From 609048f7c01ff8f64535845876c8e4fd77fab193 Mon Sep 17 00:00:00 2001 From: "Vinay Pamnani (from Dev Box)" Date: Wed, 27 Nov 2024 12:20:26 -0700 Subject: [PATCH] December CSP Updates --- windows/client-management/mdm/defender-csp.md | 8 +- windows/client-management/mdm/defender-ddf.md | 8 +- ...-in-policy-csp-supported-by-surface-hub.md | 4 +- .../mdm/policies-in-preview.md | 15 ++- .../mdm/policy-csp-display.md | 66 +++++++++- .../mdm/policy-csp-newsandinterests.md | 62 ++++++++- .../client-management/mdm/policy-csp-start.md | 118 +++++++++++++++++- .../client-management/mdm/policy-csp-sudo.md | 4 +- .../mdm/policy-csp-update.md | 8 +- .../mdm/policy-csp-windowsai.md | 71 ++++++++++- .../mdm/policy-csp-windowssandbox.md | 94 +++++++++++--- 11 files changed, 417 insertions(+), 41 deletions(-) diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md index 9841e9f442..ac0fd65b21 100644 --- a/windows/client-management/mdm/defender-csp.md +++ b/windows/client-management/mdm/defender-csp.md @@ -1,7 +1,7 @@ --- title: Defender CSP description: Learn more about the Defender CSP. -ms.date: 09/27/2024 +ms.date: 11/27/2024 --- @@ -3775,9 +3775,9 @@ Enable this policy to specify when devices receive Microsoft Defender security i | Value | Description | |:--|:--| -| 0 (Default) | Not configured (Default). The device will stay up to date automatically during the gradual release cycle. Suitable for most devices. | -| 4 | Current Channel (Staged): Devices will be offered updates after the release cycle. Suggested to apply to a small, representative part of production population (~10%). | -| 5 | Current Channel (Broad): Devices will be offered updates only after the gradual release cycle completes. Suggested to apply to a broad set of devices in your production population (~10-100%). | +| 0 (Default) | Not configured (Default). Microsoft will either assign the device to Current Channel (Broad) or a beta channel early in the gradual release cycle. The channel selected by Microsoft might be one that receives updates early during the gradual release cycle, which may not be suitable for devices in a production or critical environment. | +| 4 | Current Channel (Staged): Same as Current Channel (Broad). | +| 5 | Current Channel (Broad): Devices will be offered updates only after the gradual release cycle completes. Suggested to apply to a broad set of devices in all populations, including production. | diff --git a/windows/client-management/mdm/defender-ddf.md b/windows/client-management/mdm/defender-ddf.md index 2055d5bdf0..1e199886e7 100644 --- a/windows/client-management/mdm/defender-ddf.md +++ b/windows/client-management/mdm/defender-ddf.md @@ -1,7 +1,7 @@ --- title: Defender DDF file description: View the XML file containing the device description framework (DDF) for the Defender configuration service provider. -ms.date: 09/27/2024 +ms.date: 11/27/2024 --- @@ -1627,15 +1627,15 @@ The following XML file contains the device description framework (DDF) for the D 0 - Not configured (Default). The device will stay up to date automatically during the gradual release cycle. Suitable for most devices. + Not configured (Default). Microsoft will either assign the device to Current Channel (Broad) or a beta channel early in the gradual release cycle. The channel selected by Microsoft might be one that receives updates early during the gradual release cycle, which may not be suitable for devices in a production or critical environment 4 - Current Channel (Staged): Devices will be offered updates after the release cycle. Suggested to apply to a small, representative part of production population (~10%). + Current Channel (Staged): Same as Current Channel (Broad). 