From f62c7d6fcca211503f7796b788d87055de1609d6 Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Mon, 4 Jan 2021 19:10:00 +0530
Subject: [PATCH 01/25] updated-CSPimagesetting-4749599
---
windows/client-management/mdm/accounts-csp.md | 13 ++-
.../client-management/mdm/activesync-csp.md | 34 +++++++-
.../mdm/alljoynmanagement-csp.md | 32 +++++++-
.../mdm/applicationcontrol-csp.md | 29 ++++++-
.../client-management/mdm/applocker-csp.md | 52 +++++++++++-
.../mdm/assignedaccess-csp.md | 13 ++-
.../client-management/mdm/bitlocker-csp.md | 28 +++++--
.../mdm/certificatestore-csp.md | 82 ++++++++++++++++++-
windows/client-management/mdm/cleanpc-csp.md | 11 ++-
.../mdm/clientcertificateinstall-csp.md | 46 ++++++++++-
10 files changed, 308 insertions(+), 32 deletions(-)
diff --git a/windows/client-management/mdm/accounts-csp.md b/windows/client-management/mdm/accounts-csp.md
index 455f749b5b..8b64a258d4 100644
--- a/windows/client-management/mdm/accounts-csp.md
+++ b/windows/client-management/mdm/accounts-csp.md
@@ -17,9 +17,18 @@ manager: dansimp
The Accounts configuration service provider (CSP) is used by the enterprise (1) to rename a device, (2) to create a new local Windows account and join it to a local user group. This CSP was added in Windows 10, version 1803.
-The following diagram shows the Accounts configuration service provider in tree format.
+The following shows the Accounts configuration service provider in tree format.
-
+```
+./Device/Vendor/MSFT
+Accounts
+----Domain
+--------ComputerName
+----Users
+--------UserName
+------------Password
+------------LocalUserGroup
+```
**./Device/Vendor/MSFT/Accounts**
Root node.
diff --git a/windows/client-management/mdm/activesync-csp.md b/windows/client-management/mdm/activesync-csp.md
index 37f6157570..2021cdcfce 100644
--- a/windows/client-management/mdm/activesync-csp.md
+++ b/windows/client-management/mdm/activesync-csp.md
@@ -28,9 +28,39 @@ The ./Vendor/MSFT/ActiveSync path is deprecated, but will continue to work in th
-The following diagram shows the ActiveSync configuration service provider management objects in tree format as used by Open Mobile Alliance Device Management (OMA DM), OMA Client Provisioning, and Enterprise DM.
+The following shows the ActiveSync configuration service provider management objects in tree format as used by Open Mobile Alliance Device Management (OMA DM), OMA Client Provisioning, and Enterprise DM.
-
+```
+./Vendor/MSFT
+ActiveSync
+----Accounts
+--------Account GUID
+------------EmailAddress
+------------Domain
+------------AccountIcon
+------------AccountType
+------------AccountName
+------------Password
+------------ServerName
+------------UserName
+------------Options
+----------------CalendarAgeFilter
+----------------Logging
+----------------MailBodyType
+----------------MailHTMLTruncation
+----------------MailPlainTextTruncation
+----------------Schedule
+----------------UseSSL
+----------------MailAgeFilter
+----------------ContentTypes
+--------------------Content Type GUID
+------------------------Enabled
+------------------------Name
+------------Policies
+----------------MailBodyType
+----------------MaxMailAgeFilter
+
+```
**./User/Vendor/MSFT/ActiveSync**
The root node for the ActiveSync configuration service provider.
diff --git a/windows/client-management/mdm/alljoynmanagement-csp.md b/windows/client-management/mdm/alljoynmanagement-csp.md
index e4d45bd4fd..0ecc06657f 100644
--- a/windows/client-management/mdm/alljoynmanagement-csp.md
+++ b/windows/client-management/mdm/alljoynmanagement-csp.md
@@ -26,9 +26,37 @@ This CSP was added in Windows 10, version 1511.
For the firewall settings, note that PublicProfile and PrivateProfile are mutually exclusive. The Private Profile must be set on the directly on the device itself, and the only supported operation is Get. For PublicProfile, both Add and Get are supported. This CSP is intended to be used in conjunction with the AllJoyn Device System Bridge, and an understanding of the bridge will help when determining when and how to use this CSP. For more information, see [Device System Bridge (DSB) Project](https://go.microsoft.com/fwlink/p/?LinkId=615876) and [AllJoyn Device System Bridge](https://go.microsoft.com/fwlink/p/?LinkId=615877).
-The following diagram shows the AllJoynManagement configuration service provider in tree format
+The following shows the AllJoynManagement configuration service provider in tree format
-
+```
+./Vendor/MSFT
+AllJoynManagement
+----Configurations
+--------ServiceID
+------------Port
+----------------PortNum
+--------------------ConfigurableObjects
+------------------------CfgObjectPath
+----Credentials
+--------ServiceID
+------------Key
+----Firewall
+--------PublicProfile
+--------PrivateProfile
+----Services
+--------ServiceID
+------------AppId
+------------DeviceId
+------------AppName
+------------Manufacturer
+------------ModelNumber
+------------Description
+------------SoftwareVersion
+------------AJSoftwareVersion
+------------HardwareVersion
+----Options
+--------QueryIdleTime
+```
The following list describes the characteristics and parameters.
diff --git a/windows/client-management/mdm/applicationcontrol-csp.md b/windows/client-management/mdm/applicationcontrol-csp.md
index 2c64c89cd9..eecdc4da39 100644
--- a/windows/client-management/mdm/applicationcontrol-csp.md
+++ b/windows/client-management/mdm/applicationcontrol-csp.md
@@ -16,10 +16,33 @@ ms.date: 09/10/2020
Windows Defender Application Control (WDAC) policies can be managed from an MDM server or locally using PowerShell via the WMI Bridge through the ApplicationControl configuration service provider (CSP). The ApplicationControl CSP was added in Windows 10, version 1903. This CSP provides expanded diagnostic capabilities and support for [multiple policies](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies) (introduced in Windows 10, version 1903). It also provides support for rebootless policy deployment (introduced in Windows 10, version 1709). Unlike the [AppLocker CSP](applocker-csp.md), the ApplicationControl CSP correctly detects the presence of no-reboot option and consequently does not schedule a reboot.
Existing WDAC policies deployed using the AppLocker CSP's CodeIntegrity node can now be deployed using the ApplicationControl CSP URI. Although WDAC policy deployment via the AppLocker CSP will continue to be supported, all new feature work will be done in the ApplicationControl CSP only.
-The following diagram shows the ApplicationControl CSP in tree format.
-
-
+The following shows the ApplicationControl CSP in tree format.
+```
+./Vendor/MSFT
+ApplicationControl
+----Policies
+--------Policy GUID
+------------Policy
+------------PolicyInfo
+----------------Version
+----------------IsEffective
+----------------IsDeployed
+----------------IsAuthorized
+----------------Status
+----------------FriendlyName
+------------Token
+----------------TokenID
+----Tokens
+--------ID
+------------Token
+------------TokenInfo
+----------------Status
+------------PolicyIDs
+----------------Policy GUID
+----TenantID
+----DeviceID
+```
**./Vendor/MSFT/ApplicationControl**
Defines the root node for the ApplicationControl CSP.
diff --git a/windows/client-management/mdm/applocker-csp.md b/windows/client-management/mdm/applocker-csp.md
index 9904301173..7acc9e6194 100644
--- a/windows/client-management/mdm/applocker-csp.md
+++ b/windows/client-management/mdm/applocker-csp.md
@@ -17,10 +17,54 @@ ms.date: 11/19/2019
The AppLocker configuration service provider is used to specify which applications are allowed or disallowed. There is no user interface shown for apps that are blocked.
-The following diagram shows the AppLocker configuration service provider in tree format.
-
-
-
+The following shows the AppLocker configuration service provider in tree format.
+```
+./Vendor/MSFT
+AppLocker
+----ApplicationLaunchRestrictions
+--------Grouping
+------------EXE
+----------------Policy
+----------------EnforcementMode
+----------------NonInteractiveProcessEnforcement
+------------MSI
+----------------Policy
+----------------EnforcementMode
+------------Script
+----------------Policy
+----------------EnforcementMode
+------------StoreApps
+----------------Policy
+----------------EnforcementMode
+------------DLL
+----------------Policy
+----------------EnforcementMode
+----------------NonInteractiveProcessEnforcement
+------------CodeIntegrity
+----------------Policy
+----EnterpriseDataProtection
+--------Grouping
+------------EXE
+----------------Policy
+------------StoreApps
+----------------Policy
+----LaunchControl
+--------Grouping
+------------EXE
+----------------Policy
+----------------EnforcementMode
+------------StoreApps
+----------------Policy
+----------------EnforcementMode
+----FamilySafety
+--------Grouping
+------------EXE
+----------------Policy
+----------------EnforcementMode
+------------StoreApps
+----------------Policy
+----------------EnforcementMode
+```
**./Vendor/MSFT/AppLocker**
Defines the root node for the AppLocker configuration service provider.
diff --git a/windows/client-management/mdm/assignedaccess-csp.md b/windows/client-management/mdm/assignedaccess-csp.md
index 3a48ac399e..2d884149ce 100644
--- a/windows/client-management/mdm/assignedaccess-csp.md
+++ b/windows/client-management/mdm/assignedaccess-csp.md
@@ -29,10 +29,17 @@ For a step-by-step guide for setting up devices to run in kiosk mode, see [Set u
> [!Note]
> The AssignedAccess CSP is supported in Windows 10 Enterprise and Windows 10 Education. Starting from Windows 10, version 1709 it is also supported in Windows 10 Pro and Windows 10 S. Starting in Windows 10, version 1803, it is also supported in Windows Holographic for Business edition.
