deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 14:27:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'master' into nimishasatapathy-5556913-Defender

Browse Source
This commit is contained in:
Jeff Borsecnik 2022-01-18 12:08:41 -08:00 committed by GitHub
commit 6dcbc24605
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 253 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
windows/client-management/mdm/policy-csp-internetexplorer.md
View File

@ -212,6 +212,9 @@ manager: dansimp
<dd>
<a href="#internetexplorer-donotblockoutdatedactivexcontrolsonspecificdomains">InternetExplorer/DoNotBlockOutdatedActiveXControlsOnSpecificDomains</a>
</dd>
<dd>
<a href="#internetexplorer-enableextendediemodehotkeys">InternetExplorer/EnableExtendedIEModeHotkeys</a>
</dd>
<dd>
<a href="#internetexplorer-includealllocalsites">InternetExplorer/IncludeAllLocalSites</a>
</dd>
@ -4270,6 +4273,58 @@ ADMX Info:
<hr/>
<!--Policy-->
<a href="" id="internetexplorer-enableextendediemodehotkeys"></a>**InternetExplorer/EnableExtendedIEModeHotkeys**
<!--SupportedSKUs-->
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * User
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
This policy setting lets admins enable extended Microsoft Edge Internet Explorer mode hotkeys, such as "Ctrl+S" to have "Save as" functionality.
- If you enable this policy, extended hotkey functionality is enabled in Internet Explorer mode and work the same as Internet Explorer.
- If you disable, or don't configure this policy, extended hotkeys will not work in Internet Explorer mode.
<!--/Description-->
<!--SupportedValues-->
The following list shows the supported values:
- 0 (default) - Disabled.
- 1 - Enabled.
<!--/SupportedValues-->
<!--ADMXBacked-->
ADMX Info:
- GP Friendly name: *Allows enterprises to provide their users with a single-browser experience*
- GP name: *EnableExtendedIEModeHotkeys*
- GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management*
- GP ADMX file name: *inetres.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="internetexplorer-includealllocalsites"></a>**InternetExplorer/IncludeAllLocalSites**

51
windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
View File

@ -25,6 +25,8 @@ manager: dansimp
</dd>
<dd>
<a href="#localpoliciessecurityoptions-accounts-enableadministratoraccountstatus">LocalPoliciesSecurityOptions/Accounts_EnableAdministratorAccountStatus</a>
</dd> <dd>
<a href="#localpoliciessecurityoptions-accounts-enableguestaccountstatus">LocalPoliciesSecurityOptions/Accounts_EnableGuestAccountStatus</a>
</dd>
<dd>
<a href="#localpoliciessecurityoptions-accounts-limitlocalaccountuseofblankpasswordstoconsolelogononly">LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly</a>
@ -272,8 +274,55 @@ The following list shows the supported values:
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="localpoliciessecurityoptions-accounts-enableguestaccountstatus"></a>**LocalPoliciesSecurityOptions/Accounts_EnableGuestAccountStatus**
<!--SupportedSKUs-->
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
This setting allows the administrator to enable the guest Administrator account.
Value type is integer. Supported operations are Add, Get, Replace, and Delete.
<!--/Description-->
<!--RegistryMapped-->
GP Info:
- GP Friendly name: *Accounts: Enable Guest Account Status*
- GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
<!--/RegistryMapped-->
<!--SupportedValues-->
The following list shows the supported values:
- 0 - disabled (local Administrator account is disabled).
- 1 - enabled (local Administrator account is enabled).
<!--/SupportedValues-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="localpoliciessecurityoptions-accounts-limitlocalaccountuseofblankpasswordstoconsolelogononly"></a>**LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly**
<!--SupportedSKUs-->