5 - Current Channel (Broad): Devices will be offered updates only after the gradual release cycle completes. Suggested to apply to a broad set of devices in your production population (~10-100%). + Current Channel (Broad): Devices will be offered updates only after the gradual release cycle completes. Suggested to apply to a broad set of devices in all populations, including production. diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md index ea1f4f9b24..057bf0381f 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md +++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md @@ -1,7 +1,7 @@ --- title: Policies supported by Windows 10 Team description: Learn about the policies supported by Windows 10 Team. -ms.date: 11/05/2024 +ms.date: 11/27/2024 --- @@ -382,8 +382,10 @@ This article lists the policies that are applicable for the Surface Hub operatin ## Start +- [AlwaysShowNotificationIcon](policy-csp-start.md#alwaysshownotificationicon) - [HideRecommendedPersonalizedSites](policy-csp-start.md#hiderecommendedpersonalizedsites) - [StartLayout](policy-csp-start.md#startlayout) +- [TurnOffAbbreviatedDateTimeFormat](policy-csp-start.md#turnoffabbreviateddatetimeformat) ## System diff --git a/windows/client-management/mdm/policies-in-preview.md b/windows/client-management/mdm/policies-in-preview.md index 34a182dd13..0e4249d643 100644 --- a/windows/client-management/mdm/policies-in-preview.md +++ b/windows/client-management/mdm/policies-in-preview.md @@ -1,7 +1,7 @@ --- title: Configuration service provider preview policies description: Learn more about configuration service provider (CSP) policies that are available for Windows Insider Preview. -ms.date: 11/22/2024 +ms.date: 11/27/2024 --- @@ -62,6 +62,7 @@ This article lists the policies that are applicable for Windows Insider Preview ## Display - [ConfigureMultipleDisplayMode](policy-csp-display.md#configuremultipledisplaymode) +- [SetClonePreferredResolutionSource](policy-csp-display.md#setclonepreferredresolutionsource) ## DMClient CSP @@ -106,6 +107,10 @@ This article lists the policies that are applicable for Windows Insider Preview - [ConfigureDeviceStandbyAction](policy-csp-mixedreality.md#configuredevicestandbyaction) - [ConfigureDeviceStandbyActionTimeout](policy-csp-mixedreality.md#configuredevicestandbyactiontimeout) +## NewsAndInterests + +- [DisableWidgetsOnLockScreen](policy-csp-newsandinterests.md#disablewidgetsonlockscreen) + ## PassportForWork CSP - [DisablePostLogonProvisioning](passportforwork-csp.md#devicetenantidpoliciesdisablepostlogonprovisioning) @@ -118,6 +123,11 @@ This article lists the policies that are applicable for Windows Insider Preview - [TS_SERVER_REMOTEAPP_USE_SHELLAPPRUNTIME](policy-csp-remotedesktopservices.md#ts_server_remoteapp_use_shellappruntime) +## Start + +- [AlwaysShowNotificationIcon](policy-csp-start.md#alwaysshownotificationicon) +- [TurnOffAbbreviatedDateTimeFormat](policy-csp-start.md#turnoffabbreviateddatetimeformat) + ## SurfaceHub CSP - [ExchangeModernAuthEnabled](surfacehub-csp.md#deviceaccountexchangemodernauthenabled) @@ -137,14 +147,13 @@ This article lists the policies that are applicable for Windows Insider Preview ## WindowsAI -- [DisableAIDataAnalysis](policy-csp-windowsai.md#disableaidataanalysis) -- [SetCopilotHardwareKey](policy-csp-windowsai.md#setcopilothardwarekey) - [SetDenyAppListForRecall](policy-csp-windowsai.md#setdenyapplistforrecall) - [SetDenyUriListForRecall](policy-csp-windowsai.md#setdenyurilistforrecall) - [SetMaximumStorageSpaceForRecallSnapshots](policy-csp-windowsai.md#setmaximumstoragespaceforrecallsnapshots) - [SetMaximumStorageDurationForRecallSnapshots](policy-csp-windowsai.md#setmaximumstoragedurationforrecallsnapshots) - [DisableImageCreator](policy-csp-windowsai.md#disableimagecreator) - [DisableCocreator](policy-csp-windowsai.md#disablecocreator) +- [DisableGenerativeFill](policy-csp-windowsai.md#disablegenerativefill) - [AllowRecallEnablement](policy-csp-windowsai.md#allowrecallenablement) ## WindowsLicensing