Specifies whether to allow Action Center notifications above the device lock screen. +Specifies whether to allow Action Center notifications above the device lock screen. -
Most restricted value is 0. +Most restricted value is 0. @@ -120,7 +120,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. Specifies whether or not the user can interact with Cortana using speech while the system is locked. If you enable or don’t configure this setting, the user can interact with Cortana using speech while the system is locked. If you disable this setting, the system will need to be unlocked for the user to interact with Cortana using speech. +Added in Windows 10, version 1607. Specifies whether or not the user can interact with Cortana using speech while the system is locked. If you enable or don’t configure this setting, the user can interact with Cortana using speech while the system is locked. If you disable this setting, the system will need to be unlocked for the user to interact with Cortana using speech. @@ -168,9 +168,9 @@ The following list shows the supported values: -
Specifies whether to allow toast notifications above the device lock screen. +Specifies whether to allow toast notifications above the device lock screen. -
Most restricted value is 0. +Most restricted value is 0. diff --git a/windows/client-management/mdm/policy-csp-accounts.md b/windows/client-management/mdm/policy-csp-accounts.md index b64e96d236..9098a9f6be 100644 --- a/windows/client-management/mdm/policy-csp-accounts.md +++ b/windows/client-management/mdm/policy-csp-accounts.md @@ -70,9 +70,9 @@ ms.date: 12/14/2017 -
Specifies whether user is allowed to add non-MSA email accounts. +Specifies whether user is allowed to add non-MSA email accounts. -
Most restricted value is 0. +Most restricted value is 0. > [!NOTE] > This policy will only block UI/UX-based methods for adding non-Microsoft accounts. Even if this policy is enforced, you can still provision non-MSA accounts using the [EMAIL2 CSP](email2-csp.md). @@ -123,9 +123,9 @@ The following list shows the supported values: -
Specifies whether the user is allowed to use an MSA account for non-email related connection authentication and services. +Specifies whether the user is allowed to use an MSA account for non-email related connection authentication and services. -
Most restricted value is 0. +Most restricted value is 0. @@ -173,7 +173,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1703. Allows IT Admins the ability to disable the "Microsoft Account Sign-In Assistant" (wlidsvc) NT service. +Added in Windows 10, version 1703. Allows IT Admins the ability to disable the "Microsoft Account Sign-In Assistant" (wlidsvc) NT service. @@ -221,11 +221,11 @@ The following list shows the supported values: -
Specifies a list of the domains that are allowed to sync email on the device. +Specifies a list of the domains that are allowed to sync email on the device. -
The data type is a string. +The data type is a string. -
The default value is an empty string, which allows all email accounts on the device to sync email. Otherwise, the string should contain a pipe-separated list of domains that are allowed to sync email on the device. For example, "contoso.com|fabrikam.net|woodgrove.gov". +The default value is an empty string, which allows all email accounts on the device to sync email. Otherwise, the string should contain a pipe-separated list of domains that are allowed to sync email on the device. For example, "contoso.com|fabrikam.net|woodgrove.gov". diff --git a/windows/client-management/mdm/policy-csp-applicationdefaults.md b/windows/client-management/mdm/policy-csp-applicationdefaults.md index 05657e6bd9..440136eec9 100644 --- a/windows/client-management/mdm/policy-csp-applicationdefaults.md +++ b/windows/client-management/mdm/policy-csp-applicationdefaults.md @@ -61,11 +61,11 @@ ms.date: 12/04/2017 -
Added in Windows 10, version 1703. This policy allows an administrator to set default file type and protocol associations. When set, default associations will be applied on sign-in to the PC. The association file can be created using the DISM tool (dism /online /export-defaultappassociations:appassoc.xml), and then needs to be base64 encoded before being added to SyncML. +Added in Windows 10, version 1703. This policy allows an administrator to set default file type and protocol associations. When set, default associations will be applied on sign-in to the PC. The association file can be created using the DISM tool (dism /online /export-defaultappassociations:appassoc.xml), and then needs to be base64 encoded before being added to SyncML. -
If policy is enabled and the client machine is Azure Active Directory joined, the associations assigned in SyncML will be processed and default associations will be applied. +If policy is enabled and the client machine is Azure Active Directory joined, the associations assigned in SyncML will be processed and default associations will be applied. -
To create create the SyncML, follow these steps: +To create create the SyncML, follow these steps:
Here is an example output from the dism default association export command: +Here is an example output from the dism default association export command: ``` syntax @@ -86,13 +86,13 @@ ms.date: 12/04/2017 Here is the base64 encoded result: +Here is the base64 encoded result: ``` syntax PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4NCjxEZWZhdWx0QXNzb2NpYXRpb25zPg0KICA8QXNzb2NpYXRpb24gSWRlbnRpZmllcj0iLmh0bSIgUHJvZ0lkPSJBcHBYNGh4dGFkNzdmYmszamtrZWVya3JtMHplOTR3amYzczkiIEFwcGxpY2F0aW9uTmFtZT0iTWljcm9zb2Z0IEVkZ2UiIC8+DQogIDxBc3NvY2lhdGlvbiBJZGVudGlmaWVyPSIuaHRtbCIgUHJvZ0lkPSJBcHBYNGh4dGFkNzdmYmszamtrZWVya3JtMHplOTR3amYzczkiIEFwcGxpY2F0aW9uTmFtZT0iTWljcm9zb2Z0IEVkZ2UiIC8+DQogIDxBc3NvY2lhdGlvbiBJZGVudGlmaWVyPSIucGRmIiBQcm9nSWQ9IkFwcFhkNG5yejhmZjY4c3JuaGY5dDVhOHNianlhcjFjcjcyMyIgQXBwbGljYXRpb25OYW1lPSJNaWNyb3NvZnQgRWRnZSIgLz4NCiAgPEFzc29jaWF0aW9uIElkZW50aWZpZXI9Imh0dHAiIFByb2dJZD0iQXBwWHEwZmV2em1lMnB5czYybjNlMGZicWE3cGVhcHlrcjh2IiBBcHBsaWNhdGlvbk5hbWU9Ik1pY3Jvc29mdCBFZGdlIiAvPg0KICA8QXNzb2NpYXRpb24gSWRlbnRpZmllcj0iaHR0cHMiIFByb2dJZD0iQXBwWDkwbnY2bmhheTVuNmE5OGZuZXR2N3RwazY0cHAzNWVzIiBBcHBsaWNhdGlvbk5hbWU9Ik1pY3Jvc29mdCBFZGdlIiAvPg0KPC9EZWZhdWx0QXNzb2NpYXRpb25zPg0KDQo= ``` -
Here is the SyncMl example: +Here is the SyncMl example: ``` syntax diff --git a/windows/client-management/mdm/policy-csp-applicationmanagement.md b/windows/client-management/mdm/policy-csp-applicationmanagement.md index c495acc547..8d12310300 100644 --- a/windows/client-management/mdm/policy-csp-applicationmanagement.md +++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md @@ -91,9 +91,9 @@ ms.date: 12/14/2017 -
Specifies whether non Microsoft Store apps are allowed. +Specifies whether non Microsoft Store apps are allowed. -
Most restricted value is 0. +Most restricted value is 0. @@ -142,14 +142,14 @@ The following list shows the supported values: -
Specifies whether automatic update of apps from Microsoft Store are allowed. +Specifies whether automatic update of apps from Microsoft Store are allowed. -
The following list shows the supported values: +The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. -
Most restricted value is 0. +Most restricted value is 0. @@ -190,9 +190,9 @@ The following list shows the supported values: -
Specifies whether developer unlock is allowed. +Specifies whether developer unlock is allowed. -
Most restricted value is 0. +Most restricted value is 0. @@ -244,9 +244,9 @@ The following list shows the supported values: > [!NOTE] > The policy is only enforced in Windows 10 for desktop. -
Specifies whether DVR and broadcasting is allowed. +Specifies whether DVR and broadcasting is allowed. -
Most restricted value is 0. +Most restricted value is 0. @@ -294,9 +294,9 @@ The following list shows the supported values: -
Specifies whether multiple users of the same app can share data. +Specifies whether multiple users of the same app can share data. -
Most restricted value is 0. +Most restricted value is 0. @@ -344,9 +344,9 @@ The following list shows the supported values: -
Specifies whether app store is allowed at the device. +Specifies whether app store is allowed at the device. -
Most restricted value is 0. +Most restricted value is 0. @@ -398,7 +398,7 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. For desktop devices, use the [AppLocker CSP](applocker-csp.md) instead. -
An XML blob that specifies the application restrictions company want to put to the device. It could be an app allow list, app disallow list, allowed publisher IDs, and so on. For a list of Windows apps and product IDs, see [inbox apps](applocker-csp.md#inboxappsandcomponents). For more information about the XML, see the [ApplicationRestrictions XSD](applicationrestrictions-xsd.md). +An XML blob that specifies the application restrictions company want to put to the device. It could be an app allow list, app disallow list, allowed publisher IDs, and so on. For a list of Windows apps and product IDs, see [inbox apps](applocker-csp.md#inboxappsandcomponents). For more information about the XML, see the [ApplicationRestrictions XSD](applicationrestrictions-xsd.md). > [!NOTE] > When you upgrade Windows Phone 8.1 devices to Windows 10 Mobile with a list of allowed apps, some Windows inbox apps get blocked causing unexpected behavior. To work around this issue, you must include the [inbox apps](applocker-csp.md#inboxappsandcomponents) that you need to your list of allowed apps. @@ -412,11 +412,11 @@ The following list shows the supported values: > - You cannot disable or enable **Contact Support** and **Windows Feedback** apps using ApplicationManagement/ApplicationRestrictions policy, although these are listed in the [inbox apps](applocker-csp.md#inboxappsandcomponents). -
An application that is running may not be immediately terminated. +An application that is running may not be immediately terminated. -
Value type is chr. +Value type is chr. -
Value evaluation rule - The information for PolicyManager is opaque. There is no most restricted value evaluation. Whenever there is a change to the value, the device parses the node value and enforces specified policies. +Value evaluation rule - The information for PolicyManager is opaque. There is no most restricted value evaluation. Whenever there is a change to the value, the device parses the node value and enforces specified policies. @@ -457,7 +457,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. Boolean value that disables the launch of all apps from Microsoft Store that came pre-installed or were downloaded. +Added in Windows 10, version 1607. Boolean value that disables the launch of all apps from Microsoft Store that came pre-installed or were downloaded. @@ -505,14 +505,14 @@ The following list shows the supported values: -
Allows disabling of the retail catalog and only enables the Private store. +Allows disabling of the retail catalog and only enables the Private store. -
The following list shows the supported values: +The following list shows the supported values: - 0 (default) – Allow both public and Private store. - 1 – Only Private store is enabled. -
Most restricted value is 1. +Most restricted value is 1. @@ -553,9 +553,9 @@ The following list shows the supported values: -
Specifies whether application data is restricted to the system drive. +Specifies whether application data is restricted to the system drive. -
Most restricted value is 1. +Most restricted value is 1. @@ -603,9 +603,9 @@ The following list shows the supported values: -
Specifies whether the installation of applications is restricted to the system drive. +Specifies whether the installation of applications is restricted to the system drive. -
Most restricted value is 1. +Most restricted value is 1. diff --git a/windows/client-management/mdm/policy-csp-authentication.md b/windows/client-management/mdm/policy-csp-authentication.md index aefc04173f..5d6851b66b 100644 --- a/windows/client-management/mdm/policy-csp-authentication.md +++ b/windows/client-management/mdm/policy-csp-authentication.md @@ -73,7 +73,7 @@ ms.date: 12/14/2017 -
Added in Windows 10, version 1709. Specifies whether password reset is enabled for Azure Active Directory accounts. This policy allows the Azure AD tenant administrators to enable self service password reset feature on the windows logon screen. +Added in Windows 10, version 1709. Specifies whether password reset is enabled for Azure Active Directory accounts. This policy allows the Azure AD tenant administrators to enable self service password reset feature on the windows logon screen. @@ -121,7 +121,7 @@ The following list shows the supported values: -
Allows an EAP cert-based authentication for a single sign on (SSO) to access internal resources. +Allows an EAP cert-based authentication for a single sign on (SSO) to access internal resources. @@ -169,9 +169,9 @@ The following list shows the supported values: -
Allows EAP Fast Reconnect from being attempted for EAP Method TLS. +Allows EAP Fast Reconnect from being attempted for EAP Method TLS. -
Most restricted value is 0. +Most restricted value is 0. @@ -219,11 +219,11 @@ The following list shows the supported values: -
Preview release in Windows 10, version 1709. Supported in the next release. Specifies whether Fast Identity Online (FIDO) device can be used to sign on. This policy enables the Windows logon credential provider for FIDO 2.0 +Preview release in Windows 10, version 1709. Supported in the next release. Specifies whether Fast Identity Online (FIDO) device can be used to sign on. This policy enables the Windows logon credential provider for FIDO 2.0 -
Value type is integer. +Value type is integer. -
Here is an example scenario: At Contoso, there are a lot of shared devices and kiosks that employees throughout the day using as many as 20 different devices. To minimize the loss in productivity when employees have to login with username and password everytime they pick up a device, the IT admin deploys SharePC CSP and Authentication/AllowFidoDeviceSignon policy to shared devices. The IT admin provisions and distributes FIDO 2.0 devices to employees, which allows them to authenticate to various shared devices and PCs. +Here is an example scenario: At Contoso, there are a lot of shared devices and kiosks that employees throughout the day using as many as 20 different devices. To minimize the loss in productivity when employees have to login with username and password everytime they pick up a device, the IT admin deploys SharePC CSP and Authentication/AllowFidoDeviceSignon policy to shared devices. The IT admin provisions and distributes FIDO 2.0 devices to employees, which allows them to authenticate to various shared devices and PCs. @@ -271,9 +271,9 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. Allows secondary authentication devices to work with Windows. +Added in Windows 10, version 1607. Allows secondary authentication devices to work with Windows. -
The default for this policy must be on for consumer devices (defined as local or Microsoft account connected device) and off for enterprise devices (such as cloud domain-joined, cloud domain-joined in an on-premise only environment, cloud domain-joined in a hybrid environment, and BYOD). +The default for this policy must be on for consumer devices (defined as local or Microsoft account connected device) and off for enterprise devices (such as cloud domain-joined, cloud domain-joined in an on-premise only environment, cloud domain-joined in a hybrid environment, and BYOD). diff --git a/windows/client-management/mdm/policy-csp-bitlocker.md b/windows/client-management/mdm/policy-csp-bitlocker.md index ede5f3ea04..e575654a6d 100644 --- a/windows/client-management/mdm/policy-csp-bitlocker.md +++ b/windows/client-management/mdm/policy-csp-bitlocker.md @@ -61,12 +61,12 @@ ms.date: 12/14/2017 -
Specifies the BitLocker Drive Encryption method and cipher strength. +Specifies the BitLocker Drive Encryption method and cipher strength. > [!NOTE] > XTS-AES 128-bit and XTS-AES 256-bit values are only supported on Windows 10 for desktop. -
You can find the following policies in BitLocker CSP: +You can find the following policies in BitLocker CSP:
Specifies whether the device can send out Bluetooth advertisements. +Specifies whether the device can send out Bluetooth advertisements. -
If this is not set or it is deleted, the default value of 1 (Allow) is used. +If this is not set or it is deleted, the default value of 1 (Allow) is used. -
Most restricted value is 0. +Most restricted value is 0. @@ -125,11 +125,11 @@ The following list shows the supported values: -
Specifies whether other Bluetooth-enabled devices can discover the device. +Specifies whether other Bluetooth-enabled devices can discover the device. -
If this is not set or it is deleted, the default value of 1 (Allow) is used. +If this is not set or it is deleted, the default value of 1 (Allow) is used. -
Most restricted value is 0. +Most restricted value is 0. @@ -177,7 +177,7 @@ The following list shows the supported values: -
Specifies whether to allow specific bundled Bluetooth peripherals to automatically pair with the host device. +Specifies whether to allow specific bundled Bluetooth peripherals to automatically pair with the host device. @@ -225,11 +225,11 @@ The following list shows the supported values: -
Sets the local Bluetooth device name. +Sets the local Bluetooth device name. -
If this is set, the value that it is set to will be used as the Bluetooth device name. To verify the policy is set, open the Bluetooth control panel on the device. Then, go to another Bluetooth-enabled device, open the Bluetooth control panel, and verify that the value that was specified. +If this is set, the value that it is set to will be used as the Bluetooth device name. To verify the policy is set, open the Bluetooth control panel on the device. Then, go to another Bluetooth-enabled device, open the Bluetooth control panel, and verify that the value that was specified. -
If this policy is not set or it is deleted, the default local radio name is used. +If this policy is not set or it is deleted, the default local radio name is used. @@ -270,9 +270,9 @@ The following list shows the supported values: -
Set a list of allowable services and profiles. String hex formatted array of Bluetooth service UUIDs in canonical format, delimited by semicolons. For example, {782AFCFC-7CAA-436C-8BF0-78CD0FFBD4AF}. +Set a list of allowable services and profiles. String hex formatted array of Bluetooth service UUIDs in canonical format, delimited by semicolons. For example, {782AFCFC-7CAA-436C-8BF0-78CD0FFBD4AF}. -
The default value is an empty string. +The default value is an empty string. diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md index 990c0726eb..1a799e9db8 100644 --- a/windows/client-management/mdm/policy-csp-browser.md +++ b/windows/client-management/mdm/policy-csp-browser.md @@ -175,12 +175,12 @@ ms.date: 01/03/2018 -
Added in Windows 10, version 1703. Specifies whether to allow the address bar drop-down functionality in Microsoft Edge. If you want to minimize network connections from Microsoft Edge to Microsoft services, we recommend disabling this functionality. +Added in Windows 10, version 1703. Specifies whether to allow the address bar drop-down functionality in Microsoft Edge. If you want to minimize network connections from Microsoft Edge to Microsoft services, we recommend disabling this functionality. > [!NOTE] > Disabling this setting turns off the address bar drop-down functionality. Because search suggestions are shown in the drop-down list, this setting takes precedence over the Browser/AllowSearchSuggestionsinAddressBar setting. -
Most restricted value is 0. +Most restricted value is 0. @@ -229,11 +229,11 @@ The following list shows the supported values: -
Specifies whether autofill on websites is allowed. +Specifies whether autofill on websites is allowed. -
Most restricted value is 0. +Most restricted value is 0. -
To verify AllowAutofill is set to 0 (not allowed): +To verify AllowAutofill is set to 0 (not allowed): 1. Open Microsoft Edge. 2. In the upper-right corner of the browser, click **…**. @@ -291,11 +291,11 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. For desktop devices, use the [AppLocker CSP](applocker-csp.md) instead. -
Specifies whether the browser is allowed on the device. +Specifies whether the browser is allowed on the device. -
Most restricted value is 0. +Most restricted value is 0. -
When this policy is set to 0 (not allowed), the Microsoft Edge for Windows 10 Mobile tile will appear greyed out, and clicking on the tile will display a message indicating theat Internet browsing has been disabled by your administrator. +When this policy is set to 0 (not allowed), the Microsoft Edge for Windows 10 Mobile tile will appear greyed out, and clicking on the tile will display a message indicating theat Internet browsing has been disabled by your administrator. @@ -344,16 +344,16 @@ The following list shows the supported values: -
Specifies whether cookies are allowed. +Specifies whether cookies are allowed. -
The following list shows the supported values: +The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. -
Most restricted value is 0. +Most restricted value is 0. -
To verify AllowCookies is set to 0 (not allowed): +To verify AllowCookies is set to 0 (not allowed): 1. Open Microsoft Edge or Microsoft Edge for Windows 10 Mobile. 2. In the upper-right corner of the browser, click **…**. @@ -404,9 +404,9 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. -
Specifies whether employees can use F12 Developer Tools on Microsoft Edge. Turning this setting on, or not configuring it, lets employees use F12 Developer Tools. Turning this setting off stops employees from using F12 Developer Tools. +Specifies whether employees can use F12 Developer Tools on Microsoft Edge. Turning this setting on, or not configuring it, lets employees use F12 Developer Tools. Turning this setting off stops employees from using F12 Developer Tools. -
Most restricted value is 0. +Most restricted value is 0. @@ -455,11 +455,11 @@ The following list shows the supported values: -
Specifies whether Do Not Track headers are allowed. +Specifies whether Do Not Track headers are allowed. -
Most restricted value is 1. +Most restricted value is 1. -
To verify AllowDoNotTrack is set to 0 (not allowed): +To verify AllowDoNotTrack is set to 0 (not allowed): 1. Open Microsoft Edge or Microsoft Edge for Windows 10 Mobile. 2. In the upper-right corner of the browser, click **…**. @@ -513,7 +513,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. Specifies whether Microsoft Edge extensions are allowed. +Added in Windows 10, version 1607. Specifies whether Microsoft Edge extensions are allowed. @@ -562,7 +562,7 @@ The following list shows the supported values: -
Added in Windows 10. Specifies whether Adobe Flash can run in Microsoft Edge. +Added in Windows 10. Specifies whether Adobe Flash can run in Microsoft Edge. @@ -611,7 +611,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1703. Specifies whether users must take an action, such as clicking the content or a Click-to-Run button, before seeing content in Adobe Flash. +Added in Windows 10, version 1703. Specifies whether users must take an action, such as clicking the content or a Click-to-Run button, before seeing content in Adobe Flash. @@ -660,9 +660,9 @@ The following list shows the supported values: -
Specifies whether InPrivate browsing is allowed on corporate networks. +Specifies whether InPrivate browsing is allowed on corporate networks. -
Most restricted value is 0. +Most restricted value is 0. @@ -711,12 +711,12 @@ The following list shows the supported values: -
Added in Windows 10, version 1703. Specifies whether to use the Microsoft compatibility list in Microsoft Edge. The Microsoft compatibility list is a Microsoft-provided list that enables sites with known compatibility issues to display properly. +Added in Windows 10, version 1703. Specifies whether to use the Microsoft compatibility list in Microsoft Edge. The Microsoft compatibility list is a Microsoft-provided list that enables sites with known compatibility issues to display properly. By default, the Microsoft compatibility list is enabled and can be viewed by visiting "about:compat". -
If you enable or don’t configure this setting, Microsoft Edge periodically downloads the latest version of the compatibility list from Microsoft, applying the updates during browser navigation. Visiting any site on the compatibility list prompts the employee to use Internet Explorer 11 (or enables/disables certain browser features on mobile), where the site is automatically rendered as though it’s run in the version of Internet Explorer necessary for it to display properly. If you disable this setting, the compatibility list isn’t used during browser navigation. +If you enable or don’t configure this setting, Microsoft Edge periodically downloads the latest version of the compatibility list from Microsoft, applying the updates during browser navigation. Visiting any site on the compatibility list prompts the employee to use Internet Explorer 11 (or enables/disables certain browser features on mobile), where the site is automatically rendered as though it’s run in the version of Internet Explorer necessary for it to display properly. If you disable this setting, the compatibility list isn’t used during browser navigation. -
Most restricted value is 0. +Most restricted value is 0. @@ -765,11 +765,11 @@ The following list shows the supported values: -
Specifies whether saving and managing passwords locally on the device is allowed. +Specifies whether saving and managing passwords locally on the device is allowed. -
Most restricted value is 0. +Most restricted value is 0. -
To verify AllowPasswordManager is set to 0 (not allowed): +To verify AllowPasswordManager is set to 0 (not allowed): 1. Open Microsoft Edge or Microsoft Edge for Windows 10 Mobile. 2. In the upper-right corner of the browser, click **…**. @@ -823,11 +823,11 @@ The following list shows the supported values: -
Specifies whether pop-up blocker is allowed or enabled. +Specifies whether pop-up blocker is allowed or enabled. -
Most restricted value is 1. +Most restricted value is 1. -
To verify AllowPopups is set to 0 (not allowed): +To verify AllowPopups is set to 0 (not allowed): 1. Open Microsoft Edge. 2. In the upper-right corner of the browser, click **…**. @@ -881,11 +881,11 @@ The following list shows the supported values: -
Added in Windows 10, version 1703. Allows search engine customization for MDM-enrolled devices. Users can change their default search engine. +Added in Windows 10, version 1703. Allows search engine customization for MDM-enrolled devices. Users can change their default search engine. -
If this setting is turned on or not configured, users can add new search engines and change the default used in the address bar from within Microsoft Edge settings. If this setting is disabled, users will be unable to add search engines or change the default used in the address bar. This policy applies only on domain-joined machines or when the device is MDM-enrolled. For more information, see Microsoft browser extension policy (aka.ms/browserpolicy). +If this setting is turned on or not configured, users can add new search engines and change the default used in the address bar from within Microsoft Edge settings. If this setting is disabled, users will be unable to add search engines or change the default used in the address bar. This policy applies only on domain-joined machines or when the device is MDM-enrolled. For more information, see Microsoft browser extension policy (aka.ms/browserpolicy). -
Most restricted value is 0. +Most restricted value is 0. @@ -934,9 +934,9 @@ The following list shows the supported values: -
Specifies whether search suggestions are allowed in the address bar. +Specifies whether search suggestions are allowed in the address bar. -
Most restricted value is 0. +Most restricted value is 0. @@ -985,11 +985,11 @@ The following list shows the supported values: -
Specifies whether Windows Defender SmartScreen is allowed. +Specifies whether Windows Defender SmartScreen is allowed. -
Most restricted value is 1. +Most restricted value is 1. -
To verify AllowSmartScreen is set to 0 (not allowed): +To verify AllowSmartScreen is set to 0 (not allowed): 1. Open Microsoft Edge or Microsoft Edge for Windows 10 Mobile. 2. In the upper-right corner of the browser, click **…**. @@ -1044,9 +1044,9 @@ The following list shows the supported values: -
-
Added in Windows 10, next majot update. Always show the Books Library in Microsoft Edge + +Added in Windows 10, next majot update. Always show the Books Library in Microsoft Edge @@ -1095,11 +1095,11 @@ The following list shows the supported values: -
Added in Windows 10, version 1703. Specifies whether to clear browsing data on exiting Microsoft Edge. +Added in Windows 10, version 1703. Specifies whether to clear browsing data on exiting Microsoft Edge. -
Most restricted value is 1. +Most restricted value is 1. -
To verify that browsing data is cleared on exit (ClearBrowsingDataOnExit is set to 1): +To verify that browsing data is cleared on exit (ClearBrowsingDataOnExit is set to 1): 1. Open Microsoft Edge and browse to websites. 2. Close the Microsoft Edge window. @@ -1152,22 +1152,22 @@ The following list shows the supported values: -
Added in Windows 10, version 1703. Allows you to add up to 5 additional search engines for MDM-enrolled devices. +Added in Windows 10, version 1703. Allows you to add up to 5 additional search engines for MDM-enrolled devices. -
If this policy is enabled, you can add up to 5 additional search engines for your employees. For each additional search engine you want to add, specify a link to the OpenSearch XML file that contains, at a minimum, the short name and the URL template (HTTPS) of the search engine. For more information about creating the OpenSearch XML file, see [Search provider discovery](https://developer.microsoft.com/en-us/microsoft-edge/platform/documentation/dev-guide/browser/search-provider-discovery/). +If this policy is enabled, you can add up to 5 additional search engines for your employees. For each additional search engine you want to add, specify a link to the OpenSearch XML file that contains, at a minimum, the short name and the URL template (HTTPS) of the search engine. For more information about creating the OpenSearch XML file, see [Search provider discovery](https://developer.microsoft.com/en-us/microsoft-edge/platform/documentation/dev-guide/browser/search-provider-discovery/). Employees cannot remove these search engines, but they can set any one as the default. This setting does not affect the default search engine. -
If this setting is not configured, the search engines used are the ones that are specified in the App settings. If this setting is disabled, the search engines you added will be deleted from your employee's machine. +If this setting is not configured, the search engines used are the ones that are specified in the App settings. If this setting is disabled, the search engines you added will be deleted from your employee's machine. > [!IMPORTANT] > Due to Protected Settings (aka.ms/browserpolicy), this setting will apply only on domain-joined machines or when the device is MDM-enrolled. -
The following list shows the supported values: +The following list shows the supported values: - 0 (default) – Additional search engines are not allowed. - 1 – Additional search engines are allowed. -
Most restricted value is 0. +Most restricted value is 0. @@ -1209,7 +1209,7 @@ Employees cannot remove these search engines, but they can set any one as the de -
Added in Windows 10, version 1703. Boolean value that specifies whether the lockdown on the Start pages is disabled. This policy works with the Browser/HomePages policy, which locks down the Start pages that the users cannot modify. You can use the DisableLockdownOfStartPages policy to allow users to modify the Start pages when the Browser/HomePages policy is in effect. +Added in Windows 10, version 1703. Boolean value that specifies whether the lockdown on the Start pages is disabled. This policy works with the Browser/HomePages policy, which locks down the Start pages that the users cannot modify. You can use the DisableLockdownOfStartPages policy to allow users to modify the Start pages when the Browser/HomePages policy is in effect. > [!NOTE] > This policy has no effect when the Browser/HomePages policy is not configured. @@ -1217,7 +1217,7 @@ Employees cannot remove these search engines, but they can set any one as the de > [!IMPORTANT] > This setting can be used only with domain-joined or MDM-enrolled devices. For more information, see the Microsoft browser extension policy (aka.ms/browserpolicy). -
Most restricted value is 0. +Most restricted value is 0. @@ -1328,9 +1328,9 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. -
Allows the user to specify an URL of an enterprise site list. +Allows the user to specify an URL of an enterprise site list. -
The following list shows the supported values: +The following list shows the supported values: - Not configured. The device checks for updates from Microsoft Update. - Set to a URL location of the enterprise site list. @@ -1422,11 +1422,11 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. -
Specifies the URL that Microsoft Edge for Windows 10 Mobile. will use when it is opened the first time. +Specifies the URL that Microsoft Edge for Windows 10 Mobile. will use when it is opened the first time. -
The data type is a string. +The data type is a string. -
The default value is an empty string. Otherwise, the string should contain the URL of the webpage users will see the first time Microsoft Edge is run. For example, “contoso.com”. +The default value is an empty string. Otherwise, the string should contain the URL of the webpage users will see the first time Microsoft Edge is run. For example, “contoso.com”. @@ -1471,11 +1471,11 @@ The following list shows the supported values: > [!NOTE] > This policy is only available for Windows 10 for desktop and not supported in Windows 10 Mobile. -
Specifies your Start pages for MDM-enrolled devices. Turning this setting on lets you configure one or more corporate Start pages. If this setting is turned on, you must also include URLs to the pages, separating multiple pages by using the XML-escaped characters **<** and **>**. For example, "<support.contoso.com><support.microsoft.com>" +Specifies your Start pages for MDM-enrolled devices. Turning this setting on lets you configure one or more corporate Start pages. If this setting is turned on, you must also include URLs to the pages, separating multiple pages by using the XML-escaped characters **<** and **>**. For example, "<support.contoso.com><support.microsoft.com>" -
Starting in Windows 10, version 1607, this policy will be enforced so that the Start pages specified by this policy cannot be changed by the users. +Starting in Windows 10, version 1607, this policy will be enforced so that the Start pages specified by this policy cannot be changed by the users. -
Starting in Windows 10, version 1703, if you don’t want to send traffic to Microsoft, you can use the "<about:blank>" value, which is honored for both domain- and non-domain-joined machines, when it’s the only configured URL. +Starting in Windows 10, version 1703, if you don’t want to send traffic to Microsoft, you can use the "<about:blank>" value, which is honored for both domain- and non-domain-joined machines, when it’s the only configured URL. > [!NOTE] > Turning this setting off, or not configuring it, sets your default Start pages to the webpages specified in App settings. @@ -1520,16 +1520,16 @@ The following list shows the supported values: -
Added in Windows 10, version 1709. This policy setting lets you decide whether employees can add, import, sort, or edit the Favorites list on Microsoft Edge. +Added in Windows 10, version 1709. This policy setting lets you decide whether employees can add, import, sort, or edit the Favorites list on Microsoft Edge. -
If you enable this setting, employees won't be able to add, import, or change anything in the Favorites list. Also as part of this, Save a Favorite, Import settings, and the context menu items (such as, Create a new folder) are all turned off. +If you enable this setting, employees won't be able to add, import, or change anything in the Favorites list. Also as part of this, Save a Favorite, Import settings, and the context menu items (such as, Create a new folder) are all turned off. > [!Important] > Don't enable both this setting and the Keep favorites in sync between Internet Explorer and Microsoft Edge setting. Enabling both settings stops employees from syncing their favorites between Internet Explorer and Microsoft Edge. -
