diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index dfbdfefcc2..5b224029ba 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -1,5 +1,60 @@ { "redirections": [ + { + "source_path": "windows/configuration/wcd/wcd-embeddedlockdownprofiles.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/configuration/mobile-devices/configure-mobile.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/configuration/mobile-devices/lockdown-xml.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/configuration/mobile-devices/mobile-lockdown-designer.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/configuration/mobile-devices/product-ids-in-windows-10-mobile.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/configuration/mobile-devices/provisioning-configure-mobile.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/configuration/mobile-devices/provisioning-nfc.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/configuration/mobile-devices/provisioning-package-splitter.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/configuration/mobile-devices/settings-that-can-be-locked-down.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/configuration/mobile-devices/set-up-a-kiosk-for-windows-10-for-mobile-edition.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/configuration/mobile-devices/start-layout-xml-mobile.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, { "source_path": "windows/whats-new/windows-11.md", "redirect_url": "/windows/whats-new/windows-11-whats-new", @@ -6637,22 +6692,22 @@ }, { "source_path": "windows/manage/set-up-a-kiosk-for-windows-10-for-mobile-edition.md", - "redirect_url": "/windows/configuration/mobile-devices/set-up-a-kiosk-for-windows-10-for-mobile-edition", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", "redirect_document_id": false }, { "source_path": "windows/manage/lockdown-xml.md", - "redirect_url": "/windows/configuration/mobile-devices/lockdown-xml", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", "redirect_document_id": false }, { "source_path": "windows/manage/settings-that-can-be-locked-down.md", - "redirect_url": "/windows/configuration/mobile-devices/settings-that-can-be-locked-down", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", "redirect_document_id": false }, { "source_path": "windows/manage/product-ids-in-windows-10-mobile.md", - "redirect_url": "/windows/configuration/mobile-devices/product-ids-in-windows-10-mobile", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", "redirect_document_id": false }, { @@ -6682,7 +6737,7 @@ }, { "source_path": "windows/manage/start-layout-xml-mobile.md", - "redirect_url": "/windows/configuration/mobile-devices/start-layout-xml-mobile", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", "redirect_document_id": false }, { @@ -6847,7 +6902,7 @@ }, { "source_path": "windows/deploy/provisioning-nfc.md", - "redirect_url": "/windows/configuration/provisioning-packages/provisioning-nfc", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", "redirect_document_id": false }, { @@ -7602,7 +7657,7 @@ }, { "source_path": "windows/configure/configure-mobile.md", - "redirect_url": "/windows/configuration/mobile-devices/configure-mobile", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", "redirect_document_id": false }, { @@ -7767,7 +7822,7 @@ }, { "source_path": "windows/configure/lockdown-xml.md", - "redirect_url": "/windows/configuration/mobile-devices/lockdown-xml", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", "redirect_document_id": false }, { @@ -7787,12 +7842,12 @@ }, { "source_path": "windows/configure/mobile-lockdown-designer.md", - "redirect_url": "/windows/configuration/mobile-devices/mobile-lockdown-designer", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", "redirect_document_id": false }, { "source_path": "windows/configure/product-ids-in-windows-10-mobile.md", - "redirect_url": "/windows/configuration/mobile-devices/product-ids-in-windows-10-mobile", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", "redirect_document_id": false }, { @@ -7822,7 +7877,7 @@ }, { "source_path": "windows/configure/provisioning-configure-mobile.md", - "redirect_url": "/windows/configuration/mobile-devices/provisioning-configure-mobile", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", "redirect_document_id": false }, { @@ -7847,12 +7902,12 @@ }, { "source_path": "windows/configure/provisioning-nfc.md", - "redirect_url": "/windows/configuration/mobile-devices/provisioning-nfc", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", "redirect_document_id": false }, { "source_path": "windows/configure/provisioning-package-splitter.md", - "redirect_url": "/windows/configuration/mobile-devices/provisioning-package-splitter", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", "redirect_document_id": false }, { @@ -7892,7 +7947,7 @@ }, { "source_path": "windows/configure/set-up-a-kiosk-for-windows-10-for-mobile-edition.md", - "redirect_url": "/windows/configuration/mobile-devices/set-up-a-kiosk-for-windows-10-for-mobile-edition", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", "redirect_document_id": false }, { @@ -7902,7 +7957,7 @@ }, { "source_path": "windows/configure/settings-that-can-be-locked-down.md", - "redirect_url": "/windows/configuration/mobile-devices/settings-that-can-be-locked-down", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", "redirect_document_id": false }, { @@ -7912,7 +7967,7 @@ }, { "source_path": "windows/configure/start-layout-xml-mobile.md", - "redirect_url": "/windows/configuration/mobile-devices/start-layout-xml-mobile", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", "redirect_document_id": false }, { diff --git a/windows/client-management/mdm/enterpriseassignedaccess-csp.md b/windows/client-management/mdm/enterpriseassignedaccess-csp.md index 271c1d69cb..ee057f96bd 100644 --- a/windows/client-management/mdm/enterpriseassignedaccess-csp.md +++ b/windows/client-management/mdm/enterpriseassignedaccess-csp.md @@ -19,8 +19,7 @@ The EnterpriseAssignedAccess configuration service provider allows IT administra > **Note**   The EnterpriseAssignedAccess CSP is only supported in Windows 10 Mobile. - -To use an app to create a lockdown XML see [Use the Lockdown Designer app to create a Lockdown XML file](/windows/configuration/mobile-devices/mobile-lockdown-designer). For more information about how to interact with the lockdown XML at runtime, see [**DeviceLockdownProfile class**](/uwp/api/Windows.Embedded.DeviceLockdown.DeviceLockdownProfile). +For more information about how to interact with the lockdown XML at runtime, see [**DeviceLockdownProfile class**](/uwp/api/Windows.Embedded.DeviceLockdown.DeviceLockdownProfile). The following shows the EnterpriseAssignedAccess configuration service provider in tree format as used by both the Open Mobile Alliance (OMA) Device Management (DM) and OMA Client Provisioning. ``` diff --git a/windows/configuration/TOC.yml b/windows/configuration/TOC.yml index 7e2051d237..6170a3e35e 100644 --- a/windows/configuration/TOC.yml +++ b/windows/configuration/TOC.yml @@ -176,8 +176,6 @@ - name: Reference items: - - name: Configure Windows 10 Mobile devices - href: mobile-devices/configure-mobile.md - name: Windows Configuration Designer reference items: - name: Windows Configuration Designer provisioning settings (reference) @@ -229,9 +227,7 @@ - name: DMClient href: wcd/wcd-dmclient.md - name: EditionUpgrade - href: wcd/wcd-editionupgrade.md - - name: EmbeddedLockdownProfiles - href: wcd/wcd-embeddedlockdownprofiles.md + href: wcd/wcd-editionupgrade.md - name: FirewallConfiguration href: wcd/wcd-firewallconfiguration.md - name: FirstExperience @@ -389,23 +385,3 @@ href: ue-v/uev-application-template-schema-reference.md - name: Security Considerations for UE-V href: ue-v/uev-security-considerations.md - - - - name: Use Windows Configuration Designer for Windows 10 Mobile devices - items: - - name: Use Windows Configuration Designer to configure Windows 10 Mobile devices - href: mobile-devices/provisioning-configure-mobile.md - - name: NFC-based device provisioning - href: mobile-devices/provisioning-nfc.md - - name: Barcode provisioning and the package splitter tool - href: mobile-devices/provisioning-package-splitter.md - - name: Use the Lockdown Designer app to create a Lockdown XML file - href: mobile-devices/mobile-lockdown-designer.md - - name: Configure Windows 10 Mobile using Lockdown XML - href: mobile-devices/lockdown-xml.md - - name: Settings and quick actions that can be locked down in Windows 10 Mobile - href: mobile-devices/settings-that-can-be-locked-down.md - - name: Product IDs in Windows 10 Mobile - href: mobile-devices/product-ids-in-windows-10-mobile.md - - name: Start layout XML for mobile editions of Windows 10 (reference) - href: mobile-devices/start-layout-xml-mobile.md \ No newline at end of file diff --git a/windows/configuration/manage-wifi-sense-in-enterprise.md b/windows/configuration/manage-wifi-sense-in-enterprise.md index 6dc4c73ddb..bbdaae9711 100644 --- a/windows/configuration/manage-wifi-sense-in-enterprise.md +++ b/windows/configuration/manage-wifi-sense-in-enterprise.md @@ -12,15 +12,14 @@ ms.sitesec: library ms.pagetype: mobile author: greg-lindsay ms.localizationpriority: medium -ms.date: 05/02/2018 ms.topic: article --- # Manage Wi-Fi Sense in your company -**Applies to:** -- Windows 10 -- Windows 10 Mobile +**Applies to** + +- Windows 10 version 1709 and older >[!IMPORTANT] >Beginning with Windows 10, version 1803, Wifi-Sense is no longer available. The following information only applies to Windows 10, version 1709 and prior. Please see [Connecting to open Wi-Fi hotspots in Windows 10](https://privacy.microsoft.com/windows-10-open-wi-fi-hotspots) for more details. diff --git a/windows/configuration/mobile-devices/configure-mobile.md b/windows/configuration/mobile-devices/configure-mobile.md deleted file mode 100644 index fd9c3065aa..0000000000 --- a/windows/configuration/mobile-devices/configure-mobile.md +++ /dev/null @@ -1,33 +0,0 @@ ---- -title: Configure Windows 10 Mobile devices -description: -keywords: Windows 10, MDM, WSUS, Windows update -ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: security -ms.localizationpriority: medium -author: greg-lindsay -ms.author: greglin -ms.topic: article -ms.date: 07/27/2017 -ms.reviewer: -manager: dansimp ---- - -# Configure Windows 10 Mobile devices - -Windows 10 Mobile enables administrators to define what users can see and do on a device, which you might think of as "configuring" or "customizing" or "device lockdown". Your device configuration can provide a standard Start screen with pre-installed apps, or restrict various settings and features, or even limit the device to run only a single app (kiosk). - -## In this section - -| Topic | Description | -| --- | --- | -| [Set up a kiosk on Windows 10 Mobile or Windows 10 Mobile Enterprise](set-up-a-kiosk-for-windows-10-for-mobile-edition.md) | You can configure a device running Windows 10 Mobile or Windows 10 Mobile Enterprise as a kiosk device, so that users can only interact with a single application that you select. | -| [Use Windows Configuration Designer to configure Windows 10 Mobile devices](provisioning-configure-mobile.md) | Use Windows Configuration Designer to create provisioning packages. Using provisioning packages, you can easily specify desired configuration and settings required to enroll the devices into management and then apply that configuration to target devices in a matter of minutes. | -| [Use the Lockdown Designer app to configure Windows 10 Mobile devices](mobile-lockdown-designer.md) | The Lockdown Designer app provides a guided wizard-like process to generate a Lockdown XML file that you can apply to devices running Windows 10 Mobile. | -| [Configure Windows 10 Mobile using Lockdown XML](lockdown-xml.md) | Windows 10 Mobile allows enterprises to lock down a device, define multiple user roles, and configure custom layouts on a device. | -| [Start layout XML for mobile editions of Windows 10 (reference)](start-layout-xml-mobile.md) | On Windows 10 Mobile, you can use the XML-based layout to modify the Start screen and provide the most robust and complete Start customization experience. This reference topic describes the supported elements and attributes for the LayoutModification.xml file. | -| [Settings and quick actions that can be locked down in Windows 10 Mobile](settings-that-can-be-locked-down.md) | This topic lists the settings and quick actions that can be locked down in Windows 10 Mobile. | -| [Product IDs in Windows 10 Mobile](product-ids-in-windows-10-mobile.md) | You can use the product ID and Application User Model (AUMID) in Lockdown.xml to specify apps that will be available to the user. | - diff --git a/windows/configuration/mobile-devices/images/doneicon.png b/windows/configuration/mobile-devices/images/doneicon.png deleted file mode 100644 index d80389f35b..0000000000 Binary files a/windows/configuration/mobile-devices/images/doneicon.png and /dev/null differ diff --git a/windows/configuration/mobile-devices/lockdown-xml.md b/windows/configuration/mobile-devices/lockdown-xml.md deleted file mode 100644 index 87f2b7b7cf..0000000000 --- a/windows/configuration/mobile-devices/lockdown-xml.md +++ /dev/null @@ -1,868 +0,0 @@ ---- -title: Configure Windows 10 Mobile using Lockdown XML (Windows 10) -description: Windows 10 Mobile allows enterprises to lock down a device, define multiple user roles, and configure custom layouts on a device. -ms.assetid: 22C8F654-2EC3-4E6D-8666-1EA9FCF90F5F -ms.reviewer: -manager: dansimp -ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: security, mobile -author: greg-lindsay -ms.author: greglin -ms.topic: article -ms.localizationpriority: medium -ms.date: 07/27/2017 ---- - -# Configure Windows 10 Mobile using Lockdown XML - - -**Applies to** - -- Windows 10 Mobile - -Windows 10 Mobile allows enterprises to lock down a device, define multiple user roles, and configure custom layouts on a device. For example, the enterprise can lock down a device so that only applications and settings in an allow list are available. - -This is accomplished using Lockdown XML, an XML file that contains settings for Windows 10 Mobile. When you deploy the lockdown XML file to a device, it is saved on the device as **wehlockdown.xml**. When the device boots, it looks for wehlockdown.xml and applies any settings configured in the file. - -In this topic, you'll learn how to create an XML file that contains all lockdown entries available in the AssignedAccessXml area of the [EnterpriseAssignedAccess configuration service provider (CSP)](/windows/client-management/mdm/enterpriseassignedaccess-csp). This topic provides example XML that you can use in your own lockdown XML file that can be included in a provisioning package or when using a mobile device management (MDM) solution to push lockdown settings to enrolled devices. You can also use the [Lockdown Designer app](mobile-lockdown-designer.md) to configure and export your lockdown XML file. - -> [!NOTE] -> On Windows 10 desktop editions, *assigned access* is a feature that lets you configure the device to run a single app above the lockscreen ([kiosk mode](../kiosk-methods.md)). On a Windows 10 Mobile device, assigned access refers to the lockdown settings in AssignedAccessXml in the [EnterpriseAssignedAccess configuration service provider (CSP)](/windows/client-management/mdm/enterpriseassignedaccess-csp). - -If you're not familiar with CSPs, read [Introduction to configuration service providers (CSPs)](../provisioning-packages/how-it-pros-can-use-configuration-service-providers.md) first. - -## Overview of the lockdown XML file - -Let's start by looking at the basic structure of the lockdown XML file. You can start your file by pasting the following XML (or any other examples in this topic) into a text or XML editor, and saving the file as *filename*.xml. - -```xml - - - - - - - - - - - - - -``` - -**Default** and the entries beneath it establish the default device settings that are applied for every user. The device will always boot to this Default role. You can create additional roles on the device, each with its own settings, in the same XML file. [Learn how to add roles.](#configure-additional-roles) - -The settings for the Default role and other roles must be listed in your XML file in the order presented in this topic. All of the entries are optional. If you don't include a setting, that aspect of the device will operate as it would for an nonconfigured device. - ->[!TIP] ->Keep your XML file easy to work with and to understand by using proper indentation and adding comments for each setting you configure. - -## Action Center - -![XML for Action Center.](../images/ActionCenterXML.jpg) - -The Action Center setting controls whether the user can open the Action Center on the device. When the Action Center is disabled, notifications on the lockscreen and toasts are also disabled. You can use optional attributes with the Action Center element to change that behavior for either notifications, toasts, or both. - -In the following example, the Action Center is enabled and both policies are disabled. - -```xml - -``` - -In the following example, Action Center and the toast policy are enabled, and the notifications policy is disabled. - -```xml - -``` - -The following example is a complete lockdown XML file that disables Action Center, notifications, and toasts. - -```xml - - - - - - - -``` - -## Apps - -![XML for Apps.](../images/AppsXML.png) - -The Apps setting serves as an allow list and specifies the applications that will be available in the All apps list. Apps that are not included in this setting are hidden from the user and blocked from running. - -You provide the App User Model ID (AUMID) and product ID for each app in your file. The product ID identifies an app package, and an app package can contain multiple apps, so you also provide the ADUMID to differentiate the app. Optionally, you can set an app to run automatically. [Get product ID and AUMID for apps in Windows 10 Mobile.](product-ids-in-windows-10-mobile.md) - -The following example makes Outlook Calendar available on the device. - -```xml - - - - - -``` - -When you list an app, you can also set the app to be pinned to the Start screen by specifying the tile size and location. Tip: draw a grid and mark your app tiles on it to make sure you get the result you want. The width (X axis) in the following example is the limit for Windows 10 Mobile, but the length (Y axis) is unlimited. The number of columns available to you depends on the value for [StartScreenSize](#start-screen-size). - -![Grid to lay out tiles for Start.](../images/StartGrid.jpg) - -Tile sizes are: -* Small: 1x1 -* Medium: 2x2 -* Large: 2x4 - -Based on 6 columns, you can pin six small tiles or three medium tiles on a single row. A large tile can be combined with two small tiles or one medium tile on the same row. Obviously, you cannot set a medium tile for LocationX=5, or a large tile for LocationX=3, 4, or 5. - -If the tile configuration in your file exceeds the available width, such as setting a large tile to start at position 3 on the X axis, that tile is appended to the bottom of the Start screen. Also, if the tile configuration in your file would result in tiles overlapping each other, the overlapping tiles are instead appended to the bottom of the Start screen. - -In the following example, Outlook Calendar and Outlook Mail are pinned to the Start screen, and the Store app is allowed but is not pinned to Start. - -```xml - - - - - Large - - 0 - 0 - - - - - - - Medium - - 4 - 0 - - - - - - -``` - -That layout would appear on a device like this: - -![Example of the layout on a Start screen.](../images/StartGridPinnedApps.jpg) - -You can create and pin folders to Start by using the Apps setting. Each folder requires a **folderId**, which must be a consecutive positive integer starting with `1`. You can also specify a **folderName** (optional) which will be displayed on Start. - -```xml - - - - - Medium - - 4 - 0 - - - - -``` - -To add apps to the folder, include **ParentFolderId** in the application XML, as shown in the following example: - -```xml - - - - - Large - - 0 - 0 - - 1 - - - - - - Medium - - 4 - 0 - - 1 - - - -``` -When an app is contained in a folder, its **PinToStart** configuration (tile size and location) applies to its appearance when the folder is opened. - -## Buttons - -![XML for buttons.](../images/ButtonsXML.jpg) - -In the Buttons setting, you use ButtonLockdownList to disable hardware buttons and ButtonRemapList to change button events to open an app that you specify. - -### ButtonLockdownList - -When a user taps a button that is in the lockdown list, nothing will happen. The following table lists