diff --git a/windows/access-protection/hello-for-business/hello-identity-verification.md b/windows/access-protection/hello-for-business/hello-identity-verification.md index 0d4af34aa5..68f001e2f3 100644 --- a/windows/access-protection/hello-for-business/hello-identity-verification.md +++ b/windows/access-protection/hello-for-business/hello-identity-verification.md @@ -72,7 +72,7 @@ The table shows the minimum requirements for each deployment. ## Frequently Asked Questions ### What is the user experience for Windows Hello for Business? -The user experience for Windows Hello for Business occurs after user sign once you deploy Windows Hello for Business policy settings to your environment. +The user experience for Windows Hello for Business occurs after user sign-in, after you deploy Windows Hello for Business policy settings to your environment. > [!VIDEO https://www.youtube.com/embed/FJqHPTZTpNM] diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 121d77fdb7..f0b176f45a 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -7,7 +7,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/25/2017 +ms.date: 09/29/2017 --- # Policy CSP @@ -22,6 +22,26 @@ The Policy configuration service provider has the following sub-categories: - Policy/Config/*AreaName* – Handles the policy configuration request from the server. - Policy/Result/*AreaName* – Provides a read-only path to policies enforced on the device. + + +> [!Important] +> Policy scope is the level at which a policy can be configured. Some policies can only be configured at the device level, meaning the policy will take effect independent of who is logged into the device. Other policies can be configured at the user level, meaning the policy will only take effect for that user. +> +> The allowed scope of a specific policy is represented below its table of supported Windows editions. To configure a policy under a specific scope (user vs. device), please use the following paths: +> +> User scope: +> - **./User/Vendor/MSFT/Policy/Config/_AreaName/PolicyName_** to configure the policy. +> - **./User/Vendor/MSFT/Policy/Result/_AreaName/PolicyName_** to get the result. +> +> Device scope: +> - **./Device/Vendor/MSFT/Policy/Config/_AreaName/PolicyName_** to configure the policy. +> - **./Device/Vendor/MSFT/Policy/Result/_AreaName/PolicyName_** to get the result. +> +> For device wide configuration the **_Device/_** portion may be omitted from the path, deeming the following paths respectively equivalent: +> +> - **./Vendor/MSFT/Policy/Config/_AreaName/PolicyName_** to configure the policy. +> - **./Vendor/MSFT/Policy/Result/_AreaName/PolicyName_** to get the result. + The following diagram shows the Policy configuration service provider in tree format as used by both Open Mobile Alliance Device Management (OMA DM) and OMA Client Provisioning. ![policy csp diagram](images/provisioning-csp-policy.png) diff --git a/windows/client-management/mdm/policy-csp-abovelock.md b/windows/client-management/mdm/policy-csp-abovelock.md index 2268695665..64f921aac1 100644 --- a/windows/client-management/mdm/policy-csp-abovelock.md +++ b/windows/client-management/mdm/policy-csp-abovelock.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/30/2017 +ms.date: 09/29/2017 --- # Policy CSP - AboveLock @@ -14,11 +14,24 @@ ms.date: 08/30/2017 > [!WARNING] > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. -
+ ## AboveLock policies +
+
+ AboveLock/AllowActionCenterNotifications +
+
+ AboveLock/AllowCortanaAboveLock +
+
+ AboveLock/AllowToasts +
+
+ +
**AboveLock/AllowActionCenterNotifications** @@ -45,6 +58,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. @@ -60,6 +82,7 @@ ms.date: 08/30/2017 +
**AboveLock/AllowCortanaAboveLock** @@ -86,6 +109,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ +

Added in Windows 10, version 1607. Specifies whether or not the user can interact with Cortana using speech while the system is locked. If you enable or don’t configure this setting, the user can interact with Cortana using speech while the system is locked. If you disable this setting, the system will need to be unlocked for the user to interact with Cortana using speech. @@ -96,6 +128,7 @@ ms.date: 08/30/2017 +

**AboveLock/AllowToasts** @@ -122,6 +155,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ +

Specifies whether to allow toast notifications above the device lock screen. diff --git a/windows/client-management/mdm/policy-csp-accounts.md b/windows/client-management/mdm/policy-csp-accounts.md index f2e678427b..cbec351d99 100644 --- a/windows/client-management/mdm/policy-csp-accounts.md +++ b/windows/client-management/mdm/policy-csp-accounts.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/30/2017 +ms.date: 09/29/2017 --- # Policy CSP - Accounts @@ -14,11 +14,27 @@ ms.date: 08/30/2017 > [!WARNING] > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. -

+ ## Accounts policies +
+
+ Accounts/AllowAddingNonMicrosoftAccountsManually +
+
+ Accounts/AllowMicrosoftAccountConnection +
+
+ Accounts/AllowMicrosoftAccountSignInAssistant +
+
+ Accounts/DomainNamesForEmailSync +
+
+ +
**Accounts/AllowAddingNonMicrosoftAccountsManually** @@ -45,6 +61,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ +

Specifies whether user is allowed to add non-MSA email accounts. @@ -60,6 +85,7 @@ ms.date: 08/30/2017 +

**Accounts/AllowMicrosoftAccountConnection** @@ -86,6 +112,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ +

Specifies whether the user is allowed to use an MSA account for non-email related connection authentication and services. @@ -98,6 +133,7 @@ ms.date: 08/30/2017 +

**Accounts/AllowMicrosoftAccountSignInAssistant** @@ -124,6 +160,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ +

Added in Windows 10, version 1703. Allows IT Admins the ability to disable the "Microsoft Account Sign-In Assistant" (wlidsvc) NT service. @@ -134,6 +179,7 @@ ms.date: 08/30/2017 +

**Accounts/DomainNamesForEmailSync** @@ -160,6 +206,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ +

Specifies a list of the domains that are allowed to sync email on the device. diff --git a/windows/client-management/mdm/policy-csp-activexcontrols.md b/windows/client-management/mdm/policy-csp-activexcontrols.md index 755aeb5a2e..d01ca2a458 100644 --- a/windows/client-management/mdm/policy-csp-activexcontrols.md +++ b/windows/client-management/mdm/policy-csp-activexcontrols.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/30/2017 +ms.date: 09/29/2017 --- # Policy CSP - ActiveXControls @@ -14,11 +14,18 @@ ms.date: 08/30/2017 > [!WARNING] > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. -

+ ## ActiveXControls policies +
+
+ ActiveXControls/ApprovedInstallationSites +
+
+ +
**ActiveXControls/ApprovedInstallationSites** @@ -45,6 +52,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + This policy setting determines which ActiveX installation sites standard users in your organization can use to install ActiveX controls on their computers. When this setting is enabled, the administrator can create a list of approved Activex Install sites specified by host URL. diff --git a/windows/client-management/mdm/policy-csp-applicationdefaults.md b/windows/client-management/mdm/policy-csp-applicationdefaults.md index 838ad9fbc8..4e71e25975 100644 --- a/windows/client-management/mdm/policy-csp-applicationdefaults.md +++ b/windows/client-management/mdm/policy-csp-applicationdefaults.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/30/2017 +ms.date: 09/29/2017 --- # Policy CSP - ApplicationDefaults @@ -14,11 +14,18 @@ ms.date: 08/30/2017 > [!WARNING] > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. -
+ ## ApplicationDefaults policies +
+
+ ApplicationDefaults/DefaultAssociationsConfiguration +
+
+ +
**ApplicationDefaults/DefaultAssociationsConfiguration** @@ -45,6 +52,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ +

Added in Windows 10, version 1703. This policy allows an administrator to set default file type and protocol associations. When set, default associations will be applied on sign-in to the PC. The association file can be created using the DISM tool (dism /online /export-defaultappassociations:appassoc.xml), and then needs to be base64 encoded before being added to SyncML. diff --git a/windows/client-management/mdm/policy-csp-applicationmanagement.md b/windows/client-management/mdm/policy-csp-applicationmanagement.md index db13ecc123..7953580ab4 100644 --- a/windows/client-management/mdm/policy-csp-applicationmanagement.md +++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/30/2017 +ms.date: 09/29/2017 --- # Policy CSP - ApplicationManagement @@ -14,11 +14,48 @@ ms.date: 08/30/2017 > [!WARNING] > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. -

+ ## ApplicationManagement policies +
+
+ ApplicationManagement/AllowAllTrustedApps +
+
+ ApplicationManagement/AllowAppStoreAutoUpdate +
+
+ ApplicationManagement/AllowDeveloperUnlock +
+
+ ApplicationManagement/AllowGameDVR +
+
+ ApplicationManagement/AllowSharedUserAppData +
+
+ ApplicationManagement/AllowStore +
+
+ ApplicationManagement/ApplicationRestrictions +
+
+ ApplicationManagement/DisableStoreOriginatedApps +
+
+ ApplicationManagement/RequirePrivateStoreOnly +
+
+ ApplicationManagement/RestrictAppDataToSystemVolume +
+
+ ApplicationManagement/RestrictAppToSystemVolume +
+
+ +
**ApplicationManagement/AllowAllTrustedApps** @@ -45,6 +82,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ +

Specifies whether non Windows Store apps are allowed. @@ -58,6 +104,7 @@ ms.date: 08/30/2017 +

**ApplicationManagement/AllowAppStoreAutoUpdate** @@ -84,6 +131,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ +

Specifies whether automatic update of apps from Windows Store are allowed. @@ -96,6 +152,7 @@ ms.date: 08/30/2017 +

**ApplicationManagement/AllowDeveloperUnlock** @@ -122,6 +179,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ +

Specifies whether developer unlock is allowed. @@ -135,6 +201,7 @@ ms.date: 08/30/2017 +

**ApplicationManagement/AllowGameDVR** @@ -161,6 +228,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + > [!NOTE] > The policy is only enforced in Windows 10 for desktop. @@ -176,6 +252,7 @@ ms.date: 08/30/2017 +
**ApplicationManagement/AllowSharedUserAppData** @@ -202,6 +279,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ +

Specifies whether multiple users of the same app can share data. @@ -214,6 +300,7 @@ ms.date: 08/30/2017 +

**ApplicationManagement/AllowStore** @@ -240,6 +327,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ +

Specifies whether app store is allowed at the device. @@ -252,6 +348,7 @@ ms.date: 08/30/2017 +

**ApplicationManagement/ApplicationRestrictions** @@ -278,6 +375,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. For desktop devices, use the [AppLocker CSP](applocker-csp.md) instead. @@ -305,6 +411,7 @@ ms.date: 08/30/2017 +
**ApplicationManagement/DisableStoreOriginatedApps** @@ -331,6 +438,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ +

Added in Windows 10, version 1607. Boolean value that disables the launch of all apps from Windows Store that came pre-installed or were downloaded. @@ -341,6 +457,7 @@ ms.date: 08/30/2017 +

**ApplicationManagement/RequirePrivateStoreOnly** @@ -367,6 +484,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ +

Allows disabling of the retail catalog and only enables the Private store. @@ -388,6 +514,7 @@ ms.date: 08/30/2017 +

**ApplicationManagement/RestrictAppDataToSystemVolume** @@ -414,6 +541,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ +

Specifies whether application data is restricted to the system drive. @@ -426,6 +562,7 @@ ms.date: 08/30/2017 +

**ApplicationManagement/RestrictAppToSystemVolume** @@ -452,6 +589,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ +

Specifies whether the installation of applications is restricted to the system drive. diff --git a/windows/client-management/mdm/policy-csp-appvirtualization.md b/windows/client-management/mdm/policy-csp-appvirtualization.md index e44fda0b34..512cbecf60 100644 --- a/windows/client-management/mdm/policy-csp-appvirtualization.md +++ b/windows/client-management/mdm/policy-csp-appvirtualization.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/30/2017 +ms.date: 09/29/2017 --- # Policy CSP - AppVirtualization @@ -14,11 +14,99 @@ ms.date: 08/30/2017 > [!WARNING] > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. -