-The following diagram shows the AssignedAccess configuration service provider in tree format
-
-
+The following shows the AssignedAccess configuration service provider in tree format
+```
+./Vendor/MSFT
+AssignedAccess
+----KioskModeApp
+----Configuration
+----Status
+----ShellLauncher
+----StatusConfiguration
+```
**./Device/Vendor/MSFT/AssignedAccess**
Root node for the CSP.
diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md
index 652a24f8e4..ab755ed018 100644
--- a/windows/client-management/mdm/bitlocker-csp.md
+++ b/windows/client-management/mdm/bitlocker-csp.md
@@ -24,11 +24,29 @@ the setting configured by the admin.
For RequireDeviceEncryption and RequireStorageCardEncryption, the Get operation returns the actual status of enforcement to the admin, such as if Trusted Platform Module (TPM) protection is required and if encryption is required. And if the device has BitLocker enabled but with password protector, the status reported is 0. A Get operation on RequireDeviceEncryption does not verify that the a minimum PIN length is enforced (SystemDrivesMinimumPINLength).
-The following diagram shows the BitLocker configuration service provider in tree format.
-
-
-
-
+The following shows the BitLocker configuration service provider in tree format.
+```
+./Device/Vendor/MSFT
+BitLocker
+----RequireStorageCardEncryption
+----RequireDeviceEncryption
+----EncryptionMethodByDriveType
+----SystemDrivesRequireStartupAuthentication
+----SystemDrivesMinimumPINLength
+----SystemDrivesRecoveryMessage
+----SystemDrivesRecoveryOptions
+----FixedDrivesRecoveryOptions
+----FixedDrivesRequireEncryption
+----RemovableDrivesRequireEncryption
+----AllowWarningForOtherDiskEncryption
+----AllowStandardUserEncryption
+----ConfigureRecoveryPasswordRotation
+----RotateRecoveryPasswords
+----Status
+--------DeviceEncryptionStatus
+--------RotateRecoveryPasswordsStatus
+--------RotateRecoveryPasswordsRequestID
+```
**./Device/Vendor/MSFT/BitLocker**
Defines the root node for the BitLocker configuration service provider.
diff --git a/windows/client-management/mdm/certificatestore-csp.md b/windows/client-management/mdm/certificatestore-csp.md
index f709de39d0..11a929cd89 100644
--- a/windows/client-management/mdm/certificatestore-csp.md
+++ b/windows/client-management/mdm/certificatestore-csp.md
@@ -25,10 +25,86 @@ The CertificateStore configuration service provider is used to add secure socket
For the CertificateStore CSP, you cannot use the Replace command unless the node already exists.
-The following diagram shows the CertificateStore configuration service provider management object in tree format as used by both Open Mobile Alliance Device Management (OMA DM) and OMA Client Provisioning.
-
-
+The following shows the CertificateStore configuration service provider management object in tree format as used by both Open Mobile Alliance Device Management (OMA DM) and OMA Client Provisioning.
+```
+./Vendor/MSFT
+CertificateStore
+----ROOT
+--------*
+------------EncodedCertificate
+------------IssuedBy
+------------IssuedTo
+------------ValidFrom
+------------ValidTo
+------------TemplateName
+--------System
+------------*
+----------------EncodedCertificate
+----------------IssuedBy
+----------------IssuedTo
+----------------ValidFrom
+----------------ValidTo
+----------------TemplateName
+----MY
+--------User
+------------*
+----------------EncodedCertificate
+----------------IssuedBy
+----------------IssuedTo
+----------------ValidFrom
+----------------ValidTo
+----------------TemplateName
+--------SCEP
+------------*
+----------------Install
+--------------------ServerURL
+--------------------Challenge
+--------------------EKUMapping
+--------------------KeyUsage
+--------------------SubjectName
+--------------------KeyProtection
+--------------------RetryDelay
+--------------------RetryCount
+--------------------TemplateName
+--------------------KeyLength
+--------------------HashAlgrithm
+--------------------CAThumbPrint
+--------------------SubjectAlternativeNames
+--------------------ValidPeriod
+--------------------ValidPeriodUnit
+--------------------Enroll
+----------------CertThumbPrint
+----------------Status
+----------------ErrorCode
+--------WSTEP
+------------CertThumprint
+------------Renew
+----------------RenewPeriod
+----------------ServerURL
+----------------RetryInterval
+----------------ROBOSupport
+----------------Status
+----------------ErrorCode
+----------------LastRenewalAttemptTime
+----------------RenewNow
+----CA
+--------*
+------------EncodedCertificate
+------------IssuedBy
+------------IssuedTo
+------------ValidFrom
+------------ValidTo
+------------TemplateName
+--------System
+------------*
+----------------EncodedCertificate
+----------------IssuedBy
+----------------IssuedTo
+----------------ValidFrom
+----------------ValidTo
+----------------TemplateName
+```
**Root/System**
Defines the certificate store that contains root, or self-signed, certificates.
diff --git a/windows/client-management/mdm/cleanpc-csp.md b/windows/client-management/mdm/cleanpc-csp.md
index c70da05dae..a4433c6dcf 100644
--- a/windows/client-management/mdm/cleanpc-csp.md
+++ b/windows/client-management/mdm/cleanpc-csp.md
@@ -15,10 +15,13 @@ manager: dansimp
The CleanPC configuration service provider (CSP) allows removal of user-installed and pre-installed applications, with the option to persist user data. This CSP was added in Windows 10, version 1703.
-The following diagram shows the CleanPC configuration service provider in tree format.
-
-
-
+The following shows the CleanPC configuration service provider in tree format.
+```
+./Device/Vendor/MSFT
+CleanPC
+----CleanPCWithoutRetainingUserData
+----CleanPCRetainingUserData
+```
**./Device/Vendor/MSFT/CleanPC**
The root node for the CleanPC configuration service provider.
diff --git a/windows/client-management/mdm/clientcertificateinstall-csp.md b/windows/client-management/mdm/clientcertificateinstall-csp.md
index 0337dad577..a73a02c7c3 100644
--- a/windows/client-management/mdm/clientcertificateinstall-csp.md
+++ b/windows/client-management/mdm/clientcertificateinstall-csp.md
@@ -23,10 +23,48 @@ For PFX certificate installation and SCEP installation, the SyncML commands must
You can only set PFXKeyExportable to true if KeyLocation=3. For any other KeyLocation value, the CSP will fail.
-The following image shows the ClientCertificateInstall configuration service provider in tree format.
-
-
-
+The following shows the ClientCertificateInstall configuration service provider in tree format.
+```
+./Vendor/MSFT
+ClientCertificateInstall
+----PFXCertInstall
+--------UniqueID
+------------KeyLocation
+------------ContainerName
+------------PFXCertBlob
+------------PFXCertPassword
+------------PFXCertPasswordEncryptionType
+------------PFXKeyExportable
+------------Thumbprint
+------------Status
+------------PFXCertPasswordEncryptionStore
+----SCEP
+--------UniqueID
+------------Install
+----------------ServerURL
+----------------Challenge
+----------------EKUMapping
+----------------KeyUsage
+----------------SubjectName
+----------------KeyProtection
+----------------RetryDelay
+----------------RetryCount
+----------------TemplateName
+----------------KeyLength
+----------------HashAlgorithm
+----------------CAThumbprint
+----------------SubjectAlternativeNames
+----------------ValidPeriod
+----------------ValidPeriodUnits
+----------------ContainerName
+----------------CustomTextToShowInPrompt
+----------------Enroll
+----------------AADKeyIdentifierList
+------------CertThumbprint
+------------Status
+------------ErrorCode
+------------RespondentServerUrl
+```
**Device or User**
For device certificates, use ./Device/Vendor/MSFT path and for user certificates use ./User/Vendor/MSFT path.
From 8020accca2bbe93281b7fc361038af71d4e74d85 Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Wed, 6 Jan 2021 15:31:53 +0530
Subject: [PATCH 02/25] Updated_10ASCIIimages
---
.../mdm/cm-proxyentries-csp.md | 35 ++++++++++++-
windows/client-management/mdm/cmpolicy-csp.md | 17 +++++--
.../mdm/cmpolicyenterprise-csp.md | 18 +++++--
.../mdm/customdeviceui-csp.md | 12 +++--
windows/client-management/mdm/defender-csp.md | 39 +++++++++++++--
.../client-management/mdm/devdetail-csp.md | 38 ++++++++++++--
.../mdm/developersetup-csp.md | 19 +++++--
.../mdm/devicemanageability-csp.md | 15 ++++--
.../client-management/mdm/devicestatus-csp.md | 50 +++++++++++++++++--
windows/client-management/mdm/devinfo-csp.md | 14 ++++--
10 files changed, 220 insertions(+), 37 deletions(-)
diff --git a/windows/client-management/mdm/cm-proxyentries-csp.md b/windows/client-management/mdm/cm-proxyentries-csp.md
index 816b5c188b..0ebc77be54 100644
--- a/windows/client-management/mdm/cm-proxyentries-csp.md
+++ b/windows/client-management/mdm/cm-proxyentries-csp.md
@@ -25,10 +25,41 @@ The CM\_ProxyEntries configuration service provider is used to configure proxy c
-The following diagram shows the CM\_ProxyEntries configuration service provider management object in tree format as used by Open Mobile Alliance Client Provisioning (OMA CP) and OMA Device Management(OMA DM). Support for OMA DM was added in Windows 10, version 1607.
