mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-16 10:53:43 +00:00
fixing suggestions up to policy-csp-crypto
This commit is contained in:
Dani Halfin
@ -43,7 +43,7 @@ Defines restrictions for applications.
|
||||
Additional information:
|
||||
|
||||
- [Find publisher and product name of apps](#productname) - step-by-step guide for getting the publisher and product names for various Windows apps.
|
||||
- [Whitelist example](#whitelist-example) - example for Windows 10 Mobile that denies all apps except the ones listed.
|
||||
- [Whitelist examples](#whitelist-examples) - example for Windows 10 Mobile that denies all apps except the ones listed.
|
||||
|
||||
<a href="" id="enterprisedataprotection"></a>**EnterpriseDataProtection**
|
||||
Captures the list of apps that are allowed to handle enterprise data. Should be used in conjunction with the settings in **./Device/Vendor/MSFT/EnterpriseDataProtection** in [EnterpriseDataProtection CSP](enterprisedataprotection-csp.md).
|
||||
|
||||
@ -1078,7 +1078,7 @@ Specifies the properties of the publisher details.
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<td><p>architectures</p></td>
|
||||
<td><p>collection of <a href="#productarchitecture" data-raw-source="[ProductArchitecture](#productarchitecture)">ProductArchitecture</a></p></td>
|
||||
<td><p>collection of <a href="#productarchitectures" data-raw-source="[ProductArchitectures](#productarchitectures)">ProductArchitectures</a></p></td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
|
||||
@ -26,7 +26,7 @@ The content below are the different versions of the DDF for this CSP.
|
||||
- [EnterpriseAPN CSP version 1.1 DDF](#enterpriseapn-csp-version-1-1-ddf)
|
||||
- [EnterpriseAPN CSP version 1.2 DDF](#enterpriseapn-csp-version-1-2-ddf)
|
||||
|
||||
### EnterpriseAPN CSP version 1.0 DDF
|
||||
### <a id="enterpriseapn-csp-version-1-0-ddf" />EnterpriseAPN CSP version 1.0 DDF
|
||||
|
||||
``` syntax
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
@ -314,7 +314,7 @@ The content below are the different versions of the DDF for this CSP.
|
||||
</MgmtTree>
|
||||
```
|
||||
|
||||
### EnterpriseAPN CSP version 1.1 DDF
|
||||
### <a id="enterpriseapn-csp-version-1-1-ddf" />EnterpriseAPN CSP version 1.1 DDF
|
||||
|
||||
``` syntax
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
@ -739,7 +739,7 @@ The content below are the different versions of the DDF for this CSP.
|
||||
</MgmtTree>
|
||||
```
|
||||
|
||||
### EnterpriseAPN CSP version 1.2 DDF
|
||||
### <a id="enterpriseapn-csp-version-1-2-ddf" />EnterpriseAPN CSP version 1.2 DDF
|
||||
|
||||
``` syntax
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
@ -228,7 +228,7 @@ All Windows 10-based devices can be connected to an MDM. You can connect to an
|
||||
|
||||
|
||||
|
||||
4. Click the **Enroll only in device management** link (available in servicing build 14393.82, KB3176934) . For older builds, use [Connecting your Windows 10-based device to work using a deep link](#connecting-your-windows-10-based-device-to-work-using-a-deep-link).
|
||||
4. Click the **Enroll only in device management** link (available in servicing build 14393.82, KB3176934) . For older builds, use [Connecting your Windows 10-based device to work using a deep link](#cyw10dtw-using-a-deep-link).
|
||||
|
||||
|
||||
|
||||
@ -255,7 +255,7 @@ All Windows 10-based devices can be connected to an MDM. You can connect to an
|
||||
|
||||
|
||||
|
||||
3. Click the **Enroll only in device management** link. This is only available in the servicing build 14393.82 (KB3176934). For older builds, use [Connecting your Windows 10-based device to work using a deep link](#connecting-your-windows-10-based-device-to-work-using-a-deep-link).
|
||||
3. Click the **Enroll only in device management** link. This is only available in the servicing build 14393.82 (KB3176934). For older builds, use [Connecting your Windows 10-based device to work using a deep link](#cyw10dtw-using-a-deep-link).
|
||||
|
||||
|
||||
|
||||
@ -285,7 +285,7 @@ There are a few instances where your device may not be able to connect to work,
|
||||
|
||||
|
||||
|
||||
## Connecting your Windows 10-based device to work using a deep link
|
||||
## <a id="cyw10dtw-using-a-deep-link" /a>Connecting your Windows 10-based device to work using a deep link
|
||||
|
||||
|
||||
Windows 10-based devices may be connected to work using a deep link. Users will be able to click or open a link in a particular format from anywhere in Windows 10 and be directed to the new enrollment experience.