If you disable or don't configure this setting (default), employees can add, import and make changes to the Favorites list. +If you disable or don't configure this setting (default), employees can add, import and make changes to the Favorites list. -
Data type is integer. +Data type is integer. @@ -1578,7 +1578,7 @@ The following list shows the supported values: -
Specifies whether users can access the about:flags page, which is used to change developer settings and to enable experimental features. +Specifies whether users can access the about:flags page, which is used to change developer settings and to enable experimental features. @@ -1627,9 +1627,9 @@ The following list shows the supported values: -
Added in Windows 10, version 1703. Specifies whether to enable or disable the First Run webpage. On the first explicit user-launch of Microsoft Edge, a First Run webpage hosted on Microsoft.com opens automatically via a FWLINK. This policy allows enterprises (such as those enrolled in a zero-emissions configuration) to prevent this page from opening. +Added in Windows 10, version 1703. Specifies whether to enable or disable the First Run webpage. On the first explicit user-launch of Microsoft Edge, a First Run webpage hosted on Microsoft.com opens automatically via a FWLINK. This policy allows enterprises (such as those enrolled in a zero-emissions configuration) to prevent this page from opening. -
Most restricted value is 1. +Most restricted value is 1. @@ -1678,9 +1678,9 @@ The following list shows the supported values: -
Added in Windows 10, version 1703. Specifies whether Microsoft can collect information to create a Live Tile when pinning a site to Start from Microsoft Edge. +Added in Windows 10, version 1703. Specifies whether Microsoft can collect information to create a Live Tile when pinning a site to Start from Microsoft Edge. -
Most restricted value is 1. +Most restricted value is 1. @@ -1729,9 +1729,9 @@ The following list shows the supported values: -
Specifies whether users can override the Windows Defender SmartScreen Filter warnings about potentially malicious websites. +Specifies whether users can override the Windows Defender SmartScreen Filter warnings about potentially malicious websites. -
Turning this setting on stops users from ignoring the Windows Defender SmartScreen Filter warnings and blocks them from going to the site. Turning this setting off, or not configuring it, lets users ignore the Windows Defender SmartScreen Filter warnings about potentially malicious websites and to continue to the site. +Turning this setting on stops users from ignoring the Windows Defender SmartScreen Filter warnings and blocks them from going to the site. Turning this setting off, or not configuring it, lets users ignore the Windows Defender SmartScreen Filter warnings about potentially malicious websites and to continue to the site. @@ -1780,7 +1780,7 @@ The following list shows the supported values: -
Specifies whether users can override the Windows Defender SmartScreen Filter warnings about downloading unverified files. Turning this setting on stops users from ignoring the Windows Defender SmartScreen Filter warnings and blocks them from downloading unverified files. Turning this setting off, or not configuring it, lets users ignore the Windows Defender SmartScreen Filter warnings about unverified files and lets them continue the download process. +Specifies whether users can override the Windows Defender SmartScreen Filter warnings about downloading unverified files. Turning this setting on stops users from ignoring the Windows Defender SmartScreen Filter warnings and blocks them from downloading unverified files. Turning this setting off, or not configuring it, lets users ignore the Windows Defender SmartScreen Filter warnings about unverified files and lets them continue the download process. @@ -1833,7 +1833,7 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. -
Specifies whether a user's localhost IP address is displayed while making phone calls using the WebRTC protocol. Turning this setting on hides an user’s localhost IP address while making phone calls using WebRTC. Turning this setting off, or not configuring it, shows an
user’s localhost IP address while making phone calls using WebRTC. +Specifies whether a user's localhost IP address is displayed while making phone calls using the WebRTC protocol. Turning this setting on hides an user’s localhost IP address while making phone calls using WebRTC. Turning this setting off, or not configuring it, shows an user’s localhost IP address while making phone calls using WebRTC. @@ -1882,9 +1882,9 @@ The following list shows the supported values: -
Added in Windows 10, version 1709. This policy setting allows you to configure a default set of favorites, which will appear for employees. Employees cannot modify, sort, move, export or delete these provisioned favorites. Specify the URL which points to the file that has all the data for provisioning favorites (in html format). You can export a set of favorites from Edge and use that html file for provisioning user machines. +Added in Windows 10, version 1709. This policy setting allows you to configure a default set of favorites, which will appear for employees. Employees cannot modify, sort, move, export or delete these provisioned favorites. Specify the URL which points to the file that has all the data for provisioning favorites (in html format). You can export a set of favorites from Edge and use that html file for provisioning user machines. -
URL can be specified as: +URL can be specified as: - HTTP location: "SiteList"="http://localhost:8080/URLs.html" - Local network: "SiteList"="\\network\shares\URLs.html" @@ -1893,9 +1893,9 @@ The following list shows the supported values: > [!Important] > Don't enable both this setting and the Keep favorites in sync between Internet Explorer and Microsoft Edge setting. Enabling both settings stops employees from syncing their favorites between Internet Explorer and Microsoft Edge. -
If you disable or don't configure this setting, employees will see the favorites they set in the Hub and Favorites Bar. +If you disable or don't configure this setting, employees will see the favorites they set in the Hub and Favorites Bar. -
Data type is string. +Data type is string. @@ -1941,9 +1941,9 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. -
Specifies whether to send intranet traffic over to Internet Explorer. +Specifies whether to send intranet traffic over to Internet Explorer. -
Most restricted value is 0. +Most restricted value is 0. @@ -1992,21 +1992,21 @@ The following list shows the supported values: -
Added in Windows 10, version 1703. Allows you configure the default search engine for your employees. By default, your employees can change the default search engine at any time. If you want to prevent your employees from changing the default search engine that you set, you can do so by configuring the AllowSearchEngineCustomization policy. +Added in Windows 10, version 1703. Allows you configure the default search engine for your employees. By default, your employees can change the default search engine at any time. If you want to prevent your employees from changing the default search engine that you set, you can do so by configuring the AllowSearchEngineCustomization policy. -
You must specify a link to the OpenSearch XML file that contains, at a minimum, the short name and the URL template (HTTPS) of the search engine. For more information about creating the OpenSearch XML file, see [Search provider discovery](https://developer.microsoft.com/en-us/microsoft-edge/platform/documentation/dev-guide/browser/search-provider-discovery/). If you want your employees to use the Microsoft Edge factory settings for the default search engine for their market, set the string EDGEDEFAULT; otherwise, if you want your employees to use Bing as the default search engine, set the string EDGEBING. +You must specify a link to the OpenSearch XML file that contains, at a minimum, the short name and the URL template (HTTPS) of the search engine. For more information about creating the OpenSearch XML file, see [Search provider discovery](https://developer.microsoft.com/en-us/microsoft-edge/platform/documentation/dev-guide/browser/search-provider-discovery/). If you want your employees to use the Microsoft Edge factory settings for the default search engine for their market, set the string EDGEDEFAULT; otherwise, if you want your employees to use Bing as the default search engine, set the string EDGEBING. -
If this setting is not configured, the default search engine is set to the one specified in App settings and can be changed by your employees. If this setting is disabled, the policy-set search engine will be removed, and, if it is the current default, the default will be set back to the factory Microsoft Edge search engine for the market. +If this setting is not configured, the default search engine is set to the one specified in App settings and can be changed by your employees. If this setting is disabled, the policy-set search engine will be removed, and, if it is the current default, the default will be set back to the factory Microsoft Edge search engine for the market. > [!IMPORTANT] > This setting can be used only with domain-joined or MDM-enrolled devices. For more information, see the Microsoft browser extension policy (aka.ms/browserpolicy). -
The following list shows the supported values: +The following list shows the supported values: - 0 (default) - The default search engine is set to the one specified in App settings. - 1 - Allows you to configure the default search engine for your employees. -
Most restricted value is 0. +Most restricted value is 0. @@ -2052,9 +2052,9 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. -
Added in Windows 10, version 1607. Specifies whether users should see a full interstitial page in Microsoft Edge when opening sites that are configured to open in Internet Explorer using the Enterprise Site List. +Added in Windows 10, version 1607. Specifies whether users should see a full interstitial page in Microsoft Edge when opening sites that are configured to open in Internet Explorer using the Enterprise Site List. -
Most restricted value is 0. +Most restricted value is 0. @@ -2103,14 +2103,14 @@ The following list shows the supported values: -
Added in Windows 10, version 1703. Specifies whether favorites are kept in sync between Internet Explorer and Microsoft Edge. Changes to favorites in one browser are reflected in the other, including: additions, deletions, modifications, and ordering. +Added in Windows 10, version 1703. Specifies whether favorites are kept in sync between Internet Explorer and Microsoft Edge. Changes to favorites in one browser are reflected in the other, including: additions, deletions, modifications, and ordering. > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. > > Enabling this setting stops Microsoft Edge favorites from syncing between connected Windows 10 devices. -
To verify that favorites are in synchronized between Internet Explorer and Microsoft Edge: +To verify that favorites are in synchronized between Internet Explorer and Microsoft Edge:
Disables or enables the camera. +Disables or enables the camera. -
Most restricted value is 0. +Most restricted value is 0. diff --git a/windows/client-management/mdm/policy-csp-connectivity.md b/windows/client-management/mdm/policy-csp-connectivity.md index 45755803ec..50cf068b2e 100644 --- a/windows/client-management/mdm/policy-csp-connectivity.md +++ b/windows/client-management/mdm/policy-csp-connectivity.md @@ -100,14 +100,14 @@ ms.date: 12/14/2017 -
Allows the user to enable Bluetooth or restrict access. +Allows the user to enable Bluetooth or restrict access. > [!NOTE] > This value is not supported in Windows Phone 8.1 MDM and EAS, Windows 10 for desktop, or Windows 10 Mobile. -
If this is not set or it is deleted, the default value of 2 (Allow) is used. +If this is not set or it is deleted, the default value of 2 (Allow) is used. -
Most restricted value is 0. +Most restricted value is 0. @@ -156,7 +156,7 @@ The following list shows the supported values: -
Allows the cellular data channel on the device. Device reboot is not required to enforce the policy. +Allows the cellular data channel on the device. Device reboot is not required to enforce the policy. @@ -205,9 +205,9 @@ The following list shows the supported values: -
Allows or disallows cellular data roaming on the device. Device reboot is not required to enforce the policy. +Allows or disallows cellular data roaming on the device. Device reboot is not required to enforce the policy. -
Most restricted value is 0. +Most restricted value is 0. @@ -219,9 +219,9 @@ The following list shows the supported values: -
To validate, the enterprise can confirm by observing the roaming enable switch in the UX. It will be inactive if the roaming policy is being enforced by the enterprise policy. +To validate, the enterprise can confirm by observing the roaming enable switch in the UX. It will be inactive if the roaming policy is being enforced by the enterprise policy. -
To validate on mobile devices, do the following: +To validate on mobile devices, do the following: 1. Go to Cellular & SIM. 2. Click on the SIM (next to the signal strength icon) and select **Properties**. @@ -269,7 +269,7 @@ The following list shows the supported values: > [!NOTE] > This policy requires reboot to take effect. -
Added in Windows 10, version 1703. Allows IT Admins the ability to disable the Connected Devices Platform (CDP) component. CDP enables discovery and connection to other devices (either proximally with BT/LAN or through the cloud) to support remote app launching, remote messaging, remote app sessions, and other cross-device experiences. +Added in Windows 10, version 1703. Allows IT Admins the ability to disable the Connected Devices Platform (CDP) component. CDP enables discovery and connection to other devices (either proximally with BT/LAN or through the cloud) to support remote app launching, remote messaging, remote app sessions, and other cross-device experiences. @@ -321,9 +321,9 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. -
Allows or disallows near field communication (NFC) on the device. +Allows or disallows near field communication (NFC) on the device. -
Most restricted value is 0. +Most restricted value is 0. @@ -375,11 +375,11 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. -
Enables USB connection between the device and a computer to sync files with the device or to use developer tools to deploy or debug applications. Changing this policy does not affect USB charging. +Enables USB connection between the device and a computer to sync files with the device or to use developer tools to deploy or debug applications. Changing this policy does not affect USB charging. -
Both Media Transfer Protocol (MTP) and IP over USB are disabled when this policy is enforced. +Both Media Transfer Protocol (MTP) and IP over USB are disabled when this policy is enforced. -
Most restricted value is 0. +Most restricted value is 0. @@ -427,9 +427,9 @@ The following list shows the supported values: -
Specifies what type of underlying connections VPN is allowed to use. +Specifies what type of underlying connections VPN is allowed to use. -
Most restricted value is 0. +Most restricted value is 0. @@ -477,9 +477,9 @@ The following list shows the supported values: -
Prevents the device from connecting to VPN when the device roams over cellular networks. +Prevents the device from connecting to VPN when the device roams over cellular networks. -
Most restricted value is 0. +Most restricted value is 0. diff --git a/windows/client-management/mdm/policy-csp-cryptography.md b/windows/client-management/mdm/policy-csp-cryptography.md index e65cf59e9f..b8a7181d8e 100644 --- a/windows/client-management/mdm/policy-csp-cryptography.md +++ b/windows/client-management/mdm/policy-csp-cryptography.md @@ -64,9 +64,9 @@ ms.date: 11/01/2017 -
Allows or disallows the Federal Information Processing Standard (FIPS) policy. +Allows or disallows the Federal Information Processing Standard (FIPS) policy. -
The following list shows the supported values: +The following list shows the supported values: - 0 (default) – Not allowed. - 1– Allowed. @@ -110,7 +110,7 @@ ms.date: 11/01/2017 -
Lists the Cryptographic Cipher Algorithms allowed for SSL connections. Format is a semicolon delimited list. Last write win. +Lists the Cryptographic Cipher Algorithms allowed for SSL connections. Format is a semicolon delimited list. Last write win. diff --git a/windows/client-management/mdm/policy-csp-dataprotection.md b/windows/client-management/mdm/policy-csp-dataprotection.md index 5a2461e9cb..b0e270bdff 100644 --- a/windows/client-management/mdm/policy-csp-dataprotection.md +++ b/windows/client-management/mdm/policy-csp-dataprotection.md @@ -64,9 +64,9 @@ ms.date: 12/14/2017 -
This policy setting allows you to block direct memory access (DMA) for all hot pluggable PCI downstream ports until a user logs into Windows. Once a user logs in, Windows will enumerate the PCI devices connected to the host plug PCI ports. Every time the user locks the machine, DMA will be blocked on hot plug PCI ports with no children devices until the user logs in again. Devices which were already enumerated when the machine was unlocked will continue to function until unplugged. This policy setting is only enforced when BitLocker or device encryption is enabled. +This policy setting allows you to block direct memory access (DMA) for all hot pluggable PCI downstream ports until a user logs into Windows. Once a user logs in, Windows will enumerate the PCI devices connected to the host plug PCI ports. Every time the user locks the machine, DMA will be blocked on hot plug PCI ports with no children devices until the user logs in again. Devices which were already enumerated when the machine was unlocked will continue to function until unplugged. This policy setting is only enforced when BitLocker or device encryption is enabled. -
Most restricted value is 0. +Most restricted value is 0. @@ -118,7 +118,7 @@ The following list shows the supported values: > This policy may change in a future release. It may be used for testing purposes, but should not be used in a production environment at this time. -
Setting used by Windows 8.1 Selective Wipe. +Setting used by Windows 8.1 Selective Wipe. > [!NOTE] > This policy is not recommended for use in Windows 10. diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md index c261f2807f..bb91bd44bd 100644 --- a/windows/client-management/mdm/policy-csp-defender.md +++ b/windows/client-management/mdm/policy-csp-defender.md @@ -167,9 +167,9 @@ ms.date: 11/01/2017 > This policy is only enforced in Windows 10 for desktop. -
Allows or disallows scanning of archives. +Allows or disallows scanning of archives. -
The following list shows the supported values: +The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. @@ -217,9 +217,9 @@ ms.date: 11/01/2017 > This policy is only enforced in Windows 10 for desktop. -
Allows or disallows Windows Defender Behavior Monitoring functionality. +Allows or disallows Windows Defender Behavior Monitoring functionality. -
The following list shows the supported values: +The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. @@ -267,9 +267,9 @@ ms.date: 11/01/2017 > This policy is only enforced in Windows 10 for desktop. -
To best protect your PC, Windows Defender will send information to Microsoft about any problems it finds. Microsoft will analyze that information, learn more about problems affecting you and other customers, and offer improved solutions. +To best protect your PC, Windows Defender will send information to Microsoft about any problems it finds. Microsoft will analyze that information, learn more about problems affecting you and other customers, and offer improved solutions. -
The following list shows the supported values: +The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. @@ -317,9 +317,9 @@ ms.date: 11/01/2017 > This policy is only enforced in Windows 10 for desktop. -
Allows or disallows scanning of email. +Allows or disallows scanning of email. -
The following list shows the supported values: +The following list shows the supported values: - 0 (default) – Not allowed. - 1 – Allowed. @@ -367,9 +367,9 @@ ms.date: 11/01/2017 > This policy is only enforced in Windows 10 for desktop. -
Allows or disallows a full scan of mapped network drives. +Allows or disallows a full scan of mapped network drives. -
The following list shows the supported values: +The following list shows the supported values: - 0 (default) – Not allowed. - 1 – Allowed. @@ -417,9 +417,9 @@ ms.date: 11/01/2017 > This policy is only enforced in Windows 10 for desktop. -
Allows or disallows a full scan of removable drives. +Allows or disallows a full scan of removable drives. -
The following list shows the supported values: +The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. @@ -467,9 +467,9 @@ ms.date: 11/01/2017 > This policy is only enforced in Windows 10 for desktop. -
Allows or disallows Windows Defender IOAVP Protection functionality. +Allows or disallows Windows Defender IOAVP Protection functionality. -
The following list shows the supported values: +The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. @@ -517,9 +517,9 @@ ms.date: 11/01/2017 > This policy is only enforced in Windows 10 for desktop. -
Allows or disallows Windows Defender Intrusion Prevention functionality. +Allows or disallows Windows Defender Intrusion Prevention functionality. -
The following list shows the supported values: +The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. @@ -567,9 +567,9 @@ ms.date: 11/01/2017 > This policy is only enforced in Windows 10 for desktop. -
Allows or disallows Windows Defender On Access Protection functionality. +Allows or disallows Windows Defender On Access Protection functionality. -
The following list shows the supported values: +The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. @@ -617,9 +617,9 @@ ms.date: 11/01/2017 > This policy is only enforced in Windows 10 for desktop. -
Allows or disallows Windows Defender Realtime Monitoring functionality. +Allows or disallows Windows Defender Realtime Monitoring functionality. -
The following list shows the supported values: +The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. @@ -667,9 +667,9 @@ ms.date: 11/01/2017 > This policy is only enforced in Windows 10 for desktop. -
Allows or disallows a scanning of network files. +Allows or disallows a scanning of network files. -
The following list shows the supported values: +The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. @@ -717,9 +717,9 @@ ms.date: 11/01/2017 > This policy is only enforced in Windows 10 for desktop. -
Allows or disallows Windows Defender Script Scanning functionality. +Allows or disallows Windows Defender Script Scanning functionality. -
The following list shows the supported values: +The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. @@ -767,9 +767,9 @@ ms.date: 11/01/2017 > This policy is only enforced in Windows 10 for desktop. -
Allows or disallows user access to the Windows Defender UI. If disallowed, all Windows Defender notifications will also be suppressed. +Allows or disallows user access to the Windows Defender UI. If disallowed, all Windows Defender notifications will also be suppressed. -
The following list shows the supported values: +The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. @@ -817,9 +817,9 @@ ms.date: 11/01/2017 > This policy is only enforced in Windows 10 for desktop. -
Added in Windows 10, version 1709. This policy setting allows you to prevent Attack Surface reduction rules from matching on files under the paths specified or for the fully qualified resources specified. Paths should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of a path or a fully qualified resource name. As an example, a path might be defined as: "c:\Windows" to exclude all files in this directory. A fully qualified resource name might be defined as: "C:\Windows\App.exe".. +Added in Windows 10, version 1709. This policy setting allows you to prevent Attack Surface reduction rules from matching on files under the paths specified or for the fully qualified resources specified. Paths should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of a path or a fully qualified resource name. As an example, a path might be defined as: "c:\Windows" to exclude all files in this directory. A fully qualified resource name might be defined as: "C:\Windows\App.exe".. -
Value type is string. +Value type is string. @@ -864,11 +864,11 @@ ms.date: 11/01/2017 > This policy is only enforced in Windows 10 for desktop. -
Added in Windows 10, version 1709. This policy setting enables setting the state (Block/Audit/Off) for each Attack surface reduction (ASR) rule. Each ASR rule listed can be set to one of the following states (Block/Audit/Off). The ASR rule ID and state should be added under the Options for this setting. Each entry must be listed as a name value pair. The name defines a valid ASR rule ID, while the value contains the status ID indicating the status of the rule. +Added in Windows 10, version 1709. This policy setting enables setting the state (Block/Audit/Off) for each Attack surface reduction (ASR) rule. Each ASR rule listed can be set to one of the following states (Block/Audit/Off). The ASR rule ID and state should be added under the Options for this setting. Each entry must be listed as a name value pair. The name defines a valid ASR rule ID, while the value contains the status ID indicating the status of the rule. -
For more information about ASR rule ID and status ID, see [Enable Attack Surface Reduction](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction). +For more information about ASR rule ID and status ID, see [Enable Attack Surface Reduction](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction). -
Value type is string. +Value type is string. @@ -913,11 +913,11 @@ ms.date: 11/01/2017 > This policy is only enforced in Windows 10 for desktop. -
Represents the average CPU load factor for the Windows Defender scan (in percent). +Represents the average CPU load factor for the Windows Defender scan (in percent). -
Valid values: 0–100 +Valid values: 0–100 -
The default value is 50. +The default value is 50. @@ -962,11 +962,11 @@ ms.date: 11/01/2017 > This policy is only enforced in Windows 10 for desktop. -
Added in Windows 10, version 1709. This policy setting determines how aggressive Windows Defender Antivirus will be in blocking and scanning suspicious files. Value type is integer. +Added in Windows 10, version 1709. This policy setting determines how aggressive Windows Defender Antivirus will be in blocking and scanning suspicious files. Value type is integer. -
If this setting is on, Windows Defender Antivirus will be more aggressive when identifying suspicious files to block and scan; otherwise, it will be less aggressive and therefore block and scan with less frequency. +If this setting is on, Windows Defender Antivirus will be more aggressive when identifying suspicious files to block and scan; otherwise, it will be less aggressive and therefore block and scan with less frequency. -
For more information about specific values that are supported, see the Windows Defender Antivirus documentation site. +For more information about specific values that are supported, see the Windows Defender Antivirus documentation site. > [!Note] > This feature requires the "Join Microsoft MAPS" setting enabled in order to function. @@ -1022,11 +1022,11 @@ The following list shows the supported values: > [!NOTE] > This policy is only enforced in Windows 10 for desktop. -
Added in Windows 10, version 1709. This feature allows Windows Defender Antivirus to block a suspicious file for up to 60 seconds, and scan it in the cloud to make sure it's safe. Value type is integer, range is 0 - 50. +Added in Windows 10, version 1709. This feature allows Windows Defender Antivirus to block a suspicious file for up to 60 seconds, and scan it in the cloud to make sure it's safe. Value type is integer, range is 0 - 50. -
The typical cloud check timeout is 10 seconds. To enable the extended cloud check feature, specify the extended time in seconds, up to an additional 50 seconds. +The typical cloud check timeout is 10 seconds. To enable the extended cloud check feature, specify the extended time in seconds, up to an additional 50 seconds. -
For example, if the desired timeout is 60 seconds, specify 50 seconds in this setting, which will enable the extended cloud check feature, and will raise the total time to 60 seconds. +For example, if the desired timeout is 60 seconds, specify 50 seconds in this setting, which will enable the extended cloud check feature, and will raise the total time to 60 seconds. > [!Note] > This feature depends on three other MAPS settings the must all be enabled- "Configure the 'Block at First Sight' feature; "Join Microsoft MAPS"; "Send file samples when further analysis is required". @@ -1073,7 +1073,7 @@ The following list shows the supported values: > [!NOTE] > This policy is only enforced in Windows 10 for desktop. The previous name was GuardedFoldersAllowedApplications and changed to ControlledFolderAccessAllowedApplications. -
Added in Windows 10, version 1709. This policy setting allows user-specified applications to the guard my folders feature. Adding an allowed application means the guard my folders feature will allow the application to modify or delete content in certain folders such as My Documents. In most cases it will not be necessary to add entries. Windows Defender Antivirus will automatically detect and dynamically add applications that are friendly. Value type is string. Use the | as the substring separator. +Added in Windows 10, version 1709. This policy setting allows user-specified applications to the guard my folders feature. Adding an allowed application means the guard my folders feature will allow the application to modify or delete content in certain folders such as My Documents. In most cases it will not be necessary to add entries. Windows Defender Antivirus will automatically detect and dynamically add applications that are friendly. Value type is string. Use the | as the substring separator. @@ -1117,7 +1117,7 @@ The following list shows the supported values: > [!NOTE] > This policy is only enforced in Windows 10 for desktop. The previous name was GuardedFoldersList and changed to ControlledFolderAccessProtectedFolders. -
Added in Windows 10, version 1709. This policy settings allows adding user-specified folder locations to the guard my folders feature. These folders will complement the system defined folders such as My Documents and My Pictures. The list of system folders will be displayed in the user interface and can not be changed. Value type is string. Use the | as the substring separator. +Added in Windows 10, version 1709. This policy settings allows adding user-specified folder locations to the guard my folders feature. These folders will complement the system defined folders such as My Documents and My Pictures. The list of system folders will be displayed in the user interface and can not be changed. Value type is string. Use the | as the substring separator. @@ -1162,11 +1162,11 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 for desktop. -
Time period (in days) that quarantine items will be stored on the system. +Time period (in days) that quarantine items will be stored on the system. -
Valid values: 0–90 +Valid values: 0–90 -
The default value is 0, which keeps items in quarantine, and does not automatically remove them. +The default value is 0, which keeps items in quarantine, and does not automatically remove them. @@ -1210,7 +1210,7 @@ The following list shows the supported values: > [!NOTE] > This policy is only enforced in Windows 10 for desktop. The previous name was EnableGuardMyFolders and changed to EnableControlledFolderAccess. -
Added in Windows 10, version 1709. This policy enables setting the state (On/Off/Audit) for the guard my folders feature. The guard my folders feature removes modify and delete permissions from untrusted applications to certain folders such as My Documents. Value type is integer and the range is 0 - 2. +Added in Windows 10, version 1709. This policy enables setting the state (On/Off/Audit) for the guard my folders feature. The guard my folders feature removes modify and delete permissions from untrusted applications to certain folders such as My Documents. Value type is integer and the range is 0 - 2. @@ -1262,21 +1262,23 @@ The following list shows the supported values: > [!NOTE] > This policy is only enforced in Windows 10 for desktop. -
Added in Windows 10, version 1709. This policy allows you to turn network protection on (block/audit) or off in Windows Defender Exploit Guard. Network protection is a feature of Windows Defender Exploit Guard that protects employees using any app from accessing phishing scams, exploit-hosting sites, and malicious content on the Internet. This includes preventing third-party browsers from connecting to dangerous sites. Value type is integer. +Added in Windows 10, version 1709. This policy allows you to turn network protection on (block/audit) or off in Windows Defender Exploit Guard. Network protection is a feature of Windows Defender Exploit Guard that protects employees using any app from accessing phishing scams, exploit-hosting sites, and malicious content on the Internet. This includes preventing third-party browsers from connecting to dangerous sites. Value type is integer. -
If you enable this setting, network protection is turned on and employees can't turn it off. Its behavior can be controlled by the following options: Block and Audit. -
If you enable this policy with the ""Block"" option, users/apps will be blocked from connecting to dangerous domains. You will be able to see this activity in Windows Defender Security Center. -
If you enable this policy with the ""Audit"" option, users/apps will not be blocked from connecting to dangerous domains. However, you will still see this activity in Windows Defender Security Center. -
If you disable this policy, users/apps will not be blocked from connecting to dangerous domains. You will not see any network activity in Windows Defender Security Center. -
If you do not configure this policy, network blocking will be disabled by default. +If you enable this setting, network protection is turned on and employees can't turn it off. Its behavior can be controlled by the following options: Block and Audit. +If you enable this policy with the ""Block"" option, users/apps will be blocked from connecting to dangerous domains. You will be able to see this activity in Windows Defender Security Center. +If you enable this policy with the ""Audit"" option, users/apps will not be blocked from connecting to dangerous domains. However, you will still see this activity in Windows Defender Security Center. +If you disable this policy, users/apps will not be blocked from connecting to dangerous domains. You will not see any network activity in Windows Defender Security Center. +If you do not configure this policy, network blocking will be disabled by default. -
Valid values: + + +The following list shows the supported values: - 0 (default) - Disabled - 1 - Enabled (block mode) - 2 - Enabled (audit mode) - +
Allows an administrator to specify a list of file type extensions to ignore during a scan. Each file type in the list must be separated by a **|**. For example, "lib|obj". +Allows an administrator to specify a list of file type extensions to ignore during a scan. Each file type in the list must be separated by a **|**. For example, "lib|obj". @@ -1364,7 +1366,7 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 for desktop. -
Allows an administrator to specify a list of directory paths to ignore during a scan. Each path in the list must be separated by a **|**. For example, "C:\\Example|C:\\Example1". +Allows an administrator to specify a list of directory paths to ignore during a scan. Each path in the list must be separated by a **|**. For example, "C:\\Example|C:\\Example1". @@ -1409,13 +1411,13 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 for desktop. -
Allows an administrator to specify a list of files opened by processes to ignore during a scan. +Allows an administrator to specify a list of files opened by processes to ignore during a scan. > [!IMPORTANT] > The process itself is not excluded from the scan, but can be by using the **Defender/ExcludedPaths** policy to exclude its path. -
