deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-20 21:03:42 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'master' into v-dihans-diagnosticlog-csp

Browse Source
This commit is contained in:
Diana Hanson
2021-05-25 08:37:55 -06:00
committed by GitHub
parent 4d063c7325 5777692fa5
commit 824b3aed62
7 changed files with 55 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
windows/client-management/mdm/certificate-authentication-device-enrollment.md
View File

@ -14,7 +14,7 @@ ms.date: 06/26/2017
# Certificate authentication device enrollment
This section provides an example of the mobile device enrollment protocol using certificate authentication policy. For details about the Microsoft mobile device enrollment protocol for Windows 10, see [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2]( https://go.microsoft.com/fwlink/p/?LinkId=619347).
This section provides an example of the mobile device enrollment protocol using certificate authentication policy. For details about the Microsoft mobile device enrollment protocol for Windows 10, see [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2](https://go.microsoft.com/fwlink/p/?LinkId=619347).
> [!Note]
> To set up devices to use certificate authentication for enrollment, you should create a provisioning package. For more information about provisioning packages, see [Build and apply a provisioning package](/windows/configuration/provisioning-packages/provisioning-create-package).
@ -31,7 +31,7 @@ For the list of enrollment scenarios not supported in Windows 10, see [Enrollme
The following example shows the discovery service request.
``` syntax
```xml
POST /EnrollmentServer/Discovery.svc HTTP/1.1
Content-Type: application/soap+xml; charset=utf-8
User-Agent: Windows Enrollment Client
@ -60,7 +60,7 @@ Cache-Control: no-cache
<EmailAddress>user@contoso.com</EmailAddress>
<OSEdition>101</OSEdition> <!--New in Windows 10-->
<OSVersion>10.0.0.0</OSVersion> <!--New in Windows 10-->
<RequestVersion>3.0</RequestVersion> <!--Updated in Windows 10-->
<RequestVersion>3.0</RequestVersion> <!--Updated in Windows 10-->
<ApplicationVersion>10.0.0.0</ApplicationVersion>
<AuthPolicies>Certificate</AuthPolicies> <!--New in Windows 10-->
</request>
@ -71,7 +71,7 @@ Cache-Control: no-cache
The following example shows the discovery service response.
```
```xml
HTTP/1.1 200 OK
Content-Length: 865
Content-Type: application/soap+xml; charset=utf-8
@ -111,7 +111,7 @@ http://schemas.microsoft.com/windows/management/2012/01/enrollment/IDiscoverySer
The following example shows the policy web service request.
```
```xml
POST /ENROLLMENTSERVER/DEVICEENROLLMENTWEBSERVICE.SVC HTTP/1.1
Content-Type: application/soap+xml; charset=utf-8
User-Agent: Windows Enrollment Client
@ -183,7 +183,7 @@ Cache-Control: no-cache
The following snippet shows the policy web service response.
```
```xml
HTTP/1.1 200 OK
Date: Fri, 03 Aug 2012 20:00:00 GMT
Server: <server name here>
@ -261,7 +261,7 @@ Content-Length: xxxx
The following example shows the enrollment web service request.
```
```xml
POST /EnrollmentServer/DeviceEnrollmentWebService.svc HTTP/1.1
Content-Type: application/soap+xml; charset=utf-8
User-Agent: Windows Enrollment Client
@ -369,7 +369,7 @@ http://schemas.microsoft.com/5.0.0.0/ConfigurationManager/Enrollment/DeviceEnrol
The following example shows the enrollment web service response.
```
```xml
HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 10231
@ -422,7 +422,7 @@ Date: Fri, 03 Aug 2012 00:32:59 GMT
The following example shows the encoded provisioning XML.
```
```xml
<wap-provisioningdoc version="1.1">
<characteristic type="CertificateStore">
<characteristic type="Root">

2
windows/client-management/mdm/devdetail-ddf-file.md
View File

@ -189,7 +189,7 @@ The XML below is the current version for this CSP.
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
</Node>
<Node>
<NodeName>HwV</NodeName>
<DFProperties>

2
windows/client-management/mdm/supl-ddf-file.md
View File

@ -725,7 +725,7 @@ The XML below is the DDF for the current version for this CSP.
<Node>
<NodeName>LocMasterSwitchDependencyNII</NodeName>
<DFProperties>
<AccessType>
<AccessType>-
<Get />
<Replace />
</AccessType>

