deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'main' into gcc-relhealth-8337541

Browse Source
This commit is contained in:
Meghan Stewart 2023-09-08 13:01:35 -07:00 committed by GitHub
commit 766593689a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
27 changed files with 1299 additions and 345 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

315
windows/client-management/mdm/accountmanagement-csp.md
View File

@ -1,81 +1,304 @@
---
title: AccountManagement CSP
description: Learn about the AccountManagement CSP, which is used to configure settings in the Account Manager service.
description: Learn more about the AccountManagement CSP.
author: vinaypamnani-msft
manager: aaroncz
ms.author: vinpa
ms.topic: reference
ms.date: 08/29/2023
ms.localizationpriority: medium
ms.prod: windows-client
ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 03/23/2018
ms.reviewer:
manager: aaroncz
ms.topic: reference
---
<!-- Auto-Generated CSP Document -->
<!-- AccountManagement-Begin -->
# AccountManagement CSP
AccountManagement CSP is used to configure setting in the Account Manager service in Windows Holographic for Business edition. Added in Windows 10, version 1803.
<!-- AccountManagement-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
AccountManagement CSP is used to configure setting in the Account Manager service in Windows Holographic for Business edition.
> [!NOTE]
> The AccountManagement CSP is only supported in Windows Holographic for Business edition.
<!-- AccountManagement-Editable-End -->
The following syntax shows the AccountManagement configuration service provider in tree format.
<!-- AccountManagement-Tree-Begin -->
The following list shows the AccountManagement configuration service provider nodes:
```console
./Vendor/MSFT
AccountManagement
----UserProfileManagement
--------EnableProfileManager
--------DeletionPolicy
--------StorageCapacityStartDeletion
--------StorageCapacityStopDeletion
--------ProfileInactivityThreshold
- ./Device/Vendor/MSFT/AccountManagement
- [UserProfileManagement](#userprofilemanagement)
- [DeletionPolicy](#userprofilemanagementdeletionpolicy)
- [EnableProfileManager](#userprofilemanagementenableprofilemanager)
- [ProfileInactivityThreshold](#userprofilemanagementprofileinactivitythreshold)
- [StorageCapacityStartDeletion](#userprofilemanagementstoragecapacitystartdeletion)
- [StorageCapacityStopDeletion](#userprofilemanagementstoragecapacitystopdeletion)
<!-- AccountManagement-Tree-End -->
<!-- Device-UserProfileManagement-Begin -->
## UserProfileManagement
<!-- Device-UserProfileManagement-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE <br> ❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041] and later |
<!-- Device-UserProfileManagement-Applicability-End -->
<!-- Device-UserProfileManagement-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/AccountManagement/UserProfileManagement
```
<!-- Device-UserProfileManagement-OmaUri-End -->
<a href="" id="accountmanagement"></a>**./Vendor/MSFT/AccountManagement**
Root node for the AccountManagement configuration service provider.
<!-- Device-UserProfileManagement-Description-Begin -->
<!-- Description-Source-Not-Found -->
<!-- Device-UserProfileManagement-Description-End -->
<a href="" id="accountmanagement-userprofilemanagemen-enableprofilemanager"></a>**UserProfileManagement**
Interior node.
<!-- Device-UserProfileManagement-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- Device-UserProfileManagement-Editable-End -->
<a href="" id="accountmanagement-userprofilemanagement-deletionpolicy"></a>**UserProfileManagement/EnableProfileManager**
Enable profile lifetime management for shared or communal device scenarios. Default value is false.
<!-- Device-UserProfileManagement-DFProperties-Begin -->
**Description framework properties**:
Supported operations are Add, Get, Replace, and Delete.
| Property name | Property value |
|:--|:--|
| Format | `node` |
| Access Type | Get |
<!-- Device-UserProfileManagement-DFProperties-End -->
Value type is bool.
<!-- Device-UserProfileManagement-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- Device-UserProfileManagement-Examples-End -->
<a href="" id="accountmanagement-userprofilemanagement-storagecapacitystartdeletion"></a>**UserProfileManagement/DeletionPolicy**
Configures when profiles will be deleted. Default value is 1.
<!-- Device-UserProfileManagement-End -->
Valid values:
<!-- Device-UserProfileManagement-DeletionPolicy-Begin -->
### UserProfileManagement/DeletionPolicy
- 0 - delete immediately when the device returns to a state with no currently active users
- 1 - delete at storage capacity threshold
- 2 - delete at both storage capacity threshold and profile inactivity threshold
<!-- Device-UserProfileManagement-DeletionPolicy-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE <br> ❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041] and later |
<!-- Device-UserProfileManagement-DeletionPolicy-Applicability-End -->
Supported operations are Add, Get, Replace, and Delete.
<!-- Device-UserProfileManagement-DeletionPolicy-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/AccountManagement/UserProfileManagement/DeletionPolicy
```
<!-- Device-UserProfileManagement-DeletionPolicy-OmaUri-End -->
Value type is integer.
<!-- Device-UserProfileManagement-DeletionPolicy-Description-Begin -->
<!-- Description-Source-DDF -->
Configures when profiles will be deleted. Allowed values: 0 (delete immediately upon device returning to a state with no currently active users); 1 (delete at storage capacity threshold); 2 (delete at both storage capacity threshold and profile inactivity threshold).
<!-- Device-UserProfileManagement-DeletionPolicy-Description-End -->
<a href="" id="accountmanagement-userprofilemanagement-storagecapacitystopdeletion"></a>**UserProfileManagement/StorageCapacityStartDeletion**
Start deleting profiles when available storage capacity falls below this threshold, given as percent of total storage available for profiles. Profiles that have been inactive the longest will be deleted first. Default value is 25.
<!-- Device-UserProfileManagement-DeletionPolicy-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- Device-UserProfileManagement-DeletionPolicy-Editable-End -->
Supported operations are Add, Get, Replace, and Delete.
<!-- Device-UserProfileManagement-DeletionPolicy-DFProperties-Begin -->
**Description framework properties**:
Value type is integer.
| Property name | Property value |
|:--|:--|
| Format | `int` |
| Access Type | Add, Delete, Get, Replace |
| Default Value | 1 |
<!-- Device-UserProfileManagement-DeletionPolicy-DFProperties-End -->
<a href="" id="accountmanagement-userprofilemanagement-storagecapacitystopdeletion"></a>**UserProfileManagement/StorageCapacityStopDeletion**
Stop deleting profiles when available storage capacity is brought up to this threshold, given as percent of total storage available for profiles. Default value is 50.
<!-- Device-UserProfileManagement-DeletionPolicy-AllowedValues-Begin -->
**Allowed values**:
Supported operations are Add, Get, Replace, and Delete.
| Value | Description |
|:--|:--|
| 0 | Delete immediately upon device returning to a state with no currently active users). |
| 1 (Default) | Delete at storage capacity threshold. |
| 2 | Delete at both storage capacity threshold and profile inactivity threshold. |
<!-- Device-UserProfileManagement-DeletionPolicy-AllowedValues-End -->
Value type is integer.
<!-- Device-UserProfileManagement-DeletionPolicy-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- Device-UserProfileManagement-DeletionPolicy-Examples-End -->
<a href="" id="accountmanagement-userprofilemanagement-profileinactivitythreshold"></a>**UserProfileManagement/ProfileInactivityThreshold**
Start deleting profiles when they haven't been logged on during the specified period, given as number of days. Default value is 30.
<!-- Device-UserProfileManagement-DeletionPolicy-End -->
Supported operations are Add, Get, Replace, and Delete. Value type is integer.
<!-- Device-UserProfileManagement-EnableProfileManager-Begin -->
### UserProfileManagement/EnableProfileManager
## Related topics
<!-- Device-UserProfileManagement-EnableProfileManager-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE <br> ❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041] and later |
<!-- Device-UserProfileManagement-EnableProfileManager-Applicability-End -->
[Configuration service provider reference](index.yml)
<!-- Device-UserProfileManagement-EnableProfileManager-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/AccountManagement/UserProfileManagement/EnableProfileManager
```
<!-- Device-UserProfileManagement-EnableProfileManager-OmaUri-End -->
<!-- Device-UserProfileManagement-EnableProfileManager-Description-Begin -->
<!-- Description-Source-DDF -->
Enable profile lifetime mangement for shared or communal device scenarios.
<!-- Device-UserProfileManagement-EnableProfileManager-Description-End -->
<!-- Device-UserProfileManagement-EnableProfileManager-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- Device-UserProfileManagement-EnableProfileManager-Editable-End -->
<!-- Device-UserProfileManagement-EnableProfileManager-DFProperties-Begin -->
**Description framework properties**:
| Property name | Property value |
|:--|:--|
| Format | `bool` |
| Access Type | Add, Delete, Get, Replace |
| Default Value | false |
<!-- Device-UserProfileManagement-EnableProfileManager-DFProperties-End -->
<!-- Device-UserProfileManagement-EnableProfileManager-AllowedValues-Begin -->
**Allowed values**:
| Value | Description |
|:--|:--|
| false (Default) | False. |
| true | True. |
<!-- Device-UserProfileManagement-EnableProfileManager-AllowedValues-End -->
<!-- Device-UserProfileManagement-EnableProfileManager-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- Device-UserProfileManagement-EnableProfileManager-Examples-End -->
<!-- Device-UserProfileManagement-EnableProfileManager-End -->
<!-- Device-UserProfileManagement-ProfileInactivityThreshold-Begin -->
### UserProfileManagement/ProfileInactivityThreshold
<!-- Device-UserProfileManagement-ProfileInactivityThreshold-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE <br> ❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041] and later |
<!-- Device-UserProfileManagement-ProfileInactivityThreshold-Applicability-End -->
<!-- Device-UserProfileManagement-ProfileInactivityThreshold-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/AccountManagement/UserProfileManagement/ProfileInactivityThreshold
```
<!-- Device-UserProfileManagement-ProfileInactivityThreshold-OmaUri-End -->
<!-- Device-UserProfileManagement-ProfileInactivityThreshold-Description-Begin -->
<!-- Description-Source-DDF -->
Start deleting profiles when they haven't been logged-on during the specified period, given as number of days.
<!-- Device-UserProfileManagement-ProfileInactivityThreshold-Description-End -->
<!-- Device-UserProfileManagement-ProfileInactivityThreshold-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- Device-UserProfileManagement-ProfileInactivityThreshold-Editable-End -->
<!-- Device-UserProfileManagement-ProfileInactivityThreshold-DFProperties-Begin -->
**Description framework properties**:
| Property name | Property value |
|:--|:--|
| Format | `int` |
| Access Type | Add, Delete, Get, Replace |
| Default Value | 30 |
<!-- Device-UserProfileManagement-ProfileInactivityThreshold-DFProperties-End -->
<!-- Device-UserProfileManagement-ProfileInactivityThreshold-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- Device-UserProfileManagement-ProfileInactivityThreshold-Examples-End -->
<!-- Device-UserProfileManagement-ProfileInactivityThreshold-End -->
<!-- Device-UserProfileManagement-StorageCapacityStartDeletion-Begin -->
### UserProfileManagement/StorageCapacityStartDeletion
<!-- Device-UserProfileManagement-StorageCapacityStartDeletion-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE <br> ❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041] and later |
<!-- Device-UserProfileManagement-StorageCapacityStartDeletion-Applicability-End -->
<!-- Device-UserProfileManagement-StorageCapacityStartDeletion-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/AccountManagement/UserProfileManagement/StorageCapacityStartDeletion
```
<!-- Device-UserProfileManagement-StorageCapacityStartDeletion-OmaUri-End -->
<!-- Device-UserProfileManagement-StorageCapacityStartDeletion-Description-Begin -->
<!-- Description-Source-DDF -->
Start deleting profiles when available storage capacity falls below this threshold, given as percent of total storage available for profiles. Profiles that have been inactive the longest will be deleted first.
<!-- Device-UserProfileManagement-StorageCapacityStartDeletion-Description-End -->
<!-- Device-UserProfileManagement-StorageCapacityStartDeletion-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- Device-UserProfileManagement-StorageCapacityStartDeletion-Editable-End -->
<!-- Device-UserProfileManagement-StorageCapacityStartDeletion-DFProperties-Begin -->
**Description framework properties**:
| Property name | Property value |
|:--|:--|
| Format | `int` |
| Access Type | Add, Delete, Get, Replace |
| Default Value | 25 |
<!-- Device-UserProfileManagement-StorageCapacityStartDeletion-DFProperties-End -->
<!-- Device-UserProfileManagement-StorageCapacityStartDeletion-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- Device-UserProfileManagement-StorageCapacityStartDeletion-Examples-End -->
<!-- Device-UserProfileManagement-StorageCapacityStartDeletion-End -->
<!-- Device-UserProfileManagement-StorageCapacityStopDeletion-Begin -->
### UserProfileManagement/StorageCapacityStopDeletion
<!-- Device-UserProfileManagement-StorageCapacityStopDeletion-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE <br> ❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041] and later |
<!-- Device-UserProfileManagement-StorageCapacityStopDeletion-Applicability-End -->
<!-- Device-UserProfileManagement-StorageCapacityStopDeletion-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/AccountManagement/UserProfileManagement/StorageCapacityStopDeletion
```
<!-- Device-UserProfileManagement-StorageCapacityStopDeletion-OmaUri-End -->
<!-- Device-UserProfileManagement-StorageCapacityStopDeletion-Description-Begin -->
<!-- Description-Source-DDF -->
Stop deleting profiles when available storage capacity is brought up to this threshold, given as percent of total storage available for profiles.
<!-- Device-UserProfileManagement-StorageCapacityStopDeletion-Description-End -->
<!-- Device-UserProfileManagement-StorageCapacityStopDeletion-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- Device-UserProfileManagement-StorageCapacityStopDeletion-Editable-End -->
<!-- Device-UserProfileManagement-StorageCapacityStopDeletion-DFProperties-Begin -->
**Description framework properties**:
| Property name | Property value |
|:--|:--|
| Format | `int` |
| Access Type | Add, Delete, Get, Replace |
| Default Value | 50 |
<!-- Device-UserProfileManagement-StorageCapacityStopDeletion-DFProperties-End -->
<!-- Device-UserProfileManagement-StorageCapacityStopDeletion-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- Device-UserProfileManagement-StorageCapacityStopDeletion-Examples-End -->
<!-- Device-UserProfileManagement-StorageCapacityStopDeletion-End -->
<!-- AccountManagement-CspMoreInfo-Begin -->
<!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
<!-- AccountManagement-CspMoreInfo-End -->
<!-- AccountManagement-End -->
## Related articles
[Configuration service provider reference](configuration-service-provider-reference.md)

369
windows/client-management/mdm/accountmanagement-ddf.md
View File

@ -1,203 +1,232 @@
---
title: AccountManagement DDF file
description: View the OMA DM device description framework (DDF) for the AccountManagement configuration service provider. This file is used to configure settings.
description: View the XML file containing the device description framework (DDF) for the AccountManagement configuration service provider.
author: vinaypamnani-msft
manager: aaroncz
ms.author: vinpa
ms.topic: reference
ms.date: 08/29/2023
ms.localizationpriority: medium
ms.prod: windows-client
ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 03/23/2018
ms.reviewer:
manager: aaroncz
ms.topic: reference
---
<!-- Auto-Generated CSP Document -->
# AccountManagement DDF file
This topic shows the OMA DM device description framework (DDF) for the **AccountManagement** configuration service provider.
The XML below is for Windows 10, version 1803.
The following XML file contains the device description framework (DDF) for the AccountManagement configuration service provider.
```xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE MgmtTree PUBLIC " -//OMA//DTD-DM-DDF 1.2//EN"
"http://www.openmobilealliance.org/tech/DTD/DM_DDF-V1_2.dtd"
[<?oma-dm-ddf-ver supported-versions="1.2"?>]>
<!DOCTYPE MgmtTree PUBLIC " -//OMA//DTD-DM-DDF 1.2//EN" "http://www.openmobilealliance.org/tech/DTD/DM_DDF-V1_2.dtd"[<?oma-dm-ddf-ver supported-versions="1.2"?>]>