163
windows/client-management/mdm/policy-csp-mixedreality.md
View File

@ -29,12 +29,21 @@ manager: dansimp
<dd>
<a href="#mixedreality-brightnessbuttondisabled">MixedReality/BrightnessButtonDisabled</a>
</dd>
<dd>
<a href="#mixedreality-configuremovingplatform">MixedReality/ConfigureMovingPlatform</a>
</dd>
<dd>
<a href="#mixedreality-fallbackdiagnostics">MixedReality/FallbackDiagnostics</a>
</dd>
<dd>
<a href="#mixedreality-headtrackingmode">MixedReality/HeadTrackingMode/a>
</dd>
<dd>
<a href="#mixedreality-microphonedisabled">MixedReality/MicrophoneDisabled</a>
</dd>
<dd>
<a href="#mixedreality-visitorautologon">MixedReality/VisitorAutoLogon</a>
</dd>
<dd>
<a href="#mixedreality-volumebuttondisabled">MixedReality/VolumeButtonDisabled</a>
</dd>
@ -49,8 +58,8 @@ manager: dansimp
|Windows Edition|Supported|
|--- |--- |
|HoloLens (1st gen) Development Edition|No|
|HoloLens (1st gen) Commercial Suite|No|
|HoloLens (first gen) Development Edition|No|
|HoloLens (first gen) Commercial Suite|No|
|HoloLens 2|Yes|
Steps to use this policy correctly:
@ -62,7 +71,7 @@ Steps to use this policy correctly:
1. Enroll HoloLens devices and verify both configurations get applied to the device.
1. Let Azure AD user 1 sign-in when internet is available. Once the user signs-in and Azure AD group membership is confirmed successfully, cache will be created.
1. Now Azure AD user 1 can take HoloLens offline and use it for kiosk mode as long as policy value allows for X number of days.
1. Steps 4 and 5 can be repeated for any other Azure AD user N. The key point is that any Azure AD user must sign in to device using Internet at least once. Then we can determine that they are member of Azure AD group to which Kiosk configuration is targeted.
1. Steps 4 and 5 can be repeated for any other Azure AD user N. The key point is that any Azure AD user must sign-in to device using Internet at least once. Then we can determine that they are member of Azure AD group to which Kiosk configuration is targeted.
> [!NOTE]
> Until step 4 is performed for a Azure AD user will experience failure behavior mentioned similar to “disconnected” environments.
@ -77,14 +86,14 @@ Steps to use this policy correctly:
|Windows Edition|Supported|
|--- |--- |
|HoloLens (1st gen) Development Edition|No|
|HoloLens (1st gen) Commercial Suite|No|
|HoloLens (first gen) Development Edition|No|
|HoloLens (first gen) Commercial Suite|No|
|HoloLens 2|Yes|
<!--/Description-->
This new AutoLogonUser policy controls whether a user will be automatically logged on. Some customers want to set up devices that are tied to an identity but don't want any sign in experience. Imagine picking up a device and using remote assist immediately. Or have a benefit of being able to rapidly distribute HoloLens devices and enable their end users to speed up login.
When the policy is set to a non-empty value, it specifies the email address of the auto log on user. The specified user must logon to the device at least once to enable autologon.
When the policy is set to a non-empty value, it specifies the email address of the auto log-on user. The specified user must logon to the device at least once to enable autologon.
The OMA-URI of new policy `./Device/Vendor/MSFT/Policy/Config/MixedReality/AutoLogonUser`
@ -92,7 +101,7 @@ The OMA-URI of new policy `./Device/Vendor/MSFT/Policy/Config/MixedReality/AutoL
String value
- User with the same email address will have autologon enabled.
On a device where this policy is configured, the user specified in the policy will need to log on at least once. Subsequent reboots of the device after the first logon will have the specified user automatically logged on. Only a single autologon user is supported. Once enabled, the automatically logged on user will not be able to log out manually. To log on as a different user, the policy must first be disabled.
On a device where this policy is configured, the user specified in the policy will need to log-on at least once. Subsequent reboots of the device after the first logon will have the specified user automatically logged on. Only a single autologon user is supported. Once enabled, the automatically logged on user will not be able to log out manually. To log-on as a different user, the policy must first be disabled.
> [!NOTE]
>
@ -133,8 +142,8 @@ Supported values are 0-60. The default value is 0 (day) and maximum value is 60
|Windows Edition|Supported|
|--- |--- |
|HoloLens (1st gen) Development Edition|No|
