The root node for the CleanPC configuration service provider.
diff --git a/windows/client-management/mdm/cleanpc-ddf.md b/windows/client-management/mdm/cleanpc-ddf.md index 05259b7621..1f2c1fa3f7 100644 --- a/windows/client-management/mdm/cleanpc-ddf.md +++ b/windows/client-management/mdm/cleanpc-ddf.md @@ -1,6 +1,6 @@ --- title: CleanPC DDF -description: This topic shows the OMA DM device description framework (DDF) for the CleanPC configuration service provider. DDF files are used only with OMA DM provisioning XML. +description: Learn about the OMA DM device description framework (DDF) for the CleanPC configuration service provider. DDF files are used only with OMA DM provisioning XML. ms.assetid: A2182898-1577-4675-BAE5-2A3A9C2AAC9B ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/clientcertificateinstall-csp.md b/windows/client-management/mdm/clientcertificateinstall-csp.md index 1a39403fad..2eb4d0d758 100644 --- a/windows/client-management/mdm/clientcertificateinstall-csp.md +++ b/windows/client-management/mdm/clientcertificateinstall-csp.md @@ -16,7 +16,7 @@ ms.date: 07/30/2021 The ClientCertificateInstall configuration service provider enables the enterprise to install client certificates. A client certificate has a unique ID, which is the *\[UniqueID\]* for this configuration. Each client certificate must have different UniqueIDs for the SCEP enrollment request. -For PFX certificate installation and SCEP installation, the SyncML commands must be wrapped in atomic commands to ensure enrollment execution is not triggered until all settings are configured. The Enroll command must be the last item in the atomic block. +For PFX certificate installation and SCEP installation, the SyncML commands must be wrapped in atomic commands to ensure that enrollment execution isn't triggered until all settings are configured. The Enroll command must be the last item in the atomic block. > [!Note] > Currently in Windows 10, version 1511, when using the ClientCertificateInstall to install certificates to the device store and the user store and both certificates are sent to the device in the same MDM payload, the certificate intended for the device store will also get installed in the user store. This may cause issues with Wi-Fi or VPN when choosing the correct certificate to establish a connection. We are working to fix this issue. @@ -24,6 +24,7 @@ For PFX certificate installation and SCEP installation, the SyncML commands must You can only set PFXKeyExportable to true if KeyLocation=3. For any other KeyLocation value, the CSP will fail. The following shows the ClientCertificateInstall configuration service provider in tree format. + ``` ./Vendor/MSFT ClientCertificateInstall @@ -65,6 +66,7 @@ ClientCertificateInstall ------------ErrorCode ------------RespondentServerUrl ``` + **Device or User** For device certificates, use ./Device/Vendor/MSFT path and for user certificates use ./User/Vendor/MSFT path. @@ -95,12 +97,12 @@ The data type is an integer corresponding to one of the following values: | Value | Description | |-------|---------------------------------------------------------------------------------------------------------------| | 1 | Install to TPM if present, fail if not present. | -| 2 | Install to TPM if present. If not present, fallback to software. | +| 2 | Install to TPM if present. If not present, fall back to software. | | 3 | Install to software. | | 4 | Install to Windows Hello for Business (formerly known as Microsoft Passport for Work) whose name is specified | **ClientCertificateInstall/PFXCertInstall/*UniqueID*/ContainerName** -Optional. Specifies the Windows Hello for Business (formerly known as Microsoft Passport for Work) container name (if Windows Hello for Business storage provider (KSP) is chosen for the KeyLocation). If this node is not specified when Windows Hello for Business KSP is chosen, enrollment will fail. +Optional. Specifies the Windows Hello for Business (formerly known as Microsoft Passport for Work) container name (if Windows Hello for Business storage provider (KSP) is chosen for the KeyLocation). If this node isn't specified when Windows Hello for Business KSP is chosen, enrollment will fail. Date type is string. @@ -115,7 +117,7 @@ Supported operations are Get, Add, and Replace. If a blob already exists, the Add operation will fail. If Replace is called on this node, the existing certificates are overwritten. -If Add is called on this node for a new PFX, the certificate will be added. When a certificate does not exist, Replace operation on this node will fail. +If Add is called on this node for a new PFX, the certificate will be added. When a certificate doesn't exist, Replace operation on this node will fail. In other words, using Replace or Add will result in the effect of either overwriting the old certificate or adding a new certificate CRYPT_DATA_BLOB, which can be found in CRYPT_INTEGER_BLOB. @@ -131,7 +133,7 @@ Optional. Used to specify whether the PFX certificate password is encrypted with The data type is int. Valid values: -- 0 - Password is not encrypted. +- 0 - Password isn't encrypted. - 1 - Password