|
||||
|
||||
@ -33,7 +33,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s
|
||||
|
||||
- **Breaking changes and known issues**
|
||||
- [Get command inside an atomic command is not supported](#get-command-inside-an-atomic-command-is-not-supported)
|
||||
- [Notification channel URI not preserved during upgrade from Windows 8.1 to Windows 10](#notification-channel-uri-not-preserved-during-upgrade-from-windows-81-to-windows-10)
|
||||
- [Notification channel URI not preserved during upgrade from Windows 8.1 to Windows 10](#ncunpdufw81tw10)
|
||||
- [Apps installed using WMI classes are not removed](#apps-installed-using-wmi-classes-are-not-removed)
|
||||
- [Passing CDATA in SyncML does not work](#passing-cdata-in-syncml-does-not-work)
|
||||
- [SSL settings in IIS server for SCEP must be set to "Ignore"](#ssl-settings-in-iis-server-for-scep-must-be-set-to-ignore)
|
||||
@ -43,15 +43,15 @@ For details about Microsoft mobile device management protocols for Windows 10 s
|
||||
- [Version information for mobile devices](#version-information-for-mobile-devices)
|
||||
- [Upgrading Windows Phone 8.1 devices with app whitelisting using ApplicationRestriction policy has issues](#upgrading-windows-phone-81-devices-with-app-whitelisting-using-applicationrestriction-policy-has-issues)
|
||||
- [Apps dependent on Microsoft Frameworks may get blocked in phones prior to build 10586.218](#apps-dependent-on-microsoft-frameworks-may-get-blocked-in-phones-prior-to-build-10586218)
|
||||
- [Multiple certificates might cause Wi-Fi connection instabilities in Windows 10 Mobile](#multiple-certificates-might-cause-wi-fi-connection-instabilities-in-windows-10-mobile)
|
||||
- [Multiple certificates might cause Wi-Fi connection instabilities in Windows 10 Mobile](#mcmcwfciw10mobile)
|
||||
- [Remote PIN reset not supported in Azure Active Directory joined mobile devices](#remote-pin-reset-not-supported-in-azure-active-directory-joined-mobile-devices)
|
||||
- [MDM client will immediately check-in with the MDM server after client renews WNS channel URI](#mdm-client-will-immediately-check-in-with-the-mdm-server-after-client-renews-wns-channel-uri)
|
||||
- [User provisioning failure in Azure Active Directory joined Windows 10 PC](#user-provisioning-failure-in-azure-active-directory-joined-windows-10-pc)
|
||||
- [User provisioning failure in Azure Active Directory joined Windows 10 PC](#upfiaadjw10pc)
|
||||
- [Requirements to note for VPN certificates also used for Kerberos Authentication](#requirements-to-note-for-vpn-certificates-also-used-for-kerberos-authentication)
|
||||
- [Device management agent for the push-button reset is not working](#device-management-agent-for-the-push-button-reset-is-not-working)
|
||||
|
||||
- **Frequently Asked Questions**
|
||||
- [Can there be more than 1 MDM server to enroll and manage devices in Windows 10?](#can-there-be-more-than-1-mdm-server-to-enroll-and-manage-devices-in-windows-10)
|
||||
- [Can there be more than 1 MDM server to enroll and manage devices in Windows 10?](#ctbmt1mdmsteamdiw10)
|
||||
- [How do I set the maximum number of Azure Active Directory joined devices per user?](#how-do-i-set-the-maximum-number-of-azure-active-directory-joined-devices-per-user)
|
||||
- [What is dmwappushsvc?](#what-is-dmwappushsvc)
|
||||
|
||||
@ -1583,7 +1583,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s
|
||||
|
||||
In Windows 10, a Get command inside an atomic command is not supported. This was allowed in Windows Phone 8 and Windows Phone 8.1.
|
||||
|
||||
### Notification channel URI not preserved during upgrade from Windows 8.1 to Windows 10
|
||||
### <a id="ncunpdufw81tw10" /a>Notification channel URI not preserved during upgrade from Windows 8.1 to Windows 10
|
||||
|
||||
During an upgrade from Windows 8.1 to Windows 10, the notification channel URI information is not preserved. In addition, the MDM client loses the PFN, AppID, and client secret.