Each file type must be separated by a **|**. For example, "C:\\Example.exe|C:\\Example1.exe". +Each file type must be separated by a **|**. For example, "C:\\Example.exe|C:\\Example1.exe". @@ -1460,9 +1462,9 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 for desktop. -
Added in Windows 10, version 1607. Specifies the level of detection for potentially unwanted applications (PUAs). Windows Defender alerts you when potentially unwanted software is being downloaded or attempts to install itself on your computer. +Added in Windows 10, version 1607. Specifies the level of detection for potentially unwanted applications (PUAs). Windows Defender alerts you when potentially unwanted software is being downloaded or attempts to install itself on your computer. -
The following list shows the supported values: +The following list shows the supported values: - 0 (default) – PUA Protection off. Windows Defender will not protect against potentially unwanted applications. - 1 – PUA Protection on. Detected items are blocked. They will show in history along with other threats. @@ -1511,13 +1513,13 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 for desktop. -
Controls which sets of files should be monitored. +Controls which sets of files should be monitored. > [!NOTE] > If **AllowOnAccessProtection** is not allowed, then this configuration can be used to monitor specific files. -
The following list shows the supported values: +The following list shows the supported values: - 0 (default) – Monitor all files (bi-directional). - 1 – Monitor incoming files. @@ -1566,9 +1568,9 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 for desktop. -
Selects whether to perform a quick scan or full scan. +Selects whether to perform a quick scan or full scan. -
The following list shows the supported values: +The following list shows the supported values: - 1 (default) – Quick scan - 2 – Full scan @@ -1616,17 +1618,17 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 for desktop. -
Selects the time of day that the Windows Defender quick scan should run. +Selects the time of day that the Windows Defender quick scan should run. > [!NOTE] > The scan type will depends on what scan type is selected in the **Defender/ScanParameter** setting. -
Valid values: 0–1380 +Valid values: 0–1380 -
For example, a value of 0=12:00AM, a value of 60=1:00AM, a value of 120=2:00, and so on, up to a value of 1380=11:00PM. +For example, a value of 0=12:00AM, a value of 60=1:00AM, a value of 120=2:00, and so on, up to a value of 1380=11:00PM. -
The default value is 120 +The default value is 120 @@ -1671,13 +1673,13 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 for desktop. -
Selects the day that the Windows Defender scan should run. +Selects the day that the Windows Defender scan should run. > [!NOTE] > The scan type will depends on what scan type is selected in the **Defender/ScanParameter** setting. -
The following list shows the supported values: +The following list shows the supported values: - 0 (default) – Every day - 1 – Monday @@ -1732,17 +1734,17 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 for desktop. -
Selects the time of day that the Windows Defender scan should run. +Selects the time of day that the Windows Defender scan should run. > [!NOTE] > The scan type will depends on what scan type is selected in the **Defender/ScanParameter** setting. -
Valid values: 0–1380. +Valid values: 0–1380. -
For example, a value of 0=12:00AM, a value of 60=1:00AM, a value of 120=2:00, and so on, up to a value of 1380=11:00PM. +For example, a value of 0=12:00AM, a value of 60=1:00AM, a value of 120=2:00, and so on, up to a value of 1380=11:00PM. -
The default value is 120. +The default value is 120. @@ -1787,13 +1789,13 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 for desktop. -
Specifies the interval (in hours) that will be used to check for signatures, so instead of using the ScheduleDay and ScheduleTime the check for new signatures will be set according to the interval. +Specifies the interval (in hours) that will be used to check for signatures, so instead of using the ScheduleDay and ScheduleTime the check for new signatures will be set according to the interval. -
Valid values: 0–24. +Valid values: 0–24. -
A value of 0 means no check for new signatures, a value of 1 means to check every hour, a value of 2 means to check every two hours, and so on, up to a value of 24, which means to check every day. +A value of 0 means no check for new signatures, a value of 1 means to check every hour, a value of 2 means to check every two hours, and so on, up to a value of 24, which means to check every day. -
The default value is 8. +The default value is 8. @@ -1838,9 +1840,9 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 for desktop. -
Checks for the user consent level in Windows Defender to send data. If the required consent has already been granted, Windows Defender submits them. If not, (and if the user has specified never to ask), the UI is launched to ask for user consent (when **Defender/AllowCloudProtection** is allowed) before sending data. +Checks for the user consent level in Windows Defender to send data. If the required consent has already been granted, Windows Defender submits them. If not, (and if the user has specified never to ask), the UI is launched to ask for user consent (when **Defender/AllowCloudProtection** is allowed) before sending data. -
The following list shows the supported values: +The following list shows the supported values: - 0 – Always prompt. - 1 (default) – Send safe samples automatically. @@ -1890,18 +1892,18 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 for desktop. -
Allows an administrator to specify any valid threat severity levels and the corresponding default action ID to take. +Allows an administrator to specify any valid threat severity levels and the corresponding default action ID to take. -
This value is a list of threat severity level IDs and corresponding actions, separated by a**|** using the format "*threat level*=*action*|*threat level*=*action*". For example "1=6|2=2|4=10|5=3 +This value is a list of threat severity level IDs and corresponding actions, separated by a**|** using the format "*threat level*=*action*|*threat level*=*action*". For example "1=6|2=2|4=10|5=3 -
The following list shows the supported values for threat severity levels: +The following list shows the supported values for threat severity levels: - 1 – Low severity threats - 2 – Moderate severity threats - 4 – High severity threats - 5 – Severe threats -
The following list shows the supported values for possible actions: +The following list shows the supported values for possible actions: - 1 – Clean - 2 – Quarantine diff --git a/windows/client-management/mdm/policy-csp-deliveryoptimization.md b/windows/client-management/mdm/policy-csp-deliveryoptimization.md index c369584fc8..812d07ecac 100644 --- a/windows/client-management/mdm/policy-csp-deliveryoptimization.md +++ b/windows/client-management/mdm/policy-csp-deliveryoptimization.md @@ -136,9 +136,9 @@ ms.date: 01/03/2018 > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile. -
Added in Windows 10, version 1607. Specifies the maximum size in GB of Delivery Optimization cache. This policy overrides the DOMaxCacheSize policy. The value 0 (zero) means "unlimited" cache. Delivery Optimization will clear the cache when the device is running low on disk space. +Added in Windows 10, version 1607. Specifies the maximum size in GB of Delivery Optimization cache. This policy overrides the DOMaxCacheSize policy. The value 0 (zero) means "unlimited" cache. Delivery Optimization will clear the cache when the device is running low on disk space. -
The default value is 10. +The default value is 10. @@ -183,7 +183,7 @@ ms.date: 01/03/2018 > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile. -
Added in Windows 10, version 1703. Specifies whether the device is allowed to participate in Peer Caching while connected via VPN to the domain network. This means the device can download from or upload to other domain network devices, either on VPN or on the corporate domain network. +Added in Windows 10, version 1703. Specifies whether the device is allowed to participate in Peer Caching while connected via VPN to the domain network. This means the device can download from or upload to other domain network devices, either on VPN or on the corporate domain network. @@ -347,7 +347,7 @@ The following list shows the supported values as number of seconds: > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile. -
Specifies the download method that Delivery Optimization can use in downloads of Windows Updates, Apps and App updates. +Specifies the download method that Delivery Optimization can use in downloads of Windows Updates, Apps and App updates. @@ -403,7 +403,7 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile. -
This Policy specifies an arbitrary group ID that the device belongs to. Use this if you need to create a single group for Local Network Peering for branches that are on different domains or are not on the same LAN. Note that this is a best effort optimization and should not be relied on for an authentication of identity. +This Policy specifies an arbitrary group ID that the device belongs to. Use this if you need to create a single group for Local Network Peering for branches that are on different domains or are not on the same LAN. Note that this is a best effort optimization and should not be relied on for an authentication of identity. > [!NOTE] > You must use a GUID as the group ID. @@ -514,9 +514,9 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile. -
Specifies the maximum time in seconds that each file is held in the Delivery Optimization cache after downloading successfully. The value 0 (zero) means "unlimited"; Delivery Optimization will hold the files in the cache longer and make the files available for uploads to other devices, as long as the cache size has not exceeded. The value 0 is new in Windows 10, version 1607. +Specifies the maximum time in seconds that each file is held in the Delivery Optimization cache after downloading successfully. The value 0 (zero) means "unlimited"; Delivery Optimization will hold the files in the cache longer and make the files available for uploads to other devices, as long as the cache size has not exceeded. The value 0 is new in Windows 10, version 1607. -
The default value is 259200 seconds (3 days). +The default value is 259200 seconds (3 days). @@ -561,9 +561,9 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile. -
Specifies the maximum cache size that Delivery Optimization can utilize, as a percentage of disk size (1-100). +Specifies the maximum cache size that Delivery Optimization can utilize, as a percentage of disk size (1-100). -
The default value is 20. +The default value is 20. @@ -608,9 +608,9 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile. -
Added in Windows 10, version 1607. Specifies the maximum download bandwidth in KiloBytes/second that the device can use across all concurrent download activities using Delivery Optimization. +Added in Windows 10, version 1607. Specifies the maximum download bandwidth in KiloBytes/second that the device can use across all concurrent download activities using Delivery Optimization. -
The default value 0 (zero) means that Delivery Optimization dynamically adjusts to use the available bandwidth for downloads. +The default value 0 (zero) means that Delivery Optimization dynamically adjusts to use the available bandwidth for downloads. @@ -655,9 +655,9 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile. -
Specifies the maximum upload bandwidth in KiloBytes/second that a device will use across all concurrent upload activity using Delivery Optimization. +Specifies the maximum upload bandwidth in KiloBytes/second that a device will use across all concurrent upload activity using Delivery Optimization. -
The default value is 0, which permits unlimited possible bandwidth (optimized for minimal usage of upload bandwidth). +The default value is 0, which permits unlimited possible bandwidth (optimized for minimal usage of upload bandwidth). @@ -702,9 +702,9 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile. -
Added in Windows 10, version 1607. Specifies the minimum download QoS (Quality of Service or speed) in KiloBytes/sec for background downloads. This policy affects the blending of peer and HTTP sources. Delivery Optimization complements the download from the HTTP source to achieve the minimum QoS value set. +Added in Windows 10, version 1607. Specifies the minimum download QoS (Quality of Service or speed) in KiloBytes/sec for background downloads. This policy affects the blending of peer and HTTP sources. Delivery Optimization complements the download from the HTTP source to achieve the minimum QoS value set. -
The default value is 500. +The default value is 500. @@ -748,9 +748,9 @@ The following list shows the supported values: > [!NOTE] > This policy is only enforced in Windows 10 Pro, Business, Enterprise, and Education editions and not supported in Windows 10 Mobile. -
Added in Windows 10, version 1703. Specifies any value between 1 and 100 (in percentage) to allow the device to upload data to LAN and Group peers while on battery power. Uploads will automatically pause when the battery level drops below the set minimum battery level. The recommended value to set is 40 (for 40%) if you allow uploads on battery. +Added in Windows 10, version 1703. Specifies any value between 1 and 100 (in percentage) to allow the device to upload data to LAN and Group peers while on battery power. Uploads will automatically pause when the battery level drops below the set minimum battery level. The recommended value to set is 40 (for 40%) if you allow uploads on battery. -
The default value is 0. The value 0 (zero) means "not limited" and the cloud service default value will be used. +The default value is 0. The value 0 (zero) means "not limited" and the cloud service default value will be used. @@ -795,12 +795,12 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 Pro, Business, Enterprise, and Education editions and not supported in Windows 10 Mobile. -
Added in Windows 10, version 1703. Specifies the required minimum disk size (capacity in GB) for the device to use Peer Caching. The value 0 means "not-limited" which means the cloud service set default value will be used. Recommended values: 64 GB to 256 GB. +Added in Windows 10, version 1703. Specifies the required minimum disk size (capacity in GB) for the device to use Peer Caching. The value 0 means "not-limited" which means the cloud service set default value will be used. Recommended values: 64 GB to 256 GB. > [!NOTE] > If the DOMofidyCacheDrive policy is set, the disk size check will apply to the new working directory specified by this policy. -
The default value is 32 GB. +The default value is 32 GB. @@ -845,9 +845,9 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 Pro, Business, Enterprise, and Education editions and not supported in Windows 10 Mobile. -
Added in Windows 10, version 1703. Specifies the minimum content file size in MB enabled to use Peer Caching. The value 0 means "unlimited" which means the cloud service set default value will be used. Recommended values: 1 MB to 100,000 MB. +Added in Windows 10, version 1703. Specifies the minimum content file size in MB enabled to use Peer Caching. The value 0 means "unlimited" which means the cloud service set default value will be used. Recommended values: 1 MB to 100,000 MB. -
The default value is 100 MB. +The default value is 100 MB. @@ -892,9 +892,9 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 Pro, Business, Enterprise, and Education editions and not supported in Windows 10 Mobile. -
Added in Windows 10, version 1703. Specifies the minimum RAM size in GB required to use Peer Caching. The value 0 means "not-limited" which means the cloud service set default value will be used. For example if the minimum set is 1 GB, then devices with 1 GB or higher available RAM will be allowed to use Peer caching. Recommended values: 1 GB to 4 GB. +Added in Windows 10, version 1703. Specifies the minimum RAM size in GB required to use Peer Caching. The value 0 means "not-limited" which means the cloud service set default value will be used. For example if the minimum set is 1 GB, then devices with 1 GB or higher available RAM will be allowed to use Peer caching. Recommended values: 1 GB to 4 GB. -
The default value is 4 GB. +The default value is 4 GB. @@ -939,9 +939,9 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile. -
Added in Windows 10, version 1607. Specifies the drive that Delivery Optimization should use for its cache. The drive location can be specified using environment variables, drive letter or using a full path. +Added in Windows 10, version 1607. Specifies the drive that Delivery Optimization should use for its cache. The drive location can be specified using environment variables, drive letter or using a full path. -
By default, %SystemDrive% is used to store the cache. +By default, %SystemDrive% is used to store the cache. @@ -986,11 +986,11 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile. -
Added in Windows 10, version 1607. Specifies the maximum total bytes in GB that Delivery Optimization is allowed to upload to Internet peers in each calendar month. +Added in Windows 10, version 1607. Specifies the maximum total bytes in GB that Delivery Optimization is allowed to upload to Internet peers in each calendar month. -
The value 0 (zero) means "unlimited"; No monthly upload limit is applied if 0 is set. +The value 0 (zero) means "unlimited"; No monthly upload limit is applied if 0 is set. -
The default value is 20. +The default value is 20. diff --git a/windows/client-management/mdm/policy-csp-deviceguard.md b/windows/client-management/mdm/policy-csp-deviceguard.md index 4023eee26c..4b9ab87704 100644 --- a/windows/client-management/mdm/policy-csp-deviceguard.md +++ b/windows/client-management/mdm/policy-csp-deviceguard.md @@ -68,7 +68,7 @@ ms.date: 12/14/2017 -
Added in Windows 10, version 1709. Turns on virtualization based security(VBS) at the next reboot. virtualization based security uses the Windows Hypervisor to provide support for security services. Value type is integer. +Added in Windows 10, version 1709. Turns on virtualization based security(VBS) at the next reboot. virtualization based security uses the Windows Hypervisor to provide support for security services. Value type is integer. @@ -117,7 +117,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1709. This setting lets users turn on Credential Guard with virtualization-based security to help protect credentials at next reboot. Value type is integer. +Added in Windows 10, version 1709. This setting lets users turn on Credential Guard with virtualization-based security to help protect credentials at next reboot. Value type is integer. @@ -168,7 +168,7 @@ The following list shows the supported values: Added in Windows 10, version 1709. Specifies the platform security level at the next reboot. Value type is integer. -
+ diff --git a/windows/client-management/mdm/policy-csp-devicelock.md b/windows/client-management/mdm/policy-csp-devicelock.md index b056313e5a..9d4a67b93c 100644 --- a/windows/client-management/mdm/policy-csp-devicelock.md +++ b/windows/client-management/mdm/policy-csp-devicelock.md @@ -115,7 +115,7 @@ ms.date: 01/12/2018 > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. -
Specifies whether the user must input a PIN or password when the device resumes from an idle state. +Specifies whether the user must input a PIN or password when the device resumes from an idle state. > [!NOTE] > This policy must be wrapped in an Atomic command. @@ -170,13 +170,13 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. -
Specifies whether to show a user-configurable setting to control the screen timeout while on the lock screen of Windows 10 Mobile devices. +Specifies whether to show a user-configurable setting to control the screen timeout while on the lock screen of Windows 10 Mobile devices. > [!NOTE] > This policy must be wrapped in an Atomic command. -
The following list shows the supported values: +The following list shows the supported values: - 0 (default) – Not allowed. - 1 – Allowed. @@ -223,18 +223,18 @@ The following list shows the supported values: -
Specifies whether PINs or passwords such as "1111" or "1234" are allowed. For the desktop, it also controls the use of picture passwords. +Specifies whether PINs or passwords such as "1111" or "1234" are allowed. For the desktop, it also controls the use of picture passwords. > [!NOTE] > This policy must be wrapped in an Atomic command. -
The following list shows the supported values: +The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. -
For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx). +For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx). @@ -275,7 +275,7 @@ The following list shows the supported values: -
Determines the type of PIN or password required. This policy only applies if the **DeviceLock/DevicePasswordEnabled** policy is set to 0 (required). +Determines the type of PIN or password required. This policy only applies if the **DeviceLock/DevicePasswordEnabled** policy is set to 0 (required). > [!NOTE] > This policy must be wrapped in an Atomic command. @@ -283,7 +283,7 @@ The following list shows the supported values: > Always use the Replace command instead of Add for this policy in Windows 10 for desktop editions (Home, Pro, Enterprise, and Education). -
The following list shows the supported values: +The following list shows the supported values: - 0 – Alphanumeric PIN or password required. - 1 – Numeric PIN or password required. @@ -335,7 +335,7 @@ The following list shows the supported values: -
Specifies whether device lock is enabled. +Specifies whether device lock is enabled. > [!NOTE] > This policy must be wrapped in an Atomic command. @@ -343,7 +343,7 @@ The following list shows the supported values: > Always use the Replace command instead of Add for this policy in Windows 10 for desktop editions. -
The following list shows the supported values: +The following list shows the supported values: - 0 (default) – Enabled - 1 – Disabled @@ -421,20 +421,20 @@ The following list shows the supported values: -
Specifies when the password expires (in days). +Specifies when the password expires (in days). > [!NOTE] > This policy must be wrapped in an Atomic command. -
The following list shows the supported values: +The following list shows the supported values: - An integer X where 0 <= X <= 730. - 0 (default) - Passwords do not expire. -
If all policy values = 0 then 0; otherwise, Min policy value is the most secure value. +If all policy values = 0 then 0; otherwise, Min policy value is the most secure value. -
For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx). +For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx). @@ -475,22 +475,22 @@ The following list shows the supported values: -
Specifies how many passwords can be stored in the history that can’t be used. +Specifies how many passwords can be stored in the history that can’t be used. > [!NOTE] > This policy must be wrapped in an Atomic command. -
The following list shows the supported values: +The following list shows the supported values: - An integer X where 0 <= X <= 50. - 0 (default) -
The value includes the user's current password. This means that with a setting of 1 the user cannot reuse their current password when choosing a new password, while a setting of 5 means that a user cannot set their new password to their current password or any of their previous four passwords. +The value includes the user's current password. This means that with a setting of 1 the user cannot reuse their current password when choosing a new password, while a setting of 5 means that a user cannot set their new password to their current password or any of their previous four passwords. -
Max policy value is the most restricted. +Max policy value is the most restricted. -
For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx). +For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx). @@ -531,13 +531,13 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. Specifies the default lock screen and logon image shown when no user is signed in. It also sets the specified image for all users, which replaces the default image. The same image is used for both the lock and logon screens. Users will not be able to change this image. +Added in Windows 10, version 1607. Specifies the default lock screen and logon image shown when no user is signed in. It also sets the specified image for all users, which replaces the default image. The same image is used for both the lock and logon screens. Users will not be able to change this image. > [!NOTE] > This policy is only enforced in Windows 10 Enterprise and Education editions and not supported in Windows 10 Home and Pro. -
Value type is a string, which is the full image filepath and filename. +Value type is a string, which is the full image filepath and filename. @@ -578,13 +578,13 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. Restricts lock screen image to a specific lock screen provider. Users will not be able change this provider. +Added in Windows 10, version 1607. Restricts lock screen image to a specific lock screen provider. Users will not be able change this provider. > [!NOTE] > This policy is only enforced in Windows 10 for mobile devices. -
Value type is a string, which is the AppID. +Value type is a string, which is the AppID. @@ -631,21 +631,21 @@ The number of authentication failures allowed before the device will be wiped. A > This policy must be wrapped in an Atomic command. -
This policy has different behaviors on the mobile device and desktop. +This policy has different behaviors on the mobile device and desktop. - On a mobile device, when the user reaches the value set by this policy, then the device is wiped. - On a desktop, when the user reaches the value set by this policy, it is not wiped. Instead, the desktop is put on BitLocker recovery mode, which makes the data inaccessible but recoverable. If BitLocker is not enabled, then the policy cannot be enforced. Prior to reaching the failed attempts limit, the user is sent to the lock screen and warned that more failed attempts will lock their computer. When the user reaches the limit, the device automatically reboots and shows the BitLocker recovery page. This page prompts the user for the BitLocker recovery key. -
The following list shows the supported values: +The following list shows the supported values: - An integer X where 4 <= X <= 16 for desktop and 0 <= X <= 999 for mobile devices. - 0 (default) - The device is never wiped after an incorrect PIN or password is entered. -
Most secure value is 0 if all policy values = 0; otherwise, Min policy value is the most secure value. +Most secure value is 0 if all policy values = 0; otherwise, Min policy value is the most secure value. -
For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx). +For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx). @@ -686,18 +686,18 @@ The number of authentication failures allowed before the device will be wiped. A -
Specifies the maximum amount of time (in minutes) allowed after the device is idle that will cause the device to become PIN or password locked. Users can select any existing timeout value less than the specified maximum time in the Settings app. Note the Lumia 950 and 950XL have a maximum timeout value of 5 minutes, regardless of the value set by this policy. +Specifies the maximum amount of time (in minutes) allowed after the device is idle that will cause the device to become PIN or password locked. Users can select any existing timeout value less than the specified maximum time in the Settings app. Note the Lumia 950 and 950XL have a maximum timeout value of 5 minutes, regardless of the value set by this policy. > [!NOTE] > This policy must be wrapped in an Atomic command. -
The following list shows the supported values: +The following list shows the supported values: - An integer X where 0 <= X <= 999. - 0 (default) - No timeout is defined. The default of "0" is Windows Phone 7.5 parity and is interpreted by as "No timeout is defined." -
For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx). +For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx). @@ -738,13 +738,13 @@ The number of authentication failures allowed before the device will be wiped. A -
Specifies the maximum amount of time (in minutes) allowed after the device is idle that will cause the device to become PIN or password locked while connected to an external display. +Specifies the maximum amount of time (in minutes) allowed after the device is idle that will cause the device to become PIN or password locked while connected to an external display. > [!NOTE] > This policy must be wrapped in an Atomic command. -
The following list shows the supported values: +The following list shows the supported values: - An integer X where 0 <= X <= 999. - 0 (default) - No timeout is defined. The default of "0" is Windows Phone 7.5 parity and is interpreted by as "No timeout is defined." @@ -788,21 +788,21 @@ The number of authentication failures allowed before the device will be wiped. A -
The number of complex element types (uppercase and lowercase letters, numbers, and punctuation) required for a strong PIN or password. +The number of complex element types (uppercase and lowercase letters, numbers, and punctuation) required for a strong PIN or password. > [!NOTE] > This policy must be wrapped in an Atomic command. > > Always use the Replace command instead of Add for this policy in Windows 10 for desktop editions. -
PIN enforces the following behavior for desktop and mobile devices: +PIN enforces the following behavior for desktop and mobile devices: - 1 - Digits only - 2 - Digits and lowercase letters are required - 3 - Digits, lowercase letters, and uppercase letters are required. Not supported in desktop Microsoft accounts and domain accounts. - 4 - Digits, lowercase letters, uppercase letters, and special characters are required. Not supported in desktop. -
The default value is 1. The following list shows the supported values and actual enforced values: +The default value is 1. The following list shows the supported values and actual enforced values:
Enforced values for Local and Microsoft Accounts: +Enforced values for Local and Microsoft Accounts: - Local accounts support values of 1, 2, and 3, however they always enforce a value of 3. - Passwords for local accounts must meet the following minimum requirements: @@ -857,9 +857,9 @@ The number of authentication failures allowed before the device will be wiped. A - Base 10 digits (0 through 9) - Special characters (!, $, \#, %, etc.) -
The enforcement of policies for Microsoft accounts happen on the server, and the server requires a password length of 8 and a complexity of 2. A complexity value of 3 or 4 is unsupported and setting this value on the server makes Microsoft accounts non-compliant. +The enforcement of policies for Microsoft accounts happen on the server, and the server requires a password length of 8 and a complexity of 2. A complexity value of 3 or 4 is unsupported and setting this value on the server makes Microsoft accounts non-compliant. -
For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx) and [KB article](https://support.office.com/article/This-device-doesn-t-meet-the-security-requirements-set-by-your-email-administrator-87132fc7-2c7f-4a71-9de0-779ff81c86ca). +For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx) and [KB article](https://support.office.com/article/This-device-doesn-t-meet-the-security-requirements-set-by-your-email-administrator-87132fc7-2c7f-4a71-9de0-779ff81c86ca). @@ -900,7 +900,7 @@ The number of authentication failures allowed before the device will be wiped. A -
Specifies the minimum number or characters required in the PIN or password. +Specifies the minimum number or characters required in the PIN or password. > [!NOTE] > This policy must be wrapped in an Atomic command. @@ -908,15 +908,15 @@ The number of authentication failures allowed before the device will be wiped. A > Always use the Replace command instead of Add for this policy in Windows 10 for desktop editions. -
The following list shows the supported values: +The following list shows the supported values: - An integer X where 4 <= X <= 16 for mobile devices and desktop. However, local accounts will always enforce a minimum password length of 6. - Not enforced. - The default value is 4 for mobile devices and desktop devices. -
Max policy value is the most restricted. +Max policy value is the most restricted. -
For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx) and [KB article](https://support.office.com/article/This-device-doesn-t-meet-the-security-requirements-set-by-your-email-administrator-87132fc7-2c7f-4a71-9de0-779ff81c86ca). +For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx) and [KB article](https://support.office.com/article/This-device-doesn-t-meet-the-security-requirements-set-by-your-email-administrator-87132fc7-2c7f-4a71-9de0-779ff81c86ca). @@ -1074,15 +1074,15 @@ ADMX Info: > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. -
Allows an enterprise to set the duration in seconds for the screen timeout while on the lock screen of Windows 10 Mobile devices. +Allows an enterprise to set the duration in seconds for the screen timeout while on the lock screen of Windows 10 Mobile devices. -
Minimum supported value is 10. +Minimum supported value is 10. -
Maximum supported value is 1800. +Maximum supported value is 1800. -
The default value is 10. +The default value is 10. -
Most restricted value is 0. +Most restricted value is 0. diff --git a/windows/client-management/mdm/policy-csp-display.md b/windows/client-management/mdm/policy-csp-display.md index b23977c0bc..2f510c687c 100644 --- a/windows/client-management/mdm/policy-csp-display.md +++ b/windows/client-management/mdm/policy-csp-display.md @@ -64,17 +64,17 @@ ms.date: 11/01/2017 -
GDI DPI Scaling enables applications that are not DPI aware to become per monitor DPI aware. +GDI DPI Scaling enables applications that are not DPI aware to become per monitor DPI aware. -
This policy setting lets you specify legacy applications that have GDI DPI Scaling turned off. +This policy setting lets you specify legacy applications that have GDI DPI Scaling turned off. -
If you enable this policy setting, GDI DPI Scaling is turned off for all applications in the list, even if they are enabled by using ApplicationCompatibility database, ApplicationCompatibility UI System (Enhanced) setting, or an application manifest. +If you enable this policy setting, GDI DPI Scaling is turned off for all applications in the list, even if they are enabled by using ApplicationCompatibility database, ApplicationCompatibility UI System (Enhanced) setting, or an application manifest. -
If you disable or do not configure this policy setting, GDI DPI Scaling might still be turned on for legacy applications. +If you disable or do not configure this policy setting, GDI DPI Scaling might still be turned on for legacy applications. -
If GDI DPI Scaling is configured to both turn off and turn on an application, the application will be turned off. +If GDI DPI Scaling is configured to both turn off and turn on an application, the application will be turned off. -
To validate on Desktop, do the following: +To validate on Desktop, do the following: 1. Configure the setting for an app which has GDI DPI scaling enabled via MDM or any other supported mechanisms. 2. Run the app and observe blurry text. @@ -118,17 +118,17 @@ ms.date: 11/01/2017 -
GDI DPI Scaling enables applications that are not DPI aware to become per monitor DPI aware. +GDI DPI Scaling enables applications that are not DPI aware to become per monitor DPI aware. -
This policy setting lets you specify legacy applications that have GDI DPI Scaling turned on. +This policy setting lets you specify legacy applications that have GDI DPI Scaling turned on. -
If you enable this policy setting, GDI DPI Scaling is turned on for all legacy applications in the list. +If you enable this policy setting, GDI DPI Scaling is turned on for all legacy applications in the list. -
If you disable or do not configure this policy setting, GDI DPI Scaling will not be enabled for an application except when an application is enabled by using ApplicationCompatibility database, ApplicationCompatibility UI System (Enhanced) setting, or an application manifest. +If you disable or do not configure this policy setting, GDI DPI Scaling will not be enabled for an application except when an application is enabled by using ApplicationCompatibility database, ApplicationCompatibility UI System (Enhanced) setting, or an application manifest. -