+The following shows the CM\_ProxyEntries configuration service provider management object in tree format as used by Open Mobile Alliance Client Provisioning (OMA CP) and OMA Device Management(OMA DM). Support for OMA DM was added in Windows 10, version 1607.
-
+```
+./Vendor/MSFT
+CM_ProxyEntries
+----Entry
+--------ConnectionName
+--------BypassLocal
+--------Enable
+--------Exception
+--------Password
+--------Port
+--------Server
+--------Type
+--------Username
+
+./Device/Vendor/MSFT
+Root
+
+
+./Vendor/MSFT
+./Device/Vendor/MSFT
+CM_ProxyEntries
+----Entry
+--------ConnectionName
+--------BypassLocal
+--------Enable
+--------Exception
+--------Password
+--------Port
+--------Server
+--------Type
+--------Username
+```
**entryname**
Defines the name of the connection proxy.
diff --git a/windows/client-management/mdm/cmpolicy-csp.md b/windows/client-management/mdm/cmpolicy-csp.md
index 67872d03da..35b6b90c40 100644
--- a/windows/client-management/mdm/cmpolicy-csp.md
+++ b/windows/client-management/mdm/cmpolicy-csp.md
@@ -28,10 +28,21 @@ Each policy entry identifies one or more applications in combination with a host
**Default Policies**: Policies are applied in order of their scope with the most specific policies considered before the more general policies. The phone’s default behavior applies to all applications and all domains and is only used when no other, more specific policy is available. The default policy is to use any available Wi-Fi network first and then any available APN.
-The following diagram shows the CMPolicy configuration service provider management object in tree format as used by both Open Mobile Alliance (OMA) Client Provisioning and OMA Device Management.
-
-
+The following shows the CMPolicy configuration service provider management object in tree format as used by both Open Mobile Alliance (OMA) Client Provisioning and OMA Device Management.
+```
+./Vendor/MSFT
+CMPolicy
+----PolicyName
+--------SID
+--------ClientType
+--------Host
+--------OrderedConnections
+--------Connections
+------------ConnXXX
+----------------ConnectionID
+----------------Type
+```
***policyName***
Defines the name of the policy.
diff --git a/windows/client-management/mdm/cmpolicyenterprise-csp.md b/windows/client-management/mdm/cmpolicyenterprise-csp.md
index df773dcb43..ebf14d1e7f 100644
--- a/windows/client-management/mdm/cmpolicyenterprise-csp.md
+++ b/windows/client-management/mdm/cmpolicyenterprise-csp.md
@@ -28,10 +28,20 @@ Each policy entry identifies one or more applications in combination with a host
**Default Policies**: Policies are applied in order of their scope with the most specific policies considered before the more general policies. The phone’s default behavior applies to all applications and all domains and is only used when no other, more specific policy is available. The default policy is to use any available Wi-Fi network first and then any available APN.
-The following diagram shows the CMPolicyEnterprise configuration service provider management object in tree format as used by both Open Mobile Alliance (OMA) Client Provisioning and OMA Device Management.
-
-
-
+The following shows the CMPolicyEnterprise configuration service provider management object in tree format as used by both Open Mobile Alliance (OMA) Client Provisioning and OMA Device Management.
+```
+./Vendor/MSFT
+CMPolicy
+----PolicyName
+--------SID
+--------ClientType
+--------Host
+--------OrderedConnections
+--------Connections
+------------ConnXXX
+----------------ConnectionID
+----------------Type
+```
***policyName***
Defines the name of the policy.
diff --git a/windows/client-management/mdm/customdeviceui-csp.md b/windows/client-management/mdm/customdeviceui-csp.md
index 17b165ed51..c108d8f343 100644
--- a/windows/client-management/mdm/customdeviceui-csp.md
+++ b/windows/client-management/mdm/customdeviceui-csp.md
@@ -15,12 +15,16 @@ ms.date: 06/26/2017
# CustomDeviceUI CSP
The CustomDeviceUI configuration service provider allows OEMs to implement their custom foreground application, as well as the background tasks to run on an IoT device running IoT Core. Only one foreground application is supported per device. Multiple background tasks are supported.
-The following diagram shows the CustomDeviceUI configuration service provider in tree format as used by both the Open Mobile Alliance (OMA) Device Management (DM) and OMA Client Provisioning.
+The following shows the CustomDeviceUI configuration service provider in tree format as used by both the Open Mobile Alliance (OMA) Device Management (DM) and OMA Client Provisioning.
> **Note** This configuration service provider only applies to Windows 10 IoT Core (IoT Core).
-
-
-
+```
+./Vendor/MSFT
+CustomDeviceUI
+----StartupAppID
+----BackgroundTasksToLaunch
+--------BackgroundTaskPackageName
+```
**./Vendor/MSFT/CustomDeviceUI**
The root node for the CustomDeviceUI configuration service provider. The supported operation is Get.
diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md
index da9959c0a2..8adac012f2 100644
--- a/windows/client-management/mdm/defender-csp.md
+++ b/windows/client-management/mdm/defender-csp.md
@@ -20,10 +20,41 @@ ms.date: 08/11/2020
The Windows Defender configuration service provider is used to configure various Windows Defender actions across the enterprise.
-The following image shows the Windows Defender configuration service provider in tree format.
-
-
-
+The following shows the Windows Defender configuration service provider in tree format.
+```
+./Vendor/MSFT
+Defender
+----Detections
+--------ThreatId
+------------Name
+------------URL
+------------Severity
+------------Category
+------------CurrentStatus
+------------ExecutionStatus
+------------InitialDetectionTime
+------------LastThreatStatusChangeTime
+------------NumberOfDetections
+----Health
+--------ComputerState
+--------DefenderEnabled
+--------RtpEnabled
+--------NisEnabled
+--------QuickScanOverdue
+--------FullScanOverdue
+--------SignatureOutOfDate
+--------RebootRequired
+--------FullScanRequired
+--------EngineVersion
+--------SignatureVersion
+--------DefenderVersion
+--------QuickScanTime
+--------FullScanTime
+--------QuickScanSigVersion
+--------FullScanSigVersion
+----Scan
+----UpdateSignature
+```
**Detections**
An interior node to group all threats detected by Windows Defender.
diff --git a/windows/client-management/mdm/devdetail-csp.md b/windows/client-management/mdm/devdetail-csp.md
index 11ab51bf9e..11ebbfad3c 100644
--- a/windows/client-management/mdm/devdetail-csp.md
+++ b/windows/client-management/mdm/devdetail-csp.md
@@ -21,10 +21,40 @@ The DevDetail configuration service provider handles the management object which
For the DevDetail CSP, you cannot use the Replace command unless the node already exists.
-The following diagram shows the DevDetail configuration service provider management object in tree format as used by OMA Device Management. The OMA Client Provisioning protocol is not supported for this configuration service provider.
-
-
-
+The following shows the DevDetail configuration service provider management object in tree format as used by OMA Device Management. The OMA Client Provisioning protocol is not supported for this configuration service provider.
+```
+.
+DevDetail
+----URI
+--------MaxDepth
+--------MaxTotLen
+--------MaxSegLen
+----DevTyp
+----OEM
+----FwV
+----SwV
+----HwV
+----LrgObj
+----Ext
+--------Microsoft
+------------MobileID
+------------RadioSwV
+------------Resolution
+------------CommercializationOperator
+------------ProcessorArchitecture
+------------ProcessorType
+------------OSPlatform
+------------LocalTime
+------------DeviceName
+------------TotalStorage
+------------TotalRAM
+--------WLANMACAddress
+--------VoLTEServiceSetting
+--------WlanIPv4Address
+--------WlanIPv6Address
+--------WlanDnsSuffix
+--------WlanSubnetMask
+```
**DevTyp**
Required. Returns the device model name /SystemProductName as a string.
diff --git a/windows/client-management/mdm/developersetup-csp.md b/windows/client-management/mdm/developersetup-csp.md
index 40e1d4d82e..382d2d379a 100644
--- a/windows/client-management/mdm/developersetup-csp.md
+++ b/windows/client-management/mdm/developersetup-csp.md
@@ -19,10 +19,21 @@ The DeveloperSetup configuration service provider (CSP) is used to configure Dev
> [!NOTE]
> The DeveloperSetup configuration service provider (CSP) is only supported in Windows 10 Holographic Enterprise edition and with runtime provisioning via provisioning packages. It is not supported in MDM.
-The following diagram shows the DeveloperSetup configuration service provider in tree format.
-
-
-
+The following shows the DeveloperSetup configuration service provider in tree format.
+```
+./Device/Vendor/MSFT
+DeveloperSetup
+----EnableDeveloperMode
+----DevicePortal
+--------Authentication
+------------Mode
+------------BasicAuth
+----------------Username
+----------------Password
+--------Connection
+------------HttpPort
+------------HttpsPort
+```
**DeveloperSetup**
The root node for the DeveloperSetup configuration service provider.
diff --git a/windows/client-management/mdm/devicemanageability-csp.md b/windows/client-management/mdm/devicemanageability-csp.md
index 3bf0368ffd..a5d62185ab 100644
--- a/windows/client-management/mdm/devicemanageability-csp.md
+++ b/windows/client-management/mdm/devicemanageability-csp.md
@@ -19,10 +19,17 @@ The DeviceManageability configuration service provider (CSP) is used retrieve th
For performance reasons DeviceManageability CSP directly reads the CSP version from the registry. Specifically, the value csp\_version is used to determine each of the CSP versions. The csp\_version is a value under each of the CSP registration keys. To have consistency on the CSP version, the CSP GetProperty implementation for CFGMGR\_PROPERTY\_SEMANTICTYPE has to be updated to read from the registry as well, so that the both paths return the same information.