<MgmtTree xmlns:MSFT="http://schemas.microsoft.com/MobileDevice/DM">
<VerDTD>1.2</VerDTD>
<MSFT:Diagnostics>
</MSFT:Diagnostics>
<Node>
<NodeName>AccountManagement</NodeName>
<Path>./Device/Vendor/MSFT</Path>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME />
</DFType>
<MSFT:Applicability>
<MSFT:OsBuildVersion>10.0.19041</MSFT:OsBuildVersion>
<MSFT:CspVersion>1.0</MSFT:CspVersion>
<MSFT:EditionAllowList>0x88;</MSFT:EditionAllowList>
</MSFT:Applicability>
</DFProperties>
<Node>
<NodeName>UserProfileManagement</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<DDFName />
</DFType>
</DFProperties>
<Node>
<NodeName>AccountManagement</NodeName>
<Path>./Device/Vendor/MSFT</Path>
<NodeName>EnableProfileManager</NodeName>
<DFProperties>
<AccessType>
<Add />
<Delete />
<Get />
<Replace />
</AccessType>
<DefaultValue>false</DefaultValue>
<Description>Enable profile lifetime mangement for shared or communal device scenarios.</Description>
<DFFormat>
<node />
<bool />
</DFFormat>
<Occurrence>
<One />
<ZeroOrOne />
</Occurrence>
<Scope>
<Permanent />
<Dynamic />
</Scope>
<DFTitle>Enable profile manager</DFTitle>
<DFType>
<MIME>com.microsoft/1.0/MDM/AccountManagement</MIME>
<MIME />
</DFType>
<MSFT:AllowedValues ValueType="ENUM">
<MSFT:Enum>
<MSFT:Value>false</MSFT:Value>
<MSFT:ValueDescription>False</MSFT:ValueDescription>
</MSFT:Enum>
<MSFT:Enum>
<MSFT:Value>true</MSFT:Value>
<MSFT:ValueDescription>True</MSFT:ValueDescription>
</MSFT:Enum>
</MSFT:AllowedValues>
</DFProperties>
</Node>
<Node>
<NodeName>DeletionPolicy</NodeName>
<DFProperties>
<AccessType>
<Add />
<Delete />
<Get />
<Replace />
</AccessType>
<DefaultValue>1</DefaultValue>
<Description>Configures when profiles will be deleted. Allowed values: 0 (delete immediately upon device returning to a state with no currently active users); 1 (delete at storage capacity threshold); 2 (delete at both storage capacity threshold and profile inactivity threshold).</Description>
<DFFormat>
<int />
</DFFormat>
<Occurrence>
<ZeroOrOne />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFTitle>Profile deletion policy</DFTitle>
<DFType>
<MIME />
</DFType>
<MSFT:AllowedValues ValueType="ENUM">
<MSFT:Enum>
<MSFT:Value>0</MSFT:Value>
<MSFT:ValueDescription>Delete immediately upon device returning to a state with no currently active users)</MSFT:ValueDescription>
</MSFT:Enum>
<MSFT:Enum>
<MSFT:Value>1</MSFT:Value>
<MSFT:ValueDescription>Delete at storage capacity threshold</MSFT:ValueDescription>
</MSFT:Enum>
<MSFT:Enum>
<MSFT:Value>2</MSFT:Value>
<MSFT:ValueDescription>Delete at both storage capacity threshold and profile inactivity threshold</MSFT:ValueDescription>
</MSFT:Enum>
</MSFT:AllowedValues>
</DFProperties>
</Node>
<Node>
<NodeName>StorageCapacityStartDeletion</NodeName>
<DFProperties>
<AccessType>
<Add />
<Delete />
<Get />
<Replace />
</AccessType>
<DefaultValue>25</DefaultValue>
<Description>Start deleting profiles when available storage capacity falls below this threshold, given as percent of total storage available for profiles. Profiles that have been inactive the longest will be deleted first.</Description>
<DFFormat>
<int />
</DFFormat>
<Occurrence>
<ZeroOrOne />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFTitle>Storage capacity threshold to start profile deletion</DFTitle>
<DFType>
<MIME />
</DFType>
</DFProperties>
<Node>
<NodeName>UserProfileManagement</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<DDFName></DDFName>
</DFType>
</DFProperties>
<Node>
<NodeName>EnableProfileManager</NodeName>
<DFProperties>
<AccessType>
<Get />
<Add />
<Delete />
<Replace />
</AccessType>
<DefaultValue>false</DefaultValue>
<Description>Enable profile lifetime management for shared or communal device scenarios.</Description>
<DFFormat>
<bool />
</DFFormat>
<Occurrence>
<ZeroOrOne />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFTitle>Enable profile manager</DFTitle>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>DeletionPolicy</NodeName>
<DFProperties>
<AccessType>
<Get />
<Add />
<Delete />
<Replace />
</AccessType>
<DefaultValue>1</DefaultValue>
<Description>Configures when profiles will be deleted. Allowed values: 0 (delete immediately upon device returning to a state with no currently active users); 1 (delete at storage capacity threshold); 2 (delete at both storage capacity threshold and profile inactivity threshold).</Description>
<DFFormat>
<int />
</DFFormat>
<Occurrence>
<ZeroOrOne />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFTitle>Profile deletion policy</DFTitle>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>StorageCapacityStartDeletion</NodeName>
<DFProperties>
<AccessType>
<Get />
<Add />
<Delete />
<Replace />
</AccessType>
<DefaultValue>25</DefaultValue>
<Description>Start deleting profiles when available storage capacity falls below this threshold, given as percent of total storage available for profiles. Profiles that have been inactive the longest will be deleted first.</Description>
<DFFormat>
<int />
</DFFormat>
<Occurrence>
<ZeroOrOne />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFTitle>Storage capacity threshold to start profile deletion</DFTitle>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>StorageCapacityStopDeletion</NodeName>
<DFProperties>
<AccessType>
<Get />
<Add />
<Delete />
<Replace />
</AccessType>
<DefaultValue>50</DefaultValue>
<Description>Stop deleting profiles when available storage capacity is brought up to this threshold, given as percent of total storage available for profiles.</Description>
<DFFormat>
<int />
</DFFormat>
<Occurrence>
<ZeroOrOne />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFTitle>Storage capacity threshold to stop profile deletion</DFTitle>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>ProfileInactivityThreshold</NodeName>
<DFProperties>
<AccessType>
<Get />
<Add />
<Delete />
<Replace />
</AccessType>
<DefaultValue>30</DefaultValue>
<Description>Start deleting profiles when they have not been logged on during the specified period, given as number of days.</Description>
<DFFormat>
<int />
</DFFormat>
<Occurrence>
<ZeroOrOne />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFTitle>Profile inactive threshold</DFTitle>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
</Node>
</Node>
<Node>
<NodeName>StorageCapacityStopDeletion</NodeName>
<DFProperties>
<AccessType>
<Add />
<Delete />
<Get />
<Replace />
</AccessType>
<DefaultValue>50</DefaultValue>
<Description>Stop deleting profiles when available storage capacity is brought up to this threshold, given as percent of total storage available for profiles.</Description>
<DFFormat>
<int />
</DFFormat>
<Occurrence>
<ZeroOrOne />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFTitle>Storage capacity threshold to stop profile deletion</DFTitle>
<DFType>
<MIME />
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>ProfileInactivityThreshold</NodeName>
<DFProperties>
<AccessType>
<Add />
<Delete />
<Get />
<Replace />
</AccessType>
<DefaultValue>30</DefaultValue>
<Description>Start deleting profiles when they have not been logged on during the specified period, given as number of days.</Description>
<DFFormat>
<int />
</DFFormat>
<Occurrence>
<ZeroOrOne />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFTitle>Profile inactive threshold</DFTitle>
<DFType>
<MIME />
</DFType>
</DFProperties>
</Node>
</Node>
</Node>
</MgmtTree>
```
## Related topics
## Related articles
[AccountManagement configuration service provider](accountmanagement-csp.md)
[AccountManagement configuration service provider reference](accountmanagement-csp.md)

6
windows/client-management/mdm/clouddesktop-ddf-file.md
View File

@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
author: vinaypamnani-msft
manager: aaroncz
ms.author: vinpa
ms.date: 07/25/2023
ms.date: 08/29/2023
ms.localizationpriority: medium
ms.prod: windows-client
ms.technology: itpro-manage
@ -47,7 +47,7 @@ The following XML file contains the device description framework (DDF) for the C
<MSFT:Applicability>
<MSFT:OsBuildVersion>22631.2050</MSFT:OsBuildVersion>
<MSFT:CspVersion>1.0</MSFT:CspVersion>
<MSFT:EditionAllowList>0x4;0x30;0x31;0x7E;0x87;0x88;0x88*;0xA1;0xA2;0xA4;0xA5;0xB4;0xBC;0xBD;0xBF;</MSFT:EditionAllowList>
<MSFT:EditionAllowList>0x4;0x30;0x31;0x7E;0x88;0xA1;0xA2;0xA4;0xA5;0xBC;0xBF;0xCD;</MSFT:EditionAllowList>
</MSFT:Applicability>
</DFProperties>
<Node>
@ -60,7 +60,7 @@ The following XML file contains the device description framework (DDF) for the C
<Replace />
</AccessType>
<DefaultValue>false</DefaultValue>
<Description>Setting this node to "true" configures boot to cloud for Shared PC mode. Boot to cloud mode enables users to seamlessly sign-in to a Cloud PC. Shared PC mode allows multiple users to sign-in on the device and use for shared purpose. For enabling boot to cloud shared pc feature, Cloud Provider application must be installed on the PC and the user must have a Cloud PC provisioned.</Description>
<Description>Setting this node to "true" configures boot to cloud for Shared PC mode. Boot to cloud mode enables users to seamlessly sign-in to a Cloud PC. Shared PC mode allows multiple users to sign-in on the device and use for shared purpose. For enabling Boot to Cloud Shared PC feature, Cloud Provider application must be installed on the PC and the user must have a Cloud PC provisioned.</Description>
<DFFormat>
<bool />
</DFFormat>

79
windows/client-management/mdm/defender-csp.md
View File

@ -4,7 +4,7 @@ description: Learn more about the Defender CSP.
author: vinaypamnani-msft
manager: aaroncz
ms.author: vinpa
ms.date: 08/10/2023
ms.date: 08/29/2023
ms.localizationpriority: medium
ms.prod: windows-client
ms.technology: itpro-manage
@ -57,6 +57,7 @@ The following list shows the Defender configuration service provider nodes:
- [DisableInboundConnectionFiltering](#configurationdisableinboundconnectionfiltering)
- [DisableLocalAdminMerge](#configurationdisablelocaladminmerge)
- [DisableNetworkProtectionPerfTelemetry](#configurationdisablenetworkprotectionperftelemetry)
- [DisableQuicParsing](#configurationdisablequicparsing)
- [DisableRdpParsing](#configurationdisablerdpparsing)
- [DisableSmtpParsing](#configurationdisablesmtpparsing)
- [DisableSshParsing](#configurationdisablesshparsing)
@ -492,7 +493,7 @@ Define the retention period in days of how much time the evidence data will be k
<!-- Device-Configuration-DataDuplicationMaximumQuota-Description-Begin -->
<!-- Description-Source-DDF -->
Defines the maximum data duplication quota in MB that can be collected. When the quota is reached the filter will stop duplicating any data until the service manages to dispatch the existing collected data, thus decreasing the quota again below the maximum.
Defines the maximum data duplication quota in MB that can be collected. When the quota is reached the filter will stop duplicating any data until the service manages to dispatch the existing collected data, thus decreasing the quota again below the maximum. The valid interval is [5-5000] MB. By default, the maximum quota will be 500 MB.
<!-- Device-Configuration-DataDuplicationMaximumQuota-Description-End -->
<!-- Device-Configuration-DataDuplicationMaximumQuota-Editable-Begin -->
@ -504,8 +505,10 @@ Defines the maximum data duplication quota in MB that can be collected. When the
| Property name | Property value |
|:--|:--|
| Format | `chr` (string) |
| Format | `int` |
| Access Type | Add, Delete, Get, Replace |
| Allowed Values | Range: `[5-5000]` |
| Default Value | 500 |
<!-- Device-Configuration-DataDuplicationMaximumQuota-DFProperties-End -->
<!-- Device-Configuration-DataDuplicationMaximumQuota-Examples-Begin -->
@ -570,7 +573,7 @@ Define data duplication remote location for device control.
<!-- Device-Configuration-DaysUntilAggressiveCatchupQuickScan-Description-Begin -->
<!-- Description-Source-DDF -->
Configure how many days can pass before an aggressive quick scan is triggered. The valid interval is [7-60] days. If set to 0, aggressive quick scans will be disabled. By default, the value is set to 25 days.
Configure how many days can pass before an aggressive quick scan is triggered. The valid interval is [7-60] days. If not configured, aggressive quick scans will be disabled. By default, the value is set to 25 days when enabled.
<!-- Device-Configuration-DaysUntilAggressiveCatchupQuickScan-Description-End -->
<!-- Device-Configuration-DaysUntilAggressiveCatchupQuickScan-Editable-Begin -->
@ -584,7 +587,7 @@ Configure how many days can pass before an aggressive quick scan is triggered. T
|:--|:--|
| Format | `int` |
| Access Type | Add, Delete, Get, Replace |
| Allowed Values | Range: `[0,7-60]` |
| Allowed Values | Range: `[7-60]` |
| Default Value | 25 |
<!-- Device-Configuration-DaysUntilAggressiveCatchupQuickScan-DFProperties-End -->
@ -989,10 +992,20 @@ Defines whether the cache maintenance idle task will perform the cache maintenan
| Property name | Property value |
|:--|:--|
| Format | `chr` (string) |
| Format | `int` |
| Access Type | Add, Delete, Get, Replace |
| Default Value | 0 |
<!-- Device-Configuration-DisableCacheMaintenance-DFProperties-End -->
<!-- Device-Configuration-DisableCacheMaintenance-AllowedValues-Begin -->
**Allowed values**:
| Value | Description |
|:--|:--|
| 1 | Cache maintenance is disabled. |
| 0 (Default) | Cache maintenance is enabled (default). |
<!-- Device-Configuration-DisableCacheMaintenance-AllowedValues-End -->
<!-- Device-Configuration-DisableCacheMaintenance-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- Device-Configuration-DisableCacheMaintenance-Examples-End -->
@ -1489,6 +1502,55 @@ This setting disables the gathering and send of performance telemetry from Netwo
<!-- Device-Configuration-DisableNetworkProtectionPerfTelemetry-End -->
<!-- Device-Configuration-DisableQuicParsing-Begin -->
### Configuration/DisableQuicParsing
<!-- Device-Configuration-DisableQuicParsing-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
<!-- Device-Configuration-DisableQuicParsing-Applicability-End -->
<!-- Device-Configuration-DisableQuicParsing-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/Defender/Configuration/DisableQuicParsing
```
<!-- Device-Configuration-DisableQuicParsing-OmaUri-End -->
<!-- Device-Configuration-DisableQuicParsing-Description-Begin -->
<!-- Description-Source-DDF -->
This setting disables QUIC Parsing for Network Protection.
<!-- Device-Configuration-DisableQuicParsing-Description-End -->
<!-- Device-Configuration-DisableQuicParsing-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- Device-Configuration-DisableQuicParsing-Editable-End -->
<!-- Device-Configuration-DisableQuicParsing-DFProperties-Begin -->
**Description framework properties**:
| Property name | Property value |
|:--|:--|
| Format | `int` |
| Access Type | Add, Delete, Get, Replace |
| Default Value | 0 |
<!-- Device-Configuration-DisableQuicParsing-DFProperties-End -->
<!-- Device-Configuration-DisableQuicParsing-AllowedValues-Begin -->
**Allowed values**:
| Value | Description |
|:--|:--|
| 1 | QUIC parsing is disabled. |
| 0 (Default) | QUIC parsing is enabled. |
<!-- Device-Configuration-DisableQuicParsing-AllowedValues-End -->
<!-- Device-Configuration-DisableQuicParsing-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- Device-Configuration-DisableQuicParsing-Examples-End -->
<!-- Device-Configuration-DisableQuicParsing-End -->
<!-- Device-Configuration-DisableRdpParsing-Begin -->
### Configuration/DisableRdpParsing
@ -1916,6 +1978,7 @@ Allows an administrator to explicitly disable network packet inspection made by
|:--|:--|
| Format | `chr` (string) |
| Access Type | Add, Delete, Get, Replace |
| Allowed Values | List (Delimiter: `|`) |
<!-- Device-Configuration-ExcludedIpAddresses-DFProperties-End -->
<!-- Device-Configuration-ExcludedIpAddresses-Examples-Begin -->
@ -2203,7 +2266,7 @@ Setting to control automatic remediation for Sense scans.
|:--|:--|
| Format | `int` |
| Access Type | Add, Delete, Get, Replace |
| Default Value | 0 |
| Default Value | 0x0 |
<!-- Device-Configuration-PassiveRemediation-DFProperties-End -->
<!-- Device-Configuration-PassiveRemediation-AllowedValues-Begin -->
@ -2211,6 +2274,7 @@ Setting to control automatic remediation for Sense scans.
| Flag | Description |
|:--|:--|
| 0x0 (Default) | Passive Remediation is turned off (default). |
| 0x1 | PASSIVE_REMEDIATION_FLAG_SENSE_AUTO_REMEDIATION: Passive Remediation Sense AutoRemediation. |
| 0x2 | PASSIVE_REMEDIATION_FLAG_RTP_AUDIT: Passive Remediation Realtime Protection Audit. |
| 0x4 | PASSIVE_REMEDIATION_FLAG_RTP_REMEDIATION: Passive Remediation Realtime Protection Remediation. |
@ -2494,6 +2558,7 @@ Defines what are the devices primary ids that should be secured by Defender Devi
|:--|:--|
| Format | `chr` (string) |
| Access Type | Add, Delete, Get, Replace |
| Allowed Values | List (Delimiter: `|`) |
<!-- Device-Configuration-SecuredDevicesConfiguration-DFProperties-End -->
<!-- Device-Configuration-SecuredDevicesConfiguration-Examples-Begin -->

