mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-16 02:43:43 +00:00
Merge branch 'public' into martyav-correct-mentions-of-Windows-Defender-SmartScreen
This commit is contained in:
Marty Hernandez Avedon
GitHub
Binary file not shown.
|
After Width: | Height: | Size: 185 KiB |
@ -777,7 +777,7 @@ ADMX Info:
|
||||
|
||||
<!--/SupportedValues-->
|
||||
<!--Example-->
|
||||
To enable this policy, use the following SyncML.
|
||||
To enable this policy, use the following SyncML. This example prevents Windows from installing compatible devices with device instance IDs of USB\VID_1F75 and USB\VID_0781. To configure multiple classes, use `` as a delimiter.
|
||||
|
||||
``` xml
|
||||
<SyncML>
|
||||
@ -805,6 +805,25 @@ To verify the policy is applied, check C:\windows\INF\setupapi.dev.log and see i
|
||||
<<< Section end 2018/11/15 12:26:41.751
|
||||
<<< [Exit status: SUCCESS]
|
||||
```
|
||||
|
||||
You can also block installation and usage of prohibited peripherals by using a custom profile in Intune.
|
||||
|
||||
For example, this custom profile prevents installation of devices with matching device instance IDs.
|
||||
|
||||
|
||||
|
||||
To prevent installation of devices with matching device instance IDs by using custom profile in Intune:
|
||||
1. Locate the device instance ID.
|
||||
2. Replace `&` in the device instance IDs with `&`.
|
||||
For example:
|
||||
Replace
|
||||
```USBSTOR\DISK&VEN_SAMSUNG&PROD_FLASH_DRIVE&REV_1100\0376319020002347&0```
|
||||
with
|
||||
```USBSTOR\DISK&VEN_SAMSUNG&PROD_FLASH_DRIVE&REV_1100\0376319020002347&0```
|
||||
> [!Note]
|
||||
> Do not use spaces in the value.
|
||||
3. Replace the device instance IDs with `&` into the sample SyncML. Add the SyncML into the Intune custom device configuration profile.
|
||||
|
||||
<!--/Example-->
|
||||
<!--Validation-->
|
||||
|
||||
|
||||
@ -38,9 +38,11 @@ The following diagram shows the Reboot configuration service provider management
|
||||
<p style="margin-left: 20px">The supported operation is Get.</p>
|
||||
|
||||
<a href="" id="schedule-single"></a>**Schedule/Single**
|
||||
<p style="margin-left: 20px">This node will execute a reboot at a scheduled date and time. Setting a null (empty) date will delete the existing schedule. The date and time value is ISO8601, and both the date and time are required. </br>
|
||||
<p style="margin-left: 20px">This node will execute a reboot at a scheduled date and time. The date and time value is **ISO 8601**, and both the date and time are required. </br>
|
||||
Example to configure: 2018-10-25T18:00:00</p>
|
||||
|
||||
Setting a null (empty) date will delete the existing schedule. In accordance with the ISO 8601 format, the date and time representation needs to be 0000-00-00T00:00:00.
|
||||
|
||||
<p style="margin-left: 20px">The supported operations are Get, Add, Replace, and Delete.</p>
|
||||
|
||||
<a href="" id="schedule-dailyrecurrent"></a>**Schedule/DailyRecurrent**
|
||||
@ -53,13 +55,3 @@ Example to configure: 2018-10-25T18:00:00</p>
|
||||
|
||||
|
||||
[Configuration service provider reference](configuration-service-provider-reference.md)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
@ -25,7 +25,13 @@ manager: dansimp
|
||||
|
||||
## <a href="" id="overview"></a>Overview
|
||||
|
||||
Starting in Windows 10, version 1703, you can import ADMX files (also called ADMX ingestion) and set those ADMX-backed policies for Win32 and Desktop Bridge apps by using Windows 10 Mobile Device Management (MDM) on desktop SKUs. The ADMX files that define policy information can be ingested to your device by using the Policy CSP URI, `./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall`. The ingested ADMX file is then processed into MDM policies.
|
||||
Starting in Windows 10, version 1703, you can import ADMX files (also called ADMX ingestion) and set those ADMX-backed policies for Win32 and Desktop Bridge apps by using Windows 10 Mobile Device Management (MDM) on desktop SKUs. The ADMX files that define policy information can be ingested to your device by using the Policy CSP URI, `./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall`. The ingested ADMX file is then processed into MDM policies.
|
||||
|
||||
NOTE: Starting from the following Windows 10 version Replace command is supported
|
||||
- Windows 10, version 1903 with KB4512941 and KB4517211 installed
|
||||
- Windows 10, version 1809 with KB4512534 and KB installed
|
||||
- Windows 10, version 1803 with KB4512509 and KB installed
|
||||
- Windows 10, version 1709 with KB4516071 and KB installed
|
||||
|
||||
When the ADMX policies are imported, the registry keys to which each policy is written are checked so that known system registry keys, or registry keys that are used by existing inbox policies or system components, are not overwritten. This precaution helps to avoid security concerns over opening the entire registry. Currently, the ingested policies are not allowed to write to locations within the **System**, **Software\Microsoft**, and **Software\Policies\Microsoft** keys, except for the following locations:
|
||||
|
||||
@ -48,6 +54,8 @@ When the ADMX policies are imported, the registry keys to which each policy is w
|
||||
- software\microsoft\exchange\
|
||||
- software\policies\microsoft\vba\security\
|
||||
- software\microsoft\onedrive
|
||||
- software\Microsoft\Edge
|
||||
- Software\Microsoft\EdgeUpdate\
|
||||
|
||||
> [!Warning]
|
||||
> Some operating system components have built in functionality to check devices for domain membership. MDM enforces the configured policy values only if the devices are domain joined, otherwise it does not. However, you can still import ADMX files and set ADMX-backed policies regardless of whether the device is domain joined or non-domain joined.
|
||||
|
||||
Reference in New Issue
Block a user