is encrypted with the MDM certificate. - 2 - Password is encrypted with custom certificate. @@ -140,7 +142,7 @@ When PFXCertPasswordEncryptionType =2, you must specify the store name in PFXCer Supported operations are Get, Add, and Replace. **ClientCertificateInstall/PFXCertInstall/*UniqueID*/PFXKeyExportable** -Optional. Used to specify if the private key installed is exportable (and can be exported later). The PFX is not exportable when it is installed to TPM. +Optional. Used to specify if the private key installed is exportable (and can be exported later). The PFX isn't exportable when it's installed to TPM. > [!Note] > You can only set PFXKeyExportable to true if KeyLocation=3. For any other KeyLocation value, the CSP will fail. @@ -202,7 +204,7 @@ Data type is string. Supported operations are Add, Get, Delete, and Replace. **ClientCertificateInstall/SCEP/*UniqueID*/Install/EKUMapping** -Required. Specifies extended key usages. Subject to SCEP server configuration. The list of OIDs are separated by a plus +. For example, OID1+OID2+OID3. +Required. Specifies extended key usages. Subject to SCEP server configuration. The list of OIDs is separated by a plus +. For example, OID1+OID2+OID3. Data type is string. @@ -213,7 +215,7 @@ Required. Specifies the subject name. The SubjectName value is quoted if it contains leading or trailing white space or one of the following characters: (“,” “=” “+” “;” ). -For more details, see [CertNameToStrA function](/windows/win32/api/wincrypt/nf-wincrypt-certnametostra#remarks). +For more information, see [CertNameToStrA function](/windows/win32/api/wincrypt/nf-wincrypt-certnametostra#remarks). Data type is string. @@ -330,7 +332,10 @@ Valid values are: Supported operations are Add, Get, Delete, and Replace. **ClientCertificateInstall/SCEP/*UniqueID*/Install/ValidPeriodUnits** -Optional. Specifies the desired number of units used in the validity period. This is subject to SCEP server configuration. Default value is 0. The unit type (days, months, or years) are defined in the ValidPeriod node. Note the valid period specified by MDM will overwrite the valid period specified in the certificate template. For example, if ValidPeriod is Days and ValidPeriodUnits is 30, it means the total valid duration is 30 days. +Optional. Specifies the desired number of units used in the validity period. This is subject to SCEP server configuration. Default value is 0. The unit type (days, months, or years) is defined in the ValidPeriod node. + +>[!Note] +> The valid period specified by MDM will overwrite the valid period specified in the certificate template. For example, if ValidPeriod is Days and ValidPeriodUnits is 30, it means the total valid duration is 30 days. Data type is string. @@ -340,7 +345,7 @@ Data type is string. Supported operations are Add, Get, Delete, and Replace. **ClientCertificateInstall/SCEP/*UniqueID*/Install/ContainerName** -Optional. Specifies the Windows Hello for Business container name (if Windows Hello for Business KSP is chosen for the node). If this node is not specified when Windows Hello for Business KSP is chosen, the enrollment will fail. +Optional. Specifies the Windows Hello for Business container name (if Windows Hello for Business KSP is chosen for the node). If this node isn't specified when Windows Hello for Business KSP is chosen, the enrollment will fail. Data type is string. @@ -354,7 +359,7 @@ Data type is string. Supported operations are Add, Get, Delete, and Replace. **ClientCertificateInstall/SCEP/*UniqueID*/Install/Enroll** -Required. Triggers the device to start the certificate enrollment. The device will not notify MDM server after certificate enrollment is done. The MDM server could later query the device to find out whether new certificate is added. +Required. Triggers the device to start the certificate enrollment. The device won't notify MDM server after certificate enrollment is done. The MDM server could later query the device to find out whether new certificate is added. The date type format is Null, meaning this node doesn’t contain a value. @@ -368,7 +373,7 @@ Data type is string. Supported operations are Add, Get, Delete, and Replace. **ClientCertificateInstall/SCEP/*UniqueID*/CertThumbprint** -Optional. Specifies the current certificate’s thumbprint if certificate enrollment succeeds. It is a 20-byte value of the SHA1 certificate hash specified as a hexadecimal string value. +Optional. Specifies the current certificate’s thumbprint if certificate enrollment succeeds. It's a 20-byte value of the SHA1 certificate hash specified as a hexadecimal string value. If the certificate on the device becomes invalid (Cert expired, Cert chain is not valid, private key deleted) then it will return an empty string. diff --git a/windows/client-management/mdm/cm-cellularentries-csp.md b/windows/client-management/mdm/cm-cellularentries-csp.md index 7886a382f6..c333660f0f 100644 --- a/windows/client-management/mdm/cm-cellularentries-csp.md +++ b/windows/client-management/mdm/cm-cellularentries-csp.md @@ -49,26 +49,26 @@ CM_CellularEntries ``` ***entryname*** -Defines the name of the connection.