74
windows/client-management/mdm/defender-ddf.md
View File

@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
author: vinaypamnani-msft
manager: aaroncz
ms.author: vinpa
ms.date: 08/02/2023
ms.date: 08/29/2023
ms.localizationpriority: medium
ms.prod: windows-client
ms.technology: itpro-manage
@ -1060,6 +1060,7 @@ The following XML file contains the device description framework (DDF) for the D
<MSFT:CspVersion>1.3</MSFT:CspVersion>
</MSFT:Applicability>
<MSFT:AllowedValues ValueType="None">
<MSFT:List Delimiter="|" />
</MSFT:AllowedValues>
</DFProperties>
</Node>
@ -2194,7 +2195,7 @@ The following XML file contains the device description framework (DDF) for the D
<Replace />
</AccessType>
<DefaultValue>25</DefaultValue>
<Description>Configure how many days can pass before an aggressive quick scan is triggered. The valid interval is [7-60] days. If set to 0, aggressive quick scans will be disabled. By default, the value is set to 25 days.</Description>
<Description>Configure how many days can pass before an aggressive quick scan is triggered. The valid interval is [7-60] days. If not configured, aggressive quick scans will be disabled. By default, the value is set to 25 days when enabled.</Description>
<DFFormat>
<int />
</DFFormat>
@ -2212,7 +2213,7 @@ The following XML file contains the device description framework (DDF) for the D
<MSFT:CspVersion>1.3</MSFT:CspVersion>
</MSFT:Applicability>
<MSFT:AllowedValues ValueType="Range">
<MSFT:Value>[0,7-60]</MSFT:Value>
<MSFT:Value>[7-60]</MSFT:Value>
</MSFT:AllowedValues>
</DFProperties>
</Node>
@ -2333,6 +2334,7 @@ The following XML file contains the device description framework (DDF) for the D
<MSFT:CspVersion>1.3</MSFT:CspVersion>
</MSFT:Applicability>
<MSFT:AllowedValues ValueType="None">
<MSFT:List Delimiter="|" />
</MSFT:AllowedValues>
</DFProperties>
</Node>
@ -2345,9 +2347,10 @@ The following XML file contains the device description framework (DDF) for the D
<Get />
<Replace />
</AccessType>
<Description>Defines the maximum data duplication quota in MB that can be collected. When the quota is reached the filter will stop duplicating any data until the service manages to dispatch the existing collected data, thus decreasing the quota again below the maximum.</Description>
<DefaultValue>500</DefaultValue>
<Description>Defines the maximum data duplication quota in MB that can be collected. When the quota is reached the filter will stop duplicating any data until the service manages to dispatch the existing collected data, thus decreasing the quota again below the maximum. The valid interval is [5-5000] MB. By default, the maximum quota will be 500 MB.</Description>
<DFFormat>
<chr />
<int />
</DFFormat>
<Occurrence>
<One />
@ -2362,7 +2365,8 @@ The following XML file contains the device description framework (DDF) for the D
<MSFT:OsBuildVersion>10.0.17763</MSFT:OsBuildVersion>
<MSFT:CspVersion>1.3</MSFT:CspVersion>
</MSFT:Applicability>
<MSFT:AllowedValues ValueType="None">
<MSFT:AllowedValues ValueType="Range">
<MSFT:Value>[5-5000]</MSFT:Value>
</MSFT:AllowedValues>
</DFProperties>
</Node>
@ -2487,7 +2491,7 @@ The following XML file contains the device description framework (DDF) for the D
<Get />
<Replace />
</AccessType>
<DefaultValue>0</DefaultValue>
<DefaultValue>0x0</DefaultValue>
<Description>Setting to control automatic remediation for Sense scans.</Description>
<DFFormat>
<int />
@ -2506,6 +2510,10 @@ The following XML file contains the device description framework (DDF) for the D
<MSFT:CspVersion>1.3</MSFT:CspVersion>
</MSFT:Applicability>
<MSFT:AllowedValues ValueType="Flag">
<MSFT:Enum>
<MSFT:Value>0x0</MSFT:Value>
<MSFT:ValueDescription>Passive Remediation is turned off (default)</MSFT:ValueDescription>
</MSFT:Enum>
<MSFT:Enum>
<MSFT:Value>0x1</MSFT:Value>
<MSFT:ValueDescription>PASSIVE_REMEDIATION_FLAG_SENSE_AUTO_REMEDIATION: Passive Remediation Sense AutoRemediation</MSFT:ValueDescription>
@ -2603,6 +2611,45 @@ The following XML file contains the device description framework (DDF) for the D
</MSFT:AllowedValues>
</DFProperties>
</Node>
<Node>
<NodeName>DisableQuicParsing</NodeName>
<DFProperties>
<AccessType>
<Add />
<Delete />
<Get />
<Replace />
</AccessType>
<DefaultValue>0</DefaultValue>
<Description>This setting disables QUIC Parsing for Network Protection.</Description>
<DFFormat>
<int />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME />
</DFType>
<MSFT:Applicability>
<MSFT:OsBuildVersion>10.0.14393</MSFT:OsBuildVersion>
<MSFT:CspVersion>1.3</MSFT:CspVersion>
</MSFT:Applicability>
<MSFT:AllowedValues ValueType="ENUM">
<MSFT:Enum>
<MSFT:Value>1</MSFT:Value>
<MSFT:ValueDescription>QUIC parsing is disabled</MSFT:ValueDescription>
</MSFT:Enum>
<MSFT:Enum>
<MSFT:Value>0</MSFT:Value>
<MSFT:ValueDescription>QUIC parsing is enabled</MSFT:ValueDescription>
</MSFT:Enum>
</MSFT:AllowedValues>
</DFProperties>
</Node>
<Node>
<NodeName>AllowSwitchToAsyncInspection</NodeName>
<DFProperties>
@ -2729,9 +2776,10 @@ The following XML file contains the device description framework (DDF) for the D
<Get />
<Replace />
</AccessType>
<DefaultValue>0</DefaultValue>
<Description>Defines whether the cache maintenance idle task will perform the cache maintenance or not.</Description>
<DFFormat>
<chr />
<int />
</DFFormat>
<Occurrence>
<One />
@ -2746,7 +2794,15 @@ The following XML file contains the device description framework (DDF) for the D
<MSFT:OsBuildVersion>10.0.17763</MSFT:OsBuildVersion>
<MSFT:CspVersion>1.3</MSFT:CspVersion>
</MSFT:Applicability>
<MSFT:AllowedValues ValueType="None">
<MSFT:AllowedValues ValueType="ENUM">
<MSFT:Enum>
<MSFT:Value>1</MSFT:Value>
<MSFT:ValueDescription>Cache maintenance is disabled</MSFT:ValueDescription>
</MSFT:Enum>
<MSFT:Enum>
<MSFT:Value>0</MSFT:Value>
<MSFT:ValueDescription>Cache maintenance is enabled (default)</MSFT:ValueDescription>
</MSFT:Enum>
</MSFT:AllowedValues>
</DFProperties>
</Node>