+ ## AppVirtualization policies +
+
+ AppVirtualization/AllowAppVClient +
+
+ AppVirtualization/AllowDynamicVirtualization +
+
+ AppVirtualization/AllowPackageCleanup +
+
+ AppVirtualization/AllowPackageScripts +
+
+ AppVirtualization/AllowPublishingRefreshUX +
+
+ AppVirtualization/AllowReportingServer +
+
+ AppVirtualization/AllowRoamingFileExclusions +
+
+ AppVirtualization/AllowRoamingRegistryExclusions +
+
+ AppVirtualization/AllowStreamingAutoload +
+
+ AppVirtualization/ClientCoexistenceAllowMigrationmode +
+
+ AppVirtualization/IntegrationAllowRootGlobal +
+
+ AppVirtualization/IntegrationAllowRootUser +
+
+ AppVirtualization/PublishingAllowServer1 +
+
+ AppVirtualization/PublishingAllowServer2 +
+
+ AppVirtualization/PublishingAllowServer3 +
+
+ AppVirtualization/PublishingAllowServer4 +
+
+ AppVirtualization/PublishingAllowServer5 +
+
+ AppVirtualization/StreamingAllowCertificateFilterForClient_SSL +
+
+ AppVirtualization/StreamingAllowHighCostLaunch +
+
+ AppVirtualization/StreamingAllowLocationProvider +
+
+ AppVirtualization/StreamingAllowPackageInstallationRoot +
+
+ AppVirtualization/StreamingAllowPackageSourceRoot +
+
+ AppVirtualization/StreamingAllowReestablishmentInterval +
+
+ AppVirtualization/StreamingAllowReestablishmentRetries +
+
+ AppVirtualization/StreamingSharedContentStoreMode +
+
+ AppVirtualization/StreamingSupportBranchCache +
+
+ AppVirtualization/StreamingVerifyCertificateRevocationList +
+
+ AppVirtualization/VirtualComponentsAllowList +
+
+ +
**AppVirtualization/AllowAppVClient** @@ -45,6 +133,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + This policy setting allows you to enable or disable Microsoft Application Virtualization (App-V) feature. Reboot is needed for disable to take effect. @@ -65,6 +162,7 @@ ADMX Info: +
**AppVirtualization/AllowDynamicVirtualization** @@ -91,6 +189,15 @@ ADMX Info: + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + Enables Dynamic Virtualization of supported shell extensions, browser helper objects, and ActiveX controls. @@ -111,6 +218,7 @@ ADMX Info: +
**AppVirtualization/AllowPackageCleanup** @@ -137,6 +245,15 @@ ADMX Info: + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + Enables automatic cleanup of appv packages that were added after Windows10 anniversary release. @@ -157,6 +274,7 @@ ADMX Info: +
**AppVirtualization/AllowPackageScripts** @@ -183,6 +301,15 @@ ADMX Info: + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + Enables scripts defined in the package manifest of configuration files that should run. @@ -203,6 +330,7 @@ ADMX Info: +
**AppVirtualization/AllowPublishingRefreshUX** @@ -229,6 +357,15 @@ ADMX Info: + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + Enables a UX to display to the user when a publishing refresh is performed on the client. @@ -249,6 +386,7 @@ ADMX Info: +
**AppVirtualization/AllowReportingServer** @@ -275,6 +413,15 @@ ADMX Info: + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + Reporting Server URL: Displays the URL of reporting server. @@ -305,6 +452,7 @@ ADMX Info: +
**AppVirtualization/AllowRoamingFileExclusions** @@ -331,6 +479,15 @@ ADMX Info: + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + Specifies the file paths relative to %userprofile% that do not roam with a user's profile. Example usage: /FILEEXCLUSIONLIST='desktop;my pictures'. @@ -351,6 +508,7 @@ ADMX Info: +
**AppVirtualization/AllowRoamingRegistryExclusions** @@ -377,6 +535,15 @@ ADMX Info: + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + Specifies the registry paths that do not roam with a user profile. Example usage: /REGISTRYEXCLUSIONLIST=software\classes;software\clients. @@ -397,6 +564,7 @@ ADMX Info: +
**AppVirtualization/AllowStreamingAutoload** @@ -423,6 +591,15 @@ ADMX Info: + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + Specifies how new packages should be loaded automatically by App-V on a specific computer. @@ -443,6 +620,7 @@ ADMX Info: +
**AppVirtualization/ClientCoexistenceAllowMigrationmode** @@ -469,6 +647,15 @@ ADMX Info: + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + Migration mode allows the App-V client to modify shortcuts and FTA's for packages created using a previous version of App-V. @@ -489,6 +676,7 @@ ADMX Info: +
**AppVirtualization/IntegrationAllowRootGlobal** @@ -515,6 +703,15 @@ ADMX Info: + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + Specifies the location where symbolic links are created to the current version of a per-user published package. Shortcuts, file type associations, etc. are created pointing to this path. If empty, symbolic links are not used during publishing. Example: %localappdata%\Microsoft\AppV\Client\Integration. @@ -535,6 +732,7 @@ ADMX Info: +
**AppVirtualization/IntegrationAllowRootUser** @@ -561,6 +759,15 @@ ADMX Info: + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + Specifies the location where symbolic links are created to the current version of a globally published package. Shortcuts, file type associations, etc. are created pointing to this path. If empty, symbolic links are not used during publishing. Example: %allusersprofile%\Microsoft\AppV\Client\Integration. @@ -581,6 +788,7 @@ ADMX Info: +
**AppVirtualization/PublishingAllowServer1** @@ -607,6 +815,15 @@ ADMX Info: + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + Publishing Server Display Name: Displays the name of publishing server. @@ -645,6 +862,7 @@ ADMX Info: +
**AppVirtualization/PublishingAllowServer2** @@ -671,6 +889,15 @@ ADMX Info: + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + Publishing Server Display Name: Displays the name of publishing server. @@ -709,6 +936,7 @@ ADMX Info: +
**AppVirtualization/PublishingAllowServer3** @@ -735,6 +963,15 @@ ADMX Info: + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + Publishing Server Display Name: Displays the name of publishing server. @@ -773,6 +1010,7 @@ ADMX Info: +
**AppVirtualization/PublishingAllowServer4** @@ -799,6 +1037,15 @@ ADMX Info: + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + Publishing Server Display Name: Displays the name of publishing server. @@ -837,6 +1084,7 @@ ADMX Info: +
**AppVirtualization/PublishingAllowServer5** @@ -863,6 +1111,15 @@ ADMX Info: + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + Publishing Server Display Name: Displays the name of publishing server. @@ -901,6 +1158,7 @@ ADMX Info: +
**AppVirtualization/StreamingAllowCertificateFilterForClient_SSL** @@ -927,6 +1185,15 @@ ADMX Info: + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + Specifies the path to a valid certificate in the certificate store. @@ -947,6 +1214,7 @@ ADMX Info: +
**AppVirtualization/StreamingAllowHighCostLaunch** @@ -973,6 +1241,15 @@ ADMX Info: + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + This setting controls whether virtualized applications are launched on Windows 8 machines connected via a metered network connection (e.g. 4G). @@ -993,6 +1270,7 @@ ADMX Info: +
**AppVirtualization/StreamingAllowLocationProvider** @@ -1019,6 +1297,15 @@ ADMX Info: + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + Specifies the CLSID for a compatible implementation of the IAppvPackageLocationProvider interface. @@ -1039,6 +1326,7 @@ ADMX Info: +
**AppVirtualization/StreamingAllowPackageInstallationRoot** @@ -1065,6 +1353,15 @@ ADMX Info: + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + Specifies directory where all new applications and updates will be installed. @@ -1085,6 +1382,7 @@ ADMX Info: +
**AppVirtualization/StreamingAllowPackageSourceRoot** @@ -1111,6 +1409,15 @@ ADMX Info: + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + Overrides source location for downloading package content. @@ -1131,6 +1438,7 @@ ADMX Info: +
**AppVirtualization/StreamingAllowReestablishmentInterval** @@ -1157,6 +1465,15 @@ ADMX Info: + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + Specifies the number of seconds between attempts to reestablish a dropped session. @@ -1177,6 +1494,7 @@ ADMX Info: +
**AppVirtualization/StreamingAllowReestablishmentRetries** @@ -1203,6 +1521,15 @@ ADMX Info: + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + Specifies the number of times to retry a dropped session. @@ -1223,6 +1550,7 @@ ADMX Info: +
**AppVirtualization/StreamingSharedContentStoreMode** @@ -1249,6 +1577,15 @@ ADMX Info: + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + Specifies that streamed package contents will be not be saved to the local hard disk. @@ -1269,6 +1606,7 @@ ADMX Info: +
**AppVirtualization/StreamingSupportBranchCache** @@ -1295,6 +1633,15 @@ ADMX Info: + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + If enabled, the App-V client will support BrancheCache compatible HTTP streaming. If BranchCache support is not desired, this should be disabled. The client can then apply HTTP optimizations which are incompatible with BranchCache @@ -1315,6 +1662,7 @@ ADMX Info: +
**AppVirtualization/StreamingVerifyCertificateRevocationList** @@ -1341,6 +1689,15 @@ ADMX Info: + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + Verifies Server certificate revocation status before streaming using HTTPS. @@ -1361,6 +1718,7 @@ ADMX Info: +
**AppVirtualization/VirtualComponentsAllowList** @@ -1387,6 +1745,15 @@ ADMX Info: + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + Specifies a list of process paths (may contain wildcards) which are candidates for using virtual components (shell extensions, browser helper objects, etc). Only processes whose full path matches one of these items can use virtual components. diff --git a/windows/client-management/mdm/policy-csp-attachmentmanager.md b/windows/client-management/mdm/policy-csp-attachmentmanager.md index 202f7f324a..19b60c53f6 100644 --- a/windows/client-management/mdm/policy-csp-attachmentmanager.md +++ b/windows/client-management/mdm/policy-csp-attachmentmanager.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/30/2017 +ms.date: 09/29/2017 --- # Policy CSP - AttachmentManager @@ -14,11 +14,24 @@ ms.date: 08/30/2017 > [!WARNING] > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. -
+ ## AttachmentManager policies +
+
+ AttachmentManager/DoNotPreserveZoneInformation +
+
+ AttachmentManager/HideZoneInfoMechanism +
+
+ AttachmentManager/NotifyAntivirusPrograms +
+
+ +
**AttachmentManager/DoNotPreserveZoneInformation** @@ -45,6 +58,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + This policy setting allows you to manage whether Windows marks file attachments with information about their zone of origin (such as restricted, Internet, intranet, local). This requires NTFS in order to function correctly, and will fail without notice on FAT32. By not preserving the zone information, Windows cannot make proper risk assessments. @@ -71,6 +93,7 @@ ADMX Info: +
**AttachmentManager/HideZoneInfoMechanism** @@ -97,6 +120,15 @@ ADMX Info: + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + This policy setting allows you to manage whether users can manually remove the zone information from saved file attachments by clicking the Unblock button in the file's property sheet or by using a check box in the security warning dialog. Removing the zone information allows users to open potentially dangerous file attachments that Windows has blocked users from opening. @@ -123,6 +155,7 @@ ADMX Info: +
**AttachmentManager/NotifyAntivirusPrograms** @@ -149,6 +182,15 @@ ADMX Info: + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + This policy setting allows you to manage the behavior for notifying registered antivirus programs. If multiple programs are registered, they will all be notified. If the registered antivirus program already performs on-access checks or scans files as they arrive on the computer's email server, additional calls would be redundant. diff --git a/windows/client-management/mdm/policy-csp-authentication.md b/windows/client-management/mdm/policy-csp-authentication.md index 3c483fb097..d33bbd648c 100644 --- a/windows/client-management/mdm/policy-csp-authentication.md +++ b/windows/client-management/mdm/policy-csp-authentication.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 09/06/2017 +ms.date: 09/29/2017 --- # Policy CSP - Authentication @@ -14,11 +14,27 @@ ms.date: 09/06/2017 > [!WARNING] > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. -
+ ## Authentication policies +
+
+ Authentication/AllowAadPasswordReset +
+
+ Authentication/AllowEAPCertSSO +
+
+ Authentication/AllowFastReconnect +
+
+ Authentication/AllowSecondaryAuthenticationDevice +
+
+ +
**Authentication/AllowAadPasswordReset** @@ -45,6 +61,15 @@ ms.date: 09/06/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ +

Added in Windows 10, version 1709. Specifies whether password reset is enabled for Azure Active Directory accounts. This policy allows the Azure AD tenant administrators to enable self service password reset feature on the windows logon screen.  @@ -55,6 +80,7 @@ ms.date: 09/06/2017 +

**Authentication/AllowEAPCertSSO** @@ -81,6 +107,15 @@ ms.date: 09/06/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ +

Allows an EAP cert-based authentication for a single sign on (SSO) to access internal resources. @@ -98,6 +133,7 @@ ms.date: 09/06/2017 +

**Authentication/AllowFastReconnect** @@ -124,6 +160,15 @@ ms.date: 09/06/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ +

Allows EAP Fast Reconnect from being attempted for EAP Method TLS. @@ -136,6 +181,7 @@ ms.date: 09/06/2017 +

**Authentication/AllowSecondaryAuthenticationDevice** @@ -162,6 +208,15 @@ ms.date: 09/06/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ +

Added in Windows 10, version 1607. Allows secondary authentication devices to work with Windows. diff --git a/windows/client-management/mdm/policy-csp-autoplay.md b/windows/client-management/mdm/policy-csp-autoplay.md index daac26b55d..f63666cdc6 100644 --- a/windows/client-management/mdm/policy-csp-autoplay.md +++ b/windows/client-management/mdm/policy-csp-autoplay.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/30/2017 +ms.date: 09/29/2017 --- # Policy CSP - Autoplay @@ -14,11 +14,24 @@ ms.date: 08/30/2017 > [!WARNING] > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. -

+ ## Autoplay policies +
+
+ Autoplay/DisallowAutoplayForNonVolumeDevices +
+
+ Autoplay/SetDefaultAutoRunBehavior +
+
+ Autoplay/TurnOffAutoPlay +
+
+ +
**Autoplay/DisallowAutoplayForNonVolumeDevices** @@ -45,6 +58,16 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User +> * Device + +
+ + This policy setting disallows AutoPlay for MTP devices like cameras or phones. @@ -69,6 +92,7 @@ ADMX Info: +
**Autoplay/SetDefaultAutoRunBehavior** @@ -95,6 +119,16 @@ ADMX Info: + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User +> * Device + +
+ + This policy setting sets the default behavior for Autorun commands. @@ -128,6 +162,7 @@ ADMX Info: +
**Autoplay/TurnOffAutoPlay** @@ -154,6 +189,16 @@ ADMX Info: + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User +> * Device + +
+ + This policy setting allows you to turn off the Autoplay feature. diff --git a/windows/client-management/mdm/policy-csp-bitlocker.md b/windows/client-management/mdm/policy-csp-bitlocker.md index 1220f63607..3d4c5bac81 100644 --- a/windows/client-management/mdm/policy-csp-bitlocker.md +++ b/windows/client-management/mdm/policy-csp-bitlocker.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/30/2017 +ms.date: 09/29/2017 --- # Policy CSP - Bitlocker @@ -14,11 +14,18 @@ ms.date: 08/30/2017 > [!WARNING] > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. -
+ ## Bitlocker policies +
+
+ Bitlocker/EncryptionMethod +
+
+ +
**Bitlocker/EncryptionMethod** @@ -45,6 +52,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ +

Specifies the BitLocker Drive Encryption method and cipher strength. diff --git a/windows/client-management/mdm/policy-csp-bluetooth.md b/windows/client-management/mdm/policy-csp-bluetooth.md index 7bd2ea4992..d874f9ffa2 100644 --- a/windows/client-management/mdm/policy-csp-bluetooth.md +++ b/windows/client-management/mdm/policy-csp-bluetooth.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/30/2017 +ms.date: 09/29/2017 --- # Policy CSP - Bluetooth @@ -14,11 +14,30 @@ ms.date: 08/30/2017 > [!WARNING] > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. -

+ ## Bluetooth policies +
+
+ Bluetooth/AllowAdvertising +
+
+ Bluetooth/AllowDiscoverableMode +
+
+ Bluetooth/AllowPrepairing +
+
+ Bluetooth/LocalDeviceName +
+
+ Bluetooth/ServicesAllowedList +
+
+ +
**Bluetooth/AllowAdvertising** @@ -45,6 +64,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ +

Specifies whether the device can send out Bluetooth advertisements. @@ -59,6 +87,7 @@ ms.date: 08/30/2017 +

**Bluetooth/AllowDiscoverableMode** @@ -85,6 +114,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ +

Specifies whether other Bluetooth-enabled devices can discover the device. @@ -99,6 +137,7 @@ ms.date: 08/30/2017 +

**Bluetooth/AllowPrepairing** @@ -125,6 +164,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ +

Specifies whether to allow specific bundled Bluetooth peripherals to automatically pair with the host device. @@ -135,6 +183,7 @@ ms.date: 08/30/2017 +

**Bluetooth/LocalDeviceName** @@ -161,6 +210,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ +

Sets the local Bluetooth device name. @@ -170,6 +228,7 @@ ms.date: 08/30/2017 +

**Bluetooth/ServicesAllowedList** @@ -196,6 +255,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ +

Set a list of allowable services and profiles. String hex formatted array of Bluetooth service UUIDs in canonical format, delimited by semicolons. For example, {782AFCFC-7CAA-436C-8BF0-78CD0FFBD4AF}. diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md index 82c992e8eb..2c7f399858 100644 --- a/windows/client-management/mdm/policy-csp-browser.md +++ b/windows/client-management/mdm/policy-csp-browser.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/30/2017 +ms.date: 09/29/2017 --- # Policy CSP - Browser @@ -14,11 +14,123 @@ ms.date: 08/30/2017 > [!WARNING] > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. -

+ ## Browser policies +
+
+ Browser/AllowAddressBarDropdown +
+
+ Browser/AllowAutofill +
+
+ Browser/AllowBrowser +
+
+ Browser/AllowCookies +
+
+ Browser/AllowDeveloperTools +
+
+ Browser/AllowDoNotTrack +
+
+ Browser/AllowExtensions +
+
+ Browser/AllowFlash +
+
+ Browser/AllowFlashClickToRun +
+
+ Browser/AllowInPrivate +
+
+ Browser/AllowMicrosoftCompatibilityList +
+
+ Browser/AllowPasswordManager +
+
+ Browser/AllowPopups +
+
+ Browser/AllowSearchEngineCustomization +
+
+ Browser/AllowSearchSuggestionsinAddressBar +
+
+ Browser/AllowSmartScreen +
+
+ Browser/AlwaysEnableBooksLibrary +
+
+ Browser/ClearBrowsingDataOnExit +
+
+ Browser/ConfigureAdditionalSearchEngines +
+
+ Browser/DisableLockdownOfStartPages +
+
+ Browser/EnterpriseModeSiteList +
+
+ Browser/EnterpriseSiteListServiceUrl +
+
+ Browser/FirstRunURL +
+
+ Browser/HomePages +
+
+ Browser/LockdownFavorites +
+
+ Browser/PreventAccessToAboutFlagsInMicrosoftEdge +
+
+ Browser/PreventFirstRunPage +
+
+ Browser/PreventLiveTileDataCollection +
+
+ Browser/PreventSmartScreenPromptOverride +
+
+ Browser/PreventSmartScreenPromptOverrideForFiles +
+
+ Browser/PreventUsingLocalHostIPAddressForWebRTC +
+
+ Browser/ProvisionFavorites +
+
+ Browser/SendIntranetTraffictoInternetExplorer +
+
+ Browser/SetDefaultSearchEngine +
+
+ Browser/ShowMessageWhenOpeningSitesInInternetExplorer +
+
+ Browser/SyncFavoritesBetweenIEAndMicrosoftEdge +
+
+ +
**Browser/AllowAddressBarDropdown** @@ -45,6 +157,16 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User +> * Device + +
+ +

Added in Windows 10, version 1703. Specifies whether to allow the address bar drop-down functionality in Microsoft Edge. If you want to minimize network connections from Microsoft Edge to Microsoft services, we recommend disabling this functionality.  @@ -60,6 +182,7 @@ ms.date: 08/30/2017 +

**Browser/AllowAutofill** @@ -86,6 +209,16 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User +> * Device + +
+ +

Specifies whether autofill on websites is allowed. @@ -105,6 +238,7 @@ ms.date: 08/30/2017 +

**Browser/AllowBrowser** @@ -131,6 +265,16 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User +> * Device + +
+ + > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. For desktop devices, use the [AppLocker CSP](applocker-csp.md) instead. @@ -149,6 +293,7 @@ ms.date: 08/30/2017 +
**Browser/AllowCookies** @@ -175,6 +320,16 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User +> * Device + +
+ +

Specifies whether cookies are allowed. @@ -194,6 +349,7 @@ ms.date: 08/30/2017 +

**Browser/AllowDeveloperTools** @@ -220,6 +376,16 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User +> * Device + +
+ + > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. @@ -236,6 +402,7 @@ ms.date: 08/30/2017 +
**Browser/AllowDoNotTrack** @@ -262,6 +429,16 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User +> * Device + +
+ +

Specifies whether Do Not Track headers are allowed. @@ -281,6 +458,7 @@ ms.date: 08/30/2017 +

**Browser/AllowExtensions** @@ -307,6 +485,16 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User +> * Device + +
+ +

Added in Windows 10, version 1607. Specifies whether Microsoft Edge extensions are allowed. @@ -317,6 +505,7 @@ ms.date: 08/30/2017 +

**Browser/AllowFlash** @@ -343,6 +532,16 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User +> * Device + +
+ +

Added in Windows 10. Specifies whether Adobe Flash can run in Microsoft Edge. @@ -353,6 +552,7 @@ ms.date: 08/30/2017 +

**Browser/AllowFlashClickToRun** @@ -379,6 +579,16 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User +> * Device + +
+ +

Added in Windows 10, version 1703. Specifies whether users must take an action, such as clicking the content or a Click-to-Run button, before seeing content in Adobe Flash. @@ -389,6 +599,7 @@ ms.date: 08/30/2017 +

**Browser/AllowInPrivate** @@ -415,6 +626,16 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User +> * Device + +
+ +

Specifies whether InPrivate browsing is allowed on corporate networks. @@ -427,6 +648,7 @@ ms.date: 08/30/2017 +

**Browser/AllowMicrosoftCompatibilityList** @@ -453,6 +675,16 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User +> * Device + +
+ +

Added in Windows 10, version 1703. Specifies whether to use the Microsoft compatibility list in Microsoft Edge. The Microsoft compatibility list is a Microsoft-provided list that enables sites with known compatibility issues to display properly. By default, the Microsoft compatibility list is enabled and can be viewed by visiting "about:compat". @@ -468,6 +700,7 @@ By default, the Microsoft compatibility list is enabled and can be viewed by vis +

**Browser/AllowPasswordManager** @@ -494,6 +727,16 @@ By default, the Microsoft compatibility list is enabled and can be viewed by vis + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User +> * Device + +
+ +

Specifies whether saving and managing passwords locally on the device is allowed. @@ -513,6 +756,7 @@ By default, the Microsoft compatibility list is enabled and can be viewed by vis +

**Browser/AllowPopups** @@ -539,6 +783,16 @@ By default, the Microsoft compatibility list is enabled and can be viewed by vis + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User +> * Device + +
+ +

Specifies whether pop-up blocker is allowed or enabled. @@ -558,6 +812,7 @@ By default, the Microsoft compatibility list is enabled and can be viewed by vis +

**Browser/AllowSearchEngineCustomization** @@ -584,6 +839,16 @@ By default, the Microsoft compatibility list is enabled and can be viewed by vis + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User +> * Device + +
+ +

