diff --git a/windows/client-management/mdm/applicationcontrol-csp-ddf.md b/windows/client-management/mdm/applicationcontrol-csp-ddf.md index 85e0516dfd..fa0bee9334 100644 --- a/windows/client-management/mdm/applicationcontrol-csp-ddf.md +++ b/windows/client-management/mdm/applicationcontrol-csp-ddf.md @@ -1,22 +1,22 @@ --- -title: EnrollmentStatusTracking CSP -description: EnrollmentStatusTracking CSP +title: ApplicationControl CSP +description: ApplicationControl CSP ms.author: dansimp@microsoft.com ms.topic: article ms.prod: w10 ms.technology: windows author: ManikaDhiman -ms.date: 05/17/2019 +ms.date: 07/10/2019 --- -# EnrollmentStatusTracking DDF +# ApplicationControl CSP DDF -This topic shows the OMA DM device description framework (DDF) for the **EnrollmentStatusTracking** configuration service provider. DDF files are used only with OMA DM provisioning XML. +This topic shows the OMA DM device description framework (DDF) for the **ApplicationControl** configuration service provider. DDF files are used only with OMA DM provisioning XML. Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). -### EnrollmentStatusTracking CSP +### ApplicationControl CSP ```xml @@ -26,13 +26,13 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic 1.2 - EnrollmentStatusTracking - ./User/Vendor/MSFT + ApplicationControl + ./Vendor/MSFT - These settings are used to communicate what policies the Enrollment Status Page (ESP) should block on. Using these settings, policy providers register themselves and the set of policies that need to be tracked. The ESP will include the counts of these policy sets in the status message to the user, and blocks progress on that page until all policies are provisioned. The policy provider is expected to drive the status updates by updating the appropriate node values, which will then be reflected in the ESP status message. + Root Node of the ApplicationControl CSP @@ -43,16 +43,16 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic - com.microsoft/1.0/MDM/EnrollmentStatusTracking + - Setup + Policies - These settings are read by the Enrollment Status Page (ESP) during the Account Setup phase. Policy providers use these nodes to communicate progress state back to the ESP, which is then displayed to the user through progress message updates. + Beginning of a Subtree that contains all policies. @@ -62,373 +62,34 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic - - - + Policies - Apps + - Policy providers use these settings to communicate to the ESP which app installations it should block on and provide progress in the status message to the user. + The GUID of the Policy - + - + - - - + Policy GUID - PolicyProviders - - - - - These settings are read by the Enrollment Status Page (ESP) during the Device Setup phase. Policy providers use these nodes to communicate progress state back to the ESP, which is then displayed to the user through progress message updates. - - - - - - - - - - - - - - - - - - - - - - - - - - This node represents an app policy provider for the Enrollment Status Page (ESP). Existence of this node indicates to the ESP that it should not show the tracking status message until the TrackingPoliciesCreated node has been set to true. - - - - - - - - - - - - - ProviderName - - - - - - TrackingPoliciesCreated - - - - - - - - Indicates when the provider has created the required policies for the ESP to use for tracking app installation progress. The policy provider itself is expected to set the value of this node, not the MDM server. - - - - - - - - - - - - - - text/plain - - - - - - - Tracking - - - - - This node represents an app policy provider for the Enrollment Status Page (ESP). Existence of this node indicates to the ESP that it should not show the tracking status message until the TrackingPoliciesCreated node has been set to true. - - - - - - - - - - - - - - - - - - - - - - - - - - The name of the provider responsible for installing these apps and providing status back to the Enrollment Status Page. - - - - - - - - - - - - - ProviderName - - - - - - - - - - - - - - A unique name for the app whose progress should be tracked in the ESP. The app name can be arbitrary as it is not used directly by the ESP, so the value can be defined however the policy provider chooses. - - - - - - - - - - - - - AppName - - - - - - TrackingUri - - - - - - - - An optional URI to another CSP for tracking the apps installation. If this value is not set, installation status is derived from the InstallationState node. - - - - - - - - - - - - - - text/plain - - - - - InstallationState - - - - - - - - The installation state for the app. This node should be updated by the policy providers (not the MDM server) so the ESP can track the installation progress and update the status message. Expected values: 1 = NotInstalled, 2 = InProgress, 