which events can be disabled for each button. - -Button | Press | PressAndHold | All ----|:---:|:---:|:--:|- -Start | ![no.](../images/crossmark.png) | ![yes](../images/checkmark.png) | ![no](../images/crossmark.png) -Back | ![yes.](../images/checkmark.png) | ![yes](../images/checkmark.png) | ![yes](../images/checkmark.png) -Search | ![yes.](../images/checkmark.png) | ![yes](../images/checkmark.png) | ![yes](../images/checkmark.png) -Camera | ![yes.](../images/checkmark.png) | ![yes](../images/checkmark.png) | ![yes](../images/checkmark.png) -Custom 1, 2, and 3 | ![yes.](../images/checkmark.png) | ![yes](../images/checkmark.png) | ![yes](../images/checkmark.png) - -> [!NOTE] -> Custom buttons are hardware buttons that can be added to devices by OEMs. - -In the following example, press-and-hold is disabled for the Back button. - -```xml - - - - - -``` - -If you don't specify a button event, all actions for the button are disabled. In the next example, all actions are disabled for the camera button. - -```xml - - - - - -``` - -### ButtonRemapList - -ButtonRemapList lets you change the app that a button will run. You can remap the Search button and any custom buttons included by the OEM. You can't remap the Back, Start, or Camera buttons. - -> [!WARNING] -> Button remapping can enable a user to open an application that is not in the allow list for that user role. Use button lock down to prevent application access for a user role. - -To remap a button, you specify the button, the event, and the product ID for the app that you want the event to open. -In the following example, when a user presses the Search button, the phone dialer will open instead of the Search app. - -```xml - - - - - -``` - -## CSPRunner - -![XML for CSP Runner.](../images/CSPRunnerXML.jpg) - -You can use CSPRunner to include settings that are not defined in AssignedAccessXML. For example, you can include settings from other sections of EnterpriseAssignedAccess CSP, such as lockscreen, theme, and time zone. You can also include settings from other CSPs, such as [Wi-Fi CSP](/windows/client-management/mdm/wifi-csp) or [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider). - -CSPRunner is helpful when you are configuring a device to support multiple roles. It lets you apply different policies according to the role that is signed on. For example, Wi-Fi could be enabled for a supervisor role and disabled for a stocking clerk role. - -In CSPRunner, you specify the CSP and settings using SyncML, a standardized markup language for device management. A SyncML section can include multiple settings, or you can use multiple SyncML sections -- it's up to you how you want to organize settings in this section. - -> [!NOTE] -> This description of SyncML is just the information that you need to use SyncML in a lockdown XML file. To learn more about SyncML, see [Structure of OMA DM provisioning files](/windows/client-management/mdm/structure-of-oma-dm-provisioning-files). - -Let's start with the structure of SyncML in the following example: - -```xml -SyncML> - - | - # - - - CSP Path - - - Data Type - - Value - - | - - - -``` - -This table explains the parts of the SyncML structure. - -SyncML entry | Description ----|--- -**Add** or **Replace** | Use **Add** to apply a setting or policy that is not already configured. Use **Replace** to change an existing setting or policy. -**CmdID** | SyncBody can contain multiple commands. Each command in a lockdown XML file must have a different **CmdID** value. -**Item** | **Item** is a wrapper for a single setting. You can include multiple items for the command if they all use the same **Add** or **Replace** operation. -**Target > LocURI** | **LocURI** is the path to the CSP. -**Meta > Format** | The data format required by the CSP. -**Data** | The value for the setting. - - -## Menu items - -![XML for menu items.](../images/MenuItemsXML.png) - -Use DisableMenuItems to prevent use of the context menu, which is displayed when a user presses and holds an application in the All Apps list. You can include this entry in the default profile and in any additional user role profiles that you create. - -```xml - - - -``` - -## Settings - -![XML for settings.](../images/SettingsXML.png) - -The **Settings** section contains an `allow` list of pages in the Settings app and quick actions. The following example allows all settings. - -```xml - - - - ``` -In earlier versions of Windows 10, you used the page name to define allowed settings. Starting in Windows 10, version 1703, you use the settings URI. - -In the following example for Windows 10, version 1703, all system setting pages that have a settings URI are enabled. - -```xml - - - - - - - - - - - -``` - -If you list a setting or quick action in **Settings**, all settings and quick actions that are not listed are blocked. To remove access to all of the settings in the system, do not include the settings application in [Apps](#apps). - -For a list of the settings and quick actions that you can allow or block, see [Settings and quick actions that can be locked down in Windows 10 Mobile](settings-that-can-be-locked-down.md). - - - ## Tiles - - ![XML for tiles.](../images/TilesXML.png) - - By default, under Assigned Access, tile manipulation is turned off (blocked) and only available if enabled in the user’s profile. If tile manipulation is enabled in the user’s profile, they can pin/unpin, move, and resize tiles based on their preferences. When multiple people use one device and you want to enable tile manipulation for multiple users, you must enable it for each user in their user profile. - - > [!IMPORTANT] - > If a device is turned off then back on, the tiles reset to their predefined layout. If a device has only one profile, the only way to reset the tiles is to turn off then turn on the device. If a device has multiple profiles, the device resets the tiles to the predefined layout based on the logged-in user’s profile. - - ```xml - - - - ``` - - ## Start screen size - - Specify the size of the Start screen. In addition to 4/6 columns, you can also use 4/6/8 depending on screen resolutions. Valid values: - -- Small sets the width to 4 columns on devices with short axis (less than 400epx) or 6 columns on devices with short axis (greater than or equal to 400epx). -- Large sets the width to 6 columns on devices with short axis (less than 400epx) or 8 columns on devices with short axis (greater than or equal to 400epx). - - If you have existing lockdown xml, you must update start screen size if your device has >=400epx on its short axis so that tiles on Start can fill all 8 columns if you want to use all 8 columns instead of 6, or use 6 columns instead of 4. - - [Learn about effective pixel width (epx) for different device size classes.](/windows/uwp/design/layout/screen-sizes-and-breakpoints-for-responsive-design) - - -## Configure additional roles - -You can add custom configurations by role. In addition to the role configuration, you must also install a login application on the device. The app displays a list of available roles on the device; the user taps a role, such as "Manager"; the configuration defined for the "Manager" role is applied. - -[Learn how to create a login application that will work with your Lockdown XML file.](https://github.com/Microsoft/Windows-universal-samples/tree/master/Samples/DeviceLockdownAzureLogin) For reference, see the [Windows.Embedded.DeviceLockdown API](/uwp/api/Windows.Embedded.DeviceLockdown). - -In the XML file, you define each role with a GUID and name, as shown in the following example: - -```xml - -``` - -You can create a GUID using a GUID generator -- free tools are available online. The GUID needs to be unique within this XML file. - -You can configure the same settings for each role as you did for the default role, except Start screen size which can only be configured for the default role. If you use CSPRunner with roles, be aware that the last CSP setting applied will be retained across roles unless explicitly changed in each role configuration. CSP settings applied by CSPRunner may conflict with settings applied by MDM. - -```xml - - - - - - - - - - - - - - - - - - - - - - - - -``` - -## Validate your XML - -You can validate your lockdown XML file against the [EnterpriseAssignedAccess XSD](/windows/client-management/mdm/enterpriseassignedaccess-xsd). - -## Add lockdown XML to a provisioning package - - -Use the Windows ICD tool included in the Windows Assessment and Deployment Kit (ADK) for Windows 10 to create a provisioning package. [Install the ADK.](https://go.microsoft.com/fwlink/p/?LinkId=526740) - -1. Follow the instructions at [Build and apply a provisioning package](../provisioning-packages/provisioning-create-package.md) to create a project, selecting **Common to all Windows mobile editions** for your project. - -2. In **Available customizations**, go to **Runtime settings** > **EmbeddedLockdownProfiles** > **AssignedAccessXml**. - -3. In the center pane, click **Browse** to locate and select the lockdown XML file that you created. - - ![browse button.](../images/icdbrowse.png) - -4. On the **File** menu, select **Save.** - -5. On the **Export** menu, select **Provisioning package**. - -6. Change **Owner** to **IT Admin**, which will set the precedence of this provisioning package higher than provisioning packages applied to this device from other sources, and then select **Next.** - -7. Optional. In the **Provisioning package security** window, you can choose to encrypt the package and enable package signing. - - - **Enable package encryption** - If you select this option, an auto-generated password will be shown on the screen. - - - **Enable package signing** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Select** and choosing the certificate you want to use to sign the package. - -8. Click **Next** to specify the output location where you want the provisioning package to go when it's built. By default, Windows ICD uses the project folder as the output location. - - Optionally, you can click **Browse** to change the default output location. - -9. Click **Next**. - -10. Click **Build** to start building the package. The provisioning package doesn't take long to build. The project information is displayed in the build page and the progress bar indicates the build status. - - If you need to cancel the build, click **Cancel**. This cancels the current build process, closes the wizard, and takes you back to the **Customizations Page**. - -11. If your build fails, an error message will show up that includes a link to the project folder. You can scan the logs to determine what caused the error. Once you fix the issue, try building the package again. - - If your build is successful, the name of the provisioning package, output directory, and project directory will be shown. - - - If you choose, you can build the provisioning package again and pick a different path for the output package. To do this, click **Back** to change the output package name and path, and then click **Next** to start another build. - - If you are done, click **Finish** to close the wizard and go back to the **Customizations Page**. - -After you build the provisioning package, follow the instructions for [applying a provisioning package at runtime to Windows 10 Mobile](../provisioning-packages/provisioning-create-package.md). - -## Push lockdown XML using MDM - - -After you deploy your devices, you can still configure lockdown settings through your MDM solution if it supports the [EnterpriseAssignedAccess CSP](/windows/client-management/mdm/enterpriseassignedaccess-csp). - -To push lockdown settings to enrolled devices, use the AssignedAccessXML setting and use the lockdown XML as the value. The lockdown XML will be in a HandheldLockdown section that becomes XML embedded in XML, so the XML that you enter must use escaped characters (such as `<` in place of <). After the MDM provider pushes your lockdown settings to the device, the CSP processes the file and updates the device. - -## Full Lockdown.xml example - -```xml - - - - - - - - - Large - - 0 - 0 - - - - - - - Small - - 0 - 2 - - - - - - - Medium - - 2 - 2 - - - - - - - - - - - - - - - - - - - - - - - - - - 1 - - - ./Vendor/MSFT/EnterpriseAssignedAccess/Theme/ThemeAccentColorID - - - int - - - 7 - - - - - - - - - 1 - - - ./Vendor/MSFT/EnterpriseAssignedAccess/Theme/ThemeBackground - - - int - - - 1 - - - - - - - - - 2 - - - ./Vendor/MSFT/EnterpriseAssignedAccess/LockScreenWallpaper/BGFileName - - - chr - text/plain - - c:\windows\system32\lockscreen\480x800\Wallpaper_05.jpg - - - - - - - - - - - - - - - - - - - - - - - - Small - - - - - - - - - Small - - 0 - 0 - - - - - - - Large - - 0 - 2 - - - - - - - - - - - - 1 - - - ./Vendor/MSFT/EnterpriseAssignedAccess/Theme/ThemeAccentColorID - - - int - - - 10 - - - - - - - - - 1 - - - ./Vendor/MSFT/EnterpriseAssignedAccess/Theme/ThemeBackground - - - int - - - 0 - - - - - - - - - 2 - - - ./Vendor/MSFT/EnterpriseAssignedAccess/LockScreenWallpaper/BGFileName - - - chr - text/plain - - c:\windows\system32\lockscreen\480x800\Wallpaper_08.jpg - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Small - - 0 - 0 - - - - - - - Small - - 1 - 0 - - - - - - - Medium - - 2 - 0 - - - - - - - - - Small - - 0 - 2 - - - - - - - Medium - - 2 - 2 - - - - - - - - - - - - 1 - - - ./Vendor/MSFT/EnterpriseAssignedAccess/Theme/ThemeAccentColorID - - - int - - - 2 - - - - - - - - - 1 - - - ./Vendor/MSFT/EnterpriseAssignedAccess/Theme/ThemeBackground - - - int - - - 1 - - - - - - - - - 2 - - - ./Vendor/MSFT/EnterpriseAssignedAccess/LockScreenWallpaper/BGFileName - - - chr - text/plain - - c:\windows\system32\lockscreen\480x800\Wallpaper_015.jpg - - - - - - - - - - - - - - - - - - -``` - -## Learn more - -[Customizing Your Device Experience with Assigned Access](https://channel9.msdn.com/Events/Build/2016/P508) - -## Related topics - - -[Settings and quick actions that can be locked down in Windows 10 Mobile](settings-that-can-be-locked-down.md) - -[Product IDs in Windows 10 Mobile](product-ids-in-windows-10-mobile.md) \ No newline at end of file diff --git a/windows/configuration/mobile-devices/mobile-lockdown-designer.md b/windows/configuration/mobile-devices/mobile-lockdown-designer.md deleted file mode 100644 index a7d82f6088..0000000000 --- a/windows/configuration/mobile-devices/mobile-lockdown-designer.md +++ /dev/null @@ -1,172 +0,0 @@ ---- -title: Use the Lockdown Designer app to create a Lockdown XML file (Windows 10) -description: -ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: security -ms.localizationpriority: medium -author: greg-lindsay -ms.author: greglin -ms.topic: article -ms.date: 07/27/2017 -ms.reviewer: -manager: dansimp ---- - -# Use the Lockdown Designer app to create a Lockdown XML file - -![Lockdown Designer in the Store.](../images/ldstore.png) - -Windows 10 Mobile allows enterprises to lock down a device, define multiple user roles, and configure custom layouts on a device. For example, the enterprise can lock down a device so that only applications and settings in an allow list are available. This is accomplished using Lockdown XML, an XML file that contains settings for Windows 10 Mobile. - -When you deploy the lockdown XML file to a device, it is saved on the device as **wehlockdown.xml**. When the device boots, it looks for wehlockdown.xml and applies any settings configured in the file. You can deploy the lockdown XML file by [adding it to a provisioning package](lockdown-xml.md#add-lockdown-xml-to-a-provisioning-package) or [by using mobile device management (MDM)](lockdown-xml.md#push-lockdown-xml-using-mdm). - -The Lockdown Designer app helps you configure and create a lockdown XML file that you can apply to devices running Windows 10 Mobile, version 1703, and includes a remote simulation to help you determine the layout for tiles on the Start screen. Lockdown Designer also validates the XML. Using Lockdown Designer is easier than [manually creating a lockdown XML file](lockdown-xml.md). - - - -## Overview - -Lockdown Designer can be installed on a PC running Windows 10, version 1607 or later. After you install the app, you connect a mobile device running Windows 10 Mobile, version 1703, to the PC. - ->[!NOTE] ->Lockdown Designer will not make any changes to the connected device, but we recommend that you use a test device. - -Lockdown Designer will populate the available settings and apps to configure from the connected device. Using the different pages in the app, you select the settings, apps, and layout to be included in the lockdown XML. - -When you're done, you export the configuration to a lockdown XML file. This configuration can be applied to any device running Windows 10 Mobile, version 1703. - ->[!NOTE] ->You can also import an existing WEHLockdown.xml file to Lockdown Designer and modify it in the app. - -## Prepare the test mobile device - -Perform these steps on the device running Windows 10 Mobile that you will use to supply the settings, apps, and layout to Lockdown Designer. - -1. Install all apps on the device that you want to include in the configuration, including line-of-business apps. - -2. On the mobile device, go to **Settings** > **Update & security** > **For developers**, enable **Developer mode**. - -3. Read the disclaimer, then click **Yes** to accept the change. - -4. Enable **Device discovery**, and then turn on **Device Portal**. - ->[!IMPORTANT] ->Check **Settings > Personalization > Start > Show more tiles** on the test mobile device. If **Show more tiles** is **On**, you must select **Large** on the [**Start screen** page](#start) in Lockdown Designer. If you want to apply a **Small** layout, set **Show more tiles** on the test mobile device to **Off**. -> ->![turn off show more tiles for small start screen size.](../images/show-more-tiles.png) - -## Prepare the PC - -[Install Lockdown Designer](https://www.microsoft.com/store/r/9nblggh40753) on the PC. - -If the PC and the test mobile device are on the same Wi-Fi network, you can connect the devices using Wi-Fi. - -If you want to connect the PC and the test mobile device using a USB cable, perform the following steps on the PC: - -1. [Install the Windows 10 Software Development Kit (SDK)](https://developer.microsoft.com/windows/downloads/windows-10-sdk). This enables the **Windows Phone IP over USB Transport (IpOverUsbSvc)** service. - -2. Open a command prompt as an administrator and run `checknetisolation LoopbackExempt -a -n=microsoft.lockdowndesigner_8wekyb3d8bbwe` - - >[!NOTE] - >Loopback is permitted only for development purposes. To remove the loopback exemption when you're done using Lockdown Designer, run `checknetisolation LoopbackExempt -d -n=microsoft.lockdowndesigner_8wekyb3d8bbwe` - - - - -## Connect the mobile device to Lockdown Designer - -**Using Wi-Fi** - -1. Open Lockdown Designer. - -2. Click **Create new project**. - -3. On the test mobile device, go to **Settings** > **Update & security** > **For developers** > **Connect using:** and get the IP address listed for **Wi-Fi**. - -2. On the **Project setting** > **General settings** page, in **Remote device IP address**, enter the IP address for the test mobile device, using `https://`. - -3. Click **Pair**. - - ![Pair.](../images/ld-pair.png) - - **Connect to remote device** appears. - -4. On the mobile device, under **Device discovery**, tap **Pair**. A case-sensitive code is displayed. - -5. On the PC, in **Connect to remote device**, enter the code from the mobile device. - -6. Next, click **Sync** to pull information from the device in to Lockdown Designer. - - ![Sync.](../images/ld-sync.png) - -7. Click the **Save** icon and enter a name for your project. - -**Using a USB cable** - -1. Open Lockdown Designer. - -2. Click **Create new project**. - -2. Connect a Windows 10 Mobile device to the PC by USB and unlock the device. - -3. On the **Project setting** > **General settings** page, click **Pair**. - - ![Pair.](../images/ld-pair.png) - - **Connect to remote device** appears. - -4. On the mobile device, under **Device discovery**, tap **Pair**. A case-sensitive code is displayed. - -5. On the PC, in **Connect to remote device**, enter the code from the mobile device. - -6. Next, click **Sync** to pull information from the device in to Lockdown Designer. - - ![Sync.](../images/ld-sync.png) - -7. Click the **Save** icon and enter a name for your project. - - -## Configure your lockdown XML settings - -The apps and settings available in the pages of Lockdown Designer should now be populated from the test mobile device. The following table describes what you can configure on each page. - -| Page | Description | -| --- | --- | -| ![Applications.](../images/ld-apps.png) | Each app from the test mobile device is listed. Select the apps that you want visible to users.