Added in Windows 10, version 1703. Allows search engine customization for MDM-enrolled devices. Users can change their default search engine.     @@ -598,6 +863,7 @@ By default, the Microsoft compatibility list is enabled and can be viewed by vis +

**Browser/AllowSearchSuggestionsinAddressBar** @@ -624,6 +890,16 @@ By default, the Microsoft compatibility list is enabled and can be viewed by vis + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User +> * Device + +
+ +

Specifies whether search suggestions are allowed in the address bar. @@ -636,6 +912,7 @@ By default, the Microsoft compatibility list is enabled and can be viewed by vis +

**Browser/AllowSmartScreen** @@ -662,6 +939,16 @@ By default, the Microsoft compatibility list is enabled and can be viewed by vis + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User +> * Device + +
+ +

Specifies whether Windows Defender SmartScreen is allowed. @@ -681,9 +968,20 @@ By default, the Microsoft compatibility list is enabled and can be viewed by vis +

**Browser/AlwaysEnableBooksLibrary** + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User +> * Device + +
+ +

@@ -691,6 +989,7 @@ By default, the Microsoft compatibility list is enabled and can be viewed by vis +

**Browser/ClearBrowsingDataOnExit** @@ -717,6 +1016,16 @@ By default, the Microsoft compatibility list is enabled and can be viewed by vis + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User +> * Device + +
+ +

Added in Windows 10, version 1703. Specifies whether to clear browsing data on exiting Microsoft Edge. @@ -735,6 +1044,7 @@ By default, the Microsoft compatibility list is enabled and can be viewed by vis +

**Browser/ConfigureAdditionalSearchEngines** @@ -761,6 +1071,16 @@ By default, the Microsoft compatibility list is enabled and can be viewed by vis + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User +> * Device + +
+ +

Added in Windows 10, version 1703. Allows you to add up to 5 additional search engines for MDM-enrolled devices.    @@ -781,6 +1101,7 @@ Employees cannot remove these search engines, but they can set any one as the de +

**Browser/DisableLockdownOfStartPages** @@ -807,6 +1128,16 @@ Employees cannot remove these search engines, but they can set any one as the de + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User +> * Device + +
+ +

Added in Windows 10, version 1703. Boolean value that specifies whether the lockdown on the Start pages is disabled. This policy works with the Browser/HomePages policy, which locks down the Start pages that the users cannot modify. You can use the DisableLockdownOfStartPages policy to allow users to modify the Start pages when the Browser/HomePages policy is in effect.     @@ -825,6 +1156,7 @@ Employees cannot remove these search engines, but they can set any one as the de +

**Browser/EnterpriseModeSiteList** @@ -851,6 +1183,16 @@ Employees cannot remove these search engines, but they can set any one as the de + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User +> * Device + +
+ + > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. @@ -865,6 +1207,7 @@ Employees cannot remove these search engines, but they can set any one as the de +
**Browser/EnterpriseSiteListServiceUrl** @@ -891,12 +1234,23 @@ Employees cannot remove these search engines, but they can set any one as the de + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User +> * Device + +
+ + > [!IMPORTANT] > This policy (introduced in Windows 10, version 1507) was deprecated in Windows 10, version 1511 by [Browser/EnterpriseModeSiteList](#browser-enterprisemodesitelist). +
**Browser/FirstRunURL** @@ -923,6 +1277,16 @@ Employees cannot remove these search engines, but they can set any one as the de + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User +> * Device + +
+ + > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. @@ -936,6 +1300,7 @@ Employees cannot remove these search engines, but they can set any one as the de +
**Browser/HomePages** @@ -962,6 +1327,16 @@ Employees cannot remove these search engines, but they can set any one as the de + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User +> * Device + +
+ + > [!NOTE] > This policy is only available for Windows 10 for desktop and not supported in Windows 10 Mobile. @@ -977,6 +1352,7 @@ Employees cannot remove these search engines, but they can set any one as the de +
**Browser/LockdownFavorites** @@ -1003,6 +1379,16 @@ Employees cannot remove these search engines, but they can set any one as the de + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User +> * Device + +
+ +

Added in Windows 10, version 1709. This policy setting lets you decide whether employees can add, import, sort, or edit the Favorites list on Microsoft Edge. @@ -1022,6 +1408,7 @@ Employees cannot remove these search engines, but they can set any one as the de +

**Browser/PreventAccessToAboutFlagsInMicrosoftEdge** @@ -1048,6 +1435,16 @@ Employees cannot remove these search engines, but they can set any one as the de + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User +> * Device + +
+ +

Specifies whether users can access the about:flags page, which is used to change developer settings and to enable experimental features. @@ -1058,6 +1455,7 @@ Employees cannot remove these search engines, but they can set any one as the de +

**Browser/PreventFirstRunPage** @@ -1084,6 +1482,16 @@ Employees cannot remove these search engines, but they can set any one as the de + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User +> * Device + +
+ +

Added in Windows 10, version 1703. Specifies whether to enable or disable the First Run webpage. On the first explicit user-launch of Microsoft Edge, a First Run webpage hosted on Microsoft.com opens automatically via a FWLINK. This policy allows enterprises (such as those enrolled in a zero-emissions configuration) to prevent this page from opening. @@ -1096,6 +1504,7 @@ Employees cannot remove these search engines, but they can set any one as the de +

**Browser/PreventLiveTileDataCollection** @@ -1122,6 +1531,16 @@ Employees cannot remove these search engines, but they can set any one as the de + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User +> * Device + +
+ +

Added in Windows 10, version 1703. Specifies whether Microsoft can collect information to create a Live Tile when pinning a site to Start from Microsoft Edge. @@ -1134,6 +1553,7 @@ Employees cannot remove these search engines, but they can set any one as the de +

**Browser/PreventSmartScreenPromptOverride** @@ -1160,6 +1580,16 @@ Employees cannot remove these search engines, but they can set any one as the de + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User +> * Device + +
+ +

Specifies whether users can override the Windows Defender SmartScreen Filter warnings about potentially malicious websites. @@ -1172,6 +1602,7 @@ Employees cannot remove these search engines, but they can set any one as the de +

**Browser/PreventSmartScreenPromptOverrideForFiles** @@ -1198,6 +1629,16 @@ Employees cannot remove these search engines, but they can set any one as the de + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User +> * Device + +
+ +

Specifies whether users can override the Windows Defender SmartScreen Filter warnings about downloading unverified files. Turning this setting on stops users from ignoring the Windows Defender SmartScreen Filter warnings and blocks them from downloading unverified files. Turning this setting off, or not configuring it, lets users ignore the Windows Defender SmartScreen Filter warnings about unverified files and lets them continue the download process. @@ -1208,6 +1649,7 @@ Employees cannot remove these search engines, but they can set any one as the de +

**Browser/PreventUsingLocalHostIPAddressForWebRTC** @@ -1234,6 +1676,16 @@ Employees cannot remove these search engines, but they can set any one as the de + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User +> * Device + +
+ + > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. @@ -1248,6 +1700,7 @@ Employees cannot remove these search engines, but they can set any one as the de +
**Browser/ProvisionFavorites** @@ -1274,6 +1727,16 @@ Employees cannot remove these search engines, but they can set any one as the de + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User +> * Device + +
+ +

Added in Windows 10, version 1709. This policy setting allows you to configure a default set of favorites, which will appear for employees. Employees cannot modify, sort, move, export or delete these provisioned favorites. Specify the URL which points to the file that has all the data for provisioning favorites (in html format). You can export a set of favorites from Edge and use that html file for provisioning user machines.   @@ -1292,6 +1755,7 @@ Employees cannot remove these search engines, but they can set any one as the de +

**Browser/SendIntranetTraffictoInternetExplorer** @@ -1318,6 +1782,16 @@ Employees cannot remove these search engines, but they can set any one as the de + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User +> * Device + +
+ + > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. @@ -1334,6 +1808,7 @@ Employees cannot remove these search engines, but they can set any one as the de +
**Browser/SetDefaultSearchEngine** @@ -1360,6 +1835,16 @@ Employees cannot remove these search engines, but they can set any one as the de + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User +> * Device + +
+ +

Added in Windows 10, version 1703. Allows you configure the default search engine for your employees. By default, your employees can change the default search engine at any time. If you want to prevent your employees from changing the default search engine that you set, you can do so by configuring the AllowSearchEngineCustomization policy. @@ -1379,6 +1864,7 @@ Employees cannot remove these search engines, but they can set any one as the de +

**Browser/ShowMessageWhenOpeningSitesInInternetExplorer** @@ -1405,6 +1891,16 @@ Employees cannot remove these search engines, but they can set any one as the de + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User +> * Device + +
+ + > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. @@ -1421,6 +1917,7 @@ Employees cannot remove these search engines, but they can set any one as the de +
**Browser/SyncFavoritesBetweenIEAndMicrosoftEdge** @@ -1447,6 +1944,16 @@ Employees cannot remove these search engines, but they can set any one as the de + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User +> * Device + +
+ +

