deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-13 22:07:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'master' into jb-acro-two

Browse Source
This commit is contained in:
Jeff Borsecnik 2020-11-05 14:10:49 -08:00 committed by GitHub
commit 73ff81d2cb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 697 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

697
windows/client-management/mdm/policy-ddf-file.md
View File

@ -10,7 +10,7 @@ ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.localizationpriority: medium
ms.date: 06/03/2020
ms.date: 10/28/2020
---
# Policy DDF file
@ -20,6 +20,7 @@ This topic shows the OMA DM device description framework (DDF) for the **Policy*
You can view various Policy DDF files by clicking the following links:
- [View the Policy DDF file for Windows 10, version 20H2](https://download.microsoft.com/download/4/0/f/40f9ec45-3bea-442c-8afd-21edc1e057d8/PolicyDDF_all_20H2.xml)
- [View the Policy DDF file for Windows 10, version 2004](https://download.microsoft.com/download/4/0/f/40f9ec45-3bea-442c-8afd-21edc1e057d8/PolicyDDF_all_2004.xml)
- [View the Policy DDF file for Windows 10, version 1903](https://download.microsoft.com/download/0/C/D/0CD61812-8B9C-4846-AC4A-1545BFD201EE/PolicyDDF_all_1903.xml)
- [View the Policy DDF file for Windows 10, version 1809](https://download.microsoft.com/download/7/3/5/735B8537-82F4-4CD1-B059-93984F9FAAC5/Policy_DDF_all_1809.xml)
@ -32,7 +33,7 @@ You can view various Policy DDF files by clicking the following links:
You can download DDF files for various CSPs from [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
The XML below is the DDF for Windows 10, version 2004.
The XML below is the DDF for Windows 10, version 20H2.
```xml
<?xml version="1.0" encoding="UTF-8"?>
@ -8713,6 +8714,52 @@ Related policy:
</DFProperties>
</Node>
</Node>
<Node>
<NodeName>Multitasking</NodeName>
<DFProperties>
<AccessType>
<Add />
<Delete />
<Get />
</AccessType>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<ZeroOrOne />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<DDFName></DDFName>
</DFType>
</DFProperties>
<Node>
<NodeName>BrowserAltTabBlowout</NodeName>
<DFProperties>
<AccessType>
<Add />
<Delete />
<Get />
<Replace />
</AccessType>
<Description>Configures the inclusion of Edge tabs into Alt-Tab.</Description>
<DFFormat>
<int/>
</DFFormat>
<Occurrence>
<ZeroOrOne />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
</Node>
<Node>
<NodeName>Notifications</NodeName>
<DFProperties>
@ -18919,6 +18966,55 @@ Related policy:
</DFProperties>
</Node>
</Node>
<Node>
<NodeName>Multitasking</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<DDFName></DDFName>
</DFType>
</DFProperties>
<Node>
<NodeName>BrowserAltTabBlowout</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<DefaultValue>1</DefaultValue>
<Description>Configures the inclusion of Edge tabs into Alt-Tab.</Description>
<DFFormat>
<int/>
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
<MSFT:SupportedValues AllowedValues="1,2,3,4"></MSFT:SupportedValues>
<MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
<MSFT:ADMXMapped>multitasking.admx</MSFT:ADMXMapped>
<MSFT:ADMXMappedElement>AltTabFilterDropdown</MSFT:ADMXMappedElement>
<MSFT:ADMXCategory>multitasking~AT~WindowsComponents~MULTITASKING</MSFT:ADMXCategory>
<MSFT:ADMXPolicyName>MultiTaskingAltTabFilter</MSFT:ADMXPolicyName>
<MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
</DFProperties>
</Node>
</Node>
<Node>
<NodeName>Notifications</NodeName>
<DFProperties>
@ -29757,6 +29853,30 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>DisableCloudOptimizedContent</NodeName>
<DFProperties>
<AccessType>
<Add />
<Delete />
<Get />
<Replace />
</AccessType>
<Description>This policy controls Windows experiences that use the cloud optimized content client component. If you enable this policy, they will present only default content. If you disable or do not configure this policy, they will be able to use cloud provided content.</Description>
<DFFormat>
<int/>
</DFFormat>
<Occurrence>
<ZeroOrOne />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>DoNotShowFeedbackNotifications</NodeName>
<DFProperties>
@ -38353,6 +38473,60 @@ The options are:
</DFProperties>
</Node>
</Node>
<Node>
<NodeName>LocalUsersAndGroups</NodeName>
<DFProperties>
<AccessType>
<Add />
<Delete />
<Get />
</AccessType>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<ZeroOrOne />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<DDFName></DDFName>
</DFType>
</DFProperties>
<Node>
<NodeName>Configure</NodeName>
<DFProperties>
<AccessType>
<Add />
<Delete />
<Get />
<Replace />
</AccessType>
<Description>This Setting allows an administrator to manage local groups on a Device.
Possible settings:
1. Update Group Membership: Update a group and add and/or remove members though the &apos;U&apos; action.
When using Update, existing group members that are not specified in the policy remain untouched.
2. Replace Group Membership: Restrict a group by replacing group membership through the &apos;R&apos; action.
When using Replace, existing group membership is replaced by the list of members specified in
the add member section. This option works in the same way as a Restricted Group and any group
members that are not specified in the policy are removed.
Caution: If the same group is configured with both Replace and Update, then Replace will win.</Description>
<DFFormat>
<chr/>
</DFFormat>
<Occurrence>
<ZeroOrOne />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
</Node>
<Node>
<NodeName>LockDown</NodeName>
<DFProperties>
@ -38563,6 +38737,148 @@ The options are:
</DFProperties>
</Node>
</Node>
<Node>
<NodeName>MixedReality</NodeName>
<DFProperties>
<AccessType>
<Add />
<Delete />
<Get />
</AccessType>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<ZeroOrOne />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<DDFName></DDFName>
</DFType>
</DFProperties>
<Node>
<NodeName>AADGroupMembershipCacheValidityInDays</NodeName>
<DFProperties>
<AccessType>
<Add />
<Delete />
<Get />
<Replace />
</AccessType>
<Description></Description>
<DFFormat>
<int/>
</DFFormat>
<Occurrence>
<ZeroOrOne />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>BrightnessButtonDisabled</NodeName>
<DFProperties>
<AccessType>
<Add />
<Delete />
<Get />
<Replace />
</AccessType>
<Description></Description>
<DFFormat>
<int/>
</DFFormat>
<Occurrence>
<ZeroOrOne />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>FallbackDiagnostics</NodeName>
<DFProperties>
<AccessType>
<Add />
<Delete />
<Get />
<Replace />
</AccessType>
<Description></Description>
<DFFormat>
<int/>
</DFFormat>
<Occurrence>
<ZeroOrOne />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>MicrophoneDisabled</NodeName>
<DFProperties>
<AccessType>
<Add />
<Delete />
<Get />
<Replace />
</AccessType>
<Description></Description>
<DFFormat>
<int/>
</DFFormat>
<Occurrence>
<ZeroOrOne />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>VolumeButtonDisabled</NodeName>
<DFProperties>
<AccessType>
<Add />
<Delete />
<Get />
<Replace />
</AccessType>
<Description></Description>
<DFFormat>
<int/>
</DFFormat>
<Occurrence>
<ZeroOrOne />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
</Node>
<Node>
<NodeName>MSSecurityGuide</NodeName>
<DFProperties>
@ -47384,6 +47700,30 @@ If you disable or do not configure this policy setting, the wake setting as spec
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>DisableWUfBSafeguards</NodeName>
<DFProperties>
<AccessType>
<Add />
<Delete />
<Get />
<Replace />
</AccessType>
<Description></Description>
<DFFormat>
<int/>
</DFFormat>
<Occurrence>
<ZeroOrOne />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>EngagedRestartDeadline</NodeName>
<DFProperties>
@ -48152,6 +48492,30 @@ If you disable or do not configure this policy setting, the wake setting as spec
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>SetProxyBehaviorForUpdateDetection</NodeName>
<DFProperties>
<AccessType>
<Add />
<Delete />
<Get />
<Replace />
</AccessType>
<Description></Description>
<DFFormat>
<int/>
</DFFormat>
<Occurrence>
<ZeroOrOne />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>TargetReleaseVersion</NodeName>
<DFProperties>
@ -61298,6 +61662,33 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
<MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
</DFProperties>
</Node>
<Node>
<NodeName>DisableCloudOptimizedContent</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<DefaultValue>0</DefaultValue>
<Description>This policy controls Windows experiences that use the cloud optimized content client component. If you enable this policy, they will present only default content. If you disable or do not configure this policy, they will be able to use cloud provided content.</Description>
<DFFormat>
<int/>
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
<MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
<MSFT:ADMXMapped>CloudContent.admx</MSFT:ADMXMapped>
<MSFT:ADMXCategory>CloudContent~AT~WindowsComponents~CloudContent</MSFT:ADMXCategory>
<MSFT:ADMXPolicyName>DisableCloudOptimizedContent</MSFT:ADMXPolicyName>
<MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
</DFProperties>
</Node>
<Node>
<NodeName>DoNotShowFeedbackNotifications</NodeName>
<DFProperties>
@ -70811,6 +71202,116 @@ The options are:
</DFProperties>
</Node>
</Node>
<Node>
<NodeName>LocalUsersAndGroups</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<DDFName></DDFName>
</DFType>
</DFProperties>
<Node>
<NodeName>Configure</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<DefaultValue></DefaultValue>
<Description>This Setting allows an administrator to manage local groups on a Device.
Possible settings:
1. Update Group Membership: Update a group and add and/or remove members though the &apos;U&apos; action.
When using Update, existing group members that are not specified in the policy remain untouched.
2. Replace Group Membership: Restrict a group by replacing group membership through the &apos;R&apos; action.
When using Replace, existing group membership is replaced by the list of members specified in
the add member section. This option works in the same way as a Restricted Group and any group
members that are not specified in the policy are removed.
Caution: If the same group is configured with both Replace and Update, then Replace will win.</Description>
<DFFormat>
<chr/>
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
<MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
<MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
<MSFT:XMLSchema><![CDATA[<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" version="1.0">
<xs:simpleType name="name">
<xs:restriction base="xs:string">
<xs:maxLength value="255" />
</xs:restriction>
</xs:simpleType>
<xs:element name="accessgroup">
<xs:complexType>
<xs:sequence>
<xs:element name="group" minOccurs="1" maxOccurs="1">
<xs:annotation>
<xs:documentation>Group Configuration Action</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:attribute name="action" type="name" use="required"/>
</xs:complexType>
</xs:element>
<xs:element name="add" minOccurs="0" maxOccurs="unbounded">
<xs:annotation>
<xs:documentation>Group Member to Add</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:attribute name="member" type="name" use="required"/>
</xs:complexType>
</xs:element>
<xs:element name="remove" minOccurs="0" maxOccurs="unbounded">
<xs:annotation>
<xs:documentation>Group Member to Remove</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:attribute name="member" type="name" use="required"/>
</xs:complexType>
</xs:element>
<xs:element name="property" minOccurs="0" maxOccurs="unbounded">
<xs:annotation>
<xs:documentation>Group property to configure</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:attribute name="desc" type="name" use="required"/>
<xs:attribute name="value" type="name" use="required"/>
</xs:complexType>
</xs:element>
</xs:sequence>
<xs:attribute name="desc" type="name" use="required"/>
</xs:complexType>
</xs:element>
<xs:element name="GroupConfiguration">
<xs:complexType>
<xs:sequence>
<xs:element name="accessgroup" minOccurs="0" maxOccurs="unbounded">
<xs:annotation>
<xs:documentation>Local Group Configuration</xs:documentation>
</xs:annotation>
</xs:element>
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:schema]]></MSFT:XMLSchema>
</DFProperties>
</Node>
</Node>
<Node>
<NodeName>LockDown</NodeName>
<DFProperties>
@ -71027,6 +71528,146 @@ The options are:
</DFProperties>
</Node>
</Node>
<Node>
<NodeName>MixedReality</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<DDFName></DDFName>
</DFType>
</DFProperties>
<Node>
<NodeName>AADGroupMembershipCacheValidityInDays</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<DefaultValue>0</DefaultValue>
<Description></Description>
<DFFormat>
<int/>
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
<MSFT:SupportedValues low="0" high="60"></MSFT:SupportedValues>
<MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
</DFProperties>
</Node>
<Node>
<NodeName>BrightnessButtonDisabled</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<DefaultValue>0</DefaultValue>