-The following diagram shows the DeviceManageability configuration service provider in a tree format.
-
-
-
+The following shows the DeviceManageability configuration service provider in a tree format.
+```
+./Device/Vendor/MSFT
+DeviceManageability
+----Capabilities
+--------CSPVersions
+----Provider
+--------ProviderID
+------------ConfigInfo
+------------EnrollmentInfo
+```
**./Device/Vendor/MSFT/DeviceManageability**
Root node to group information about runtime MDM configuration capability on the target device.
diff --git a/windows/client-management/mdm/devicestatus-csp.md b/windows/client-management/mdm/devicestatus-csp.md
index 6ab35ba018..826af867cb 100644
--- a/windows/client-management/mdm/devicestatus-csp.md
+++ b/windows/client-management/mdm/devicestatus-csp.md
@@ -17,10 +17,52 @@ ms.date: 04/30/2019
The DeviceStatus configuration service provider is used by the enterprise to keep track of device inventory and query the state of compliance of these devices with their enterprise policies.
-The following image shows the DeviceStatus configuration service provider in tree format.
-
-
-
+The following shows the DeviceStatus configuration service provider in tree format.
+```
+./Vendor/MSFT
+DeviceStatus
+----SecureBootState
+----CellularIdentities
+--------IMEI
+------------IMSI
+------------ICCID
+------------PhoneNumber
+------------CommercializationOperator
+------------RoamingStatus
+------------RoamingCompliance
+----NetworkIdentifiers
+--------MacAddress
+------------IPAddressV4
+------------IPAddressV6
+------------IsConnected
+------------Type
+----Compliance
+--------EncryptionCompliance
+----TPM
+--------SpecificationVersion
+----OS
+--------Edition
+--------Mode
+----Antivirus
+--------SignatureStatus
+--------Status
+----Antispyware
+--------SignatureStatus
+--------Status
+----Firewall
+--------Status
+----UAC
+--------Status
+----Battery
+--------Status
+--------EstimatedChargeRemaining
+--------EstimatedRuntime
+----DomainName
+----DeviceGuard
+--------VirtualizationBasedSecurityHwReq
+--------VirtualizationBasedSecurityStatus
+--------LsaCfgCredGuardStatus
+```
**DeviceStatus**
The root node for the DeviceStatus configuration service provider.
diff --git a/windows/client-management/mdm/devinfo-csp.md b/windows/client-management/mdm/devinfo-csp.md
index ba02947ada..9bdd49666d 100644
--- a/windows/client-management/mdm/devinfo-csp.md
+++ b/windows/client-management/mdm/devinfo-csp.md
@@ -23,10 +23,16 @@ The DevInfo configuration service provider handles the managed object which prov
For the DevInfo CSP, you cannot use the Replace command unless the node already exists.
-The following diagram shows the DevInfo configuration service provider management object in tree format as used by OMA Device Management. The OMA Client provisioning protocol is not supported by this configuration service provider.
-
-
-
+The following shows the DevInfo configuration service provider management object in tree format as used by OMA Device Management. The OMA Client provisioning protocol is not supported by this configuration service provider.
+```
+.
+DevInfo
+----DevId
+----Man
+----Mod
+----DmV
+----Lang
+```
**DevId**
Required. Returns an application-specific global unique device identifier by default.
From 7c9a37418a930adf53278b2cec251a770ee87485 Mon Sep 17 00:00:00 2001
From: Nimisha Satapathy
Date: Wed, 6 Jan 2021 15:38:37 +0530
Subject: [PATCH 03/25] Update accounts-csp.md
---
windows/client-management/mdm/accounts-csp.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/client-management/mdm/accounts-csp.md b/windows/client-management/mdm/accounts-csp.md
index 8b64a258d4..498abd7018 100644
--- a/windows/client-management/mdm/accounts-csp.md
+++ b/windows/client-management/mdm/accounts-csp.md
@@ -11,7 +11,7 @@ ms.reviewer:
manager: dansimp
---
-# Accounts CSP
+# Accounts Configuration Service Provider
The Accounts configuration service provider (CSP) is used by the enterprise (1) to rename a device, (2) to create a new local Windows account and join it to a local user group. This CSP was added in Windows 10, version 1803.
From 75cf00729f89e1444f271ce06c942eb59c3f4b02 Mon Sep 17 00:00:00 2001
From: Nimisha Satapathy
Date: Tue, 12 Jan 2021 11:58:28 +0530
Subject: [PATCH 04/25] Update clientcertificateinstall-csp.md
---
windows/client-management/mdm/clientcertificateinstall-csp.md | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/windows/client-management/mdm/clientcertificateinstall-csp.md b/windows/client-management/mdm/clientcertificateinstall-csp.md
index a73a02c7c3..1c03fba879 100644
--- a/windows/client-management/mdm/clientcertificateinstall-csp.md
+++ b/windows/client-management/mdm/clientcertificateinstall-csp.md
@@ -37,7 +37,7 @@ ClientCertificateInstall
------------PFXKeyExportable
------------Thumbprint
------------Status
-------------PFXCertPasswordEncryptionStore
+------------PFXCertPasswordEncryptionStore (Added in Windows 10, version 1511)
----SCEP
--------UniqueID
------------Install
@@ -59,7 +59,7 @@ ClientCertificateInstall
----------------ContainerName
----------------CustomTextToShowInPrompt
----------------Enroll
-----------------AADKeyIdentifierList
+----------------AADKeyIdentifierList (Added in Windows, version 1703)
------------CertThumbprint
------------Status
------------ErrorCode
From 465ddb5f6ae9c578d213db114a56bff654429f6a Mon Sep 17 00:00:00 2001
From: Nimisha Satapathy
Date: Tue, 12 Jan 2021 16:07:49 +0530
Subject: [PATCH 05/25] Update clientcertificateinstall-csp.md
---
windows/client-management/mdm/clientcertificateinstall-csp.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/client-management/mdm/clientcertificateinstall-csp.md b/windows/client-management/mdm/clientcertificateinstall-csp.md
index 1c03fba879..577ec89810 100644
--- a/windows/client-management/mdm/clientcertificateinstall-csp.md
+++ b/windows/client-management/mdm/clientcertificateinstall-csp.md
@@ -59,7 +59,7 @@ ClientCertificateInstall
----------------ContainerName
----------------CustomTextToShowInPrompt
----------------Enroll
-----------------AADKeyIdentifierList (Added in Windows, version 1703)
+----------------AADKeyIdentifierList (Added in Windows 10, version 1703)
------------CertThumbprint
------------Status
------------ErrorCode
From e10dc9aef06b816ba3e8a4d1e90fa2fd44fb29c9 Mon Sep 17 00:00:00 2001
From: Nimisha Satapathy
Date: Tue, 12 Jan 2021 16:16:03 +0530
Subject: [PATCH 06/25] Update certificatestore-csp.md
---
windows/client-management/mdm/certificatestore-csp.md | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/windows/client-management/mdm/certificatestore-csp.md b/windows/client-management/mdm/certificatestore-csp.md
index 11a929cd89..6530d9473b 100644
--- a/windows/client-management/mdm/certificatestore-csp.md
+++ b/windows/client-management/mdm/certificatestore-csp.md
@@ -86,8 +86,8 @@ CertificateStore
----------------ROBOSupport
----------------Status
----------------ErrorCode
-----------------LastRenewalAttemptTime
-----------------RenewNow
+----------------LastRenewalAttemptTime (Added in Windows 10, version 1607)
+----------------RenewNow (Added in Windows 10, version 1607)
----CA
--------*
------------EncodedCertificate
From be8dc21749932527782872548d21674ec95f1eaf Mon Sep 17 00:00:00 2001
From: Nimisha Satapathy
Date: Tue, 12 Jan 2021 16:22:52 +0530
Subject: [PATCH 07/25] Update assignedaccess-csp.md
---
windows/client-management/mdm/assignedaccess-csp.md | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/windows/client-management/mdm/assignedaccess-csp.md b/windows/client-management/mdm/assignedaccess-csp.md
index 2d884149ce..d668351c0c 100644
--- a/windows/client-management/mdm/assignedaccess-csp.md
+++ b/windows/client-management/mdm/assignedaccess-csp.md
@@ -35,10 +35,10 @@ The following shows the AssignedAccess configuration service provider in tree fo
./Vendor/MSFT
AssignedAccess
----KioskModeApp
-----Configuration
-----Status
-----ShellLauncher
-----StatusConfiguration
+----Configuration (Added in Windows 10, version 1709)
+----Status (Added in Windows 10, version 1803)
+----ShellLauncher (Added in Windows 10, version 1803)
+----StatusConfiguration (Added in Windows 10, version 1803)
```
**./Device/Vendor/MSFT/AssignedAccess**
Root node for the CSP.
From 17dc05b10cf426a2bf4449b09eef8eb5f4c81e51 Mon Sep 17 00:00:00 2001
From: Nimisha Satapathy
Date: Tue, 12 Jan 2021 16:41:21 +0530
Subject: [PATCH 08/25] Update devicemanageability-csp.md
---
windows/client-management/mdm/devicemanageability-csp.md | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/windows/client-management/mdm/devicemanageability-csp.md b/windows/client-management/mdm/devicemanageability-csp.md
index a5d62185ab..ce797017a7 100644
--- a/windows/client-management/mdm/devicemanageability-csp.md
+++ b/windows/client-management/mdm/devicemanageability-csp.md
@@ -25,10 +25,10 @@ The following shows the DeviceManageability configuration service provider in a
DeviceManageability
----Capabilities
--------CSPVersions
-----Provider
---------ProviderID
-------------ConfigInfo
-------------EnrollmentInfo
+----Provider (Added in Windows 10, version 1709)
+--------ProviderID (Added in Windows 10, version 1709)
+------------ConfigInfo (Added in Windows 10, version 1709)
+------------EnrollmentInfo (Added in Windows 10, version 1709)
```
**./Device/Vendor/MSFT/DeviceManageability**
Root node to group information about runtime MDM configuration capability on the target device.