If GDI DPI Scaling is configured to both turn off and turn on an application, the application will be turned off. +If GDI DPI Scaling is configured to both turn off and turn on an application, the application will be turned off. -
To validate on Desktop, do the following: +To validate on Desktop, do the following: 1. Configure the setting for an app which uses GDI. 2. Run the app and observe crisp text. diff --git a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md index 3506a2c3f1..a53e00425b 100644 --- a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md +++ b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md @@ -76,11 +76,11 @@ ms.date: 11/01/2017 -
Added in Windows 10, version 1703. Specifies the authentication endpoint for acquiring OAuth tokens. This policy must target ./User, otherwise it fails. +Added in Windows 10, version 1703. Specifies the authentication endpoint for acquiring OAuth tokens. This policy must target ./User, otherwise it fails. -
The datatype is a string. +The datatype is a string. -
The default value is an empty string. Otherwise, the value should contain the URL of an endpoint. For example, "https://azuretenant.contoso.com/adfs". +The default value is an empty string. Otherwise, the value should contain the URL of an endpoint. For example, "https://azuretenant.contoso.com/adfs". @@ -121,11 +121,11 @@ ms.date: 11/01/2017 -
Added in Windows 10, version 1703. Specifies the GUID of a client application authorized to retrieve OAuth tokens from the OAuthAuthority. This policy must target ./User, otherwise it fails. +Added in Windows 10, version 1703. Specifies the GUID of a client application authorized to retrieve OAuth tokens from the OAuthAuthority. This policy must target ./User, otherwise it fails. -
The datatype is a string. +The datatype is a string. -
The default value is an empty string. Otherwise, the value should contain a GUID. For example, "E1CF1107-FF90-4228-93BF-26052DD2C714". +The default value is an empty string. Otherwise, the value should contain a GUID. For example, "E1CF1107-FF90-4228-93BF-26052DD2C714". @@ -166,11 +166,11 @@ ms.date: 11/01/2017 -
Added in Windows 10, version 1703. Specifies the per-user resource URL for which access is requested by the enterprise cloud print client during OAuth authentication. This policy must target ./User, otherwise it fails. +Added in Windows 10, version 1703. Specifies the per-user resource URL for which access is requested by the enterprise cloud print client during OAuth authentication. This policy must target ./User, otherwise it fails. -
The datatype is a string. +The datatype is a string. -
The default value is an empty string. Otherwise, the value should contain a URL. For example, "http://MicrosoftEnterpriseCloudPrint/CloudPrint". +The default value is an empty string. Otherwise, the value should contain a URL. For example, "http://MicrosoftEnterpriseCloudPrint/CloudPrint". @@ -211,11 +211,11 @@ ms.date: 11/01/2017 -
Added in Windows 10, version 1703. Specifies the per-user end point for discovering cloud printers. This policy must target ./User, otherwise it fails. +Added in Windows 10, version 1703. Specifies the per-user end point for discovering cloud printers. This policy must target ./User, otherwise it fails. -
The datatype is a string. +The datatype is a string. -
The default value is an empty string. Otherwise, the value should contain the URL of an endpoint. For example, "https://cloudprinterdiscovery.contoso.com". +The default value is an empty string. Otherwise, the value should contain the URL of an endpoint. For example, "https://cloudprinterdiscovery.contoso.com". @@ -256,11 +256,11 @@ ms.date: 11/01/2017 -
Added in Windows 10, version 1703. Defines the maximum number of printers that should be queried from a discovery end point. This policy must target ./User, otherwise it fails. +Added in Windows 10, version 1703. Defines the maximum number of printers that should be queried from a discovery end point. This policy must target ./User, otherwise it fails. -
The datatype is an integer. +The datatype is an integer. -
For Windows Mobile, the default value is 20. +For Windows Mobile, the default value is 20. @@ -301,11 +301,11 @@ ms.date: 11/01/2017 -
Added in Windows 10, version 1703. Specifies the per-user resource URL for which access is requested by the Mopria discovery client during OAuth authentication. This policy must target ./User, otherwise it fails. +Added in Windows 10, version 1703. Specifies the per-user resource URL for which access is requested by the Mopria discovery client during OAuth authentication. This policy must target ./User, otherwise it fails. -
The datatype is a string. +The datatype is a string. -
The default value is an empty string. Otherwise, the value should contain a URL. For example, "http://MopriaDiscoveryService/CloudPrint". +The default value is an empty string. Otherwise, the value should contain a URL. For example, "http://MopriaDiscoveryService/CloudPrint". diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md index 8d3786e647..cb04d76f6a 100644 --- a/windows/client-management/mdm/policy-csp-experience.md +++ b/windows/client-management/mdm/policy-csp-experience.md @@ -126,9 +126,9 @@ ms.date: 12/19/2017 > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. -
Specifies whether copy and paste is allowed. +Specifies whether copy and paste is allowed. -
Most restricted value is 0. +Most restricted value is 0. @@ -176,9 +176,9 @@ The following list shows the supported values: -
Specifies whether Cortana is allowed on the device. If you enable or don’t configure this setting, Cortana is allowed on the device. If you disable this setting, Cortana is turned off. When Cortana is off, users will still be able to use search to find items on the device. +Specifies whether Cortana is allowed on the device. If you enable or don’t configure this setting, Cortana is allowed on the device. If you disable this setting, Cortana is turned off. When Cortana is off, users will still be able to use search to find items on the device. -
Most restricted value is 0. +Most restricted value is 0. @@ -226,11 +226,11 @@ The following list shows the supported values: -
Allows users to turn on/off device discovery UX. +Allows users to turn on/off device discovery UX. -
When set to 0 , the projection pane is disabled. The Win+P and Win+K shortcut keys will not work on. +When set to 0 , the projection pane is disabled. The Win+P and Win+K shortcut keys will not work on. -
Most restricted value is 0. +Most restricted value is 0. @@ -278,11 +278,11 @@ The following list shows the supported values: -
Added in Windows 10, version 1703. This policy turns on Find My Device. +Added in Windows 10, version 1703. This policy turns on Find My Device. -
When Find My Device is on, the device and its location are registered in the cloud so that the device can be located when the user initiates a Find command from account.microsoft.com. In Windows 10, version 1709 devices that are compatible with active digitizers, enabling Find My Device will also allow the user to view the last location of use of their active digitizer on their device; this location is stored locally on the user's device after each use of their active digitizer. +When Find My Device is on, the device and its location are registered in the cloud so that the device can be located when the user initiates a Find command from account.microsoft.com. In Windows 10, version 1709 devices that are compatible with active digitizers, enabling Find My Device will also allow the user to view the last location of use of their active digitizer on their device; this location is stored locally on the user's device after each use of their active digitizer. -
When Find My Device is off, the device and its location are not registered and the Find My Device feature will not work. In Windows 10, version 1709 the user will not be able to view the location of the last use of their active digitizer on their device. +When Find My Device is off, the device and its location are not registered and the Find My Device feature will not work. In Windows 10, version 1709 the user will not be able to view the location of the last use of their active digitizer on their device. @@ -330,13 +330,13 @@ The following list shows the supported values: -
Specifies whether to allow the user to delete the workplace account using the workplace control panel. If the device is Azure Active Directory joined and MDM enrolled (e.g. auto-enrolled), which is majority of the case for Intune, then disabling the MDM unenrollment has no effect. +Specifies whether to allow the user to delete the workplace account using the workplace control panel. If the device is Azure Active Directory joined and MDM enrolled (e.g. auto-enrolled), which is majority of the case for Intune, then disabling the MDM unenrollment has no effect. > [!NOTE] > The MDM server can always remotely delete the account. -
Most restricted value is 0. +Most restricted value is 0. @@ -388,7 +388,7 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. -
Specifies whether to display dialog prompt when no SIM card is detected. +Specifies whether to display dialog prompt when no SIM card is detected. @@ -448,9 +448,9 @@ This policy is deprecated. > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. -
Specifies whether screen capture is allowed. +Specifies whether screen capture is allowed. -
Most restricted value is 0. +Most restricted value is 0. @@ -506,7 +506,7 @@ This policy is deprecated. -
Allows or disallows all Windows sync settings on the device. For information about what settings are sync'ed, see [About sync setting on Windows 10 devices](http://windows.microsoft.com/windows-10/about-sync-settings-on-windows-10-devices). +Allows or disallows all Windows sync settings on the device. For information about what settings are sync'ed, see [About sync setting on Windows 10 devices](http://windows.microsoft.com/windows-10/about-sync-settings-on-windows-10-devices). @@ -557,13 +557,13 @@ The following list shows the supported values: > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. -
Added in Windows 10, version 1703. This policy allows you to prevent Windows from using diagnostic data to provide customized experiences to the user. If you enable this policy setting, Windows will not use diagnostic data from this device to customize content shown on the lock screen, Windows tips, Microsoft consumer features, or other related features. If these features are enabled, users will still see recommendations, tips and offers, but they may be less relevant. If you disable or do not configure this policy setting, Microsoft will use diagnostic data to provide personalized recommendations, tips, and offers to tailor Windows for the user's needs and make it work better for them. +Added in Windows 10, version 1703. This policy allows you to prevent Windows from using diagnostic data to provide customized experiences to the user. If you enable this policy setting, Windows will not use diagnostic data from this device to customize content shown on the lock screen, Windows tips, Microsoft consumer features, or other related features. If these features are enabled, users will still see recommendations, tips and offers, but they may be less relevant. If you disable or do not configure this policy setting, Microsoft will use diagnostic data to provide personalized recommendations, tips, and offers to tailor Windows for the user's needs and make it work better for them. -
Diagnostic data can include browser, app and feature usage, depending on the "Diagnostic and usage data" setting value. +Diagnostic data can include browser, app and feature usage, depending on the "Diagnostic and usage data" setting value. > **Note** This setting does not control Cortana cutomized experiences because there are separate policies to configure it. -
Most restricted value is 0. +Most restricted value is 0. @@ -615,7 +615,7 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. -
Allows or disallows task switching on the device. +Allows or disallows task switching on the device. @@ -667,7 +667,7 @@ The following list shows the supported values: > This policy is only available for Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education. -
Specifies whether to allow app and content suggestions from third-party software publishers in Windows spotlight features like lock screen spotlight, suggested apps in the Start menu, and Windows tips. Users may still see suggestions for Microsoft features, apps, and services. +Specifies whether to allow app and content suggestions from third-party software publishers in Windows spotlight features like lock screen spotlight, suggested apps in the Start menu, and Windows tips. Users may still see suggestions for Microsoft features, apps, and services. @@ -719,9 +719,9 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. -
Specifies whether voice recording is allowed for apps. +Specifies whether voice recording is allowed for apps. -
Most restricted value is 0. +Most restricted value is 0. @@ -773,9 +773,9 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. -
This policy allows IT admins to turn on experiences that are typically for consumers only, such as Start suggestions, Membership notifications, Post-OOBE app install and redirect tiles. +This policy allows IT admins to turn on experiences that are typically for consumers only, such as Start suggestions, Membership notifications, Post-OOBE app install and redirect tiles. -
Most restricted value is 0. +Most restricted value is 0. @@ -827,9 +827,9 @@ The following list shows the supported values: > This policy is only available for Windows 10 Enterprise and Windows 10 Education. -
Specifies whether to turn off all Windows spotlight features at once. If you enable this policy setting, Windows spotlight on lock screen, Windows Tips, Microsoft consumer features and other related features will be turned off. You should enable this policy setting if your goal is to minimize network traffic from target devices. If you disable or do not configure this policy setting, Windows spotlight features are allowed and may be controlled individually using their corresponding policy settings. +Specifies whether to turn off all Windows spotlight features at once. If you enable this policy setting, Windows spotlight on lock screen, Windows Tips, Microsoft consumer features and other related features will be turned off. You should enable this policy setting if your goal is to minimize network traffic from target devices. If you disable or do not configure this policy setting, Windows spotlight features are allowed and may be controlled individually using their corresponding policy settings. -
Most restricted value is 0. +Most restricted value is 0. @@ -880,9 +880,9 @@ The following list shows the supported values: > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. -
Added in Windows 10, version 1703. This policy allows administrators to prevent Windows spotlight notifications from being displayed in the Action Center. If you enable this policy, Windows spotlight notifications will no longer be displayed in the Action Center. If you disable or do not configure this policy, Microsoft may display notifications in the Action Center that will suggest apps or features to help users be more productive on Windows. +Added in Windows 10, version 1703. This policy allows administrators to prevent Windows spotlight notifications from being displayed in the Action Center. If you enable this policy, Windows spotlight notifications will no longer be displayed in the Action Center. If you disable or do not configure this policy, Microsoft may display notifications in the Action Center that will suggest apps or features to help users be more productive on Windows. -
Most restricted value is 0. +Most restricted value is 0. @@ -933,10 +933,10 @@ The following list shows the supported values: > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. -
Added in Windows 10, version 1703. This policy setting lets you turn off the Windows spotlight Windows welcome experience feature. +Added in Windows 10, version 1703. This policy setting lets you turn off the Windows spotlight Windows welcome experience feature. The Windows welcome experience feature introduces onboard users to Windows; for example, launching Microsoft Edge with a webpage that highlights new features. If you enable this policy, the Windows welcome experience will no longer be displayed when there are updates and changes to Windows and its apps. If you disable or do not configure this policy, the Windows welcome experience will be launched to inform onboard users about what's new, changed, and suggested. -
Most restricted value is 0. +Most restricted value is 0. @@ -1036,9 +1036,9 @@ The following list shows the supported values: > This policy is only available for Windows 10 Enterprise and Windows 10 Education. -
Allows IT admins to specify whether spotlight should be used on the user's lock screen. If your organization does not have an Enterprise spotlight content service, then this policy will behave the same as a setting of 1. +Allows IT admins to specify whether spotlight should be used on the user's lock screen. If your organization does not have an Enterprise spotlight content service, then this policy will behave the same as a setting of 1. -
The following list shows the supported values: +The following list shows the supported values: - 0 – None. - 1 (default) – Windows spotlight enabled. @@ -1083,13 +1083,13 @@ The following list shows the supported values: -
Prevents devices from showing feedback questions from Microsoft. +Prevents devices from showing feedback questions from Microsoft. -
If you enable this policy setting, users will no longer see feedback notifications through the Feedback hub app. If you disable or do not configure this policy setting, users may see notifications through the Feedback hub app asking users for feedback. +If you enable this policy setting, users will no longer see feedback notifications through the Feedback hub app. If you disable or do not configure this policy setting, users may see notifications through the Feedback hub app asking users for feedback. -
If you disable or do not configure this policy setting, users can control how often they receive feedback questions. +If you disable or do not configure this policy setting, users can control how often they receive feedback questions. -
The following list shows the supported values: +The following list shows the supported values: - 0 (default) – Feedback notifications are not disabled. The actual state of feedback notifications on the device will then depend on what GP has configured or what the user has configured locally. - 1 – Feedback notifications are disabled. diff --git a/windows/client-management/mdm/policy-csp-exploitguard.md b/windows/client-management/mdm/policy-csp-exploitguard.md index e165e843f7..7c42eba692 100644 --- a/windows/client-management/mdm/policy-csp-exploitguard.md +++ b/windows/client-management/mdm/policy-csp-exploitguard.md @@ -61,11 +61,11 @@ ms.date: 11/01/2017 -
Enables the IT admin to push out a configuration representing the desired system and application mitigation options to all the devices in the organization. The configuration is represented by an XML. For more information Exploit Protection, see [Protect devices from exploits with Windows Defender Exploit Guard](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard) and [Import, export, and deploy Exploit Protection configurations](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml). +Enables the IT admin to push out a configuration representing the desired system and application mitigation options to all the devices in the organization. The configuration is represented by an XML. For more information Exploit Protection, see [Protect devices from exploits with Windows Defender Exploit Guard](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard) and [Import, export, and deploy Exploit Protection configurations](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml). -
The system settings require a reboot; the application settings do not require a reboot. +The system settings require a reboot; the application settings do not require a reboot. -
Here is an example: +Here is an example: ``` syntax diff --git a/windows/client-management/mdm/policy-csp-games.md b/windows/client-management/mdm/policy-csp-games.md index 17be10dc9d..86a2dccbac 100644 --- a/windows/client-management/mdm/policy-csp-games.md +++ b/windows/client-management/mdm/policy-csp-games.md @@ -61,7 +61,7 @@ ms.date: 12/14/2017 -
Added in Windows 10, version 1709. Specifies whether advanced gaming services can be used. These services may send data to Microsoft or publishers of games that use these services. Value type is integer. +Added in Windows 10, version 1709. Specifies whether advanced gaming services can be used. These services may send data to Microsoft or publishers of games that use these services. Value type is integer. diff --git a/windows/client-management/mdm/policy-csp-handwriting.md b/windows/client-management/mdm/policy-csp-handwriting.md index 3ca3c0d2bd..6806de6ebf 100644 --- a/windows/client-management/mdm/policy-csp-handwriting.md +++ b/windows/client-management/mdm/policy-csp-handwriting.md @@ -61,13 +61,13 @@ ms.date: 12/14/2017 -
Added in Windows 10. version 1709. This policy allows an enterprise to configure the default mode for the handwriting panel. +Added in Windows 10. version 1709. This policy allows an enterprise to configure the default mode for the handwriting panel. -
The handwriting panel has 2 modes - floats near the text box, or docked to the bottom of the screen. The default configuration to is floating near text box. If you want the panel to be fixed or docked, use this policy to fix it to the bottom of the screen. +The handwriting panel has 2 modes - floats near the text box, or docked to the bottom of the screen. The default configuration to is floating near text box. If you want the panel to be fixed or docked, use this policy to fix it to the bottom of the screen. -
In floating mode, the content is hidden behind a flying-in panel and results in end-user dissatisfaction. The end-user will need to drag the flying-in panel to see the rest of the content. In the fixed mode, the flying-in panel is fixed to the bottom of the screen and does not require any user interaction. +In floating mode, the content is hidden behind a flying-in panel and results in end-user dissatisfaction. The end-user will need to drag the flying-in panel to see the rest of the content. In the fixed mode, the flying-in panel is fixed to the bottom of the screen and does not require any user interaction. -
The docked mode is especially useful in Kiosk mode where you do not expect the end-user to drag the flying-in panel out of the way. +The docked mode is especially useful in Kiosk mode where you do not expect the end-user to drag the flying-in panel out of the way. diff --git a/windows/client-management/mdm/policy-csp-licensing.md b/windows/client-management/mdm/policy-csp-licensing.md index 64f7550a15..58a2418bf7 100644 --- a/windows/client-management/mdm/policy-csp-licensing.md +++ b/windows/client-management/mdm/policy-csp-licensing.md @@ -64,7 +64,7 @@ ms.date: 12/14/2017 -
Added in Windows 10, version 1607. Enables or Disable Windows license reactivation on managed devices. +Added in Windows 10, version 1607. Enables or Disable Windows license reactivation on managed devices. @@ -112,7 +112,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. Enabling this setting prevents this computer from sending data to Microsoft regarding its activation state. +Added in Windows 10, version 1607. Enabling this setting prevents this computer from sending data to Microsoft regarding its activation state. diff --git a/windows/client-management/mdm/policy-csp-location.md b/windows/client-management/mdm/policy-csp-location.md index 9c979b9d53..bc22abef7f 100644 --- a/windows/client-management/mdm/policy-csp-location.md +++ b/windows/client-management/mdm/policy-csp-location.md @@ -61,17 +61,17 @@ ms.date: 11/01/2017 -
Added in Windows 10, version 1703. Optional policy that allows for IT admin to preconfigure whether or not Location Service's Device Switch is enabled or disabled for the device. Setting this policy is not required for Location Services to function. This policy controls a device wide state that affects all users, apps, and services ability to find the device's latitude and longitude on a map. There is a separate user switch that defines whether the location service is allowed to retrieve a position for the current user. In order to retrieve a position for a specific user, both the Device Switch and the User Switch must be enabled. If either is disabled, positions cannot be retrieved for the user. The user can later change both the User Switch and the Device Switch through the user interface on the Settings -> Privacy -> Location page. +Added in Windows 10, version 1703. Optional policy that allows for IT admin to preconfigure whether or not Location Service's Device Switch is enabled or disabled for the device. Setting this policy is not required for Location Services to function. This policy controls a device wide state that affects all users, apps, and services ability to find the device's latitude and longitude on a map. There is a separate user switch that defines whether the location service is allowed to retrieve a position for the current user. In order to retrieve a position for a specific user, both the Device Switch and the User Switch must be enabled. If either is disabled, positions cannot be retrieved for the user. The user can later change both the User Switch and the Device Switch through the user interface on the Settings -> Privacy -> Location page. > [!IMPORTANT] > This policy is not intended to ever be set, pushed, or refreshed more than one time after the first boot of the device because it is meant as initial configuration. Refreshing this policy might result in the Location Service's Device Switch changing state to something the user did not select, which is not an intended use for this policy. -
The following list shows the supported values: +The following list shows the supported values: - 0 (default) – Disabled. - 1 – Enabled. -
To validate on Desktop, do the following: +To validate on Desktop, do the following: 1. Verify that Settings -> Privacy -> Location -> Location for this device is On/Off as expected. 2. Use Windows Maps Application (or similar) to see if a location can or cannot be obtained. diff --git a/windows/client-management/mdm/policy-csp-lockdown.md b/windows/client-management/mdm/policy-csp-lockdown.md index 8db727d554..af9df333ee 100644 --- a/windows/client-management/mdm/policy-csp-lockdown.md +++ b/windows/client-management/mdm/policy-csp-lockdown.md @@ -61,9 +61,9 @@ ms.date: 12/14/2017 -
Added in Windows 10, version 1607. Allows the user to invoke any system user interface by swiping in from any screen edge using touch. +Added in Windows 10, version 1607. Allows the user to invoke any system user interface by swiping in from any screen edge using touch. -
The easiest way to verify the policy is to restart the explorer process or to reboot after the policy is applied. And then try to swipe from the right edge of the screen. The desired result is for Action Center to not be invoked by the swipe. You can also enter tablet mode and attempt to swipe from the top of the screen to rearrange. That will also be disabled. +The easiest way to verify the policy is to restart the explorer process or to reboot after the policy is applied. And then try to swipe from the right edge of the screen. The desired result is for Action Center to not be invoked by the swipe. You can also enter tablet mode and attempt to swipe from the top of the screen to rearrange. That will also be disabled. diff --git a/windows/client-management/mdm/policy-csp-maps.md b/windows/client-management/mdm/policy-csp-maps.md index aca34d8a1b..06b6844b22 100644 --- a/windows/client-management/mdm/policy-csp-maps.md +++ b/windows/client-management/mdm/policy-csp-maps.md @@ -64,9 +64,9 @@ ms.date: 12/14/2017 -
Added in Windows 10, version 1607. Allows the download and update of map data over metered connections. +Added in Windows 10, version 1607. Allows the download and update of map data over metered connections. -
After the policy is applied, you can verify the settings in the user interface in **System** > **Offline Maps**. +After the policy is applied, you can verify the settings in the user interface in **System** > **Offline Maps**. @@ -115,9 +115,9 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. Disables the automatic download and update of map data. +Added in Windows 10, version 1607. Disables the automatic download and update of map data. -
After the policy is applied, you can verify the settings in the user interface in **System** > **Offline Maps**. +After the policy is applied, you can verify the settings in the user interface in **System** > **Offline Maps**. diff --git a/windows/client-management/mdm/policy-csp-messaging.md b/windows/client-management/mdm/policy-csp-messaging.md index 4d41080dfa..aa1c3698b6 100644 --- a/windows/client-management/mdm/policy-csp-messaging.md +++ b/windows/client-management/mdm/policy-csp-messaging.md @@ -70,9 +70,9 @@ ms.date: 11/01/2017 > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. -
Added in Windows 10, version 1703. Enables or disables the MMS send/receive functionality on the device. For enterprises, this policy can be used to disable MMS on devices as part of the auditing or management requirement. +Added in Windows 10, version 1703. Enables or disables the MMS send/receive functionality on the device. For enterprises, this policy can be used to disable MMS on devices as part of the auditing or management requirement. -
The following list shows the supported values: +The following list shows the supported values: - 0 - Disabled. - 1 (default) - Enabled. @@ -116,9 +116,9 @@ ms.date: 11/01/2017 -
Added in Windows 10, version 1607. Enables text message back up and restore and Messaging Everywhere. This policy allows an organization to disable these features to avoid information being stored on servers outside of their control. +Added in Windows 10, version 1607. Enables text message back up and restore and Messaging Everywhere. This policy allows an organization to disable these features to avoid information being stored on servers outside of their control. -
The following list shows the supported values: +The following list shows the supported values: - 0 - message sync is not allowed and cannot be changed by the user. - 1 - message sync is allowed. The user can change this setting. @@ -165,9 +165,9 @@ ms.date: 11/01/2017 > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. -
Added in Windows 10, version 1703. Enables or disables the RCS send/receive functionality on the device. For enterprises, this policy can be used to disable RCS on devices as part of the auditing or management requirement. +Added in Windows 10, version 1703. Enables or disables the RCS send/receive functionality on the device. For enterprises, this policy can be used to disable RCS on devices as part of the auditing or management requirement. -
The following list shows the supported values: +The following list shows the supported values: - 0 - Disabled. - 1 (default) - Enabled. diff --git a/windows/client-management/mdm/policy-csp-networkisolation.md b/windows/client-management/mdm/policy-csp-networkisolation.md index c15086a614..341511e93c 100644 --- a/windows/client-management/mdm/policy-csp-networkisolation.md +++ b/windows/client-management/mdm/policy-csp-networkisolation.md @@ -82,7 +82,7 @@ ms.date: 11/01/2017 -
Contains a list of Enterprise resource domains hosted in the cloud that need to be protected. Connections to these resources are considered enterprise data. If a proxy is paired with a cloud resource, traffic to the cloud resource will be routed through the enterprise network via the denoted proxy server (on Port 80). A proxy server used for this purpose must also be configured using the **EnterpriseInternalProxyServers** policy. This domain list is a pipe-separated list of cloud resources. Each cloud resource can also be paired optionally with an internal proxy server by using a trailing comma followed by the proxy address. For example, **<*cloudresource*>|<*cloudresource*>|<*cloudresource*>,<*proxy*>|<*cloudresource*>|<*cloudresource*>,<*proxy*>|**. +Contains a list of Enterprise resource domains hosted in the cloud that need to be protected. Connections to these resources are considered enterprise data. If a proxy is paired with a cloud resource, traffic to the cloud resource will be routed through the enterprise network via the denoted proxy server (on Port 80). A proxy server used for this purpose must also be configured using the **EnterpriseInternalProxyServers** policy. This domain list is a pipe-separated list of cloud resources. Each cloud resource can also be paired optionally with an internal proxy server by using a trailing comma followed by the proxy address. For example, **<*cloudresource*>|<*cloudresource*>|<*cloudresource*>,<*proxy*>|<*cloudresource*>|<*cloudresource*>,<*proxy*>|**. @@ -123,7 +123,7 @@ ms.date: 11/01/2017 -
Sets the enterprise IP ranges that define the computers in the enterprise network. Data that comes from those computers will be considered part of the enterprise and protected. These locations will be considered a safe destination for enterprise data to be shared to. This is a comma-separated list of IPv4 and IPv6 ranges. +Sets the enterprise IP ranges that define the computers in the enterprise network. Data that comes from those computers will be considered part of the enterprise and protected. These locations will be considered a safe destination for enterprise data to be shared to. This is a comma-separated list of IPv4 and IPv6 ranges. @@ -177,7 +177,7 @@ fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff -
Boolean value that tells the client to accept the configured list and not to use heuristics to attempt to find other subnets. +Boolean value that tells the client to accept the configured list and not to use heuristics to attempt to find other subnets. @@ -218,7 +218,7 @@ fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff -
This is the comma-separated list of internal proxy servers. For example "157.54.14.28, 157.54.11.118, 10.202.14.167, 157.53.14.163, 157.69.210.59". These proxies have been configured by the admin to connect to specific resources on the Internet. They are considered to be enterprise network locations. The proxies are only leveraged in configuring the **EnterpriseCloudResources** policy to force traffic to the matched cloud resources through these proxies. +This is the comma-separated list of internal proxy servers. For example "157.54.14.28, 157.54.11.118, 10.202.14.167, 157.53.14.163, 157.69.210.59". These proxies have been configured by the admin to connect to specific resources on the Internet. They are considered to be enterprise network locations. The proxies are only leveraged in configuring the **EnterpriseCloudResources** policy to force traffic to the matched cloud resources through these proxies. @@ -259,13 +259,13 @@ fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff -
This is the list of domains that comprise the boundaries of the enterprise. Data from one of these domains that is sent to a device will be considered enterprise data and protected These locations will be considered a safe destination for enterprise data to be shared to. This is a comma-separated list of domains, for example "contoso.sharepoint.com, Fabrikam.com". +This is the list of domains that comprise the boundaries of the enterprise. Data from one of these domains that is sent to a device will be considered enterprise data and protected These locations will be considered a safe destination for enterprise data to be shared to. This is a comma-separated list of domains, for example "contoso.sharepoint.com, Fabrikam.com". > [!NOTE] > The client requires domain name to be canonical, otherwise the setting will be rejected by the client. -
Here are the steps to create canonical domain names: +Here are the steps to create canonical domain names: 1. Transform the ASCII characters (A-Z only) to lower case. For example, Microsoft.COM -> microsoft.com. 2. Call [IdnToAscii](https://msdn.microsoft.com/library/windows/desktop/dd318149.aspx) with IDN\_USE\_STD3\_ASCII\_RULES as the flags. @@ -310,7 +310,7 @@ fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff -
This is a comma-separated list of proxy servers. Any server on this list is considered non-enterprise. For example "157.54.14.28, 157.54.11.118, 10.202.14.167, 157.53.14.163, 157.69.210.59". +This is a comma-separated list of proxy servers. Any server on this list is considered non-enterprise. For example "157.54.14.28, 157.54.11.118, 10.202.14.167, 157.53.14.163, 157.69.210.59". @@ -351,7 +351,7 @@ fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff -
Boolean value that tells the client to accept the configured list of proxies and not try to detect other work proxies. +Boolean value that tells the client to accept the configured list of proxies and not try to detect other work proxies. @@ -392,7 +392,7 @@ fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff -
List of domain names that can used for work or personal resource. +List of domain names that can used for work or personal resource. diff --git a/windows/client-management/mdm/policy-csp-notifications.md b/windows/client-management/mdm/policy-csp-notifications.md index 1aaec21713..f5d74704a5 100644 --- a/windows/client-management/mdm/policy-csp-notifications.md +++ b/windows/client-management/mdm/policy-csp-notifications.md @@ -61,11 +61,11 @@ ms.date: 12/14/2017 -
Added in Windows 10, version 1607. Boolean value that turns off notification mirroring. +Added in Windows 10, version 1607. Boolean value that turns off notification mirroring. -
For each user logged into the device, if you enable this policy (set value to 1) the app and system notifications received by this user on this device will not get mirrored to other devices of the same logged in user. If you disable or do not configure this policy (set value to 0) the notifications received by this user on this device will be mirrored to other devices of the same logged in user. This feature can be turned off by apps that do not want to participate in Notification Mirroring. This feature can also be turned off by the user in the Cortana setting page. +For each user logged into the device, if you enable this policy (set value to 1) the app and system notifications received by this user on this device will not get mirrored to other devices of the same logged in user. If you disable or do not configure this policy (set value to 0) the notifications received by this user on this device will be mirrored to other devices of the same logged in user. This feature can be turned off by apps that do not want to participate in Notification Mirroring. This feature can also be turned off by the user in the Cortana setting page. -
No reboot or service restart is required for this policy to take effect. +No reboot or service restart is required for this policy to take effect. diff --git a/windows/client-management/mdm/policy-csp-power.md b/windows/client-management/mdm/policy-csp-power.md index 533e43da2d..e4ff5000c9 100644 --- a/windows/client-management/mdm/policy-csp-power.md +++ b/windows/client-management/mdm/policy-csp-power.md @@ -145,13 +145,13 @@ ADMX Info: -
Added in Windows 10, version 1709. Turn off the display (on battery). This policy setting allows you to specify the period of inactivity before Windows turns off the display. +Added in Windows 10, version 1709. Turn off the display (on battery). This policy setting allows you to specify the period of inactivity before Windows turns off the display. -
If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows turns off the display. +If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows turns off the display. -
If you disable or do not configure this policy setting, users control this setting. +If you disable or do not configure this policy setting, users control this setting. -
If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the display from turning off. The "Prevent enabling lock screen slide show" (DeviceLock/PreventLockScreenSlideShow) policy setting can be used to disable the slide show feature. +If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the display from turning off. The "Prevent enabling lock screen slide show" (DeviceLock/PreventLockScreenSlideShow) policy setting can be used to disable the slide show feature. > [!TIP] @@ -207,13 +207,13 @@ ADMX Info: -
Added in Windows 10, version 1709. Turn off the display (plugged in). This policy setting allows you to specify the period of inactivity before Windows turns off the display. +Added in Windows 10, version 1709. Turn off the display (plugged in). This policy setting allows you to specify the period of inactivity before Windows turns off the display. -
If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows turns off the display. +If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows turns off the display. -
If you disable or do not configure this policy setting, users control this setting. +If you disable or do not configure this policy setting, users control this setting. -
If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the display from turning off. The "Prevent enabling lock screen slide show" (DeviceLock/PreventLockScreenSlideShow) policy setting can be used to disable the slide show feature. +If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the display from turning off. The "Prevent enabling lock screen slide show" (DeviceLock/PreventLockScreenSlideShow) policy setting can be used to disable the slide show feature. > [!TIP] @@ -269,14 +269,14 @@ ADMX Info: -
Added in Windows 10, version 1709. Specify the system hibernate timeout (on battery). This policy setting allows you to specify the period of inactivity before Windows transitions the system to hibernate. +Added in Windows 10, version 1709. Specify the system hibernate timeout (on battery). This policy setting allows you to specify the period of inactivity before Windows transitions the system to hibernate. -
If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to hibernate. +If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to hibernate. -
If you disable or do not configure this policy setting, users control this setting. +If you disable or do not configure this policy setting, users control this setting. -
If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" (DeviceLock/PreventLockScreenSlideShow) policy setting can be used to disable the slide show feature. +If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" (DeviceLock/PreventLockScreenSlideShow) policy setting can be used to disable the slide show feature. > [!TIP] @@ -332,13 +332,13 @@ ADMX Info: -
Added in Windows 10, version 1709. Specify the system hibernate timeout (plugged in). This policy setting allows you to specify the period of inactivity before Windows transitions the system to hibernate. +Added in Windows 10, version 1709. Specify the system hibernate timeout (plugged in). This policy setting allows you to specify the period of inactivity before Windows transitions the system to hibernate. -
If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to hibernate. +If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to hibernate. -
If you disable or do not configure this policy setting, users control this setting. +If you disable or do not configure this policy setting, users control this setting. -
If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" (DeviceLock/PreventLockScreenSlideShow) policy setting can be used to disable the slide show feature. +If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" (DeviceLock/PreventLockScreenSlideShow) policy setting can be used to disable the slide show feature. > [!TIP] @@ -514,13 +514,13 @@ ADMX Info: -
Added in Windows 10, version 1709. Specify the system sleep timeout (on battery). This policy setting allows you to specify the period of inactivity before Windows transitions the system to sleep. +Added in Windows 10, version 1709. Specify the system sleep timeout (on battery). This policy setting allows you to specify the period of inactivity before Windows transitions the system to sleep. -
If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to sleep. +If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to sleep. -
If you disable or do not configure this policy setting, users control this setting. +If you disable or do not configure this policy setting, users control this setting. -
If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" (DeviceLock/PreventLockScreenSlideShow) policy setting can be used to disable the slide show feature. +If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" (DeviceLock/PreventLockScreenSlideShow) policy setting can be used to disable the slide show feature. > [!TIP] @@ -576,13 +576,13 @@ ADMX Info: -
Added in Windows 10, version 1709. Specify the system sleep timeout (plugged in). This policy setting allows you to specify the period of inactivity before Windows transitions the system to sleep. +Added in Windows 10, version 1709. Specify the system sleep timeout (plugged in). This policy setting allows you to specify the period of inactivity before Windows transitions the system to sleep. -
If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to sleep. +If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to sleep. -
If you disable or do not configure this policy setting, users control this setting. +If you disable or do not configure this policy setting, users control this setting. -
If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" (DeviceLock/PreventLockScreenSlideShow) policy setting can be used to disable the slide show feature. +If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" (DeviceLock/PreventLockScreenSlideShow) policy setting can be used to disable the slide show feature. > [!TIP] diff --git a/windows/client-management/mdm/policy-csp-privacy.md b/windows/client-management/mdm/policy-csp-privacy.md index 9c4392ca1c..804f7611af 100644 --- a/windows/client-management/mdm/policy-csp-privacy.md +++ b/windows/client-management/mdm/policy-csp-privacy.md @@ -289,13 +289,13 @@ ms.date: 12/14/2017 -
Allows or disallows the automatic acceptance of the pairing and privacy user consent dialog when launching apps. +Allows or disallows the automatic acceptance of the pairing and privacy user consent dialog when launching apps. > [!Note] > There were issues reported with the previous release of this policy and a fix was added in Windows 10, version 1709. -
Most restricted value is 0. +Most restricted value is 0. @@ -343,9 +343,9 @@ The following list shows the supported values: -
Updated in Windows 10, version 1709. Allows the usage of cloud based speech services for Cortana, dictation, or Store applications. Setting this policy to 1, lets Microsoft use the user's voice data to improve cloud speech services for all users. +Updated in Windows 10, version 1709. Allows the usage of cloud based speech services for Cortana, dictation, or Store applications. Setting this policy to 1, lets Microsoft use the user's voice data to improve cloud speech services for all users. -
Most restricted value is 0. +Most restricted value is 0. @@ -395,9 +395,9 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. Enables or disables the Advertising ID. +Added in Windows 10, version 1607. Enables or disables the Advertising ID. -
Most restricted value is 0. +Most restricted value is 0. @@ -494,15 +494,15 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. Specifies whether Windows apps can access account information. +Added in Windows 10, version 1607. Specifies whether Windows apps can access account information. -
The following list shows the supported values: +The following list shows the supported values: - 0 – User in control. - 1 – Force allow. - 2 - Force deny. -
Most restricted value is 2. +Most restricted value is 2. @@ -543,7 +543,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to account information. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to account information. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps. @@ -584,7 +584,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to account information. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to account information. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps. @@ -625,7 +625,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the account information privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the account information privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps. @@ -666,15 +666,15 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. Specifies whether Windows apps can access the calendar. +Added in Windows 10, version 1607. Specifies whether Windows apps can access the calendar. -
The following list shows the supported values: +The following list shows the supported values: - 0 – User in control. - 1 – Force allow. - 2 - Force deny. -
Most restricted value is 2. +Most restricted value is 2. @@ -715,7 +715,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to the calendar. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to the calendar. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps. @@ -756,7 +756,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to the calendar. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to the calendar. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps. @@ -797,7 +797,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the calendar privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the calendar privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps. @@ -838,15 +838,15 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. Specifies whether Windows apps can access call history. +Added in Windows 10, version 1607. Specifies whether Windows apps can access call history. -
The following list shows the supported values: +The following list shows the supported values: - 0 – User in control. - 1 – Force allow. - 2 - Force deny. -
Most restricted value is 2. +Most restricted value is 2. @@ -887,7 +887,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to call history. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to call history. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps. @@ -928,7 +928,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to call history. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to call history. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps. @@ -969,7 +969,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the call history privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the call history privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps. @@ -1010,15 +1010,15 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. Specifies whether Windows apps can access the camera. +Added in Windows 10, version 1607. Specifies whether Windows apps can access the camera. -
The following list shows the supported values: +The following list shows the supported values: - 0 – User in control. - 1 – Force allow. - 2 - Force deny. -
Most restricted value is 2. +Most restricted value is 2. @@ -1059,7 +1059,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to the camera. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to the camera. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps. @@ -1100,7 +1100,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to the camera. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to the camera. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps. @@ -1141,7 +1141,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the camera privacy setting for the listed apps. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the camera privacy setting for the listed apps. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps. @@ -1182,15 +1182,15 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. Specifies whether Windows apps can access contacts. +Added in Windows 10, version 1607. Specifies whether Windows apps can access contacts. -
The following list shows the supported values: +The following list shows the supported values: - 0 – User in control. - 1 – Force allow. - 2 - Force deny. -
Most restricted value is 2. +Most restricted value is 2. @@ -1231,7 +1231,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to contacts. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to contacts. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps. @@ -1272,7 +1272,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to contacts. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to contacts. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps. @@ -1313,7 +1313,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the contacts privacy setting for the listed apps. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the contacts privacy setting for the listed apps. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps. @@ -1354,15 +1354,15 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. Specifies whether Windows apps can access email. +Added in Windows 10, version 1607. Specifies whether Windows apps can access email. -
The following list shows the supported values: +The following list shows the supported values: - 0 – User in control. - 1 – Force allow. - 2 - Force deny. -
Most restricted value is 2. +Most restricted value is 2. @@ -1403,7 +1403,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to email. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to email. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps. @@ -1444,7 +1444,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to email. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to email. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps. @@ -1485,7 +1485,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the email privacy setting for the listed apps. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the email privacy setting for the listed apps. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps. @@ -1526,15 +1526,15 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. Specifies whether Windows apps can access location. +Added in Windows 10, version 1607. Specifies whether Windows apps can access location. -
The following list shows the supported values: +The following list shows the supported values: - 0 – User in control. - 1 – Force allow. - 2 - Force deny. -
Most restricted value is 2. +Most restricted value is 2. @@ -1575,7 +1575,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to location. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to location. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps. @@ -1616,7 +1616,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to location. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to location. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps. @@ -1657,7 +1657,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the location privacy setting for the listed apps. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the location privacy setting for the listed apps. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps. @@ -1698,15 +1698,15 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. Specifies whether Windows apps can read or send messages (text or MMS). +Added in Windows 10, version 1607. Specifies whether Windows apps can read or send messages (text or MMS). -
The following list shows the supported values: +The following list shows the supported values: - 0 – User in control. - 1 – Force allow. - 2 - Force deny. -
Most restricted value is 2. +Most restricted value is 2. @@ -1747,7 +1747,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed to read or send messages (text or MMS). This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed to read or send messages (text or MMS). This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps. @@ -1788,7 +1788,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are not allowed to read or send messages (text or MMS). This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are not allowed to read or send messages (text or MMS). This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps. @@ -1829,7 +1829,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the messaging privacy setting for the listed apps. This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the messaging privacy setting for the listed apps. This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps. @@ -1870,15 +1870,15 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. Specifies whether Windows apps can access the microphone. +Added in Windows 10, version 1607. Specifies whether Windows apps can access the microphone. -
The following list shows the supported values: +The following list shows the supported values: - 0 – User in control. - 1 – Force allow. - 2 - Force deny. -
Most restricted value is 2. +Most restricted value is 2. @@ -1919,7 +1919,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to the microphone. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to the microphone. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps. @@ -1960,7 +1960,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to the microphone. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to the microphone. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps. @@ -2001,7 +2001,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the microphone privacy setting for the listed apps. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the microphone privacy setting for the listed apps. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps. @@ -2042,15 +2042,15 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. Specifies whether Windows apps can access motion data. +Added in Windows 10, version 1607. Specifies whether Windows apps can access motion data. -
The following list shows the supported values: +The following list shows the supported values: - 0 – User in control. - 1 – Force allow. - 2 - Force deny. -
Most restricted value is 2. +Most restricted value is 2. @@ -2091,7 +2091,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to motion data. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to motion data. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps. @@ -2132,7 +2132,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to motion data. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to motion data. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps. @@ -2173,7 +2173,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the motion privacy setting for the listed apps. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the motion privacy setting for the listed apps. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps. @@ -2214,15 +2214,15 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. Specifies whether Windows apps can access notifications. +Added in Windows 10, version 1607. Specifies whether Windows apps can access notifications. -
The following list shows the supported values: +The following list shows the supported values: - 0 – User in control. - 1 – Force allow. - 2 - Force deny. -
Most restricted value is 2. +Most restricted value is 2. @@ -2263,7 +2263,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to notifications. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to notifications. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps. @@ -2304,7 +2304,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to notifications. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to notifications. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps. @@ -2345,7 +2345,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the notifications privacy setting for the listed apps. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the notifications privacy setting for the listed apps. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps. @@ -2386,15 +2386,15 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. Specifies whether Windows apps can make phone calls. +Added in Windows 10, version 1607. Specifies whether Windows apps can make phone calls. -
The following list shows the supported values: +The following list shows the supported values: - 0 – User in control. - 1 – Force allow. - 2 - Force deny. -
Most restricted value is 2. +Most restricted value is 2. @@ -2435,7 +2435,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed to make phone calls. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed to make phone calls. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps. @@ -2476,7 +2476,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are not allowed to make phone calls. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are not allowed to make phone calls. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps. @@ -2517,7 +2517,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the phone call privacy setting for the listed apps. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the phone call privacy setting for the listed apps. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps. @@ -2558,15 +2558,15 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. Specifies whether Windows apps have access to control radios. +Added in Windows 10, version 1607. Specifies whether Windows apps have access to control radios. -
The following list shows the supported values: +The following list shows the supported values: - 0 – User in control. - 1 – Force allow. - 2 - Force deny. -
Most restricted value is 2. +Most restricted value is 2. @@ -2607,7 +2607,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to control radios. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to control radios. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps. @@ -2648,7 +2648,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to control radios. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to control radios. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps. @@ -2689,7 +2689,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the radios privacy setting for the listed apps. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the radios privacy setting for the listed apps. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps. @@ -2730,7 +2730,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1703. Specifies whether Windows apps can access tasks. +Added in Windows 10, version 1703. Specifies whether Windows apps can access tasks. @@ -2771,7 +2771,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to tasks. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps. +Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to tasks. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps. @@ -2812,7 +2812,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to tasks. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps. +Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to tasks. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps. @@ -2853,7 +2853,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the tasks privacy setting for the listed apps. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps. +Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the tasks privacy setting for the listed apps. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps. @@ -2894,15 +2894,15 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. Specifies whether Windows apps can access trusted devices. +Added in Windows 10, version 1607. Specifies whether Windows apps can access trusted devices. -
The following list shows the supported values: +The following list shows the supported values: - 0 – User in control. - 1 – Force allow. - 2 - Force deny. -
Most restricted value is 2. +Most restricted value is 2. @@ -2943,7 +2943,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to trusted devices. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to trusted devices. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps. @@ -2984,7 +2984,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to trusted devices. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to trusted devices. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps. @@ -3025,7 +3025,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the 'trusted devices' privacy setting for the listed apps. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the 'trusted devices' privacy setting for the listed apps. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps. @@ -3066,15 +3066,15 @@ The following list shows the supported values: -
Added in Windows 10, version 1703. Force allow, force deny or give user control of apps that can get diagnostic information about other running apps. +Added in Windows 10, version 1703. Force allow, force deny or give user control of apps that can get diagnostic information about other running apps. -
The following list shows the supported values: +The following list shows the supported values: - 0 – User in control. - 1 – Force allow. - 2 - Force deny. -
Most restricted value is 2. +Most restricted value is 2. @@ -3115,7 +3115,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to diagnostic information about other running apps. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified apps. +Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to diagnostic information about other running apps. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified apps. @@ -3156,7 +3156,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to diagnostic information about other running apps. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified apps. +Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to diagnostic information about other running apps. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified apps. @@ -3197,7 +3197,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the 'get diagnostic info' privacy setting for the listed apps. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified apps. +Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the 'get diagnostic info' privacy setting for the listed apps. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified apps. @@ -3238,15 +3238,15 @@ The following list shows the supported values: -
Added in Windows 10, version 1703. Specifies whether Windows apps can run in the background. +Added in Windows 10, version 1703. Specifies whether Windows apps can run in the background. -
The following list shows the supported values: +The following list shows the supported values: - 0 – User in control (default). - 1 – Force allow. - 2 - Force deny. -
Most restricted value is 2. +Most restricted value is 2. > [!WARNING] > Be careful when determining which apps should have their background activity disabled. Communication apps normally update tiles and notifications through background processes. Turning off background activity for these types of apps could cause text message, email, and voicemail notifications to not function. This could also cause background email syncing to not function properly. @@ -3289,7 +3289,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are able to run in the background. This setting overrides the default LetAppsRunInBackground policy setting for the specified apps. +Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are able to run in the background. This setting overrides the default LetAppsRunInBackground policy setting for the specified apps. @@ -3330,7 +3330,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied the ability to run in the background. This setting overrides the default LetAppsRunInBackground policy setting for the specified apps. +Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied the ability to run in the background. This setting overrides the default LetAppsRunInBackground policy setting for the specified apps. @@ -3371,7 +3371,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the background apps privacy setting for the listed apps. This setting overrides the default LetAppsRunInBackground policy setting for the specified apps. +Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the background apps privacy setting for the listed apps. This setting overrides the default LetAppsRunInBackground policy setting for the specified apps. @@ -3412,15 +3412,15 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. Specifies whether Windows apps can sync with devices. +Added in Windows 10, version 1607. Specifies whether Windows apps can sync with devices. -
The following list shows the supported values: +The following list shows the supported values: - 0 – User in control. - 1 – Force allow. - 2 - Force deny. -
Most restricted value is 2. +Most restricted value is 2. @@ -3461,7 +3461,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to sync with devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to sync with devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps. @@ -3502,7 +3502,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to sync with devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to sync with devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps. @@ -3543,7 +3543,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the 'sync with devices' privacy setting for the listed apps. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the 'sync with devices' privacy setting for the listed apps. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps. diff --git a/windows/client-management/mdm/policy-csp-search.md b/windows/client-management/mdm/policy-csp-search.md index 204a76ade1..e5fca3da40 100644 --- a/windows/client-management/mdm/policy-csp-search.md +++ b/windows/client-management/mdm/policy-csp-search.md @@ -102,9 +102,9 @@ ms.date: 01/08/2018 -
Added in Windows 10, version 1709. Allow search and Cortana to search cloud sources like OneDrive and SharePoint. This policy allows corporate administrators to control whether employees can turn off/on the search of these cloud sources. The default policy value is to allow employees access to the setting that controls search of cloud sources. +Added in Windows 10, version 1709. Allow search and Cortana to search cloud sources like OneDrive and SharePoint. This policy allows corporate administrators to control whether employees can turn off/on the search of these cloud sources. The default policy value is to allow employees access to the setting that controls search of cloud sources. -
The following list shows the supported values: +The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. @@ -203,13 +203,13 @@ The following list shows the supported values: -
Allows or disallows the indexing of items. This switch is for the Windows Search Indexer, which controls whether it will index items that are encrypted, such as the Windows Information Protection (WIP) protected files. +Allows or disallows the indexing of items. This switch is for the Windows Search Indexer, which controls whether it will index items that are encrypted, such as the Windows Information Protection (WIP) protected files. -
When the policy is enabled, WIP protected items are indexed and the metadata about them are stored in an unencrypted location. The metadata includes things like file path and date modified. +When the policy is enabled, WIP protected items are indexed and the metadata about them are stored in an unencrypted location. The metadata includes things like file path and date modified. -
When the policy is disabled, the WIP protected items are not indexed and do not show up in the results in Cortana or file explorer. There may also be a performance impact on photos and Groove apps if there are a lot of WIP protected media files on the device. +When the policy is disabled, the WIP protected items are not indexed and do not show up in the results in Cortana or file explorer. There may also be a performance impact on photos and Groove apps if there are a lot of WIP protected media files on the device. -
Most restricted value is 0. +Most restricted value is 0. @@ -257,9 +257,9 @@ The following list shows the supported values: -
Specifies whether search can leverage location information. +Specifies whether search can leverage location information. -
Most restricted value is 0. +Most restricted value is 0. @@ -284,7 +284,7 @@ The following list shows the supported values: -
This policy has been deprecated. +This policy has been deprecated. @@ -325,14 +325,14 @@ The following list shows the supported values: -
Allows the use of diacritics. +Allows the use of diacritics. -
The following list shows the supported values: +The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. -
Most restricted value is 0. +Most restricted value is 0. @@ -373,7 +373,7 @@ The following list shows the supported values: -
Allow Windows indexer. Value type is integer. +Allow Windows indexer. Value type is integer. @@ -414,14 +414,14 @@ The following list shows the supported values: -
Specifies whether to always use automatic language detection when indexing content and properties. +Specifies whether to always use automatic language detection when indexing content and properties. -
The following list shows the supported values: +The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. -
Most restricted value is 0. +Most restricted value is 0. @@ -462,9 +462,9 @@ The following list shows the supported values: -