Added in Windows 10, version 1703. Specifies whether favorites are kept in sync between Internet Explorer and Microsoft Edge. Changes to favorites in one browser are reflected in the other, including: additions, deletions, modifications, and ordering. diff --git a/windows/client-management/mdm/policy-csp-camera.md b/windows/client-management/mdm/policy-csp-camera.md index ca7b98ecc5..ce33fa4faa 100644 --- a/windows/client-management/mdm/policy-csp-camera.md +++ b/windows/client-management/mdm/policy-csp-camera.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/30/2017 +ms.date: 09/29/2017 --- # Policy CSP - Camera @@ -14,11 +14,18 @@ ms.date: 08/30/2017 > [!WARNING] > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. -

+ ## Camera policies +
+
+ Camera/AllowCamera +
+
+ +
**Camera/AllowCamera** @@ -45,6 +52,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ +

Disables or enables the camera. diff --git a/windows/client-management/mdm/policy-csp-cellular.md b/windows/client-management/mdm/policy-csp-cellular.md index b1c206e118..183748ec41 100644 --- a/windows/client-management/mdm/policy-csp-cellular.md +++ b/windows/client-management/mdm/policy-csp-cellular.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/30/2017 +ms.date: 09/29/2017 --- # Policy CSP - Cellular @@ -14,11 +14,18 @@ ms.date: 08/30/2017 > [!WARNING] > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. -

+ ## Cellular policies +
+
+ Cellular/ShowAppCellularAccessUI +
+
+ +
**Cellular/ShowAppCellularAccessUI** @@ -45,6 +52,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + > [!TIP] diff --git a/windows/client-management/mdm/policy-csp-connectivity.md b/windows/client-management/mdm/policy-csp-connectivity.md index 5ffa503ab6..415ebf1eac 100644 --- a/windows/client-management/mdm/policy-csp-connectivity.md +++ b/windows/client-management/mdm/policy-csp-connectivity.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/30/2017 +ms.date: 09/29/2017 --- # Policy CSP - Connectivity @@ -14,11 +14,54 @@ ms.date: 08/30/2017 > [!WARNING] > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. -
+ ## Connectivity policies +
+
+ Connectivity/AllowBluetooth +
+
+ Connectivity/AllowCellularData +
+
+ Connectivity/AllowCellularDataRoaming +
+
+ Connectivity/AllowConnectedDevices +
+
+ Connectivity/AllowNFC +
+
+ Connectivity/AllowUSBConnection +
+
+ Connectivity/AllowVPNOverCellular +
+
+ Connectivity/AllowVPNRoamingOverCellular +
+
+ Connectivity/DiablePrintingOverHTTP +
+
+ Connectivity/DisableDownloadingOfPrintDriversOverHTTP +
+
+ Connectivity/DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards +
+
+ Connectivity/HardenedUNCPaths +
+
+ Connectivity/ProhibitInstallationAndConfigurationOfNetworkBridge +
+
+ +
**Connectivity/AllowBluetooth** @@ -45,6 +88,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ +

Allows the user to enable Bluetooth or restrict access. @@ -64,6 +116,7 @@ ms.date: 08/30/2017 +

**Connectivity/AllowCellularData** @@ -90,6 +143,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ +

Allows the cellular data channel on the device. Device reboot is not required to enforce the policy. @@ -101,6 +163,7 @@ ms.date: 08/30/2017 +

**Connectivity/AllowCellularDataRoaming** @@ -127,6 +190,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ +

Allows or disallows cellular data roaming on the device. Device reboot is not required to enforce the policy. @@ -148,6 +220,7 @@ ms.date: 08/30/2017 +

**Connectivity/AllowConnectedDevices** @@ -174,6 +247,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + > [!NOTE] > This policy requires reboot to take effect. @@ -187,6 +269,7 @@ ms.date: 08/30/2017 +
**Connectivity/AllowNFC** @@ -213,6 +296,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. @@ -229,6 +321,7 @@ ms.date: 08/30/2017 +
**Connectivity/AllowUSBConnection** @@ -255,6 +348,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. @@ -273,6 +375,7 @@ ms.date: 08/30/2017 +
**Connectivity/AllowVPNOverCellular** @@ -299,6 +402,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ +

Specifies what type of underlying connections VPN is allowed to use. @@ -311,6 +423,7 @@ ms.date: 08/30/2017 +

**Connectivity/AllowVPNRoamingOverCellular** @@ -337,6 +450,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ +

Prevents the device from connecting to VPN when the device roams over cellular networks. @@ -349,6 +471,7 @@ ms.date: 08/30/2017 +

**Connectivity/DiablePrintingOverHTTP** @@ -375,6 +498,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + > [!TIP] @@ -393,6 +525,7 @@ ADMX Info: +
**Connectivity/DisableDownloadingOfPrintDriversOverHTTP** @@ -419,6 +552,15 @@ ADMX Info: + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + > [!TIP] @@ -437,6 +579,7 @@ ADMX Info: +
**Connectivity/DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards** @@ -463,6 +606,15 @@ ADMX Info: + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + > [!TIP] @@ -481,6 +633,7 @@ ADMX Info: +
**Connectivity/HardenedUNCPaths** @@ -507,6 +660,15 @@ ADMX Info: + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + This policy setting configures secure access to UNC paths. @@ -529,6 +691,7 @@ ADMX Info: +
**Connectivity/ProhibitInstallationAndConfigurationOfNetworkBridge** @@ -555,6 +718,15 @@ ADMX Info: + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + > [!TIP] diff --git a/windows/client-management/mdm/policy-csp-credentialproviders.md b/windows/client-management/mdm/policy-csp-credentialproviders.md index e253febdf8..5274de917b 100644 --- a/windows/client-management/mdm/policy-csp-credentialproviders.md +++ b/windows/client-management/mdm/policy-csp-credentialproviders.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/30/2017 +ms.date: 09/29/2017 --- # Policy CSP - CredentialProviders @@ -14,11 +14,24 @@ ms.date: 08/30/2017 > [!WARNING] > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. -
+ ## CredentialProviders policies +
+
+ CredentialProviders/AllowPINLogon +
+
+ CredentialProviders/BlockPicturePassword +
+
+ CredentialProviders/DisableAutomaticReDeploymentCredentials +
+
+ +
**CredentialProviders/AllowPINLogon** @@ -45,6 +58,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + This policy setting allows you to control whether a domain user can sign in using a convenience PIN. @@ -73,6 +95,7 @@ ADMX Info: +
**CredentialProviders/BlockPicturePassword** @@ -99,6 +122,15 @@ ADMX Info: + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + This policy setting allows you to control whether a domain user can sign in using a picture password. @@ -125,6 +157,7 @@ ADMX Info: +
**CredentialProviders/DisableAutomaticReDeploymentCredentials** @@ -151,6 +184,15 @@ ADMX Info: + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + Added in Windows 10, version 1709. Boolean policy to disable the visibility of the credential provider that triggers the PC refresh on a device. This policy does not actually trigger the refresh. The admin user is required to authenticate to trigger the refresh on the target device. diff --git a/windows/client-management/mdm/policy-csp-credentialsui.md b/windows/client-management/mdm/policy-csp-credentialsui.md index 15d68cf69e..1b7955f4e5 100644 --- a/windows/client-management/mdm/policy-csp-credentialsui.md +++ b/windows/client-management/mdm/policy-csp-credentialsui.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/30/2017 +ms.date: 09/29/2017 --- # Policy CSP - CredentialsUI @@ -14,11 +14,21 @@ ms.date: 08/30/2017 > [!WARNING] > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. -
+ ## CredentialsUI policies +
+
+ CredentialsUI/DisablePasswordReveal +
+
+ CredentialsUI/EnumerateAdministrators +
+
+ +
**CredentialsUI/DisablePasswordReveal** @@ -45,6 +55,16 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User +> * Device + +
+ + This policy setting allows you to configure the display of the password reveal button in password entry user experiences. @@ -73,6 +93,7 @@ ADMX Info: +
**CredentialsUI/EnumerateAdministrators** @@ -99,6 +120,15 @@ ADMX Info: + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + This policy setting controls whether administrator accounts are displayed when a user attempts to elevate a running application. By default, administrator accounts are not displayed when the user attempts to elevate a running application. diff --git a/windows/client-management/mdm/policy-csp-cryptography.md b/windows/client-management/mdm/policy-csp-cryptography.md index eef7cdeba4..9c5f328c19 100644 --- a/windows/client-management/mdm/policy-csp-cryptography.md +++ b/windows/client-management/mdm/policy-csp-cryptography.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/30/2017 +ms.date: 09/29/2017 --- # Policy CSP - Cryptography @@ -14,11 +14,21 @@ ms.date: 08/30/2017 > [!WARNING] > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. -
+ ## Cryptography policies +
+
+ Cryptography/AllowFipsAlgorithmPolicy +
+
+ Cryptography/TLSCipherSuites +
+
+ +
**Cryptography/AllowFipsAlgorithmPolicy** @@ -45,6 +55,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ +

Allows or disallows the Federal Information Processing Standard (FIPS) policy. @@ -55,6 +74,7 @@ ms.date: 08/30/2017 +