You can select an app to run automatically when a user signs in to the device. The **Select Auto-Run** menu is populated by the apps that you select to allow on the device. | -| ![CSP Runner.](../images/ld-csp.png) | CSPRunner enables you to include settings and policies that are not defined in other sections of the app. To make use of CSPRunner, you must create the SyncML block that contains the settings, and then import the SyncML in Lockdown Designer. [Learn how to use CSPRunner and author SyncML.](lockdown-xml.md#csprunner) | -| ![Settings.](../images/ld-settings.png) | On this page, you select the settings that you want visible to users. See the [ms settings: URI scheme reference](/windows/uwp/launch-resume/launch-settings-app#ms-settings-uri-scheme-reference) to see which Settings page maps to a URI. | -| ![Quick actions.](../images/ld-quick.png) | On this page, you select the settings that you want visible to users. | -| ![Buttons.](../images/ld-buttons.png) | Each hardware button on a mobile device has different actions that can be disabled. In addition, the behavior for **Search** button can be changed to open an app other than **Search**.

Some devices may have additional hardware buttons provided by the OEM. These are listed as Custom1, Custom2, and Custom3. If your device has custom hardware buttons, contact your equipment provider to identify how their custom buttons are defined. | -| ![Other settings.](../images/ld-other.png) | This page contains several settings that you can configure:

- The context menu is displayed when a user presses and holds an application in the All Apps list. You can enable or disable the context menu.

- Tile manipulation allows users to pin, unpin, move, and resize tiles on the Start screen. You can enable or disable tile manipulation.

- The Action Center setting controls whether the user can open the Action Center on the device. When the Action Center is disabled, notifications on the lockscreen and toasts are also disabled. You can use optional attributes with the Action Center element to change that behavior for either notifications, toasts, or both. | -| ![Start screen.](../images/ld-start.png) | On this page, you can start a remote simulation session with the test mobile device. Click **Start remote simulation**. You will see a **Start screen remote simulation in progress** message on the PC. (If the **Start remote simulation** button is not active, [pair the mobile device with the PC again](#pair).)

On the test mobile device, tiles for the apps that you allowed on the **Applications** page are displayed on the screen. You can move, resize, or unpin these tiles to achieve the desired layout.

When you are done changing the layout on the test mobile device, click **Accept** on the PC. | - - -## Validate and export - -On the **Validate and export** page, click **Validate** to make sure your lockdown XML is valid. - ->[!WARNING] ->Lockdown Designer cannot validate SyncML that you imported to CSPRunner. - -Click **Export** to generate the XML file for your project. You can select the location to save the file. - -## Create and configure multiple roles - -You can create additional roles for the device and have unique configurations for each role. For example, you could have one configuration for a **Manager** role and a different configuration for a **Salesperson** role. - ->[!NOTE] ->Using multiple roles on a device requires a login application that displays the list of roles and allows users to sign in to Azure Active Directory. [Learn how to create a login application that will work with your Lockdown XML file.](https://github.com/Microsoft/Windows-universal-samples/tree/master/Samples/DeviceLockdownAzureLogin) - -**For each role:** - -1. On the **Project setting** page, click **Role management**. - -2. Click **Add a role**. - -3. Enter a name for the role, and then click **Save**. - -4. Configure the settings for the role as above, but make sure on each page that you select the correct role. - - ![Current role selection box.](../images/ld-role.png) \ No newline at end of file diff --git a/windows/configuration/mobile-devices/product-ids-in-windows-10-mobile.md b/windows/configuration/mobile-devices/product-ids-in-windows-10-mobile.md deleted file mode 100644 index fbea1f61d8..0000000000 --- a/windows/configuration/mobile-devices/product-ids-in-windows-10-mobile.md +++ /dev/null @@ -1,254 +0,0 @@ ---- -title: Product IDs in Windows 10 Mobile (Windows 10) -description: You can use the product ID and Application User Model (AUMID) in Lockdown.xml to specify apps that will be available to the user. -ms.assetid: 31116BED-C16A-495A-BD44-93218A087A1C -ms.reviewer: -manager: dansimp -keywords: ["lockdown"] -ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: mobile -author: greg-lindsay -ms.author: greglin -ms.topic: article -ms.localizationpriority: medium -ms.date: 07/27/2017 ---- - -# Product IDs in Windows 10 Mobile - - -**Applies to** - -- Windows 10 Mobile - -You can use the product ID and Application User Model (AUMID) in Lockdown.xml to specify apps that will be available to the user. - -## Apps included in Windows 10 Mobile - - -The following table lists the product ID and AUMID for each app that is included in Windows 10 Mobile. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
AppProduct IDAUMID
Alarms and clock44F7D2B4-553D-4BEC-A8B7-634CE897ED5FMicrosoft.WindowsAlarms_8wekyb3d8bbwe!App
CalculatorB58171C6-C70C-4266-A2E8-8F9C994F4456Microsoft.WindowsCalculator_8wekyb3d8bbwe!App
CameraF0D8FEFD-31CD-43A1-A45A-D0276DB069F1Microsoft.WindowsCamera_8wekyb3d8bbwe!App
Contact Support0DB5FCFF-4544-458A-B320-E352DFD9CA2BWindows.ContactSupport_cw5n1h2txyewy!App
CortanaFD68DCF4-166F-4C55-A4CA-348020F71B94Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI
ExcelEAD3E7C0-FAE6-4603-8699-6A448138F4DCMicrosoft.Office.Excel_8wekyb3d8bbwe!microsoft.excel
Facebook82A23635-5BD9-DF11-A844-00237DE2DB9EMicrosoft.MSFacebook_8wekyb3d8bbwe!x82a236355bd9df11a84400237de2db9e
File ExplorerC5E2524A-EA46-4F67-841F-6A9465D9D515c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy!App
FM RadioF725010E-455D-4C09-AC48-BCDEF0D4B626N/A
Get StartedB3726308-3D74-4A14-A84C-867C8C735C3CMicrosoft.Getstarted_8wekyb3d8bbwe!App
Groove MusicD2B6A184-DA39-4C9A-9E0A-8B589B03DEC0Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic
MapsED27A07E-AF57-416B-BC0C-2596B622EF7DMicrosoft.WindowsMaps_8wekyb3d8bbwe!App
Messaging27E26F40-E031-48A6-B130-D1F20388991AMicrosoft.Messaging_8wekyb3d8bbwe!x27e26f40ye031y48a6yb130yd1f20388991ax
Microsoft Edge395589FB-5884-4709-B9DF-F7D558663FFDMicrosoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge
Money1E0440F1-7ABF-4B9A-863D-177970EEFB5EMicrosoft.BingFinance_8wekyb3d8bbwe!AppexFinance
Movies and TV6AFFE59E-0467-4701-851F-7AC026E21665Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo
News9C3E8CAD-6702-4842-8F61-B8B33CC9CAF1Microsoft.BingNews_8wekyb3d8bbwe!AppexNews
OneDriveAD543082-80EC-45BB-AA02-FFE7F4182BA8Microsoft.MicrosoftSkydrive_8wekyb3d8bbwe!App
OneNoteCA05B3AB-F157-450C-8C49-A1F127F5E71DMicrosoft.Office.OneNote_8wekyb3d8bbwe!microsoft.onenoteim
Outlook Calendar

A558FEBA-85D7-4665-B5D8-A2FF9C19799B

Microsoft.WindowsCommunicationsApps_8wekyb3d8bbwe!Microsoft.WindowsLive.Calendar

Outlook Mail

A558FEBA-85D7-4665-B5D8-A2FF9C19799B

Microsoft.WindowsCommunicationsApps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail

People60BE1FB8-3291-4B21-BD39-2221AB166481Microsoft.People_8wekyb3d8bbwe!xb94d6231y84ddy49a8yace3ybc955e769e85x
Phone (dialer)F41B5D0E-EE94-4F47-9CFE-3D3934C5A2C7Microsoft.CommsPhone_8wekyb3d8bbwe!App
PhotosFCA55E1B-B9A4-4289-882F-084EF4145005Microsoft.Windows.Photos_8wekyb3d8bbwe!App
PodcastsC3215724-B279-4206-8C3E-61D1A9D63ED3Microsoft.MSPodcast_8wekyb3d8bbwe!xc3215724yb279y4206y8c3ey61d1a9d63ed3x
PowerpointB50483C4-8046-4E1B-81BA-590B24935798Microsoft.Office.PowerPoint_8wekyb3d8bbwe!microsoft.pptim
Settings2A4E62D8-8809-4787-89F8-69D0F01654FB2a4e62d8-8809-4787-89f8-69d0f01654fb_8wekyb3d8bbwe!App
SkypeC3F8E570-68B3-4D6A-BDBB-C0A3F4360A51Microsoft.SkypeApp_kzf8qxf38zg5c!Skype.AppId
Skype Video27E26F40-E031-48A6-B130-D1F20388991AMicrosoft.Messaging_8wekyb3d8bbwe!App
Sports0F4C8C7E-7114-4E1E-A84C-50664DB13B17Microsoft.BingSports_8wekyb3d8bbwe!AppexSports
Storage5B04B775-356B-4AA0-AAF8-6491FFEA564DN/A
Store7D47D89A-7900-47C5-93F2-46EB6D94C159Microsoft.WindowsStore_8wekyb3d8bbwe!App
Voice recorder7311B9C5-A4E9-4C74-BC3C-55B06BA95AD0Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe!App
Wallet587A4577-7868-4745-A29E-F996203F1462Microsoft.MicrosoftWallet_8wekyb3d8bbwe!App
Weather63C2A117-8604-44E7-8CEF-DF10BE3A57C8Microsoft.BingWeather_8wekyb3d8bbwe!App
Windows Feedback7604089D-D13F-4A2D-9998-33FC02B63CE3Microsoft.WindowsFeedback_8wekyb3d8bbwe!App
Word258F115C-48F4-4ADB-9A68-1387E634459BMicrosoft.Office.Word_8wekyb3d8bbwe!microsoft.word
XboxB806836F-EEBE-41C9-8669-19E243B81B83Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp
- -  - - - -## Related topics - - -[Configure Windows 10 Mobile using Lockdown XML](lockdown-xml.md) - -[Settings and quick actions that can be locked down in Windows 10 Mobile](settings-that-can-be-locked-down.md) - -  - -  - - - - - diff --git a/windows/configuration/mobile-devices/provisioning-configure-mobile.md b/windows/configuration/mobile-devices/provisioning-configure-mobile.md deleted file mode 100644 index b2cd8a0e5c..0000000000 --- a/windows/configuration/mobile-devices/provisioning-configure-mobile.md +++ /dev/null @@ -1,91 +0,0 @@ ---- -title: Configure Windows 10 Mobile devices with Configuration Designer -description: Use Windows Configuration Designer to configure Windows 10 Mobile devices -keywords: phone, handheld, lockdown, customize -ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: security -ms.localizationpriority: medium -author: greg-lindsay -ms.author: greglin -ms.topic: article -ms.date: 07/27/2017 -ms.reviewer: -manager: dansimp ---- - -# Use Windows Configuration Designer to configure Windows 10 Mobile devices - -Windows provisioning makes it easy for IT administrators to configure end-user devices without imaging. Using provisioning packages, you can easily specify desired configuration, settings, and information required to enroll the devices into management, and then apply that configuration to target devices in a matter of minutes. - -A provisioning package (.ppkg) is a container for a collection of configuration settings. Using Windows Configuration Designer, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image. - -Windows Configuration Designer can be installed from the [Windows Assessment and Deployment Kit (ADK) for Windows 10](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit). Windows Configuration Designer is also available as an app in the Microsoft Store. [Learn more about installing Windows Configuration Designer.](../provisioning-packages/provisioning-install-icd.md) - -## Create a provisioning package using the wizard - -The **Provision Windows mobile devices** wizard lets you configure common settings for devices running Windows 10 Mobile in a simple, graphical workflow. - -### Start a new project - -1. Open Windows Configuration Designer: - - From either the Start screen or Start menu search, type 'Windows Configuration Designer' and click the Windows Configuration Designer shortcut, - - or - - - If you installed Windows Configuration Designer from the ADK, navigate to `C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86` (on an x64 computer) or `C:\Program Files\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86\ICD.exe` (on an x86 computer), and then double-click **ICD.exe**. - -2. On the **Start** page, choose **Provision Windows mobile devices**. - -3. Enter a name for your project, and then click **Next**. - - -### Configure settings in the wizard - - - - - - -
step oneset up device

Enter a device name.