From 2583d8758c6e963a44fb3ef10d3a365c4e5a406a Mon Sep 17 00:00:00 2001
From: Nimisha Satapathy
Date: Tue, 12 Jan 2021 16:50:29 +0530
Subject: [PATCH 09/25] Update devdetail-csp.md
---
windows/client-management/mdm/devdetail-csp.md | 3 +++
1 file changed, 3 insertions(+)
diff --git a/windows/client-management/mdm/devdetail-csp.md b/windows/client-management/mdm/devdetail-csp.md
index 11ebbfad3c..5caaea5ac1 100644
--- a/windows/client-management/mdm/devdetail-csp.md
+++ b/windows/client-management/mdm/devdetail-csp.md
@@ -46,14 +46,17 @@ DevDetail
------------OSPlatform
------------LocalTime
------------DeviceName
+------------DNSComputerName (Added in Windows 10, version 2004)
------------TotalStorage
------------TotalRAM
+------------SMBIOSSerialNumber (Added in Windows 10, version 1809)
--------WLANMACAddress
--------VoLTEServiceSetting
--------WlanIPv4Address
--------WlanIPv6Address
--------WlanDnsSuffix
--------WlanSubnetMask
+--------DeviceHardwareData (Added in Windows 10, version 1703)
```
**DevTyp**
Required. Returns the device model name /SystemProductName as a string.
From bad1addeddfc52c413b1b076fdac39a45406fb23 Mon Sep 17 00:00:00 2001
From: Nimisha Satapathy
Date: Wed, 13 Jan 2021 00:47:24 +0530
Subject: [PATCH 10/25] Update certificatestore-csp.md
---
windows/client-management/mdm/certificatestore-csp.md | 1 +
1 file changed, 1 insertion(+)
diff --git a/windows/client-management/mdm/certificatestore-csp.md b/windows/client-management/mdm/certificatestore-csp.md
index 6530d9473b..35dea13837 100644
--- a/windows/client-management/mdm/certificatestore-csp.md
+++ b/windows/client-management/mdm/certificatestore-csp.md
@@ -88,6 +88,7 @@ CertificateStore
----------------ErrorCode
----------------LastRenewalAttemptTime (Added in Windows 10, version 1607)
----------------RenewNow (Added in Windows 10, version 1607)
+----------------RetryAfterExpiryInterval (Added in Windows 10, version 1703)
----CA
--------*
------------EncodedCertificate
From 6fe36d5290b92581d9ffac47857f5c76022d4ab3 Mon Sep 17 00:00:00 2001
From: Nimisha Satapathy
Date: Wed, 13 Jan 2021 00:58:57 +0530
Subject: [PATCH 11/25] Update defender-csp.md
---
windows/client-management/mdm/defender-csp.md | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md
index 8adac012f2..ac87d2946e 100644
--- a/windows/client-management/mdm/defender-csp.md
+++ b/windows/client-management/mdm/defender-csp.md
@@ -36,6 +36,7 @@ Defender
------------LastThreatStatusChangeTime
------------NumberOfDetections
----Health
+--------ProductStatus (Added in Windows 10 version 1809)
--------ComputerState
--------DefenderEnabled
--------RtpEnabled
@@ -52,8 +53,15 @@ Defender
--------FullScanTime
--------QuickScanSigVersion
--------FullScanSigVersion
+--------TamperProtectionEnabled (Added in Windows 10, version 1903)
+--------IsVirtualMachine (Added in Windows 10, version 1903)
+----Configuration (Added in Windows 10, version 1903)
+--------TamperProetection (Added in Windows 10, version 1903)
+--------EnableFileHashcomputation (Added in Windows 10, version 1903)
+--------SupportLogLocation (Added in the next major release of Windows 10)
----Scan
----UpdateSignature
+----OfflineScan (Added in Windows 10 version 1803)
```
**Detections**
An interior node to group all threats detected by Windows Defender.
From 4f74a48981f5c4c3cb4e9a355bef96f13676106d Mon Sep 17 00:00:00 2001
From: ImranHabib <47118050+joinimran@users.noreply.github.com>
Date: Mon, 15 Feb 2021 12:15:47 +0500
Subject: [PATCH 12/25] Added error code info
If users doesn't have permission to join AAD, they will also get an error 0x801C03ED. Added instructions for the same.
Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/8971
---
.../hello-for-business/hello-errors-during-pin-creation.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md b/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md
index b7bc415c06..a9b8b68b90 100644
--- a/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md
+++ b/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md
@@ -65,7 +65,7 @@ If the error occurs again, check the error code against the following table to s
| 0x801C03EA | Server failed to authorize user or device. | Check if the token is valid and user has permission to register Windows Hello for Business keys. |
| 0x801C03EB | Server response http status is not valid | Sign out and then sign in again. |
| 0x801C03EC | Unhandled exception from server. | sign out and then sign in again. |
-| 0x801C03ED | Multi-factor authentication is required for a 'ProvisionKey' operation, but was not performed.
-or-
Token was not found in the Authorization header.
-or-
Failed to read one or more objects.
-or-
The request sent to the server was invalid. | Sign out and then sign in again. If that doesn't resolve the issue, unjoin the device from Azure Active Directory (Azure AD) and rejoin.
+| 0x801C03ED | Multi-factor authentication is required for a 'ProvisionKey' operation, but was not performed.
-or-
Token was not found in the Authorization header.
-or-
Failed to read one or more objects.
-or-
The request sent to the server was invalid.
-or-
User does not have permissions to join the Azure Active Directory (Azure AD) | Sign out and then sign in again. If that doesn't resolve the issue, unjoin the device from Azure Active Directory (Azure AD) and rejoin.
Allow user(s) to join to Azure Active Directory (Azure AD) under Azure Active Directory (Azure AD) Device settings.
| 0x801C03EE | Attestation failed. | Sign out and then sign in again. |
| 0x801C03EF | The AIK certificate is no longer valid. | Sign out and then sign in again. |
| 0x801C03F2 | Windows Hello key registration failed. | ERROR\_BAD\_DIRECTORY\_REQUEST. Another object with the same value for property proxyAddresses already exists. To resolve the issue, refer to [Duplicate Attributes Prevent Dirsync](https://docs.microsoft.com/office365/troubleshoot/administration/duplicate-attributes-prevent-dirsync). Also, if no sync conflict exists, please verify that the "Mail/Email address" in AAD and the Primary SMTP address are the same in the proxy address.
From a06e90fccdbb0d3010eed6d2d56dde56663cc5b6 Mon Sep 17 00:00:00 2001
From: ImranHabib <47118050+joinimran@users.noreply.github.com>
Date: Mon, 15 Feb 2021 12:48:59 +0500
Subject: [PATCH 13/25] Update
windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md
Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
.../hello-for-business/hello-errors-during-pin-creation.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md b/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md
index a9b8b68b90..b3c3b7a810 100644
--- a/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md
+++ b/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md
@@ -65,7 +65,7 @@ If the error occurs again, check the error code against the following table to s
| 0x801C03EA | Server failed to authorize user or device. | Check if the token is valid and user has permission to register Windows Hello for Business keys. |
| 0x801C03EB | Server response http status is not valid | Sign out and then sign in again. |
| 0x801C03EC | Unhandled exception from server. | sign out and then sign in again. |
-| 0x801C03ED | Multi-factor authentication is required for a 'ProvisionKey' operation, but was not performed.
-or-
Token was not found in the Authorization header.
-or-
Failed to read one or more objects.
-or-
The request sent to the server was invalid.
-or-
User does not have permissions to join the Azure Active Directory (Azure AD) | Sign out and then sign in again. If that doesn't resolve the issue, unjoin the device from Azure Active Directory (Azure AD) and rejoin.
Allow user(s) to join to Azure Active Directory (Azure AD) under Azure Active Directory (Azure AD) Device settings.
+| 0x801C03ED | Multi-factor authentication is required for a 'ProvisionKey' operation, but was not performed.
-or-
Token was not found in the Authorization header.
-or-
Failed to read one or more objects.
-or-
The request sent to the server was invalid.
-or-
User does not have permissions to join to Azure AD. | Sign out and then sign in again. If that doesn't resolve the issue, unjoin the device from Azure AD and rejoin.
Allow user(s) to join to Azure AD under Azure AD Device settings.
| 0x801C03EE | Attestation failed. | Sign out and then sign in again. |
| 0x801C03EF | The AIK certificate is no longer valid. | Sign out and then sign in again. |
| 0x801C03F2 | Windows Hello key registration failed. | ERROR\_BAD\_DIRECTORY\_REQUEST. Another object with the same value for property proxyAddresses already exists. To resolve the issue, refer to [Duplicate Attributes Prevent Dirsync](https://docs.microsoft.com/office365/troubleshoot/administration/duplicate-attributes-prevent-dirsync). Also, if no sync conflict exists, please verify that the "Mail/Email address" in AAD and the Primary SMTP address are the same in the proxy address.