+Defines the name of the connection. -The CMPolicy configuration service provider uses the value of entryname to identify the connection that is associated with a policy and CM_ProxyEntries configuration service provider uses the value of entryname to identify the connection that is associated with a proxy.
+The [CMPolicy configuration service provider](cmpolicy-csp.md) uses the value of *entryname* to identify the connection that is associated with a policy and [CM\_ProxyEntries configuration service provider](cm-proxyentries-csp.md) uses the value of *entryname* to identify the connection that is associated with a proxy. **AlwaysOn** -Type: Int. Specifies if the Connection Manager will automatically attempt to connect to the APN when a connection is available. +Type: Int. Specifies if the Connection Manager will automatically attempt to connect to the APN when a connection is available. -
A value of "0" specifies that AlwaysOn is not supported, and the Connection Manager will only attempt to connect to the APN when an application requests the connection. This setting is recommended for applications that use a connection occasionally, for example, an APN that only controls MMS. +A value of "0" specifies that AlwaysOn is not supported, and the Connection Manager will only attempt to connect to the APN when an application requests the connection. This setting is recommended for applications that use a connection occasionally, for example, an APN that only controls MMS. -
A value of "1" specifies that AlwaysOn is supported, and the Connection Manager will automatically attempt to connect to the APN when it is available. This setting is recommended for general purpose Internet APNs. +A value of "1" specifies that AlwaysOn is supported, and the Connection Manager will automatically attempt to connect to the APN when it is available. This setting is recommended for general purpose Internet APNs. -
There must be at least one AlwaysOn Internet connection provisioned for the mobile operator. +There must be at least one AlwaysOn Internet connection provisioned for the mobile operator. **AuthType** -
Optional. Type: String. Specifies the method of authentication used for a connection. +Optional. Type: String. Specifies the method of authentication used for a connection. -
A value of "CHAP" specifies the Challenge Handshake Application Protocol. A value of "PAP" specifies the Password Authentication Protocol. A value of "None" specifies that the UserName and Password parameters are ignored. The default value is "None". +A value of "CHAP" specifies the Challenge Handshake Application Protocol. A value of "PAP" specifies the Password Authentication Protocol. A value of "None" specifies that the UserName and Password parameters are ignored. The default value is "None". **ConnectionType** -
Optional. Type: String. Specifies the type of connection used for the APN. The following connection types are available: +Optional. Type: String. Specifies the type of connection used for the APN. The following connection types are available: |Connection type|Usage| |--- |--- | @@ -79,125 +79,118 @@ CM_CellularEntries |Lte_iwlan|Used for GPRS type connections that may be offloaded over WiFi| |Iwlan|Used for connections that are implemented over WiFi offload only| - - **Desc.langid** -
Optional. Specifies the UI display string used by the defined language ID. +Optional. Specifies the UI display string used by the defined language ID. -
A parameter name in the format of Desc.langid will be used as the language-specific identifier for the specified entry. For example, a parameter defined as Desc.0409 with a value of "GPRS Connection" will force "GPRS Connection" to be displayed in the UI to represent this connection when the device is set to English language (language ID 0409). Descriptions for multiple languages may be provisioned using this mechanism, and the system will automatically switch among them if the user changes language preferences on the device. If no Desc parameter is provisioned for a given language, the system will default to the name used to create the entry.
+A parameter name in the format of Desc.langid will be used as the language-specific identifier for the specified entry. For example, a parameter defined as Desc.0409 with a value of "GPRS Connection" will force "GPRS Connection" to be displayed in the UI to represent this connection when the device is set to English language (language ID 0409). Descriptions for multiple languages may be provisioned using this mechanism, and the system will automatically switch among them if the user changes language preferences on the device. If no Desc parameter is provisioned for a given language, the system will default to the name used to create the entry.