If enabled, the search indexer backoff feature will be disabled. Indexing will continue at full speed even when system activity is high. If disabled, backoff logic will be used to throttle back indexing activity when system activity is high. Default is disabled. +If enabled, the search indexer backoff feature will be disabled. Indexing will continue at full speed even when system activity is high. If disabled, backoff logic will be used to throttle back indexing activity when system activity is high. Default is disabled. -
The following list shows the supported values: +The following list shows the supported values: - 0 (default) – Disable. - 1 – Enable. @@ -508,13 +508,13 @@ The following list shows the supported values: -
This policy setting configures whether or not locations on removable drives can be added to libraries. +This policy setting configures whether or not locations on removable drives can be added to libraries. -
If you enable this policy setting, locations on removable drives cannot be added to libraries. In addition, locations on removable drives cannot be indexed. +If you enable this policy setting, locations on removable drives cannot be added to libraries. In addition, locations on removable drives cannot be indexed. -
If you disable or do not configure this policy setting, locations on removable drives can be added to libraries. In addition, locations on removable drives can be indexed. +If you disable or do not configure this policy setting, locations on removable drives can be added to libraries. In addition, locations on removable drives can be indexed. -
The following list shows the supported values: +The following list shows the supported values: - 0 (default) – Disable. - 1 – Enable. @@ -617,13 +617,13 @@ The following list shows the supported values: -
Enabling this policy prevents indexing from continuing after less than the specified amount of hard drive space is left on the same drive as the index location. Select between 0 and 1. +Enabling this policy prevents indexing from continuing after less than the specified amount of hard drive space is left on the same drive as the index location. Select between 0 and 1. -
Enable this policy if computers in your environment have extremely limited hard drive space. +Enable this policy if computers in your environment have extremely limited hard drive space. -
When this policy is disabled or not configured, Windows Desktop Search automatically manages your index size. +When this policy is disabled or not configured, Windows Desktop Search automatically manages your index size. -
The following list shows the supported values: +The following list shows the supported values: - 0 – Disable. - 1 (default) – Enable. @@ -667,9 +667,9 @@ The following list shows the supported values: -
If enabled, clients will be unable to query this computer's index remotely. Thus, when they are browsing network shares that are stored on this computer, they will not search them using the index. If disabled, client search requests will use this computer's index.. +If enabled, clients will be unable to query this computer's index remotely. Thus, when they are browsing network shares that are stored on this computer, they will not search them using the index. If disabled, client search requests will use this computer's index.. -
The following list shows the supported values: +The following list shows the supported values: - 0 – Disable. - 1 (default) – Enable. @@ -717,14 +717,14 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. -
Specifies what level of safe search (filtering adult content) is required. +Specifies what level of safe search (filtering adult content) is required. -
The following list shows the supported values: +The following list shows the supported values: - 0 – Strict, highest filtering against adult content. - 1 (default) – Moderate filtering against adult content (valid search results will not be filtered). -
Most restricted value is 0. +Most restricted value is 0. diff --git a/windows/client-management/mdm/policy-csp-security.md b/windows/client-management/mdm/policy-csp-security.md index 41b61f3d9e..049d83e896 100644 --- a/windows/client-management/mdm/policy-csp-security.md +++ b/windows/client-management/mdm/policy-csp-security.md @@ -93,7 +93,7 @@ ms.date: 01/16/2018 -
Specifies whether to allow the runtime configuration agent to install provisioning packages. +Specifies whether to allow the runtime configuration agent to install provisioning packages. @@ -141,9 +141,9 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. -
Specifies whether to allow automatic device encryption during OOBE when the device is Azure AD joined. +Specifies whether to allow automatic device encryption during OOBE when the device is Azure AD joined. -
The following list shows the supported values: +The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. @@ -191,9 +191,9 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. -
Specifies whether the user is allowed to manually install root and intermediate CA certificates. +Specifies whether the user is allowed to manually install root and intermediate CA certificates. -
Most restricted value is 0. +Most restricted value is 0. @@ -241,7 +241,7 @@ The following list shows the supported values: -
Specifies whether to allow the runtime configuration agent to remove provisioning packages. +Specifies whether to allow the runtime configuration agent to remove provisioning packages. @@ -293,7 +293,7 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. -
Allows or disallow Anti Theft Mode on the device. +Allows or disallow Anti Theft Mode on the device. @@ -453,11 +453,11 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. -
Added in Windows 10, version 1607 to replace the deprecated policy **Security/AllowAutomaticDeviceEncryptionForAzureADJoinedDevices**. +Added in Windows 10, version 1607 to replace the deprecated policy **Security/AllowAutomaticDeviceEncryptionForAzureADJoinedDevices**. -
Specifies whether to allow automatic device encryption during OOBE when the device is Azure AD joined. +Specifies whether to allow automatic device encryption during OOBE when the device is Azure AD joined. -
The following list shows the supported values: +The following list shows the supported values: - 0 (default) – Encryption enabled. - 1 – Encryption disabled. @@ -504,14 +504,14 @@ The following list shows the supported values: > [!NOTE] > This policy is only enforced in Windows 10 Mobile. In Windows 10 for desktop, you can query encryption status by using the [DeviceStatus CSP](devicestatus-csp.md) node **DeviceStatus/Compliance/EncryptionCompliance**. -
Allows enterprise to turn on internal storage encryption. +Allows enterprise to turn on internal storage encryption. -
The following list shows the supported values: +The following list shows the supported values: - 0 (default) – Encryption is not required. - 1 – Encryption is required. -
Most restricted value is 1. +Most restricted value is 1. > [!IMPORTANT] > If encryption has been enabled, it cannot be turned off by using this policy. @@ -555,9 +555,9 @@ The following list shows the supported values: -
Specifies whether provisioning packages must have a certificate signed by a device trusted authority. +Specifies whether provisioning packages must have a certificate signed by a device trusted authority. -
The following list shows the supported values: +The following list shows the supported values: - 0 (default) – Not required. - 1 – Required. @@ -601,14 +601,14 @@ The following list shows the supported values: -
Specifies whether to retrieve and post TCG Boot logs, and get or cache an encrypted or signed Health Attestation Report from the Microsoft Health Attestation Service (HAS) when a device boots or reboots. +Specifies whether to retrieve and post TCG Boot logs, and get or cache an encrypted or signed Health Attestation Report from the Microsoft Health Attestation Service (HAS) when a device boots or reboots. -
The following list shows the supported values: +The following list shows the supported values: - 0 (default) – Not required. - 1 – Required. -
Setting this policy to 1 (Required): +Setting this policy to 1 (Required): - Determines whether a device is capable of Remote Device Health Attestation, by verifying if the device has TPM 2.0. - Improves the performance of the device by enabling the device to fetch and cache data to reduce the latency during Device Health Verification. @@ -617,7 +617,7 @@ The following list shows the supported values: > We recommend that this policy is set to Required after MDM enrollment. -
Most restricted value is 1. +Most restricted value is 1. diff --git a/windows/client-management/mdm/policy-csp-settings.md b/windows/client-management/mdm/policy-csp-settings.md index eae7e34484..614331c610 100644 --- a/windows/client-management/mdm/policy-csp-settings.md +++ b/windows/client-management/mdm/policy-csp-settings.md @@ -106,7 +106,7 @@ ms.date: 12/19/2017 > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. -
Allows the user to change Auto Play settings. +Allows the user to change Auto Play settings. > [!NOTE] > Setting this policy to 0 (Not allowed) does not affect the autoplay dialog box that appears when a device is connected. @@ -157,7 +157,7 @@ The following list shows the supported values: -
Allows the user to change Data Sense settings. +Allows the user to change Data Sense settings. @@ -205,7 +205,7 @@ The following list shows the supported values: -
Allows the user to change date and time settings. +Allows the user to change date and time settings. @@ -253,7 +253,7 @@ The following list shows the supported values: -
Allows editing of the device name. +Allows editing of the device name. @@ -305,7 +305,7 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. -
Allows the user to change the language settings. +Allows the user to change the language settings. @@ -408,7 +408,7 @@ If disabled, Settings will not contact Microsoft content services to retrieve ti > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. -
Allows the user to change power and sleep settings. +Allows the user to change power and sleep settings. @@ -460,7 +460,7 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. -
Allows the user to change the region settings. +Allows the user to change the region settings. @@ -512,7 +512,7 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. -
Allows the user to change sign-in options. +Allows the user to change sign-in options. @@ -560,7 +560,7 @@ The following list shows the supported values: -
Allows the user to change VPN settings. +Allows the user to change VPN settings. @@ -612,7 +612,7 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. -
Allows user to change workplace settings. +Allows user to change workplace settings. @@ -660,7 +660,7 @@ The following list shows the supported values: -
Allows user to change account settings. +Allows user to change account settings. @@ -708,9 +708,9 @@ The following list shows the supported values: -
Added in Windows 10, version 1703. Allows IT Admins to configure the default setting for showing additional calendars (besides the default calendar for the locale) in the taskbar clock and calendar flyout. In this version of Windows 10, supported additional calendars are: Simplified or Traditional Chinese lunar calendar. Turning on one of these calendars will display Chinese lunar dates below the default calendar for the locale. Select "Don't show additional calendars" to prevent showing other calendars besides the default calendar for the locale. +Added in Windows 10, version 1703. Allows IT Admins to configure the default setting for showing additional calendars (besides the default calendar for the locale) in the taskbar clock and calendar flyout. In this version of Windows 10, supported additional calendars are: Simplified or Traditional Chinese lunar calendar. Turning on one of these calendars will display Chinese lunar dates below the default calendar for the locale. Select "Don't show additional calendars" to prevent showing other calendars besides the default calendar for the locale. -
The following list shows the supported values: +The following list shows the supported values: - 0 (default) – User will be allowed to configure the setting. - 1 – Don't show additional calendars. @@ -756,15 +756,15 @@ The following list shows the supported values: -
Added in Windows 10, version 1703. Allows IT Admins to either prevent specific pages in the System Settings app from being visible or accessible, or to do so for all pages except those specified. The mode will be specified by the policy string beginning with either the string "showonly:" or "hide:". Pages are identified by a shortened version of their already published URIs, which is the URI minus the "ms-settings:" prefix. For example, if the URI for a settings page is "ms-settings:foo", the page identifier used in the policy will be just "foo". Multiple page identifiers are separated by semicolons. +Added in Windows 10, version 1703. Allows IT Admins to either prevent specific pages in the System Settings app from being visible or accessible, or to do so for all pages except those specified. The mode will be specified by the policy string beginning with either the string "showonly:" or "hide:". Pages are identified by a shortened version of their already published URIs, which is the URI minus the "ms-settings:" prefix. For example, if the URI for a settings page is "ms-settings:foo", the page identifier used in the policy will be just "foo". Multiple page identifiers are separated by semicolons. -
The following example illustrates a policy that would allow access only to the about and bluetooth pages, which have URI "ms-settings:about" and "ms-settings:bluetooth" respectively: +The following example illustrates a policy that would allow access only to the about and bluetooth pages, which have URI "ms-settings:about" and "ms-settings:bluetooth" respectively: -
showonly:about;bluetooth +showonly:about;bluetooth -
If the policy is not specified, the behavior will be that no pages are affected. If the policy string is formatted incorrectly, it will be ignored entirely (i.e. treated as not set) to prevent the machine from becoming unserviceable if data corruption occurs. Note that if a page is already hidden for another reason, then it will remain hidden even if it is in a "showonly:" list. +If the policy is not specified, the behavior will be that no pages are affected. If the policy string is formatted incorrectly, it will be ignored entirely (i.e. treated as not set) to prevent the machine from becoming unserviceable if data corruption occurs. Note that if a page is already hidden for another reason, then it will remain hidden even if it is in a "showonly:" list. -
The format of the PageVisibilityList value is as follows: +The format of the PageVisibilityList value is as follows: - The value is a unicode string up to 10,000 characters long, which will be used without case sensitivity. - There are two variants: one that shows only the given pages and one which hides the given pages. @@ -772,17 +772,17 @@ The following list shows the supported values: - Following the variant identifier is a semicolon-delimited list of page identifiers, which must not have any extra whitespace. - Each page identifier is the ms-settings:xyz URI for the page, minus the ms-settings: prefix, so the identifier for the page with URI "ms-settings:wi-fi" would be just "wi-fi". -
The default value for this setting is an empty string, which is interpreted as show everything. +The default value for this setting is an empty string, which is interpreted as show everything. -
Example 1, specifies that only the wifi and bluetooth pages should be shown (they have URIs ms-settings:wi-fi and ms-settings:bluetooth). All other pages (and the categories they're in) will be hidden: +Example 1, specifies that only the wifi and bluetooth pages should be shown (they have URIs ms-settings:wi-fi and ms-settings:bluetooth). All other pages (and the categories they're in) will be hidden: -
showonly:wi-fi;bluetooth +showonly:wi-fi;bluetooth -
Example 2, specifies that the wifi page should not be shown: +Example 2, specifies that the wifi page should not be shown: -
hide:wifi +hide:wifi -
To validate on Desktop, do the following: +To validate on Desktop, do the following: 1. Open System Settings and verfiy that the About page is visible and accessible. 2. Configure the policy with the following string: "hide:about". diff --git a/windows/client-management/mdm/policy-csp-smartscreen.md b/windows/client-management/mdm/policy-csp-smartscreen.md index 8dbd4fe36b..f842311ff1 100644 --- a/windows/client-management/mdm/policy-csp-smartscreen.md +++ b/windows/client-management/mdm/policy-csp-smartscreen.md @@ -67,7 +67,7 @@ ms.date: 12/14/2017 -
Added in Windows 10, version 1703. Allows IT Admins to control whether users are allowed to install apps from places other than the Store. +Added in Windows 10, version 1703. Allows IT Admins to control whether users are allowed to install apps from places other than the Store. @@ -115,7 +115,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1703. Allows IT Admins to configure SmartScreen for Windows. +Added in Windows 10, version 1703. Allows IT Admins to configure SmartScreen for Windows. @@ -163,7 +163,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1703. Allows IT Admins to control whether users can can ignore SmartScreen warnings and run malicious files. +Added in Windows 10, version 1703. Allows IT Admins to control whether users can can ignore SmartScreen warnings and run malicious files. diff --git a/windows/client-management/mdm/policy-csp-speech.md b/windows/client-management/mdm/policy-csp-speech.md index 0f87f58919..ff34e8ec3b 100644 --- a/windows/client-management/mdm/policy-csp-speech.md +++ b/windows/client-management/mdm/policy-csp-speech.md @@ -61,7 +61,7 @@ ms.date: 12/14/2017 -
Added in Windows 10, version 1607. Specifies whether the device will receive updates to the speech recognition and speech synthesis models. A speech model contains data used by the speech engine to convert audio to text (or vice-versa). The models are periodically updated to improve accuracy and performance. Models are non-executable data files. If enabled, the device will periodically check for updated speech models and then download them from a Microsoft service using the Background Internet Transfer Service (BITS). +Added in Windows 10, version 1607. Specifies whether the device will receive updates to the speech recognition and speech synthesis models. A speech model contains data used by the speech engine to convert audio to text (or vice-versa). The models are periodically updated to improve accuracy and performance. Models are non-executable data files. If enabled, the device will periodically check for updated speech models and then download them from a Microsoft service using the Background Internet Transfer Service (BITS). diff --git a/windows/client-management/mdm/policy-csp-start.md b/windows/client-management/mdm/policy-csp-start.md index 02f3b03e71..4e4567d276 100644 --- a/windows/client-management/mdm/policy-csp-start.md +++ b/windows/client-management/mdm/policy-csp-start.md @@ -145,7 +145,7 @@ ms.date: 12/14/2017 -
Added in Windows 10, version 1703. This policy controls the visibility of the Documents shortcut on the Start menu. +Added in Windows 10, version 1703. This policy controls the visibility of the Documents shortcut on the Start menu. @@ -194,7 +194,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1703. This policy controls the visibility of the Downloads shortcut on the Start menu. +Added in Windows 10, version 1703. This policy controls the visibility of the Downloads shortcut on the Start menu. @@ -243,7 +243,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1703. This policy controls the visibility of the File Explorer shortcut on the Start menu. +Added in Windows 10, version 1703. This policy controls the visibility of the File Explorer shortcut on the Start menu. @@ -292,7 +292,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1703. This policy controls the visibility of the HomeGroup shortcut on the Start menu. +Added in Windows 10, version 1703. This policy controls the visibility of the HomeGroup shortcut on the Start menu. @@ -341,7 +341,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1703. This policy controls the visibility of the Music shortcut on the Start menu. +Added in Windows 10, version 1703. This policy controls the visibility of the Music shortcut on the Start menu. @@ -390,7 +390,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1703. This policy controls the visibility of the Network shortcut on the Start menu. +Added in Windows 10, version 1703. This policy controls the visibility of the Network shortcut on the Start menu. @@ -439,7 +439,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1703. This policy controls the visibility of the PersonalFolder shortcut on the Start menu. +Added in Windows 10, version 1703. This policy controls the visibility of the PersonalFolder shortcut on the Start menu. @@ -488,7 +488,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1703. This policy controls the visibility of the Pictures shortcut on the Start menu. +Added in Windows 10, version 1703. This policy controls the visibility of the Pictures shortcut on the Start menu. @@ -537,7 +537,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1703. This policy controls the visibility of the Settings shortcut on the Start menu. +Added in Windows 10, version 1703. This policy controls the visibility of the Settings shortcut on the Start menu. @@ -586,7 +586,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1703. This policy controls the visibility of the Videos shortcut on the Start menu. +Added in Windows 10, version 1703. This policy controls the visibility of the Videos shortcut on the Start menu. @@ -639,15 +639,15 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. -
Forces the start screen size. +Forces the start screen size. -
The following list shows the supported values: +The following list shows the supported values: - 0 (default) – Do not force size of Start. - 1 – Force non-fullscreen size of Start. - 2 - Force a fullscreen size of Start. -
If there is policy configuration conflict, the latest configuration request is applied to the device. +If there is policy configuration conflict, the latest configuration request is applied to the device. @@ -691,19 +691,19 @@ The following list shows the supported values: > [!NOTE] > This policy requires reboot to take effect. -
Allows IT Admins to configure Start by collapsing or removing the all apps list. +Allows IT Admins to configure Start by collapsing or removing the all apps list. > [!Note] > There were issues reported with the previous release of this policy and a fix was added in Windows 10, version 1709. -
The following list shows the supported values: +The following list shows the supported values: - 0 (default) – None. - 1 – Hide all apps list. - 2 - Hide all apps list, and Disable "Show app list in Start menu" in Settings app. - 3 - Hide all apps list, remove all apps button, and Disable "Show app list in Start menu" in Settings app. -
To validate on Desktop, do the following: +To validate on Desktop, do the following: - 1 - Enable policy and restart explorer.exe - 2a - If set to '1': Verify that the all apps list is collapsed, and that the Settings toggle is not grayed out. @@ -749,9 +749,9 @@ The following list shows the supported values: -
Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Change account settings" from appearing in the user tile. +Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Change account settings" from appearing in the user tile. -
To validate on Desktop, do the following: +To validate on Desktop, do the following: 1. Enable policy. 2. Open Start, click on the user tile, and verify that "Change account settings" is not available. @@ -805,9 +805,9 @@ The following list shows the supported values: > [!NOTE] > This policy requires reboot to take effect. -
Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding most used apps. +Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding most used apps. -
To validate on Desktop, do the following: +To validate on Desktop, do the following: 1. Enable "Show most used apps" in the Settings app. 2. Use some apps to get them into the most used group in Start. @@ -862,9 +862,9 @@ The following list shows the supported values: -
Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Hibernate" from appearing in the Power button. +Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Hibernate" from appearing in the Power button. -
To validate on Laptop, do the following: +To validate on Laptop, do the following: 1. Enable policy. 2. Open Start, click on the Power button, and verify "Hibernate" is not available. @@ -918,9 +918,9 @@ The following list shows the supported values: -
Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Lock" from appearing in the user tile. +Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Lock" from appearing in the user tile. -
To validate on Desktop, do the following: +To validate on Desktop, do the following: 1. Enable policy. 2. Open Start, click on the user tile, and verify "Lock" is not available. @@ -971,9 +971,9 @@ The following list shows the supported values: -
Added in Windows 10, version 1709. Enabling this policy removes the people icon from the taskbar as well as the corresponding settings toggle. It also prevents users from pinning people to the taskbar. +Added in Windows 10, version 1709. Enabling this policy removes the people icon from the taskbar as well as the corresponding settings toggle. It also prevents users from pinning people to the taskbar. -
Value type is integer. +Value type is integer. @@ -1017,9 +1017,9 @@ The following list shows the supported values: > [!NOTE] > This policy requires reboot to take effect. -
Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding the Power button from appearing. +Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding the Power button from appearing. -
To validate on Desktop, do the following: +To validate on Desktop, do the following: 1. Enable policy. 2. Open Start, and verify the power button is not available. @@ -1073,9 +1073,9 @@ The following list shows the supported values: > [!NOTE] > This policy requires reboot to take effect. -
Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding recently opened items in the jumplists from appearing. +Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding recently opened items in the jumplists from appearing. -
To validate on Desktop, do the following: +To validate on Desktop, do the following: 1. Enable "Show recently opened items in Jump Lists on Start of the taskbar" in Settings. 2. Pin Photos to the taskbar, and open some images in the photos app. @@ -1136,9 +1136,9 @@ The following list shows the supported values: > [!NOTE] > This policy requires reboot to take effect. -
Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding recently added apps. +Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding recently added apps. -
To validate on Desktop, do the following: +To validate on Desktop, do the following: 1. Enable "Show recently added apps" in the Settings app. 2. Check if there are recently added apps in Start (if not, install some). @@ -1193,9 +1193,9 @@ The following list shows the supported values: -
Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Restart" and "Update and restart" from appearing in the Power button. +Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Restart" and "Update and restart" from appearing in the Power button. -
To validate on Desktop, do the following: +To validate on Desktop, do the following: 1. Enable policy. 2. Open Start, click on the Power button, and verify "Restart" and "Update and restart" are not available. @@ -1246,9 +1246,9 @@ The following list shows the supported values: -
Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Shut down" and "Update and shut down" from appearing in the Power button. +Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Shut down" and "Update and shut down" from appearing in the Power button. -
To validate on Desktop, do the following: +To validate on Desktop, do the following: 1. Enable policy. 2. Open Start, click on the Power button, and verify "Shut down" and "Update and shut down" are not available. @@ -1299,9 +1299,9 @@ The following list shows the supported values: -
Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Sign out" from appearing in the user tile. +Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Sign out" from appearing in the user tile. -
To validate on Desktop, do the following: +To validate on Desktop, do the following: 1. Enable policy. 2. Open Start, click on the user tile, and verify "Sign out" is not available. @@ -1352,9 +1352,9 @@ The following list shows the supported values: -
Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Sleep" from appearing in the Power button. +Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Sleep" from appearing in the Power button. -
To validate on Desktop, do the following: +To validate on Desktop, do the following: 1. Enable policy. 2. Open Start, click on the Power button, and verify that "Sleep" is not available. @@ -1405,9 +1405,9 @@ The following list shows the supported values: -
Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Switch account" from appearing in the user tile. +Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Switch account" from appearing in the user tile. -
To validate on Desktop, do the following: +To validate on Desktop, do the following: 1. Enable policy. 2. Open Start, click on the user tile, and verify that "Switch account" is not available. @@ -1461,9 +1461,9 @@ The following list shows the supported values: > [!NOTE] > This policy requires reboot to take effect. -
Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding the user tile. +Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding the user tile. -
To validate on Desktop, do the following: +To validate on Desktop, do the following: 1. Enable policy. 2. Log off. @@ -1518,14 +1518,14 @@ The following list shows the supported values: > [!NOTE] > This policy requires reboot to take effect. -
Added in Windows 10, version 1703. This policy imports Edge assets (e.g. .png/.jpg files) for secondary tiles into its local app data path which allows the StartLayout policy to pin Edge secondary tiles as weblink that tie to the image asset files. +Added in Windows 10, version 1703. This policy imports Edge assets (e.g. .png/.jpg files) for secondary tiles into its local app data path which allows the StartLayout policy to pin Edge secondary tiles as weblink that tie to the image asset files. > [!IMPORTANT] > Please note that the import happens only when StartLayout policy is changed. So it is better to always change ImportEdgeAssets policy at the same time as StartLayout policy whenever there are Edge secondary tiles to be pinned from StartLayout policy. -
The value set for this policy is an XML string containing Edge assets. For an example XML string, see [Add image for secondary Microsoft Edge tiles](https://docs.microsoft.com/en-us/windows/configuration/start-secondary-tiles). +The value set for this policy is an XML string containing Edge assets. For an example XML string, see [Add image for secondary Microsoft Edge tiles](https://docs.microsoft.com/en-us/windows/configuration/start-secondary-tiles). -
To validate on Desktop, do the following: +To validate on Desktop, do the following: 1. Set policy with an XML for Edge assets. 2. Set StartLayout policy to anything so that it would trigger the Edge assets import. @@ -1571,9 +1571,9 @@ The following list shows the supported values: -
Added in Windows 10, version 1703. Allows IT Admins to configure the taskbar by disabling pinning and unpinning apps on the taskbar. +Added in Windows 10, version 1703. Allows IT Admins to configure the taskbar by disabling pinning and unpinning apps on the taskbar. -
To validate on Desktop, do the following: +To validate on Desktop, do the following: 1. Enable policy. 2. Right click on a program pinned to taskbar. @@ -1631,9 +1631,9 @@ The following list shows the supported values: > [!IMPORTANT] > Added in Windows 10 version 1703: In addition to being able to set this node on a per user-basis, it can now also be set on a per-device basis. For more information, see [Policy scope](./policy-configuration-service-provider.md#policy-scope) -
Allows you to override the default Start layout and prevents the user from changing it. If both user and device policies are set, the user policy will be used. Apps pinned to the taskbar can also be changed with this policy +Allows you to override the default Start layout and prevents the user from changing it. If both user and device policies are set, the user policy will be used. Apps pinned to the taskbar can also be changed with this policy -
For further details on how to customize the Start layout, please see [Customize and export Start layout](https://docs.microsoft.com/en-us/windows/configuration/customize-and-export-start-layout) and [Configure Windows 10 taskbar](https://docs.microsoft.com/en-us/windows/configuration/configure-windows-10-taskbar). +For further details on how to customize the Start layout, please see [Customize and export Start layout](https://docs.microsoft.com/en-us/windows/configuration/customize-and-export-start-layout) and [Configure Windows 10 taskbar](https://docs.microsoft.com/en-us/windows/configuration/configure-windows-10-taskbar). diff --git a/windows/client-management/mdm/policy-csp-storage.md b/windows/client-management/mdm/policy-csp-storage.md index 57e64d4e9f..189436f4eb 100644 --- a/windows/client-management/mdm/policy-csp-storage.md +++ b/windows/client-management/mdm/policy-csp-storage.md @@ -64,15 +64,15 @@ ms.date: 12/13/2017 -
Added in Windows 10, version 1709. Allows disk health model updates. +Added in Windows 10, version 1709. Allows disk health model updates. -
The following list shows the supported values: +The following list shows the supported values: - 0 - Do not allow - 1 (default) - Allow -
Value type is integer. +Value type is integer. diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md index 5a62fcc89e..2435e96fe0 100644 --- a/windows/client-management/mdm/policy-csp-system.md +++ b/windows/client-management/mdm/policy-csp-system.md @@ -109,11 +109,11 @@ ms.date: 12/19/2017 > This policy setting applies only to devices running Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education, Windows 10 Mobile, and Windows 10 Mobile Enterprise. -
This policy setting determines whether users can access the Insider build controls in the Advanced Options for Windows Update. These controls are located under "Get Insider builds," and enable users to make their devices available for downloading and installing Windows preview software. +This policy setting determines whether users can access the Insider build controls in the Advanced Options for Windows Update. These controls are located under "Get Insider builds," and enable users to make their devices available for downloading and installing Windows preview software. -
If you enable or do not configure this policy setting, users can download and install Windows preview software on their devices. If you disable this policy setting, the item "Get Insider builds" will be unavailable. +If you enable or do not configure this policy setting, users can download and install Windows preview software on their devices. If you disable this policy setting, the item "Get Insider builds" will be unavailable. -
The following list shows the supported values: +The following list shows the supported values: - 0 – Not allowed. The item "Get Insider builds" is unavailable, users are unable to make their devices available for preview software. - 1 – Allowed. Users can make their devices available for downloading and installing preview software. @@ -158,9 +158,9 @@ ms.date: 12/19/2017 -
Specifies whether set general purpose device to be in embedded mode. +Specifies whether set general purpose device to be in embedded mode. -
Most restricted value is 0. +Most restricted value is 0. @@ -211,15 +211,15 @@ The following list shows the supported values: > [!NOTE] > This policy is not supported in Windows 10, version 1607. -
This policy setting determines the level that Microsoft can experiment with the product to study user preferences or device behavior. +This policy setting determines the level that Microsoft can experiment with the product to study user preferences or device behavior. -
The following list shows the supported values: +The following list shows the supported values: - 0 – Disabled. - 1 (default) – Permits Microsoft to configure device settings only. - 2 – Allows Microsoft to conduct full experimentations. -
