deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-15 10:23:37 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Improper acronyms review update-05

Browse Source 
The updates here are made for acronym :AAD, Azure AD-joined, AAD-joined as per the task 6027362. Thanks!
This commit is contained in:
Alekhya Jupudi
2022-06-09 13:45:16 +05:30
parent 8f33332a8c
commit 829d8da98c
82 changed files with 186 additions and 186 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
windows/client-management/mdm/azure-active-directory-integration-with-mdm.md
View File

@ -359,7 +359,7 @@ With Azure integrated MDM enrollment, there's no discovery phase and the discove
There are two different MDM enrollment types that integrate with Azure AD, and use Azure AD user and device identities. Depending on the enrollment type, the MDM service may need to manage a single user or multiple users.
<a href="" id="multiple-user-management-for-azure-ad-joined-devices"></a>**Multiple user management for Azure AD joined devices**
<a href="" id="multiple-user-management-for-azure-ad-joined-devices"></a>**Multiple user management for Azure AD-joined devices**
In this scenario the MDM enrollment applies to every Azure AD user who signs in to the Azure AD joined device - call this enrollment type a device enrollment or a multi-user enrollment. The management server can determine the user identity, determine what policies are targeted for this user, and send corresponding policies to the device. To allow management server to identify current user that is logged on to the device, the OMA DM client uses the Azure AD user tokens. Each management session contains an extra HTTP header that contains an Azure AD user token. This information is provided in the DM package sent to the management server. However, in some circumstances Azure AD user token isn't sent over to the management server. One such scenario happens immediately after MDM enrollments completes during Azure AD join process. Until Azure AD join process is finished and Azure AD user signs on to the machine, Azure AD user token isn't available to OMA-DM process. Typically, MDM enrollment completes before Azure AD user sign in to machine and the initial management session doesn't contain an Azure AD user token. The management server should check if the token is missing and only send device policies in such case. Another possible reason for a missing Azure AD token in the OMA-DM payload is when a guest user is logged on to the device.
<a href="" id="adding-a-work-account-and-mdm-enrollment-to-a-device"></a>**Adding a work account and MDM enrollment to a device**