From 22898271f29af4b5a2ae09a2a5db05bd302170c1 Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Mon, 22 Feb 2021 19:45:05 +0530
Subject: [PATCH 14/25] updated
---
windows/client-management/mdm/TOC.md | 1 -
...-policy-csp-supported-by-iot-enterprise.md | 52 +------------------
.../policy-configuration-service-provider.md | 1 -
3 files changed, 1 insertion(+), 53 deletions(-)
diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md
index 3675333e76..47233d4219 100644
--- a/windows/client-management/mdm/TOC.md
+++ b/windows/client-management/mdm/TOC.md
@@ -165,7 +165,6 @@
#### [Policies in Policy CSP supported by HoloLens 2](policy-csps-supported-by-hololens2.md)
#### [Policies in Policy CSP supported by HoloLens (1st gen) Commercial Suite](policy-csps-supported-by-hololens-1st-gen-commercial-suite.md)
#### [Policies in Policy CSP supported by HoloLens (1st gen) Development Edition](policy-csps-supported-by-hololens-1st-gen-development-edition.md)
-#### [Policies in Policy CSP supported by Windows 10 IoT Enterprise](policy-csps-supported-by-iot-enterprise.md)
#### [Policies in Policy CSP supported by Windows 10 IoT Core](policy-csps-supported-by-iot-core.md)
#### [Policies in Policy CSP supported by Microsoft Surface Hub](policy-csps-supported-by-surface-hub.md)
#### [Policy CSPs that can be set using Exchange Active Sync (EAS)](policy-csps-that-can-be-set-using-eas.md)
diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-enterprise.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-enterprise.md
index afb79c5bfe..acaea068a8 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-enterprise.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-enterprise.md
@@ -16,57 +16,7 @@ ms.date: 07/18/2019
> [!div class="op_single_selector"]
>
-> - [IoT Enterprise](policy-csps-supported-by-iot-enterprise.md)
-> - [IoT Core](policy-csps-supported-by-iot-core.md)
->
-
-- [InternetExplorer/AllowEnhancedSuggestionsInAddressBar](policy-csp-internetexplorer.md#internetexplorer-allowenhancedsuggestionsinaddressbar)
-- [InternetExplorer/DisableActiveXVersionListAutoDownload](policy-csp-internetexplorer.md#internetexplorer-disableactivexversionlistautodownload)
-- [InternetExplorer/DisableCompatView](policy-csp-internetexplorer.md#internetexplorer-disablecompatview)
-- [InternetExplorer/DisableFeedsBackgroundSync](policy-csp-internetexplorer.md#internetexplorer-disablefeedsbackgroundsync)
-- [InternetExplorer/DisableGeolocation](policy-csp-internetexplorer.md#internetexplorer-disablegeolocation)
-- [InternetExplorer/DisableWebAddressAutoComplete](policy-csp-internetexplorer.md#internetexplorer-disablewebaddressautocomplete)
-- [InternetExplorer/NewTabDefaultPage](policy-csp-internetexplorer.md#internetexplorer-newtabdefaultpage)
-- [DeliveryOptimization/DOAbsoluteMaxCacheSize](policy-csp-deliveryoptimization.md#deliveryoptimization-doabsolutemaxcachesize)
-- [DeliveryOptimization/DOAllowVPNPeerCaching](policy-csp-deliveryoptimization.md#deliveryoptimization-doallowvpnpeercaching)
-- [DeliveryOptimization/DOCacheHost](policy-csp-deliveryoptimization.md#deliveryoptimization-docachehost)
-- [DeliveryOptimization/DOCacheHostSource](policy-csp-deliveryoptimization.md#deliveryoptimization-docachehostsource)
-- [DeliveryOptimization/DODelayBackgroundDownloadFromHttp](policy-csp-deliveryoptimization.md#deliveryoptimization-dodelaybackgrounddownloadfromhttp)
-- [DeliveryOptimization/DODelayForegroundDownloadFromHttp](policy-csp-deliveryoptimization.md#deliveryoptimization-dodelayforegrounddownloadfromhttp)
-- [DeliveryOptimization/DODelayCacheServerFallbackBackground](policy-csp-deliveryoptimization.md#deliveryoptimization-dodelaycacheserverfallbackbackground)
-- [DeliveryOptimization/DODelayCacheServerFallbackForeground](policy-csp-deliveryoptimization.md#deliveryoptimization-dodelaycacheserverfallbackforeground)
-- [DeliveryOptimization/DODownloadMode](policy-csp-deliveryoptimization.md#deliveryoptimization-dodownloadmode)
-- [DeliveryOptimization/DOGroupId](policy-csp-deliveryoptimization.md#deliveryoptimization-dogroupid)
-- [DeliveryOptimization/DOGroupIdSource](policy-csp-deliveryoptimization.md#deliveryoptimization-dogroupidsource)
-- [DeliveryOptimization/DOMaxBackgroundDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxbackgrounddownloadbandwidth)
-- [DeliveryOptimization/DOMaxCacheAge](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxcacheage)
-- [DeliveryOptimization/DOMaxCacheSize](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxcachesize)
-- [DeliveryOptimization/DOMaxDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxdownloadbandwidth) (deprecated)
-- [DeliveryOptimization/DOMaxForegroundDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxforegrounddownloadbandwidth)
-- [DeliveryOptimization/DOMaxUploadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxuploadbandwidth) (deprecated)
-- [DeliveryOptimization/DOMinBackgroundQos](policy-csp-deliveryoptimization.md#deliveryoptimization-dominbackgroundqos)
-- [DeliveryOptimization/DOMinBatteryPercentageAllowedToUpload](policy-csp-deliveryoptimization.md#deliveryoptimization-dominbatterypercentageallowedtoupload)
-- [DeliveryOptimization/DOMinDiskSizeAllowedToPeer](policy-csp-deliveryoptimization.md#deliveryoptimization-domindisksizeallowedtopeer)
-- [DeliveryOptimization/DOMinFileSizeToCache](policy-csp-deliveryoptimization.md#deliveryoptimization-dominfilesizetocache)
-- [DeliveryOptimization/DOMinRAMAllowedToPeer](policy-csp-deliveryoptimization.md#deliveryoptimization-dominramallowedtopeer)
-- [DeliveryOptimization/DOModifyCacheDrive](policy-csp-deliveryoptimization.md#deliveryoptimization-domodifycachedrive)
-- [DeliveryOptimization/DOMonthlyUploadDataCap](policy-csp-deliveryoptimization.md#deliveryoptimization-domonthlyuploaddatacap)
-- [DeliveryOptimization/DOPercentageMaxBackgroundBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-dopercentagemaxbackgroundbandwidth)
-- [DeliveryOptimization/DOPercentageMaxDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-dopercentagemaxdownloadbandwidth) (deprecated)
-- [DeliveryOptimization/DOPercentageMaxForegroundBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-dopercentagemaxforegroundbandwidth)
-- [DeliveryOptimization/DORestrictPeerSelectionBy](policy-csp-deliveryoptimization.md#deliveryoptimization-dorestrictpeerselectionby)
-- [DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-dosethourstolimitbackgrounddownloadbandwidth)
-- [DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-dosethourstolimitforegrounddownloadbandwidth)
-- [DeviceHealthMonitoring/AllowDeviceHealthMonitoring](policy-csp-devicehealthmonitoring.md#devicehealthmonitoring-allowdevicehealthmonitoring)
-- [DeviceHealthMonitoring/ConfigDeviceHealthMonitoringScope](policy-csp-devicehealthmonitoring.md#devicehealthmonitoring-configdevicehealthmonitoringscope)
-- [DeviceHealthMonitoring/ConfigDeviceHealthMonitoringUploadDestination](policy-csp-devicehealthmonitoring.md#devicehealthmonitoring-configdevicehealthmonitoringuploaddestination)
-- [Privacy/LetAppsActivateWithVoice](policy-csp-privacy.md#privacy-letappsactivatewithvoice)
-- [Privacy/LetAppsActivateWithVoiceAboveLock](policy-csp-privacy.md#privacy-letappsactivatewithvoiceabovelock)
-- [Update/ConfigureDeadlineForFeatureUpdates](policy-csp-update.md#update-configuredeadlineforfeatureupdates)
-- [Update/ConfigureDeadlineForQualityUpdates](policy-csp-update.md#update-configuredeadlineforqualityupdates)
-- [Update/ConfigureDeadlineGracePeriod](policy-csp-update.md#update-configuredeadlinegraceperiod)
-- [Update/ConfigureDeadlineNoAutoReboot](policy-csp-update.md#update-configuredeadlinenoautoreboot)
-- [Update/SetProxyBehaviorForUpdateDetection](policy-csp-update.md#update-setproxybehaviorforupdatedetection)
+> [IoT Core](policy-csps-supported-by-iot-core.md)
## Related topics
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 5056143d53..a6c6b7bec6 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -8560,7 +8560,6 @@ The following diagram shows the Policy configuration service provider in tree fo
- [Policies in Policy CSP supported by HoloLens (1st gen) Development Edition](policy-csps-supported-by-hololens-1st-gen-development-edition.md)
## Policies in Policy CSP supported by Windows 10 IoT
-- [Policies in Policy CSP supported by Windows 10 IoT Enterprise](policy-csps-supported-by-iot-enterprise.md)
- [Policies in Policy CSP supported by Windows 10 IoT Core](policy-csps-supported-by-iot-core.md)
## Policies in Policy CSP supported by Microsoft Surface Hub
From f7ada526c01203cb338ac83730937f697f99610e Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Fri, 26 Feb 2021 15:44:15 +0530
Subject: [PATCH 15/25] updated
---
...ies-in-policy-csp-supported-by-iot-core.md | 1 -
...-policy-csp-supported-by-iot-enterprise.md | 23 -------------------
2 files changed, 24 deletions(-)
delete mode 100644 windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-enterprise.md
diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-core.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-core.md
index f3143ed222..e19d3350a5 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-core.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-core.md
@@ -16,7 +16,6 @@ ms.date: 09/16/2019
> [!div class="op_single_selector"]
>
-> - [IoT Enterprise](policy-csps-supported-by-iot-enterprise.md)
> - [IoT Core](policy-csps-supported-by-iot-core.md)
>
diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-enterprise.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-enterprise.md
deleted file mode 100644
index acaea068a8..0000000000
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-enterprise.md
+++ /dev/null
@@ -1,23 +0,0 @@
----
-title: Policies in Policy CSP supported by Windows 10 IoT Enterprise
-description: Policies in Policy CSP supported by Windows 10 IoT Enterprise
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: manikadhiman
-ms.localizationpriority: medium
-ms.date: 07/18/2019
----
-
-# Policies in Policy CSP supported by Windows 10 IoT Enterprise
-
-> [!div class="op_single_selector"]
->
-> [IoT Core](policy-csps-supported-by-iot-core.md)
-
-## Related topics
-
-[Policy CSP](policy-configuration-service-provider.md)
From c959082df363595ab9feb5e369f48540aba95702 Mon Sep 17 00:00:00 2001
From: Nimisha Satapathy
Date: Fri, 5 Mar 2021 09:01:42 +0530
Subject: [PATCH 16/25] Update applicationcontrol-csp.md
---
windows/client-management/mdm/applicationcontrol-csp.md | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/windows/client-management/mdm/applicationcontrol-csp.md b/windows/client-management/mdm/applicationcontrol-csp.md
index eecdc4da39..5e15f4ebcb 100644
--- a/windows/client-management/mdm/applicationcontrol-csp.md
+++ b/windows/client-management/mdm/applicationcontrol-csp.md
@@ -1,6 +1,6 @@
---
title: ApplicationControl CSP
-description: The ApplicationControl CSP allows you to manage multiple Windows Defender Application Control (WDAC) policies from a MDM server.