**Enabled**
-
Specifies if the connection is enabled. +Specifies if the connection is enabled. -
A value of "0" specifies that the connection is disabled. A value of "1" specifies that the connection is enabled. +A value of "0" specifies that the connection is disabled. A value of "1" specifies that the connection is enabled. **IpHeaderCompression** -
Optional. Specifies if IP header compression is enabled. +Optional. Specifies if IP header compression is enabled. -
A value of "0" specifies that IP header compression for the connection is disabled. A value of "1" specifies that IP header compression for the connection is enabled. +A value of "0" specifies that IP header compression for the connection is disabled. A value of "1" specifies that IP header compression for the connection is enabled. **Password** -
Required if AuthType is set to a value other than "None". Specifies the password used to connect to the APN. +Required if AuthType is set to a value other than "None". Specifies the password used to connect to the APN. **SwCompression** -
Optional. Specifies if software compression is enabled. +Optional. Specifies if software compression is enabled. -
A value of "0" specifies that software compression for the connection is disabled. A value of "1" specifies that software compression for the connection is enabled. +A value of "0" specifies that software compression for the connection is disabled. A value of "1" specifies that software compression for the connection is enabled. **UserName** -
Required if AuthType is set to a value other than "None". Specifies the user name used to connect to the APN. +Required if AuthType is set to a value other than "None". Specifies the user name used to connect to the APN. **UseRequiresMappingsPolicy** -
Optional. Specifies if the connection requires a corresponding mappings policy. +Optional. Specifies if the connection requires a corresponding mappings policy. -
A value of "0" specifies that the connection can be used for any general Internet communications. A value of "1" specifies that the connection is only used if a mapping policy is present. +A value of "0" specifies that the connection can be used for any general Internet communications. A value of "1" specifies that the connection is only used if a mapping policy is present. -
For example, if the multimedia messaging service (MMS) APN should not have any other traffic except MMS, you can configure a mapping policy that sends MMS traffic to this connection. Then, you set the value of UseRequiresMappingsPolicy to be equal to "1" and Connection Manager will only use the connection for MMS traffic. Without this, Connection Manager will try to use the connection for any general purpose Internet traffic. +For example, if the multimedia messaging service (MMS) APN should not have any other traffic except MMS, you can configure a mapping policy that sends MMS traffic to this connection. Then, you set the value of UseRequiresMappingsPolicy to be equal to "1" and Connection Manager will only use the connection for MMS traffic. Without this, Connection Manager will try to use the connection for any general purpose Internet traffic. **Version** -
Type: Int. Specifies the XML version number and is used to verify that the XML is supported by Connection Manager's configuration service provider. +Type: Int. Specifies the XML version number and is used to verify that the XML is supported by Connection Manager's configuration service provider. -
This value must be "1" if included. +This value must be "1" if included. **GPRSInfoAccessPointName** -
Specifies the logical name to select the GPRS gateway. For more information about allowable values, see GSM specification 07.07 "10.1.1 Define PDP Context +CGDCONT". +Specifies the logical name to select the GPRS gateway. For more information about allowable values, see GSM specification 07.07 "10.1.1 Define PDP Context +CGDCONT". **Roaming** -
Optional. Type: Int. This parameter specifies the roaming conditions under which the connection should be activated. The following conditions are available: +Optional. Type: Int. This parameter specifies the roaming conditions under which the connection should be activated. The following conditions are available: -- 0 - Home network only. -- 1 (default)- All roaming conditions (home and roaming). -- 2 - Home and domestic roaming only. -- 3 - Domestic roaming only. -- 4 - Non-domestic roaming only. -- 5 - Roaming only. +- 0 - Home network only. +- 1 (default)- All roaming conditions (home and roaming). +- 2 - Home and domestic roaming only. +- 3 - Domestic roaming only. +- 4 - Non-domestic roaming only. +- 5 - Roaming only. **OEMConnectionID** -