4
windows/client-management/mdm/bitlocker-csp.md
View File

@ -1178,7 +1178,7 @@ If you don't configure this policy setting, users can use BitLocker on removable
Allows the admin to disable the warning prompt for other disk encryption on the user machines that are targeted when the RequireDeviceEncryption policy is set to 1.
<!--/Description-->
> [!IMPORTANT]
> Starting in Windows 10, version 1803, the value 0 can only be set for Azure Active Directory joined devices. When RequireDeviceEncryption is set to 1 and AllowWarningForOtherDiskEncryption is set to 0, Windows will attempt to silently enable [BitLocker](/windows/device-security/bitlocker/bitlocker-overview).
> Starting in Windows 10, version 1803, the value 0 can only be set for Azure Active Directory-joined devices. When RequireDeviceEncryption is set to 1 and AllowWarningForOtherDiskEncryption is set to 0, Windows will attempt to silently enable [BitLocker](/windows/device-security/bitlocker/bitlocker-overview).
> [!Warning]
> When you enable BitLocker on a device with third-party encryption, it may render the device unusable and require you to reinstall Windows.
@ -1197,7 +1197,7 @@ Allows the admin to disable the warning prompt for other disk encryption on the
<!--SupportedValues-->
The following list shows the supported values:
- 0 Disables the warning prompt. Starting in Windows 10, version 1803, the value 0 can only be set for Azure Active Directory joined devices. Windows will attempt to silently enable BitLocker for value 0.
- 0 Disables the warning prompt. Starting in Windows 10, version 1803, the value 0 can only be set for Azure Active Directory-joined devices. Windows will attempt to silently enable BitLocker for value 0.
- 1 (default) Warning prompt allowed.
<!--/SupportedValues-->
```xml

12
windows/client-management/mdm/bitlocker-ddf-file.md
View File

@ -646,7 +646,7 @@ The XML below is the current version for this CSP.
1 = This is the default, when the policy is not set. Warning prompt and encryption notification is allowed.
0 = Disables the warning prompt and encryption notification. Starting in Windows 10, next major update,
the value 0 only takes affect on Azure Active Directory joined devices.
the value 0 only takes affect on Azure Active Directory-joined devices.
Windows will attempt to silently enable BitLocker for value 0.
If you want to disable this policy use the following SyncML:
@ -744,15 +744,15 @@ The XML below is the current version for this CSP.
<Get />
<Replace />
</AccessType>
<Description> Allows Admin to configure Numeric Recovery Password Rotation upon use for OS and fixed drives on AAD and Hybrid domain joined devices.
When not configured, Rotation is turned on by default for AAD only and off on Hybrid. The Policy will be effective only when
<Description> Allows Admin to configure Numeric Recovery Password Rotation upon use for OS and fixed drives on Azure Active Directory and Hybrid domain joined devices.
When not configured, Rotation is turned on by default for Azure AD only and off on Hybrid. The Policy will be effective only when
Active Directory back up for recovery password is configured to required.
For OS drive: Turn on "Do not enable Bitlocker until recovery information is stored to AD DS for operating system drives"
For Fixed drives: Turn on "Do not enable Bitlocker until recovery information is stored to AD DS for fixed data drives"
Supported Values: 0 - Numeric Recovery Passwords rotation OFF.
1 - Numeric Recovery Passwords Rotation upon use ON for AAD joined devices. Default value
2 - Numeric Recovery Passwords Rotation upon use ON for both AAD and Hybrid devices
1 - Numeric Recovery Passwords Rotation upon use ON for Azure Active Directory-joined devices. Default value
2 - Numeric Recovery Passwords Rotation upon use ON for both Azure AD and Hybrid devices
If you want to disable this policy use the following SyncML:
@ -783,7 +783,7 @@ The XML below is the current version for this CSP.
</DFType>
<MSFT:SupportedValues low="0" high="2">
<MSFT:SupportedValue value="0" description="Numeric Recovery Passwords Key rotation OFF"/>
<MSFT:SupportedValue value="1" description="Default Value. Numeric Recovery Passwords Key Rotation ON for AAD joined devices."/>
<MSFT:SupportedValue value="1" description="Default Value. Numeric Recovery Passwords Key Rotation ON for AAD-joined devices."/>
<MSFT:SupportedValue value="2" description="Numeric Recovery Passwords Key Rotation ON for both AAD and Hybrid devices"/>
</MSFT:SupportedValues>
</DFProperties>

2
windows/client-management/mdm/clientcertificateinstall-csp.md
View File

@ -377,7 +377,7 @@ The date type format is Null, meaning this node doesnt contain a value.
The only supported operation is Execute.
<a href="" id="clientcertificateinstall-scep-uniqueid-install-aadkeyidentifierlist"></a>**ClientCertificateInstall/SCEP/*UniqueID*/Install/AADKeyIdentifierList**
Optional. Specify the Azure AD Key Identifier List as a list of semicolon separated values. On Enroll, the values in this list are validated against the Azure AD Key present on the device. If no match is found, enrollment will fail.
Optional. Specify the Azure Active Directory Key Identifier List as a list of semicolon separated values. On Enroll, the values in this list are validated against the Azure AD Key present on the device. If no match is found, enrollment will fail.
Data type is string.

2
windows/client-management/mdm/clientcertificateinstall-ddf-file.md
View File

@ -931,7 +931,7 @@ Supported operation is Exec.</Description>
<Delete />
<Replace />
</AccessType>
<Description>Optional. Specify the AAD Key Identifier List as a semicolon separated values. On Enroll, the values in this list are validated against the AAD Key present on the device. If no match is found, enrollment will fail.</Description>
<Description>Optional. Specify the Azure Active Directory Key Identifier List as a semicolon separated values. On Enroll, the values in this list are validated against the Azure AD Key present on the device. If no match is found, enrollment will fail.</Description>
<DFFormat>
<chr />
</DFFormat>

2
windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md
View File

@ -125,7 +125,7 @@ When the server initiates disconnection, all undergoing sessions for the enrollm
<a href="" id="work-access"></a>
