diff --git a/windows/client-management/mdm/policy-ddf-file.md b/windows/client-management/mdm/policy-ddf-file.md index 27c1aceaf0..0ed48a5776 100644 --- a/windows/client-management/mdm/policy-ddf-file.md +++ b/windows/client-management/mdm/policy-ddf-file.md @@ -10,7 +10,7 @@ ms.prod: w10 ms.technology: windows author: manikadhiman ms.localizationpriority: medium -ms.date: 06/03/2020 +ms.date: 10/28/2020 --- # Policy DDF file @@ -20,6 +20,7 @@ This topic shows the OMA DM device description framework (DDF) for the **Policy* You can view various Policy DDF files by clicking the following links: +- [View the Policy DDF file for Windows 10, version 20H2](https://download.microsoft.com/download/4/0/f/40f9ec45-3bea-442c-8afd-21edc1e057d8/PolicyDDF_all_20H2.xml) - [View the Policy DDF file for Windows 10, version 2004](https://download.microsoft.com/download/4/0/f/40f9ec45-3bea-442c-8afd-21edc1e057d8/PolicyDDF_all_2004.xml) - [View the Policy DDF file for Windows 10, version 1903](https://download.microsoft.com/download/0/C/D/0CD61812-8B9C-4846-AC4A-1545BFD201EE/PolicyDDF_all_1903.xml) - [View the Policy DDF file for Windows 10, version 1809](https://download.microsoft.com/download/7/3/5/735B8537-82F4-4CD1-B059-93984F9FAAC5/Policy_DDF_all_1809.xml) @@ -32,7 +33,7 @@ You can view various Policy DDF files by clicking the following links: You can download DDF files for various CSPs from [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). -The XML below is the DDF for Windows 10, version 2004. +The XML below is the DDF for Windows 10, version 20H2. ```xml @@ -8713,6 +8714,52 @@ Related policy: + + Multitasking + + + + + + + + + + + + + + + + + + + + + BrowserAltTabBlowout + + + + + + + + Configures the inclusion of Edge tabs into Alt-Tab. + + + + + + + + + + + text/plain + + + + Notifications @@ -18919,6 +18966,55 @@ Related policy: + + Multitasking + + + + + + + + + + + + + + + + + + + BrowserAltTabBlowout + + + + + 1 + Configures the inclusion of Edge tabs into Alt-Tab. + + + + + + + + + + + text/plain + + + phone + multitasking.admx + AltTabFilterDropdown + multitasking~AT~WindowsComponents~MULTITASKING + MultiTaskingAltTabFilter + LastWrite + + + Notifications @@ -29757,6 +29853,30 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor + + DisableCloudOptimizedContent + + + + + + + + This policy controls Windows experiences that use the cloud optimized content client component. If you enable this policy, they will present only default content. If you disable or do not configure this policy, they will be able to use cloud provided content. + + + + + + + + + + + text/plain + + + DoNotShowFeedbackNotifications @@ -38353,6 +38473,60 @@ The options are: + + LocalUsersAndGroups + + + + + + + + + + + + + + + + + + + + + Configure + + + + + + + + This Setting allows an administrator to manage local groups on a Device. + Possible settings: + 1. Update Group Membership: Update a group and add and/or remove members though the 'U' action. + When using Update, existing group members that are not specified in the policy remain untouched. + 2. Replace Group Membership: Restrict a group by replacing group membership through the 'R' action. + When using Replace, existing group membership is replaced by the list of members specified in + the add member section. This option works in the same way as a Restricted Group and any group + members that are not specified in the policy are removed. + Caution: If the same group is configured with both Replace and Update, then Replace will win. + + + + + + + + + + + text/plain + + + + LockDown @@ -38563,6 +38737,148 @@ The options are: + + MixedReality + + + + + + + + + + + + + + + + + + + + + AADGroupMembershipCacheValidityInDays + + + + + + + + + + + + + + + + + + + text/plain + + + + + BrightnessButtonDisabled + + + + + + + + + + + + + + + + + + + text/plain + + + + + FallbackDiagnostics + + + + + + + + + + + + + + + + + + + text/plain + + + + + MicrophoneDisabled + + + + + + + + + + + + + + + + + + + text/plain + + + + + VolumeButtonDisabled + + + + + + + + + + + + + + + + + + + text/plain + + + + MSSecurityGuide @@ -47384,6 +47700,30 @@ If you disable or do not configure this policy setting, the wake setting as spec + + DisableWUfBSafeguards + + + + + + + + + + + + + + + + + + + text/plain + + + EngagedRestartDeadline @@ -48152,6 +48492,30 @@ If you disable or do not configure this policy setting, the wake setting as spec + + SetProxyBehaviorForUpdateDetection + + + + + + + + + + + + + + + + + + + text/plain + + + TargetReleaseVersion @@ -61298,6 +61662,33 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor LowestValueMostSecure + + DisableCloudOptimizedContent + + + + + 0 + This policy controls Windows experiences that use the cloud optimized content client component. If you enable this policy, they will present only default content. If you disable or do not configure this policy, they will be able to use cloud provided content. + + + + + + + + + + + text/plain + + + CloudContent.admx + CloudContent~AT~WindowsComponents~CloudContent + DisableCloudOptimizedContent + HighestValueMostSecure + + DoNotShowFeedbackNotifications @@ -70811,6 +71202,116 @@ The options are: + + LocalUsersAndGroups + + + + + + + + + + + + + + + + + + + Configure + + + + + + This Setting allows an administrator to manage local groups on a Device. + Possible settings: + 1. Update Group Membership: Update a group and add and/or remove members though the 'U' action. + When using Update, existing group members that are not specified in the policy remain untouched. + 2. Replace Group Membership: Restrict a group by replacing group membership through the 'R' action. + When using Replace, existing group membership is replaced by the list of members specified in + the add member section. This option works in the same way as a Restricted Group and any group + members that are not specified in the policy are removed. + Caution: If the same group is configured with both Replace and Update, then Replace will win. + + + + + + + + + + + text/plain + + phone + LastWrite + + + + + + + + + + + + Group Configuration Action + + + + + + + + Group Member to Add + + + + + + + + Group Member to Remove + + + + + + + + Group property to configure + + + + + + + + + + + + + + + + Local Group Configuration + + + + + + + + + LockDown @@ -71027,6 +71528,146 @@ The options are: + + MixedReality + + + + + + + + + + + + + + + + + + + AADGroupMembershipCacheValidityInDays + + + + + 0 + + + + + + + + + + + + text/plain + + + LastWrite + + + + BrightnessButtonDisabled + + + + + 0 + + + + + + + + + + + + text/plain + + + HighestValueMostSecure + + + + FallbackDiagnostics + + + + + 2 + + + + + + + + + + + + text/plain + + + LastWrite + + + + MicrophoneDisabled + + + + + 0 + + + + + + + + + + + + text/plain + + + HighestValueMostSecure + + + + VolumeButtonDisabled + + + + + 0 + + + + + + + + + + + + text/plain + + + HighestValueMostSecure + + + MSSecurityGuide @@ -80733,6 +81374,30 @@ If you disable or do not configure this policy setting, the wake setting as spec LastWrite + + DisableWUfBSafeguards + + + + + 0 + + + + + + + + + + + + text/plain + + + LastWrite + + EngagedRestartDeadline @@ -81607,6 +82272,34 @@ If you disable or do not configure this policy setting, the wake setting as spec LastWrite + + SetProxyBehaviorForUpdateDetection + + + + + 0 + + + + + + + + + + + + text/plain + + + WindowsUpdate.admx + SetProxyBehaviorForUpdateDetection + WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat + CorpWuURL + LastWrite + + TargetReleaseVersion diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-dashboard.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-top-security-recommendations.png similarity index 100% rename from windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-dashboard.png rename to windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-top-security-recommendations.png diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-top-vulnerable-software.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-top-software.png similarity index 100% rename from windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-top-vulnerable-software.png rename to windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-top-software.png diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-zero-day-vulnerabilities.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-zero-day-vulnerabilities.md index d35a04e615..e0d5af00f8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-zero-day-vulnerabilities.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-zero-day-vulnerabilities.md @@ -42,11 +42,11 @@ Once a zero-day vulnerability has been found, information about it will be conve Look for recommendations with a zero-day tag in the “Top security recommendations” card. -![Top recommendations with a zero-day tag.](images/tvm-zero-day-dashboard.png) +![Top recommendations with a zero-day tag.](images/tvm-zero-day-top-security-recommendations.png) Find top software with the zero-day tag in the "Top vulnerable software" card. -![Top vulnerable software with a zero-day tag.](images/tvm-zero-day-top-vulnerable-software.png) +![Top vulnerable software with a zero-day tag.](images/tvm-zero-day-top-software.png) ### Weaknesses page