Optional. Type: GUID. Specifies a GUID to use to identify a specific connection in the modem. If a value is not specified, the default value is 00000000-0000-0000-0000-000000000000. This parameter is only used on LTE devices. +Optional. Type: GUID. Specifies a GUID to use to identify a specific connection in the modem. If a value isn't specified, the default value is 00000000-0000-0000-0000-000000000000. This parameter is only used on LTE devices. **ApnId** -
Optional. Type: Int. Specifies the purpose of the APN. If a value is not specified, the default value is "0" (none). This parameter is only used on LTE devices. +Optional. Type: Int. Specifies the purpose of the APN. If a value isn't specified, the default value is "0" (none). This parameter is only used on LTE devices. **IPType** -
Optional. Type: String. Specifies the network protocol of the connection. Available values are "IPv4", "IPv6", "IPv4v6", and "IPv4v6xlat". If a value is not specified, the default value is "IPv4". +Optional. Type: String. Specifies the network protocol of the connection. Available values are "IPv4", "IPv6", "IPv4v6", and "IPv4v6xlat". If a value isn't specified, the default value is "IPv4". > [!WARNING] > Do not use IPv6 or IPv4v6xlat on a device or network that does not support IPv6. Data functionality will not work. In addition, the device will not be able to connect to a roaming network that does not support IPv6 unless you configure roaming connections with an IPType of IPv4v6. - - **ExemptFromDisablePolicy** -
Added back in Windows 10, version 1511. Optional. Type: Int. This should only be specified for special purpose connections whose applications directly manage their disable state (such as MMS). A value of "0" specifies that the connection is subject to the disable policy used by general purpose connections (not exempt). A value of "1" specifies that the connection is exempt. If a value is not specified, the default value is "0" (not exempt). +Added back in Windows 10, version 1511.Optional. Type: Int. This should only be specified for special purpose connections whose applications directly manage their disable state (such as MMS). A value of "0" specifies that the connection is subject to the disable policy used by general purpose connections (not exempt). A value of "1" specifies that the connection is exempt. If a value isn't specified, the default value is "0" (not exempt). -
To allow MMS when data is set to OFF, set both ExemptFromDisablePolicy and UseRequiresMappingsPolicy to "1". This indicates that the connection is a dedicated MMS connection and that it should not be disabled when all other connections are disabled. As a result, MMS can be sent and received when data is set to OFF. Note that sending MMS while roaming is still not allowed. +To allow MMS when data is set to OFF, set both ExemptFromDisablePolicy and UseRequiresMappingsPolicy to "1". This indicates that the connection is a dedicated MMS connection and that it shouldn't be disabled when all other connections are disabled. As a result, MMS can be sent and received when data is set to OFF. + +>[!Note] +> Sending MMS while roaming is still not allowed. > [!IMPORTANT] > Do not set ExemptFromDisablePolicy to "1", ExemptFromRoaming to "1", or UseRequiresMappingsPolicy to "1" for general purpose connections. -
To avoid UX inconsistency with certain value combinations of ExemptFromDisablePolicy and AllowMmsIfDataIsOff, when you do not set ExemptFromDisablePolicy to 1 (default is 0), you should: +To avoid UX inconsistency with certain value combinations of ExemptFromDisablePolicy and AllowMmsIfDataIsOff, when you do not set ExemptFromDisablePolicy to 1 (default is 0), you should: -- Hide the toggle for AllowMmsIfDataIsOff by setting AllowMmsIfDataIsOffEnabled to 0 (default is 1) -- Set AllowMMSIfDataIsOff to 1 (default is 0) - - +- Hide the toggle for AllowMmsIfDataIsOff by setting AllowMmsIfDataIsOffEnabled to 0 (default is 1) +- Set AllowMMSIfDataIsOff to 1 (default is 0) **ExemptFromRoaming** -
Added back in Windows 10, version 1511. Optional. Type: Int. This should be specified only for special purpose connections whose applications directly manage their roaming state. It should never be used with general purpose connections. A value of "0" specifies that the connection is subject to the roaming policy (not exempt). A value of "1" specifies that the connection is exempt (unaffected by the roaming policy). If a value is not specified, the default value is "0" (not exempt). +Added back in Windows 10, version 1511.Optional. Type: Int. This should be specified only for special purpose connections whose applications directly manage their roaming state. It should never be used with general purpose connections. A value of "0" specifies that the connection is subject to the roaming policy (not exempt). A value of "1" specifies that the connection is exempt (unaffected by the roaming policy). If a value is not specified, the default value is "0" (not exempt). **TetheringNAI** -