**Cryptography/TLSCipherSuites** @@ -81,6 +101,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ +

Lists the Cryptographic Cipher Algorithms allowed for SSL connections. Format is a semicolon delimited list. Last write win. diff --git a/windows/client-management/mdm/policy-csp-dataprotection.md b/windows/client-management/mdm/policy-csp-dataprotection.md index edba750722..1261f2c311 100644 --- a/windows/client-management/mdm/policy-csp-dataprotection.md +++ b/windows/client-management/mdm/policy-csp-dataprotection.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/30/2017 +ms.date: 09/29/2017 --- # Policy CSP - DataProtection @@ -14,11 +14,21 @@ ms.date: 08/30/2017 > [!WARNING] > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. -

+ ## DataProtection policies +
+
+ DataProtection/AllowDirectMemoryAccess +
+
+ DataProtection/LegacySelectiveWipeID +
+
+ +
**DataProtection/AllowDirectMemoryAccess** @@ -45,6 +55,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ +

This policy setting allows you to block direct memory access (DMA) for all hot pluggable PCI downstream ports until a user logs into Windows. Once a user logs in, Windows will enumerate the PCI devices connected to the host plug PCI ports. Every time the user locks the machine, DMA will be blocked on hot plug PCI ports with no children devices until the user logs in again. Devices which were already enumerated when the machine was unlocked will continue to function until unplugged. This policy setting is only enforced when BitLocker or device encryption is enabled. @@ -57,6 +76,7 @@ ms.date: 08/30/2017 +