|HoloLens (1st gen) Commercial Suite|No|
|HoloLens (first gen) Development Edition|No|
|HoloLens (first gen) Commercial Suite|No|
|HoloLens 2|Yes|
<!--/SupportedSKUs-->
@ -167,6 +176,48 @@ The following list shows the supported values:
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="mixedreality-configuremovingplatform"></a>**MixedReality/ConfigureMovingPlatform**
<!--SupportedSKUs-->
|Windows Edition|Supported|
|--- |--- |
|HoloLens (first gen) Development Edition|No|
|HoloLens (first gen) Commercial Suite|No|
|HoloLens 2|Yes|
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
This policy controls the behavior of moving platform feature on Hololens 2, that is, whether it is turned off / on or it can be toggled by a user. It should only be used by customers who intend to use Hololens 2 in moving environments with low dynamic motion. For background information, see [HoloLens 2 Moving Platform Mode | Microsoft Docs](/hololens/hololens2-moving-platform#:~:text=Why%20Moving%20Platform%20Mode%20is%20Necessary%20HoloLens%20needs%2csimilar%20pieces%20of%20information%20from%20two%20separate%20sources:).
<!--/Description-->
<!--ADMXBacked-->
<!--/ADMXBacked-->
<!--SupportedValues-->
Integer
- 0 (Default) - Last set user's preference. Initial state is OFF and after that user's preference is persisted across reboots and is used to initialize the system.
- 1 Force off - Moving platform is disabled and cannot be changed by user.
- 2 Force on - Moving platform is enabled and cannot be changed by user.
<!--/SupportedValues-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="mixedreality-fallbackdiagnostics"></a>**MixedReality/FallbackDiagnostics**
@ -174,8 +225,8 @@ The following list shows the supported values:
|Windows Edition|Supported|
|--- |--- |
|HoloLens (1st gen) Development Edition|No|
|HoloLens (1st gen) Commercial Suite|No|
|HoloLens (first gen) Development Edition|No|
|HoloLens (first gen) Commercial Suite|No|
|HoloLens 2|Yes|
<!--/SupportedSKUs-->
@ -209,6 +260,47 @@ The following list shows the supported values:
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="mixedreality-headtrackingmode"></a>**MixedReality/HeadTrackingMode**
<!--SupportedSKUs-->
|Windows Edition|Supported|
|--- |--- |
|HoloLens (first gen) Development Edition|No|
|HoloLens (first gen) Commercial Suite|No|
|HoloLens 2|Yes|
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
This policy configures behavior of HUP to determine, which algorithm to use for head tracking. It requires a reboot for the policy to take effect.
<!--/Description-->
<!--ADMXBacked-->
<!--/ADMXBacked-->
<!--SupportedValues-->
The following list shows the supported values:
- 0 - Feature Default feature based / SLAM-based tracker (Default)
- 1 - Constellation LR constellation based tracker
<!--/SupportedValues-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="mixedreality-microphonedisabled"></a>**MixedReality/MicrophoneDisabled**
@ -216,8 +308,8 @@ The following list shows the supported values:
|Windows Edition|Supported|
|--- |--- |
|HoloLens (1st gen) Development Edition|No|
|HoloLens (1st gen) Commercial Suite|No|
|HoloLens (first gen) Development Edition|No|
|HoloLens (first gen) Commercial Suite|No|
|HoloLens 2|Yes|
<!--/SupportedSKUs-->
@ -257,8 +349,8 @@ The following list shows the supported values:
|Windows Edition|Supported|
|--- |--- |
|HoloLens (1st gen) Development Edition|No|
|HoloLens (1st gen) Commercial Suite|No|
|HoloLens (first gen) Development Edition|No|
|HoloLens (first gen) Commercial Suite|No|
|HoloLens 2|Yes|
<!--/SupportedSKUs-->
@ -291,4 +383,45 @@ The following list shows the supported values:
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="mixedreality-visitorautologon"></a>**MixedReality/VisitorAutoLogon**
<!--SupportedSKUs-->
|Windows Edition|Supported|
|--- |--- |
|HoloLens (first gen) Development Edition|No|
|HoloLens (first gen) Commercial Suite|No|
|HoloLens 2|Yes|
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
This policy controls whether a visitor user will be automatically logged in. Visitor users can only be created and logged in if an Assigned Access profile has been created targeting visitor users. A visitor user will only be automatically logged in if no other user has logged in on the device before.
<!--/Description-->
<!--ADMXBacked-->
<!--/ADMXBacked-->
<!--SupportedValues-->
The following list shows the supported values:
- 0 Disabled (Default)
- 1 Enabled
<!--/SupportedValues-->
<!--/Policy-->
<hr/>
<!--/Policies-->