Optional. Type: Int. CDMA only. Specifies if the connection is a tethering connection. A value of "0" specifies that the connection is not a tethering connection. A value of "1" specifies that the connection is a tethering connection. If a value is not specified, the default value is "0". +Optional. Type: Int. CDMA only. Specifies if the connection is a tethering connection. A value of "0" specifies that the connection is not a tethering connection. A value of "1" specifies that the connection is a tethering connection. If a value is not specified, the default value is "0". **IdleDisconnectTimeout** -
Optional. Type: Int. Specifies how long an on-demand connection can be unused before Connection Manager tears the connection down. This value is specified in seconds. Valid value range is 5 to 60 seconds. If not specified, the default is 30 seconds. +Optional. Type: Int. Specifies how long an on-demand connection can be unused before Connection Manager tears the connection down. This value is specified in seconds. Valid value range is 5 to 60 seconds. If not specified, the default is 30 seconds. > [!IMPORTANT] ->
You must specify the IdleDisconnectTimeout value when updating an on-demand connection to ensure that the desired value is still configured. If it is not specified, the default value of 30 seconds may be used. - +> You must specify the IdleDisconnectTimeout value when updating an on-demand connection to ensure that the desired value is still configured. If it is not specified, the default value of 30 seconds may be used. > [!NOTE] > If tear-down/activation requests occur too frequently, this value should be set to greater than 5 seconds. - - **SimIccId** -
For single SIM phones, this parm is optional. However, it is highly recommended to include this value when creating future updates. For dual SIM phones, this parm is required. Type: String. Specifies the SIM ICCID that services the connection. +For single SIM phones, this parm isOptional. However, it is highly recommended to include this value when creating future updates. For dual SIM phones, this parm is required. Type: String. Specifies the SIM ICCID that services the connection. **PurposeGroups** -
Required. Type: String. Specifies the purposes of the connection by a comma-separated list of GUIDs representing purpose values. The following purpose values are available: +Required. Type: String. Specifies the purposes of the connection by a comma-separated list of GUIDs representing purpose values. The following purpose values are available: -- Internet - 3E5545D2-1137-4DC8-A198-33F1C657515F -- LTE attach - 11A6FE68-5B47-4859-9CB6-1EAC96A8F0BD -- MMS - 53E2C5D3-D13C-4068-AA38-9C48FF2E55A8 -- IMS - 474D66ED-0E4B-476B-A455-19BB1239ED13 -- SUPL - 6D42669F-52A9-408E-9493-1071DCC437BD -- Purchase - 95522B2B-A6D1-4E40-960B-05E6D3F962AB -- Administrative - 2FFD9261-C23C-4D27-8DCF-CDE4E14A3364 -- Application - 52D7654A-00A8-4140-806C-087D66705306 -- eSIM provisioning - A36E171F-2377-4965-88FE-1F53EB4B47C0 +- Internet - 3E5545D2-1137-4DC8-A198-33F1C657515F +- LTE attach - 11A6FE68-5B47-4859-9CB6-1EAC96A8F0BD +- MMS - 53E2C5D3-D13C-4068-AA38-9C48FF2E55A8 +- IMS - 474D66ED-0E4B-476B-A455-19BB1239ED13 +- SUPL - 6D42669F-52A9-408E-9493-1071DCC437BD +- Purchase - 95522B2B-A6D1-4E40-960B-05E6D3F962AB +- Administrative - 2FFD9261-C23C-4D27-8DCF-CDE4E14A3364 +- Application - 52D7654A-00A8-4140-806C-087D66705306 +- eSIM provisioning - A36E171F-2377-4965-88FE-1F53EB4B47C0 ## Additional information - To delete a connection, you must first delete any associated proxies and then delete the connection. The following example shows how to delete the proxy and then the connection. ```xml @@ -213,7 +206,6 @@ To delete a connection, you must first delete any associated proxies and then de ## OMA client provisioning examples - Configuring a GPRS connection: ```xml diff --git a/windows/client-management/mdm/cmpolicy-csp.md b/windows/client-management/mdm/cmpolicy-csp.md index a9652c71d0..d37ac364ec 100644 --- a/windows/client-management/mdm/cmpolicy-csp.md +++ b/windows/client-management/mdm/cmpolicy-csp.md @@ -23,7 +23,7 @@ The CMPolicy configuration service provider defines rules that the Connection Ma Each policy entry identifies one or more applications in combination with a host pattern. The policy entry is assigned a list of connection details that Connection Manager uses to satisfy connection requests matching the application and host patterns. CMPolicy configuration service provider can have multiple policies -**Policy Ordering**: There is no explicit ordering of policies. The general