Optionally, you can enter a product key to upgrade the device from Windows 10 Mobile to Windows 10 Mobile Enterprise. 		device name, upgrade license
step two set up network

Toggle On or Off for wireless network connectivity.

If you select On, enter the SSID, network type (Open or WPA2-Personal), and (if WPA2-Personal) the password for the wireless network.		Enter network SSID and type
step three bulk enrollment in Azure Active Directory

Before you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, set up Azure AD join in your organization. The maximum number of devices per user setting in your Azure AD tenant determines how many times the bulk token that you get in the wizard can be used.

Set an expiration date for the token (maximum is 180 days from the date you get the token). Click Get bulk token. In the Let's get you signed in window, enter an account that has permissions to join a device to Azure AD, and then the password. Click Accept to give Windows Configuration Designer the necessary permissions.

Warning: You must run Windows Configuration Designer on Windows 10 to configure Azure Active Directory enrollment using any of the wizards. 		Enter expiration and get bulk token
step four finish

You can set a password to protect your provisioning package. You must enter this password when you apply the provisioning package to a device.		Protect your package
- -After you're done, click **Create**. It only takes a few seconds. When the package is built, the location where the package is stored is displayed as a hyperlink at the bottom of the page. - -### Apply provisioning package - -You can apply a provisioning package to a device running Windows 10 Mobile by using: - -- removable media -- copying the provisioning package to the device -- [NFC tags](provisioning-nfc.md) -- [barcodes](provisioning-package-splitter.md) - -### Using removable media - -1. Insert an SD card containing the provisioning package into the device. -2. Navigate to **Settings** > **Accounts** > **Access work or school** > **Add or remove a provisioning package** > **Add a package**, and select the package to install. - - ![add a package option.](../images/packages-mobile.png) - -3. Click **Add**. - -4. On the device, the **Is this package from a source you trust?** message will appear. Tap **Yes, add it**. - - ![Is this package from a source you trust.](../images/package-trust.png) - -### Copying the provisioning package to the device - -1. Connect the device to your PC through USB. - -2. On the PC, select the provisioning package that you want to use to provision the device and then drag and drop the file to your device. - -3. On the device, the **Is this package from a source you trust?** message will appear. Tap **Yes, add it**. - - ![Is this package from a source you trust.](../images/package-trust.png) - - -## Related topics - -- [NFC-based device provisioning](provisioning-nfc.md) -- [Use the package splitter tool](provisioning-package-splitter.md) \ No newline at end of file diff --git a/windows/configuration/mobile-devices/provisioning-nfc.md b/windows/configuration/mobile-devices/provisioning-nfc.md deleted file mode 100644 index 42ff3ff229..0000000000 --- a/windows/configuration/mobile-devices/provisioning-nfc.md +++ /dev/null @@ -1,144 +0,0 @@ ---- -title: NFC-based device provisioning (Windows 10) -description: -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -author: greg-lindsay -ms.author: greglin -ms.topic: article -ms.localizationpriority: medium -ms.date: 07/27/2017 -ms.reviewer: -manager: dansimp ---- - -# NFC-based device provisioning - - -**Applies to** - -- Windows 10 Mobile - - -Near field communication (NFC) enables Windows 10 Mobile Enterprise and Windows 10 Mobile devices to communicate with an NFC tag or another NFC-enabled transmitting device. Enterprises that do bulk provisioning can use NFC-based device provisioning to provide a provisioning package to the device that's being provisioned. NFC provisioning is simple and convenient and it can easily store an entire provisioning package. - -The NFC provisioning option enables the administrator to provide a provisioning package during initial device setup (the out-of-box experience or OOBE phase). Administrators can use the NFC provisioning option to transfer provisioning information to persistent storage by tapping an unprovisioned mobile device to an NFC tag or NFC-enabled device. To use NFC for pre-provisioning a device, you must either prepare your own NFC tags by storing your provisioning package to a tag as described in this section, or build the infrastructure needed to transmit a provisioning package between an NFC-enabled device and a mobile device during OOBE. - -## Provisioning OOBE UI - -All Windows 10 Mobile Enterprise and Windows 10 Mobile images have the NFC provisioning capability incorporated into the operating system. On devices that support NFC and are running Windows 10 Mobile Enterprise or Windows 10 Mobile, NFC-based device provisioning provides an additional mechanism to provision the device during OOBE. - -On all Windows devices, device provisioning during OOBE can be triggered by 5 fast taps on the Windows hardware key, which shows the **Provision this device** screen. In the **Provision this device** screen, select **NFC** for NFC-based provisioning. - -![Example of Provision this device screen.](../images/nfc.png) - -If there is an error during NFC provisioning, the device will show a message if any of the following errors occur: - -- **NFC initialization error** - This can be caused by any error that occurs before data transfer has started. For example, if the NFC driver isn't enabled or there's an error communicating with the proximity API. -- **Interrupted download or incomplete package transfer** - This error can happen if the peer device is out of range or the transfer is aborted. This error can be caused whenever the device being provisioned fails to receive the provisioning package in time. -- **Incorrect package format** - This error can be caused by any protocol error that the operating system encounters during the data transfer between the devices. -- **NFC is disabled by policy** - Enterprises can use policies to disallow any NFC usage on the managed device. In this case, NFC functionality is not enabled. - -## NFC tag - -You can use an NFC tag for minimal provisioning and use an NFC-enabled device tag for larger provisioning packages. - -The protocol used for NFC-based device provisioning is similar to the one used for NFC provisioning on Windows Embedded 8.1 Handheld, which supported both single-chunk and multi-chunk transfer when the total transfer didn't fit in one NDEP message size. In Windows 10, the provisioning stack contains the following changes: - -- **Protocol namespace** - The protocol namespace has changed from Windows.WEH.PreStageProv.Chunk to Windows.ProvPlugins.Chunk. -- **Tag data type** - The tag data type has changed from UTF-8 into binary raw data. - - ->[!NOTE] ->The NFC tag doesn't go in the secondary device. You can transfer the NFC tag by using a provisioning package from device-to-device using the NFC radio or by re-reading the provisioning package from an NFC tag. - -### NFC tag components - -NFC tags are suitable for very light applications where minimal provisioning is required. The size of NFC tags that contain provisioning packages is typically 4 KB to 10 KB. - -To write to an NFC tag, you will need to use an NFC Writer tool, or you can use the [ProximityDevice class API](/uwp/api/Windows.Networking.Proximity.ProximityDevice) to write your own custom tool to transfer your provisioning package file to your NFC tag. The tool must publish a binary message (write) a Chunk data type to your NFC tag. - -The following table describes the information that is required when writing to an NFC tag. - -| Required field | Description | -| --- | --- | -| **Type** | Windows.ProvPlugins.Chunk

The receiving device uses this information to understand information in the Data field. | -| **Data** | Tag data with small header in raw binary format that contains a chunk of the provisioning package to be transferred. | - - - -### NFC provisioning helper - -The NFC provisioning helper device must split the provisioning package raw content into multiple parts and publish these in order. Each part should follow the following format: - -
Version
(1 byte)		Leading
(1 byte)		Order
(1 byte)		Total
(1 byte)		Chunk payload
(N bytes)
- -For each part: -- Version should always be 0x00. -- Leading byte should always be 0xFF. -- Order represents which message chunk (out of the whole message) the part belongs to. The Order begins with zero (0). -- Total represents the total number of chunks to be transferred for the whole message. -- Chunk payload represents each of the split parts. - -The NFC provisioning helper device must publish the record in a type of Windows.ProvPlugins.Chunk. - -**Code example** - -The following example shows how to write to an NFC tag. This example assumes that the tag is already in range of the writing device. - -``` - private async void WriteProvPkgToTag(IStorageFile provPkgFile) - { - var buffer = await FileIO.ReadBufferAsync(provPkgFile); - if (null == buffer) - { - return; - } - - var proximityDevice = Windows.Networking.Proximity.ProximityDevice.GetDefault(); - if (null == proximityDevice) - { - return; - } - - var dataWriter = new DataWriter(); - var header = new NfcProvHeader(); - - header.version = NFC_PROV_MESSAGE_CURRENT_VERSION; // Currently the supported version is 0x00. - header.leading = NFC_PROV_MESSAGE_LEADING_BYTE; // The leading byte should be always 0xFF. - header.index = 0; // Assume we only have 1 chunk. - header.total = 1; // Assume we only have 1 chunk. - - // Write the header first and then the raw data of the provisioning package. - dataWriter.WriteBytes(GetBytes(header)); - dataWriter.WriteBuffer(buffer); - - var chunkPubId = proximityDevice.PublishBinaryMessage( - "Windows:WriteTag.ProvPlugins.Chunk", - dataWriter.DetachBuffer()); - } -``` - - -### NFC-enabled device tag components - -Provisioning from an NFC-enabled source device allows for larger provisioning packages than can be transferred using an NFC tag. When provisioning from an NFC-enabled device, we recommend that the total file size not exceed 120 KB. Be aware that the larger the NFC file is, the longer it will take to transfer the provisioning file. Depending on your NFC hardware, the transfer time for a 120 KB file will vary between 2.5 seconds and 10 seconds. - -To provision from an NFC-enabled source device, use [ProximityDevice class API](/uwp/api/Windows.Networking.Proximity.ProximityDevice) to write your own custom tool that transfers your provisioning package in chunks to your target mobile device. The tool must publish binary messages (transmit) a Header message, followed by one or more Chunk messages. The Header specifies the total amount of data that will be transferred to the target device; the Chunks must contain binary raw data formatted provisioning data, as shown in the NFC tag components section. - -For detailed information and code samples on how to implement an NFC-enabled device tag, see **ConvertToNfcMessageAsync** in [this GitHub NfcProvisioner Universal Windows app example](https://github.com/Microsoft/Windows-universal-samples/blob/master/Samples/NfcProvisioner/cs/Scenario1.xaml.cs). The sample app shows you how to host the provisioning package on a master device so that you can transfer it to the receiving device. - - - - - - - -## Related topics - -- [Use Windows Configuration Designer to configure Windows 10 Mobile devices](provisioning-configure-mobile.md) - -- [Barcode provisioning and the package splitter tool](provisioning-package-splitter.md) - - diff --git a/windows/configuration/mobile-devices/provisioning-package-splitter.md b/windows/configuration/mobile-devices/provisioning-package-splitter.md deleted file mode 100644 index 3bfd9c31b4..0000000000 --- a/windows/configuration/mobile-devices/provisioning-package-splitter.md +++ /dev/null @@ -1,93 +0,0 @@ ---- -title: Barcode provisioning and the package splitter tool (Windows 10) -description: -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -author: greg-lindsay -ms.author: greglin -ms.topic: article -ms.localizationpriority: medium -ms.date: 07/27/2017 -ms.reviewer: -manager: dansimp ---- - -# Barcode provisioning and the package splitter tool - - -**Applies to** - -- Windows 10 Mobile - -Enterprises that do bulk provisioning can use barcode-based device provisioning to provide a provisioning package to the device that's being provisioned. - -The barcode provisioning option enables the administrator to provide a provisioning package during initial device setup (the out-of-box experience or OOBE phase). To use barcodes to provision a device, your devices must have an integrated barcode scanner. You can get the barcode format that the scanner supports from your OEM or device provider, and use your existing tools and processes to convert a provisioning package into barcodes. - -Enterprise IT professionals who want to use a barcode to provision mobile devices during OOBE can use the package splitter tool, **ppkgtobase64.exe**, which is a command-line tool to split the provisioning package into smaller files. - -The smallest provisioning package is typically 5-6 KB, which cannot fit into one single barcode. The package splitter tool allows partners to split the original provisioning package into multiple smaller sized chunks that are encoded with Base64 so that enterprises can leverage their existing tools to convert these files into barcodes. - -When you [install Windows Configuration Designer](../provisioning-packages/provisioning-install-icd.md) from the Windows Assessment and Deployment Kit (ADK), **ppkgtobase64.exe** is installed to the same folder. - -## Prerequisites - -Before you can use the tool, you must have a built provisioning package. The package file is the input to the package splitter tool. - -- To build a provisioning package using the Windows Configuration Designer UI, see [Use Windows Configuration Designer to configure Windows 10 Mobile devices](provisioning-configure-mobile.md). -- To build a provisioning package using the Windows Configuration Designer CLI, see [Windows Configuration Designer command-line interface](../provisioning-packages/provisioning-command-line.md). - -## To use the package splitter tool (ppkgtobase64.exe) - -1. Open a command-line window with administrator privileges. - - -2. From the command-line, navigate to the Windows Configuration Designer install directory. - - On an x64 computer, type: - ``` - cd C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86 - ``` - - - or - - - On an x86 computer, type: - - ``` - cd C:\Program Files\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86 - ``` - -3. Run `ppkgtobase64.exe`. The [syntax](#syntax) and [switches and arguments](#switches-and-arguments) sections provide details for the command. - - -### Syntax - -``` -ppkgtobase64.exe -i -o -s [-c] [/?] -``` - -### Switches and arguments - -| Switch | Required? | Arguments | -| --- | --- | --- | -| -i | Yes | Use to specify the path and file name of the provisioning package that you want to divide into smaller files.