+description: The ApplicationControl CSP allows you to manage multiple Windows Defender Application Control (WDAC) policies from an MDM server.
keywords: security, malware
ms.author: dansimp
ms.topic: article
@@ -148,7 +148,7 @@ In order to leverage the ApplicationControl CSP without using Intune, you must:
1. Know a generated policy's GUID, which can be found in the policy xml as `` or `` for pre-1903 systems.
2. Convert the policies to binary format using the ConvertFrom-CIPolicy cmdlet in order to be deployed. The binary policy may be signed or unsigned.
-3. Create a policy node (a Base64-encoded blob of the binary policy representation) using the certutil -encode command line tool.
+3. Create a policy node (a Base64-encoded blob of the binary policy representation) using the certutil -encode command-line tool.
Below is a sample certutil invocation:
@@ -164,7 +164,7 @@ An alternative to using certutil would be to use the following PowerShell invoca
### Deploy Policies
-To deploy a new base policy using the CSP, perform an ADD on **./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy** using the Base64-encoded policy node as {Data}. Refer to the the Format section in the Example 1 below.
+To deploy a new base policy using the CSP, perform an ADD on **./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy** using the Base64-encoded policy node as {Data}. Refer to the Format section in the Example 1 below.
To deploy base policy and supplemental policies:
From 0c9826f4d49c3aa84fc7657b822d857c0c4f5dd6 Mon Sep 17 00:00:00 2001
From: Nimisha Satapathy
Date: Fri, 5 Mar 2021 09:46:28 +0530
Subject: [PATCH 17/25] Update cmpolicy-csp.md
---
windows/client-management/mdm/cmpolicy-csp.md | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/windows/client-management/mdm/cmpolicy-csp.md b/windows/client-management/mdm/cmpolicy-csp.md
index 35b6b90c40..d1ffec49d7 100644
--- a/windows/client-management/mdm/cmpolicy-csp.md
+++ b/windows/client-management/mdm/cmpolicy-csp.md
@@ -75,7 +75,7 @@ Specifies whether the list of connections is in preference order.
A value of "0" specifies that the connections are not listed in order of preference. A value of "1" indicates that the listed connections are in order of preference.
**Conn***XXX*
-Enumerates the connections associated with the policy. Element names begin with "Conn" followed by three digits which increment starting from "000". For example, a policy which applied to five connections would have element entries named "Conn000", "Conn001", "Conn002", "Conn003", and "Conn004".
+Enumerates the connections associated with the policy. Element names begin with "Conn" followed by three digits, which increment starting from "000". For example, a policy, which applied to five connections would have element entries named "Conn000", "Conn001", "Conn002", "Conn003", and "Conn004".
**ConnectionID**
Specifies a unique identifier for a connection within a group of connections. The exact value is based on the Type parameter.
@@ -184,11 +184,11 @@ For `CMST_CONNECTION_NETWORK_TYPE`, specify the GUID for the desired network typ
{7CFA04A5-0F3F-445C-88A4-C86ED2AD94EA} |
-Ethernet 10Mbps |
+Ethernet 10 Mbps |
{97D3D1B3-854A-4C32-BD1C-C13069078370} |
-Ethernet 100Mbps |
+Ethernet 100 Mbps |
{A8F4FE66-8D04-43F5-9DD2-2A85BD21029B} |
@@ -497,14 +497,14 @@ Adding a host-based mapping policy:
Yes |
-nocharacteristic |
+uncharacteristic |
Yes |
characteristic-query |
Yes
Recursive query: Yes
-Top level query: Yes |
+Top-level query: Yes
From ab2d88aed9f4ef9061aafbfd38efe2e000fc0337 Mon Sep 17 00:00:00 2001
From: Nimisha Satapathy
Date: Fri, 5 Mar 2021 10:11:49 +0530
Subject: [PATCH 18/25] Update devicemanageability-csp.md
---
windows/client-management/mdm/devicemanageability-csp.md | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/windows/client-management/mdm/devicemanageability-csp.md b/windows/client-management/mdm/devicemanageability-csp.md
index ce797017a7..99d2930eff 100644
--- a/windows/client-management/mdm/devicemanageability-csp.md
+++ b/windows/client-management/mdm/devicemanageability-csp.md
@@ -1,6 +1,6 @@
---
title: DeviceManageability CSP
-description: The DeviceManageability configuration service provider (CSP) is used retrieve general information about MDM configuration capabilities on the device.
+description: The DeviceManageability configuration service provider (CSP) is used to retrieve general information about MDM configuration capabilities on the device.
ms.assetid: FE563221-D5B5-4EFD-9B60-44FE4066B0D2
ms.reviewer:
manager: dansimp
@@ -15,9 +15,9 @@ ms.date: 11/01/2017
# DeviceManageability CSP
-The DeviceManageability configuration service provider (CSP) is used retrieve the general information about MDM configuration capabilities on the device. This CSP was added in Windows 10, version 1607.
+The DeviceManageability configuration service provider (CSP) is used to retrieve the general information about MDM configuration capabilities on the device. This CSP was added in Windows 10, version 1607.
-For performance reasons DeviceManageability CSP directly reads the CSP version from the registry. Specifically, the value csp\_version is used to determine each of the CSP versions. The csp\_version is a value under each of the CSP registration keys. To have consistency on the CSP version, the CSP GetProperty implementation for CFGMGR\_PROPERTY\_SEMANTICTYPE has to be updated to read from the registry as well, so that the both paths return the same information.
+For performance reasons, DeviceManageability CSP directly reads the CSP version from the registry. Specifically, the value csp\_version is used to determine each of the CSP versions. The csp\_version is a value under each of the CSP registration keys. To have consistency on the CSP version, the CSP GetProperty implementation for CFGMGR\_PROPERTY\_SEMANTICTYPE has to be updated to read from the registry as well, so that the both paths return the same information.
The following shows the DeviceManageability configuration service provider in a tree format.
```
From cff5ed53927b41e8c44fb8a0abc6f46a2d2bc86d Mon Sep 17 00:00:00 2001
From: Andrei-George Stoica
Date: Tue, 9 Mar 2021 10:42:11 +0200
Subject: [PATCH 19/25] Demoting long note and adding new note about name
collision
After internal discussions with the developers we reached this best practice/recommendation and documenting it publicly.
---
windows/client-management/mdm/devdetail-csp.md | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/windows/client-management/mdm/devdetail-csp.md b/windows/client-management/mdm/devdetail-csp.md
index 11ab51bf9e..f7a82c55ee 100644
--- a/windows/client-management/mdm/devdetail-csp.md
+++ b/windows/client-management/mdm/devdetail-csp.md
@@ -144,7 +144,9 @@ The following are the available naming macros:
Value type is string. Supported operations are Get and Replace.
> [!Note]
-> On desktop PCs, this setting specifies the DNS hostname of the computer (Computer Name) up to 63 characters. Use `%RAND:x%` to generate x number of random digits in the name, where x must be a number less than 63. For domain joined computers, the unique name must use `%RAND:x%`. Use `%SERIAL%` to generate the name with the `computer"s` serial number embedded. If the serial number exceeds the character limit, it will be truncated from the beginning of the sequence. The character restriction limit does not count the length of the macros, `%RAND:x%` and `%SERIAL%`. This setting is supported only in Windows 10, version 1803 and later. To change this setting in Windows 10, version 1709 and earlier releases, use the **ComputerName** setting under **Accounts** > **ComputerAccount**.