|
||||
|
||||
@ -1649,7 +1649,7 @@ Applies only to phone prior to build 10586.218: When ApplicationManagement/Appli
|
||||
<App ProductId="{00000000-0000-0000-0000-000000000000}" PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"/>
|
||||
```
|
||||
|
||||
### Multiple certificates might cause Wi-Fi connection instabilities in Windows 10 Mobile
|
||||
### <a id="mcmcwfciw10mobile" />Multiple certificates might cause Wi-Fi connection instabilities in Windows 10 Mobile
|
||||
|
||||
In your deployment, if you have multiple certificates provisioned on the device and the Wi-Fi profile provisioned does not have a strict filtering criteria, you may see connection failures when connecting to Wi-Fi. The solution is to ensure that the Wi-Fi profile provisioned has strict filtering criteria such that it matches only one certificate.
|
||||
|
||||
@ -1830,7 +1830,7 @@ In Windows 10 Mobile, remote PIN reset in Azure AD joined devices are not suppo
|
||||
|
||||
Starting in Windows 10, after the MDM client automatically renews the WNS channel URI, the MDM client will immediately check-in with the MDM server. Henceforth, for every MDM client check-in, the MDM server should send a GET request for "ProviderID/Push/ChannelURI" to retrieve the latest channel URI and compare it with the existing channel URI; then update the channel URI if necessary.
|
||||
|
||||
### User provisioning failure in Azure Active Directory joined Windows 10 PC
|
||||
### <a id="upfiaadjw10pc">User provisioning failure in Azure Active Directory joined Windows 10 PC
|
||||
|
||||
In Azure AD joined Windows 10 PC, provisioning /.User resources fails when the user is not logged in as an Azure AD user. If you attempt to join Azure AD from **Settings** > **System** > **About** user interface, make sure to log off and log on with Azure AD credentials to get your organizational configuration from your MDM server. This behavior is by design.
|
||||
|
||||
@ -1845,7 +1845,7 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
|
||||
## Frequently Asked Questions
|
||||
|
||||
|
||||
### **Can there be more than 1 MDM server to enroll and manage devices in Windows 10?**
|
||||
### <a id="ctbmt1mdmsteamdiw10" />**Can there be more than 1 MDM server to enroll and manage devices in Windows 10?**
|
||||
No. Only one MDM is allowed.
|
||||
|
||||
### **How do I set the maximum number of Azure Active Directory joined devices per user?**
|
||||
|
||||
@ -21,12 +21,12 @@ manager: dansimp
|
||||
|
||||
* [Cryptography/AllowFipsAlgorithmPolicy](#CryptographyAllowFipsAlgorithmPolicy)
|
||||
* [Cryptography/TLSCipherSuites](#CryptographyTLSCipherSuites)
|
||||
* [Cryptography/Microsoft Surface Hub](#Cryptography-policies-supported-by-Microsoft-Surface-Hub)
|
||||
* [Cryptography/Microsoft Surface Hub](#cryptography-policies-supported-by-microsoft-surface-hub)
|
||||
<hr/>
|
||||
|
||||
<!--Policy-->
|
||||
|
||||
# Cryptography/AllowFipsAlgorithmPolicy
|
||||
## <a id="CryptographyAllowFipsAlgorithmPolicy" />Cryptography/AllowFipsAlgorithmPolicy
|
||||
|
||||
<!--SupportedSKUs-->
|
||||
|
||||
@ -68,7 +68,7 @@ The following list shows the supported values:
|
||||
|
||||
<!--Policy-->
|
||||
|
||||
# Cryptography/TLSCipherSuites
|
||||
## <a id="CryptographyTLSCipherSuites" />Cryptography/TLSCipherSuites
|
||||
|
||||
<!--SupportedSKUs-->
|
||||
|Home|Pro|Business |Enterprise |Education |Mobile |Mobile Enterprise |
|
||||
@ -103,10 +103,10 @@ Footnote:
|
||||
<!--/Policies-->
|
||||
|
||||
<!--StartSurfaceHub-->
|
||||
# Cryptography policies supported by Microsoft Surface Hub
|
||||
## Cryptography policies supported by Microsoft Surface Hub
|
||||
|
||||
- [Cryptography/AllowFipsAlgorithmPolicy](#cryptography-allowfipsalgorithmpolicy)
|
||||
- [Cryptography/TLSCipherSuites](#cryptography-tlsciphersuites)
|
||||
- [Cryptography/AllowFipsAlgorithmPolicy](#CryptographyAllowFipsAlgorithmPolicy)
|
||||
- [Cryptography/TLSCipherSuites](#CryptographyTLSCipherSuites)
|
||||
<!--EndSurfaceHub-->
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user