The tool allows you to specify the absolute path of the provisioning package file. However, if you don't specify the path, the tool will search the current folder for a package that matches the file name you specified. | -| -o | Yes | Use to specify the directory where the output files will be saved. | -| -s | Yes | Use to specify the size of the block that will be encoded in Base64. | -| -c | No | Use to delete any files in the output directory if the directory already exists. This parameter is optional. | -| /? | No | Lists the switches and their descriptions for the command-line tool or for certain commands. | - - - - - -## Related topics - - - - - - - - - - diff --git a/windows/configuration/mobile-devices/set-up-a-kiosk-for-windows-10-for-mobile-edition.md b/windows/configuration/mobile-devices/set-up-a-kiosk-for-windows-10-for-mobile-edition.md deleted file mode 100644 index a265a544e3..0000000000 --- a/windows/configuration/mobile-devices/set-up-a-kiosk-for-windows-10-for-mobile-edition.md +++ /dev/null @@ -1,202 +0,0 @@ ---- -title: Set up a kiosk on Windows 10 Mobile or Windows 10 Mobile Enterprise (Windows 10) -description: A device in kiosk mode runs a specified app with no access to other device functions, menus, or settings. -ms.assetid: 35EC82D8-D9E8-45C3-84E9-B0C8C167BFF7 -ms.reviewer: -manager: dansimp -keywords: kiosk, lockdown, assigned access -ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: mobile -author: greg-lindsay -ms.author: greglin -ms.topic: article -ms.localizationpriority: medium -ms.date: 07/27/2017 ---- - -# Set up a kiosk on Windows 10 Mobile or Windows 10 Mobile Enterprise - - -**Applies to** - -- Windows 10 Mobile - - -A device in kiosk mode runs a specified app with no access to other device functions, menus, or settings. You use the [Enterprise Assigned Access](#enterprise-assigned-access) configuration service provider (CSP) to configure a kiosk experience. You can also configure a device running Windows 10 Mobile or Windows 10 Mobile Enterprise, version 1607 or earlier, for kiosk mode by using the [Apps Corner](#apps-corner) feature. (Apps Corner is removed in version 1703.) - - - -## Enterprise Assigned Access - - -Enterprise Assigned Access allows you to put your Windows 10 Mobile or Windows 10 Mobile Enterprise device in kiosk mode by creating a user role that has only a single app, set to run automatically, in the Allow list. - ->[!NOTE] ->The app can be a Universal Windows app, Universal Windows Phone 8 app, or a legacy Silverlight app. - - - -### Set up Enterprise Assigned Access in MDM - -In AssignedAccessXml, for Application, you enter the product ID for the app to run in kiosk mode. Find product IDs at [Product IDs in Windows 10 Mobile](product-ids-in-windows-10-mobile.md). - -[See the technical reference for the Enterprise Assigned Access configuration service provider (CSP).](/windows/client-management/mdm/enterpriseassignedaccess-csp) - -### Set up assigned access using Windows Configuration Designer - ->[!IMPORTANT] ->When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed. - -#### Create the *AssignedAccess*.xml file - -1. Create an *AssignedAccess*.xml file that specifies the app the device will run. (You can name use any file name.) For instructions on AssignedAccessXml, see [EnterpriseAssignedAccess CSP](/windows/client-management/mdm/enterpriseassignedaccess-csp). - - >[!NOTE] - >Do not escape the xml in *AssignedAccess*.xml file as Windows Configuration Designer will do that when building the package. Providing escaped xml in Windows ICD will cause building the package fail. - -#### Create the provisioning package - -1. [Install Windows Configuration Designer.](../provisioning-packages/provisioning-install-icd.md) - -2. Open Windows Configuration Designer (if you installed it from the Windows ADK, `%windir%\\Program Files (x86)\\Windows Kits\\10\\Assessment and Deployment Kit\\Imaging and Configuration Designer\\x86\\ICD.exe`). - -3. Choose **Advanced provisioning**. - - - -4. Name your project, and click **Next**. - -5. Choose **All Windows mobile editions** and click **Next**. - -6. On **New project**, click **Finish**. The workspace for your package opens. - -7. Expand **Runtime settings** > **EmbeddedLockdownProfiles**, and click **AssignedAccessXml**. - -8. Click **Browse** to select the *AssignedAccess*.xml file. - -9. On the **File** menu, select **Save.** - -10. On the **Export** menu, select **Provisioning package**. - -11. Change **Owner** to **IT Admin**, which will set the precedence of this provisioning package higher than provisioning packages applied to this device from other sources, and then select **Next.** - -12. Optional. In the **Provisioning package security** window, you can choose to encrypt the package and enable package signing. - - - **Enable package encryption** - If you select this option, an auto-generated password will be shown on the screen. - - - **Enable package signing** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Select** and choosing the certificate you want to use to sign the package. - -13. Click **Next** to specify the output location where you want the provisioning package to go when it's built. By default, Windows ICD uses the project folder as the output location. - - Optionally, you can click **Browse** to change the default output location. - -14. Click **Next**. - -15. Click **Build** to start building the package. The provisioning package doesn't take long to build. The project information is displayed in the build page and the progress bar indicates the build status. - - If you need to cancel the build, click **Cancel**. This cancels the current build process, closes the wizard, and takes you back to the **Customizations Page**. - -16. If your build fails, an error message will show up that includes a link to the project folder. You can scan the logs to determine what caused the error. Once you fix the issue, try building the package again. - - If your build is successful, the name of the provisioning package, output directory, and project directory will be shown. - - - If you choose, you can build the provisioning package again and pick a different path for the output package. To do this, click **Back** to change the output package name and path, and then click **Next** to start another build. - - If you are done, click **Finish** to close the wizard and go back to the **Customizations Page**. - -17. Select the **output location** link to go to the location of the package. - -#### Distribute the provisioning package - -You can distribute that .ppkg to mobile devices using any of the following methods: - -- Removable media (USB/SD) - - **To apply a provisioning package from removable media** - - 1. Copy the provisioning package file to the root directory on a micro SD card. - - 2. On the device, insert the micro SD card containing the provisioning package. - - 3. Go to **Settings** > **Accounts** > **Provisioning.** - - 4. Tap **Add a package**. - - 5. On the **Choose a method** screen, in the **Add from** dropdown menu, select **Removable Media**. - - 6. Select a package will list all available provisioning packages on the micro SD card. Tap the desired package, and then tap **Add**. - - 7. You will see a message that tells you what the package will do the device, such as **Adding it will: Lock down the user interface**. Tap **Yes, add it**. - - 8. Restart the device and verify that the runtime settings that were configured in the provisioning package were applied to the device. - -- Email - - **To apply a provisioning package sent in email** - - 1. Send the provisioning package in email to an account on the device. - - 2. Open the email on the device, and then double-tap the attached file. - - 3. You will see a message that tells you what the package will do the device, such as **Adding it will: Lock down the user interface**. Tap **Yes, add it**. - - 4. Restart the device and verify that the runtime settings that were configured in the provisioning package were applied to the device. - -- USB tether - - **To apply a provisioning package using USB tether** - - 1. Connect the device to your PC by USB. - - 2. Select the provisioning package that you want to use to provision the device, and then drag and drop the file to your device. - - 3. The provisioning package installation dialog will appear on the phone. - - 4. You will see a message that tells you what the package will do the device, such as **Adding it will: Lock down the user interface**. Tap **Yes, add it**. - - 5. Restart the device and verify that the runtime settings that were configured in the provisioning package were applied to the device. - - - -## Apps Corner - ->[!NOTE] ->For Windows 10, versions 1507, 1511, and 1607 only. - -Apps Corner lets you set up a custom Start screen on your Windows 10 Mobile or Windows 10 Mobile Enterprise device, where you can share only the apps you choose with the people you let use your device. You configure a device for kiosk mode by selecting a single app to use in Apps Corner. - -**To set up Apps Corner** - -1. On Start ![start.](../images/starticon.png), swipe over to the App list, then tap **Settings** ![settings](../images/settingsicon.png) > **Accounts** > **Apps Corner**. - -2. Tap **Apps**, tap to select the app that you want people to use in the kiosk mode, and then tap done ![done icon.](images/doneicon.png). - -3. If your phone doesn't already have a lock screen password, you can set one now to ensure that people can't get to your Start screen from Apps Corner. Tap **Protect my phone with a password**, click **Add**, type a PIN in the **New PIN** box, type it again in the **Confirm PIN** box, and then tap **OK**. Press **Back** ![back.](../images/backicon.png) to the Apps Corner settings. - -4. Turn **Action center** on or off, depending on whether you want people to be able to use these features when using the device in kiosk mode. - -5. Tap **advanced**, and then turn features on or off, depending on whether you want people to be able to use them. - -6. Press **Back** ![back.](../images/backicon.png) when you're done. - -**To use Apps Corner** - -1. On Start ![start.](../images/starticon.png), swipe over to the App list, then tap **Settings** ![settings](../images/settingsicon.png) > **Accounts** > **Apps Corner** > launch ![launch](../images/launchicon.png). - - >[!TIP] - >Want to get to Apps Corner with one tap? In **Settings**, tap **Apps Corner** > **pin** to pin the Apps Corner tile to your Start screen. - -2. Give the device to someone else, so they can use the device and only the one app you chose. - -3. When they're done and you get the device back, press and hold Power ![power.](../images/powericon.png), and then swipe right to exit Apps Corner. - -## Related topics - - -[Set up a kiosk on Windows 10 Pro, Enterprise, or Education](../kiosk-single-app.md) - -[Configure Windows 10 Mobile using Lockdown XML](lockdown-xml.md) - -[Product IDs in Windows 10 Mobile](product-ids-in-windows-10-mobile.md) - diff --git a/windows/configuration/mobile-devices/settings-that-can-be-locked-down.md b/windows/configuration/mobile-devices/settings-that-can-be-locked-down.md deleted file mode 100644 index c616794f43..0000000000 --- a/windows/configuration/mobile-devices/settings-that-can-be-locked-down.md +++ /dev/null @@ -1,499 +0,0 @@ ---- -title: Lock down settings and quick actions in Windows 10 Mobile -description: This topic lists the settings and quick actions that can be locked down in Windows 10 Mobile. -ms.assetid: 69E2F202-D32B-4FAC-A83D-C3051DF02185 -ms.reviewer: -manager: dansimp -keywords: ["lockdown"] -ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: mobile -author: greg-lindsay -ms.author: greglin -ms.topic: article -ms.localizationpriority: medium -ms.date: 07/27/2017 ---- - -# Settings and quick actions that can be locked down in Windows 10 Mobile - - -**Applies to** - -- Windows 10 Mobile - -This topic lists the settings and quick actions that can be locked down in Windows 10 Mobile. - -## Settings lockdown in Windows 10, version 1703 - -In earlier versions of Windows 10, you used the page name to define allowed settings. Starting in Windows 10, version 1703, you use the settings URI. - -For example, in place of **SettingsPageDisplay**, you would use **ms-settings:display**. - -See the [ms-settings: URI scheme reference](/windows/uwp/launch-resume/launch-settings-app#ms-settings-uri-scheme-reference) to find the URI for each Settings page. - -## Settings lockdown in Windows 10, version 1607 and earlier - - -You can use Lockdown.xml to configure lockdown settings. - -The following table lists the settings pages and page groups. Use the page name in the Settings section of Lockdown.xml. The Settings section contains an allow list of pages in the Settings app. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Main menuSub-menuPage name
SystemSettingsPageGroupPCSystem
DisplaySettingsPageDisplay
Notifications & actionsSettingsPageAppsNotifications
PhoneSettingsPageCalls
MessagingSettingsPageMessaging
BatterySettingsPageBatterySaver
Apps for websitesSettingsPageAppsForWebsites
StorageSettingsPageStorageSenseStorageOverview
Driving modeSettingsPageDrivingMode
Offline mapsSettingsPageMaps
AboutSettingsPagePCSystemInfo
DevicesSettingsPageGroupDevices
Default cameraSettingsPagePhotos
BluetoothSettingsPagePCSystemBluetooth
NFCSettingsPagePhoneNFC
MouseSettingsPageMouseTouchpad
USBSettingsPageUsb
Network and wirelessSettingsPageGroupNetwork
Cellular & SIMSettingsPageNetworkCellular
Wi-FiSettingsPageNetworkWiFi
Airplane modeSettingsPageNetworkAirplaneMode
Data usageSettingsPageDataSenseOverview
Mobile hotspotSettingsPageNetworkMobileHotspot
VPNSettingsPageNetworkVPN
PersonalizationSettingsPageGroupPersonalization
StartSettingsPageBackGround
ColorsSettingsPageColors
SoundsSettingsPageSounds
Lock screenSettingsPageLockscreen
Glance screenSettingsPageGlance
Navigation barSettingsNagivationBar
AccountsSettingsPageGroupAccounts
Your infoSettingsPageAccountsPicture
Sign-in optionsSettingsPageAccountsSignInOptions
Email & app accountsSettingsPageAccountsEmailApp
Access work or schoolSettingsPageWorkAccess
Sync your settingsSettingsPageAccountsSync

Apps corner

-

(disabled in Assigned Access)

SettingsPageAppsCorner
Time & languageSettingsPageGroupTimeRegion
Date & timeSettingsPageTimeRegionDateTime
LanguageSettingsPageTimeLanguage
RegionSettingsPageTimeRegion
KeyboardSettingsPageKeyboard
SpeechSettingsPageSpeech
Ease of accessSettingsPageGroupEaseOfAccess
NarratorSettingsPageEaseOfAccessNarrator
MagnifierSettingsPageEaseOfAccessMagnifier
High contrastSettingsPageEaseOfAccessHighContrast
Closed captionsSettingsPageEaseOfAccessClosedCaptioning
More optionsSettingsPageEaseOfAccessMoreOptions
PrivacySettingsPageGroupPrivacy
LocationSettingsPagePrivacyLocation
CameraSettingsPagePrivacyWebcam
MicrophoneSettingsPagePrivacyMicrophone
MotionSettingsPagePrivacyMotionData
NotificationsSettingsPagePrivacyNotifications
Speech. inking, & typingSettingsPagePrivacyPersonalization
Account infoSettingsPagePrivacyAccountInfo
ContactsSettingsPagePrivacyContacts
CalendarSettingsPagePrivacyCalendar
Phone callsSettingsPagePrivacyPhoneCall
Call historySettingsPagePrivacyCallHistory
EmailSettingsPagePrivacyEmail
MessagingSettingsPagePrivacyMessaging
RadiosSettingsPagePrivacyRadios
Continue App ExperiencesSettingsPagePrivacyCDP
Background appsSettingsPagePrivacyBackgroundApps
Accessory appsSettingsPageAccessories
Advertising IDSettingsPagePrivacyAdvertisingId
Other devicesSettingsPagePrivacyCustomPeripherals
Feedback and diagnosticsSettingsPagePrivacySIUFSettings
Update and securitySettingsPageGroupRestore
Phone updateSettingsPageRestoreMusUpdate
Windows Insider ProgramSettingsPageFlights
Device encryptionSettingsPageGroupPCSystemDeviceEncryption
BackupSettingsPageRestoreOneBackup
Find my phoneSettingsPageFindMyDevice
For developersSettingsPageSystemDeveloperOptions
OEMSettingsPageGroupExtensibility
ExtensibilitySettingsPageExtensibility
- -  - -## Quick actions lockdown - - -Quick action buttons are locked down in exactly the same way as Settings pages/groups. By default they are always conditional. - -You can specify the quick actions as follows: - -```xml - - - - - - - - - - - - - - - - - - -``` - - - -  - -## Related topics - - -[Configure Windows 10 Mobile using Lockdown XML](lockdown-xml.md) - -[Product IDs in Windows 10 Mobile](product-ids-in-windows-10-mobile.md) - -  - -  \ No newline at end of file diff --git a/windows/configuration/mobile-devices/start-layout-xml-mobile.md b/windows/configuration/mobile-devices/start-layout-xml-mobile.md deleted file mode 100644 index 858de39174..0000000000 --- a/windows/configuration/mobile-devices/start-layout-xml-mobile.md +++ /dev/null @@ -1,393 +0,0 @@ ---- -title: Start layout XML for mobile editions of Windows 10 (Windows 10) -description: This topic describes the options for customizing Start layout in LayoutModification.xml for Windows 10 mobile editions. -keywords: ["start screen"] -ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -author: greg-lindsay -ms.author: greglin -ms.topic: article -ms.localizationpriority: medium -ms.date: 07/27/2017 -ms.reviewer: -manager: dansimp ---- - -# Start layout XML for mobile editions of Windows 10 (reference) - - -**Applies to** - -- Windows 10 - ->**Looking for consumer information?** See [Customize the Start menu](https://go.microsoft.com/fwlink/p/?LinkId=623630) - - -On Windows 10 Mobile, you can use the XML-based layout to modify the Start screen and provide the most robust and complete Start customization experience. - -On Windows 10 Mobile, the customized Start works by: - -- Windows 10 performs checks to determine the correct base default layout. The checks include the mobile edition, whether the device is dual SIM, the column width, and whether Cortana is supported for the country/region. -- Windows 10 ensures that it does not overwrite the layout that you have set and will sequence the level checks and read the file layout such that any multivariant settings that you have set is not overwritten. -- Windows 10 reads the LayoutModification.xml file and appends the group to the Start screen. - -## Default Start layouts - -The following diagrams show the default Windows 10, version 1607 Start layouts for single SIM and dual SIM devices with Cortana support, and single SIM and dual SIM devices with no Cortana support. - -![Start layout for Windows 10 Mobile.](../images/mobile-start-layout.png) - -The diagrams show: - -- Tile coordinates - These are determined by the row number and the column number. -- Fold - Tiles "above the fold" are visible when users first navigate to the Start screen. Tiles "below the fold" are visible after users scroll up. -- Partner-customizable tiles - OEM and mobile operator partners can customize these areas of the Start screen by prepinning content. The partner configurable slots are: - - Rows 6-9 - - Rows 16-19 - -## LayoutModification XML - -IT admins can provision the Start layout by creating a LayoutModification.xml file. This file supports several mechanisms to modify or replace the default Start layout and its tiles. - ->[!NOTE] ->To make sure the Start layout XML parser processes your file correctly, follow these guidelines when writing your LayoutModification.xml file: ->- Do not leave spaces or white lines in between each element. ->- Do not add comments inside the StartLayout node or any of its children elements. ->- Do not add multiple rows of comments. - -The following table lists the supported elements and attributes for the LayoutModification.xml file. - -| Element | Attributes | Description | -| --- | --- | --- | -| LayoutModificationTemplate | xmlns
xmlns:defaultlayout
xmlns:start
Version | Use to describe the changes to the default Start layout. | -| DefaultLayoutOverride