## Unenrollment from Work Access settings page
If the user is enrolled into MDM using an Azure Active Directory (AAD Join or by adding a Microsoft work account), the MDM account will show up under the Work Access page. However, the **Disconnect** button is greyed out and not accessible. Users can remove that MDM account by removing the AAD association to the device.
If the user is enrolled into MDM using an Azure Active Directory (AAD Join or by adding a Microsoft work account), the MDM account will show up under the Work Access page. However, the **Disconnect** button is greyed out and not accessible. Users can remove that MDM account by removing the Azure AD association to the device.
You can only use the Work Access page to unenroll under the following conditions:

4
windows/client-management/mdm/dmclient-csp.md
View File

@ -346,7 +346,7 @@ Value type is bool.
<a href="" id="provider-providerid-forceaadtoken"></a>**Provider/*ProviderID*/ForceAadToken**
The value type is integer/enum.
The value is "1" and it means client should always send AAD device token during check-in/sync.
The value is "1" and it means client should always send Azure Active Directory device token during check-in/sync.
<a href="" id="provider-providerid-poll"></a>**Provider/*ProviderID*/Poll**
Optional. Polling schedules must use the DMClient CSP. The Registry paths previously associated with polling using the Registry CSP are now deprecated.
@ -517,7 +517,7 @@ This node tracks the status of a Recovery request from the InitiateRecovery node
1 - Recovery is in Process.
2 - Recovery has finished successfully.
3 - Recovery has failed to start because TPM is not available.
4 - Recovery has failed to start because AAD keys are not protected by the TPM.
4 - Recovery has failed to start because Azure Active Directory keys are not protected by the TPM.
5 - Recovery has failed to start because the MDM keys are already protected by the TPM.
6 - Recovery has failed to start because the TPM is not ready for attestation.
7 - Recovery has failed because the client cannot authenticate to the server.

2
windows/client-management/mdm/dmclient-ddf-file.md
View File

@ -981,7 +981,7 @@ The XML below is for Windows 10, version 1803.
<Get />
<Replace />
</AccessType>
<Description>Send the device AAD token, if the user one can't be returned</Description>
<Description>Send the device Azure Active Directory token, if the user one can't be returned</Description>
<DFFormat>
<bool />
</DFFormat>

4
windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
View File

@ -127,7 +127,7 @@ Requirements:
> In Windows 10, version 1903, the MDM.admx file was updated to include an option to select which credential is used to enroll the device. **Device Credential** is a new option that will only have an effect on clients that have installed Windows 10, version 1903 or later. The default behavior for older releases is to revert to **User Credential**.
> **Device Credential** is only supported for Microsoft Intune enrollment in scenarios with Co-management or Azure Virtual Desktop because the Intune subscription is user centric.
When a group policy refresh occurs on the client, a task is created and scheduled to run every 5 minutes for the duration of one day. The task is called "Schedule created by enrollment client for automatically enrolling in MDM from AAD."
When a group policy refresh occurs on the client, a task is created and scheduled to run every 5 minutes for the duration of one day. The task is called "Schedule created by enrollment client for automatically enrolling in MDM from Azure Active Directory."
To see the scheduled task, launch the [Task Scheduler app](#task-scheduler-app).
@ -270,7 +270,7 @@ To collect Event Viewer logs:
> This task isn't visible to standard users, run Scheduled Tasks with administrative credentials to find the task.
This task runs every 5 minutes for the duration of one day. To confirm if the task succeeded, check the task scheduler event logs:
**Applications and Services Logs > Microsoft > Windows > Task Scheduler > Operational**. Look for an entry where the task scheduler created by enrollment client for automatically enrolling in MDM from AAD is triggered by event ID 107.
**Applications and Services Logs > Microsoft > Windows > Task Scheduler > Operational**. Look for an entry where the task scheduler created by enrollment client for automatically enrolling in MDM from Azure Active Directory is triggered by event ID 107.
:::image type="content" alt-text="Event ID 107." source="images/auto-enrollment-event-id-107.png" lightbox="images/auto-enrollment-event-id-107.png":::

4
windows/client-management/mdm/healthattestation-csp.md
View File

@ -139,7 +139,7 @@ Data fields:
- rpID (Relying Party Identifier): This field contains an identifier that can be used to help determine the caller.
- serviceEndpoint : This field contains the complete URL of the Microsoft Azure Attestation provider instance to be used for evaluation.
- nonce: This field contains an arbitrary number that can be used only once in a cryptographic communication. It's often a random or pseudo-random number issued in an authentication protocol to ensure that old communications can't be reused in replay attacks.
- aadToken: The AAD token to be used for authentication against the Microsoft Azure Attestation service.
- aadToken: The Azure Active Directory token to be used for authentication against the Microsoft Azure Attestation service.
- cv: This field contains an identifier(Correlation Vector) that will be passed in to the service call, and that can be used for diagnostics purposes.
Sample Data:
@ -408,7 +408,7 @@ calls between client and MAA and for each call the GUID is separated by semicolo
};
```
3. Call TriggerAttestation with your rpid, AAD token and the attestURI: Use the Attestation URL generated in step 1, and append the appropriate api version you want to hit. For more information about the api version, see [Attestation - Attest Tpm - REST API](/rest/api/attestation/attestation/attest-tpm).
3. Call TriggerAttestation with your rpid, Azure Active Directory token and the attestURI: Use the Attestation URL generated in step 1, and append the appropriate api version you want to hit. For more information about the api version, see [Attestation - Attest Tpm - REST API](/rest/api/attestation/attestation/attest-tpm).
4. Call GetAttestReport and decode and parse the report to ensure the attested report contains the required properties: GetAttestReport return the signed attestation token as a JWT. The JWT can be decoded to parse the information per the attestation policy.

4
windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
View File

@ -250,7 +250,7 @@ Alternatively you can use the following procedure to create an EAP Configuration
After the MDM client automatically renews the WNS channel URI, the MDM client will immediately check-in with the MDM server. Henceforth, for every MDM client check-in, the MDM server should send a GET request for "ProviderID/Push/ChannelURI" to retrieve the latest channel URI and compare it with the existing channel URI; then update the channel URI if necessary.
### User provisioning failure in Azure Active Directory joined Windows 10 and Windows 11 devices
### User provisioning failure in Azure Active Directory-joined Windows 10 and Windows 11 devices
In Azure AD joined Windows 10 and Windows 11, provisioning /.User resources fails when the user isn't logged in as an Azure AD user. If you attempt to join Azure AD from **Settings** &gt; **System** &gt; **About** user interface, ensure to sign out and sign in with Azure AD credentials to get your organizational configuration from your MDM server. This behavior is by design.
@ -270,7 +270,7 @@ The DM agent for [push-button reset](/windows-hardware/manufacture/desktop/push-
No. Only one MDM is allowed.
### How do I set the maximum number of Azure Active Directory joined devices per user?
### How do I set the maximum number of Azure Active Directory-joined devices per user?
1. Sign in to the portal as tenant admin: https://portal.azure.com.
2. Select Active Directory on the left pane.