Most restricted value is 0. +Most restricted value is 0. @@ -260,11 +260,11 @@ The following list shows the supported values: -
Added in Windows 10, version 1703. Boolean policy setting that determines whether Windows is allowed to download fonts and font catalog data from an online font provider. If you enable this setting, Windows periodically queries an online font provider to determine whether a new font catalog is available. Windows may also download font data if needed to format or render text. If you disable this policy setting, Windows does not connect to an online font provider and only enumerates locally-installed fonts. +Added in Windows 10, version 1703. Boolean policy setting that determines whether Windows is allowed to download fonts and font catalog data from an online font provider. If you enable this setting, Windows periodically queries an online font provider to determine whether a new font catalog is available. Windows may also download font data if needed to format or render text. If you disable this policy setting, Windows does not connect to an online font provider and only enumerates locally-installed fonts. -
This MDM setting corresponds to the EnableFontProviders Group Policy setting. If both the Group Policy and the MDM settings are configured, the group policy setting takes precedence. If neither is configured, the behavior depends on a DisableFontProviders registry value. In server editions, this registry value is set to 1 by default, so the default behavior is false (disabled). In all other editions, the registry value is not set by default, so the default behavior is true (enabled). +This MDM setting corresponds to the EnableFontProviders Group Policy setting. If both the Group Policy and the MDM settings are configured, the group policy setting takes precedence. If neither is configured, the behavior depends on a DisableFontProviders registry value. In server editions, this registry value is set to 1 by default, so the default behavior is false (disabled). In all other editions, the registry value is not set by default, so the default behavior is true (enabled). -
This setting is used by lower-level components for text display and fond handling and has not direct effect on web browsers, which may download web fonts used in web content. +This setting is used by lower-level components for text display and fond handling and has not direct effect on web browsers, which may download web fonts used in web content. > [!Note] > Reboot is required after setting the policy; alternatively you can stop and restart the FontCache service. @@ -278,7 +278,7 @@ The following list shows the supported values: -
To verify if System/AllowFontProviders is set to true: +To verify if System/AllowFontProviders is set to true: - After a client machine is rebooted, check whether there is any network traffic from client machine to fs.microsoft.com. @@ -321,21 +321,21 @@ The following list shows the supported values: -
Specifies whether to allow app access to the Location service. +Specifies whether to allow app access to the Location service. -
The following list shows the supported values: +The following list shows the supported values: - 0 – Force Location Off. All Location Privacy settings are toggled off and greyed out. Users cannot change the settings, and no apps are allowed access to the Location service, including Cortana and Search. - 1 (default) – Location service is allowed. The user has control and can change Location Privacy settings on or off. - 2 – Force Location On. All Location Privacy settings are toggled on and greyed out. Users cannot change the settings and all consent permissions will be automatically suppressed. -
Most restricted value is 0. +Most restricted value is 0. -
While the policy is set to 0 (Force Location Off) or 2 (Force Location On), any Location service call from an app would trigger the value set by this policy. +While the policy is set to 0 (Force Location Off) or 2 (Force Location On), any Location service call from an app would trigger the value set by this policy. -
When switching the policy back from 0 (Force Location Off) or 2 (Force Location On) to 1 (User Control), the app reverts to its original Location service setting. +When switching the policy back from 0 (Force Location Off) or 2 (Force Location On) to 1 (User Control), the app reverts to its original Location service setting. -
For example, an app's original Location setting is Off. The administrator then sets the **AllowLocation** policy to 2 (Force Location On.) The Location service starts working for that app, overriding the original setting. Later, if the administrator switches the **AllowLocation** policy back to 1 (User Control), the app will revert to using its original setting of Off. +For example, an app's original Location setting is Off. The administrator then sets the **AllowLocation** policy to 2 (Force Location On.) The Location service starts working for that app, overriding the original setting. Later, if the administrator switches the **AllowLocation** policy back to 1 (User Control), the app will revert to using its original setting of Off. @@ -376,9 +376,9 @@ The following list shows the supported values: -
Controls whether the user is allowed to use the storage card for device storage. This setting prevents programmatic access to the storage card. +Controls whether the user is allowed to use the storage card for device storage. This setting prevents programmatic access to the storage card. -
Most restricted value is 0. +Most restricted value is 0. @@ -427,9 +427,9 @@ The following list shows the supported values: -
Allow the device to send diagnostic and usage telemetry data, such as Watson. +Allow the device to send diagnostic and usage telemetry data, such as Watson. -
The following tables describe the supported values: +The following tables describe the supported values: Windows 8.1 Values: @@ -502,7 +502,7 @@ Windows 10 Values: > If you are using Windows 8.1 MDM server and set a value of 0 using the legacy AllowTelemetry policy on a Windows 10 Mobile device, then the value is not respected and the telemetry level is silently set to level 1. -
Most restricted value is 0. +Most restricted value is 0. @@ -543,9 +543,9 @@ Windows 10 Values: -
Specifies whether to allow the user to factory reset the phone by using control panel and hardware key combination. +Specifies whether to allow the user to factory reset the phone by using control panel and hardware key combination. -
Most restricted value is 0. +Most restricted value is 0. @@ -692,7 +692,7 @@ This policy setting blocks the Connected User Experience and Telemetry service f -
Added in Windows 10, version 1703. Allows IT Admins to prevent apps and features from working with files on OneDrive. If you enable this policy setting: +Added in Windows 10, version 1703. Allows IT Admins to prevent apps and features from working with files on OneDrive. If you enable this policy setting: * Users cannot access OneDrive from the OneDrive app or file picker. * Microsoft Store apps cannot access OneDrive using the WinRT API. @@ -700,9 +700,9 @@ This policy setting blocks the Connected User Experience and Telemetry service f * OneDrive files are not kept in sync with the cloud. * Users cannot automatically upload photos and videos from the camera roll folder. -
If you disable or do not configure this policy setting, apps and features can work with OneDrive file storage. +If you disable or do not configure this policy setting, apps and features can work with OneDrive file storage. -
To validate on Desktop, do the following: +To validate on Desktop, do the following: 1. Enable policy. 2. Restart machine. @@ -870,20 +870,20 @@ The following list shows the supported values: -
This policy setting, in combination with the System/AllowTelemetry +This policy setting, in combination with the System/AllowTelemetry policy setting, enables organizations to send Microsoft a specific set of diagnostic data for IT insights via Windows Analytics services. -
To enable this behavior you must complete two steps: +To enable this behavior you must complete two steps:
When you configure these policy settings, a basic level of diagnostic data plus additional events that are required for Windows Analytics are sent to Microsoft. These events are documented here: [Windows 10, version 1709 enhanced telemetry events and fields used by Windows Analytics](https://go.microsoft.com/fwlink/?linkid=847594). +When you configure these policy settings, a basic level of diagnostic data plus additional events that are required for Windows Analytics are sent to Microsoft. These events are documented here: [Windows 10, version 1709 enhanced telemetry events and fields used by Windows Analytics](https://go.microsoft.com/fwlink/?linkid=847594). -
Enabling enhanced diagnostic data in the System/AllowTelemetry policy in combination with not configuring this policy will also send the required events for Windows Analytics, plus additional enhanced level telemetry data. This setting has no effect on computers configured to send full, basic or security level diagnostic data to Microsoft. +Enabling enhanced diagnostic data in the System/AllowTelemetry policy in combination with not configuring this policy will also send the required events for Windows Analytics, plus additional enhanced level telemetry data. This setting has no effect on computers configured to send full, basic or security level diagnostic data to Microsoft. -
If you disable or do not configure this policy setting, then the level of diagnostic data sent to Microsoft is determined by the System/AllowTelemetry policy. +If you disable or do not configure this policy setting, then the level of diagnostic data sent to Microsoft is determined by the System/AllowTelemetry policy. @@ -924,9 +924,9 @@ The following list shows the supported values: -
Allows you to specify the fully qualified domain name (FQDN) or IP address of a proxy server to forward Connected User Experiences and Telemetry requests. The format for this setting is *<server>:<port>*. The connection is made over a Secure Sockets Layer (SSL) connection. If the named proxy fails, or if there is no proxy specified when this policy is enabled, the Connected User Experiences and Telemetry data will not be transmitted and will remain on the local device. +Allows you to specify the fully qualified domain name (FQDN) or IP address of a proxy server to forward Connected User Experiences and Telemetry requests. The format for this setting is *<server>:<port>*. The connection is made over a Secure Sockets Layer (SSL) connection. If the named proxy fails, or if there is no proxy specified when this policy is enabled, the Connected User Experiences and Telemetry data will not be transmitted and will remain on the local device. -
If you disable or do not configure this policy setting, Connected User Experiences and Telemetry will go to Microsoft using the default proxy configuration. +If you disable or do not configure this policy setting, Connected User Experiences and Telemetry will go to Microsoft using the default proxy configuration. diff --git a/windows/client-management/mdm/policy-csp-textinput.md b/windows/client-management/mdm/policy-csp-textinput.md index d6e2d91c96..fbb6857b81 100644 --- a/windows/client-management/mdm/policy-csp-textinput.md +++ b/windows/client-management/mdm/policy-csp-textinput.md @@ -106,9 +106,9 @@ ms.date: 12/19/2017 > The policy is only enforced in Windows 10 for desktop. -
Allows the user to turn on and off the logging for incorrect conversion and saving auto-tuning result to a file and history-based predictive input. +Allows the user to turn on and off the logging for incorrect conversion and saving auto-tuning result to a file and history-based predictive input. -
Most restricted value is 0. +Most restricted value is 0. @@ -160,9 +160,9 @@ The following list shows the supported values: > The policy is only enforced in Windows 10 for desktop. -
Allows the user to turn on Open Extended Dictionary, Internet search integration, or cloud candidate features to provide input suggestions that do not exist in the device's local dictionary. +Allows the user to turn on Open Extended Dictionary, Internet search integration, or cloud candidate features to provide input suggestions that do not exist in the device's local dictionary. -
Most restricted value is 0. +Most restricted value is 0. @@ -214,9 +214,9 @@ The following list shows the supported values: > The policy is only enforced in Windows 10 for desktop. -
Allows the IT admin to disable the touch/handwriting keyboard on Windows. +Allows the IT admin to disable the touch/handwriting keyboard on Windows. -
Most restricted value is 0. +Most restricted value is 0. @@ -268,14 +268,14 @@ The following list shows the supported values: > The policy is only enforced in Windows 10 for desktop. -
Allows the Japanese IME surrogate pair characters. +Allows the Japanese IME surrogate pair characters. -
The following list shows the supported values: +The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. -
Most restricted value is 0. +Most restricted value is 0. @@ -320,9 +320,9 @@ The following list shows the supported values: > The policy is only enforced in Windows 10 for desktop. -
Allows Japanese Ideographic Variation Sequence (IVS) characters. +Allows Japanese Ideographic Variation Sequence (IVS) characters. -
Most restricted value is 0. +Most restricted value is 0. @@ -374,9 +374,9 @@ The following list shows the supported values: > The policy is only enforced in Windows 10 for desktop. -
Allows the Japanese non-publishing standard glyph. +Allows the Japanese non-publishing standard glyph. -
Most restricted value is 0. +Most restricted value is 0. @@ -428,9 +428,9 @@ The following list shows the supported values: > The policy is only enforced in Windows 10 for desktop. -
Allows the Japanese user dictionary. +Allows the Japanese user dictionary. -
Most restricted value is 0. +Most restricted value is 0. @@ -481,11 +481,11 @@ The following list shows the supported values: > [!NOTE] > The policy is only enforced in Windows 10 for desktop. -
Added in Windows 10, version 1703. Specifies whether text prediction is enabled or disabled for the on-screen keyboard, touch keyboard, and handwriting recognition tool. When this policy is set to disabled, text prediction is disabled. +Added in Windows 10, version 1703. Specifies whether text prediction is enabled or disabled for the on-screen keyboard, touch keyboard, and handwriting recognition tool. When this policy is set to disabled, text prediction is disabled. -
Most restricted value is 0. +Most restricted value is 0. -
To validate that text prediction is disabled on Windows 10 for desktop, do the following: +To validate that text prediction is disabled on Windows 10 for desktop, do the following: 1. Search for and launch the on-screen keyboard. Verify that text prediction is disabled by typing some text. Text prediction on the keyboard will be disabled even if the “Use Text Prediction” setting is enabled from the options button. 2. Launch the input panel/touch keyboard by touching a text input field or launching it from the taskbar. Verify that text prediction is disabled by typing some text. Text prediction on the keyboard will be disabled even if the “Show text suggestions as I type” setting is enabled in the Settings app. @@ -505,7 +505,7 @@ The following list shows the supported values: **TextInput/AllowKoreanExtendedHanja** -
This policy has been deprecated. +This policy has been deprecated. @@ -550,9 +550,9 @@ The following list shows the supported values: > The policy is only enforced in Windows 10 for desktop. -
Allows the uninstall of language features, such as spell checkers, on a device. +Allows the uninstall of language features, such as spell checkers, on a device. -
Most restricted value is 0. +Most restricted value is 0. @@ -665,9 +665,9 @@ The following list shows the supported values: > The policy is only enforced in Windows 10 for desktop. -
Allows the users to restrict character code range of conversion by setting the character filter. +Allows the users to restrict character code range of conversion by setting the character filter. -
The following list shows the supported values: +The following list shows the supported values: - 0 (default) – No characters are filtered. - 1 – All characters except JIS0208 are filtered. @@ -715,9 +715,9 @@ The following list shows the supported values: > The policy is only enforced in Windows 10 for desktop. -
Allows the users to restrict character code range of conversion by setting the character filter. +Allows the users to restrict character code range of conversion by setting the character filter. -
The following list shows the supported values: +The following list shows the supported values: - 0 (default) – No characters are filtered. - 1 – All characters except JIS0208 and EUDC are filtered. @@ -765,9 +765,9 @@ The following list shows the supported values: > The policy is only enforced in Windows 10 for desktop. -
Allows the users to restrict character code range of conversion by setting the character filter. +Allows the users to restrict character code range of conversion by setting the character filter. -
The following list shows the supported values: +The following list shows the supported values: - 0 (default) – No characters are filtered. - 1 – All characters except ShiftJIS are filtered. diff --git a/windows/client-management/mdm/policy-csp-timelanguagesettings.md b/windows/client-management/mdm/policy-csp-timelanguagesettings.md index 42221e6fde..f97d7275a3 100644 --- a/windows/client-management/mdm/policy-csp-timelanguagesettings.md +++ b/windows/client-management/mdm/policy-csp-timelanguagesettings.md @@ -61,7 +61,7 @@ ms.date: 12/14/2017 -
Allows for the configuration of the default clock setting to be the 24 hour format. Selecting 'Set 24 hour Clock' enables this setting. Selecting 'Locale default setting' uses the default clock as prescribed by the current locale setting. +Allows for the configuration of the default clock setting to be the 24 hour format. Selecting 'Set 24 hour Clock' enables this setting. Selecting 'Locale default setting' uses the default clock as prescribed by the current locale setting. diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index f0cc05b9e9..771fc0cab4 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -204,14 +204,14 @@ ms.date: 12/19/2017 -
Added in Windows 10, version 1607. Allows the IT admin (when used with **Update/ActiveHoursStart**) to manage a range of active hours where update reboots are not scheduled. This value sets the end time. There is a 12 hour maximum from start time. +Added in Windows 10, version 1607. Allows the IT admin (when used with **Update/ActiveHoursStart**) to manage a range of active hours where update reboots are not scheduled. This value sets the end time. There is a 12 hour maximum from start time. > [!NOTE] > The default maximum difference from start time has been increased to 18 in Windows 10, version 1703. In this version of Windows 10, the maximum range of active hours can now be configured. See **Update/ActiveHoursMaxRange** below for more information. -
Supported values are 0-23, where 0 is 12 AM, 1 is 1 AM, etc. +Supported values are 0-23, where 0 is 12 AM, 1 is 1 AM, etc. -
The default is 17 (5 PM). +The default is 17 (5 PM). @@ -252,11 +252,11 @@ ms.date: 12/19/2017 -
Added in Windows 10, version 1703. Allows the IT admin to specify the max active hours range. This value sets max number of active hours from start time. +Added in Windows 10, version 1703. Allows the IT admin to specify the max active hours range. This value sets max number of active hours from start time. -
Supported values are 8-18. +Supported values are 8-18. -
The default value is 18 (hours). +The default value is 18 (hours). @@ -297,14 +297,14 @@ ms.date: 12/19/2017 -
Added in Windows 10, version 1607. Allows the IT admin (when used with **Update/ActiveHoursEnd**) to manage a range of hours where update reboots are not scheduled. This value sets the start time. There is a 12 hour maximum from end time. +Added in Windows 10, version 1607. Allows the IT admin (when used with **Update/ActiveHoursEnd**) to manage a range of hours where update reboots are not scheduled. This value sets the start time. There is a 12 hour maximum from end time. > [!NOTE] > The default maximum difference from end time has been increased to 18 in Windows 10, version 1703. In this version of Windows 10, the maximum range of active hours can now be configured. See **Update/ActiveHoursMaxRange** above for more information. -
Supported values are 0-23, where 0 is 12 AM, 1 is 1 AM, etc. +Supported values are 0-23, where 0 is 12 AM, 1 is 1 AM, etc. -
The default value is 8 (8 AM). +The default value is 8 (8 AM). @@ -345,11 +345,11 @@ ms.date: 12/19/2017 -
Enables the IT admin to manage automatic update behavior to scan, download, and install updates. +Enables the IT admin to manage automatic update behavior to scan, download, and install updates. -
Supported operations are Get and Replace. +Supported operations are Get and Replace. -
The following list shows the supported values: +The following list shows the supported values: - 0 – Notify the user before downloading the update. This policy is used by the enterprise who wants to enable the end-users to manage data usage. With this option users are notified when there are updates that apply to the device and are ready for download. Users can download and install the updates from the Windows Update control panel. - 1 – Auto install the update and then notify the user to schedule a device restart. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device is not in use and is not running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates immediately. If the installation requires a restart, the end-user is prompted to schedule the restart time. The end-user has up to seven days to schedule the restart and after that, a restart of the device is forced. Enabling the end-user to control the start time reduces the risk of accidental data loss caused by applications that do not shutdown properly on restart. @@ -362,7 +362,7 @@ ms.date: 12/19/2017 > This option should be used only for systems under regulatory compliance, as you will not get security updates as well. -
If the policy is not configured, end-users get the default behavior (Auto install and restart). +If the policy is not configured, end-users get the default behavior (Auto install and restart). @@ -403,7 +403,7 @@ ms.date: 12/19/2017 -
Added in Windows 10, version 1709. Option to download updates automatically over metered connections (off by default). Value type is integer. +Added in Windows 10, version 1709. Option to download updates automatically over metered connections (off by default). Value type is integer. A significant number of devices primarily use cellular data and do not have Wi-Fi access, which leads to a lower number of devices getting updates. Since a large number of devices have large data plans or unlimited data, this policy can unblock devices from getting updates. @@ -455,9 +455,9 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. Allows the IT admin to manage whether to scan for app updates from Microsoft Update. +Added in Windows 10, version 1607. Allows the IT admin to manage whether to scan for app updates from Microsoft Update. -
The following list shows the supported values: +The following list shows the supported values: - 0 – Not allowed or not configured. - 1 – Allowed. Accepts updates received through Microsoft Update. @@ -501,11 +501,11 @@ The following list shows the supported values: -
Allows the IT admin to manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found at the UpdateServiceUrl location. This policy supports using WSUS for 3rd party software and patch distribution. +Allows the IT admin to manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found at the UpdateServiceUrl location. This policy supports using WSUS for 3rd party software and patch distribution. -
Supported operations are Get and Replace. +Supported operations are Get and Replace. -
This policy is specific to desktop and local publishing via WSUS for 3rd party updates (binaries and updates not hosted on Microsoft Update) and allows IT to manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found on an intranet Microsoft update service location. +This policy is specific to desktop and local publishing via WSUS for 3rd party updates (binaries and updates not hosted on Microsoft Update) and allows IT to manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found on an intranet Microsoft update service location. @@ -553,11 +553,11 @@ The following list shows the supported values: -
Specifies whether the device could use Microsoft Update, Windows Server Update Services (WSUS), or Microsoft Store. +Specifies whether the device could use Microsoft Update, Windows Server Update Services (WSUS), or Microsoft Store. -
Even when Windows Update is configured to receive updates from an intranet update service, it will periodically retrieve information from the public Windows Update service to enable future connections to Windows Update, and other services like Microsoft Update or the Microsoft Store +Even when Windows Update is configured to receive updates from an intranet update service, it will periodically retrieve information from the public Windows Update service to enable future connections to Windows Update, and other services like Microsoft Update or the Microsoft Store -
Enabling this policy will disable that functionality, and may cause connection to public services such as the Microsoft Store to stop working. +Enabling this policy will disable that functionality, and may cause connection to public services such as the Microsoft Store to stop working. > [!NOTE] > This policy applies only when the desktop or device is configured to connect to an intranet update service using the "Specify intranet Microsoft update service location" policy. @@ -608,11 +608,11 @@ The following list shows the supported values: -
Added in Windows 10, version 1703. This policy defines the deadline in days after which a reboot for updates will become mandatory. +Added in Windows 10, version 1703. This policy defines the deadline in days after which a reboot for updates will become mandatory. -
Supported values are 2-30 days. +Supported values are 2-30 days. -
The default value is 7 days. +The default value is 7 days. @@ -653,9 +653,9 @@ The following list shows the supported values: -
Added in Windows 10, version 1703. Allows the IT Admin to specify the period for auto-restart reminder notifications. +Added in Windows 10, version 1703. Allows the IT Admin to specify the period for auto-restart reminder notifications. -
The default value is 15 (minutes). +The default value is 15 (minutes). @@ -700,9 +700,9 @@ Supported values are 15, 30, 60, 120, and 240 (minutes). -
Added in Windows 10, version 1703. Allows the IT Admin to specify the method by which the auto-restart required notification is dismissed. +Added in Windows 10, version 1703. Allows the IT Admin to specify the method by which the auto-restart required notification is dismissed. -
The following list shows the supported values: +The following list shows the supported values: - 1 (default) – Auto Dismissal. - 2 – User Dismissal. @@ -746,7 +746,7 @@ Supported values are 15, 30, 60, 120, and 240 (minutes). -
Added in Windows 10, version 1607. Allows the IT admin to set which branch a device receives their updates from. +Added in Windows 10, version 1607. Allows the IT admin to set which branch a device receives their updates from. @@ -789,7 +789,7 @@ The following list shows the supported values: -
Added in Windows 10, next major update. Enable IT admin to configure feature update uninstall period. Values range 2 - 60 days. Default is 10 days. +Added in Windows 10, next major update. Enable IT admin to configure feature update uninstall period. Values range 2 - 60 days. Default is 10 days. @@ -833,11 +833,11 @@ The following list shows the supported values: -
Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect. +Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect. -
Added in Windows 10, version 1607. Defers Feature Updates for the specified number of days. +Added in Windows 10, version 1607. Defers Feature Updates for the specified number of days. -
Supported values are 0-365 days. +Supported values are 0-365 days. > [!IMPORTANT] > The default maximum number of days to defer an update has been increased from 180 (Windows 10, version 1607) to 365 in Windows 10, version 1703. @@ -881,9 +881,9 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. Defers Quality Updates for the specified number of days. +Added in Windows 10, version 1607. Defers Quality Updates for the specified number of days. -
Supported values are 0-30. +Supported values are 0-30. @@ -928,18 +928,18 @@ The following list shows the supported values: > Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use DeferUpdatePeriod for Windows 10, version 1511 devices. -
Allows IT Admins to specify update delays for up to 4 weeks. +Allows IT Admins to specify update delays for up to 4 weeks. -
Supported values are 0-4, which refers to the number of weeks to defer updates. +Supported values are 0-4, which refers to the number of weeks to defer updates. -
In Windows 10 Mobile Enterprise version 1511 devices set to automatic updates, for DeferUpdatePeriod to work, you must set the following: +In Windows 10 Mobile Enterprise version 1511 devices set to automatic updates, for DeferUpdatePeriod to work, you must set the following: - Update/RequireDeferUpgrade must be set to 1 - System/AllowTelemetry must be set to 1 or higher -
If the "Specify intranet Microsoft update service location" policy is enabled, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect. +If the "Specify intranet Microsoft update service location" policy is enabled, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect. -
If the Allow Telemetry policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect. +If the Allow Telemetry policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect. OS upgrade: - Maximum deferral: 8 months @@ -1064,13 +1064,13 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego > Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use DeferUpgradePeriod for Windows 10, version 1511 devices. -
Allows IT Admins to specify additional upgrade delays for up to 8 months. +Allows IT Admins to specify additional upgrade delays for up to 8 months. -
Supported values are 0-8, which refers to the number of months to defer upgrades. +Supported values are 0-8, which refers to the number of months to defer upgrades. -
If the "Specify intranet Microsoft update service location" policy is enabled, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect. +If the "Specify intranet Microsoft update service location" policy is enabled, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect. -
If the "Allow Telemetry" policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect. +If the "Allow Telemetry" policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect. @@ -1111,7 +1111,7 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego -
Added in Windows 10, version 1703. Specifies the scan frequency from every 1 - 22 hours. Default is 22 hours. +Added in Windows 10, version 1703. Specifies the scan frequency from every 1 - 22 hours. Default is 22 hours. @@ -1152,13 +1152,13 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego -
Added in Windows 10, version 1709, but was added to 1607 and 1703 service releases. Do not allow update deferral policies to cause scans against Windows Update. If this policy is not enabled, then configuring deferral policies will result in the client unexpectedly scanning Windows update. With the policy enabled, those scans are prevented, and users can configure deferral policies as much as they like. +Added in Windows 10, version 1709, but was added to 1607 and 1703 service releases. Do not allow update deferral policies to cause scans against Windows Update. If this policy is not enabled, then configuring deferral policies will result in the client unexpectedly scanning Windows update. With the policy enabled, those scans are prevented, and users can configure deferral policies as much as they like. -
For more information about dual scan, see [Demystifying "Dual Scan"](https://blogs.technet.microsoft.com/wsus/2017/05/05/demystifying-dual-scan/) and [Improving Dual Scan on 1607](https://blogs.technet.microsoft.com/wsus/2017/08/04/improving-dual-scan-on-1607/). +For more information about dual scan, see [Demystifying "Dual Scan"](https://blogs.technet.microsoft.com/wsus/2017/05/05/demystifying-dual-scan/) and [Improving Dual Scan on 1607](https://blogs.technet.microsoft.com/wsus/2017/08/04/improving-dual-scan-on-1607/). -
This is the same as the Group Policy in Windows Components > Window Update "Do not allow update deferral policies to cause scans against Windows Update." +This is the same as the Group Policy in Windows Components > Window Update "Do not allow update deferral policies to cause scans against Windows Update." -
Value type is integer. Supported operations are Add, Get, Replace, and Delete. +Value type is integer. Supported operations are Add, Get, Replace, and Delete. @@ -1206,11 +1206,11 @@ The following list shows the supported values: -
Added in Windows 10, version 1703. Allows the IT Admin to specify the deadline in days before automatically scheduling and executing a pending restart outside of active hours. The deadline can be set between 2 and 30 days from the time the restart becomes pending. If configured, the pending restart will transition from Auto-restart to Engaged restart (pending user schedule) to be automatically executed within the specified period. If no deadline is specified or deadline is set to 0, the restart will not be automatically executed and will remain Engaged restart (pending user scheduling). +Added in Windows 10, version 1703. Allows the IT Admin to specify the deadline in days before automatically scheduling and executing a pending restart outside of active hours. The deadline can be set between 2 and 30 days from the time the restart becomes pending. If configured, the pending restart will transition from Auto-restart to Engaged restart (pending user schedule) to be automatically executed within the specified period. If no deadline is specified or deadline is set to 0, the restart will not be automatically executed and will remain Engaged restart (pending user scheduling). -
Supported values are 2-30 days. +Supported values are 2-30 days. -
The default value is 0 days (not specified). +The default value is 0 days (not specified). @@ -1251,11 +1251,11 @@ The following list shows the supported values: -
Added in Windows 10, version 1703. Allows the IT Admin to control the number of days a user can snooze Engaged restart reminder notifications. +Added in Windows 10, version 1703. Allows the IT Admin to control the number of days a user can snooze Engaged restart reminder notifications. -
Supported values are 1-3 days. +Supported values are 1-3 days. -
The default value is 3 days. +The default value is 3 days. @@ -1296,11 +1296,11 @@ The following list shows the supported values: -
Added in Windows 10, version 1703. Allows the IT Admin to control the timing before transitioning from Auto restarts scheduled outside of active hours to Engaged restart, which requires the user to schedule. The period can be set between 2 and 30 days from the time the restart becomes pending. +Added in Windows 10, version 1703. Allows the IT Admin to control the timing before transitioning from Auto restarts scheduled outside of active hours to Engaged restart, which requires the user to schedule. The period can be set between 2 and 30 days from the time the restart becomes pending. -
Supported values are 2-30 days. +Supported values are 2-30 days. -
The default value is 7 days. +The default value is 7 days. @@ -1344,9 +1344,9 @@ The following list shows the supported values: > [!NOTE] > Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect. -
Added in Windows 10, version 1607. Allows IT Admins to exclude Windows Update (WU) drivers during updates. +Added in Windows 10, version 1607. Allows IT Admins to exclude Windows Update (WU) drivers during updates. -
The following list shows the supported values: +The following list shows the supported values: - 0 (default) – Allow Windows Update drivers. - 1 – Exclude Windows Update drivers. @@ -1390,12 +1390,12 @@ The following list shows the supported values: -