Parent:
LayoutModificationTemplate | n/a | Use to specify the customized Start layout for mobile devices. | -| StartLayoutCollection

Parent:
DefaultLayoutOverride | n/a | Use to contain a collection of Start layouts. | -| StartLayout

Parent:
StartLayoutCollection | n/a | Use to specify the tile groups that will be appended to the Start screen. | -| start:Group

Parent:
StartLayout | Name | Use to specify the tiles that need to be appended to the default Start layout. | -| start:Tile

Parent:
start:Group | AppUserModelID
Size
Row
Column | Use to specify any Universal Windows app that has a valid **AppUserModelID** attribute. | -| start:SecondaryTile

Parent:
start:Group | AppUserModelID
TileID
Arguments
DisplayName
Square150x150LogoUri
ShowNameOnSquare150x150Logo
ShowNameOnWide310x150Logo
Wide310x150LogoUri
BackgroundColor
ForegroundText
IsSuggestedApp
Size
Row
Column | Use to pin a Web link through a Microsoft Edge secondary tile. | -| start:PhoneLegacyTile

Parent:
start:Group | ProductID
Size
Row
Column | Use to add a mobile app that has a valid **ProductID** attribute. | -| start:Folder

Parent:
start:Group | Name
Size
Row
Column | Use to add a folder to the mobile device's Start screen. | -| RequiredStartTiles

Parent:
LayoutModificationTemplate | n/a | Use to specify the tiles that will be pinned to the bottom of the Start screen even if a restored Start screen does not have the tiles during backup or restore. | - -### start:Group - -**start:Group** tags specify a group of tiles that will be appended to Start. You can set the **Name** attribute to specify a name for the Start group. - ->[!NOTE] ->Windows 10 Mobile only supports one Start group. - - For Windows 10 Mobile, **start:Group** tags can contain the following tags or elements: - -- **start:Tile** -- **start:SecondaryTile** -- **start:PhoneLegacyTile** -- **start:Folder** - -### Specify Start tiles - -To pin tiles to Start, you must use the right kind of tile depending on what you want to pin. - -#### Tile size and coordinates - -All tile types require a size (**Size**) and coordinates (**Row** and **Column**) attributes regardless of the tile type that you use when prepinning items to Start. - -The following table describes the attributes that you must use to specify the size and location for the tile. - -| Attribute | Description | -| --- | --- | -| Size | Determines how large the tile will be.
- 1x1 - small tile
- 2x2 - medium tile
- 4x2 - wide tile
- 4x4 - large tile | -| Row | Specifies the row where the tile will appear. | -| Column | Specifies the column where the tile will appear. | - -For example, a tile with Size="2x2", Row="2", and Column="2" results in a tile located at (2,2) where (0,0) is the top-left corner of a group. - -#### start:Tile - -You can use the **start:Tile** tag to pin a Universal Windows app to Start. - -To specify an app, you must set the **AppUserModelID** attribute to the application user model ID that's associated with the corresponding app. - -The following example shows how to pin the Microsoft Edge Universal Windows app: - -```XML - -``` - -#### start:SecondaryTile - -You can use the **start:SecondaryTile** tag to pin a Web link through a Microsoft Edge secondary tile. - -The following example shows how to create a tile of the Web site's URL using the Microsoft Edge secondary tile: - -```XML - -``` - -The following table describes the other attributes that you can use with the **start:SecondaryTile** tag in addition to **Size**, **Row**, and **Column**. - -| Attribute | Required/optional | Description | -| --- | --- | --- | -| AppUserModelID | Required | Must point to Microsoft Edge. | -| TileID | Required | Must uniquely identify your Web site tile. | -| Arguments | Required | Must contain the URL of your Web site. | -| DisplayName | Required | Must specify the text that you want users to see. | -| Square150x150LogoUri | Required | Specifies the logo to use on the 2x2 tile. | -| Wide310x150LogoUri | Optional | Specifies the logo to use on the 4x2 tile. | -| ShowNameOnSquare150x150Logo | Optional | Specifies whether the display name is shown on the 2x2 tile. You can set the value for this attribute to true or false. By default, this is set to false. | -| ShowNameOnWide310x150Logo | Optional | Specifies whether the display name is shown on the 4x2 tile. You can set the value for this attribute to true or false. By default, this is set to false. | -| BackgroundColor | Optional | Specifies the color of the tile. You can specify the value in ARGB hexadecimal (for example, #FF112233) or specify "transparent". | -| ForegroundText | Optional | Specifies the color of the foreground text. Set the value to either "light" or "dark". | - - Secondary Microsoft Edge tiles have the same size and location behavior as a Universal Windows app. - -#### start:PhoneLegacyTile - -You can use the **start:PhoneLegacyTile** tag to add a mobile app that has a valid ProductID, which you can find in the app's manifest file. The **ProductID** attribute must be set to the GUID of the app. - -The following example shows how to add a mobile app with a valid ProductID using the start:PhoneLegacyTile tag: - -```XML - -``` - -#### start:Folder - -You can use the **start:Folder** tag to add a folder to the mobile device's Start screen. - -You must set these attributes to specify the size and location of the folder: **Size**, **Row**, and **Column**. - -Optionally, you can also specify a folder name by using the **Name** attribute. If you specify a name, set the value to a string. - -The position of the tiles inside a folder is relative to the folder. You can add any of the following tile types to the folder: - -- Tile - Use to pin a Universal Windows app to Start. -- SecondaryTile - Use to pin a Web link through a Microsoft Edge secondary tile. -- PhoneLegacyTile - Use to pin a mobile app that has a valid ProductID. - -The following example shows how to add a medium folder that contains two apps inside it: - -```XML - - - - -``` - -#### RequiredStartTiles - -You can use the **RequiredStartTiles** tag to specify the tiles that will be pinned to the bottom of the Start screen even if a restored Start screen does not have the tiles during backup or restore. - ->[!NOTE] ->Enabling this Start customization may be disruptive to the user experience. - -For Windows 10 Mobile, **RequiredStartTiles** tags can contain the following tags or elements. These are similar to the tiles supported in **start:Group**. - -- Tile - Use to pin a Universal Windows app to Start. -- SecondaryTile - Use to pin a Web link through a Microsoft Edge secondary tile. -- PhoneLegacyTile - Use to pin a mobile app that has a valid ProductID. -- Folder - Use to pin a folder to the mobile device's Start screen. - -Tiles specified within the **RequiredStartTiles** tag have the following behavior: - -- The partner-pinned tiles will begin in a new row at the end of the user-restored Start screen. -- If there’s a duplicate tile between what the user has in their Start screen layout and what the OEM has pinned to the Start screen, only the app or tile shown in the user-restored Start screen layout will be shown and the duplicate tile will be omitted from the pinned partner tiles at the bottom of the Start screen. - -The lack of duplication only applies to pinned apps. Pinned Web links may be duplicated. - -- If partners have prepinned folders to the Start screen, Windows 10 treats these folders in the same way as appended apps on the Start screen. Duplicate folders will be removed. -- All partner tiles that are appended to the bottom of the user-restored Start screen will be medium-sized. There will be no gaps in the appended partner Start screen layout. Windows 10 will shift tiles accordingly to prevent gaps. - -## Sample LayoutModification.xml - -The following sample LayoutModification.xml shows how you can configure the Start layout for devices running Windows 10 Mobile: - -```XML - - - - - - - - - - - - - - - - - - - -``` - -## Use Windows Provisioning multivariant support - -The Windows Provisioning multivariant capability allows you to declare target conditions that, when met, supply specific customizations for each variant condition. For Start customization, you can create specific layouts for each variant that you have. To do this, you must create a separate LayoutModification.xml file for each variant that you want to support and then include these in your provisioning package. For more information on how to do this, see Create a provisioning package with multivariant settings. - -The provisioning engine chooses the right customization file based on the target conditions that were met, adds the file in the location that's specified for the setting, and then uses the specific file to customize Start. To differentiate between layouts, you can add modifiers to the LayoutModification.xml filename such as "LayoutCustomization1". Regardless of the modifier that you use, the provsioning engine will always output "LayoutCustomization.xml" so that the OS has a consistent file name to query against. - -For example, if you want to ensure that there's a specific layout for a certain mobile operator in a certain country/region, you can: -1. Create a specific layout customization file and then name it LayoutCustomization1.xml. -2. Include the file as part of your provisioning package. -3. Create your multivariant target and reference the XML file within the target condition in the main customization XML file. - -The following example shows what the overall customization file might look like with multivariant support for Start: - -```XML - - - - {6aaa4dfa-00d7-4aaa-8adf-73c6a7e2501e} - My Provisioning Package - 1.0 - OEM - 50 - - - - - - - - - - - - - - - - - - - - - - - 1 - 1 - 1 - - - 1 - - - - - - - - - c:\users\\appdata\local\Microsoft\Windows\Shell\LayoutCustomization1.XML - - 1 - - - - - - -``` - -When the condition is met, the provisioning engine takes the XML file and places it in the location that Windows 10 has set and then the Start subsystem reads the file and applies the specific customized layout. - -You must repeat this process for all variants that you want to support so that each variant can have a distinct layout for each of the conditions and targets that need to be supported. For example, if you add a **Language** condition, you can create a Start layout that has it's own localized group or folder titles. - -## Add the LayoutModification.xml file to the image - -Once you have created your LayoutModification.xml file to customize devices that will run Windows 10 Mobile, you can use Windows ICD to add the XML file to the device: - -1. In the **Available customizations** pane, expand **Runtime settings**, select **Start** and then click the **StartLayout** setting. -2. In the middle pane, click **Browse** to open File Explorer. -3. In the File Explorer window, navigate to the location where you saved your LayoutModification.xml file. -4. Select the file and then click **Open**. - -This should set the value of **StartLayout**. The setting appears in the **Selected customizations** pane. - - - - - - - - - - - - - - - - - - - -## Related topics - - -- [Manage Windows 10 Start layout options](../windows-10-start-layout-options-and-policies.md) -- [Configure Windows 10 taskbar](../configure-windows-10-taskbar.md) -- [Customize Windows 10 Start and taskbar with Group Policy](../customize-windows-10-start-screens-by-using-group-policy.md) -- [Customize Windows 10 Start and taskbar with ICD and provisioning packages](../customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md) -- [Customize Windows 10 Start with mobile device management (MDM)](../customize-windows-10-start-screens-by-using-mobile-device-management.md) -- [Changes to Group Policy settings for Windows 10 Start](../changes-to-start-policies-in-windows-10.md) -- [Start layout XML for desktop editions of Windows 10 (reference)](../start-layout-xml-desktop.md) - -  - -  - - - - - diff --git a/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md b/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md index 65eac1c2a8..05bf795440 100644 --- a/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md +++ b/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md @@ -70,8 +70,6 @@ When a CSP is available but is not explicitly included in your MDM solution, you ### CSPs in Lockdown XML -Starting with Windows 10 version 1703, you can use the [Lockdown Designer app](../mobile-devices/mobile-lockdown-designer.md) to configure your Lockdown XML. - ## How do you use the CSP documentation? All CSPs are documented in the [Configuration service provider reference](/windows/client-management/mdm/configuration-service-provider-reference). diff --git a/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md b/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md index f4325299ce..49a51ea3c2 100644 --- a/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md +++ b/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md @@ -159,7 +159,5 @@ After you're done, click **Create**. It only takes a few seconds. When the packa - [Settings changed when you uninstall a provisioning package](provisioning-uninstall-package.md) - [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md) - [PowerShell cmdlets for provisioning Windows client (reference)](provisioning-powershell.md) -- [NFC-based device provisioning](../mobile-devices/provisioning-nfc.md) -- [Use the package splitter tool](../mobile-devices/provisioning-package-splitter.md) - [Windows Configuration Designer command-line interface (reference)](provisioning-command-line.md) - [Create a provisioning package with multivariant settings](provisioning-multivariant.md) \ No newline at end of file diff --git a/windows/configuration/provisioning-packages/provision-pcs-with-apps-and-certificates.md b/windows/configuration/provisioning-packages/provision-pcs-with-apps-and-certificates.md index 68cfcc37af..cc911deee6 100644 --- a/windows/configuration/provisioning-packages/provision-pcs-with-apps-and-certificates.md +++ b/windows/configuration/provisioning-packages/provision-pcs-with-apps-and-certificates.md @@ -194,8 +194,6 @@ For details about the settings you can customize in provisioning packages, see [ - [Settings changed when you uninstall a provisioning package](provisioning-uninstall-package.md) - [Provision PCs with common settings for initial deployment (simple provisioning)](provision-pcs-for-initial-deployment.md) - [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md) -- [NFC-based device provisioning](../mobile-devices/provisioning-nfc.md) -- [Use the package splitter tool](../mobile-devices/provisioning-package-splitter.md) - [Windows Configuration Designer command-line interface (reference)](provisioning-command-line.md) - [Create a provisioning package with multivariant settings](provisioning-multivariant.md) diff --git a/windows/configuration/provisioning-packages/provision-pcs-with-apps.md b/windows/configuration/provisioning-packages/provision-pcs-with-apps.md index 182d0e0207..976d93c4b8 100644 --- a/windows/configuration/provisioning-packages/provision-pcs-with-apps.md +++ b/windows/configuration/provisioning-packages/provision-pcs-with-apps.md @@ -203,7 +203,5 @@ For details about the settings you can customize in provisioning packages, see [ - [Provision PCs with common settings for initial deployment (simple provisioning)](provision-pcs-for-initial-deployment.md) - [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md) - [PowerShell cmdlets for provisioning Windows client (reference)](provisioning-powershell.md) -- [NFC-based device provisioning](../mobile-devices/provisioning-nfc.md) -- [Use the package splitter tool](../mobile-devices/provisioning-package-splitter.md) - [Windows Configuration Designer command-line interface (reference)](provisioning-command-line.md) - [Create a provisioning package with multivariant settings](provisioning-multivariant.md) diff --git a/windows/configuration/provisioning-packages/provisioning-packages.md b/windows/configuration/provisioning-packages/provisioning-packages.md index b7a5d07216..0a4cc16ed5 100644 --- a/windows/configuration/provisioning-packages/provisioning-packages.md +++ b/windows/configuration/provisioning-packages/provisioning-packages.md @@ -43,7 +43,6 @@ Windows Configuration Designer is available as an [app in the Microsoft Store](h - ## Benefits of provisioning packages diff --git a/windows/configuration/start-layout-xml-desktop.md b/windows/configuration/start-layout-xml-desktop.md index 49a2494418..64b68fb707 100644 --- a/windows/configuration/start-layout-xml-desktop.md +++ b/windows/configuration/start-layout-xml-desktop.md @@ -1,6 +1,6 @@ --- title: Start layout XML for desktop editions of Windows 10 (Windows 10) -description: This topic describes the options for customizing Start layout in LayoutModification.xml for Windows 10 desktop editions. +description: This article describes the options for customizing Start layout in LayoutModification.xml for Windows 10 desktop editions. keywords: ["start screen"] ms.prod: w10 ms.mktglfcycl: manage @@ -28,9 +28,9 @@ On Windows 10 for desktop editions, the customized Start works by: - Windows 10 checks the chosen base default layout, such as the desktop edition and whether Cortana is supported for the country/region. - Windows 10 reads the LayoutModification.xml file and allows groups to be appended to Start. The groups have the following constraints: - - 2 groups that are 6 columns wide, or equivalent to the width of 3 medium tiles. - - 2 medium-sized tile rows in height. Windows 10 ignores any tiles that are pinned beyond the second row. - - No limit to the number of apps that can be pinned. There is a theoretical limit of 24 tiles per group (4 small tiles per medium square x 3 columns x 2 rows). + - Two groups that are six columns wide, or equivalent to the width of three medium tiles. + - Two medium-sized tile rows in height. Windows 10 ignores any tiles that are pinned beyond the second row. + - No limit to the number of apps that can be pinned. There's a theoretical limit of 24 tiles per group (four small tiles per medium square x 3 columns x 2 rows). >[!NOTE] >To use the layout modification XML to configure Start with roaming user profiles, see [Deploying Roaming User Profiles](/windows-server/storage/folder-redirection/deploy-roaming-user-profiles#step-7-optionally-specify-a-start-layout-for-windows-10-pcs). @@ -78,18 +78,18 @@ The following table lists the supported elements and attributes for the LayoutMo | [RequiredStartGroups](#requiredstartgroups)