CSP diff --git a/windows/client-management/mdm/policy-csp-display.md b/windows/client-management/mdm/policy-csp-display.md index 01753099d8..52da6d75c4 100644 --- a/windows/client-management/mdm/policy-csp-display.md +++ b/windows/client-management/mdm/policy-csp-display.md @@ -1,7 +1,7 @@ --- title: Display Policy CSP description: Learn more about the Display Area in Policy CSP. -ms.date: 11/05/2024 +ms.date: 11/27/2024 --- @@ -32,7 +32,7 @@ ms.date: 11/05/2024 -This policy set the default display to set the arrangement between cloning or extending. +This policy sets the default display arrangement to pick between clone or extend. @@ -66,7 +66,7 @@ This policy set the default display to set the arrangement between cloning or ex |:--|:--| | Name | ConfigureMultipleDisplayMode | | Path | Display > AT > System > DisplayCat | -| Element Name | ConfigureMultipleDisplayModePrompt | +| Element Name | DisplayConfigureMultipleDisplayModeSettings | @@ -298,6 +298,66 @@ Enabling this setting lets you specify the system-wide default for desktop appli + +## SetClonePreferredResolutionSource + + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | + + + +```Device +./Device/Vendor/MSFT/Policy/Config/Display/SetClonePreferredResolutionSource +``` + + + + +This policy sets the cloned monitor preferred resolution source to an internal or external monitor by default. + + + + + + + +**Description framework properties**: + +| Property name | Property value | +|:--|:--| +| Format | `int` | +| Access Type | Add, Delete, Get, Replace | +| Default Value | 1 | + + + +**Allowed values**: + +| Value | Description | +|:--|:--| +| 0 | Default. | +| 1 (Default) | Internal. | +| 2 | External. | + + + +**Group policy mapping**: + +| Name | Value | +|:--|:--| +| Name | SetClonePreferredResolutionSource | +| Path | Display > AT > System > DisplayCat | +| Element Name | DisplaySetClonePreferredResolutionSourceSettings | + + + + + + + + ## TurnOffGdiDPIScalingForApps diff --git a/windows/client-management/mdm/policy-csp-newsandinterests.md b/windows/client-management/mdm/policy-csp-newsandinterests.md index 16fabdc822..df2f909bd6 100644 --- a/windows/client-management/mdm/policy-csp-newsandinterests.md +++ b/windows/client-management/mdm/policy-csp-newsandinterests.md @@ -1,7 +1,7 @@ --- title: NewsAndInterests Policy CSP description: Learn more about the NewsAndInterests Area in Policy CSP. -ms.date: 01/18/2024 +ms.date: 11/27/2024 --- @@ -9,6 +9,8 @@ ms.date: 01/18/2024 # Policy CSP - NewsAndInterests +[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)] + @@ -82,6 +84,64 @@ This policy applies to the entire widgets experience, including content on the t + +## DisableWidgetsOnLockScreen + + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | + + + +```Device +./Device/Vendor/MSFT/Policy/Config/NewsAndInterests/DisableWidgetsOnLockScreen +``` + + + + +Disable widgets on lock screen. + + + + + + + +**Description framework properties**: + +| Property name | Property value | +|:--|:--| +| Format | `int` | +| Access Type | Add, Delete, Get, Replace | +| Default Value | 0 | + + + +**Allowed values**: + +| Value | Description | +|:--|:--| +| 0 (Default) | Enabled. | +| 1 | Disabled. | + + + +**Group policy mapping**: + +| Name | Value | +|:--|:--| +| Name | DisableWidgetsOnLockScreen | +| Path | NewsAndInterests > AT > WindowsComponents > NewsAndInterests | + + + + + + + + diff --git a/windows/client-management/mdm/policy-csp-start.md b/windows/client-management/mdm/policy-csp-start.md index 418199d466..bd79220cf2 100644 --- a/windows/client-management/mdm/policy-csp-start.md +++ b/windows/client-management/mdm/policy-csp-start.md @@ -1,7 +1,7 @@ --- title: Start Policy CSP description: Learn more about the Start Area in Policy CSP. -ms.date: 08/06/2024 +ms.date: 11/27/2024 --- @@ -9,6 +9,8 @@ ms.date: 08/06/2024 # Policy CSP - Start +[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)] + @@ -513,6 +515,63 @@ This policy controls the visibility of the Videos shortcut on the Start menu. Th + +## AlwaysShowNotificationIcon + + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | + + + +```User +./User/Vendor/MSFT/Policy/Config/Start/AlwaysShowNotificationIcon +``` + + + + + + + + + + + +**Description framework properties**: + +| Property name | Property value | +|:--|:--| +| Format | `int` | +| Access Type | Add, Delete, Get, Replace | +| Default Value | 0 | + + + +**Allowed values**: + +| Value | Description | +|:--|:--| +| 0 (Default) | Auto-hide notification bell icon. | +| 1 | Show notification bell icon. | + + + +**Group policy mapping**: + +| Name | Value | +|:--|:--| +| Name | AlwaysShowNotificationIcon | +| Path | Taskbar > AT > StartMenu | + + + + + + + + ## ConfigureStartPins @@ -2247,6 +2306,63 @@ For more information on how to customize the Start layout, see [Customize the St + +## TurnOffAbbreviatedDateTimeFormat + + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | + + + +```User +./User/Vendor/MSFT/Policy/Config/Start/TurnOffAbbreviatedDateTimeFormat +``` + + + + + + + + + + + +**Description framework properties**: + +| Property name | Property value | +|:--|:--| +| Format | `int` | +| Access Type | Add, Delete, Get, Replace | +| Default Value | 0 | + + + +**Allowed values**: + +| Value | Description | +|:--|:--| +| 0 (Default) | Show abbreviated time and date format. | +| 1 | Show classic time and date format. | + + + +**Group policy mapping**: + +| Name | Value | +|:--|:--| +| Name | TurnOffAbbreviatedDateTimeFormat | +| Path | Taskbar > AT > StartMenu | + + + + + + + + diff --git a/windows/client-management/mdm/policy-csp-sudo.md b/windows/client-management/mdm/policy-csp-sudo.md index dbcd21af22..796c69e84b 100644 --- a/windows/client-management/mdm/policy-csp-sudo.md +++ b/windows/client-management/mdm/policy-csp-sudo.md @@ -1,7 +1,7 @@ --- title: Sudo Policy CSP description: Learn more about the Sudo Area in Policy CSP. -ms.date: 09/27/2024 +ms.date: 11/27/2024 --- @@ -19,7 +19,7 @@ ms.date: 09/27/2024 | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index a77f87712f..19a069926b 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -1,7 +1,7 @@ --- title: Update Policy CSP description: Learn more about the Update Area in Policy CSP. -ms.date: 09/27/2024 +ms.date: 11/27/2024 --- @@ -2522,7 +2522,7 @@ Minimum number of days from update installation until restarts occur automatical | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -2601,7 +2601,7 @@ This policy will override the following policies: | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -3237,7 +3237,7 @@ These policies are not exclusive and can be used in any combination. Together wi - the IT admin to schedule the time of the update installation. The data type is a integer. Supported values are 0-23, where 0 = 12 AM and 23 = 11 PM. The default value is 3. +Enables the IT admin to schedule the time of the update installation. The data type is a integer. Supported values are 0-23, where 0 = 12 AM and 23 = 11 PM. The default value is 3. diff --git a/windows/client-management/mdm/policy-csp-windowsai.md b/windows/client-management/mdm/policy-csp-windowsai.md index 00873e6e1c..6b2b257fbe 100644 --- a/windows/client-management/mdm/policy-csp-windowsai.md +++ b/windows/client-management/mdm/policy-csp-windowsai.md @@ -1,7 +1,7 @@ --- title: WindowsAI Policy CSP description: Learn more about the WindowsAI Area in Policy CSP. -ms.date: 11/26/2024 +ms.date: 11/27/2024 --- @@ -90,7 +90,7 @@ This policy setting allows you to determine whether the Recall optional componen | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -219,6 +219,68 @@ This policy setting allows you to control whether Cocreator functionality is dis + +## DisableGenerativeFill + + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | + + + +```Device +./Device/Vendor/MSFT/Policy/Config/WindowsAI/DisableGenerativeFill +``` + + + + +This policy setting allows you to control whether generative fill functionality is disabled in the Windows Paint app. + +- If this policy is enabled, generative fill functionality won't be accessible in the Paint app. + +- If this policy is disabled or not configured, users will be able to access generative fill functionality. + + + + + + + +**Description framework properties**: + +| Property name | Property value | +|:--|:--| +| Format | `int` | +| Access Type | Add, Delete, Get, Replace | +| Default Value | 0 | + + + +**Allowed values**: + +| Value | Description | +|:--|:--| +| 0 (Default) | Generative fill is enabled. | +| 1 | Generative fill is disabled. | + + + +**Group policy mapping**: + +| Name | Value | +|:--|:--| +| Name | DisableGenerativeFill | +| Path | WindowsAI > AT > WindowsComponents > Paint | + + + + + + + + ## DisableImageCreator @@ -287,7 +349,7 @@ This policy setting allows you to control whether Image Creator functionality is | Scope | Editions | Applicable OS | |:--|:--|:--| -| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5044380](https://support.microsoft.com/help/5044380) [10.0.22621.4391] and later | @@ -628,6 +690,9 @@ When this setting isn't configured, the OS configures the storage allocation for ## TurnOffWindowsCopilot +> [!NOTE] +> This policy is deprecated and may be removed in a future release. + | Scope | Editions | Applicable OS | |:--|:--|:--| diff --git a/windows/client-management/mdm/policy-csp-windowssandbox.md b/windows/client-management/mdm/policy-csp-windowssandbox.md index a22172669f..3c26ac2f1a 100644 --- a/windows/client-management/mdm/policy-csp-windowssandbox.md +++ b/windows/client-management/mdm/policy-csp-windowssandbox.md @@ -1,7 +1,7 @@ --- title: WindowsSandbox Policy CSP description: Learn more about the WindowsSandbox Area in Policy CSP. -ms.date: 09/27/2024 +ms.date: 11/27/2024 --- @@ -19,7 +19,7 @@ ms.date: 09/27/2024 | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.4950] and later
✅ Windows 10, version 20H2 [10.0.19042.4950] and later
✅ Windows 10, version 21H1 [10.0.19043.4950] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -54,10 +54,18 @@ Note that there may be security implications of exposing host audio input to the |:--|:--| | Format | `int` | | Access Type | Add, Delete, Get, Replace | -| Allowed Values | Range: `[0-1]` | | Default Value | 1 | + +**Allowed values**: + +| Value | Description | +|:--|:--| +| 0 | Not allowed. | +| 1 (Default) | Allowed. | + + **Group policy mapping**: @@ -84,7 +92,7 @@ Note that there may be security implications of exposing host audio input to the | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.4950] and later
✅ Windows 10, version 20H2 [10.0.19042.4950] and later