**DataProtection/LegacySelectiveWipeID** @@ -83,6 +103,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + > [!IMPORTANT] > This policy may change in a future release. It may be used for testing purposes, but should not be used in a production environment at this time. diff --git a/windows/client-management/mdm/policy-csp-datausage.md b/windows/client-management/mdm/policy-csp-datausage.md index a8724cc2f6..540a7d26a6 100644 --- a/windows/client-management/mdm/policy-csp-datausage.md +++ b/windows/client-management/mdm/policy-csp-datausage.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/30/2017 +ms.date: 09/29/2017 --- # Policy CSP - DataUsage @@ -14,11 +14,21 @@ ms.date: 08/30/2017 > [!WARNING] > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. -
+ ## DataUsage policies +
+
+ DataUsage/SetCost3G +
+
+ DataUsage/SetCost4G +
+
+ +
**DataUsage/SetCost3G** @@ -45,6 +55,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + This policy setting configures the cost of 3G connections on the local machine. @@ -75,6 +94,7 @@ ADMX Info: +
**DataUsage/SetCost4G** @@ -101,6 +121,15 @@ ADMX Info: + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + This policy setting configures the cost of 4G connections on the local machine. diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md index 3f35e2d4eb..9d75a9f6fa 100644 --- a/windows/client-management/mdm/policy-csp-defender.md +++ b/windows/client-management/mdm/policy-csp-defender.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/30/2017 +ms.date: 09/29/2017 --- # Policy CSP - Defender @@ -14,11 +14,120 @@ ms.date: 08/30/2017 > [!WARNING] > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. -
+ ## Defender policies +
+
+ Defender/AllowArchiveScanning +
+
+ Defender/AllowBehaviorMonitoring +
+
+ Defender/AllowCloudProtection +
+
+ Defender/AllowEmailScanning +
+
+ Defender/AllowFullScanOnMappedNetworkDrives +
+
+ Defender/AllowFullScanRemovableDriveScanning +
+
+ Defender/AllowIOAVProtection +
+
+ Defender/AllowIntrusionPreventionSystem +
+
+ Defender/AllowOnAccessProtection +
+
+ Defender/AllowRealtimeMonitoring +
+
+ Defender/AllowScanningNetworkFiles +
+
+ Defender/AllowScriptScanning +
+
+ Defender/AllowUserUIAccess +
+
+ Defender/AttackSurfaceReductionOnlyExclusions +
+
+ Defender/AttackSurfaceReductionRules +
+
+ Defender/AvgCPULoadFactor +
+
+ Defender/CloudBlockLevel +
+
+ Defender/CloudExtendedTimeout +
+
+ Defender/ControlledFolderAccessAllowedApplications +
+
+ Defender/ControlledFolderAccessProtectedFolders +
+
+ Defender/DaysToRetainCleanedMalware +
+
+ Defender/EnableControlledFolderAccess +
+
+ Defender/EnableNetworkProtection +
+
+ Defender/ExcludedExtensions +
+
+ Defender/ExcludedPaths +
+
+ Defender/ExcludedProcesses +
+
+ Defender/PUAProtection +
+
+ Defender/RealTimeScanDirection +
+
+ Defender/ScanParameter +
+
+ Defender/ScheduleQuickScanTime +
+
+ Defender/ScheduleScanDay +
+
+ Defender/ScheduleScanTime +
+
+ Defender/SignatureUpdateInterval +
+
+ Defender/SubmitSamplesConsent +
+
+ Defender/ThreatSeverityDefaultAction +
+
+ +
**Defender/AllowArchiveScanning** @@ -45,6 +154,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -59,6 +177,7 @@ ms.date: 08/30/2017 +
**Defender/AllowBehaviorMonitoring** @@ -85,6 +204,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -99,6 +227,7 @@ ms.date: 08/30/2017 +
**Defender/AllowCloudProtection** @@ -125,6 +254,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -139,6 +277,7 @@ ms.date: 08/30/2017 +
**Defender/AllowEmailScanning** @@ -165,6 +304,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -179,6 +327,7 @@ ms.date: 08/30/2017 +
**Defender/AllowFullScanOnMappedNetworkDrives** @@ -205,6 +354,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -219,6 +377,7 @@ ms.date: 08/30/2017 +
**Defender/AllowFullScanRemovableDriveScanning** @@ -245,6 +404,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -259,6 +427,7 @@ ms.date: 08/30/2017 +
**Defender/AllowIOAVProtection** @@ -285,6 +454,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -299,6 +477,7 @@ ms.date: 08/30/2017 +
**Defender/AllowIntrusionPreventionSystem** @@ -325,6 +504,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -339,6 +527,7 @@ ms.date: 08/30/2017 +
**Defender/AllowOnAccessProtection** @@ -365,6 +554,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -379,6 +577,7 @@ ms.date: 08/30/2017 +
**Defender/AllowRealtimeMonitoring** @@ -405,6 +604,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -419,6 +627,7 @@ ms.date: 08/30/2017 +
**Defender/AllowScanningNetworkFiles** @@ -445,6 +654,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -459,6 +677,7 @@ ms.date: 08/30/2017 +
**Defender/AllowScriptScanning** @@ -485,6 +704,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -499,6 +727,7 @@ ms.date: 08/30/2017 +
**Defender/AllowUserUIAccess** @@ -525,6 +754,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -539,6 +777,7 @@ ms.date: 08/30/2017 +
**Defender/AttackSurfaceReductionOnlyExclusions** @@ -565,6 +804,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -576,6 +824,7 @@ ms.date: 08/30/2017 +
**Defender/AttackSurfaceReductionRules** @@ -602,6 +851,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -615,6 +873,7 @@ ms.date: 08/30/2017 +
**Defender/AvgCPULoadFactor** @@ -641,6 +900,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -654,6 +922,7 @@ ms.date: 08/30/2017 +
**Defender/CloudBlockLevel** @@ -680,6 +949,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -703,6 +981,7 @@ ms.date: 08/30/2017 +
**Defender/CloudExtendedTimeout** @@ -729,6 +1008,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -744,6 +1032,7 @@ ms.date: 08/30/2017 +
**Defender/ControlledFolderAccessAllowedApplications** @@ -770,6 +1059,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. The previous name was GuardedFoldersAllowedApplications and changed to ControlledFolderAccessAllowedApplications. @@ -778,6 +1076,7 @@ ms.date: 08/30/2017 +
**Defender/ControlledFolderAccessProtectedFolders** @@ -804,6 +1103,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. The previous name was GuardedFoldersList and changed to ControlledFolderAccessProtectedFolders. @@ -812,6 +1120,7 @@ ms.date: 08/30/2017 +
**Defender/DaysToRetainCleanedMalware** @@ -838,6 +1147,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -851,6 +1169,7 @@ ms.date: 08/30/2017 +
**Defender/EnableControlledFolderAccess** @@ -877,6 +1196,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. The previous name was EnableGuardMyFolders and changed to EnableControlledFolderAccess. @@ -889,6 +1217,7 @@ ms.date: 08/30/2017 +
**Defender/EnableNetworkProtection** @@ -915,6 +1244,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -935,6 +1273,7 @@ ms.date: 08/30/2017 +
**Defender/ExcludedExtensions** @@ -961,6 +1300,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -970,6 +1318,7 @@ ms.date: 08/30/2017 +
**Defender/ExcludedPaths** @@ -996,6 +1345,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -1005,6 +1363,7 @@ ms.date: 08/30/2017 +
**Defender/ExcludedProcesses** @@ -1031,6 +1390,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -1046,6 +1414,7 @@ ms.date: 08/30/2017 +
**Defender/PUAProtection** @@ -1072,6 +1441,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -1087,6 +1465,7 @@ ms.date: 08/30/2017 +
**Defender/RealTimeScanDirection** @@ -1113,6 +1492,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -1132,6 +1520,7 @@ ms.date: 08/30/2017 +
**Defender/ScanParameter** @@ -1158,6 +1547,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -1172,6 +1570,7 @@ ms.date: 08/30/2017 +
**Defender/ScheduleQuickScanTime** @@ -1198,6 +1597,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -1217,6 +1625,7 @@ ms.date: 08/30/2017 +
**Defender/ScheduleScanDay** @@ -1243,6 +1652,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -1268,6 +1686,7 @@ ms.date: 08/30/2017 +
**Defender/ScheduleScanTime** @@ -1294,6 +1713,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -1313,6 +1741,7 @@ ms.date: 08/30/2017 +
**Defender/SignatureUpdateInterval** @@ -1339,6 +1768,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -1354,6 +1792,7 @@ ms.date: 08/30/2017 +
**Defender/SubmitSamplesConsent** @@ -1380,6 +1819,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -1396,6 +1844,7 @@ ms.date: 08/30/2017 +
**Defender/ThreatSeverityDefaultAction** @@ -1422,6 +1871,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. diff --git a/windows/client-management/mdm/policy-csp-deliveryoptimization.md b/windows/client-management/mdm/policy-csp-deliveryoptimization.md index e352718a5d..f001c4ea3e 100644 --- a/windows/client-management/mdm/policy-csp-deliveryoptimization.md +++ b/windows/client-management/mdm/policy-csp-deliveryoptimization.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/30/2017 +ms.date: 09/29/2017 --- # Policy CSP - DeliveryOptimization @@ -14,11 +14,63 @@ ms.date: 08/30/2017 > [!WARNING] > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. -
+ ## DeliveryOptimization policies +
+
+ DeliveryOptimization/DOAbsoluteMaxCacheSize +
+
+ DeliveryOptimization/DOAllowVPNPeerCaching +
+
+ DeliveryOptimization/DODownloadMode +
+
+ DeliveryOptimization/DOGroupId +
+
+ DeliveryOptimization/DOMaxCacheAge +
+
+ DeliveryOptimization/DOMaxCacheSize +
+
+ DeliveryOptimization/DOMaxDownloadBandwidth +
+
+ DeliveryOptimization/DOMaxUploadBandwidth +
+
+ DeliveryOptimization/DOMinBackgroundQos +
+
+ DeliveryOptimization/DOMinBatteryPercentageAllowedToUpload +
+
+ DeliveryOptimization/DOMinDiskSizeAllowedToPeer +
+
+ DeliveryOptimization/DOMinFileSizeToCache +
+
+ DeliveryOptimization/DOMinRAMAllowedToPeer +
+
+ DeliveryOptimization/DOModifyCacheDrive +
+
+ DeliveryOptimization/DOMonthlyUploadDataCap +
+
+ DeliveryOptimization/DOPercentageMaxDownloadBandwidth +
+
+ +
**DeliveryOptimization/DOAbsoluteMaxCacheSize** @@ -45,6 +97,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + > [!NOTE] > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile. @@ -56,6 +117,7 @@ ms.date: 08/30/2017 +
**DeliveryOptimization/DOAllowVPNPeerCaching** @@ -82,6 +144,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + > [!NOTE] > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile. @@ -93,6 +164,7 @@ ms.date: 08/30/2017 +
**DeliveryOptimization/DODownloadMode** @@ -119,6 +191,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + > [!NOTE] > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile. @@ -137,6 +218,7 @@ ms.date: 08/30/2017 +
**DeliveryOptimization/DOGroupId** @@ -163,6 +245,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + > [!NOTE] > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile. @@ -175,6 +266,7 @@ ms.date: 08/30/2017 +
**DeliveryOptimization/DOMaxCacheAge** @@ -201,6 +293,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + > [!NOTE] > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile. @@ -212,6 +313,7 @@ ms.date: 08/30/2017 +
**DeliveryOptimization/DOMaxCacheSize** @@ -238,6 +340,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + > [!NOTE] > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile. @@ -249,6 +360,7 @@ ms.date: 08/30/2017 +
**DeliveryOptimization/DOMaxDownloadBandwidth** @@ -275,6 +387,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + > [!NOTE] > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile. @@ -286,6 +407,7 @@ ms.date: 08/30/2017 +
**DeliveryOptimization/DOMaxUploadBandwidth** @@ -312,6 +434,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + > [!NOTE] > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile. @@ -323,6 +454,7 @@ ms.date: 08/30/2017 +
**DeliveryOptimization/DOMinBackgroundQos** @@ -349,6 +481,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + > [!NOTE] > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile. @@ -360,6 +501,7 @@ ms.date: 08/30/2017 +
**DeliveryOptimization/DOMinBatteryPercentageAllowedToUpload** @@ -386,6 +528,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + > [!NOTE] > This policy is only enforced in Windows 10 Pro, Business, Enterprise, and Education editions and not supported in Windows 10 Mobile. @@ -396,6 +547,7 @@ ms.date: 08/30/2017 +
**DeliveryOptimization/DOMinDiskSizeAllowedToPeer** @@ -422,6 +574,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + > [!NOTE] > This policy is only enforced in Windows 10 Pro, Business, Enterprise, and Education editions and not supported in Windows 10 Mobile. @@ -436,6 +597,7 @@ ms.date: 08/30/2017 +
**DeliveryOptimization/DOMinFileSizeToCache** @@ -462,6 +624,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + > [!NOTE] > This policy is only enforced in Windows 10 Pro, Business, Enterprise, and Education editions and not supported in Windows 10 Mobile. @@ -473,6 +644,7 @@ ms.date: 08/30/2017 +
**DeliveryOptimization/DOMinRAMAllowedToPeer** @@ -499,6 +671,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + > [!NOTE] > This policy is only enforced in Windows 10 Pro, Business, Enterprise, and Education editions and not supported in Windows 10 Mobile. @@ -510,6 +691,7 @@ ms.date: 08/30/2017 +
**DeliveryOptimization/DOModifyCacheDrive** @@ -536,6 +718,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + > [!NOTE] > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile. @@ -547,6 +738,7 @@ ms.date: 08/30/2017 +
**DeliveryOptimization/DOMonthlyUploadDataCap** @@ -573,6 +765,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + > [!NOTE] > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile. @@ -586,6 +787,7 @@ ms.date: 08/30/2017 +
**DeliveryOptimization/DOPercentageMaxDownloadBandwidth** @@ -612,6 +814,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + > [!NOTE] > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile. diff --git a/windows/client-management/mdm/policy-csp-desktop.md b/windows/client-management/mdm/policy-csp-desktop.md index 8a3b89d0f5..8d89bebfb5 100644 --- a/windows/client-management/mdm/policy-csp-desktop.md +++ b/windows/client-management/mdm/policy-csp-desktop.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/30/2017 +ms.date: 09/29/2017 --- # Policy CSP - Desktop @@ -14,11 +14,18 @@ ms.date: 08/30/2017 > [!WARNING] > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. -
+ ## Desktop policies +
+
+ Desktop/PreventUserRedirectionOfProfileFolders +
+
+ +
**Desktop/PreventUserRedirectionOfProfileFolders** @@ -45,6 +52,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + Prevents users from changing the path to their profile folders. diff --git a/windows/client-management/mdm/policy-csp-deviceguard.md b/windows/client-management/mdm/policy-csp-deviceguard.md index df77a218e7..b45125a146 100644 --- a/windows/client-management/mdm/policy-csp-deviceguard.md +++ b/windows/client-management/mdm/policy-csp-deviceguard.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/30/2017 +ms.date: 09/29/2017 --- # Policy CSP - DeviceGuard @@ -14,11 +14,24 @@ ms.date: 08/30/2017 > [!WARNING] > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. -
+ ## DeviceGuard policies +
+
+ DeviceGuard/EnableVirtualizationBasedSecurity +
+
+ DeviceGuard/LsaCfgFlags +
+
+ DeviceGuard/RequirePlatformSecurityFeatures +
+
+ +
**DeviceGuard/EnableVirtualizationBasedSecurity** @@ -45,6 +58,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ +  

Added in Windows 10, version 1709. Turns on virtualization based security(VBS) at the next reboot. virtualization based security uses the Windows Hypervisor to provide support for security services. Value type is integer. Supported values: @@ -55,6 +77,7 @@ ms.date: 08/30/2017 +

**DeviceGuard/LsaCfgFlags** @@ -81,6 +104,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ +  

Added in Windows 10, version 1709. This setting lets users turn on Credential Guard with virtualization-based security to help protect credentials at next reboot. Value type is integer. Supported values: @@ -93,6 +125,7 @@ ms.date: 08/30/2017 +

**DeviceGuard/RequirePlatformSecurityFeatures** @@ -119,6 +152,15 @@ ms.date: 08/30/2017 + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + Added in Windows 10, version 1709. Specifies the platform security level at the next reboot. Value type is integer. Supported values: