Merge pull request #5076 from MicrosoftDocs/master

Publish 04/19/2021, 10:30 AM
2025-05-29 05:37:22 +00:00 · 2021-04-19 11:39:46 -06:00 · 2021-04-19 11:39:46 -06:00 · 81f6dec451
commit 81f6dec451
parent 3c08f213ab 2f991ef8d2
2 changed files with 69 additions and 6 deletions
--- a/windows/client-management/mdm/defender-csp.md
+++ b/windows/client-management/mdm/defender-csp.md
@ -457,8 +457,8 @@ The data type is integer.
 Supported operations are Add, Delete, Get, Replace.	

 Valid values are:	
-	1 – Enable.	
-	0 (default) – Disable.
+-	1 (default) – Enable.	
+-	0 – Disable.

 <a href="" id="configuration-meteredconnectionupdates"></a>**Configuration/MeteredConnectionUpdates**<br>
 Allow managed devices to update through metered connections. Data charges may apply.
--- a/windows/client-management/mdm/policy-csp-authentication.md
+++ b/windows/client-management/mdm/policy-csp-authentication.md
@ -7,8 +7,7 @@ ms.prod: w10
 ms.technology: windows
 author: manikadhiman
 ms.localizationpriority: medium
-ms.date: 09/27/2019
-ms.reviewer: 
+ms.reviewer: bobgil
 manager: dansimp
 ---

@ -37,6 +36,9 @@ manager: dansimp
  <dd>
    <a href="#authentication-allowsecondaryauthenticationdevice">Authentication/AllowSecondaryAuthenticationDevice</a>
  </dd>
+  <dd>
+    <a href="#authentication-configurewebsigninallowedurls">Authentication/ConfigureWebSignInAllowedUrls</a>
+  </dd>
  <dd>
    <a href="#authentication-enablefastfirstsignin">Authentication/EnableFastFirstSignIn</a>
  </dd>
@ -359,6 +361,68 @@ The following list shows the supported values:

 <hr/>

+<!--Policy-->
+<a href="" id="authentication-configurewebsigninallowedurls"></a>**Authentication/ConfigureWebSignInAllowedUrls**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10, version 1803. Specifies the list of domains that are allowed to be navigated to in AAD PIN reset and Web Sign-in Windows device scenarios where authentication is handled by AD FS or a third-party federated identity provider. Note this policy is required in federated environments as a mitigation to the vulnerability described in [CVE-2021-27092](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27092).
+
+**Example**: If your organization's PIN reset or Web Sign-in authentication flow is expected to navigate to two domains, accounts.contoso.com and signin.contoso.com, the policy value should be "accounts.contoso.com;signin.contoso.com".
+
+<!--/Description-->
+<!--SupportedValues-->
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
 <!--Policy-->
 <a href="" id="authentication-enablefastfirstsignin"></a>**Authentication/EnableFastFirstSignIn**  

@ -579,4 +643,3 @@ Footnotes:
 - 8 - Available in Windows 10, version 2004.

 <!--/Policies-->
-