3 = Completed, 4 = Error - - - - - - - - - - - - - - text/plain - - - - - RebootRequired - - - - - - - - An optional node indicating if the app installation requires the ESP to issue a reboot. This node should be set by the policy provider installing the app (not the MDM server). Expected values: 1 = NotRequired, 2 = SoftReboot, 3 = HardReboot. If this node is not set, the ESP will not reboot the device for this app install. - - - - - - - - - - - - - - text/plain - - - - - - - - - HasProvisioningCompleted - - - - - false - This node is set by the Enrollment Status Page (ESP) when it completes. Providers are able to query this node to determine if the ESP is showing, allowing them to bifurcate their logic accordingly. For instance, when an app install requires a reboot, the policy provider should let the ESP issue the reboot by setting RebootRequired value for that app if and only if the ESP is running, otherwise, the policy provider is responsible for issuing a reboot themselves. - - - - - - - - - - - - - - text/plain - - - - - - - EnrollmentStatusTracking - ./Device/Vendor/MSFT - - - - - These settings are used to communicate what policies the Enrollment Status Page (ESP) should block on. Using these settings, policy providers register themselves and the set of policies that need to be tracked. The ESP will include the counts of these policy sets in the status message to the user, and blocks progress on that page until all policies are provisioned. The policy provider is expected to drive the status updates by updating the appropriate node values, which will then be reflected in the ESP status message. - - - - - - - - - - - com.microsoft/1.0/MDM/EnrollmentStatusTracking - - - - DevicePreparation - - - - - These settings are read by the Enrollment Status Page (ESP) during the Device Preparation phase. These setting are used to orchestrate any setup activities prior to provisioning the device in the Device Setup phase of the ESP. - - - - - - - - - - - - - - - - - - PolicyProviders - - - - - These nodes indicate to the Enrollment Status Page (ESP) that it should wait in the Device Preparation phase until all PolicyProviders are installed or marked as not required. - - - - - - - - - - - - - - - - - - + Policy @@ -436,210 +97,29 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic - This node represents a policy provider for the Enrollment Status Page (ESP). The node should be given a unique name for the policy provider. Registration of a policy provider indicates to the Enrollment Status Page that it should block in the Device Preparation phase until the provider sets its InstallationState node to 1 (not required) or 2 (complete). Once all registered policy providers have been marked as completed (or not required), the Enrollment Status Page will progress to the Device Setup phase. + The policy binary encoded as base64 - + - + - ProviderName + Policy - - InstallationState - - - - - - - - This node communicates the policy provider installation state back to the Enrollment Status Page. Expected values: 1 = NotInstalled, 2 = NotRequired, 3= Completed, 4 = Error. - - - - - - - - - - - - - - text/plain - - - - - LastError - - - - - - - - If a policy provider fails to install, it can optionally set an HRESULT error code that the Enrollment Status Page can display in an error message to the user. This node will only be read by the Enrollment Status Page when the provider's InstallationState node is set to 3 (Error). This node is only intended to be set by the policy provider itself, not the MDM server. - - - - - - - - - - - text/plain - - - - - Timeout - - - - - - - - An optional timeout (in minutes) for provider installation to complete before the Enrollment Status Page shows an error. Provider installation is considered complete when the InstallationState node is set to 2 (NotRequired) or 3 (Complete). If no timeout value is supplied the ESP will choose a default timeout value of 15 minutes. - - - - - - - - - - - - - - text/plain - - - - - TrackedResourceTypes - - - - - - - - This node's children registers which resource types the policy provider supports for provisioning. Only registered providers for a particular resource type will have their policies incorporated with Enrollment Status Page tracking message. - - - - - - - - - - - - - - - - - - Apps - - - - - - - - false - This node registers the policy provider for App provisioning. - - - - - - - - - - - - - - text/plain - - - - - - - - Setup - - - - - These settings are read by the Enrollment Status Page (ESP) during the Device Setup phase. Policy providers use these nodes to communicate progress state back to the ESP, which is then displayed to the user through progress message updates. - - - - - - - - - - - - - - - - - - Apps - - - - - These settings are used to communicate what policies