4
windows/client-management/mdm/policy-csp-admx-terminalserver.md
View File

@ -2305,10 +2305,10 @@ ADMX Info:
<!--Description-->
This policy setting allows you to specify the type of Remote Desktop Services client access license (RDS CAL) that is required to connect to this RD Session Host server.
You can use this policy setting to select one of three licensing modes: Per User, Per Device, and AAD Per User.
You can use this policy setting to select one of three licensing modes: Per User, Per Device, and Azure Active Directory Per User.
- Per User licensing mode requires that each user account connecting to this RD Session Host server have an RDS Per User CAL issued from an RD Licensing server.
- Per Device licensing mode requires that each device connecting to this RD Session Host server have an RDS Per Device CAL issued from an RD Licensing server.
- AAD Per User licensing mode requires that each user account connecting to this RD Session Host server have a service plan that supports RDS licenses assigned in AAD.
- Azure AD Per User licensing mode requires that each user account connecting to this RD Session Host server have a service plan that supports RDS licenses assigned in Azure AD.
If you enable this policy setting, the Remote Desktop licensing mode that you specify is honored by the Remote Desktop license server and RD Session Host.

2
windows/client-management/mdm/policy-csp-authentication.md
View File

@ -312,7 +312,7 @@ The following list shows the supported values:
<!--/Scope-->
<!--Description-->
Specifies the list of domains that are allowed to be navigated to in AAD PIN reset and Web Sign-in Windows device scenarios where authentication is handled by AD FS or a third-party federated identity provider. Note this policy is required in federated environments as a mitigation to the vulnerability described in [CVE-2021-27092](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27092).
Specifies the list of domains that are allowed to be navigated to in Azure Active Directory PIN reset and Web Sign-in Windows device scenarios where authentication is handled by AD FS or a third-party federated identity provider. Note this policy is required in federated environments as a mitigation to the vulnerability described in [CVE-2021-27092](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27092).
**Example**: If your organization's PIN reset or Web Sign-in authentication flow is expected to navigate to two domains, accounts.contoso.com and signin.contoso.com, the policy value should be "accounts.contoso.com;signin.contoso.com".

6
windows/client-management/mdm/policy-csp-deliveryoptimization.md
View File

@ -702,7 +702,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Set this policy to restrict peer selection to a specific source. Available options are: 1 = AD Site, 2 = Authenticated domain SID, 3 = DHCP Option ID, 4 = DNS Suffix, 5 = AAD.
Set this policy to restrict peer selection to a specific source. Available options are: 1 = Active Directory Site, 2 = Authenticated domain SID, 3 = DHCP Option ID, 4 = DNS Suffix, 5 = Azure Active Directory.
When set, the Group ID will be assigned automatically from the selected source.
@ -727,11 +727,11 @@ ADMX Info:
<!--SupportedValues-->
The following list shows the supported values:
- 1 - AD site
- 1 - Active Directory site
- 2 - Authenticated domain SID
- 3 - DHCP user option
- 4 - DNS suffix
- 5 - AAD
- 5 - Azure Active Directory
<!--/SupportedValues-->
<!--/Policy-->

2
windows/client-management/mdm/policy-csp-experience.md
View File

@ -340,7 +340,7 @@ The following list shows the supported values:
<!--/Scope-->
<!--Description-->
Specifies whether to allow the user to delete the workplace account using the workplace control panel. If the device is Azure Active Directory joined and MDM enrolled (for example, auto-enrolled), then disabling the MDM unenrollment has no effect.
Specifies whether to allow the user to delete the workplace account using the workplace control panel. If the device is Azure Active Directory-joined and MDM enrolled (for example, auto-enrolled), then disabling the MDM unenrollment has no effect.
> [!NOTE]
> The MDM server can always remotely delete the account.

2
windows/client-management/mdm/policy-csp-kerberos.md
View File

@ -436,7 +436,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Adds a list of domains that an Azure Active Directory joined device can attempt to contact when it can't resolve a UPN to a principal.
Adds a list of domains that an Azure Active Directory-joined device can attempt to contact when it can't resolve a UPN to a principal.
Devices joined to Azure Active Directory in a hybrid environment need to interact with Active Directory Domain Controllers, but they lack the built-in ability to find a Domain Controller that a domain-joined device has. This limitation can cause failures when such a device needs to resolve an Azure Active Directory UPN into an Active Directory Principal. You can use this policy to avoid those failures.

12
windows/client-management/mdm/policy-csp-localusersandgroups.md
View File

@ -59,7 +59,7 @@ manager: dansimp
This policy setting allows IT admins to add, remove, or replace members of local groups on a managed device.
> [!NOTE]
> The [RestrictedGroups/ConfigureGroupMembership](./policy-csp-restrictedgroups.md#restrictedgroups-configuregroupmembership) policy setting also allows you to configure members (users or AAD groups) to a Windows 10 local group. However, it allows only for a full replace of the existing groups with the new members and does not allow selective add or remove.
> The [RestrictedGroups/ConfigureGroupMembership](./policy-csp-restrictedgroups.md#restrictedgroups-configuregroupmembership) policy setting also allows you to configure members (users or Azure Active Directory groups) to a Windows 10 local group. However, it allows only for a full replace of the existing groups with the new members and does not allow selective add or remove.
>
> Starting from Windows 10, version 20H2, it is recommended to use the LocalUsersandGroups policy instead of the RestrictedGroups policy. Applying both the policies to the same device is unsupported and may yield unpredictable results.
@ -104,9 +104,9 @@ See [Use custom settings for Windows 10 devices in Intune](/mem/intune/configura
**Examples**
Example 1: AAD focused.
Example 1: Azure Active Directory focused.
The following example updates the built-in administrators group with AAD account "bob@contoso.com" and an Azure AD group with the SID **S-1-12-1-111111111-22222222222-3333333333-4444444444** on an AAD-joined machine.
The following example updates the built-in administrators group with Azure AD account "bob@contoso.com" and an Azure AD group with the SID **S-1-12-1-111111111-22222222222-3333333333-4444444444** on an AAD-joined machine.
```xml
<GroupConfiguration>
@ -118,7 +118,7 @@ The following example updates the built-in administrators group with AAD account
</GroupConfiguration>
```
Example 2: Replace / Restrict the built-in administrators group with an AAD user account.
Example 2: Replace / Restrict the built-in administrators group with an Azure AD user account.
> [!NOTE]
> When using R replace option to configure the built-in Administrators group, it is required to always specify the administrator as a member + any other custom members. This is because the built-in administrator must always be a member of the administrators group.
@ -135,7 +135,7 @@ Example:
```
Example 3: Update action for adding and removing group members on a hybrid joined machine.
The following example shows how you can update a local group (**Administrators**)—add an AD domain group as a member using its name (**Contoso\ITAdmins**), add a AAD group by its SID (**S-1-12-1-111111111-22222222222-3333333333-4444444444**), and remove a local account (**Guest**) if it exists.
The following example shows how you can update a local group (**Administrators**)—add an AD domain group as a member using its name (**Contoso\ITAdmins**), add a Azure Active Directory group by its SID (**S-1-12-1-111111111-22222222222-3333333333-4444444444**), and remove a local account (**Guest**) if it exists.
```xml
<GroupConfiguration>
@ -158,7 +158,7 @@ The following example shows how you can update a local group (**Administrators**
> [!NOTE]
>
> When AAD group SIDs are added to local groups, during AAD account logon privileges are evaluated only for the following well-known groups on a Windows 10 device:
> When Azure Active Directory group SIDs are added to local groups, during Azure AD account logon privileges are evaluated only for the following well-known groups on a Windows 10 device:
>
> - Administrators
> - Users

2
windows/client-management/mdm/policy-csp-mixedreality.md
View File

@ -106,7 +106,7 @@ On a device where this policy is configured, the user specified in the policy wi
> [!NOTE]
>
> - Some events such as major OS updates may require the specified user to logon to the device again to resume auto-logon behavior.
> - Auto-logon is only supported for Microsoft account and AAD users.
> - Auto-logon is only supported for Microsoft account and Azure Active Directory users.
<!--/SupportedSKUs-->
<hr/>