✅ Windows 10, version 21H1 [10.0.19043.4950] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -117,10 +125,18 @@ This policy setting enables or disables clipboard sharing with the sandbox. |:--|:--| | Format | `int` | | Access Type | Add, Delete, Get, Replace | -| Allowed Values | Range: `[0-1]` | | Default Value | 1 | + +**Allowed values**: + +| Value | Description | +|:--|:--| +| 0 | Not allowed. | +| 1 (Default) | Allowed. | + + **Group policy mapping**: @@ -182,10 +198,18 @@ Note that there may be security implications of exposing folders from the host i |:--|:--| | Format | `int` | | Access Type | Add, Delete, Get, Replace | -| Allowed Values | Range: `[0-1]` | | Default Value | 1 | + +**Allowed values**: + +| Value | Description | +|:--|:--| +| 0 | Not allowed. | +| 1 (Default) | Allowed. | + + **Group policy mapping**: @@ -212,7 +236,7 @@ Note that there may be security implications of exposing folders from the host i | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.4950] and later
✅ Windows 10, version 20H2 [10.0.19042.4950] and later
✅ Windows 10, version 21H1 [10.0.19043.4950] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -247,10 +271,18 @@ Note that enabling networking can expose untrusted applications to the internal |:--|:--| | Format | `int` | | Access Type | Add, Delete, Get, Replace | -| Allowed Values | Range: `[0-1]` | | Default Value | 1 | + +**Allowed values**: + +| Value | Description | +|:--|:--| +| 0 | Not allowed. | +| 1 (Default) | Allowed. | + + **Group policy mapping**: @@ -277,7 +309,7 @@ Note that enabling networking can expose untrusted applications to the internal | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.4950] and later
✅ Windows 10, version 20H2 [10.0.19042.4950] and later
✅ Windows 10, version 21H1 [10.0.19043.4950] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -310,10 +342,18 @@ This policy setting enables or disables printer sharing from the host into the S |:--|:--| | Format | `int` | | Access Type | Add, Delete, Get, Replace | -| Allowed Values | Range: `[0-1]` | | Default Value | 1 | + +**Allowed values**: + +| Value | Description | +|:--|:--| +| 0 | Not allowed. | +| 1 (Default) | Allowed. | + + **Group policy mapping**: @@ -340,7 +380,7 @@ This policy setting enables or disables printer sharing from the host into the S | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.4950] and later
✅ Windows 10, version 20H2 [10.0.19042.4950] and later
✅ Windows 10, version 21H1 [10.0.19043.4950] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -375,10 +415,18 @@ Note that enabling virtualized GPU can potentially increase the attack surface o |:--|:--| | Format | `int` | | Access Type | Add, Delete, Get, Replace | -| Allowed Values | Range: `[0-1]` | | Default Value | 1 | + +**Allowed values**: + +| Value | Description | +|:--|:--| +| 0 | Not allowed. | +| 1 (Default) | Allowed. | + + **Group policy mapping**: @@ -405,7 +453,7 @@ Note that enabling virtualized GPU can potentially increase the attack surface o | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.4950] and later
✅ Windows 10, version 20H2 [10.0.19042.4950] and later
✅ Windows 10, version 21H1 [10.0.19043.4950] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -440,10 +488,18 @@ Note that there may be security implications of exposing host video input to the |:--|:--| | Format | `int` | | Access Type | Add, Delete, Get, Replace | -| Allowed Values | Range: `[0-1]` | | Default Value | 1 | + +**Allowed values**: + +| Value | Description | +|:--|:--| +| 0 | Not allowed. | +| 1 (Default) | Allowed. | + + **Group policy mapping**: @@ -505,11 +561,19 @@ Note that there may be security implications of exposing folders from the host i |:--|:--| | Format | `int` | | Access Type | Add, Delete, Get, Replace | -| Allowed Values | Range: `[0-1]` | | Default Value | 1 | | Dependency [WindowsSandbox_AllowWriteToMappedFolders_DependencyGroup] | Dependency Type: `DependsOn`
Dependency URI: `Device/Vendor/MSFT/Policy/Config/WindowsSandbox/AllowMappedFolders`
Dependency Allowed Value: `[1]`
Dependency Allowed Value Type: `Range`
| + +**Allowed values**: + +| Value | Description | +|:--|:--| +| 0 | Not allowed. | +| 1 (Default) | Allowed. | + + **Group policy mapping**: