From de70a4890484fed0eceb72d76f5d69a4a50dd1be Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Wed, 28 Oct 2020 10:48:02 -0700 Subject: [PATCH 1/3] Added 20H2 Policy CSP DDF --- .../client-management/mdm/policy-ddf-file.md | 746 +++++++++++++++++- 1 file changed, 743 insertions(+), 3 deletions(-) diff --git a/windows/client-management/mdm/policy-ddf-file.md b/windows/client-management/mdm/policy-ddf-file.md index 27c1aceaf0..88231009d5 100644 --- a/windows/client-management/mdm/policy-ddf-file.md +++ b/windows/client-management/mdm/policy-ddf-file.md @@ -10,7 +10,7 @@ ms.prod: w10 ms.technology: windows author: manikadhiman ms.localizationpriority: medium -ms.date: 06/03/2020 +ms.date: 10/28/2020 --- # Policy DDF file @@ -20,6 +20,7 @@ This topic shows the OMA DM device description framework (DDF) for the **Policy* You can view various Policy DDF files by clicking the following links: +- [View the Policy DDF file for Windows 10, version 20H2](https://download.microsoft.com/download/4/0/f/40f9ec45-3bea-442c-8afd-21edc1e057d8/PolicyDDF_all_20H2.xml) - [View the Policy DDF file for Windows 10, version 2004](https://download.microsoft.com/download/4/0/f/40f9ec45-3bea-442c-8afd-21edc1e057d8/PolicyDDF_all_2004.xml) - [View the Policy DDF file for Windows 10, version 1903](https://download.microsoft.com/download/0/C/D/0CD61812-8B9C-4846-AC4A-1545BFD201EE/PolicyDDF_all_1903.xml) - [View the Policy DDF file for Windows 10, version 1809](https://download.microsoft.com/download/7/3/5/735B8537-82F4-4CD1-B059-93984F9FAAC5/Policy_DDF_all_1809.xml) @@ -32,7 +33,7 @@ You can view various Policy DDF files by clicking the following links: You can download DDF files for various CSPs from [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). -The XML below is the DDF for Windows 10, version 2004. +The XML below is the DDF for Windows 10, version 20H2. ```xml @@ -8713,6 +8714,52 @@ Related policy: + + Multitasking + + + + + + + + + + + + + + + + + + + + + BrowserAltTabBlowout + + + + + + + + Configures the inclusion of Edge tabs into Alt-Tab. + + + + + + + + + + + text/plain + + + + Notifications @@ -18919,6 +18966,55 @@ Related policy: + + Multitasking + + + + + + + + + + + + + + + + + + + BrowserAltTabBlowout + + + + + 1 + Configures the inclusion of Edge tabs into Alt-Tab. + + + + + + + + + + + text/plain + + + phone + multitasking.admx + AltTabFilterDropdown + multitasking~AT~WindowsComponents~MULTITASKING + MultiTaskingAltTabFilter + LastWrite + + + Notifications @@ -29757,6 +29853,30 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor + + DisableCloudOptimizedContent + + + + + + + + This policy controls Windows experiences that use the cloud optimized content client component. If you enable this policy, they will present only default content. If you disable or do not configure this policy, they will be able to use cloud provided content. + + + + + + + + + + + text/plain + + + DoNotShowFeedbackNotifications @@ -38353,6 +38473,60 @@ The options are: + + LocalUsersAndGroups + + + + + + + + + + + + + + + + + + + + + Configure + + + + + + + + This Setting allows an administrator to manage local groups on a Device. + Possible settings: + 1. Update Group Membership: Update a group and add and/or remove members though the 'U' action. + When using Update, existing group members that are not specified in the policy remain untouched. + 2. Replace Group Membership: Restrict a group by replacing group membership through the 'R' action. + When using Replace, existing group membership is replaced by the list of members specified in + the add member section. This option works in the same way as a Restricted Group and any group + members that are not specified in the policy are removed. + Caution: If the same group is configured with both Replace and Update, then Replace will win. + + + + + + + + + + + text/plain + + + + LockDown @@ -38563,6 +38737,172 @@ The options are: + + MixedReality + + + + + + + + + + + + + + + + + + + + + AADGroupMembershipCacheValidityInDays + + + + + + + + + + + + + + + + + + + text/plain + + + + + BrightnessButtonDisabled + + + + + + + + + + + + + + + + + + + text/plain + + + + + FallbackDiagnostics + + + + + + + + + + + + + + + + + + + text/plain + + + + + HeadTrackingMode + + + + + + + + + + + + + + + + + + + text/plain + + + + + MicrophoneDisabled + + + + + + + + + + + + + + + + + + + text/plain + + + + + VolumeButtonDisabled + + + + + + + + + + + + + + + + + + + text/plain + + + + MSSecurityGuide @@ -47384,6 +47724,30 @@ If you disable or do not configure this policy setting, the wake setting as spec + + DisableWUfBSafeguards + + + + + + + + + + + + + + + + + + + text/plain + + + EngagedRestartDeadline @@ -48152,6 +48516,30 @@ If you disable or do not configure this policy setting, the wake setting as spec + + SetProxyBehaviorForUpdateDetection + + + + + + + + + + + + + + + + + + + text/plain + + + TargetReleaseVersion @@ -61298,6 +61686,33 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor LowestValueMostSecure + + DisableCloudOptimizedContent + + + + + 0 + This policy controls Windows experiences that use the cloud optimized content client component. If you enable this policy, they will present only default content. If you disable or do not configure this policy, they will be able to use cloud provided content. + + + + + + + + + + + text/plain + + + CloudContent.admx + CloudContent~AT~WindowsComponents~CloudContent + DisableCloudOptimizedContent + HighestValueMostSecure + + DoNotShowFeedbackNotifications @@ -70811,6 +71226,116 @@ The options are: + + LocalUsersAndGroups + + + + + + + + + + + + + + + + + + + Configure + + + + + + This Setting allows an administrator to manage local groups on a Device. + Possible settings: + 1. Update