!-- Device-Policies-PasswordExpirationProtectionEnabled-OmaUri-Begin -->
@ -642,8 +639,8 @@ If not specified, this setting defaults to True.
| Value | Description | | Value | Description |
|:--|:--| |:--|:--|
| false | Allow configured password expiriration timestamp to exceed maximum password age. | | false | Allow configured password expiration timestamp to exceed maximum password age. |
| true (Default) | Do not allow configured password expiriration timestamp to exceed maximum password age. | | true (Default) | Do not allow configured password expiration timestamp to exceed maximum password age. |
<!-- Device-Policies-PasswordExpirationProtectionEnabled-AllowedValues-End --> <!-- Device-Policies-PasswordExpirationProtectionEnabled-AllowedValues-End -->
<!-- Device-Policies-PasswordExpirationProtectionEnabled-Examples-Begin --> <!-- Device-Policies-PasswordExpirationProtectionEnabled-Examples-Begin -->
@ -658,7 +655,7 @@ If not specified, this setting defaults to True.
<!-- Device-Policies-PasswordLength-Applicability-Begin --> <!-- Device-Policies-PasswordLength-Applicability-Begin -->
| Scope | Editions | Applicable OS | | Scope | Editions | Applicable OS |
|:--|:--|:--| |:--|:--|:--|
| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview | | :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20348.1663] and later <br> :heavy_check_mark: [10.0.25145] and later <br> :heavy_check_mark: Windows 10, version 1809 [10.0.17763.4244] and later <br> :heavy_check_mark: Windows 10, version 2004 [10.0.19041.2784] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000.1754] and later <br> :heavy_check_mark: Windows 11, version 22H2 [10.0.22621.1480] and later |
<!-- Device-Policies-PasswordLength-Applicability-End --> <!-- Device-Policies-PasswordLength-Applicability-End -->
<!-- Device-Policies-PasswordLength-OmaUri-Begin --> <!-- Device-Policies-PasswordLength-OmaUri-Begin -->
@ -705,7 +702,7 @@ This setting has a maximum allowed value of 64 characters.
<!-- Device-Policies-PostAuthenticationActions-Applicability-Begin --> <!-- Device-Policies-PostAuthenticationActions-Applicability-Begin -->
| Scope | Editions | Applicable OS | | Scope | Editions | Applicable OS |
|:--|:--|:--| |:--|:--|:--|
| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview | | :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20348.1663] and later <br> :heavy_check_mark: [10.0.25145] and later <br> :heavy_check_mark: Windows 10, version 1809 [10.0.17763.4244] and later <br> :heavy_check_mark: Windows 10, version 2004 [10.0.19041.2784] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000.1754] and later <br> :heavy_check_mark: Windows 11, version 22H2 [10.0.22621.1480] and later |
<!-- Device-Policies-PostAuthenticationActions-Applicability-End --> <!-- Device-Policies-PostAuthenticationActions-Applicability-End -->
<!-- Device-Policies-PostAuthenticationActions-OmaUri-Begin --> <!-- Device-Policies-PostAuthenticationActions-OmaUri-Begin -->
@ -762,7 +759,7 @@ If not specified, this setting will default to 3 (Reset the password and logoff
<!-- Device-Policies-PostAuthenticationResetDelay-Applicability-Begin --> <!-- Device-Policies-PostAuthenticationResetDelay-Applicability-Begin -->
| Scope | Editions | Applicable OS | | Scope | Editions | Applicable OS |
|:--|:--|:--| |:--|:--|:--|
| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview | | :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20348.1663] and later <br> :heavy_check_mark: [10.0.25145] and later <br> :heavy_check_mark: Windows 10, version 1809 [10.0.17763.4244] and later <br> :heavy_check_mark: Windows 10, version 2004 [10.0.19041.2784] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000.1754] and later <br> :heavy_check_mark: Windows 11, version 22H2 [10.0.22621.1480] and later |
<!-- Device-Policies-PostAuthenticationResetDelay-Applicability-End --> <!-- Device-Policies-PostAuthenticationResetDelay-Applicability-End -->
<!-- Device-Policies-PostAuthenticationResetDelay-OmaUri-Begin --> <!-- Device-Policies-PostAuthenticationResetDelay-OmaUri-Begin -->

4
windows/client-management/mdm/laps-ddf-file.md
View File

@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
author: vinaypamnani-msft author: vinaypamnani-msft
manager: aaroncz manager: aaroncz
ms.author: vinpa ms.author: vinpa
ms.date: 02/17/2023 ms.date: 04/07/2023
ms.localizationpriority: medium ms.localizationpriority: medium
ms.prod: windows-client ms.prod: windows-client
ms.technology: itpro-manage ms.technology: itpro-manage
@ -45,7 +45,7 @@ The following XML file contains the device description framework (DDF) for the L
<DDFName /> <DDFName />
</DFType> </DFType>
<MSFT:Applicability> <MSFT:Applicability>
<MSFT:OsBuildVersion>99.9.99999</MSFT:OsBuildVersion> <MSFT:OsBuildVersion>10.0.25145, 10.0.22621.1480, 10.0.22000.1754, 10.0.20348.1663, 10.0.19041.2784, 10.0.17763.4244</MSFT:OsBuildVersion>
<MSFT:CspVersion>1.0</MSFT:CspVersion> <MSFT:CspVersion>1.0</MSFT:CspVersion>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList> <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
</MSFT:Applicability> </MSFT:Applicability>

Some files were not shown because too many files have changed in this diff Show More