the Enrollment Status Page (ESP) should block on. Using these settings, policy providers register themselves and the set of policies that need to be tracked. The ESP will include the counts of these policy sets in the status message to the user, and blocks progress on that page until all policies are provisioned. The policy provider is expected to drive the status updates by updating the appropriate node values, which will then be reflected in the ESP status message. - - - - - - - - - - - - - - - - - PolicyProviders + PolicyInfo - App policy providers for this CSP. These are the policy providers the ESP should wait on before showing the tracking message with status to the user. + Information Describing the Policy indicated by the GUID @@ -647,260 +127,148 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic - + - - - + PolicyInfo - + Version - - - - This node represents an app policy provider for the Enrollment Status Page (ESP). Existence of this node indicates to the ESP that it should not show the tracking status message until the TrackingPoliciesCreated node has been set to true. + Version of the Policy indicated by the GUID, as a string. When parsing use a uint64 as the containing data type - + - + - - - - ProviderName + Version - + text/plain - - TrackingPoliciesCreated - - - - - - - - Indicates when the provider has created the required policies for the ESP to use for tracking app installation progress. The policy provider itself is expected to set the value of this node, not the MDM server. - - - - - - - - - - - - - - text/plain - - - - - - Tracking - - - - - These are the set of apps that are being tracked by the Enrollment Status Page. - - - - - - - - - - - - - - - - - + IsEffective - - - - The name of the provider responsible for installing these apps and providing status back to the Enrollment Status Page. + Whether the Policy indicated by the GUID is Effective on the system (loaded by the enforcement engine and in effect) - + - + - - - - ProviderName + IsEffective - + text/plain + + + + + IsDeployed + + + + + Whether the Policy indicated by the GUID is deployed on the system (on the physical machine) + + + + + + + + + + IsDeployed + + text/plain + + + + + IsAuthorized + + + + + Whether the Policy indicated by the GUID is authorized to be loaded by the enforcement engine on the system + + + + + + + + + + IsAuthorized + + text/plain + + + + + Status + + + + + The Current Status of the Policy Indicated by the Policy GUID + + + + + + + + + + Status + + text/plain + + + + + FriendlyName + + + + + The FriendlyName of the Policy Indicated by the Policy GUID + + + + + + + + + + FriendlyName + + text/plain - - - - - - - - - - A unique name for the app whose progress should be tracked in the ESP. The app name can be arbitrary as it is not used directly by the ESP, so the value can be defined however the policy provider chooses. - - - - - - - - - - - - - AppName - - - - - - TrackingUri - - - - - - - - An optional URI to another CSP for tracking the apps installation. If this value is not set, installation status is derived from the InstallationState node. - - - - - - - - - - - - - - text/plain - - - - - InstallationState - - - - - - - - The installation state for the app. This node should be updated by the policy providers (not the MDM server) so the ESP can track the installation progress and update the status message. Expected values: 1 = NotInstalled, 2 = InProgress, 3 = Completed, 4 = Error - - - - - - - - - - - - - - text/plain - - - - - RebootRequired - - - - - - - - An optional node indicating if the app installation requires the ESP to issue a reboot. This node should be set by the policy provider installing the app (not the MDM server). Expected values: 1 = NotRequired, 2 = SoftReboot, 3 = HardReboot. If this node is not set, the ESP will not reboot the device for this app install. - - - - - - - - - - - - - - text/plain - - - - - - HasProvisioningCompleted - - - - - false - This node is set by the Enrollment Status Page (ESP) when it completes. Providers are able to query this node to determine if the ESP is showing, allowing them to bifurcate their logic accordingly. For instance, when an app install requires a reboot, the policy provider should let the ESP issue the reboot by setting RebootRequired value for that app if and only if the ESP is running, otherwise, the policy provider is responsible for issuing a reboot themselves. - - - - - - - - - - - - - - text/plain - - - - ``` \ No newline at end of file diff --git a/windows/client-management/mdm/applicationcontrol-csp.md b/windows/client-management/mdm/applicationcontrol-csp.md index d352156f6c..789a0fdafd 100644 --- a/windows/client-management/mdm/applicationcontrol-csp.md +++ b/windows/client-management/mdm/applicationcontrol-csp.md @@ -50,14 +50,14 @@ This subtree has