Parent:
RequiredStartGroupsCollection | Region | Use to contain the AppendGroup tags, which represent groups that can be appended to the default Start layout | | [AppendGroup](#appendgroup)

Parent:
RequiredStartGroups | Name | Use to specify the tiles that need to be appended to the default Start layout | | [start:Tile](#specify-start-tiles)

Parent:
AppendGroup | AppUserModelID
Size
Row
Column | Use to specify any of the following:
- A Universal Windows app
- A Windows 8 or Windows 8.1 app

Note that AppUserModelID is case-sensitive. | -start:Folder

Parent:
start:Group | Name (in Windows 10, version 1809 and later only)
Size
Row
Column
LocalizedNameResourcetag | Use to specify a folder of icons; can include [Tile](#start-tile), [SecondaryTile](#start-secondarytile), and [DesktopApplicationTile](#start-desktopapplicationtile). -| start:DesktopApplicationTile

Parent:
AppendGroup | DesktopApplicationID
DesktopApplicationLinkPath
Size
Row
Column | Use to specify any of the following:
- A Windows desktop application with a known AppUserModelID
- An application in a known folder with a link in a legacy Start Menu folder
- A Windows desktop application link in a legacy Start Menu folder
- A Web link tile with an associated .url file that is in a legacy Start Menu folder | +| start:Folder

Parent:
start:Group | Name (in Windows 10, version 1809 and later only)
Size
Row
Column
LocalizedNameResourcetag | Use to specify a folder of icons; can include [Tile](#start-tile), [SecondaryTile](#start-secondarytile), and [DesktopApplicationTile](#start-desktopapplicationtile). | +| start:DesktopApplicationTile

Parent:
AppendGroup | DesktopApplicationID
DesktopApplicationLinkPath
Size
Row
Column | Use to specify any of the following:
- A Windows desktop application with a known AppUserModelID
- An application in a known folder with a link in a legacy Start Menu folder
- A Windows desktop application link in a legacy Start Menu folder
- A Web link tile with an associated `.url` file that is in a legacy Start Menu folder | | start:SecondaryTile

Parent:
AppendGroup | AppUserModelID
TileID
Arguments
DisplayName
Square150x150LogoUri
ShowNameOnSquare150x150Logo
ShowNameOnWide310x150Logo
Wide310x150LogoUri
BackgroundColor
ForegroundText
IsSuggestedApp
Size
Row
Column | Use to pin a Web link through a Microsoft Edge secondary tile. Note that AppUserModelID is case-sensitive. | -| TopMFUApps

Parent:
LayoutModificationTemplate | n/a | Use to add up to 3 default apps to the frequently used apps section in the system area.

**Note**: Only applies to versions of Windows 10 earlier than version 1709. In Windows 10, version 1709, you can no longer pin apps to the Most Frequently Used apps list in Start. | +| TopMFUApps

Parent:
LayoutModificationTemplate | n/a | Use to add up to three default apps to the frequently used apps section in the system area.

**Note**: Only applies to versions of Windows 10 earlier than version 1709. In Windows 10, version 1709, you can no longer pin apps to the Most Frequently Used apps list in Start. | | Tile

Parent:
TopMFUApps | AppUserModelID | Use with the TopMFUApps tags to specify an app with a known AppUserModelID.

**Note**: Only applies to versions of Windows 10 earlier than version 1709. In Windows 10, version 1709, you can no longer pin apps to the Most Frequently Used apps list in Start. | | DesktopApplicationTile

Parent:
TopMFUApps | LinkFilePath | Use with the TopMFUApps tags to specify an app without a known AppUserModelID.

**Note**: Only applies to versions of Windows 10 earlier than version 1709. In Windows 10, version 1709, you can no longer pin apps to the Most Frequently Used apps list in Start. | -| AppendOfficeSuite

Parent:
LayoutModificationTemplate | n/a | Use to add the in-box installed Office suite to Start. For more information, see [Customize the Office suite of tiles](/windows-hardware/customize/desktop/customize-start-layout#customize-the-office-suite-of-tiles).

Do not use this tag with AppendDownloadOfficeTile | +| AppendOfficeSuite

Parent:
LayoutModificationTemplate | n/a | Use to add the in-box installed Office suite to Start. For more information, see [Customize the Office suite of tiles](/windows-hardware/customize/desktop/customize-start-layout#customize-the-office-suite-of-tiles).

Don't use this tag with AppendDownloadOfficeTile. | | AppendDownloadOfficeTile

Parent:
LayoutModificationTemplate | n/a | Use to add a specific **Download Office** tile to a specific location in Start

Do not use this tag with AppendOfficeSuite | ### LayoutOptions -New devices running Windows 10 for desktop editions will default to a Start menu with 2 columns of tiles unless boot to tablet mode is enabled. Devices with screens that are under 10" have boot to tablet mode enabled by default. For these devices, users see the full screen Start on the desktop. You can adjust the following features: +New devices running Windows 10 for desktop editions will default to a Start menu with two columns of tiles unless boot to tablet mode is enabled. Devices with screens that are under 10" have boot to tablet mode enabled by default. For these devices, users see the full screen Start on the desktop. You can adjust the following features: - Boot to tablet mode can be set on or off. - Set full screen Start on desktop to on or off. @@ -97,7 +97,7 @@ New devices running Windows 10 for desktop editions will default to a Start menu - Specify the number of columns in the Start menu to 1 or 2. To do this, add the LayoutOptions element in your LayoutModification.xml file and set the StartTileGroupsColumnCount attribute to 1 or 2. -The following example shows how to use the LayoutOptions element to specify full screen Start on the desktop and to use 1 column in the Start menu: +The following example shows how to use the LayoutOptions element to specify full screen Start on the desktop and to use one column in the Start menu: ```XML [!IMPORTANT] >For Windows 10 for desktop editions, you can add a maximum of two (2) **AppendGroup** tags per **RequiredStartGroups** tag. -You can also assign regions to the append groups in the **RequiredStartGroups** tag's using the optional **Region** attribute or you can use the multivariant capabilities in Windows provisioning. If you are using the **Region** attribute, you must use a two-letter country code to specify the country/region that the append group(s) apply to. To specify more than one country/region, use a pipe ("|") delimiter as shown in the following example: +You can also assign regions to the append groups in the **RequiredStartGroups** tag's using the optional **Region** attribute or you can use the multivariant capabilities in Windows provisioning. If you're using the **Region** attribute, you must use a two-letter country code to specify the country/region that the append group(s) apply to. To specify more than one country/region, use a pipe ("|") delimiter as shown in the following example: ```XML [!NOTE] >In Start layouts for Windows 10, version 1703, you should use **DesktopApplicationID** rather than **DesktopApplicationLinkPath** if you are using Group Policy or MDM to apply the start layout and the application was installed after the user's first sign-in. @@ -210,7 +210,7 @@ You can use the **start:DesktopApplicationTile** tag to pin a Windows desktop ap If you are pointing to a third-party Windows desktop application and the layout is being applied before the first boot, you must put the .lnk file in a legacy Start Menu directory before first boot; for example, "%APPDATA%\Microsoft\Windows\Start Menu\Programs\" or the all users profile "%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\". -- By using the application's application user model ID, if this is known. If the Windows desktop application doesn't have one, use the shortcut link option. +- Use the application's application user model ID, if this is known. If the Windows desktop application doesn't have one, use the shortcut link option. You can use the [Get-StartApps cmdlet](/powershell/module/startlayout/get-startapps) on a PC that has the application pinned to Start to obtain the app ID. @@ -230,7 +230,7 @@ You can use the **start:DesktopApplicationTile** tag to pin a Windows desktop ap You can also use the **start:DesktopApplicationTile** tag as one of the methods for pinning a Web link to Start. The other method is to use a Microsoft Edge secondary tile. -To pin a legacy .url shortcut to Start, you must create .url file (right-click on the desktop, select **New** > **Shortcut**, and then type a Web URL). You must add this .url file in a legacy Start Menu directory before first boot; for example, `%APPDATA%\Microsoft\Windows\Start Menu\Programs\` or the all users profile `%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\`. +To pin a legacy `.url` shortcut to Start, you must create a `.url` file (right-click on the desktop, select **New** > **Shortcut**, and then type a Web URL). You must add this `.url` file in a legacy Start Menu directory before first boot; for example, `%APPDATA%\Microsoft\Windows\Start Menu\Programs\` or the all users profile `%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\`. The following example shows how to create a tile of the Web site's URL, which you can treat similarly to a Windows desktop application tile: @@ -248,7 +248,7 @@ The following example shows how to create a tile of the Web site's URL, which yo #### start:SecondaryTile -You can use the **start:SecondaryTile** tag to pin a Web link through a Microsoft Edge secondary tile. This method doesn't require any additional action compared to the method of using legacy .url shortcuts (through the start:DesktopApplicationTile tag). +You can use the **start:SecondaryTile** tag to pin a Web link through a Microsoft Edge secondary tile. This method doesn't require any additional action compared to the method of using legacy `.url` shortcuts (through the start:DesktopApplicationTile tag). The following example shows how to create a tile of the Web site's URL using the Microsoft Edge secondary tile: @@ -444,7 +444,7 @@ The following sample LayoutModification.xml shows how you can configure the Star The Windows Provisioning multivariant capability allows you to declare target conditions that, when met, supply specific customizations for each variant condition. For Start customization, you can create specific layouts for each variant that you have. To do this, you must create a separate LayoutModification.xml file for each variant that you want to support and then include these in your provisioning package. For more information on how to do this, see [Create a provisioning package with multivariant settings](./provisioning-packages/provisioning-multivariant.md). -The provisioning engine chooses the right customization file based on the target conditions that were met, adds the file in the location that's specified for the setting, and then uses the specific file to customize Start. To differentiate between layouts, you can add modifiers to the LayoutModification.xml filename such as "LayoutCustomization1". Regardless of the modifier that you use, the provsioning engine will always output "LayoutCustomization.xml" so that the operating system has a consistent file name to query against. +The provisioning engine chooses the right customization file based on the target conditions that were met, adds the file in the location that's specified for the setting, and then uses the specific file to customize Start. To differentiate between layouts, you can add modifiers to the LayoutModification.xml filename such as "LayoutCustomization1". Regardless of the modifier that you use, the provisioning engine will always output "LayoutCustomization.xml" so that the operating system has a consistent file name to query against. For example, if you want to ensure that there's a specific layout for a certain condition, you can: 1. Create a specific layout customization file and then name it LayoutCustomization1.xml. @@ -511,7 +511,7 @@ You must repeat this process for all variants that you want to support so that e Once you have created your LayoutModification.xml file to customize devices that will run Windows 10 for desktop editions, you can use Windows ICD methods to add the XML file to the device. -1. In the **Available customizations** pane, expand **Runtime settings**, select **Start** and then click the **StartLayout** setting. +1. In the **Available customizations** pane, expand **Runtime settings**, select **Start** > Select the **StartLayout** setting. 2. In the middle pane, click **Browse** to open File Explorer. 3. In the File Explorer window, navigate to the location where you saved your LayoutModification.xml file. 4. Select the file and then click **Open**. @@ -524,16 +524,6 @@ This should set the value of **StartLayout**. The setting appears in the **Selec Once you have created the LayoutModification.xml file and it is present in the device, the system overrides the base default layout and any Unattend settings used to customize Start. - - - - - - - - - - ## Related topics - [Manage Windows 10 Start and taskbar layout](windows-10-start-layout-options-and-policies.md) @@ -542,9 +532,5 @@ Once you have created the LayoutModification.xml file and it is present in the d - [Add image for secondary tiles](start-secondary-tiles.md) - [Customize Windows 10 Start and taskbar with Group Policy](customize-windows-10-start-screens-by-using-group-policy.md) - [Customize Windows 10 Start and taskbar with provisioning packages](customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md) -- [Customize Windows 10 Start and tasbkar with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md) +- [Customize Windows 10 Start and taskbar with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md) - [Changes to Start policies in Windows 10](changes-to-start-policies-in-windows-10.md) -- [Start layout XML for mobile editions of Windows 10 (reference)](mobile-devices/start-layout-xml-mobile.md) - - - diff --git a/windows/configuration/wcd/wcd-accounts.md b/windows/configuration/wcd/wcd-accounts.md index 2e172a122e..f5ef92247d 100644 --- a/windows/configuration/wcd/wcd-accounts.md +++ b/windows/configuration/wcd/wcd-accounts.md @@ -19,19 +19,18 @@ Use these settings to join a device to an Active Directory domain or an Azure Ac ## Applies to -| Setting groups | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| [Azure](#azure) | X | X | X | X | | -| [ComputerAccount](#computeraccount) | X | | X | | X | -| [Users](#users) | X | | X | X | | +| Setting groups | Desktop editions | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| [Azure](#azure) | ✔️ | ✔️ | ✔️ | | +| [ComputerAccount](#computeraccount) | ✔️ | ✔️ | | ✔️ | +| [Users](#users) | ✔️ | ✔️ | ✔️ | | ## Azure -The **Azure > Authority** and **Azure > BPRT** settings for bulk Azure Active Directory (Azure AD) enrollment can only be configured using one of the provisioning wizards. After you get a bulk token for Azure AD enrollment in a wizard, you can switch to the advanced editor to configure additional provisioning settings. For information about using the wizards, see: +The **Azure > Authority** and **Azure > BPRT** settings for bulk Azure Active Directory (Azure AD) enrollment can only be configured using one of the provisioning wizards. After you get a bulk token for Azure AD enrollment in a wizard, you can switch to the advanced editor to configure more provisioning settings. For information about using the wizards, see: - [Instructions for desktop wizard](../provisioning-packages/provision-pcs-for-initial-deployment.md) -- [Instructions for the mobile wizard](../mobile-devices/provisioning-configure-mobile.md) - [Instructions for the kiosk wizard](../kiosk-single-app.md#wizard) ## ComputerAccount @@ -43,11 +42,11 @@ Specifies the settings you can configure when joining a device to a domain, incl | Setting | Value | Description | | --- | --- | --- | -| Account | string | Account to use to join computer to domain | +| Account | String | Account to use to join computer to domain | | AccountOU | Enter the full path for the organizational unit. For example: OU=testOU,DC=domain,DC=Domain,DC=com. | Name of organizational unit for the computer account | -| ComputerName | On desktop PCs, this setting specifies the DNS hostname of the computer (Computer Name) up to 63 characters. Use `%RAND:x%` to generate x number of random digits in the name, where x must be a number less than 63. For domain-joined computers, the unique name must use `%RAND:x%`. Use `%SERIAL%` to generate the name with the `computer's` serial number embedded. If the serial number exceeds the character limit, it will be truncated from the beginning of the sequence. The character restriction limit does not count the length of the macros, `%RAND:x%` and `%SERIAL%`. This setting is supported only in Windows 10, version 1803 and later. To change this setting in Windows 10, version 1709 and earlier releases, use the **ComputerName** setting under **Accounts**. | Specifies the name of the Windows device (computer name on PCs) | -| DomainName | string (cannot be empty) | Specify the name of the domain that the device will join | -| Password | string (cannot be empty) | Corresponds to the password of the user account that's authorized to join the computer account to the domain. | +| ComputerName | On desktop PCs, this setting specifies the DNS hostname of the computer (Computer Name) up to 63 characters. Use `%RAND:x%` to generate x number of random digits in the name, where x must be a number less than 63. For domain-joined computers, the unique name must use `%RAND:x%`. Use `%SERIAL%` to generate the name with the `computer's` serial number embedded. If the serial number exceeds the character limit, it will be truncated from the beginning of the sequence. The character restriction limit doesn't count the length of the macros, including `%RAND:x%` and `%SERIAL%`. This setting is supported only in Windows 10, version 1803 and later. To change this setting in Windows 10 version 1709 and earlier releases, use the **ComputerName** setting under **Accounts**. | Specifies the name of the Windows device (computer name on PCs) | +| DomainName | String (cannot be empty) | Specify the name of the domain that the device will join | +| Password | String (cannot be empty) | Corresponds to the password of the user account that's authorized to join the computer account to the domain. | ## Users @@ -55,7 +54,7 @@ Use these settings to add local user accounts to the device. | Setting | Value | Description | | --- | --- | --- | -| UserName | string (cannot be empty) | Specify a name for the local user account | -| HomeDir | string (cannot be empty) | Specify the path of the home directory for the user | -| Password | string (cannot be empty) | Specify the password for the user account | -| UserGroup | string (cannot be empty) | Specify the local user group for the user | +| UserName | String (cannot be empty) | Specify a name for the local user account | +| HomeDir | String (cannot be empty) | Specify the path of the home directory for the user | +| Password | String (cannot be empty) | Specify the password for the user account | +| UserGroup | String (cannot be empty) | Specify the local user group for the user | diff --git a/windows/configuration/wcd/wcd-embeddedlockdownprofiles.md b/windows/configuration/wcd/wcd-embeddedlockdownprofiles.md deleted file mode 100644 index fe3e097ba5..0000000000 --- a/windows/configuration/wcd/wcd-embeddedlockdownprofiles.md +++ /dev/null @@ -1,32 +0,0 @@ ---- -title: EmbeddedLockdownProfiles (Windows 10) -description: This section describes the EmbeddedLockdownProfiles setting that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer. -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -author: greg-lindsay -ms.localizationpriority: medium -ms.author: greglin -ms.topic: article -ms.date: 09/06/2017 -ms.reviewer: -manager: dansimp ---- - -# EmbeddedLockdownProfiles (Windows Configuration Designer reference) - -Use to apply an XML configuration to a mobile device that locks down the device, configures custom layouts, and define multiple roles. - -## Applies to - -| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| AssignedAccessXml | | X | | | | - -1. Create a lockdown XML file, either by using [the Lockdown Designer app](../mobile-devices/mobile-lockdown-designer.md) or [manually](../mobile-devices/lockdown-xml.md). -2. In the **AssignedAccessXml** setting, browse to and select the lockdown XML file that you created. - - -## Related topics - -- [EnterpriseAssignedAccess configuration service provider (CSP)](/windows/client-management/mdm/enterpriseassignedaccess-csp) \ No newline at end of file diff --git a/windows/configuration/wcd/wcd-start.md b/windows/configuration/wcd/wcd-start.md index 743151817b..8ac49fc3d0 100644 --- a/windows/configuration/wcd/wcd-start.md +++ b/windows/configuration/wcd/wcd-start.md @@ -19,10 +19,9 @@ Use Start settings to apply a customized Start screen to devices. ## Applies to -| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| StartLayout | X | X | | | | -| StartLayoutFilePath | | X | | | | +| Setting | Desktop editions | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| StartLayout | X | | | | >[!IMPORTANT] >The StartLayout setting is available in the advanced provisioning for Windows 10 desktop editions, but should only be used to apply a layout to Windows 10 Mobile devices. For desktop editions, use [Policies > StartLayout](wcd-policies.md#start). @@ -31,11 +30,3 @@ Use Start settings to apply a customized Start screen to devices. Use StartLayout to select the `LayoutModification.xml` file that applies a customized Start screen to a mobile device. ->[!NOTE] ->The XML file that defines the Start layout for Windows 10 Mobile must be named `LayoutModification.xml`. - -For more information, see [Start layout XML for mobile editions of Windows 10](../mobile-devices/lockdown-xml.md)). - -## StartLayoutFilePath - -Do not use. diff --git a/windows/configuration/wcd/wcd.md b/windows/configuration/wcd/wcd.md index f1e1091bc6..8d75210e45 100644 --- a/windows/configuration/wcd/wcd.md +++ b/windows/configuration/wcd/wcd.md @@ -18,74 +18,74 @@ This section describes the settings that you can configure in [provisioning pack ## Edition that each group of settings applies to -| Setting group | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -[AccountManagement](wcd-accountmanagement.md) | | | | X | | -| [Accounts](wcd-accounts.md) | X | X | X | X | X | -| [ADMXIngestion](wcd-admxingestion.md) | X | | | | | -| [AssignedAccess](wcd-assignedaccess.md) | X | | | X | | -| [AutomaticTime](wcd-automatictime.md) | | X | | | | -| [Browser](wcd-browser.md) | X | X | X | | | -| [CallAndMessagingEnhancement](wcd-callandmessagingenhancement.md) | | X | | | | -| [Calling](wcd-calling.md) | | X | | | | -| [CellCore](wcd-cellcore.md) | X | X | | | | -| [Cellular](wcd-cellular.md) | X | | | | | -| [Certificates](wcd-certificates.md) | X | X | X | X | X | -| [CleanPC](wcd-cleanpc.md) | X | | | | | -| [Connections](wcd-connections.md) | X | X | X | | | -| [ConnectivityProfiles](wcd-connectivityprofiles.md) | X | X | X | X | | -| [CountryAndRegion](wcd-countryandregion.md) | X | X | X | | | -| [DesktopBackgroundAndColors](wcd-desktopbackgroundandcolors.md) | X | | | | | -| [DeveloperSetup](wcd-developersetup.md) | | | | X | | -| [DeviceFormFactor](wcd-deviceformfactor.md) | X | X | X | | | -| [DeviceInfo](wcd-deviceinfo.md) | | X | | | | -| [DeviceManagement](wcd-devicemanagement.md) | X | X | X | X | | -| [DeviceUpdateCenter](wcd-deviceupdatecenter.md) | X | | | | | -| [DMClient](wcd-dmclient.md) | X | X | X | | X | -| [EditionUpgrade](wcd-editionupgrade.md) | X | X | | X | | -| [EmbeddedLockdownProfiles](wcd-embeddedlockdownprofiles.md) | | X | | | | -| [FirewallConfiguration](wcd-firewallconfiguration.md) | | | | | X | -| [FirstExperience](wcd-firstexperience.md) | | | | X | | -| [Folders](wcd-folders.md) |X | X | X | | | -| [InitialSetup](wcd-initialsetup.md) | | X | | | | -| [InternetExplorer](wcd-internetexplorer.md) | | X | | | | -| [KioskBrowser](wcd-kioskbrowser.md) | | | | | X | -| [Licensing](wcd-licensing.md) | X | | | | | -| [Location](wcd-location.md) | | | | | X | -| [Maps](wcd-maps.md) |X | X | X | | | -| [Messaging](wcd-messaging.md) | | X | | | | -| [ModemConfigurations](wcd-modemconfigurations.md) | | X | | | | -| [Multivariant](wcd-multivariant.md) | | X | | | | -| [NetworkProxy](wcd-networkproxy.md) | | | X | | | -| [NetworkQOSPolicy](wcd-networkqospolicy.md) | | | X | | | -| [NFC](wcd-nfc.md) | | X | | | | -| [OOBE](wcd-oobe.md) | X | X | | | | -| [OtherAssets](wcd-otherassets.md) | | X | | | | -| [Personalization](wcd-personalization.md) | X | | | | | -| [Policies](wcd-policies.md) | X | X | X | X | X | -| [Privacy](wcd-folders.md) |X | X | X | | X | -| [ProvisioningCommands](wcd-provisioningcommands.md) | X | | | | | -| [RcsPresence](wcd-rcspresence.md) | | X | | | | -| [SharedPC](wcd-sharedpc.md) | X | | | | | -| [Shell](wcd-shell.md) | | X | | | | -| [SMISettings](wcd-smisettings.md) | X | | | | | -| [Start](wcd-start.md) | X | X | | | | -| [StartupApp](wcd-startupapp.md) | | | | | X | -| [StartupBackgroundTasks](wcd-startupbackgroundtasks.md) | | | | | X | -| [StorageD3InModernStandby](wcd-storaged3inmodernstandby.md) |X | X | X | | X | -| [SurfaceHubManagement](wcd-surfacehubmanagement.md) | | | X | | | -| [TabletMode](wcd-tabletmode.md) |X | X | X | | | -| [TakeATest](wcd-takeatest.md) | X | | | | | -| [TextInput](wcd-textinput.md) | | X | | | | -| [Theme](wcd-theme.md) | | X | | | | -| [Time](wcd-time.md) | X | | | | | -| [UnifiedWriteFilter](wcd-unifiedwritefilter.md) | X | | | | X | -| [UniversalAppInstall](wcd-universalappinstall.md) | X | X | X | | X | -| [UniversalAppUninstall](wcd-universalappuninstall.md) | X | X | X | | X | -| [UsbErrorsOEMOverride](wcd-usberrorsoemoverride.md) | X | X | X | | | -| [WeakCharger](wcd-weakcharger.md) |X | X | X | | | -| [WindowsHelloForBusiness](wcd-windowshelloforbusiness.md) | X | | | | | -| [WindowsTeamSettings](wcd-windowsteamsettings.md) | | | X | | | -| [Workplace](wcd-workplace.md) |X | X | X | | X | +| Setting group | Desktop editions | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| [AccountManagement](wcd-accountmanagement.md) | | | ✔️ | | +| [Accounts](wcd-accounts.md) | ✔️ | ✔️ | ✔️ | ✔️ | +| [ADMXIngestion](wcd-admxingestion.md) | ✔️ | | | | +| [AssignedAccess](wcd-assignedaccess.md) | ✔️ | | ✔️ | | +| [AutomaticTime](wcd-automatictime.md) | | | | | +| [Browser](wcd-browser.md) | ✔️ | ✔️ | | | +| [CallAndMessagingEnhancement](wcd-callandmessagingenhancement.md) | | | | | +| [Calling](wcd-calling.md) | | | | | +| [CellCore](wcd-cellcore.md) | ✔️ | | | | +| [Cellular](wcd-cellular.md) | ✔️ | | | | +| [Certificates](wcd-certificates.md) | ✔️ | ✔️ | ✔️ | ✔️ | +| [CleanPC](wcd-cleanpc.md) | ✔️ | | | | +| [Connections](wcd-connections.md) | ✔️ | ✔️ | | | +| [ConnectivityProfiles](wcd-connectivityprofiles.md) | ✔️ | ✔️ | ✔️ | | +| [CountryAndRegion](wcd-countryandregion.md) | ✔️ | ✔️ | | | +| [DesktopBackgroundAndColors](wcd-desktopbackgroundandcolors.md) | ✔️ | | | | +| [DeveloperSetup](wcd-developersetup.md) | | | ✔️ | | +| [DeviceFormFactor](wcd-deviceformfactor.md) | ✔️ | ✔️ | | | +| [DeviceInfo](wcd-deviceinfo.md) | | | | | +| [DeviceManagement](wcd-devicemanagement.md) | ✔️ | ✔️ | ✔️ | | +| [DeviceUpdateCenter](wcd-deviceupdatecenter.md) | ✔️ | | | | +| [DMClient](wcd-dmclient.md) | ✔️ | ✔️ | | ✔️ | +| [EditionUpgrade](wcd-editionupgrade.md) | ✔️ | | ✔️ | | +| [EmbeddedLockdownProfiles](wcd-embeddedlockdownprofiles.md) | | | | | +| [FirewallConfiguration](wcd-firewallconfiguration.md) | | | | ✔️ | +| [FirstExperience](wcd-firstexperience.md) | | | ✔️ | | +| [Folders](wcd-folders.md) |✔️ | ✔️ | | | +| [InitialSetup](wcd-initialsetup.md) | | | | | +| [InternetExplorer](wcd-internetexplorer.md) | | | | | +| [KioskBrowser](wcd-kioskbrowser.md) | | | | ✔️ | +| [Licensing](wcd-licensing.md) | ✔️ | | | | +| [Location](wcd-location.md) | | | | ✔️ | +| [Maps](wcd-maps.md) |✔️ | ✔️ | | | +| [Messaging](wcd-messaging.md) | | | | | +| [ModemConfigurations](wcd-modemconfigurations.md) | | | | | +| [Multivariant](wcd-multivariant.md) | | | | | +| [NetworkProxy](wcd-networkproxy.md) | | ✔️ | | | +| [NetworkQOSPolicy](wcd-networkqospolicy.md) | | ✔️ | | | +| [NFC](wcd-nfc.md) | | | | | +| [OOBE](wcd-oobe.md) | ✔️ | | | | +| [OtherAssets](wcd-otherassets.md) | | | | | +| [Personalization](wcd-personalization.md) | ✔️ | | | | +| [Policies](wcd-policies.md) | ✔️ | ✔️ | ✔️ | ✔️ | +| [Privacy](wcd-folders.md) |✔️ | ✔️ | | ✔️ | +| [ProvisioningCommands](wcd-provisioningcommands.md) | ✔️ | | | | +| [RcsPresence](wcd-rcspresence.md) | | | | | +| [SharedPC](wcd-sharedpc.md) | ✔️ | | | | +| [Shell](wcd-shell.md) | | | | | +| [SMISettings](wcd-smisettings.md) | ✔️ | | | | +| [Start](wcd-start.md) | ✔️ | | | | +| [StartupApp](wcd-startupapp.md) | | | | ✔️ | +| [StartupBackgroundTasks](wcd-startupbackgroundtasks.md) | | | | ✔️ | +| [StorageD3InModernStandby](wcd-storaged3inmodernstandby.md) |✔️ | ✔️ | | ✔️ | +| [SurfaceHubManagement](wcd-surfacehubmanagement.md) | | ✔️ | | | +| [TabletMode](wcd-tabletmode.md) |✔️ | ✔️ | | | +| [TakeATest](wcd-takeatest.md) | ✔️ | | | | +| [TextInput](wcd-textinput.md) | | | | | +| [Theme](wcd-theme.md) | | | | | +| [Time](wcd-time.md) | ✔️ | | | | +| [UnifiedWriteFilter](wcd-unifiedwritefilter.md) | ✔️ | | | ✔️ | +| [UniversalAppInstall](wcd-universalappinstall.md) | ✔️ | ✔️ | | ✔️ | +| [UniversalAppUninstall](wcd-universalappuninstall.md) | ✔️ | ✔️ | | ✔️ | +| [UsbErrorsOEMOverride](wcd-usberrorsoemoverride.md) | ✔️ | ✔️ | | | +| [WeakCharger](wcd-weakcharger.md) |✔️ | ✔️ | | | +| [WindowsHelloForBusiness](wcd-windowshelloforbusiness.md) | ✔️ | | | | +| [WindowsTeamSettings](wcd-windowsteamsettings.md) | | ✔️ | | | +| [Workplace](wcd-workplace.md) |✔️ | ✔️ | | ✔️ | diff --git a/windows/whats-new/whats-new-windows-10-version-1703.md b/windows/whats-new/whats-new-windows-10-version-1703.md index 48bf6b509b..2cc76a97e8 100644 --- a/windows/whats-new/whats-new-windows-10-version-1703.md +++ b/windows/whats-new/whats-new-windows-10-version-1703.md @@ -273,32 +273,6 @@ Learn about the new Group Policies that were added in Windows 10, version 1703. - [Group Policy Settings Reference for Windows and Windows Server](https://www.microsoft.com/download/details.aspx?id=25250) -## Windows 10 Mobile enhancements - -### Lockdown Designer - -The Lockdown Designer app helps you configure and create a lockdown XML file to apply to devices running Windows 10 Mobile, and includes a remote simulation to help you determine the layout for tiles on the Start screen. Using Lockdown Designer is easier than [manually creating a lockdown XML file](/windows/configuration/mobile-devices/lockdown-xml). - -![Lockdown Designer app in Store.](images/ldstore.png) - -[Learn more about the Lockdown Designer app.](/windows/configuration/mobile-devices/mobile-lockdown-designer) - -### Other enhancements - -Windows 10 Mobile, version 1703 also includes the following enhancements: - -- SD card encryption -- Remote PIN resets for Azure Active Directory accounts -- SMS text message archiving -- WiFi Direct management -- OTC update tool -- Continuum display management - - Individually turn off the monitor or phone screen when not in use - - individually adjust screen time-out settings -- Continuum docking solutions - - Set Ethernet port properties - - Set proxy properties for the Ethernet port - ## Miracast on existing wireless network or LAN In the Windows 10, version 1703, Microsoft has extended the ability to send a Miracast stream over a local network rather than over a direct wireless link. This functionality is based on the [Miracast over Infrastructure Connection Establishment Protocol (MS-MICE)](/openspecs/windows_protocols/ms-mice/9598ca72-d937-466c-95f6-70401bb10bdb).