38
windows/client-management/mdm/euiccs-csp.md
View File

@ -4,7 +4,7 @@ description: Learn more about the eUICCs CSP.
author: vinaypamnani-msft
manager: aaroncz
ms.author: vinpa
ms.date: 08/10/2023
ms.date: 08/29/2023
ms.localizationpriority: medium
ms.prod: windows-client
ms.technology: itpro-manage
@ -108,7 +108,7 @@ Represents information associated with an eUICC. There is one subtree for each k
<!-- Device-{eUICC}-Actions-Description-Begin -->
<!-- Description-Source-DDF -->
Actions that can be performed on the eUICC as a whole (when it's active).
Actions that can be performed on the eUICC as a whole.
<!-- Device-{eUICC}-Actions-Description-End -->
<!-- Device-{eUICC}-Actions-Editable-Begin -->
@ -147,7 +147,7 @@ Actions that can be performed on the eUICC as a whole (when it's active).
<!-- Device-{eUICC}-Actions-ResetToFactoryState-Description-Begin -->
<!-- Description-Source-DDF -->
An EXECUTE on this node triggers the LPA to perform an eUICC Memory Reset.
This triggers an eUICC Memory Reset, which erases all the eSIM profiles in the eUICC.
<!-- Device-{eUICC}-Actions-ResetToFactoryState-Description-End -->
<!-- Device-{eUICC}-Actions-ResetToFactoryState-Editable-Begin -->
@ -226,7 +226,7 @@ Status of most recent operation, as an HRESULT. S_OK indicates success, S_FALSE
<!-- Device-{eUICC}-DownloadServers-Description-Begin -->
<!-- Description-Source-DDF -->
Represents default SM-DP+ discovery requests.
Represents servers used for bulk provisioning and eSIM discovery.
<!-- Device-{eUICC}-DownloadServers-Description-End -->
<!-- Device-{eUICC}-DownloadServers-Editable-Begin -->
@ -265,7 +265,7 @@ Represents default SM-DP+ discovery requests.
<!-- Device-{eUICC}-DownloadServers-{ServerName}-Description-Begin -->
<!-- Description-Source-DDF -->
Node representing the discovery operation for a server name. The node name is the fully qualified domain name of the SM-DP+ server that will be used for profile discovery. Creation of this subtree triggers a discovery request.
Node representing a bulk download/discovery server. The node name is the fully qualified domain name of the server that will be used. Creation of this subtree triggers a discovery request.
<!-- Device-{eUICC}-DownloadServers-{ServerName}-Description-End -->
<!-- Device-{eUICC}-DownloadServers-{ServerName}-Editable-Begin -->
@ -353,7 +353,7 @@ Indicates whether the discovered profile must be enabled automatically after ins
<!-- Device-{eUICC}-DownloadServers-{ServerName}-DiscoveryState-Description-Begin -->
<!-- Description-Source-DDF -->
Current state of the discovery operation for the parent ServerName (Requested = 1, Executing = 2, Completed = 3, Failed = 4). Queried by the CSP and only updated by the LPA.
Current state of the discovery operation for this server (Requested = 1, Executing = 2, Completed = 3, Failed = 4).
<!-- Device-{eUICC}-DownloadServers-{ServerName}-DiscoveryState-Description-End -->
<!-- Device-{eUICC}-DownloadServers-{ServerName}-DiscoveryState-Editable-Begin -->
@ -393,7 +393,7 @@ Current state of the discovery operation for the parent ServerName (Requested =
<!-- Device-{eUICC}-DownloadServers-{ServerName}-IsDiscoveryServer-Description-Begin -->
<!-- Description-Source-DDF -->
Indicates whether the server is a discovery server. Optional, default value is false.
Indicates whether the server is a discovery server or if it's used for bulk download. A discovery server is used every time a user requests a profile discovery operation. Optional, default value is false.
<!-- Device-{eUICC}-DownloadServers-{ServerName}-IsDiscoveryServer-Description-End -->
<!-- Device-{eUICC}-DownloadServers-{ServerName}-IsDiscoveryServer-Editable-Begin -->
@ -442,7 +442,7 @@ Indicates whether the server is a discovery server. Optional, default value is f
<!-- Device-{eUICC}-Identifier-Description-Begin -->
<!-- Description-Source-DDF -->
The EID.
The unique eUICC identifier (EID).
<!-- Device-{eUICC}-Identifier-Description-End -->
<!-- Device-{eUICC}-Identifier-Editable-Begin -->
@ -560,7 +560,7 @@ Device policies associated with the eUICC as a whole (not per-profile).
<!-- Device-{eUICC}-Policies-LocalUIEnabled-Description-Begin -->
<!-- Description-Source-DDF -->
Determines whether the local user interface of the LUI is available (true if available, false otherwise). Initially populated by the LPA when the eUICC tree is created, can be queried and changed by the MDM server.
Determines whether or not the user can make changes to the eSIM through the user interface.
<!-- Device-{eUICC}-Policies-LocalUIEnabled-Description-End -->
<!-- Device-{eUICC}-Policies-LocalUIEnabled-Editable-Begin -->
@ -609,7 +609,7 @@ Determines whether the local user interface of the LUI is available (true if ava
<!-- Device-{eUICC}-PPR1Allowed-Description-Begin -->
<!-- Description-Source-DDF -->
Indicates whether the download of a profile with PPR1 is allowed. If the eUICC has already a profile (regardless of its origin and policy rules associated with it), then the download of a profile with PPR1 isn't allowed.
Indicates whether the download of a profile with Profile Policy Rule 1 (PPR1) is allowed. If the eUICC has already a profile (regardless of its origin and policy rules associated with it), then the download of a profile with PPR1 isn't allowed.
<!-- Device-{eUICC}-PPR1Allowed-Description-End -->
<!-- Device-{eUICC}-PPR1Allowed-Editable-Begin -->
@ -648,7 +648,7 @@ Indicates whether the download of a profile with PPR1 is allowed. If the eUICC h
<!-- Device-{eUICC}-PPR1AlreadySet-Description-Begin -->
<!-- Description-Source-DDF -->
Indicates whether the eUICC has already a profile with PPR1.
Indicates whether the eUICC has already a profile with Profile Policy Rule 1 (PPR1).
<!-- Device-{eUICC}-PPR1AlreadySet-Description-End -->
<!-- Device-{eUICC}-PPR1AlreadySet-Editable-Begin -->
@ -687,7 +687,7 @@ Indicates whether the eUICC has already a profile with PPR1.
<!-- Device-{eUICC}-Profiles-Description-Begin -->
<!-- Description-Source-DDF -->
Represents all enterprise-owned profiles.
Represents all enterprise-owned eSIM profiles.
<!-- Device-{eUICC}-Profiles-Description-End -->
<!-- Device-{eUICC}-Profiles-Editable-Begin -->
@ -726,7 +726,7 @@ Represents all enterprise-owned profiles.
<!-- Device-{eUICC}-Profiles-{ICCID}-Description-Begin -->
<!-- Description-Source-DDF -->
Node representing an enterprise-owned eUICC profile. The node name is the ICCID of the profile (which is a unique identifier). Creation of this subtree triggers an AddProfile request by the LPA (which installs the profile on the eUICC). Removal of this subtree triggers the LPA to delete the profile (if resident on the eUICC).
Node representing an enterprise-owned eSIM profile. The node name is the ICCID of the profile (which is a unique identifier). Creation of this subtree triggers an AddProfile request by the LPA (which installs the profile on the eUICC). Removal of this subtree triggers the LPA to delete the profile (if resident on the eUICC).
<!-- Device-{eUICC}-Profiles-{ICCID}-Description-End -->
<!-- Device-{eUICC}-Profiles-{ICCID}-Editable-Begin -->
@ -806,7 +806,7 @@ Detailed error if the profile download and install procedure failed (None = 0, C
<!-- Device-{eUICC}-Profiles-{ICCID}-IsEnabled-Description-Begin -->
<!-- Description-Source-DDF -->
Indicates whether this profile is enabled. Can be set by the MDM when the ICCID subtree is created. Can also be queried and updated by the CSP.
Indicates whether this eSIM profile is enabled. Can be set by both the MDM and the CSP.
<!-- Device-{eUICC}-Profiles-{ICCID}-IsEnabled-Description-End -->
<!-- Device-{eUICC}-Profiles-{ICCID}-IsEnabled-Editable-Begin -->
@ -854,7 +854,7 @@ Indicates whether this profile is enabled. Can be set by the MDM when the ICCID
<!-- Device-{eUICC}-Profiles-{ICCID}-MatchingID-Description-Begin -->
<!-- Description-Source-DDF -->
Matching ID (activation code token) for profile download. Must be set by the MDM when the ICCID subtree is created.
Matching ID (activation code token) for eSIM profile download. Must be set by the MDM when the ICCID subtree is created.
<!-- Device-{eUICC}-Profiles-{ICCID}-MatchingID-Description-End -->
<!-- Device-{eUICC}-Profiles-{ICCID}-MatchingID-Editable-Begin -->
@ -894,7 +894,7 @@ Matching ID (activation code token) for profile download. Must be set by the MDM
<!-- Device-{eUICC}-Profiles-{ICCID}-PPR1Set-Description-Begin -->
<!-- Description-Source-DDF -->
This profile policy rule indicates whether disabling of this profile isn't allowed (true if not allowed, false otherwise).
Profile Policy Rule 1 (PPR1) indicates whether disabling of this profile isn't allowed (true if not allowed, false otherwise).
<!-- Device-{eUICC}-Profiles-{ICCID}-PPR1Set-Description-End -->
<!-- Device-{eUICC}-Profiles-{ICCID}-PPR1Set-Editable-Begin -->
@ -933,7 +933,7 @@ This profile policy rule indicates whether disabling of this profile isn't allow
<!-- Device-{eUICC}-Profiles-{ICCID}-PPR2Set-Description-Begin -->
<!-- Description-Source-DDF -->
This profile policy rule indicates whether deletion of this profile isn't allowed (true if not allowed, false otherwise).
Profile Policy Rule 2 (PPR2) indicates whether deletion of this profile isn't allowed (true if not allowed, false otherwise).
<!-- Device-{eUICC}-Profiles-{ICCID}-PPR2Set-Description-End -->
<!-- Device-{eUICC}-Profiles-{ICCID}-PPR2Set-Editable-Begin -->
@ -972,7 +972,7 @@ This profile policy rule indicates whether deletion of this profile isn't allowe
<!-- Device-{eUICC}-Profiles-{ICCID}-ServerName-Description-Begin -->
<!-- Description-Source-DDF -->
Fully qualified domain name of the SM-DP+ that can download this profile. Must be set by the MDM when the ICCID subtree is created.
Fully qualified domain name of the server that can download this eSIM profile. Must be set by the MDM when the ICCID subtree is created.
<!-- Device-{eUICC}-Profiles-{ICCID}-ServerName-Description-End -->
<!-- Device-{eUICC}-Profiles-{ICCID}-ServerName-Editable-Begin -->
@ -1011,7 +1011,7 @@ Fully qualified domain name of the SM-DP+ that can download this profile. Must b
<!-- Device-{eUICC}-Profiles-{ICCID}-State-Description-Begin -->
<!-- Description-Source-DDF -->
Current state of the profile (Installing = 1, Installed = 2, Deleting = 3, Error = 4). Queried by the CSP and only updated by the LPA.
Current state of the eSIM profile (Installing = 1, Installed = 2, Deleting = 3, Error = 4).
<!-- Device-{eUICC}-Profiles-{ICCID}-State-Description-End -->
<!-- Device-{eUICC}-Profiles-{ICCID}-State-Editable-Begin -->

38
windows/client-management/mdm/euiccs-ddf-file.md
View File

@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
author: vinaypamnani-msft
manager: aaroncz
ms.author: vinpa
ms.date: 06/02/2023
ms.date: 08/29/2023
ms.localizationpriority: medium
ms.prod: windows-client
ms.technology: itpro-manage
@ -84,7 +84,7 @@ The following XML file contains the device description framework (DDF) for the e
<AccessType>
<Get />
</AccessType>
<Description>The EID.</Description>
<Description>The unique eUICC identifier (EID).</Description>
<DFFormat>
<chr />
</DFFormat>
@ -129,7 +129,7 @@ The following XML file contains the device description framework (DDF) for the e
<AccessType>
<Get />
</AccessType>
<Description>Indicates whether the download of a profile with PPR1 is allowed. If the eUICC has already a profile (regardless of its origin and policy rules associated with it), then the download of a profile with PPR1 is not allowed.</Description>
<Description>Indicates whether the download of a profile with Profile Policy Rule 1 (PPR1) is allowed. If the eUICC has already a profile (regardless of its origin and policy rules associated with it), then the download of a profile with PPR1 is not allowed.</Description>
<DFFormat>
<bool />
</DFFormat>
@ -150,7 +150,7 @@ The following XML file contains the device description framework (DDF) for the e
<AccessType>
<Get />
</AccessType>
<Description>Indicates whether the eUICC has already a profile with PPR1.</Description>
<Description>Indicates whether the eUICC has already a profile with Profile Policy Rule 1 (PPR1).</Description>
<DFFormat>
<bool />
</DFFormat>
@ -171,7 +171,7 @@ The following XML file contains the device description framework (DDF) for the e
<AccessType>
<Get />
</AccessType>
<Description>Represents default SM-DP+ discovery requests.</Description>
<Description>Represents servers used for bulk provisioning and eSIM discovery.</Description>
<DFFormat>
<node />
</DFFormat>
@ -199,7 +199,7 @@ The following XML file contains the device description framework (DDF) for the e
<Get />
<Replace />
</AccessType>
<Description>Node representing the discovery operation for a server name. The node name is the fully qualified domain name of the SM-DP+ server that will be used for profile discovery. Creation of this subtree triggers a discovery request.</Description>
<Description>Node representing a bulk download/discovery server. The node name is the fully qualified domain name of the server that will be used. Creation of this subtree triggers a discovery request.</Description>
<DFFormat>
<node />
</DFFormat>
@ -224,7 +224,7 @@ The following XML file contains the device description framework (DDF) for the e
<Get />
</AccessType>
<DefaultValue>1</DefaultValue>
<Description>Current state of the discovery operation for the parent ServerName (Requested = 1, Executing = 2, Completed = 3, Failed = 4). Queried by the CSP and only updated by the LPA.</Description>
<Description>Current state of the discovery operation for this server (Requested = 1, Executing = 2, Completed = 3, Failed = 4).</Description>
<DFFormat>
<int />
</DFFormat>
@ -281,7 +281,7 @@ The following XML file contains the device description framework (DDF) for the e
<Replace />
</AccessType>
<DefaultValue>false</DefaultValue>
<Description>Indicates whether the server is a discovery server. Optional, default value is false.</Description>
<Description>Indicates whether the server is a discovery server or if it is used for bulk download. A discovery server is used every time a user requests a profile discovery operation. Optional, default value is false.</Description>
<DFFormat>
<bool />
</DFFormat>
@ -318,7 +318,7 @@ The following XML file contains the device description framework (DDF) for the e
<AccessType>
<Get />
</AccessType>
<Description>Represents all enterprise-owned profiles.</Description>
<Description>Represents all enterprise-owned eSIM profiles.</Description>
<DFFormat>
<node />
</DFFormat>
@ -342,7 +342,7 @@ The following XML file contains the device description framework (DDF) for the e
<Get />
<Replace />
</AccessType>
<Description>Node representing an enterprise-owned eUICC profile. The node name is the ICCID of the profile (which is a unique identifier). Creation of this subtree triggers an AddProfile request by the LPA (which installs the profile on the eUICC). Removal of this subtree triggers the LPA to delete the profile (if resident on the eUICC).</Description>
<Description>Node representing an enterprise-owned eSIM profile. The node name is the ICCID of the profile (which is a unique identifier). Creation of this subtree triggers an AddProfile request by the LPA (which installs the profile on the eUICC). Removal of this subtree triggers the LPA to delete the profile (if resident on the eUICC).</Description>
<DFFormat>
<node />
</DFFormat>
@ -368,7 +368,7 @@ The following XML file contains the device description framework (DDF) for the e
<Get />
<Replace />
</AccessType>
<Description>Fully qualified domain name of the SM-DP+ that can download this profile. Must be set by the MDM when the ICCID subtree is created.</Description>
<Description>Fully qualified domain name of the server that can download this eSIM profile. Must be set by the MDM when the ICCID subtree is created.</Description>
<DFFormat>
<chr />
</DFFormat>
@ -396,7 +396,7 @@ The following XML file contains the device description framework (DDF) for the e
<Get />
<Replace />
</AccessType>
<Description>Matching ID (activation code token) for profile download. Must be set by the MDM when the ICCID subtree is created.</Description>
<Description>Matching ID (activation code token) for eSIM profile download. Must be set by the MDM when the ICCID subtree is created.</Description>
<DFFormat>
<chr />
</DFFormat>
@ -424,7 +424,7 @@ The following XML file contains the device description framework (DDF) for the e
<Get />
</AccessType>
<DefaultValue>1</DefaultValue>
<Description>Current state of the profile (Installing = 1, Installed = 2, Deleting = 3, Error = 4). Queried by the CSP and only updated by the LPA.</Description>
<Description>Current state of the eSIM profile (Installing = 1, Installed = 2, Deleting = 3, Error = 4).</Description>
<DFFormat>
<int />
</DFFormat>
@ -447,7 +447,7 @@ The following XML file contains the device description framework (DDF) for the e
<Get />
<Replace />
</AccessType>
<Description>Indicates whether this profile is enabled. Can be set by the MDM when the ICCID subtree is created. Can also be queried and updated by the CSP.</Description>
<Description>Indicates whether this eSIM profile is enabled. Can be set by both the MDM and the CSP.</Description>
<DFFormat>
<bool />
</DFFormat>
@ -482,7 +482,7 @@ The following XML file contains the device description framework (DDF) for the e
<AccessType>
<Get />
</AccessType>
<Description>This profile policy rule indicates whether disabling of this profile is not allowed (true if not allowed, false otherwise).</Description>
<Description>Profile Policy Rule 1 (PPR1) indicates whether disabling of this profile is not allowed (true if not allowed, false otherwise).</Description>
<DFFormat>
<bool />
</DFFormat>
@ -503,7 +503,7 @@ The following XML file contains the device description framework (DDF) for the e
<AccessType>
<Get />
</AccessType>
<Description>This profile policy rule indicates whether deletion of this profile is not allowed (true if not allowed, false otherwise).</Description>
<Description>Profile Policy Rule 2 (PPR2) indicates whether deletion of this profile is not allowed (true if not allowed, false otherwise).</Description>
<DFFormat>
<bool />
</DFFormat>
@ -570,7 +570,7 @@ The following XML file contains the device description framework (DDF) for the e
<Replace />
</AccessType>
<DefaultValue>true</DefaultValue>
<Description>Determines whether the local user interface of the LUI is available (true if available, false otherwise). Initially populated by the LPA when the eUICC tree is created, can be queried and changed by the MDM server.</Description>
<Description>Determines whether or not the user can make changes to the eSIM through the user interface.</Description>
<DFFormat>
<bool />
</DFFormat>
@ -602,7 +602,7 @@ The following XML file contains the device description framework (DDF) for the e
<AccessType>
<Get />
</AccessType>
<Description>Actions that can be performed on the eUICC as a whole (when it is active).</Description>
<Description>Actions that can be performed on the eUICC as a whole.</Description>
<DFFormat>
<node />
</DFFormat>
@ -622,7 +622,7 @@ The following XML file contains the device description framework (DDF) for the e
<AccessType>
<Exec />
</AccessType>
<Description>An EXECUTE on this node triggers the LPA to perform an eUICC Memory Reset.</Description>
<Description>This triggers an eUICC Memory Reset, which erases all the eSIM profiles in the eUICC.</Description>
<DFFormat>
<chr />
</DFFormat>