nodes containing information which describes the policy indicat Scope is dynamic. Supported operation is Get. -**EApplicationControl/Policies/_Policy GUID_/PolicyInfo/Version** +**ApplicationControl/Policies/_Policy GUID_/PolicyInfo/Version** This node provides the version of the policy indicated by the GUID. Stored as a string, but when parsing use a uint64 as the containing data type. Scope is dynamic. Supported operation is Get. Value type is char. -**EApplicationControl/Policies/_Policy GUID_/PolicyInfo/IsEffective** +**ApplicationControl/Policies/_Policy GUID_/PolicyInfo/IsEffective** This node specifies whether a policy is actually loaded by the enforcement engine and is in effect on a system. Scope is dynamic. Supported operation is Get. @@ -67,7 +67,7 @@ Value type is bool. Supported values are as follows: - False — Indicates that the policy is not loaded by the enforcement engine and is not in effect on a system. This is the default. -**EApplicationControl/Policies/_Policy GUID_/PolicyInfo/IsDeployed** +**ApplicationControl/Policies/_Policy GUID_/PolicyInfo/IsDeployed** This node specifies whether a policy is on the system and is present on the physical machine. Scope is dynamic. Supported operation is Get. @@ -77,7 +77,7 @@ Value type is bool. Supported values are as follows: - False — Indicates that the policy is not on the system and is not present on the physical machine. This is the default. -**EApplicationControl/Policies/_Policy GUID_/PolicyInfo/IsAuthorized** +**ApplicationControl/Policies/_Policy GUID_/PolicyInfo/IsAuthorized** This node specifies whether the policy is authorized to be loaded by the enforcement engine on the system. If not authorized, a policy cannot take effect on the system. Scope is dynamic. Supported operation is Get. @@ -87,105 +87,140 @@ Value type is bool. Supported values are as follows: - False — Indicates that the policy is not authorized to be loaded by the enforcement engine on the system. This is the default. -The following table provides the policy output based on different combinations of PolicyInfo nodes values: +The following table provides the result of this policy based on different values of IsAuthorized, IsDeployed, and IsEffective nodes: +|IsAuthorized|IsDeployed|IsEffective|Resultant| +|------------|----------|-----------|---------| +|True|True|True|Policy is currently running and in effect.| +|True|True|False|Policy requires a reboot to take effect.| +|True|False|True|Policy requires a reboot to unload from CI.| +|False|True|True|Not Reachable.| +|True|False|False|*Not Reachable.| +|False|True|False|*Not Reachable.| +|False|False|True|Not Reachable.| +|False|False|False|*Not Reachable.| +```*``` denotes a valid intermediary state; however, if an MDM transaction results in this state configuration, the END_COMMAND_PROCESSING will result in a fail. -**EnrollmentStatusTracking/DevicePreparation/PolicyProviders/*ProviderName*/TrackedResourceTypes** -Required. This node is supported only in device context. -This node's children register which resource types the policy provider supports for provisioning. Only registered providers for a particular resource type will have their policies incorporated with ESP tracking message. +**ApplicationControl/Policies/_Policy GUID_/PolicyInfo/Status** +This node specifies whether the deployment of the policy indicated by the GUID was successful. -Scope is dynamic. Supported operations are Get, Add, Delete, and Replace. +Scope is dynamic. Supported operation is Get. -**EnrollmentStatusTracking/DevicePreparation/PolicyProviders/*ProviderName*/TrackedResourceTypes/Apps** -Required. This node is supported only in device context. -This node specifies if the policy provider is registered for app provisioning. +Value type is integer. Default value is 0 == OK. -Scope is dynamic. Supported operations are Get, Add, Delete, and Replace. +**ApplicationControl/Policies/_Policy GUID_/PolicyInfo/FriendlyName** +This node provides the friendly name of the policy indicated by the policy GUID. -Value type is boolean. Expected values are as follows: -- false — Indicates that the policy provider is not registered for app provisioning. This is the default. -- true — Indicates that the policy provider is registered for app provisioning. +Scope is dynamic. Supported operation is Get. -**EnrollmentStatusTracking/Setup** -Required. This node is supported in both user context and device context. -Provides the settings that ESP reads during the account setup phase in the user context and device setup phase in the device context. Policy providers use this node to communicate progress status back to the ESP, which is then displayed to the user through progress messages. +Value type is char. -Scope is permanent. Supported operation is Get. +## ApplicationControl CSP usage guidance -**EnrollmentStatusTracking/Setup/Apps** -Required. This node is supported in both user context and device context. -Provides the settings to communicate to the ESP which app installations it should block on and provide progress in the status message to the user. +To use this CSP: +- Know a generated policy’s GUID, which can be found in the policy xml as ``````. +- Convert the policies to binary format using the ConvertFrom-CIPolicy cmdlet in order to be deployed. The binary policy may be signed or unsigned. +- Create a policy node (a Base64-encoded blob of the binary policy representation) using the certutil -encode command line tool. -Scope is permanent. Supported operation is Get. + Sample certutil invocation: + ``` + certutil -encode WinSiPolicy.p7b WinSiPolicy.cer + ``` + Alternatively, you can use the following PowerShell invocation: + ``` + [Convert]::ToBase64String($(Get-Content -Encoding Byte -ReadCount 0 -Path )) + ``` + If you are using hybrid MDM management with System Center Configuration Manager or using Intune, ensure that you use Base64 as the Data type when using Custom OMA-URI functionality to apply the Code Integrity policy. -**EnrollmentStatusTracking/Setup/Apps/PolicyProviders** -Required. This node is supported in both user context and device context. -Specifies the app policy providers for this CSP. These are the policy providers the ESP should wait on before showing the tracking message with the status to the user. +- Deploy the policy: + - To deploy a new base policy using the CSP, perform an ADD on **./Vendor/MSFT/ApplicationControl/Policies/_PolicyGUID_/Policy** using the Base64-encoded policy node as {Data}. Refer to the the Format section in the Example 1 snippet). -Scope is permanent. Supported operation is Get. + - To deploy base policy and supplemental policies: + - Perform an ADD as described above first with the GUID and policy data for the base policy + - Repeat for each base or supplemental policy in turn (with its own GUID and data) -**EnrollmentStatusTracking/Setup/Apps/PolicyProviders**/***ProviderName*** -Optional. This node is supported in both user context and device context. -Represents an app policy provider for the ESP. Existence of this node indicates to the ESP that it should not show the tracking status message until the TrackingPoliciesCreated node has been set to true. + The following example shows the deployment of two base policies and a supplemental policy (which already specifies the base policy it supplements and does not need that reflected in the ADD). -Scope is dynamic. Supported operations are Get, Add, Delete, and Replace. + **Example 1: Add first base policy** + ``` + + 1 + + + ./Vendor/MSFT/ApplicationControl/Policies/{Base1GUID}/Policy + + + b64 + + {Base1Data} + + + ``` + **Example 2: Add second base policy** + ``` + + 1 + + + ./Vendor/MSFT/ApplicationControl/Policies/{Base2GUID}/Policy + + + b64 + + {Base2Data} + + + ``` + **Example 3: Add supplemental policy** + ``` + + 1 + + + ./Vendor/MSFT/ApplicationControl/Policies/{Supplemental1GUID}/Policy + + + b64 + + {Supplemental1Data} + + + ``` +- Perform a GET operation using a deployed policy’s GUID to interrogate/inspect the policy itself or information about it. + - ./Vendor/MSFT/ApplicationControl/Policies/_PolicyGUID_/Policy (raw p7b) + - ./Vendor/MSFT/ApplicationControl/Policies/_PolicyGUID_/PolicyInfo/Version (policy version) + - ./Vendor/MSFT/ApplicationControl/Policies/_PolicyGUID_/PolicyInfo/IsEffective (is the policy in effect) + - ./Vendor/MSFT/ApplicationControl/Policies/_PolicyGUID_/PolicyInfo/IsDeployed (is the policy on the system) + - ./Vendor/MSFT/ApplicationControl/Policies/_PolicyGUID_/PolicyInfo/IsAuthorized (is the policy authorized on the system) + - ./Vendor/MSFT/ApplicationControl/Policies/_PolicyGUID_/PolicyInfo/Status (was the deployment successful) + - ./Vendor/MSFT/ApplicationControl/Policies/_PolicyGUID_/PolicyInfo/FriendlyName (the friendly name per the policy) -**EnrollmentStatusTracking/Setup/Apps/PolicyProviders/*ProviderName*/TrackingPoliciesCreated** -Required. This node is supported in both user context and device context. -Indicates if the provider has created the required policies for the ESP to use for tracking app installation progress. The policy provider itself is expected to set the value of this node, not the MDM server. + **Sample Get command** + ``` + + 1 + + + ./Vendor/MSFT/ApplicationControl/Policies/{PolicyGUID}/Policy + + + + ``` +- Delete the policy. + To delete an unsigned policy, perform a DELETE on **./Vendor/MSFT/ApplicationControl/Policies/_PolicyGUID_/Policy**. -Scope is dynamic. Supported operations are Get, Add, Delete, and Replace. - -Value type is boolean. The expected values are as follows: -- true — Indicates that the provider has created the required policies. -- false — Indicates that the provider has not created the required policies. This is the default. - -**EnrollmentStatusTracking/Setup/Apps/Tracking** -Required. This node is supported in both user context and device context. -Root node for the app installations being tracked by the ESP. - -Scope is permanent. Supported operation is Get. - -**EnrollmentStatusTracking/Setup/Apps/Tracking/_ProviderName_** -Optional. This node is supported in both user context and device context. -Indicates the provider name responsible for installing the apps and providing status back to ESP. - -Scope is dynamic. Supported operations are Get, Add, Delete, and Replace. - -**EnrollmentStatusTracking/Setup/Apps/Tracking/*ProviderName*/_AppName_** -Optional. This node is supported in both user context and device context. -Represents a unique name for the app whose progress should be tracked by the ESP. The policy provider can define any arbitrary app name as ESP does not use the app name directly. - -Scope is dynamic. Supported operations are Get, Add, Delete, and Replace. - -**EnrollmentStatusTracking/Setup/Apps/Tracking/*ProviderName*/*AppName*/InstallationState** -Optional. This node is supported in both user context and device context. -Represents the installation state for the app. The policy providers (not the MDM server) must update this node for the ESP to track the installation progress and update the status message. - -Scope is dynamic. Supported operations are Get, Add, Delete, and Replace. - -Value type is integer. Expected values are as follows: -- 1 — NotInstalled -- 2 — InProgress -- 3 — Completed -- 4 — Error - -**EnrollmentStatusTracking/Setup/Apps/Tracking/*ProviderName*/*AppName*/RebootRequired** -Optional. This node is supported in both user context and device context. -Indicates if the app installation requires ESP to issue a reboot. The policy providers installing the app (not the MDM server) must set this node. If the policy providers do not set this node, the ESP will not reboot the device for the app installation. - -Scope is dynamic. Supported operations are Get, Add, Delete, and Replace. - -Value type is integer. Expected values are as follows: -- 1 — NotRequired -- 2 — SoftReboot -- 3 — HardReboot - -**EnrollmentStatusTracking/Setup/HasProvisioningCompleted** -Required. This node is supported in both user context and device context. -ESP sets this node when it completes. Providers can query this node to determine if the ESP is showing, which allows them to determine if they still need to provide status updates for the ESP through this CSP. - -Scope is permanent. Supported operation is Get. - -Value type is boolean. Expected values are as follows: -- true — Indicates that ESP has completed. This is the default. -- false — Indicates that ESP is displayed, and provisioning is still going. \ No newline at end of file + > [!Note] + > Only signed things should be able to update signed policies. Hence, performing a DELETE on **./Vendor/MSFT/ApplicationControl/Policies/_PolicyGUID_/Policy** is not sufficient to delete a signed policy. + + To delete a signed policy, first replace it with a signed update allowing unsigned policy, then deploy another update with unsigned policy, then perform delete. + + **Delete a policy** + ``` + + 1 + + + ./Vendor/MSFT/ApplicationControl/Policies/{PolicyGUID}/Policy + + + + ``` \ No newline at end of file diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md index 3ca4486f3b..754e6e0023 100644 --- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md +++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md @@ -140,6 +140,10 @@ For details about Microsoft mobile device management protocols for Windows 10 s EnrollmentStatusTracking CSP

Added new CSP in Windows 10, version 1903.

+ +ApplicationStatus CSP +

Added new CSP in Windows 10, version 1903.

+ @@ -1885,6 +1889,7 @@ How do I turn if off? | The service can be stopped from the "Services" console o |New or updated topic | Description| |--- | ---| +|[ApplicationControl CSP](applicationcontrol-csp.md)|Added new CSP in Windows 10, version 1903.| |Create a custom configuration service provider|Deleted the following documents from the CSP reference because extensibility via CSPs is not currently supported:
Create a custom configuration service provider
Design a custom configuration service provider
IConfigServiceProvider2
IConfigServiceProvider2::ConfigManagerNotification
IConfigServiceProvider2::GetNode
ICSPNode
ICSPNode::Add
ICSPNode::Clear
ICSPNode::Copy
ICSPNode::DeleteChild
ICSPNode::DeleteProperty
ICSPNode::Execute
ICSPNode::GetChildNodeNames
ICSPNode::GetProperty
ICSPNode::GetPropertyIdentifiers
ICSPNode::GetValue
ICSPNode::Move
ICSPNode::SetProperty
ICSPNode::SetValue
ICSPNodeTransactioning
ICSPValidate
Samples for writing a custom configuration service provider|