rule is that the most concrete or specific policy mappings take a higher precedence. +**Policy Ordering**: There's no explicit ordering of policies. The general rule is that the most concrete or specific policy mappings take a higher precedence. **Default Policies**: Policies are applied in order of their scope with the most specific policies considered before the more general policies. The phone’s default behavior applies to all applications and all domains and is only used when no other, more specific policy is available. The default policy is to use any available Wi-Fi network first and then any available APN. @@ -60,19 +60,19 @@ Specifies the mapping policy type. The following list describes the available mapping policy types: -- Application-based mapping policies are applied to applications. To specify this mapping type, use the value `app`. +- Application-based mapping policies are applied to applications. To specify this mapping type, use the value `app`. -- Host-based mapping policies are applied to all types of clients requesting connections to specified host(s). To specify this mapping type, use the value `*`. +- Host-based mapping policies are applied to all types of clients requesting connections to specified host(s). To specify this mapping type, use the value `*`. **Host** Specifies the name of a host pattern. The host name is matched to the connection request to select the right policy to use. -The host pattern can have two wild cards, "\*" and "+". The host pattern is not a URL pattern and there is no concept of transport or paths on the specific host. For example, the host pattern might be "\*.host\_name.com" to match any prefix to the host\_name.com domains. The host pattern will match "www.host\_name.com" and "mail.host\_name.com", but it will not match "host\_name.com". +The host pattern can have two wild cards, "\*" and "+". The host pattern is not a URL pattern and there's no concept of transport or paths on the specific host. For example, the host pattern might be "\*.host\_name.com" to match any prefix to the host\_name.com domains. The host pattern will match "www.host\_name.com" and "mail.host\_name.com", but it will not match "host\_name.com". **OrderedConnections** Specifies whether the list of connections is in preference order. -A value of "0" specifies that the connections are not listed in order of preference. A value of "1" indicates that the listed connections are in order of preference. +A value of "0" specifies that the connections aren't listed in order of preference. A value of "1" indicates that the listed connections are in order of preference. **Conn***XXX* Enumerates the connections associated with the policy. Element names begin with "Conn" followed by three digits, which increment starting from "000". For example, a policy, which applied to five connections would have element entries named "Conn000", "Conn001", "Conn002", "Conn003", and "Conn004". @@ -93,7 +93,6 @@ For `CMST_CONNECTION_TYPE`, specify the GUID for the desired connection type. Th |Wi-Fi|{8568B401-858E-4B7B-B3DF-0FD4927F131B}| |Wi-Fi hotspot|{072FC7DC-1D93-40D1-9BB0-2114D7D73434}| - For `CMST_CONNECTION_NETWORK_TYPE`, specify the GUID for the desired network type. The curly brackets {} around the GUID are required. The following network types are available: |Network type|GUID| @@ -112,7 +111,6 @@ For `CMST_CONNECTION_NETWORK_TYPE`, specify the GUID for the desired network typ |Ethernet 10 Mbps|{97D3D1B3-854A-4C32-BD1C-C13069078370}| |Ethernet 100 Mbps|{A8F4FE66-8D04-43F5-9DD2-2A85BD21029B}| |Ethernet Gbps|{556C1E6B-B8D4-448E-836D-9451BA4CCE75}| - For `CMST_CONNECTION_DEVICE_TYPE`, specify the GUID for the desired device type. The curly brackets {} around the GUID are required. The following device types are available: @@ -123,18 +121,16 @@ For `CMST_CONNECTION_DEVICE_TYPE`, specify the GUID for the desired device type. |Bluetooth|{1D793123-701A-4fd0-B6AE-9C3C57E99C2C}| |Virtual|{EAA02CE5-9C70-4E87-97FE-55C9DEC847D4}| - - **Type** Specifies the type of connection being referenced. The following list describes the available connection types: -- `CMST_CONNECTION_NAME` – A connection specified by name. +- `CMST_CONNECTION_NAME` – A connection specified by name. -- `CMST_CONNECTION_TYPE` – Any connection of a specified type. +- `CMST_CONNECTION_TYPE` – Any connection of a specified type. -- `CMST_CONNECTION_NETWORK_TYPE` – Any connection of a specified network type. +- `CMST_CONNECTION_NETWORK_TYPE` – Any connection of a specified network type. -- `CMST_CONNECTION_DEVICE_TYPE` – Any connection of the specified device type. +- `CMST_CONNECTION_DEVICE_TYPE` – Any connection of the specified device type. ## OMA client provisioning examples @@ -232,7 +228,6 @@ Adding a host-based mapping