7
windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
View File

@ -4,7 +4,7 @@ description: Learn about the ADMX-backed policies in Policy CSP.
author: vinaypamnani-msft
manager: aaroncz
ms.author: vinpa
ms.date: 08/07/2023
ms.date: 08/29/2023
ms.localizationpriority: medium
ms.prod: windows-client
ms.technology: itpro-manage
@ -2182,6 +2182,11 @@ This article lists the ADMX-backed policies in Policy CSP.
- [TurnOffDataExecutionPreventionForExplorer](policy-csp-fileexplorer.md)
- [TurnOffHeapTerminationOnCorruption](policy-csp-fileexplorer.md)
## FileSystem
- [EnableDevDrive](policy-csp-filesystem.md)
- [DevDriveAttachPolicy](policy-csp-filesystem.md)
## InternetExplorer
- [AddSearchProvider](policy-csp-internetexplorer.md)

7
windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md
View File

@ -4,7 +4,7 @@ description: Learn about the policies in Policy CSP supported by Group Policy.
author: vinaypamnani-msft
manager: aaroncz
ms.author: vinpa
ms.date: 08/10/2023
ms.date: 08/29/2023
ms.localizationpriority: medium
ms.prod: windows-client
ms.technology: itpro-manage
@ -634,6 +634,7 @@ This article lists the policies in Policy CSP that have a group policy mapping.
- [HideRecommendedSection](policy-csp-start.md)
- [HideRecommendedPersonalizedSites](policy-csp-start.md)
- [HideTaskViewButton](policy-csp-start.md)
- [HideCopilotButton](policy-csp-start.md)
- [DisableControlCenter](policy-csp-start.md)
- [SimplifyQuickSettings](policy-csp-start.md)
- [DisableEditingQuickSettings](policy-csp-start.md)
@ -836,6 +837,10 @@ This article lists the policies in Policy CSP that have a group policy mapping.
- [AllowAutoConnectToWiFiSenseHotspots](policy-csp-wifi.md)
- [AllowInternetSharing](policy-csp-wifi.md)
## WindowsAI
- [TurnOffWindowsCopilot](policy-csp-windowsai.md)
## WindowsDefenderSecurityCenter
- [CompanyName](policy-csp-windowsdefendersecuritycenter.md)

3
windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md
View File

@ -4,7 +4,7 @@ description: Learn about the policies in Policy CSP supported by Windows 10 Team
author: vinaypamnani-msft
manager: aaroncz
ms.author: vinpa
ms.date: 08/10/2023
ms.date: 08/29/2023
ms.localizationpriority: medium
ms.prod: windows-client
ms.technology: itpro-manage
@ -263,6 +263,7 @@ This article lists the policies in Policy CSP that are applicable for the Surfac
## Start
- [HideCopilotButton](policy-csp-start.md#hidecopilotbutton)
- [HideRecommendedPersonalizedSites](policy-csp-start.md#hiderecommendedpersonalizedsites)
- [StartLayout](policy-csp-start.md#startlayout)

4
windows/client-management/mdm/policy-configuration-service-provider.md
View File

@ -4,7 +4,7 @@ description: Learn more about the Policy CSP.
author: vinaypamnani-msft
manager: aaroncz
ms.author: vinpa
ms.date: 08/10/2023
ms.date: 08/29/2023
ms.localizationpriority: medium
ms.prod: windows-client
ms.technology: itpro-manage
@ -1118,6 +1118,7 @@ Specifies the name/value pair used in the policy. See the individual Area DDFs f
- [ExploitGuard](policy-csp-exploitguard.md)
- [FederatedAuthentication](policy-csp-federatedauthentication.md)
- [FileExplorer](policy-csp-fileexplorer.md)
- [FileSystem](policy-csp-filesystem.md)
- [Games](policy-csp-games.md)
- [Handwriting](policy-csp-handwriting.md)
- [HumanPresence](policy-csp-humanpresence.md)
@ -1175,6 +1176,7 @@ Specifies the name/value pair used in the policy. See the individual Area DDFs f
- [VirtualizationBasedTechnology](policy-csp-virtualizationbasedtechnology.md)
- [WebThreatDefense](policy-csp-webthreatdefense.md)
- [Wifi](policy-csp-wifi.md)
- [WindowsAI](policy-csp-windowsai.md)
- [WindowsAutopilot](policy-csp-windowsautopilot.md)
- [WindowsConnectionManager](policy-csp-windowsconnectionmanager.md)
- [WindowsDefenderSecurityCenter](policy-csp-windowsdefendersecuritycenter.md)

15
windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
View File

@ -4,7 +4,7 @@ description: Learn more about the ADMX_MicrosoftDefenderAntivirus Area in Policy
author: vinaypamnani-msft
manager: aaroncz
ms.author: vinpa
ms.date: 08/10/2023
ms.date: 08/30/2023
ms.localizationpriority: medium
ms.prod: windows-client
ms.technology: itpro-manage
@ -3239,7 +3239,12 @@ This policy setting allows you to configure heuristics. Suspicious detections wi
<!-- Scan_DisablePackedExeScanning-OmaUri-End -->
<!-- Scan_DisablePackedExeScanning-Description-Begin -->
<!-- Description-Source-Not-Found -->
<!-- Description-Source-ADMX -->
This policy setting allows you to configure scanning for packed executables. It's recommended that this type of scanning remain enabled.
- If you enable or don't configure this setting, packed executables will be scanned.
- If you disable this setting, packed executables won't be scanned.
<!-- Scan_DisablePackedExeScanning-Description-End -->
<!-- Scan_DisablePackedExeScanning-Editable-Begin -->
@ -3256,7 +3261,6 @@ This policy setting allows you to configure heuristics. Suspicious detections wi
<!-- Scan_DisablePackedExeScanning-DFProperties-End -->
<!-- Scan_DisablePackedExeScanning-AdmxBacked-Begin -->
<!-- ADMX-Not-Found -->
[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
**ADMX mapping**:
@ -3264,6 +3268,11 @@ This policy setting allows you to configure heuristics. Suspicious detections wi
| Name | Value |
|:--|:--|
| Name | Scan_DisablePackedExeScanning |
| Friendly Name | Scan packed executables |
| Location | Computer Configuration |
| Path | Windows Components > Microsoft Defender Antivirus > Scan |
| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Scan |
| Registry Value Name | DisablePackedExeScanning |
| ADMX File Name | WindowsDefender.admx |
<!-- Scan_DisablePackedExeScanning-AdmxBacked-End -->

5
windows/client-management/mdm/policy-csp-admx-terminalserver.md
View File

@ -4,7 +4,7 @@ description: Learn more about the ADMX_TerminalServer Area in Policy CSP.
author: vinaypamnani-msft
manager: aaroncz
ms.author: vinpa
ms.date: 08/10/2023
ms.date: 08/30/2023
ms.localizationpriority: medium
ms.prod: windows-client
ms.technology: itpro-manage
@ -2457,6 +2457,9 @@ Per Device licensing mode requires that each device connecting to this RD Sessio
- If you enable this policy setting, the Remote Desktop licensing mode that you specify is honored by the Remote Desktop license server and RD Session Host.
- If you disable or don't configure this policy setting, the licensing mode isn't specified at the Group Policy level.
> [!NOTE]
> AAD Per User mode is deprecated on Windows 11 and above.
<!-- TS_LICENSING_MODE-Description-End -->
<!-- TS_LICENSING_MODE-Editable-Begin -->

6
windows/client-management/mdm/policy-csp-cryptography.md
View File

@ -4,7 +4,7 @@ description: Learn more about the Cryptography Area in Policy CSP.
author: vinaypamnani-msft
manager: aaroncz
ms.author: vinpa
ms.date: 08/10/2023
ms.date: 08/29/2023
ms.localizationpriority: medium
ms.prod: windows-client
ms.technology: itpro-manage
@ -228,7 +228,6 @@ Override minimal enabled TLS version for client role. Last write wins.
|:--|:--|
| Format | `chr` (string) |
| Access Type | Add, Delete, Get, Replace |
| Default Value | 1.0 |
<!-- OverrideMinimumEnabledDTLSVersionClient-DFProperties-End -->
<!-- OverrideMinimumEnabledDTLSVersionClient-Examples-Begin -->
@ -268,7 +267,6 @@ Override minimal enabled TLS version for server role. Last write wins.
|:--|:--|
| Format | `chr` (string) |
| Access Type | Add, Delete, Get, Replace |
| Default Value | 1.0 |
<!-- OverrideMinimumEnabledDTLSVersionServer-DFProperties-End -->
<!-- OverrideMinimumEnabledDTLSVersionServer-Examples-Begin -->
@ -308,7 +306,6 @@ Override minimal enabled TLS version for client role. Last write wins.
|:--|:--|
| Format | `chr` (string) |
| Access Type | Add, Delete, Get, Replace |
| Default Value | 1.0 |
<!-- OverrideMinimumEnabledTLSVersionClient-DFProperties-End -->
<!-- OverrideMinimumEnabledTLSVersionClient-Examples-Begin -->
@ -348,7 +345,6 @@ Override minimal enabled TLS version for server role. Last write wins.
|:--|:--|
| Format | `chr` (string) |
| Access Type | Add, Delete, Get, Replace |
| Default Value | 1.0 |
<!-- OverrideMinimumEnabledTLSVersionServer-DFProperties-End -->
<!-- OverrideMinimumEnabledTLSVersionServer-Examples-Begin -->

10
windows/client-management/mdm/policy-csp-fileexplorer.md
View File

@ -4,7 +4,7 @@ description: Learn more about the FileExplorer Area in Policy CSP.
author: vinaypamnani-msft
manager: aaroncz
ms.author: vinpa
ms.date: 08/10/2023
ms.date: 08/30/2023
ms.localizationpriority: medium
ms.prod: windows-client
ms.technology: itpro-manage
@ -145,7 +145,7 @@ When This PC location is restricted, give the user the option to enumerate and n
<!-- DisableGraphRecentItems-Description-Begin -->
<!-- Description-Source-ADMX -->
Turning off files from Office.com will prevent File Explorer from requesting recent cloud file metadata and displaying it in the Quick access view.
Turning off this setting will prevent File Explorer from requesting cloud file metadata and displaying it in the homepage and other views in File Explorer. Any insights and files available based on account activity will be stopped in views such as Recent, Recommended, Favorites, etc.
<!-- DisableGraphRecentItems-Description-End -->
<!-- DisableGraphRecentItems-Editable-Begin -->
@ -167,8 +167,8 @@ Turning off files from Office.com will prevent File Explorer from requesting rec
| Value | Description |
|:--|:--|
| 0 (Default) | File Explorer will request cloud file metadata and display it in the Quick access view. |
| 1 | File Explorer won't request cloud file metadata or display it in the Quick access view. |
| 0 (Default) | File Explorer will request cloud file metadata and display it in the homepage and other views. |
| 1 | File Explorer won't request cloud file metadata or display it in the homepage or other views. |
<!-- DisableGraphRecentItems-AllowedValues-End -->
<!-- DisableGraphRecentItems-GpMapping-Begin -->
@ -177,7 +177,7 @@ Turning off files from Office.com will prevent File Explorer from requesting rec
| Name | Value |
|:--|:--|
| Name | DisableGraphRecentItems |
| Friendly Name | Turn off files from Office.com in Quick access view |
| Friendly Name | Turn off account-based insights, recent, favorite, and recommended files in File Explorer |
| Location | Computer Configuration |
| Path | WindowsComponents > File Explorer |
| Registry Key Name | Software\Policies\Microsoft\Windows\Explorer |

152
windows/client-management/mdm/policy-csp-filesystem.md Normal file
View File

@ -0,0 +1,152 @@
---
title: FileSystem Policy CSP
description: Learn more about the FileSystem Area in Policy CSP.
author: vinaypamnani-msft
manager: aaroncz
ms.author: vinpa
ms.date: 08/30/2023
ms.localizationpriority: medium
ms.prod: windows-client
ms.technology: itpro-manage
ms.topic: reference
---
<!-- Auto-Generated CSP Document -->
<!-- FileSystem-Begin -->
# Policy CSP - FileSystem
[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)]
[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
<!-- FileSystem-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- FileSystem-Editable-End -->
<!-- DevDriveAttachPolicy-Begin -->
## DevDriveAttachPolicy
<!-- DevDriveAttachPolicy-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
<!-- DevDriveAttachPolicy-Applicability-End -->
<!-- DevDriveAttachPolicy-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/Policy/Config/FileSystem/DevDriveAttachPolicy
```
<!-- DevDriveAttachPolicy-OmaUri-End -->
<!-- DevDriveAttachPolicy-Description-Begin -->
<!-- Description-Source-ADMX -->
Dev drive is a drive optimized for performance considering developer scenarios and by default no file system filters are attached to it. Filters listed in this setting will be allowed to attach even on a dev drive.
A reboot is required for this setting to take effect.
<!-- DevDriveAttachPolicy-Description-End -->
<!-- DevDriveAttachPolicy-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- DevDriveAttachPolicy-Editable-End -->
<!-- DevDriveAttachPolicy-DFProperties-Begin -->
**Description framework properties**:
| Property name | Property value |
|:--|:--|
| Format | `chr` (string) |
| Access Type | Add, Delete, Get, Replace |
<!-- DevDriveAttachPolicy-DFProperties-End -->
<!-- DevDriveAttachPolicy-AdmxBacked-Begin -->
[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
**ADMX mapping**:
| Name | Value |
|:--|:--|
| Name | DevDriveAttachPolicy |
| Friendly Name | Dev drive filter attach policy |
| Location | Computer Configuration |
| Path | System > Filesystem |
| Registry Key Name | System\CurrentControlSet\Policies |
| ADMX File Name | filtermanager.admx |
<!-- DevDriveAttachPolicy-AdmxBacked-End -->
<!-- DevDriveAttachPolicy-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- DevDriveAttachPolicy-Examples-End -->
<!-- DevDriveAttachPolicy-End -->
<!-- EnableDevDrive-Begin -->
## EnableDevDrive
<!-- EnableDevDrive-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
<!-- EnableDevDrive-Applicability-End -->
<!-- EnableDevDrive-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/Policy/Config/FileSystem/EnableDevDrive
```
<!-- EnableDevDrive-OmaUri-End -->
<!-- EnableDevDrive-Description-Begin -->
<!-- Description-Source-ADMX -->
Dev drive or developer volume is a volume optimized for performance of developer scenarios. A developer volume allows an administrator to choose file system filters that are attached on the volume.
Disabling this setting will disallow creation of new developer volumes, existing developer volumes will mount as regular volumes.
If this setting isn't configured the default policy is to enable developer volumes while allowing antivirus filter to attach on a deveveloper volume. Further, if not configured, a local administrator can choose to not have antivirus filter attached to a developer volume.
A reboot is required for this setting to take effect.
<!-- EnableDevDrive-Description-End -->
<!-- EnableDevDrive-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- EnableDevDrive-Editable-End -->
<!-- EnableDevDrive-DFProperties-Begin -->
**Description framework properties**:
| Property name | Property value |
|:--|:--|
| Format | `chr` (string) |
| Access Type | Add, Delete, Get, Replace |
<!-- EnableDevDrive-DFProperties-End -->
<!-- EnableDevDrive-AdmxBacked-Begin -->
[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
**ADMX mapping**:
| Name | Value |
|:--|:--|
| Name | EnableDevDrive |
| Friendly Name | Enable dev drive |
| Location | Computer Configuration |
| Path | System > Filesystem |
| Registry Key Name | System\CurrentControlSet\Policies |
| Registry Value Name | FsEnableDevDrive |
| ADMX File Name | refs.admx |
<!-- EnableDevDrive-AdmxBacked-End -->
<!-- EnableDevDrive-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- EnableDevDrive-Examples-End -->
<!-- EnableDevDrive-End -->
<!-- FileSystem-CspMoreInfo-Begin -->
<!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
<!-- FileSystem-CspMoreInfo-End -->
<!-- FileSystem-End -->
## Related articles
[Policy configuration service provider](policy-configuration-service-provider.md)

42
windows/client-management/mdm/policy-csp-humanpresence.md
View File

@ -4,7 +4,7 @@ description: Learn more about the HumanPresence Area in Policy CSP.
author: vinaypamnani-msft
manager: aaroncz
ms.author: vinpa
ms.date: 08/10/2023
ms.date: 08/30/2023
ms.localizationpriority: medium
ms.prod: windows-client
ms.technology: itpro-manage
@ -38,8 +38,8 @@ ms.topic: reference
<!-- ForceAllowDimWhenExternalDisplayConnected-OmaUri-End -->
<!-- ForceAllowDimWhenExternalDisplayConnected-Description-Begin -->
<!-- Description-Source-DDF -->
Determines whether Allow Adaptive Dimming When External Display Connected checkbox is forced checked/unchecked by the MDM policy. The user won't be able to change this setting and the checkbox in the UI will be greyed out.
<!-- Description-Source-ADMX -->
Determines whether Allow Adaptive Dimming When Battery Saver On checkbox is forced checked/unchecked by the MDM policy. The user won't be able to change this setting and the checkbox in the UI will be greyed out.
<!-- ForceAllowDimWhenExternalDisplayConnected-Description-End -->
<!-- ForceAllowDimWhenExternalDisplayConnected-Editable-Begin -->
@ -72,7 +72,12 @@ Determines whether Allow Adaptive Dimming When External Display Connected checkb
| Name | Value |
|:--|:--|
| Name | ForceAllowDimWhenExternalDisplayConnected |
| Path | Sensors > AT > WindowsComponents > HumanPresence |
| Friendly Name | Force Allow Dim When External Display Connected |
| Location | Computer Configuration |
| Path | Windows Components > Human Presence |
| Registry Key Name | Software\Policies\Microsoft\HumanPresence |
| Registry Value Name | ForceAllowDimWhenExternalDisplayConnected |
| ADMX File Name | Sensors.admx |
<!-- ForceAllowDimWhenExternalDisplayConnected-GpMapping-End -->
<!-- ForceAllowDimWhenExternalDisplayConnected-Examples-Begin -->
@ -97,8 +102,8 @@ Determines whether Allow Adaptive Dimming When External Display Connected checkb
<!-- ForceAllowLockWhenExternalDisplayConnected-OmaUri-End -->
<!-- ForceAllowLockWhenExternalDisplayConnected-Description-Begin -->
<!-- Description-Source-DDF -->
Determines whether Allow Lock on Leave When External Display Connected checkbox is forced checked/unchecked by the MDM policy. The user won't be able to change this setting and the checkbox in the UI will be greyed out.
<!-- Description-Source-ADMX -->
Determines whether Allow Lock on Leave When Battery Saver On checkbox is forced checked/unchecked by the MDM policy. The user won't be able to change this setting and the checkbox in the UI will be greyed out.
<!-- ForceAllowLockWhenExternalDisplayConnected-Description-End -->
<!-- ForceAllowLockWhenExternalDisplayConnected-Editable-Begin -->
@ -131,7 +136,12 @@ Determines whether Allow Lock on Leave When External Display Connected checkbox
| Name | Value |
|:--|:--|
| Name | ForceAllowLockWhenExternalDisplayConnected |
| Path | Sensors > AT > WindowsComponents > HumanPresence |
| Friendly Name | Force Allow Lock When External Display Connected |
| Location | Computer Configuration |
| Path | Windows Components > Human Presence |
| Registry Key Name | Software\Policies\Microsoft\HumanPresence |
| Registry Value Name | ForceAllowLockWhenExternalDisplayConnected |
| ADMX File Name | Sensors.admx |
<!-- ForceAllowLockWhenExternalDisplayConnected-GpMapping-End -->
<!-- ForceAllowLockWhenExternalDisplayConnected-Examples-Begin -->
@ -156,7 +166,7 @@ Determines whether Allow Lock on Leave When External Display Connected checkbox
<!-- ForceAllowWakeWhenExternalDisplayConnected-OmaUri-End -->
<!-- ForceAllowWakeWhenExternalDisplayConnected-Description-Begin -->
<!-- Description-Source-DDF -->
<!-- Description-Source-ADMX -->
Determines whether Allow Wake on Approach When External Display Connected checkbox is forced checked/unchecked by the MDM policy. The user won't be able to change this setting and the checkbox in the UI will be greyed out.
<!-- ForceAllowWakeWhenExternalDisplayConnected-Description-End -->
@ -190,7 +200,12 @@ Determines whether Allow Wake on Approach When External Display Connected checkb
| Name | Value |
|:--|:--|
| Name | ForceAllowWakeWhenExternalDisplayConnected |
| Path | Sensors > AT > WindowsComponents > HumanPresence |
| Friendly Name | Force Allow Wake When External Display Connected |
| Location | Computer Configuration |
| Path | Windows Components > Human Presence |
| Registry Key Name | Software\Policies\Microsoft\HumanPresence |
| Registry Value Name | ForceAllowWakeWhenExternalDisplayConnected |
| ADMX File Name | Sensors.admx |
<!-- ForceAllowWakeWhenExternalDisplayConnected-GpMapping-End -->
<!-- ForceAllowWakeWhenExternalDisplayConnected-Examples-Begin -->
@ -215,7 +230,7 @@ Determines whether Allow Wake on Approach When External Display Connected checkb
<!-- ForceDisableWakeWhenBatterySaverOn-OmaUri-End -->
<!-- ForceDisableWakeWhenBatterySaverOn-Description-Begin -->
<!-- Description-Source-DDF -->
<!-- Description-Source-ADMX -->
Determines whether Disable Wake on Approach When Battery Saver On checkbox is forced checked/unchecked by the MDM policy. The user won't be able to change this setting and the checkbox in the UI will be greyed out.
<!-- ForceDisableWakeWhenBatterySaverOn-Description-End -->
@ -249,7 +264,12 @@ Determines whether Disable Wake on Approach When Battery Saver On checkbox is fo
| Name | Value |
|:--|:--|
| Name | ForceDisableWakeWhenBatterySaverOn |
| Path | Sensors > AT > WindowsComponents > HumanPresence |
| Friendly Name | Force Disable Wake When Battery Saver On |
| Location | Computer Configuration |
| Path | Windows Components > Human Presence |
| Registry Key Name | Software\Policies\Microsoft\HumanPresence |
| Registry Value Name | ForceDisableWakeWhenBatterySaverOn |
| ADMX File Name | Sensors.admx |
<!-- ForceDisableWakeWhenBatterySaverOn-GpMapping-End -->
<!-- ForceDisableWakeWhenBatterySaverOn-Examples-Begin -->