12
windows/client-management/windows-10-mobile-and-mdm.md
View File

@ -531,7 +531,7 @@ To distribute an app offline (organization-managed), the app must be downloaded
To install acquired Microsoft Store or LOB apps offline on a Windows 10 Mobile device, IT administrators can use an MDM system. The MDM system distributes the app packages that you downloaded from Microsoft Store (also called sideloading) to Windows 10 Mobile devices. Support for offline app distribution depends on the MDM system you are using, so consult your MDM vendor documentation for details. You can fully automate the app deployment process so that no user intervention is required.
Microsoft Store apps or LOB apps that have been uploaded to the Microsoft Store for Business are automatically trusted on all Windows devices, as they are cryptographically signed with Microsoft Store certificates. LOB apps that are uploaded to the Microsoft Store for Business are private to your organization and are never visible to other companies or consumers. If you do not want to upload your LOB apps, you have to establish trust for the app on your devices. To establish this trust, youll need to generate a signing certificate with your Public Key Infrastructure and add your chain of trust to the trusted certificates on the device (see the certificates section). You can install up to 20 self-signed LOB apps per device with Windows 10 Mobile. To install more than 20 apps on a device, you can purchase a signing certificate from a trusted public Certificate Authority, or upgrade your devices to Windows 10 Mobile Enterprise edition.
Microsoft Store apps or LOB apps that have been uploaded to the Microsoft Store for Business are automatically trusted on all Windows devices, as they are cryptographically signed with Microsoft Store certificates. LOB apps that are uploaded to the Microsoft Store for Business are private to your organization and are never visible to other companies or consumers. If you do not want to upload your LOB apps, you have to establish trust for the app on your devices. To establish this trust, youll need to generate a signing certificate with your Public Key Infrastructure and add your chain of trust to the trusted certificates on the device (see the certificates section). You can install up to 20 self-signed LOB apps per device with Windows 10 Mobile. To install more than 20 apps on a device, you can purchase a signing certificate from a trusted public Certificate Authority, or upgrade your devices to Windows 10 edition.
For more information, see [Microsoft Store for Business](/microsoft-store/index).
@ -786,14 +786,12 @@ Update availability depends on what servicing option you choose for the device.
<td align="left">Immediately after the Feature Update is published to Windows Update by Microsoft</td>
<td align="left">Microsoft typically releases two Feature Updates per 12-month period (approximately every four months, though it can potentially be longer)</td>
<td align="left">Makes new features available to users as soon as possible</td>
<td align="left">Mobile &amp; Mobile Enterprise</td>
</tr>
<tr class="even">
<td align="left"><strong>Current Branch for Business (CBB)</strong></td>
<td align="left">A minimum of four months after the corresponding Feature Update is first published to Windows Update by Microsoft</td>
<td align="left">A minimum of four months, though it potentially can be longerNo</td>
<td align="left">Provides additional time to test new feature before deployment</td>
<td align="left">Mobile Enterprise only</td>
</tr>
</tbody>
</table>
@ -802,11 +800,11 @@ Update availability depends on what servicing option you choose for the device.
*Applies to: Corporate devices*
While Windows 10 Mobile provides updates directly to user devices from Windows Update, there are many organizations that want to track, test, and schedule updates to corporate devices. To support these requirements, we created the Windows 10 Mobile Enterprise edition.
While Windows 10 Mobile provides updates directly to user devices from Windows Update, there are many organizations that want to track, test, and schedule updates to corporate devices. To support these requirements, we created the Windows 10 edition.
Upgrading to Windows 10 Mobile Enterprise edition provides additional device and app management capabilities for organizations that want to:
- **Defer, approve and deploy feature and quality updates:** Windows 10 Mobile devices get updates directly from Windows Update. If you want to curate updates prior to deploying them, an upgrade to Windows 10 Mobile Enterprise edition is required. Once Enterprise edition is enabled, the phone can be set to the Current Branch for Business servicing option, giving IT additional time to test updates before they are released.
- **Deploy an unlimited number of self-signed LOB apps to a single device:** To use an MDM system to deploy LOB apps directly to devices, you must cryptographically sign the software packages with a code signing certificate that your organizations certificate authority (CA) generates. You can deploy a maximum of 20 self-signed LOB apps to a Windows 10 Mobile device. To deploy more than 20 self-signed LOB apps, Windows 10 Mobile Enterprise is required.
Upgrading to Windows 10 edition provides additional device and app management capabilities for organizations that want to:
- **Defer, approve and deploy feature and quality updates:** Windows 10 Mobile devices get updates directly from Windows Update. If you want to curate updates prior to deploying them, an upgrade to Windows 10 edition is required. Once Enterprise edition is enabled, the phone can be set to the Current Branch for Business servicing option, giving IT additional time to test updates before they are released.
- **Deploy an unlimited number of self-signed LOB apps to a single device:** To use an MDM system to deploy LOB apps directly to devices, you must cryptographically sign the software packages with a code signing certificate that your organizations certificate authority (CA) generates. You can deploy a maximum of 20 self-signed LOB apps to a Windows 10 Mobile device. To deploy more than 20 self-signed LOB apps, Windows 10 is required.
- **Set the diagnostic data level:** Microsoft collects diagnostic data to help keep Windows devices secure and to help Microsoft improve the quality of Windows and Microsoft services. An upgrade to Windows 10 Mobile Enterprise edition is required to set the diagnostic data level so that only diagnostic information required to keep devices secured is gathered.
To learn more about diagnostic, see [Configure Windows diagnostic data in your organization](/windows/configuration/configure-windows-diagnostic-data-in-your-organization).