policy. In this example, the ConnectionId for type C ## OMA DM examples - Adding an application-based mapping policy: ```xml diff --git a/windows/client-management/mdm/cmpolicyenterprise-csp.md b/windows/client-management/mdm/cmpolicyenterprise-csp.md index d843207762..cca467417c 100644 --- a/windows/client-management/mdm/cmpolicyenterprise-csp.md +++ b/windows/client-management/mdm/cmpolicyenterprise-csp.md @@ -14,17 +14,14 @@ ms.date: 06/26/2017 # CMPolicyEnterprise CSP - The CMPolicyEnterprise configuration service provider is used by the enterprise to define rules that the Connection Manager uses to identify the correct connection for a connection request. > [!NOTE] > This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_NETWORKING\_ADMIN capabilities to be accessed from a network configuration application. - - Each policy entry identifies one or more applications in combination with a host pattern. The policy entry is assigned a list of connection details that Connection Manager uses to satisfy connection requests matching the application and host patterns. CMPolicyEnterprise configuration service provider can have multiple policies -**Policy Ordering**: There is no explicit ordering of policies. The general rule is that the most concrete or specific policy mappings take a higher precedence. +**Policy Ordering**: There's no explicit ordering of policies. The general rule is that the most concrete or specific policy mappings take a higher precedence. **Default Policies**: Policies are applied in order of their scope with the most specific policies considered before the more general policies. The phone’s default behavior applies to all applications and all domains and is only used when no other, more specific policy is available. The default policy is to use any available Wi-Fi network first and then any available APN. @@ -60,9 +57,9 @@ Specifies the mapping policy type. The following list describes the available mapping policy types: -- Application-based mapping policies are applied to applications. To specify this mapping type, use the value `app`. +- Application-based mapping policies are applied to applications. To specify this mapping type, use the value `app`. -- Host-based mapping policies are applied to all types of clients requesting connections to specified host(s). To specify this mapping type, use the value `*`. +- Host-based mapping policies are applied to all types of clients requesting connections to specified host(s). To specify this mapping type, use the value `*`. **Host** Specifies the name of a host pattern. The host name is matched to the connection request to select the right policy to use. @@ -72,10 +69,10 @@ The host pattern can have two wild cards, "\*" and "+". The host pattern is not **OrderedConnections** Specifies whether the list of connections is in preference order. -A value of "0" specifies that the connections are not listed in order of preference. A value of "1" indicates that the listed connections are in order of preference. +A value of "0" specifies that the connections aren't listed in order of preference. A value of "1" indicates that the listed connections are in order of preference. **Conn***XXX* -Enumerates the connections associated with the policy. Element names begin with "Conn" followed by three digits which increment starting from "000". For example, a policy which applied to five connections would have element entries named "Conn000", "Conn001", "Conn002", "Conn003", and "Conn004". +Enumerates the connections associated with the policy. Element names begin with "Conn" followed by three digits that increment starting from "000". For example, a policy which is applied to five connections would have element entries named "Conn000", "Conn001", "Conn002", "Conn003", and "Conn004". **ConnectionID** Specifies a unique identifier for a connection within a group of connections. The exact value is based on the Type parameter. @@ -126,13 +123,13 @@ For `CMST_CONNECTION_DEVICE_TYPE`, specify the GUID for the desired device type. **Type** Specifies the type of connection being referenced. The following list describes the available connection types: -- `CMST_CONNECTION_NAME` – A connection specified by name. +- `CMST_CONNECTION_NAME` – A connection specified by name. -- `CMST_CONNECTION_TYPE` – Any connection of a specified type. +- `CMST_CONNECTION_TYPE` – Any connection of a specified type. -- `CMST_CONNECTION_NETWORK_TYPE` – Any connection of a specified device type. +- `CMST_CONNECTION_NETWORK_TYPE` – Any connection of a specified device type. -- `CMST_CONNECTION_DEVICE_TYPE` – Any connection of the specified network type. +- `CMST_CONNECTION_DEVICE_TYPE` – Any connection of the specified network type. ## OMA client provisioning examples