2
windows/client-management/mdm/policy-csp-restrictedgroups.md
View File

@ -15,7 +15,7 @@ manager: dansimp
# Policy CSP - RestrictedGroups
> [!IMPORTANT]
> Starting from Windows 10, version 20H2, it is recommended to use the [LocalUsersandGroups](policy-csp-localusersandgroups.md) policy instead of the RestrictedGroups policy to configure members (users or AAD groups) to a Windows 10 local group. Applying both the policies to the same device is unsupported and may yield unpredictable results.
> Starting from Windows 10, version 20H2, it is recommended to use the [LocalUsersandGroups](policy-csp-localusersandgroups.md) policy instead of the RestrictedGroups policy to configure members (users or Azure Active Directory groups) to a Windows 10 local group. Applying both the policies to the same device is unsupported and may yield unpredictable results.
<hr/>

2
windows/client-management/mdm/policy-csp-search.md
View File

@ -162,7 +162,7 @@ ADMX Info:
<!--/ADMXMapped-->
<!--SupportedValues-->
This value is a simple boolean value, default false, that can be set by MDM policy to allow the Cortana Page in OOBE when logged in with an AAD account.
This value is a simple boolean value, default false, that can be set by MDM policy to allow the Cortana Page in OOBE when logged in with an Azure Active Directory account.
<!--/SupportedValues-->

6
windows/client-management/mdm/policy-csp-system.md
View File

@ -194,7 +194,7 @@ The following list shows the supported values:
<!--/Scope-->
<!--Description-->
This policy setting configures an Azure Active Directory joined device so that Microsoft is the processor of the Windows diagnostic data collected from the device, subject to the [Product Terms](https://www.microsoft.com/licensing/terms/productoffering).
This policy setting configures an Azure Active Directory-joined device so that Microsoft is the processor of the Windows diagnostic data collected from the device, subject to the [Product Terms](https://www.microsoft.com/licensing/terms/productoffering).
To enable this behavior, you must complete two steps:
@ -534,7 +534,7 @@ The following list shows the supported values:
<!--/Scope-->
<!--Description-->
This policy setting configures an Azure Active Directory joined device so that Microsoft is the processor of the Windows diagnostic data.
This policy setting configures an Azure Active Directory-joined device so that Microsoft is the processor of the Windows diagnostic data.
For customers who enroll into the Microsoft Managed Desktop service, this policy will be enabled by default to allow Microsoft to process data for operational and analytic needs. For more information, see [Privacy and personal data](/microsoft-365/managed-desktop/service-description/privacy-personal-data).
@ -772,7 +772,7 @@ The following list shows the supported values:
<!--/Scope-->
<!--Description-->
This policy setting configures an Azure Active Directory joined device so that Microsoft is the processor of the Windows diagnostic data collected from the device, subject to the [Product Terms](https://www.microsoft.com/licensing/terms/productoffering).
This policy setting configures an Azure Active Directory-joined device so that Microsoft is the processor of the Windows diagnostic data collected from the device, subject to the [Product Terms](https://www.microsoft.com/licensing/terms/productoffering).
To enable this behavior, you must complete three steps:

2
windows/client-management/mdm/secureassessment-csp.md
View File

@ -48,7 +48,7 @@ The supported operations are Add, Delete, Get, and Replace.
The user name of the test taking account.
- To specify a domain account, use domain\\user.
- To specify an AAD account, use username@tenant.com.
- To specify an Azure Active Directory account, use username@tenant.com.
- To specify a local account, use the username.
The supported operations are Add, Delete, Get, and Replace.

2
windows/client-management/mdm/secureassessment-ddf-file.md
View File

@ -84,7 +84,7 @@ The XML below is the current version for this CSP.
<Delete />
<Replace />
</AccessType>
<Description>The user name of the test taking account. To specify a domain account, use domain\user. To specify an AAD account, use username@tenant.com. To specify a local account, use the username.</Description>
<Description>The user name of the test taking account. To specify a domain account, use domain\user. To specify an Azure Active Directory account, use username@tenant.com. To specify a local account, use the username.</Description>
<DFFormat>
<chr />
</DFFormat>

4
windows/client-management/mdm/vpnv2-csp.md
View File

@ -659,10 +659,10 @@ Reserved for future use.
Reserved for future use.
<a href="" id="vpnv2-profilename-devicecompliance"></a>**VPNv2/**<em>ProfileName</em>**/DeviceCompliance**
Added in Windows 10, version 1607. Nodes under DeviceCompliance can be used to enable AAD-based Conditional Access for VPN.
Added in Windows 10, version 1607. Nodes under DeviceCompliance can be used to enable Azure Active Directory-based Conditional Access for VPN.
<a href="" id="vpnv2-profilename-devicecompliance-enabled"></a>**VPNv2/**<em>ProfileName</em>**/DeviceCompliance/Enabled**
Added in Windows 10, version 1607. Enables the Device Compliance flow from the client. If marked as True, the VPN Client will attempt to communicate with AAD to get a certificate to use for authentication. The VPN should be set up to use Certificate Auth and the VPN Server must trust the Server returned by Azure Active Directory.
Added in Windows 10, version 1607. Enables the Device Compliance flow from the client. If marked as True, the VPN Client will attempt to communicate with Azure Active Directory to get a certificate to use for authentication. The VPN should be set up to use Certificate Auth and the VPN Server must trust the Server returned by Azure Active Directory.
Value type is bool. Supported operations include Get, Add, Replace, and Delete.

8
windows/client-management/mdm/vpnv2-ddf-file.md
View File

@ -1403,7 +1403,7 @@ The XML below is for Windows 10, version 2004.
<Add />
<Get />
</AccessType>
<Description>Nodes under DeviceCompliance can be used to enable AAD based Conditional Access for VPN</Description>
<Description>Nodes under DeviceCompliance can be used to enable Azure Active Directory based Conditional Access for VPN</Description>
<DFFormat>
<node />
</DFFormat>
@ -1426,7 +1426,7 @@ The XML below is for Windows 10, version 2004.
<Get />
<Replace />
</AccessType>
<Description>Enables the Device Compliance flow from the client. If marked as True, the VPN Client will attempt to communicate with AAD to get a certificate to use for authentication. The VPN should be set up to use Certificate Auth and the VPN Server must trust the Server returned by Azure Active Directory</Description>
<Description>Enables the Device Compliance flow from the client. If marked as True, the VPN Client will attempt to communicate with Azure Active Directory to get a certificate to use for authentication. The VPN should be set up to use Certificate Auth and the VPN Server must trust the Server returned by Azure Active Directory</Description>
<DFFormat>
<bool />
</DFFormat>
@ -3593,7 +3593,7 @@ The XML below is for Windows 10, version 2004.
<Add />
<Get />
</AccessType>
<Description>Nodes under DeviceCompliance can be used to enable AAD based Conditional Access for VPN</Description>
<Description>Nodes under DeviceCompliance can be used to enable Azure Active Directory based Conditional Access for VPN</Description>
<DFFormat>
<node />
</DFFormat>
@ -3616,7 +3616,7 @@ The XML below is for Windows 10, version 2004.
<Get />
<Replace />
</AccessType>
<Description>Enables the Device Compliance flow from the client. If marked as True, the VPN Client will attempt to communicate with AAD to get a certificate to use for authentication. The VPN should be set up to use Certificate Auth and the VPN Server must trust the Server returned by Azure Active Directory</Description>
<Description>Enables the Device Compliance flow from the client. If marked as True, the VPN Client will attempt to communicate with Azure Active Directory to get a certificate to use for authentication. The VPN should be set up to use Certificate Auth and the VPN Server must trust the Server returned by Azure Active Directory</Description>
<DFFormat>
<bool />
</DFFormat>