<Description></Description>
<DFFormat>
<int/>
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
<MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
<MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
</DFProperties>
</Node>
<Node>
<NodeName>FallbackDiagnostics</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<DefaultValue>2</DefaultValue>
<Description></Description>
<DFFormat>
<int/>
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
<MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
<MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
</DFProperties>
</Node>
<Node>
<NodeName>MicrophoneDisabled</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<DefaultValue>0</DefaultValue>
<Description></Description>
<DFFormat>
<int/>
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
<MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
<MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
</DFProperties>
</Node>
<Node>
<NodeName>VolumeButtonDisabled</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<DefaultValue>0</DefaultValue>
<Description></Description>
<DFFormat>
<int/>
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
<MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
<MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
</DFProperties>
</Node>
</Node>
<Node>
<NodeName>MSSecurityGuide</NodeName>
<DFProperties>
@ -80733,6 +81374,30 @@ If you disable or do not configure this policy setting, the wake setting as spec
<MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
</DFProperties>
</Node>
<Node>
<NodeName>DisableWUfBSafeguards</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<DefaultValue>0</DefaultValue>
<Description></Description>
<DFFormat>
<int/>
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
<MSFT:SupportedValues AllowedValues="0,1"></MSFT:SupportedValues>
<MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
</DFProperties>
</Node>
<Node>
<NodeName>EngagedRestartDeadline</NodeName>
<DFProperties>
@ -81607,6 +82272,34 @@ If you disable or do not configure this policy setting, the wake setting as spec
<MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
</DFProperties>
</Node>
<Node>
<NodeName>SetProxyBehaviorForUpdateDetection</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<DefaultValue>0</DefaultValue>
<Description></Description>
<DFFormat>
<int/>
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
<MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
<MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
<MSFT:ADMXMappedElement>SetProxyBehaviorForUpdateDetection</MSFT:ADMXMappedElement>
<MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
<MSFT:ADMXPolicyName>CorpWuURL</MSFT:ADMXPolicyName>
<MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
</DFProperties>
</Node>
<Node>
<NodeName>TargetReleaseVersion</NodeName>
<DFProperties>

0
windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-dashboard.png → windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-top-security-recommendations.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 24 KiB

After

Width:  |  Height:  |  Size: 24 KiB

0
windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-top-vulnerable-software.png → windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-top-software.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 23 KiB

After

Width:  |  Height:  |  Size: 23 KiB

4
windows/security/threat-protection/microsoft-defender-atp/tvm-zero-day-vulnerabilities.md
View File

@ -42,11 +42,11 @@ Once a zero-day vulnerability has been found, information about it will be conve
Look for recommendations with a zero-day tag in the “Top security recommendations” card.
![Top recommendations with a zero-day tag.](images/tvm-zero-day-dashboard.png)
![Top recommendations with a zero-day tag.](images/tvm-zero-day-top-security-recommendations.png)
Find top software with the zero-day tag in the "Top vulnerable software" card.
![Top vulnerable software with a zero-day tag.](images/tvm-zero-day-top-vulnerable-software.png)
![Top vulnerable software with a zero-day tag.](images/tvm-zero-day-top-software.png)
### Weaknesses page