106
windows/client-management/mdm/policy-csp-mixedreality.md
View File

@ -4,7 +4,7 @@ description: Learn more about the MixedReality Area in Policy CSP.
author: vinaypamnani-msft
manager: aaroncz
ms.author: vinpa
ms.date: 08/10/2023
ms.date: 08/29/2023
ms.localizationpriority: medium
ms.prod: windows-client
ms.technology: itpro-manage
@ -490,6 +490,110 @@ The following XML string is an example of the value for this policy:
<!-- ConfigureNtpClient-End -->
<!-- ConfigureSharedAccount-Begin -->
## ConfigureSharedAccount
<!-- ConfigureSharedAccount-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE <br> ❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
<!-- ConfigureSharedAccount-Applicability-End -->
<!-- ConfigureSharedAccount-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/Policy/Config/MixedReality/ConfigureSharedAccount
```
<!-- ConfigureSharedAccount-OmaUri-End -->
<!-- ConfigureSharedAccount-Description-Begin -->
<!-- Description-Source-DDF -->
This policy specifies the configuration for Shared Accounts on the device. Shared Accounts are AAD accounts that are deployed to the device by an IT admin and can be used by anyone with physical access to the device. These accounts excel in deployments where the HoloLens device is used like a tool shared between multiple people and it doesn't matter which account is used to access AAD resources. Because these accounts can be signed in without requiring the user to provide credentials, you should ensure that these devices are physically secure, with access granted only to authorized personnel. You should also lock down these accounts to only have access to the required resources.
<!-- ConfigureSharedAccount-Description-End -->
<!-- ConfigureSharedAccount-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- ConfigureSharedAccount-Editable-End -->
<!-- ConfigureSharedAccount-DFProperties-Begin -->
**Description framework properties**:
| Property name | Property value |
|:--|:--|
| Format | `chr` (string) |
| Access Type | Add, Delete, Get, Replace |
<!-- ConfigureSharedAccount-DFProperties-End -->
<!-- ConfigureSharedAccount-AllowedValues-Begin -->
**Allowed values**:
<br>
<details>
<summary>Expand to see schema XML</summary>
```xml
<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<xsd:element name="SharedAccountConfiguration">
<xsd:complexType mixed="true">
<xsd:sequence>
<xsd:element minOccurs="1" maxOccurs="1" name="SharedAccount">
<xsd:complexType>
<xsd:sequence>
<xsd:choice>
<xsd:element name="IssuerThumbprint">
<xsd:simpleType>
<xsd:restriction base="xsd:string">
<xsd:maxLength value="40" />
</xsd:restriction>
</xsd:simpleType>
</xsd:element>
<xsd:element name="IssuerName">
<xsd:simpleType>
<xsd:restriction base="xsd:string">
<xsd:maxLength value="512" />
</xsd:restriction>
</xsd:simpleType>
</xsd:element>
</xsd:choice>
<xsd:element minOccurs="0" maxOccurs="1" name="EkuOidRequirements">
<xsd:complexType>
<xsd:sequence>
<xsd:element maxOccurs="5" name="Oid">
<xsd:simpleType>
<xsd:restriction base="xsd:string">
<xsd:maxLength value="100" />
</xsd:restriction>
</xsd:simpleType>
</xsd:element>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
<xsd:element minOccurs="0" maxOccurs="1" name="AutoLogon">
<xsd:complexType>
<xsd:simpleContent>
<xsd:extension base="xsd:string">
<xsd:attribute name="forced" type="xsd:boolean" />
</xsd:extension>
</xsd:simpleContent>
</xsd:complexType>
</xsd:element>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
</xsd:schema>
```
</details>
<!-- ConfigureSharedAccount-AllowedValues-End -->
<!-- ConfigureSharedAccount-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- ConfigureSharedAccount-Examples-End -->
<!-- ConfigureSharedAccount-End -->
<!-- DisallowNetworkConnectivityPassivePolling-Begin -->
## DisallowNetworkConnectivityPassivePolling

8
windows/client-management/mdm/policy-csp-multitasking.md
View File

@ -4,7 +4,7 @@ description: Learn more about the Multitasking Area in Policy CSP.
author: vinaypamnani-msft
manager: aaroncz
ms.author: vinpa
ms.date: 08/10/2023
ms.date: 08/30/2023
ms.localizationpriority: medium
ms.prod: windows-client
ms.technology: itpro-manage
@ -37,9 +37,9 @@ ms.topic: reference
<!-- BrowserAltTabBlowout-Description-Begin -->
<!-- Description-Source-ADMX -->
This setting controls the inclusion of Microsoft Edge tabs into Alt+Tab.
This setting controls the inclusion of app tabs into Alt+Tab.
This can be set to show all tabs, the most recent 3 or 5 tabs, or no tabs from Microsoft Edge.
This can be set to show the most recent 3, 5 or 20 tabs, or no tabs from apps.
If this is set to show "Open windows only", the whole feature will be disabled.
<!-- BrowserAltTabBlowout-Description-End -->
@ -82,7 +82,7 @@ This policy only applies to the Alt+Tab switcher. When the policy isn't enabled,
| Name | Value |
|:--|:--|
| Name | BrowserAltTabBlowout |
| Friendly Name | Configure the inclusion of Microsoft Edge tabs into Alt-Tab |
| Friendly Name | Configure the inclusion of app tabs into Alt-Tab |
| Element Name | Pressing Alt + Tab shows. |
| Location | User Configuration |
| Path | Windows Components > Multitasking |

36
windows/client-management/mdm/policy-csp-notifications.md
View File

@ -4,7 +4,7 @@ description: Learn more about the Notifications Area in Policy CSP.
author: vinaypamnani-msft
manager: aaroncz
ms.author: vinpa
ms.date: 08/10/2023
ms.date: 08/30/2023
ms.localizationpriority: medium
ms.prod: windows-client
ms.technology: itpro-manage
@ -38,8 +38,16 @@ ms.topic: reference
<!-- DisableAccountNotifications-OmaUri-End -->
<!-- DisableAccountNotifications-Description-Begin -->
<!-- Description-Source-DDF -->
This policy allows you to prevent Windows from displaying notifications to Microsoft account (MSA) and local users in Start (user tile). Notifications include getting users to: reauthenticate; backup their device; manage cloud storage quotas as well as manage their Microsoft 365 or XBOX subscription. If you enable this policy setting, Windows won't send account related notifications for local and MSA users to the user tile in Start.
<!-- Description-Source-ADMX -->
This policy allows you to prevent Windows from displaying notifications to Microsoft account (MSA) and local users in Start (user tile).
Notifications include getting users to: reauthenticate; backup their device; manage cloud storage quotas as well as manage their Microsoft 365 or XBOX subscription.
- If you enable this policy setting, Windows won't send account related notifications for local and MSA users to the user tile in Start.
- If you disable or don't configure this policy setting, Windows will send account related notifications for local and MSA users to the user tile in Start.
No reboots or service restarts are required for this policy setting to take effect.
<!-- DisableAccountNotifications-Description-End -->
<!-- DisableAccountNotifications-Editable-Begin -->
@ -71,7 +79,12 @@ This policy allows you to prevent Windows from displaying notifications to Micro
| Name | Value |
|:--|:--|
| Name | DisableAccountNotifications |
| Path | AccountNotifications > AT > WindowsComponents > AccountNotifications |
| Friendly Name | Turn off account notifications in Start |
| Location | User Configuration |
| Path | Windows Components > Account Notifications |
| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\AccountNotifications |
| Registry Value Name | DisableAccountNotifications |
| ADMX File Name | AccountNotifications.admx |
<!-- DisableAccountNotifications-GpMapping-End -->
<!-- DisableAccountNotifications-Examples-Begin -->
@ -318,12 +331,16 @@ No reboots or service restarts are required for this policy setting to take effe
<!-- EnableExpandedToastNotifications-OmaUri-End -->
<!-- EnableExpandedToastNotifications-Description-Begin -->
<!-- Description-Source-DDF -->
<!-- Description-Source-ADMX -->
This policy setting turns on multiple expanded toast notifications in action center.
- If you enable this policy setting, the first three notifications of each application will be expanded by default in action center.
- If you disable or don't configure this policy setting, only the first notification of each application will be expanded by default in action center. Windows 10 only. This will be immediately deprecated for Windows 11. No reboots or service restarts are required for this policy setting to take effect.
- If you disable or don't configure this policy setting, only the first notification of each application will be expanded by default in action center.
Windows 10 only. This will be immediately deprecated for Windows 11.
No reboots or service restarts are required for this policy setting to take effect.
<!-- EnableExpandedToastNotifications-Description-End -->
<!-- EnableExpandedToastNotifications-Editable-Begin -->
@ -355,7 +372,12 @@ This policy setting turns on multiple expanded toast notifications in action cen
| Name | Value |
|:--|:--|
| Name | ExpandedToastNotifications |
| Path | WPN > AT > StartMenu > NotificationsCategory |
| Friendly Name | Turn on multiple expanded toast notifications in action center |
| Location | User Configuration |
| Path | Start Menu and Taskbar > Notifications |
| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications |
| Registry Value Name | EnableExpandedToastNotifications |
| ADMX File Name | WPN.admx |
<!-- EnableExpandedToastNotifications-GpMapping-End -->
<!-- EnableExpandedToastNotifications-Examples-Begin -->

95
windows/client-management/mdm/policy-csp-privacy.md
View File

@ -4,7 +4,7 @@ description: Learn more about the Privacy Area in Policy CSP.
author: vinaypamnani-msft
manager: aaroncz
ms.author: vinpa
ms.date: 08/10/2023
ms.date: 08/30/2023
ms.localizationpriority: medium
ms.prod: windows-client
ms.technology: itpro-manage
@ -2946,8 +2946,20 @@ If an app is open when this Group Policy object is applied on a device, employee
<!-- LetAppsAccessHumanPresence-OmaUri-End -->
<!-- LetAppsAccessHumanPresence-Description-Begin -->
<!-- Description-Source-DDF -->
This policy setting specifies whether Windows apps can access the human presence sensor.
<!-- Description-Source-ADMX -->
This policy setting specifies whether Windows apps can access presence sensing.
You can specify either a default setting for all apps or a per-app setting by specifying a Package Family Name. You can get the Package Family Name for an app by using the Get-AppPackage Windows PowerShell cmdlet. A per-app setting overrides the default setting.
If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can access presence sensing by using Settings > Privacy on the device.
If you choose the "Force Allow" option, Windows apps are allowed to access presence sensing and employees in your organization can't change it.
If you choose the "Force Deny" option, Windows apps aren't allowed to access presence sensing and employees in your organization can't change it.
If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can access presence sensing by using Settings > Privacy on the device.
If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app.
<!-- LetAppsAccessHumanPresence-Description-End -->
<!-- LetAppsAccessHumanPresence-Editable-Begin -->
@ -2980,8 +2992,12 @@ This policy setting specifies whether Windows apps can access the human presence
| Name | Value |
|:--|:--|
| Name | LetAppsAccessHumanPresence |
| Path | AppPrivacy > AT > WindowsComponents > AppPrivacy |
| Element Name | LetAppsAccessHumanPresence_Enum |
| Friendly Name | Let Windows apps access presence sensing |
| Element Name | Default for all apps. |
| Location | Computer Configuration |
| Path | Windows Components > App Privacy |
| Registry Key Name | Software\Policies\Microsoft\Windows\AppPrivacy |
| ADMX File Name | AppPrivacy.admx |
<!-- LetAppsAccessHumanPresence-GpMapping-End -->
<!-- LetAppsAccessHumanPresence-Examples-Begin -->
@ -3006,8 +3022,20 @@ This policy setting specifies whether Windows apps can access the human presence
<!-- LetAppsAccessHumanPresence_ForceAllowTheseApps-OmaUri-End -->
<!-- LetAppsAccessHumanPresence_ForceAllowTheseApps-Description-Begin -->
<!-- Description-Source-DDF -->
List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to the human presence sensor. This setting overrides the default LetAppsAccessHumanPresence policy setting for the specified apps.
<!-- Description-Source-ADMX -->
This policy setting specifies whether Windows apps can access presence sensing.
You can specify either a default setting for all apps or a per-app setting by specifying a Package Family Name. You can get the Package Family Name for an app by using the Get-AppPackage Windows PowerShell cmdlet. A per-app setting overrides the default setting.
If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can access presence sensing by using Settings > Privacy on the device.
If you choose the "Force Allow" option, Windows apps are allowed to access presence sensing and employees in your organization can't change it.
If you choose the "Force Deny" option, Windows apps aren't allowed to access presence sensing and employees in your organization can't change it.
If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can access presence sensing by using Settings > Privacy on the device.
If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app.
<!-- LetAppsAccessHumanPresence_ForceAllowTheseApps-Description-End -->
<!-- LetAppsAccessHumanPresence_ForceAllowTheseApps-Editable-Begin -->
@ -3030,8 +3058,11 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. Liste
| Name | Value |
|:--|:--|
| Name | LetAppsAccessHumanPresence |
| Path | AppPrivacy > AT > WindowsComponents > AppPrivacy |
| Element Name | LetAppsAccessHumanPresence_ForceAllowTheseApps_List |
| Friendly Name | Let Windows apps access presence sensing |
| Location | Computer Configuration |
| Path | Windows Components > App Privacy |
| Registry Key Name | Software\Policies\Microsoft\Windows\AppPrivacy |
| ADMX File Name | AppPrivacy.admx |
<!-- LetAppsAccessHumanPresence_ForceAllowTheseApps-GpMapping-End -->
<!-- LetAppsAccessHumanPresence_ForceAllowTheseApps-Examples-Begin -->
@ -3056,8 +3087,20 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. Liste
<!-- LetAppsAccessHumanPresence_ForceDenyTheseApps-OmaUri-End -->
<!-- LetAppsAccessHumanPresence_ForceDenyTheseApps-Description-Begin -->
<!-- Description-Source-DDF -->
List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to the human presence sensor. This setting overrides the default LetAppsAccessHumanPresence policy setting for the specified apps.
<!-- Description-Source-ADMX -->
This policy setting specifies whether Windows apps can access presence sensing.
You can specify either a default setting for all apps or a per-app setting by specifying a Package Family Name. You can get the Package Family Name for an app by using the Get-AppPackage Windows PowerShell cmdlet. A per-app setting overrides the default setting.
If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can access presence sensing by using Settings > Privacy on the device.
If you choose the "Force Allow" option, Windows apps are allowed to access presence sensing and employees in your organization can't change it.
If you choose the "Force Deny" option, Windows apps aren't allowed to access presence sensing and employees in your organization can't change it.
If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can access presence sensing by using Settings > Privacy on the device.
If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app.
<!-- LetAppsAccessHumanPresence_ForceDenyTheseApps-Description-End -->
<!-- LetAppsAccessHumanPresence_ForceDenyTheseApps-Editable-Begin -->
@ -3080,8 +3123,11 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. Liste
| Name | Value |
|:--|:--|
| Name | LetAppsAccessHumanPresence |
| Path | AppPrivacy > AT > WindowsComponents > AppPrivacy |
| Element Name | LetAppsAccessHumanPresence_ForceDenyTheseApps_List |
| Friendly Name | Let Windows apps access presence sensing |
| Location | Computer Configuration |
| Path | Windows Components > App Privacy |
| Registry Key Name | Software\Policies\Microsoft\Windows\AppPrivacy |
| ADMX File Name | AppPrivacy.admx |
<!-- LetAppsAccessHumanPresence_ForceDenyTheseApps-GpMapping-End -->
<!-- LetAppsAccessHumanPresence_ForceDenyTheseApps-Examples-Begin -->
@ -3106,8 +3152,20 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. Liste
<!-- LetAppsAccessHumanPresence_UserInControlOfTheseApps-OmaUri-End -->
<!-- LetAppsAccessHumanPresence_UserInControlOfTheseApps-Description-Begin -->
<!-- Description-Source-DDF -->
List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the human presence privacy setting for the listed apps. This setting overrides the default LetAppsAccessHumanPresence policy setting for the specified apps.
<!-- Description-Source-ADMX -->
This policy setting specifies whether Windows apps can access presence sensing.
You can specify either a default setting for all apps or a per-app setting by specifying a Package Family Name. You can get the Package Family Name for an app by using the Get-AppPackage Windows PowerShell cmdlet. A per-app setting overrides the default setting.
If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can access presence sensing by using Settings > Privacy on the device.
If you choose the "Force Allow" option, Windows apps are allowed to access presence sensing and employees in your organization can't change it.
If you choose the "Force Deny" option, Windows apps aren't allowed to access presence sensing and employees in your organization can't change it.
If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can access presence sensing by using Settings > Privacy on the device.
If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app.
<!-- LetAppsAccessHumanPresence_UserInControlOfTheseApps-Description-End -->
<!-- LetAppsAccessHumanPresence_UserInControlOfTheseApps-Editable-Begin -->
@ -3130,8 +3188,11 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. The u
| Name | Value |
|:--|:--|
| Name | LetAppsAccessHumanPresence |
| Path | AppPrivacy > AT > WindowsComponents > AppPrivacy |
| Element Name | LetAppsAccessHumanPresence_UserInControlOfTheseApps_List |
| Friendly Name | Let Windows apps access presence sensing |
| Location | Computer Configuration |
| Path | Windows Components > App Privacy |
| Registry Key Name | Software\Policies\Microsoft\Windows\AppPrivacy |
| ADMX File Name | AppPrivacy.admx |
<!-- LetAppsAccessHumanPresence_UserInControlOfTheseApps-GpMapping-End -->
<!-- LetAppsAccessHumanPresence_UserInControlOfTheseApps-Examples-Begin -->

17
windows/client-management/mdm/policy-csp-settingssync.md
View File

@ -4,7 +4,7 @@ description: Learn more about the SettingsSync Area in Policy CSP.
author: vinaypamnani-msft
manager: aaroncz
ms.author: vinpa
ms.date: 08/10/2023
ms.date: 08/30/2023
ms.localizationpriority: medium
ms.prod: windows-client
ms.technology: itpro-manage
@ -101,7 +101,14 @@ If you don't set or disable this setting, syncing of the "accessibility" group i
<!-- DisableLanguageSettingSync-OmaUri-End -->
<!-- DisableLanguageSettingSync-Description-Begin -->
<!-- Description-Source-Not-Found -->
<!-- Description-Source-ADMX -->
Prevent the "language preferences" group from syncing to and from this PC. This turns off and disables the "languages preferences" group on the "Windows backup" settings page in PC settings.
If you enable this policy setting, the "language preferences", group won't be synced.
Use the option "Allow users to turn language preferences syncing on" so that syncing is turned off by default but not disabled.
If you don't set or disable this setting, syncing of the "language preferences" group is on by default and configurable by the user.
<!-- DisableLanguageSettingSync-Description-End -->
<!-- DisableLanguageSettingSync-Editable-Begin -->
@ -118,7 +125,6 @@ If you don't set or disable this setting, syncing of the "accessibility" group i
<!-- DisableLanguageSettingSync-DFProperties-End -->
<!-- DisableLanguageSettingSync-AdmxBacked-Begin -->
<!-- ADMX-Not-Found -->
[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
**ADMX mapping**:
@ -126,6 +132,11 @@ If you don't set or disable this setting, syncing of the "accessibility" group i
| Name | Value |
|:--|:--|
| Name | DisableLanguageSettingSync |
| Friendly Name | Do not sync language preferences settings |
| Location | Computer Configuration |
| Path | Windows Components > Sync your settings |
| Registry Key Name | Software\Policies\Microsoft\Windows\SettingSync |
| Registry Value Name | DisableLanguageSettingSync |
| ADMX File Name | SettingSync.admx |
<!-- DisableLanguageSettingSync-AdmxBacked-End -->

77
windows/client-management/mdm/policy-csp-start.md
View File

@ -4,7 +4,7 @@ description: Learn more about the Start Area in Policy CSP.
author: vinaypamnani-msft
manager: aaroncz
ms.author: vinpa
ms.date: 08/10/2023
ms.date: 08/30/2023
ms.localizationpriority: medium
ms.prod: windows-client
ms.technology: itpro-manage
@ -974,6 +974,68 @@ Enabling this policy hides "Change account settings" from appearing in the user
<!-- HideChangeAccountSettings-End -->
<!-- HideCopilotButton-Begin -->
## HideCopilotButton
<!-- HideCopilotButton-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | <!-- Not-Found --> |
<!-- HideCopilotButton-Applicability-End -->
<!-- HideCopilotButton-OmaUri-Begin -->
```User
./User/Vendor/MSFT/Policy/Config/Start/HideCopilotButton
```
```Device
./Device/Vendor/MSFT/Policy/Config/Start/HideCopilotButton
```
<!-- HideCopilotButton-OmaUri-End -->
<!-- HideCopilotButton-Description-Begin -->
<!-- Description-Source-DDF -->
This policy setting allows you to hide the Copilot button on the Taskbar. If you enable this policy setting, the Copilot button will be hidden and the Settings toggle will be disabled.
<!-- HideCopilotButton-Description-End -->
<!-- HideCopilotButton-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- HideCopilotButton-Editable-End -->
<!-- HideCopilotButton-DFProperties-Begin -->
**Description framework properties**:
| Property name | Property value |
|:--|:--|
| Format | `int` |
| Access Type | Add, Delete, Get, Replace |
| Default Value | 0 |
<!-- HideCopilotButton-DFProperties-End -->
<!-- HideCopilotButton-AllowedValues-Begin -->
**Allowed values**:
| Value | Description |
|:--|:--|
| 0 (Default) | Copilot button shown. |
| 1 | Copilot button hidden. |
<!-- HideCopilotButton-AllowedValues-End -->
<!-- HideCopilotButton-GpMapping-Begin -->
**Group policy mapping**:
| Name | Value |
|:--|:--|
| Name | HideCopilotButton |
| Path | Taskbar > AT > StartMenu |
<!-- HideCopilotButton-GpMapping-End -->
<!-- HideCopilotButton-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- HideCopilotButton-Examples-End -->
<!-- HideCopilotButton-End -->
<!-- HideFrequentlyUsedApps-Begin -->
## HideFrequentlyUsedApps
@ -1430,7 +1492,7 @@ To validate this policy, do the following steps:
<!-- HideRecommendedPersonalizedSites-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | <!-- Not-Found --> |
| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
<!-- HideRecommendedPersonalizedSites-Applicability-End -->
<!-- HideRecommendedPersonalizedSites-OmaUri-Begin -->
@ -1444,8 +1506,8 @@ To validate this policy, do the following steps:
<!-- HideRecommendedPersonalizedSites-OmaUri-End -->
<!-- HideRecommendedPersonalizedSites-Description-Begin -->
<!-- Description-Source-DDF -->
This policy setting allows you to hide the personalized websites in the recommended section of the Start Menu. If you enable this policy setting, the Start Menu will no longer show personalized website recommendations in the recommended section of the start menu.
<!-- Description-Source-ADMX -->
Remove Personalized Website Recommendations from the Recommended section in the Start Menu.
<!-- HideRecommendedPersonalizedSites-Description-End -->
<!-- HideRecommendedPersonalizedSites-Editable-Begin -->
@ -1477,7 +1539,12 @@ This policy setting allows you to hide the personalized websites in the recommen
| Name | Value |
|:--|:--|
| Name | HideRecommendedPersonalizedSites |
| Path | StartMenu > AT > StartMenu |
| Friendly Name | Remove Personalized Website Recommendations from the Recommended section in the Start Menu |
| Location | Computer and User Configuration |
| Path | Start Menu and Taskbar |
| Registry Key Name | Software\Policies\Microsoft\Windows\Explorer |
| Registry Value Name | HideRecommendedPersonalizedSites |
| ADMX File Name | StartMenu.admx |
<!-- HideRecommendedPersonalizedSites-GpMapping-End -->
<!-- HideRecommendedPersonalizedSites-Examples-Begin -->

12
windows/client-management/mdm/policy-csp-system.md
View File

@ -4,7 +4,7 @@ description: Learn more about the System Area in Policy CSP.
author: vinaypamnani-msft
manager: aaroncz
ms.author: vinpa
ms.date: 08/10/2023
ms.date: 08/30/2023
ms.localizationpriority: medium
ms.prod: windows-client
ms.technology: itpro-manage
@ -111,6 +111,8 @@ This policy is only supported up to Windows 10, Version 1703. Please use 'Manage
<!-- AllowCommercialDataPipeline-Description-Begin -->
<!-- Description-Source-ADMX -->
This policy is deprecated and will only work on Windows 10 version 1809. Setting this policy will have no effect for other supported versions of Windows.
AllowCommercialDataPipeline configures an Azure Active Directory joined device so that Microsoft is the processor of the Windows diagnostic data collected from the device, subject to the Product Terms at< https://go.microsoft.com/fwlink/?linkid=2185086>.
To enable this behavior:
@ -120,7 +122,7 @@ To enable this behavior:
Windows diagnostic data is collected when the Allow Telemetry policy setting is set to value 1 - Required or above. Configuring this setting doesn't change the Windows diagnostic data collection level set for the device.
If you disable or don't configure this setting, Microsoft will be the controller of the Windows diagnostic data collected from the device and processed in accordance with Microsoft's privacy statement at <https://go.microsoft.com/fwlink/?LinkId=521839> unless you have enabled policies like 'Allow Update Compliance Processing' or 'Allow Desktop Analytics Processing".
If you disable or don't configure this setting, Microsoft will be the controller of the Windows diagnostic data collected from the device and processed in accordance with Microsoft's privacy statement at <https://go.microsoft.com/fwlink/?LinkId=521839> unless you have enabled policies like 'Allow Update Compliance Processing' or 'Allow Desktop Analytics Processing'.
See the documentation at <https://go.microsoft.com/fwlink/?linkid=2011107> for information on this and other policies that will result in Microsoft being the processor of Windows diagnostic data.
<!-- AllowCommercialDataPipeline-Description-End -->
@ -189,6 +191,8 @@ See the documentation at <https://go.microsoft.com/fwlink/?linkid=2011107> for i
<!-- AllowDesktopAnalyticsProcessing-Description-Begin -->
<!-- Description-Source-ADMX -->
This policy is deprecated and will only work on Windows 10 version 1809. Setting this policy will have no effect for other supported versions of Windows.
This policy setting, in combination with the Allow Telemetry and Configure the Commercial ID, enables organizations to configure the device so that Microsoft is the processor for Windows diagnostic data collected from the device, subject to the Product Terms at< https://go.microsoft.com/fwlink/?linkid=2185086>.
To enable this behavior:
@ -751,6 +755,8 @@ If you disable or don't configure this policy setting, the device will send requ
<!-- AllowUpdateComplianceProcessing-Description-Begin -->
<!-- Description-Source-ADMX -->
This policy is deprecated and will only work on Windows 10 version 1809. Setting this policy will have no effect for other supported versions of Windows.
This policy setting, in combination with the Allow Telemetry and Configure the Commercial ID, enables organizations to configure the device so that Microsoft is the processor of the Windows diagnostic data collected from the device, subject to the Product Terms at< https://go.microsoft.com/fwlink/?linkid=2185086>.
To enable this behavior:
@ -876,6 +882,8 @@ Specifies whether to allow the user to factory reset the device by using control
<!-- AllowWUfBCloudProcessing-Description-Begin -->
<!-- Description-Source-ADMX -->
This policy is deprecated and will only work on Windows 10 version 1809. Setting this policy will have no effect for other supported versions of Windows.
This policy setting configures an Azure Active Directory joined device so that Microsoft is the processor of the Windows diagnostic data collected from the device, subject to the Product Terms at< https://go.microsoft.com/fwlink/?linkid=2185086>.
To enable this behavior:

19
windows/client-management/mdm/policy-csp-webthreatdefense.md
View File

@ -4,7 +4,7 @@ description: Learn more about the WebThreatDefense Area in Policy CSP.
author: vinaypamnani-msft
manager: aaroncz
ms.author: vinpa
ms.date: 08/10/2023
ms.date: 08/30/2023
ms.localizationpriority: medium
ms.prod: windows-client
ms.technology: itpro-manage
@ -40,8 +40,14 @@ ms.topic: reference
<!-- AutomaticDataCollection-OmaUri-End -->
<!-- AutomaticDataCollection-Description-Begin -->
<!-- Description-Source-DDF -->
Automatically collect website or app content when additional analysis is needed to help identify security threats.
<!-- Description-Source-ADMX -->
This policy setting determines whether Enhanced Phishing Protection can collect additional information-such as content displayed, sounds played, and application memory-when your users enter their work or school password into a suspicious website or app. This information is used only for security purposes and helps SmartScreen determine whether the website or app is malicious.
- If you enable this policy setting, Enhanced Phishing Protection may automatically collect additional content for security analysis from a suspicious website or app when your users enter their work or school password into that website or app.
- If you disable this policy setting, Enhanced Phishing Protection won't collect additional content for security analysis when your users enter their work or school password into a suspicious site or app.
- If this policy isn't set, Enhanced Phishing Protection automatic data collection will honor the end user's settings.
<!-- AutomaticDataCollection-Description-End -->
<!-- AutomaticDataCollection-Editable-Begin -->
@ -73,7 +79,12 @@ Automatically collect website or app content when additional analysis is needed
| Name | Value |
|:--|:--|
| Name | AutomaticDataCollection |
| Path | WebThreatDefense > AT > WindowsComponents > WebThreatDefense |
| Friendly Name | Automatic Data Collection |
| Location | Computer Configuration |
| Path | Windows Components > Windows Defender SmartScreen > Enhanced Phishing Protection |
| Registry Key Name | Software\Policies\Microsoft\Windows\WTDS\Components |
| Registry Value Name | CaptureThreatWindow |
| ADMX File Name | WebThreatDefense.admx |
<!-- AutomaticDataCollection-GpMapping-End -->
<!-- AutomaticDataCollection-Examples-Begin -->

100
windows/client-management/mdm/policy-csp-windowsai.md Normal file
View File

@ -0,0 +1,100 @@
---
title: WindowsAI Policy CSP
description: Learn more about the WindowsAI Area in Policy CSP.
author: vinaypamnani-msft
manager: aaroncz
ms.author: vinpa
ms.date: 08/30/2023
ms.localizationpriority: medium
ms.prod: windows-client
ms.technology: itpro-manage
ms.topic: reference
---
<!-- Auto-Generated CSP Document -->
<!-- WindowsAI-Begin -->
# Policy CSP - WindowsAI
[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
<!-- WindowsAI-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- WindowsAI-Editable-End -->
<!-- TurnOffWindowsCopilot-Begin -->
## TurnOffWindowsCopilot
<!-- TurnOffWindowsCopilot-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview [10.0.25929.1000] |
<!-- TurnOffWindowsCopilot-Applicability-End -->
<!-- TurnOffWindowsCopilot-OmaUri-Begin -->
```User
./User/Vendor/MSFT/Policy/Config/WindowsAI/TurnOffWindowsCopilot
```
<!-- TurnOffWindowsCopilot-OmaUri-End -->
<!-- TurnOffWindowsCopilot-Description-Begin -->
<!-- Description-Source-ADMX -->
This policy setting allows you to turn off Windows Copilot.
- If you enable this policy setting, users won't be able to use Copilot. The Copilot icon won't appear on the taskbar either.
- If you disable or don't configure this policy setting, users will be able to use Copilot when it's available to them.
<!-- TurnOffWindowsCopilot-Description-End -->
<!-- TurnOffWindowsCopilot-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- TurnOffWindowsCopilot-Editable-End -->
<!-- TurnOffWindowsCopilot-DFProperties-Begin -->
**Description framework properties**:
| Property name | Property value |
|:--|:--|
| Format | `int` |
| Access Type | Add, Delete, Get, Replace |
| Default Value | 0 |
<!-- TurnOffWindowsCopilot-DFProperties-End -->
<!-- TurnOffWindowsCopilot-AllowedValues-Begin -->
**Allowed values**:
| Value | Description |
|:--|:--|
| 0 (Default) | Enable Copilot. |
| 1 | Disable Copilot. |
<!-- TurnOffWindowsCopilot-AllowedValues-End -->
<!-- TurnOffWindowsCopilot-GpMapping-Begin -->
**Group policy mapping**:
| Name | Value |
|:--|:--|
| Name | TurnOffWindowsCopilot |
| Friendly Name | Turn off Windows Copilot |
| Location | User Configuration |
| Path | Windows Components > Windows Copilot |
| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\WindowsCopilot |
| Registry Value Name | TurnOffWindowsCopilot |
| ADMX File Name | WindowsCopilot.admx |
<!-- TurnOffWindowsCopilot-GpMapping-End -->
<!-- TurnOffWindowsCopilot-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- TurnOffWindowsCopilot-Examples-End -->
<!-- TurnOffWindowsCopilot-End -->
<!-- WindowsAI-CspMoreInfo-Begin -->
<!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
<!-- WindowsAI-CspMoreInfo-End -->
<!-- WindowsAI-End -->
## Related articles
[Policy configuration service provider](policy-configuration-service-provider.md)

4
windows/client-management/mdm/toc.yml
View File

@ -440,6 +440,8 @@ items:
href: policy-csp-feeds.md
- name: FileExplorer
href: policy-csp-fileexplorer.md
- name: FileSystem
href: policy-csp-filesystem.md
- name: Games
href: policy-csp-games.md
- name: Handwriting
@ -554,6 +556,8 @@ items:
href: policy-csp-webthreatdefense.md
- name: Wifi
href: policy-csp-wifi.md
- name: WindowsAI
href: policy-csp-windowsai.md
- name: WindowsAutopilot
href: policy-csp-windowsautopilot.md
- name: WindowsConnectionManager