+> We recommend to use `%SERIAL%` or `%RAND:x%` with a high character limit to reduce the chance of name collision when generating a random name. This feature doesn't check if a particular name is already present in the environment.
+
+On desktop PCs, this setting specifies the DNS hostname of the computer (Computer Name) up to 63 characters. Use `%RAND:x%` to generate x number of random digits in the name, where x must be a number less than 63. For domain joined computers, the unique name must use `%RAND:x%`. Use `%SERIAL%` to generate the name with the `computer"s` serial number embedded. If the serial number exceeds the character limit, it will be truncated from the beginning of the sequence. The character restriction limit does not count the length of the macros, `%RAND:x%` and `%SERIAL%`. This setting is supported only in Windows 10, version 1803 and later. To change this setting in Windows 10, version 1709 and earlier releases, use the **ComputerName** setting under **Accounts** > **ComputerAccount**.
**Ext/Microsoft/TotalStorage**
Added in Windows 10, version 1511. Integer that specifies the total available storage in MB from first internal drive on the device (may be less than total physical storage).
From fb4b4ffc867813c271f6b099fe42b093a2f9ecb8 Mon Sep 17 00:00:00 2001
From: Andrei-George Stoica
Date: Wed, 10 Mar 2021 09:16:53 +0200
Subject: [PATCH 20/25] Update windows/client-management/mdm/devdetail-csp.md
Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com>
---
windows/client-management/mdm/devdetail-csp.md | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/windows/client-management/mdm/devdetail-csp.md b/windows/client-management/mdm/devdetail-csp.md
index f7a82c55ee..0be54ce7b8 100644
--- a/windows/client-management/mdm/devdetail-csp.md
+++ b/windows/client-management/mdm/devdetail-csp.md
@@ -146,7 +146,7 @@ Value type is string. Supported operations are Get and Replace.
> [!Note]
> We recommend to use `%SERIAL%` or `%RAND:x%` with a high character limit to reduce the chance of name collision when generating a random name. This feature doesn't check if a particular name is already present in the environment.
-On desktop PCs, this setting specifies the DNS hostname of the computer (Computer Name) up to 63 characters. Use `%RAND:x%` to generate x number of random digits in the name, where x must be a number less than 63. For domain joined computers, the unique name must use `%RAND:x%`. Use `%SERIAL%` to generate the name with the `computer"s` serial number embedded. If the serial number exceeds the character limit, it will be truncated from the beginning of the sequence. The character restriction limit does not count the length of the macros, `%RAND:x%` and `%SERIAL%`. This setting is supported only in Windows 10, version 1803 and later. To change this setting in Windows 10, version 1709 and earlier releases, use the **ComputerName** setting under **Accounts** > **ComputerAccount**.
+On desktop PCs, this setting specifies the DNS hostname of the computer (Computer Name) up to 63 characters. Use `%RAND:x%` to generate x number of random digits in the name, where x must be a number less than 63. For domain-joined computers, the unique name must use `%RAND:x%`. Use `%SERIAL%` to generate the name with the `computer's` serial number embedded. If the serial number exceeds the character limit, it will be truncated from the beginning of the sequence. The character restriction limit does not count the length of the macros, `%RAND:x%` and `%SERIAL%`. This setting is supported only in Windows 10, version 1803 and later. To change this setting in Windows 10, version 1709 and earlier releases, use the **ComputerName** setting under **Accounts** > **ComputerAccount**.
**Ext/Microsoft/TotalStorage**
Added in Windows 10, version 1511. Integer that specifies the total available storage in MB from first internal drive on the device (may be less than total physical storage).
@@ -219,4 +219,3 @@ Supported operation is Get.
-
From 5b8facbdee0419d5f48b97fb7bdffc62f5d79cfb Mon Sep 17 00:00:00 2001
From: Andrei-George Stoica
Date: Wed, 10 Mar 2021 09:17:00 +0200
Subject: [PATCH 21/25] Update windows/client-management/mdm/devdetail-csp.md
Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
windows/client-management/mdm/devdetail-csp.md | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/windows/client-management/mdm/devdetail-csp.md b/windows/client-management/mdm/devdetail-csp.md
index 0be54ce7b8..028a278822 100644
--- a/windows/client-management/mdm/devdetail-csp.md
+++ b/windows/client-management/mdm/devdetail-csp.md
@@ -144,7 +144,7 @@ The following are the available naming macros:
Value type is string. Supported operations are Get and Replace.
> [!Note]
-> We recommend to use `%SERIAL%` or `%RAND:x%` with a high character limit to reduce the chance of name collision when generating a random name. This feature doesn't check if a particular name is already present in the environment.
+> We recommend using `%SERIAL%` or `%RAND:x%` with a high character limit to reduce the chance of name collision when generating a random name. This feature doesn't check if a particular name is already present in the environment.
On desktop PCs, this setting specifies the DNS hostname of the computer (Computer Name) up to 63 characters. Use `%RAND:x%` to generate x number of random digits in the name, where x must be a number less than 63. For domain-joined computers, the unique name must use `%RAND:x%`. Use `%SERIAL%` to generate the name with the `computer's` serial number embedded. If the serial number exceeds the character limit, it will be truncated from the beginning of the sequence. The character restriction limit does not count the length of the macros, `%RAND:x%` and `%SERIAL%`. This setting is supported only in Windows 10, version 1803 and later. To change this setting in Windows 10, version 1709 and earlier releases, use the **ComputerName** setting under **Accounts** > **ComputerAccount**.
@@ -218,4 +218,3 @@ Supported operation is Get.
-
From 68a080f70b2cdb0a0e9dd1fbbb40912963b595a3 Mon Sep 17 00:00:00 2001
From: Andrei-George Stoica
Date: Wed, 10 Mar 2021 09:17:06 +0200
Subject: [PATCH 22/25] Update windows/client-management/mdm/devdetail-csp.md
Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
windows/client-management/mdm/devdetail-csp.md | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/windows/client-management/mdm/devdetail-csp.md b/windows/client-management/mdm/devdetail-csp.md
index 028a278822..bd3238fb32 100644
--- a/windows/client-management/mdm/devdetail-csp.md
+++ b/windows/client-management/mdm/devdetail-csp.md
@@ -143,7 +143,7 @@ The following are the available naming macros:
Value type is string. Supported operations are Get and Replace.
-> [!Note]
+> [!NOTE]
> We recommend using `%SERIAL%` or `%RAND:x%` with a high character limit to reduce the chance of name collision when generating a random name. This feature doesn't check if a particular name is already present in the environment.
On desktop PCs, this setting specifies the DNS hostname of the computer (Computer Name) up to 63 characters. Use `%RAND:x%` to generate x number of random digits in the name, where x must be a number less than 63. For domain-joined computers, the unique name must use `%RAND:x%`. Use `%SERIAL%` to generate the name with the `computer's` serial number embedded. If the serial number exceeds the character limit, it will be truncated from the beginning of the sequence. The character restriction limit does not count the length of the macros, `%RAND:x%` and `%SERIAL%`. This setting is supported only in Windows 10, version 1803 and later. To change this setting in Windows 10, version 1709 and earlier releases, use the **ComputerName** setting under **Accounts** > **ComputerAccount**.
@@ -217,4 +217,3 @@ Supported operation is Get.
-
From e6a7f4510a1ef9967e5ef01a388b58acaea19d83 Mon Sep 17 00:00:00 2001
From: Daniel Simpson
Date: Fri, 12 Mar 2021 09:18:32 -0800
Subject: [PATCH 23/25] Update .openpublishing.redirection.json
---
.openpublishing.redirection.json | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
index 920d7a356c..d9d9223bc1 100644
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@@ -16546,9 +16546,10 @@
"redirect_document_id": true
},
{
- "source_path": "windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-asr.md",
- "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-asr",
+ "source_path": "windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-enterprise.md",
+ "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/configuration-service-provider-reference",
"redirect_document_id": false
- }
- ]
+ },
+
+ ]
}
From d7475f1cb81a61e2f3d926a6f658b7755f4417f5 Mon Sep 17 00:00:00 2001
From: Tina Burden
Date: Fri, 12 Mar 2021 12:04:23 -0800
Subject: [PATCH 25/25] duplicate alt text warning fixes
---
.../create-wip-policy-using-intune-azure.md | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
index f450ccfd61..9cd06e39f6 100644
--- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
+++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
@@ -240,27 +240,27 @@ For more info about AppLocker, see the [AppLocker](https://technet.microsoft.com
4. On the **Before You Begin** page, click **Next**.
- 
+ 
5. On the **Permissions** page, make sure the **Action** is set to **Allow** and the **User or group** is set to **Everyone**, and then click **Next**.
- 
+ 
6. On the **Publisher** page, click **Select** from the **Use an installed packaged app as a reference** area.
- 
+ 
7. In the **Select applications** box, pick the app that you want to use as the reference for your rule, and then click **OK**. For this example, we’re using Microsoft Dynamics 365.
- 
+ 
8. On the updated **Publisher** page, click **Create**.
- 
+ 
9. Click **No** in the dialog box that appears, asking if you want to create the default rules. You must not create default rules for your WIP policy.
- 
+ 
9. Review the Local Security Policy snap-in to make sure your rule is correct.
@@ -318,11 +318,11 @@ The executable rule helps to create an AppLocker rule to sign any unsigned apps.
6. On the **Conditions** page, click **Path** and then click **Next**.
- 
+ 
7. Click **Browse Folders...** and select the path for the unsigned apps. For this example, we’re using "C:\Program Files".
- 
+ 
8. On the **Exceptions** page, add any exceptions and then click **Next**.