Group Membership: Update a group and add and/or remove members though the 'U' action. + When using Update, existing group members that are not specified in the policy remain untouched. + 2. Replace Group Membership: Restrict a group by replacing group membership through the 'R' action. + When using Replace, existing group membership is replaced by the list of members specified in + the add member section. This option works in the same way as a Restricted Group and any group + members that are not specified in the policy are removed. + Caution: If the same group is configured with both Replace and Update, then Replace will win. + + + + + + + + + + + text/plain + + phone + LastWrite + + + + + + + + + + + + Group Configuration Action + + + + + + + + Group Member to Add + + + + + + + + Group Member to Remove + + + + + + + + Group property to configure + + + + + + + + + + + + + + + + Local Group Configuration + + + + + + + + + LockDown @@ -71027,6 +71552,170 @@ The options are: + + MixedReality + + + + + + + + + + + + + + + + + + + AADGroupMembershipCacheValidityInDays + + + + + 0 + + + + + + + + + + + + text/plain + + + LastWrite + + + + BrightnessButtonDisabled + + + + + 0 + + + + + + + + + + + + text/plain + + + HighestValueMostSecure + + + + FallbackDiagnostics + + + + + 2 + + + + + + + + + + + + text/plain + + + LastWrite + + + + HeadTrackingMode + + + + + 0 + + + + + + + + + + + + text/plain + + + LastWrite + + + + MicrophoneDisabled + + + + + 0 + + + + + + + + + + + + text/plain + + + HighestValueMostSecure + + + + VolumeButtonDisabled + + + + + 0 + + + + + + + + + + + + text/plain + + + HighestValueMostSecure + + + MSSecurityGuide @@ -80733,6 +81422,30 @@ If you disable or do not configure this policy setting, the wake setting as spec LastWrite + + DisableWUfBSafeguards + + + + + 0 + + + + + + + + + + + + text/plain + + + LastWrite + + EngagedRestartDeadline @@ -81607,6 +82320,34 @@ If you disable or do not configure this policy setting, the wake setting as spec LastWrite + + SetProxyBehaviorForUpdateDetection + + + + + 0 + + + + + + + + + + + + text/plain + + + WindowsUpdate.admx + SetProxyBehaviorForUpdateDetection + WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat + CorpWuURL + LastWrite + + TargetReleaseVersion @@ -83951,5 +84692,4 @@ Note: The first sign-in animation will not be shown on Server, so this policy wi - ``` From 0ab697a31414cde17ce36d97e86840a161baa507 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Tue, 3 Nov 2020 16:07:16 -0800 Subject: [PATCH 2/3] Update policy-ddf-file.md Updated DDF --- .../client-management/mdm/policy-ddf-file.md | 49 +------------------ 1 file changed, 1 insertion(+), 48 deletions(-) diff --git a/windows/client-management/mdm/policy-ddf-file.md b/windows/client-management/mdm/policy-ddf-file.md index 88231009d5..0ed48a5776 100644 --- a/windows/client-management/mdm/policy-ddf-file.md +++ b/windows/client-management/mdm/policy-ddf-file.md @@ -38830,30 +38830,6 @@ The options are: - - HeadTrackingMode - - - - - - - - - - - - - - - - - - - text/plain - - - MicrophoneDisabled @@ -71643,30 +71619,6 @@ The options are: LastWrite - - HeadTrackingMode - - - - - 0 - - - - - - - - - - - - text/plain - - - LastWrite - - MicrophoneDisabled @@ -84692,4 +84644,5 @@ Note: The first sign-in animation will not be shown on Server, so this policy wi + ``` From e3f5edbb9153382716bb69fdcf47a042550a903e Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Thu, 5 Nov 2020 12:13:38 -0800 Subject: [PATCH 3/3] new images --- ...> tvm-zero-day-top-security-recommendations.png} | Bin ...e-software.png => tvm-zero-day-top-software.png} | Bin .../tvm-zero-day-vulnerabilities.md | 4 ++-- 3 files changed, 2 insertions(+), 2 deletions(-) rename windows/security/threat-protection/microsoft-defender-atp/images/{tvm-zero-day-dashboard.png => tvm-zero-day-top-security-recommendations.png} (100%) rename windows/security/threat-protection/microsoft-defender-atp/images/{tvm-zero-day-top-vulnerable-software.png => tvm-zero-day-top-software.png} (100%) diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-dashboard.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-top-security-recommendations.png similarity index 100% rename from windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-dashboard.png rename to windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-top-security-recommendations.png diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-top-vulnerable-software.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-top-software.png similarity index 100% rename from windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-top-vulnerable-software.png rename to windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-top-software.png diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-zero-day-vulnerabilities.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-zero-day-vulnerabilities.md index d35a04e615..e0d5af00f8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-zero-day-vulnerabilities.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-zero-day-vulnerabilities.md @@ -42,11 +42,11 @@ Once a zero-day vulnerability has been found, information about it will be conve Look for recommendations with a zero-day tag in the “Top security recommendations” card. -![Top recommendations with a zero-day tag.](images/tvm-zero-day-dashboard.png) +![Top recommendations with a zero-day tag.](images/tvm-zero-day-top-security-recommendations.png) Find top software with the zero-day tag in the "Top vulnerable software" card. -![Top vulnerable software with a zero-day tag.](images/tvm-zero-day-top-vulnerable-software.png) +![Top vulnerable software with a zero-day tag.](images/tvm-zero-day-top-software.png) ### Weaknesses page