Added in the April service release of Windows 10, version 1607. Allows Windows Update Agent to determine the download URL when it is missing from the metadata. This scenario will occur when intranet update service stores the metadata files but the download contents are stored in the ISV file cache (specified as the alternate download URL). +Added in the April service release of Windows 10, version 1607. Allows Windows Update Agent to determine the download URL when it is missing from the metadata. This scenario will occur when intranet update service stores the metadata files but the download contents are stored in the ISV file cache (specified as the alternate download URL). > [!NOTE] > This setting should only be used in combination with an alternate download URL and configured to use ISV file cache. This setting is used when the intranet update service does not provide download URLs in the update metadata for files which are available on the alternate download server. -
The following list shows the supported values: +The following list shows the supported values: - 0 (default) – Disabled. - 1 – Enabled. @@ -1439,7 +1439,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1703. Specifies whether to ignore the MO download limit (allow unlimited downloading) over a cellular network for apps and their updates. If lower-level limits (for example, mobile caps) are required, those limits are controlled by external policies. +Added in Windows 10, version 1703. Specifies whether to ignore the MO download limit (allow unlimited downloading) over a cellular network for apps and their updates. If lower-level limits (for example, mobile caps) are required, those limits are controlled by external policies. > [!WARNING] > Setting this policy might cause devices to incur costs from MO operators. @@ -1502,13 +1502,13 @@ To validate this policy: -
Added in Windows 10, version 1703. Specifies whether to ignore the MO download limit (allow unlimited downloading) over a cellular network for OS updates. If lower-level limits (for example, mobile caps) are required, those limits are controlled by external policies. +Added in Windows 10, version 1703. Specifies whether to ignore the MO download limit (allow unlimited downloading) over a cellular network for OS updates. If lower-level limits (for example, mobile caps) are required, those limits are controlled by external policies. > [!WARNING] > Setting this policy might cause devices to incur costs from MO operators. -
To validate this policy: +To validate this policy: 1. Enable the policy and ensure the device is on a cellular network. 2. Run the scheduled task on phone to check for OS updates in the background. For example, on a mobile device, run the following commands in TShell: @@ -1562,9 +1562,9 @@ The following list shows the supported values: -
Added in Windows 10, version 1709. Used to manage Windows 10 Insider Preview builds. Value type is integer. +Added in Windows 10, version 1709. Used to manage Windows 10 Insider Preview builds. Value type is integer. -
The following list shows the supported values: +The following list shows the supported values: - 0 - Disable Preview builds - 1 - Disable Preview builds once the next release is public @@ -1613,16 +1613,16 @@ The following list shows the supported values: > Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use PauseDeferrals for Windows 10, version 1511 devices. -
Allows IT Admins to pause updates and upgrades for up to 5 weeks. Paused deferrals will be reset after 5 weeks. +Allows IT Admins to pause updates and upgrades for up to 5 weeks. Paused deferrals will be reset after 5 weeks. -
The following list shows the supported values: +The following list shows the supported values: - 0 (default) – Deferrals are not paused. - 1 – Deferrals are paused. -
If the "Specify intranet Microsoft update service location" policy is enabled, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect. +If the "Specify intranet Microsoft update service location" policy is enabled, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect. -
If the "Allow Telemetry" policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect. +If the "Allow Telemetry" policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect. @@ -1663,12 +1663,12 @@ The following list shows the supported values: -
Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect. +Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect. -
Added in Windows 10, version 1607. Allows IT Admins to pause Feature Updates for up to 60 days. +Added in Windows 10, version 1607. Allows IT Admins to pause Feature Updates for up to 60 days. -
The following list shows the supported values: +The following list shows the supported values: - 0 (default) – Feature Updates are not paused. - 1 – Feature Updates are paused for 60 days or until value set to back to 0, whichever is sooner. @@ -1712,9 +1712,9 @@ The following list shows the supported values: -
Added in Windows 10, version 1703. Specifies the date and time when the IT admin wants to start pausing the Feature Updates. +Added in Windows 10, version 1703. Specifies the date and time when the IT admin wants to start pausing the Feature Updates. -
Value type is string. Supported operations are Add, Get, Delete, and Replace. +Value type is string. Supported operations are Add, Get, Delete, and Replace. @@ -1755,9 +1755,9 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. Allows IT Admins to pause Quality Updates. +Added in Windows 10, version 1607. Allows IT Admins to pause Quality Updates. -
The following list shows the supported values: +The following list shows the supported values: - 0 (default) – Quality Updates are not paused. - 1 – Quality Updates are paused for 35 days or until value set back to 0, whichever is sooner. @@ -1801,9 +1801,9 @@ The following list shows the supported values: -
Added in Windows 10, version 1703. Specifies the date and time when the IT admin wants to start pausing the Quality Updates. +Added in Windows 10, version 1703. Specifies the date and time when the IT admin wants to start pausing the Quality Updates. -
Value type is string. Supported operations are Add, Get, Delete, and Replace. +Value type is string. Supported operations are Add, Get, Delete, and Replace. @@ -1812,7 +1812,7 @@ The following list shows the supported values: **Update/PhoneUpdateRestrictions** -
This policy is deprecated. Use [Update/RequireUpdateApproval](#update-requireupdateapproval) instead. +This policy is deprecated. Use [Update/RequireUpdateApproval](#update-requireupdateapproval) instead. @@ -1865,9 +1865,9 @@ The following list shows the supported values: > Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use RequireDeferUpgrade for Windows 10, version 1511 devices. -
Allows the IT admin to set a device to Semi-Annual Channel train. +Allows the IT admin to set a device to Semi-Annual Channel train. -
The following list shows the supported values: +The following list shows the supported values: - 0 (default) – User gets upgrades from Semi-Annual Channel (Targeted). - 1 – User gets upgrades from Semi-Annual Channel. @@ -1915,11 +1915,11 @@ The following list shows the supported values: > If you previously used the **Update/PhoneUpdateRestrictions** policy in previous versions of Windows, it has been deprecated. Please use this policy instead. -
Allows the IT admin to restrict the updates that are installed on a device to only those on an update approval list. It enables IT to accept the End User License Agreement (EULA) associated with the approved update on behalf of the end-user. EULAs are approved once an update is approved. +Allows the IT admin to restrict the updates that are installed on a device to only those on an update approval list. It enables IT to accept the End User License Agreement (EULA) associated with the approved update on behalf of the end-user. EULAs are approved once an update is approved. -
Supported operations are Get and Replace. +Supported operations are Get and Replace. -
The following list shows the supported values: +The following list shows the supported values: - 0 – Not configured. The device installs all applicable updates. - 1 – The device only installs updates that are both applicable and on the Approved Updates list. Set this policy to 1 if IT wants to control the deployment of updates on devices, such as when testing is required prior to deployment. @@ -1963,9 +1963,9 @@ The following list shows the supported values: -
Added in Windows 10, version 1703. Allows the IT Admin to specify the period for auto-restart imminent warning notifications. +Added in Windows 10, version 1703. Allows the IT Admin to specify the period for auto-restart imminent warning notifications. -
The default value is 15 (minutes). +The default value is 15 (minutes). @@ -2014,9 +2014,9 @@ Supported values are 15, 30, or 60 (minutes). > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise -
Added in Windows 10, version 1703. Allows the IT Admin to specify the period for auto-restart warning reminder notifications. +Added in Windows 10, version 1703. Allows the IT Admin to specify the period for auto-restart warning reminder notifications. -
The default value is 4 (hours). +The default value is 4 (hours). @@ -2061,13 +2061,13 @@ Supported values are 2, 4, 8, 12, or 24 (hours). -
Enables the IT admin to schedule the day of the update installation. +Enables the IT admin to schedule the day of the update installation. -
The data type is a integer. +The data type is a integer. -
Supported operations are Add, Delete, Get, and Replace. +Supported operations are Add, Delete, Get, and Replace. -
The following list shows the supported values: +The following list shows the supported values: - 0 (default) – Every day - 1 – Sunday @@ -2117,7 +2117,7 @@ Supported values are 2, 4, 8, 12, or 24 (hours). -
Added in Windows 10, version 1709. Enables the IT admin to schedule the update installation on the every week. Value type is integer. Supported values: +Added in Windows 10, version 1709. Enables the IT admin to schedule the update installation on the every week. Value type is integer. Supported values:
Added in Windows 10, version 1709. Enables the IT admin to schedule the update installation on the first week of the month. Value type is integer. Supported values: +Added in Windows 10, version 1709. Enables the IT admin to schedule the update installation on the first week of the month. Value type is integer. Supported values:
Added in Windows 10, version 1709. Enables the IT admin to schedule the update installation on the fourth week of the month. Value type is integer. Supported values: +Added in Windows 10, version 1709. Enables the IT admin to schedule the update installation on the fourth week of the month. Value type is integer. Supported values:
Added in Windows 10, version 1709. Enables the IT admin to schedule the update installation on the second week of the month. Value type is integer. Supported values: +Added in Windows 10, version 1709. Enables the IT admin to schedule the update installation on the second week of the month. Value type is integer. Supported values:
Added in Windows 10, version 1709. Enables the IT admin to schedule the update installation on the third week of the month. Value type is integer. Supported values: +Added in Windows 10, version 1709. Enables the IT admin to schedule the update installation on the third week of the month. Value type is integer. Supported values:
Enables the IT admin to schedule the time of the update installation. +Enables the IT admin to schedule the time of the update installation. -
The data type is a integer. +The data type is a integer. -
Supported operations are Add, Delete, Get, and Replace. +Supported operations are Add, Delete, Get, and Replace. -
Supported values are 0-23, where 0 = 12 AM and 23 = 11 PM. +Supported values are 0-23, where 0 = 12 AM and 23 = 11 PM. -
The default value is 3. +The default value is 3. @@ -2395,9 +2395,9 @@ Supported values are 2, 4, 8, 12, or 24 (hours). -
Added in Windows 10, version 1703. Allows the IT Admin to disable auto-restart notifications for update installations. +Added in Windows 10, version 1703. Allows the IT Admin to disable auto-restart notifications for update installations. -
The following list shows the supported values: +The following list shows the supported values: - 0 (default) – Enabled - 1 – Disabled @@ -2441,9 +2441,9 @@ Supported values are 2, 4, 8, 12, or 24 (hours). -
Added in Windows 10, version 1703. For devices in a cart, this policy skips all restart checks to ensure that the reboot will happen at ScheduledInstallTime. +Added in Windows 10, version 1703. For devices in a cart, this policy skips all restart checks to ensure that the reboot will happen at ScheduledInstallTime. -
The following list shows the supported values: +The following list shows the supported values: - 0 - not configured - 1 - configured @@ -2490,11 +2490,11 @@ Supported values are 2, 4, 8, 12, or 24 (hours). > [!Important] > Starting in Windows 10, version 1703 this policy is not supported in Windows 10 Mobile Enteprise and IoT Mobile. -
Allows the device to check for updates from a WSUS server instead of Microsoft Update. This is useful for on-premise MDMs that need to update devices that cannot connect to the Internet. +Allows the device to check for updates from a WSUS server instead of Microsoft Update. This is useful for on-premise MDMs that need to update devices that cannot connect to the Internet. -
Supported operations are Get and Replace. +Supported operations are Get and Replace. -
The following list shows the supported values: +The following list shows the supported values: - Not configured. The device checks for updates from Microsoft Update. - Set to a URL, such as `http://abcd-srv:8530`. The device checks for updates from the WSUS server at the specified URL. @@ -2556,13 +2556,13 @@ Example -
Added in the January service release of Windows 10, version 1607. Specifies an alternate intranet server to host updates from Microsoft Update. You can then use this update service to automatically update computers on your network. +Added in the January service release of Windows 10, version 1607. Specifies an alternate intranet server to host updates from Microsoft Update. You can then use this update service to automatically update computers on your network. -
This setting lets you specify a server on your network to function as an internal update service. The Automatic Updates client will search this service for updates that apply to the computers on your network. +This setting lets you specify a server on your network to function as an internal update service. The Automatic Updates client will search this service for updates that apply to the computers on your network. -
To use this setting, you must set two server name values: the server from which the Automatic Updates client detects and downloads updates, and the server to which updated workstations upload statistics. You can set both values to be the same server. An optional server name value can be specified to configure Windows Update agent, and download updates from an alternate download server instead of WSUS Server. +To use this setting, you must set two server name values: the server from which the Automatic Updates client detects and downloads updates, and the server to which updated workstations upload statistics. You can set both values to be the same server. An optional server name value can be specified to configure Windows Update agent, and download updates from an alternate download server instead of WSUS Server. -
Value type is string and the default value is an empty string, "". If the setting is not configured, and if Automatic Updates is not disabled by policy or user preference, the Automatic Updates client connects directly to the Windows Update site on the Internet. +Value type is string and the default value is an empty string, "". If the setting is not configured, and if Automatic Updates is not disabled by policy or user preference, the Automatic Updates client connects directly to the Windows Update site on the Internet. > [!Note] > If the "Configure Automatic Updates" Group Policy is disabled, then this policy has no effect. diff --git a/windows/client-management/mdm/policy-csp-wifi.md b/windows/client-management/mdm/policy-csp-wifi.md index eb5a2581ab..043528cf1c 100644 --- a/windows/client-management/mdm/policy-csp-wifi.md +++ b/windows/client-management/mdm/policy-csp-wifi.md @@ -47,7 +47,7 @@ ms.date: 12/14/2017 **WiFi/AllowWiFiHotSpotReporting** -
This policy has been deprecated. +This policy has been deprecated. @@ -88,9 +88,9 @@ ms.date: 12/14/2017 -
Allow or disallow the device to automatically connect to Wi-Fi hotspots. +Allow or disallow the device to automatically connect to Wi-Fi hotspots. -
Most restricted value is 0. +Most restricted value is 0. @@ -138,9 +138,9 @@ The following list shows the supported values: -
Allow or disallow internet sharing. +Allow or disallow internet sharing. -
Most restricted value is 0. +Most restricted value is 0. @@ -188,9 +188,9 @@ The following list shows the supported values: -
Allow or disallow connecting to Wi-Fi outside of MDM server-installed networks. +Allow or disallow connecting to Wi-Fi outside of MDM server-installed networks. -
Most restricted value is 0. +Most restricted value is 0. > [!NOTE] > Setting this policy deletes any previously installed user-configured and Wi-Fi sense Wi-Fi profiles from the device. Certain Wi-Fi profiles that are not user configured nor Wi-Fi sense might not be deleted. In addition, not all non-MDM profiles are completely deleted. @@ -241,9 +241,9 @@ The following list shows the supported values: -
Allow or disallow WiFi connection. +Allow or disallow WiFi connection. -
Most restricted value is 0. +Most restricted value is 0. @@ -291,7 +291,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1703. Allow WiFi Direct connection.. +Added in Windows 10, version 1703. Allow WiFi Direct connection.. @@ -339,13 +339,13 @@ The following list shows the supported values: -
Allow an enterprise to control the WLAN scanning behavior and how aggressively devices should be actively scanning for Wi-Fi networks to get devices connected. +Allow an enterprise to control the WLAN scanning behavior and how aggressively devices should be actively scanning for Wi-Fi networks to get devices connected. -
Supported values are 0-500, where 100 = normal scan frequency and 500 = low scan frequency. +Supported values are 0-500, where 100 = normal scan frequency and 500 = low scan frequency. -
The default value is 0. +The default value is 0. -
Supported operations are Add, Delete, Get, and Replace. +Supported operations are Add, Delete, Get, and Replace. diff --git a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md index 88d40dca78..ff846b2bbe 100644 --- a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md +++ b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md @@ -117,9 +117,9 @@ ms.date: 12/29/2017 -
Added in Windows 10, version 1709. The company name that is displayed to the users. CompanyName is required for both EnableCustomizedToasts and EnableInAppCustomization. If you disable or do not configure this setting, or do not have EnableCustomizedToasts or EnableInAppCustomization enabled, then devices will not display the contact options. +Added in Windows 10, version 1709. The company name that is displayed to the users. CompanyName is required for both EnableCustomizedToasts and EnableInAppCustomization. If you disable or do not configure this setting, or do not have EnableCustomizedToasts or EnableInAppCustomization enabled, then devices will not display the contact options. -
Value type is string. Supported operations are Add, Get, Replace and Delete. +Value type is string. Supported operations are Add, Get, Replace and Delete. @@ -215,9 +215,9 @@ Valid values: -
Added in Windows 10, version 1709. Use this policy setting if you want to disable the display of the app and browser protection area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area. +Added in Windows 10, version 1709. Use this policy setting if you want to disable the display of the app and browser protection area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area. -
Value type is integer. Supported operations are Add, Get, Replace and Delete. +Value type is integer. Supported operations are Add, Get, Replace and Delete. @@ -321,12 +321,12 @@ Valid values: -
Added in Windows 10, version 1709. Use this policy if you want Windows Defender Security Center to only display notifications which are considered critical. If you disable or do not configure this setting, Windows Defender Security Center will display critical and non-critical notifications to users. +Added in Windows 10, version 1709. Use this policy if you want Windows Defender Security Center to only display notifications which are considered critical. If you disable or do not configure this setting, Windows Defender Security Center will display critical and non-critical notifications to users. > [!Note] > If Suppress notification is enabled then users will not see critical or non-critical messages. -
Value type is integer. Supported operations are Add, Get, Replace and Delete. +Value type is integer. Supported operations are Add, Get, Replace and Delete. @@ -374,9 +374,9 @@ The following list shows the supported values: -
Added in Windows 10, version 1709. Use this policy setting if you want to disable the display of the family options area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area. +Added in Windows 10, version 1709. Use this policy setting if you want to disable the display of the family options area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area. -
Value type is integer. Supported operations are Add, Get, Replace and Delete. +Value type is integer. Supported operations are Add, Get, Replace and Delete. @@ -424,9 +424,9 @@ The following list shows the supported values: -
Added in Windows 10, version 1709. Use this policy setting if you want to disable the display of the device performance and health area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area. +Added in Windows 10, version 1709. Use this policy setting if you want to disable the display of the device performance and health area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area. -
Value type is integer. Supported operations are Add, Get, Replace and Delete. +Value type is integer. Supported operations are Add, Get, Replace and Delete. @@ -474,9 +474,9 @@ The following list shows the supported values: -
Added in Windows 10, version 1709. Use this policy setting if you want to disable the display of the firewall and network protection area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area. +Added in Windows 10, version 1709. Use this policy setting if you want to disable the display of the firewall and network protection area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area. -
Value type is integer. Supported operations are Add, Get, Replace and Delete. +Value type is integer. Supported operations are Add, Get, Replace and Delete. @@ -524,9 +524,9 @@ The following list shows the supported values: -
Added in Windows 10, version 1709. Use this policy setting if you want to disable the display of Windows Defender Security Center notifications. If you disable or do not configure this setting, Windows Defender Security Center notifications will display on devices. +Added in Windows 10, version 1709. Use this policy setting if you want to disable the display of Windows Defender Security Center notifications. If you disable or do not configure this setting, Windows Defender Security Center notifications will display on devices. -
Value type is integer. Supported operations are Add, Get, Replace and Delete. +Value type is integer. Supported operations are Add, Get, Replace and Delete. @@ -574,9 +574,9 @@ The following list shows the supported values: -
Added in Windows 10, version 1709. Use this policy setting if you want to disable the display of the virus and threat protection area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area. +Added in Windows 10, version 1709. Use this policy setting if you want to disable the display of the virus and threat protection area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area. -
Value type is integer. Supported operations are Add, Get, Replace and Delete. +Value type is integer. Supported operations are Add, Get, Replace and Delete. @@ -624,9 +624,9 @@ The following list shows the supported values: -
Added in Windows 10, version 1709. Prevent users from making changes to the exploit protection settings area in the Windows Defender Security Center. If you disable or do not configure this setting, local users can make changes in the exploit protection settings area. +Added in Windows 10, version 1709. Prevent users from making changes to the exploit protection settings area in the Windows Defender Security Center. If you disable or do not configure this setting, local users can make changes in the exploit protection settings area. -
Value type is integer. Supported operations are Add, Get, Replace and Delete. +Value type is integer. Supported operations are Add, Get, Replace and Delete. @@ -674,9 +674,9 @@ The following list shows the supported values: -
Added in Windows 10, version 1709. The email address that is displayed to users. The default mail application is used to initiate email actions. If you disable or do not configure this setting, or do not have EnableCustomizedToasts or EnableInAppCustomization enabled, then devices will not display contact options. +Added in Windows 10, version 1709. The email address that is displayed to users. The default mail application is used to initiate email actions. If you disable or do not configure this setting, or do not have EnableCustomizedToasts or EnableInAppCustomization enabled, then devices will not display contact options. -
Value type is string. Supported operations are Add, Get, Replace and Delete. +Value type is string. Supported operations are Add, Get, Replace and Delete. @@ -717,9 +717,9 @@ The following list shows the supported values: -
Added in Windows 10, version 1709. Enable this policy to display your company name and contact options in the notifications. If you disable or do not configure this setting, or do not provide CompanyName and a minimum of one contact method (Phone using Skype, Email, Help portal URL) Windows Defender Security Center will display a default notification text. +Added in Windows 10, version 1709. Enable this policy to display your company name and contact options in the notifications. If you disable or do not configure this setting, or do not provide CompanyName and a minimum of one contact method (Phone using Skype, Email, Help portal URL) Windows Defender Security Center will display a default notification text. -
Value type is integer. Supported operations are Add, Get, Replace, and Delete. +Value type is integer. Supported operations are Add, Get, Replace, and Delete. @@ -767,9 +767,9 @@ The following list shows the supported values: -
Added in Windows 10, version 1709. Enable this policy to have your company name and contact options displayed in a contact card fly out in Windows Defender Security Center. If you disable or do not configure this setting, or do not provide CompanyName and a minimum of one contact method (Phone using Skype, Email, Help portal URL) Windows Defender Security Center will not display the contact card fly out notification. +Added in Windows 10, version 1709. Enable this policy to have your company name and contact options displayed in a contact card fly out in Windows Defender Security Center. If you disable or do not configure this setting, or do not provide CompanyName and a minimum of one contact method (Phone using Skype, Email, Help portal URL) Windows Defender Security Center will not display the contact card fly out notification. -
Value type is integer. Supported operations are Add, Get, Replace, and Delete. +Value type is integer. Supported operations are Add, Get, Replace, and Delete. @@ -979,9 +979,9 @@ Valid values: -
Added in Windows 10, version 1709. The phone number or Skype ID that is displayed to users. Skype is used to initiate the call. If you disable or do not configure this setting, or do not have EnableCustomizedToasts or EnableInAppCustomization enabled, then devices will not display contact options. +Added in Windows 10, version 1709. The phone number or Skype ID that is displayed to users. Skype is used to initiate the call. If you disable or do not configure this setting, or do not have EnableCustomizedToasts or EnableInAppCustomization enabled, then devices will not display contact options. -
Value type is string. Supported operations are Add, Get, Replace, and Delete. +Value type is string. Supported operations are Add, Get, Replace, and Delete. @@ -1022,9 +1022,9 @@ Valid values: -
Added in Windows 10, version 1709. The help portal URL this is displayed to users. The default browser is used to initiate this action. If you disable or do not configure this setting, or do not have EnableCustomizedToasts or EnableInAppCustomization enabled, then the device will not display contact options. +Added in Windows 10, version 1709. The help portal URL this is displayed to users. The default browser is used to initiate this action. If you disable or do not configure this setting, or do not have EnableCustomizedToasts or EnableInAppCustomization enabled, then the device will not display contact options. -
Value type is Value type is string. Supported operations are Add, Get, Replace, and Delete. +Value type is Value type is string. Supported operations are Add, Get, Replace, and Delete. diff --git a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md index eea3c2b2c4..53db2d066d 100644 --- a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md +++ b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md @@ -64,7 +64,7 @@ ms.date: 12/14/2017 -
Added in Windows 10, version 1607. Show recommended app suggestions in the ink workspace. +Added in Windows 10, version 1607. Show recommended app suggestions in the ink workspace. @@ -112,9 +112,9 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. Specifies whether to allow the user to access the ink workspace. +Added in Windows 10, version 1607. Specifies whether to allow the user to access the ink workspace. -
Value type is int. The following list shows the supported values: +Value type is int. The following list shows the supported values: - 0 - access to ink workspace is disabled. The feature is turned off. - 1 - ink workspace is enabled (feature is turned on), but the user cannot access it above the lock screen. diff --git a/windows/client-management/mdm/policy-csp-windowslogon.md b/windows/client-management/mdm/policy-csp-windowslogon.md index 2a237c5b45..9ee11366cd 100644 --- a/windows/client-management/mdm/policy-csp-windowslogon.md +++ b/windows/client-management/mdm/policy-csp-windowslogon.md @@ -187,9 +187,9 @@ ADMX Info: -
Added in Windows 10, version 1703. This policy setting allows you to hide the Switch account button on the sign-in screen, Start, and the Task Manager. If you enable this policy setting, the Switch account button is hidden from the user who is attempting to sign-in or is signed in to the computer that has this policy applied. If you disable or do not configure this policy setting, the Switch account button is accessible to the user in the three locations. +Added in Windows 10, version 1703. This policy setting allows you to hide the Switch account button on the sign-in screen, Start, and the Task Manager. If you enable this policy setting, the Switch account button is hidden from the user who is attempting to sign-in or is signed in to the computer that has this policy applied. If you disable or do not configure this policy setting, the Switch account button is accessible to the user in the three locations. -
To validate on Desktop, do the following: +To validate on Desktop, do the following: 1. Enable policy. 2. Verify that the Switch account button in Start is hidden. diff --git a/windows/client-management/mdm/policy-csp-wirelessdisplay.md b/windows/client-management/mdm/policy-csp-wirelessdisplay.md index a6b8d30818..e2de8af8b2 100644 --- a/windows/client-management/mdm/policy-csp-wirelessdisplay.md +++ b/windows/client-management/mdm/policy-csp-wirelessdisplay.md @@ -82,7 +82,7 @@ ms.date: 12/14/2017 -
Added in Windows 10, version 1709. This policy setting allows you to turn off the Wireless Display multicast DNS service advertisement from a Wireless Display receiver. If the network administrator is concerned about network congestion, they may set this policy to 0, disabling mDNS advertisement. +Added in Windows 10, version 1709. This policy setting allows you to turn off the Wireless Display multicast DNS service advertisement from a Wireless Display receiver. If the network administrator is concerned about network congestion, they may set this policy to 0, disabling mDNS advertisement. @@ -130,7 +130,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1709. This policy setting allows you to turn off discovering the display service advertised over multicast DNS by a Wireless Display receiver. If the network administrator is concerned about network congestion, they may set this policy to 0, disabling mDNS discovery. +Added in Windows 10, version 1709. This policy setting allows you to turn off discovering the display service advertised over multicast DNS by a Wireless Display receiver. If the network administrator is concerned about network congestion, they may set this policy to 0, disabling mDNS discovery. @@ -178,7 +178,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1703. This policy allows you to turn off projection from a PC. +Added in Windows 10, version 1703. This policy allows you to turn off projection from a PC. @@ -226,7 +226,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1703. This policy allows you to turn off projection from a PC over infrastructure. +Added in Windows 10, version 1703. This policy allows you to turn off projection from a PC over infrastructure. @@ -274,11 +274,11 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. Allow or disallow turning off the projection to a PC. +Added in Windows 10, version 1607. Allow or disallow turning off the projection to a PC. -
If you set it to 0 (zero), your PC is not discoverable and you cannot project to it. If you set it to 1, your PC is discoverable and you can project to it above the lock screen. The user has an option to turn it always on or always off except for manual launch. In PCs that support Miracast, after the policy is applied you can verify the setting from the user interface in **Settings** > **System** > **Projecting to this PC**. +If you set it to 0 (zero), your PC is not discoverable and you cannot project to it. If you set it to 1, your PC is discoverable and you can project to it above the lock screen. The user has an option to turn it always on or always off except for manual launch. In PCs that support Miracast, after the policy is applied you can verify the setting from the user interface in **Settings** > **System** > **Projecting to this PC**. -
Value type is integer. +Value type is integer. @@ -326,7 +326,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1703. This policy setting allows you to turn off projection to a PC over infrastructure. +Added in Windows 10, version 1703. This policy setting allows you to turn off projection to a PC over infrastructure. @@ -351,7 +351,7 @@ The following list shows the supported values: -
Added in Windows 10, version 1703. Setting this policy controls whether or not the wireless display can send input—keyboard, mouse, pen, and touch input if the display supports it—back to the source device. +Added in Windows 10, version 1703. Setting this policy controls whether or not the wireless display can send input—keyboard, mouse, pen, and touch input if the display supports it—back to the source device. @@ -399,11 +399,11 @@ The following list shows the supported values: -
Added in Windows 10, version 1607. Allow or disallow requirement for a PIN for pairing. +Added in Windows 10, version 1607. Allow or disallow requirement for a PIN for pairing. -
If you turn this on, the pairing ceremony for new devices will always require a PIN. If you turn this off or do not configure it, a PIN is not required for pairing. In PCs that support Miracast, after the policy is applied you can verify the setting from the user interface in **Settings** > **System** > **Projecting to this PC**. +If you turn this on, the pairing ceremony for new devices will always require a PIN. If you turn this off or do not configure it, a PIN is not required for pairing. In PCs that support Miracast, after the policy is applied you can verify the setting from the user interface in **Settings** > **System** > **Projecting to this PC**. -
Value type is integer. +Value type is integer.